#version=F11
####version=DEVEL
# Firewall configuration
### todo: see if this can be removed without complications
### viros: traits are responsible for locking down
###firewall --enabled --service=mdns
firewall --disabled
# X Window System configuration information
xconfig --startxonboot
### todo: own cgi in mirrors that responds appropriately
###repo --name=released --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-11&arch=$basearch
###repo --name=updates --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f11&arch=$basearch
repo --name=released --baseurl=http://mirrors1.kernel.org/fedora/releases/11/Everything/i386/os
### viros: experiment? should not be necessary to hide this but...
###repo --name=updates --baseurl=http://mirrors1.kernel.org/fedora/updates/11/i386
# System authorization information
auth --useshadow --enablemd5
# System keyboard
keyboard us
# System language
lang en_US.UTF-8
# SELinux configuration
selinux --enforcing
# System services
### todo: really simple to move to traits
###services --disabled=network,sshd --enabled=NetworkManager
services --disabled=network,sshd,nfs,nfslock --enabled=NetworkManager
# System timezone
###timezone US/Eastern
timezone America/Denver
# Disk partitioning information
### todo: make this settable in .vml as a synthopt
# note: unsure if --grow --asprimary --ondisk=sda are really needed
part / --fstype=ext3 --size=4096 --grow --asprimary --ondisk=sda
%post
# FIXME: it'd be better to get this installed from a package
cat > /etc/rc.d/init.d/livesys << EOF
#!/bin/bash
#
# live: Init script for live image
#
#### chkconfig: 345 00 99
# chkconfig: 345 00 98
# description: Init script for live image.
. /etc/init.d/functions
if ! strstr "\`cat /proc/cmdline\`" liveimg || [ "\$1" != "start" ]; then
exit 0
fi
if [ -e /.liveimg-configured ] ; then
configdone=1
fi
exists() {
which \$1 >/dev/null 2>&1 || return
\$*
}
touch /.liveimg-configured
# mount live image
if [ -b \`readlink -f /dev/live\` ]; then
mkdir -p /mnt/live
mount -o ro /dev/live /mnt/live 2>/dev/null || mount /dev/live /mnt/live
fi
livedir="LiveOS"
for arg in \`cat /proc/cmdline\` ; do
if [ "\${arg##live_dir=}" != "\${arg}" ]; then
livedir=\${arg##live_dir=}
return
fi
done
# enable swaps unless requested otherwise
swaps=\`blkid -t TYPE=swap -o device\`
if ! strstr "\`cat /proc/cmdline\`" noswap && [ -n "\$swaps" ] ; then
for s in \$swaps ; do
action "Enabling swap partition \$s" swapon \$s
done
fi
if ! strstr "\`cat /proc/cmdline\`" noswap && [ -f /mnt/live/\${livedir}/swap.img ] ; then
action "Enabling swap file" swapon /mnt/live/\${livedir}/swap.img
fi
mountPersistentHome() {
# support label/uuid
if [ "\${homedev##LABEL=}" != "\${homedev}" -o "\${homedev##UUID=}" != "\${homedev}" ]; then
homedev=\`/sbin/blkid -o device -t "\$homedev"\`
fi
# if we're given a file rather than a blockdev, loopback it
if [ "\${homedev##mtd}" != "\${homedev}" ]; then
# mtd devs don't have a block device but get magic-mounted with -t jffs2
mountopts="-t jffs2"
elif [ ! -b "\$homedev" ]; then
loopdev=\`losetup -f\`
if [ "\${homedev##/mnt/live}" != "\${homedev}" ]; then
action "Remounting live store r/w" mount -o remount,rw /mnt/live
fi
losetup \$loopdev \$homedev
homedev=\$loopdev
fi
# if it's encrypted, we need to unlock it
if [ "\$(/lib/udev/vol_id -t \$homedev 2>/dev/null)" = "crypto_LUKS" ]; then
echo
echo "Setting up encrypted /home device"
plymouth ask-for-password --command="cryptsetup luksOpen \$homedev EncHome"
homedev=/dev/mapper/EncHome
fi
# and finally do the mount
mount \$mountopts \$homedev /home
# if we have /home under what's passed for persistent home, then
# we should make that the real /home. useful for mtd device on olpc
if [ -d /home/home ]; then mount --bind /home/home /home ; fi
[ -x /sbin/restorecon ] && /sbin/restorecon /home
if [ -d /home/liveuser ]; then USERADDARGS="-M" ; fi
}
findPersistentHome() {
for arg in \`cat /proc/cmdline\` ; do
if [ "\${arg##persistenthome=}" != "\${arg}" ]; then
homedev=\${arg##persistenthome=}
return
fi
done
}
if strstr "\`cat /proc/cmdline\`" persistenthome= ; then
findPersistentHome
elif [ -e /mnt/live/\${livedir}/home.img ]; then
homedev=/mnt/live/\${livedir}/home.img
fi
# if we have a persistent /home, then we want to go ahead and mount it
if ! strstr "\`cat /proc/cmdline\`" nopersistenthome && [ -n "\$homedev" ] ; then
action "Mounting persistent /home" mountPersistentHome
fi
