From: Michael Prokop Date: Wed, 13 Mar 2024 11:42:48 +0000 (+0100) Subject: Merge remote-tracking branch 'origin/github/pr/145' X-Git-Url: http://git.grml.org/?p=grml-live.git;a=commitdiff_plain;h=HEAD;hp=acf12d4123bd68f4e8eefa0c9fa10e5fbb0ac31b;ds=sidebyside Merge remote-tracking branch 'origin/github/pr/145' --- diff --git a/README.md b/README.md index 12d6a91..218b1bb 100644 --- a/README.md +++ b/README.md @@ -25,4 +25,5 @@ of an installed `grml-live` package: # export SCRIPTS_DIRECTORY=$(pwd)/scripts # export LIVE_CONF=$(pwd)/etc/grml/grml-live.conf # export TEMPLATE_DIRECTORY=$(pwd)/templates + # ln -s ../../../grml-live-grml/templates/boot/addons templates/boot/ # optional # ./grml-live -s sid -a amd64 -c GRMLBASE,GRML_FULL,AMD64 diff --git a/debian/changelog b/debian/changelog index cf14de6..e087f41 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,576 @@ +grml-live (0.47.6) unstable; urgency=medium + + * [642ff89] docs: update instructions for basefile creation to include + capabilities + + -- Michael Prokop Sat, 24 Feb 2024 10:56:00 +0100 + +grml-live (0.47.5) unstable; urgency=medium + + * Software related changes: + - [922087b] drop dmraid from GRML_FULL + GRML_SMALL + * [ee314fb] templates: drop deprecated nodmraid boot option and update + grml-cheatcodes.txt + + -- Michael Prokop Fri, 02 Feb 2024 16:52:57 +0100 + +grml-live (0.47.4) unstable; urgency=medium + + * [bdf9b40] grml-cheatcodes.txt: drop URL for no-longer existing live- + initramfs.en.7.txt + * [06e703a] Fix usage of FAI's shell.log vs. scripts.log + * Software related changes: + - [e0a2d0b] add xxd to GRML_SMALL + GRML_FULL + - [dca230e] add memtest86+ to GRML_FULL (amd64/i386 only) + + -- Michael Prokop Fri, 02 Feb 2024 16:04:31 +0100 + +grml-live (0.47.3) unstable; urgency=medium + + * Software related changes: + - [c30d41f] add zstd to GRML_SMALL. Thanks to Marc Haber + + -- Michael Prokop Mon, 15 Jan 2024 12:35:35 +0100 + +grml-live (0.47.2) unstable; urgency=medium + + [ Michael Prokop ] + * [94ef34a] templates/boot/isolinux/f10: use https and replace freenode + with oftc + * [69fe8e2] grml-docs/startpage.html: rework and update instructions + * [cbbab37] templates/boot/grub/%SHORT_NAME%_options.cfg: fix missing + quotes + + [ Darshaka Pathirana ] + * [4e76a27] Remove Grml release name from the boot options + + -- Michael Prokop Sat, 23 Dec 2023 13:22:32 +0100 + +grml-live (0.47.1) unstable; urgency=medium + + [ Michael Prokop ] + * Software related changes: + - [892768a] ship xserver-xorg-video-intel with grml32-full + - [f123b91] drop thin-provisioning-tools from GRML_FULL + + [ Darshaka Pathirana ] + * [c0460ec] Unify boot options order + + -- Michael Prokop Fri, 01 Dec 2023 12:39:26 +0100 + +grml-live (0.47.0) unstable; urgency=medium + + * [f365415] Add debootstrap to Depends + * [1a9a788] Rework memtest handling, incl. usage of latest available + memtest file + * [e57c3ad] templates/boot/grub/addons: use chainloader instead of + linuxefi + + -- Michael Prokop Thu, 19 Oct 2023 17:24:51 +0200 + +grml-live (0.46.1) unstable; urgency=medium + + * [b041d9e] grml-live-remaster: aufs got replaced by overlay. + Thanks to Alhyene for the patch + * Software related changes: + - [3faa4ab] add toilet to GRML_SMALL + GRML_FULL and + lolcat