rpm/openSUSE-MicroOS
SHA256
1
0
Fork 0
forked from pool/openSUSE-MicroOS
Code Pull Requests Activity

Compare commits

merge into: rpm:devel
Branches Tags
rpm:devel
rpm:factory
pool:factory
pool:devel
...
pull from: pool:devel
Branches Tags
pool:factory
pool:devel
rpm:devel
rpm:factory

No commits in common. "devel" and "devel" have entirely different histories.
devel ... devel

4 changed files with 128 additions and 56 deletions
Show Stats Expand all files Collapse all files

62
config.sh
View File

@ -68,16 +68,20 @@ sed -i 's/^multiversion =.*/multiversion =/g' /etc/zypp/zypp.conf
#===================================== #=====================================
# Configure snapper # Configure snapper
#------------------------------------- #-------------------------------------
if [ "${kiwi_btrfs_root_is_snapshot-false}" = 'true' ]; then if [ -x /usr/bin/snapper ]; then
echo "creating initial snapper config ..." echo "creating initial snapper config ..."
cp /etc/snapper/config-templates/default /etc/snapper/configs/root \ cp /etc/snapper/config-templates/default /etc/snapper/configs/root \
|| cp /usr/share/snapper/config-templates/default /etc/snapper/configs/root || cp /usr/share/snapper/config-templates/default /etc/snapper/configs/root
baseUpdateSysConfig /etc/sysconfig/snapper SNAPPER_CONFIGS root baseUpdateSysConfig /etc/sysconfig/snapper SNAPPER_CONFIGS root
# Adjust parameters # Adjust parameters
sed -i'' 's/^TIMELINE_CREATE=.*$/TIMELINE_CREATE="no"/g' /etc/snapper/configs/root sed -i'' 's/^TIMELINE_CREATE=.*$/TIMELINE_CREATE="no"/g' /etc/snapper/configs/root
sed -i'' 's/^NUMBER_LIMIT=.*$/NUMBER_LIMIT="2-10"/g' /etc/snapper/configs/root sed -i'' 's/^NUMBER_LIMIT=.*$/NUMBER_LIMIT="2-10"/g' /etc/snapper/configs/root
sed -i'' 's/^NUMBER_LIMIT_IMPORTANT=.*$/NUMBER_LIMIT_IMPORTANT="4-10"/g' /etc/snapper/configs/root sed -i'' 's/^NUMBER_LIMIT_IMPORTANT=.*$/NUMBER_LIMIT_IMPORTANT="4-10"/g' /etc/snapper/configs/root
else
# Avoid boo#1237466 from reoccuring
echo "snapper not installed?"
exit 1
fi fi
#===================================== #=====================================
@ -156,7 +160,7 @@ case "${kiwi_profiles}" in
*OpenStack*) ignition_platform='openstack' ;; *OpenStack*) ignition_platform='openstack' ;;
*VirtualBox*) ignition_platform='virtualbox' ;; *VirtualBox*) ignition_platform='virtualbox' ;;
*HyperV*) ignition_platform='metal' *HyperV*) ignition_platform='metal'
cmdline+=('rootdelay=300') ;; cmdline+=('rootdelay=300') ;;
*Pine64*|*RaspberryPi*|*Rock64*|*Vagrant*) ignition_platform='metal' ;; *Pine64*|*RaspberryPi*|*Rock64*|*Vagrant*) ignition_platform='metal' ;;
# Use autodetection on selfinstall. The first boot doesn't use the grub # Use autodetection on selfinstall. The first boot doesn't use the grub
# cmdline anyway, it's started with kexec using kiwi's builtin default. # cmdline anyway, it's started with kexec using kiwi's builtin default.
@ -184,8 +188,14 @@ if [[ -e /etc/selinux/config ]]; then