# make it so that we don't do writing to the overlay for things which
# are just tmpdirs/caches
mount -t tmpfs -o mode=0755 varcacheyum /var/cache/yum
mount -t tmpfs tmp /tmp
mount -t tmpfs vartmp /var/tmp
[ -x /sbin/restorecon ] && /sbin/restorecon /var/cache/yum /tmp /var/tmp >/dev/null 2>&1
if [ -n "\$configdone" ]; then
exit 0
fi
# add compat live user with no passwd
action "Adding live user" useradd \$USERADDARGS -c "Live System User" liveuser
passwd -d liveuser > /dev/null
# turn off firstboot for livecd boots
chkconfig --level 345 firstboot off 2>/dev/null
# don't start yum-updatesd for livecd boots
chkconfig --level 345 yum-updatesd off 2>/dev/null
# turn off mdmonitor by default
chkconfig --level 345 mdmonitor off 2>/dev/null
# turn off setroubleshoot on the live image to preserve resources
chkconfig --level 345 setroubleshoot off 2>/dev/null
# don't do packagekit checking by default
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t string /apps/gnome-packagekit/frequency_get_updates never >/dev/null
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t string /apps/gnome-packagekit/frequency_get_upgrades never >/dev/null
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t string /apps/gnome-packagekit/frequency_refresh_cache never >/dev/null
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/notify_available false >/dev/null
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/notify_distro_upgrades false >/dev/null
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/enable_check_firmware false >/dev/null
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/enable_check_hardware false >/dev/null
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/enable_codec_helper false >/dev/null
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/enable_font_helper false >/dev/null
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/enable_mime_type_helper false >/dev/null
# don't start cron/at as they tend to spawn things which are
# disk intensive that are painful on a live image
chkconfig --level 345 crond off 2>/dev/null
chkconfig --level 345 atd off 2>/dev/null
chkconfig --level 345 anacron off 2>/dev/null
chkconfig --level 345 readahead_early off 2>/dev/null
chkconfig --level 345 readahead_later off 2>/dev/null
# Stopgap fix for RH #217966; should be fixed in HAL instead
touch /media/.hal-mtab
# workaround clock syncing on shutdown that we don't want (#297421)
sed -i -e 's/hwclock/no-such-hwclock/g' /etc/rc.d/init.d/halt
# and hack so that we eject the cd on shutdown if we're using a CD...
if strstr "\`cat /proc/cmdline\`" CDLABEL= ; then
cat >> /sbin/halt.local << FOE
#!/bin/bash
# we want to eject the cd on halt, but let's also try to avoid
# io errors due to not being able to get files...
cat /sbin/halt > /dev/null
cat /sbin/reboot > /dev/null
/usr/sbin/eject -p -m \$(readlink -f /dev/live) >/dev/null 2>&1
echo "Please remove the CD from your drive and press Enter to finish restarting"
read -t 30 < /dev/console
FOE
chmod +x /sbin/halt.local
fi
EOF
# bah, hal starts way too late
cat > /etc/rc.d/init.d/livesys-late << EOF
#!/bin/bash
#
# live: Late init script for live image
#
# chkconfig: 345 99 01
# description: Late init script for live image.
. /etc/init.d/functions
if ! strstr "\`cat /proc/cmdline\`" liveimg || [ "\$1" != "start" ] || [ -e /.liveimg-late-configured ] ; then
exit 0
fi
exists() {
which \$1 >/dev/null 2>&1 || return
\$*
}
touch /.liveimg-late-configured
# read some variables out of /proc/cmdline
for o in \`cat /proc/cmdline\` ; do
case \$o in
ks=*)
ks="\${o#ks=}"
;;
xdriver=*)
xdriver="--set-driver=\${o#xdriver=}"
;;
esac
done
# this is a bad hack to work around #460581 for the geode
# purely to help move testing along for now
if [ \`grep -c Geode /proc/cpuinfo\` -ne 0 ]; then
cat > /etc/X11/xorg.conf <<FOE
Section "ServerLayout"
Identifier "Default Layout"
Screen 0 "Screen0" 0 0
InputDevice "Keyboard0" "CoreKeyboard"
EndSection
Section "InputDevice"
# keyboard added by rhpxl
Identifier "Keyboard0"
Driver "kbd"
Option "XkbModel" "pc105"
Option "XkbLayout" "us"
EndSection
Section "Monitor"
Identifier "Monitor0"
HorizSync 30-67
VertRefresh 48-52
DisplaySize 152 114
Mode "1200x900"
DotClock 57.275
HTimings 1200 1208 1216 1240
VTimings 900 905 908 912
Flags "-HSync" "-VSync"
EndMode
EndSection
Section "Device"
Identifier "Videocard0"
Driver "amd"
VendorName "Advanced Micro Devices, Inc."