test -f /.autorelabel && mv /.autorelabel /etc/selinux/.autorelabel test -f /.autorelabel && mv /.autorelabel /etc/selinux/.autorelabel
fi fi
if [ -e /etc/default/grub ]; then if rpm -q sdbootutil; then
mkdir -p /etc/kernel
echo "${cmdline[*]}" > /etc/kernel/cmdline
elif [ -e /etc/default/grub ]; then
sed -i "s#^GRUB_CMDLINE_LINUX_DEFAULT=.*\$#GRUB_CMDLINE_LINUX_DEFAULT=\"${cmdline[*]}\"#" /etc/default/grub sed -i "s#^GRUB_CMDLINE_LINUX_DEFAULT=.*\$#GRUB_CMDLINE_LINUX_DEFAULT=\"${cmdline[*]}\"#" /etc/default/grub
else
echo "Unknown bootloader"
exit 1
fi fi
#====================================== #======================================
@ -242,38 +252,32 @@ fi
# Configure Vagrant specifics # Configure Vagrant specifics
#-------------------------------------- #--------------------------------------
if [[ "$kiwi_profiles" == *"Vagrant"* ]]; then if [[ "$kiwi_profiles" == *"Vagrant"* ]]; then
# create vagrant user echo "Add user vagrant"
useradd vagrant # create vagrant user
# allow password-less sudo useradd vagrant
echo "vagrant ALL=(ALL)NOPASSWD:ALL" > /etc/sudoers.d/vagrant # allow password-less sudo
# add vagrant's insecure key echo "vagrant ALL=(ALL)NOPASSWD:ALL" > /etc/sudoers.d/vagrant
mkdir -p /home/vagrant/.ssh # add vagrant's insecure key
chmod 0700 /home/vagrant/.ssh mkdir -p /home/vagrant/.ssh
cat > /home/vagrant/.ssh/authorized_keys << EOF chmod 0700 /home/vagrant/.ssh
cat > /home/vagrant/.ssh/authorized_keys << EOF
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key
EOF EOF
chmod 0600 /home/vagrant/.ssh/authorized_keys chmod 0600 /home/vagrant/.ssh/authorized_keys
chown -R vagrant /home/vagrant chown -R vagrant /home/vagrant
echo "Disable jeos-firstboot.service for Vagrant boxes"
systemctl disable jeos-firstboot.service
systemctl mask jeos-firstboot.service
fi fi
#====================================== #======================================
# Configure FDE/BLS specifics # Configure FDE/BLS specifics
#-------------------------------------- #--------------------------------------
# [[ "$kiwi_profiles" == *"kvm-and-xen-"* ]]
if rpm -q sdbootutil; then if rpm -q sdbootutil; then
for d in /usr/lib/modules/*; do
test -d "$d" || continue
depmod -a "${d##*/}"
done
ENTRY_TOKEN=$(. /usr/lib/os-release; echo $ID)
mkdir -p /etc/kernel
echo "$ENTRY_TOKEN" > /etc/kernel/entry-token
# FIXME: kiwi needs /boot/efi to exist before syncing the disk image # FIXME: kiwi needs /boot/efi to exist before syncing the disk image
mkdir -p /boot/efi mkdir -p /boot/efi
echo "${cmdline[*]}" > /etc/kernel/cmdline [ -e /var/lib/YaST2/reconfig_system ] && systemctl enable sdbootutil-enroll.service
rpm -q systemd-boot && loader_type="systemd-boot"
rpm -q grub2 && loader_type="grub2-bls"
echo "LOADER_TYPE=\"${loader_type}\"" >> /etc/sysconfig/bootloader
fi fi

47
disk.sh
View File

@ -1,31 +1,36 @@
#!/bin/bash #!/bin/bash
set -euxo pipefail set -euxo pipefail
[ -x /usr/bin/sdbootutil ] || exit 0
echo "####### BOOTLOADER INSTALL (disk.sh)" echo "####### BOOTLOADER INSTALL (disk.sh)"
# [[ "$kiwi_profiles" == *"kvm-and-xen-"* ]] if [ -x /usr/bin/sdbootutil ]; then
if rpm -q sdbootutil; then arch="$(uname -m)"
rootuuid=$(findmnt / -n --output uuid) case "$arch" in
sed -i -e "s,\$, root=UUID=$rootuuid," /etc/kernel/cmdline aarch64) arch=aa64 ;;
arch="$(uname -m)" x86_64) arch=x64 ;;
case "$arch" in *) echo "Unknown arch $arch"; exit 1 ;;
aarch64) arch=aa64 ;; esac
x86_64) arch=x64 ;;
*) echo "Unknown arch $arch"; exit 1 ;;
esac
echo "install boot loader" echo "install boot loader"
sdbootutil -v --no-random-seed --arch "$arch" --esp-path /boot/efi --entry-token=auto --no-variables install loader_type="grub2-bls"
echo "add kernels" rpm -q systemd-boot && loader_type="systemd-boot"
export hostonly_l=no # for dracut if [ -f /etc/sysconfig/bootloader ]; then
sdbootutil -v --arch "$arch" --esp-path /boot/efi --entry-token=auto add-all-kernels sed -i "s/^LOADER_TYPE=.*$/LOADER_TYPE=\"$loader_type\"/g" /etc/sysconfig/bootloader
# Set a 5s timeout, the "hold a key down" method doesn't work effectively. else
echo "timeout 5" >> /boot/efi/loader/loader.conf echo "LOADER_TYPE=\"${loader_type}\"" > /etc/sysconfig/bootloader
fi
rm -f /boot/mbrid sdbootutil -v --no-random-seed --arch "$arch" --esp-path /boot/efi --entry-token=auto --no-variables install
find /boot echo "add kernels"
export hostonly_l=no # for dracut
sdbootutil -v --arch "$arch" --esp-path /boot/efi --entry-token=auto add-all-kernels
# Set a 5s timeout, the "hold a key down" method doesn't work effectively.
echo "timeout 5" >> /boot/efi/loader/loader.conf
rm -f /boot/mbrid
find /boot
fi fi
echo "####### ENDS BOOTLOADER INSTALLER (disk.sh)" echo "####### END BOOTLOADER INSTALL (disk.sh)"

58
openSUSE-MicroOS.changes
View File

@ -1,8 +1,66 @@
-------------------------------------------------------------------
Thu Mar 6 12:50:13 UTC 2025 - Fabian Vogt <fvogt@suse.com>
- Switch away from patterns-base-bootloader for grub-bls, not suitable
- Switch away from kiwi's support for grub-bls, does not match sdbootutil
-------------------------------------------------------------------
Fri Feb 21 12:38:04 UTC 2025 - Fabian Vogt <fvogt@suse.com>
- config.sh: Do not rely on $kiwi_btrfs_root_is_snapshot (boo#1237466)
-------------------------------------------------------------------
Thu Feb 20 16:07:14 UTC 2025 - Fabian Vogt <fvogt@suse.com>
- Clean up config.sh and disk.sh
-------------------------------------------------------------------
Tue Nov 12 12:25:21 UTC 2024 - Alberto Planas Dominguez <aplanas@suse.com>
- Use the enrollment packages from sdbootutil
-------------------------------------------------------------------
Sat Nov 2 10:54:27 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- disable and mask the jeos-firstboot.service on Vagrant boxes
-------------------------------------------------------------------
Wed Oct 9 09:15:28 UTC 2024 - Stefan Schubert <schubi@suse.com>
- Added package systemd-repart-dracut to kvm-and-xen-sdboot and
kvm-and-xen-grub-bls
-------------------------------------------------------------------
Thu Oct 3 09:42:47 UTC 2024 - Alberto Planas Dominguez <aplanas@suse.com>
- Move /etc/sysconfig/bootloader creation to disk.sh, as KIWI can
replace the one generated in config.sh (bsc#1231271)
-------------------------------------------------------------------
Tue Oct 1 16:07:08 UTC 2024 - Alberto Planas Dominguez <aplanas@suse.com>
- Requires systemd-boot in the sdboot flavor
-------------------------------------------------------------------
Thu Sep 5 13:55:46 UTC 2024 - Alberto Planas Dominguez <aplanas@suse.com>
- Remove root from /etc/kernel/cmdline during image creation
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Aug 27 11:48:44 UTC 2024 - Guillaume GARDET <guillaume.gardet@opensuse.org> Tue Aug 27 11:48:44 UTC 2024 - Guillaume GARDET <guillaume.gardet@opensuse.org>
- Grub package is grub2-arm64-efi, not grub2-arm-efi - Grub package is grub2-arm64-efi, not grub2-arm-efi
-------------------------------------------------------------------
Tue Aug 13 13:53:32 UTC 2024 - Alberto Planas Dominguez <aplanas@suse.com>
- Use the new grub2-bls subpackage
-------------------------------------------------------------------
Fri Aug 9 08:45:16 UTC 2024 - Alberto Planas Dominguez <aplanas@suse.com>
- Enable disk-encryption-tool-enroll.service
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Jul 31 13:38:18 UTC 2024 - Alberto Planas Dominguez <aplanas@suse.com> Wed Jul 31 13:38:18 UTC 2024 - Alberto Planas Dominguez <aplanas@suse.com>