BoardName "AMD Geode GX/LX"
Option "AccelMethod" "EXA"
Option "NoCompression" "true"
Option "MigrationHeuristic" "greedy"
Option "PanelGeometry" "1200x900"
EndSection
Section "Screen"
Identifier "Screen0"
Device "Videocard0"
Monitor "Monitor0"
DefaultDepth 16
SubSection "Display"
Depth 16
Modes "1200x900"
EndSubSection
EndSection
FOE
fi
# if liveinst or textinst is given, start anaconda
if strstr "\`cat /proc/cmdline\`" liveinst ; then
plymouth --quit
/usr/sbin/liveinst \$ks
fi
if strstr "\`cat /proc/cmdline\`" textinst ; then
plymouth --quit
/usr/sbin/liveinst --text \$ks
fi
# configure X, allowing user to override xdriver
if [ -n "\$xdriver" ]; then
exists system-config-display --noui --reconfig --set-depth=24 \$xdriver
fi
EOF
# workaround avahi segfault (#279301)
touch /etc/resolv.conf
/sbin/restorecon /etc/resolv.conf
chmod 755 /etc/rc.d/init.d/livesys
/sbin/restorecon /etc/rc.d/init.d/livesys
/sbin/chkconfig --add livesys
chmod 755 /etc/rc.d/init.d/livesys-late
/sbin/restorecon /etc/rc.d/init.d/livesys-late
/sbin/chkconfig --add livesys-late
# work around for poor key import UI in PackageKit
rm -f /var/lib/rpm/__db*
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora
# go ahead and pre-make the man -k cache (#455968)
/usr/sbin/makewhatis -w
# save a little bit of space at least...
###rm -f /boot/initrd*
# make sure there aren't core files lying around
rm -f /core*
%end
%post --nochroot
cp $INSTALL_ROOT/usr/share/doc/*-release-*/GPL $LIVE_ROOT/GPL
cp $INSTALL_ROOT/usr/share/doc/HTML/readme-live-image/en_US/readme-live-image-en_US.txt $LIVE_ROOT/README
# only works on x86, x86_64
if [ "$(uname -i)" = "i386" -o "$(uname -i)" = "x86_64" ]; then
if [ ! -d $LIVE_ROOT/LiveOS ]; then mkdir -p $LIVE_ROOT/LiveOS ; fi
cp /usr/bin/livecd-iso-to-disk $LIVE_ROOT/LiveOS
fi
%end
%post
cat >> /etc/rc.d/init.d/livesys << EOF
# disable screensaver locking
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-screensaver/lock_enabled false >/dev/null
# set up timed auto-login for after 60 seconds
###cat >> /etc/gdm/custom.conf << FOE
###[daemon]
###TimedLoginEnable=true
###TimedLogin=liveuser
###TimedLoginDelay=60
###FOE
EOF
%end
%packages
@admin-tools
@base
@base-x
@core
@dial-up
@fonts
@games
@gnome-desktop
@graphical-internet
@graphics
@hardware-support
@input-methods
@printing
@sound-and-video
NetworkManager-openvpn
NetworkManager-vpnc
abiword
anaconda
festival
festvox-slt-arctic-hts
isomd5sum
kernel
memtest86+
nss-mdns
sendmail
totem-gstreamer
-*debuginfo
-a2ps
-acpid
-aspell-*
-autofs
-ccid
-compat*
-coolkey
-dasher
-ekiga
-esc
-evince-djvu
-evince-dvi
-evolution-help
-f-spot
-gimp-help
-gimp-help-browser
-gnome-games
-gnome-games-help
-gnome-user-docs
-hpijs
-hplip
-hunspell-*
-isdn4k-utils
-man-pages-*
-mpage
-nss_db
-numactl
-pinfo
-ql2100-firmware
-ql2200-firmware
-ql23xx-firmware
-ql2400-firmware
-redhat-lsb
-samba-client
-sane-backends
-sox
-specspo
-tomboy
-totem-xine
-vino
-vorbis-tools
# VirOS: wget is pretty important
#-wget
wget
-words
-xsane
-xsane-gimp
%end