17
openSUSE-MicroOS.kiwi
View File

@ -115,7 +115,7 @@
btrfs_root_is_readonly_snapshot="true" btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true" btrfs_quota_groups="true"
> >
<bootloader name="grub2" bls="true" /> <bootloader name="custom"/>
<systemdisk> <systemdisk>
<volume name="home"/> <volume name="home"/>
<volume name="root"/> <volume name="root"/>
@ -732,18 +732,23 @@
<package name="jeos-firstboot"/> <package name="jeos-firstboot"/>
<package name="growpart-generator"/> <package name="growpart-generator"/>
<package name="sdbootutil-snapper"/> <package name="sdbootutil-snapper"/>
<package name="sdbootutil-jeos-firstboot-enroll"/>
<package name="disk-encryption-tool"/> <package name="disk-encryption-tool"/>
<package name="systemd-repart-dracut"/>
<package name="dracut-pcr-signature"/> <package name="dracut-pcr-signature"/>
<package name="systemd-experimental"/> <package name="systemd-experimental"/>
<package name="shim"/> <package name="mokutil" arch="aarch64,x86_64"/>
<package name="efibootmgr"/> <package name="shim" arch="aarch64,x86_64"/>
<package name="uefi_mbr" arch="x86_64"/> <package name="uefi_mbr" arch="x86_64"/>
<package name="efibootmgr"/>
</packages>
<packages type="image" profiles="kvm-and-xen-sdboot">
<package name="systemd-boot"/>
</packages> </packages>
<packages type="image" profiles="kvm-and-xen-grub-bls"> <packages type="image" profiles="kvm-and-xen-grub-bls">
<package name="patterns-base-bootloader"/> <package name="grub2-arm64-efi-bls" arch="aarch64"/>
<package name="grub2-x86_64-efi-bls" arch="x86_64"/>
<package name="uefi_mbr" arch="x86_64"/> <package name="uefi_mbr" arch="x86_64"/>
<package name="grub2-x86_64-efi" arch="x86_64"/>
<package name="grub2-arm64-efi" arch="aarch64"/>
</packages> </packages>
<packages type="image" profiles="Pine64,RaspberryPi,RaspberryPi2,Rock64"> <packages type="image" profiles="Pine64,RaspberryPi,RaspberryPi2,Rock64">
<package name="patterns-microos-hardware"/> <package name="patterns-microos-hardware"/>