to GRML_FULL + + -- Michael Prokop Thu, 14 Sep 2023 18:24:41 +0200 + +grml-live (0.46.0) unstable; urgency=medium + + The "hello arm64 / aarch64" release + + * [f0c9fee] Drop deprecated GRMLBASE/93-update-usbids (update-usbids + is gone) + * [cb68d92] GRMLBASE/91-update-pciids: also ignore exit code 1 + * [74c4bce] Support FAI's newer scripts.log, as used with FAI + versions >=6.0 + * [e530f07] Provide workaround for dhcpcd/isc-dhcp-client + cloud-init + for bookworm. Thanks to János Pásztor for the bug report + * [e1a5504] Initial arm64 / aarch64 support + * Software related changes: + - [97f7e34] install architecture specific fwupd-signed packages + + -- Michael Prokop Fri, 08 Sep 2023 18:00:52 +0200 + +grml-live (0.45.0) unstable; urgency=medium + + * [d6d5fee] Drop depends on fai-server. Thanks to András Korn + * [75e65f3] Deprecate FAI's make-fai-nfsroot.conf + * [29d5e28] Update zsh completion + ship it via Debian package + * [5730180] Add support for Debian/trixie (current Debian/testing) + Thanks to cb for the PR + * Software related changes: + - [8359ac7] add lz4 to GRML_FULL. Thanks to willmcginnis + for the suggestion + - [fe23a7a] drop dstat (unmaintained upstream) + - [0adb425] ship fwupd with fwupd-signed + policykit-1 + + udisks2 for firmware updates + + -- Michael Prokop Fri, 11 Aug 2023 19:32:56 +0200 + +grml-live (0.44.0) unstable; urgency=medium + + * [7005037] grml-cheatcodes.txt: document usage of + bootfrom=/dev/disk/by-label* + drop deprecated tohd. + Thanks to Csillag Tamas + * [bac3076] No longer bootstrap with --no-merged-usr. + Thanks to Csillag Tamas for reporting + * [00d296a] DEBIAN_STABLE: enable non-free-firmware component + and use stable-backports + * Software related changes: + - [7eb1881] add f3 to GRML_FULL. + Thanks to Keith Irwin for the suggestion + - [3152440] add gdisk to GRML_SMALL + - [e7ada95] switch from isc-dhcp-client to dhcpcd. + Thanks to András Korn for the suggestion + + -- Michael Prokop Fri, 30 Jun 2023 14:25:46 +0200 + +grml-live (0.43.2) unstable; urgency=medium + + * [842c047] Increase EFI image size when using Secure Boot on amd64. + Thanks to János Pásztor for bugreport and initial patch + + -- Michael Prokop Thu, 23 Feb 2023 12:37:12 +0100 + +grml-live (0.43.1) unstable; urgency=medium + + * [721a473] Secure Boot: update grub and shim binaries. + Thanks to János Pásztor for bugreport and PR + * [6f345c1] Use serial console with 115200n8 by default. + Thanks to anarcat for bugreport + * [cd1b0e9] Drop deprecated /etc/inittab configuration files + * [f771ff8] Update debian/copyright + * [c7d7687] Update Vcs-git header to use github.com + * [dfec112] Bump Standards-Version to 4.6.2 + * Software related changes: + - [b55c661] drop firmware-ath9k-htc (provided by firmware-atheros) + + -- Michael Prokop Mon, 20 Feb 2023 14:19:26 +0100 + +grml-live (0.43.0) unstable; urgency=medium + + The "Good Riddance" release + + * [d1575f1] Drop /etc/grml/fai/config/files/etc/lsb-base- + logging.sh/GRMLBASE + * [a4d3b31] Ship custom tmpfiles.d configuration to avoid man-db cache + removal. Thanks to 2f2a and Darshaka Pathirana + * [87ea3f5] Support new non-free-firmware component + * [19b3f2b] Add non-free component to security.debian.org repository of + old Debian releases + * [1f5167a] Update examples/reprepro/conf to a more recent Debian + release + * [5a77db4] Drop support for lenny, squeeze, wheezy, jessie, stretch + + buster Debian releases and default to bookworm + * [19a0467] Drop file-rc support + + -- Michael Prokop Fri, 03 Feb 2023 17:52:32 +0100 + +grml-live (0.42.2) unstable; urgency=medium + + * [c55290b] GRMLBASE/39-modprobe: do not expect all files in + /etc/modprobe.d to be used + * [1aa1823] GRMLBASE/39-modprobe: avoid usage of + /lib/modprobe.d/50-nfs.conf + * [ed733f2] Revert "Set SHELL variable in tty1" + * [2013537] Revert "Run zsh when starting screen" + + -- Michael Prokop Fri, 25 Nov 2022 11:57:09 +0100 + +grml-live (0.42.1) unstable; urgency=medium + + [ Michael Prokop ] + * Software related changes: + - [797426b] add hping3 to GRML_FULL + - [19a81f4] add tmux to GRML_SMALL + - [2bb0740] re-add xfsdump to GRML_FULL + - [acf26ea] add espeak-ng + - [134a171] re-add ifenslave to GRML_SMALL and GRML_FULL + - [74dcb54] add mtx to GRML_FULL + + [ Darshaka Pathirana ] + * [7422d31] Set SHELL variable in tty1 + + -- Michael Prokop Fri, 11 Nov 2022 17:07:55 +0100 + +grml-live (0.42.0) unstable; urgency=medium + + The "happy carnival" release + + * [c01a86b] Support Memtest86+ with UEFI + * [ea1e5ea] Provide workaround for kmod/initramfs-tools issue with + NFS/netboot. Thanks to András Korn + + -- Michael Prokop Fri, 11 Nov 2022 10:23:23 +0100 + +grml-live (0.41.2) unstable; urgency=medium + + * [bb84a88] Deploy default /etc/locale.conf, to avoid systemd-firstboot + prompting during bootup + * [6d6606f] /etc/fstab: fix note from rebuilfstab->grml-udev- + rebuildfstab switch. Thanks to Christoph Biedl for reporting + * [c137314] Drop SYSTEMD package config file, no longer relevant. Thanks + to András Korn for reporting + * [cff6607] Provide apt sources.list file to support 'bookworm' as + Debian suite + * Software related changes: + - [33f9c6c] drop firmware-intelwimax package from GRMLBASE + + -- Michael Prokop Mon, 07 Nov 2022 21:25:47 +0100 + +grml-live (0.41.1) unstable; urgency=medium + + [ András Korn ] + * [48f94bb] Add support for building grml ISOs with zfs + + [ Michael Prokop ] + * [6d869c1] ssh.service: avoid indirection via /bin/sh + do not run test + mode in ExecStartPre + * [8d93bbb] ssh.service: fix ssh-keygen usage + * [541a6ce] Replace egrep usage with grep -E + * Software related changes: + - [e528680] drop xfsdump from GRML_FULL + - [37addd3] drop mercurial from GRML_FULL + - [8daed70] drop subversion from GRML_FULL + - [da5e5ca] drop tshark + wireshark from GRML_FULL + - [c22b14e] drop facter, mcollective + puppet from GRML_FULL + - [bb35e69] re-add firmware-ath9k-htc to GRMLBASE + - [309a8e7] re-add iptstate to GRML_SMALL + GRML_FULL + - [9c9bd3f] re-add fluxbox and drop openbox + obconf in GRML_FULL + + -- Michael Prokop Mon, 10 Oct 2022 18:53:40 +0200 + +grml-live (0.41.0) unstable; urgency=medium + + [ András Korn ] + * [7e7a352] Exclude /var/lib/dkms/* from squashfs + * [6e5c0af] Avoid build error if etc/adjtime doesn't exist in chroot + * [8459108] Add ZFS fai class + * [c289d2f] Add comment about dwarves (can be needed to build kernel + modules) + + [ Michael Prokop ] + * [ad202c1] docs: document new ZFS class + * Software related changes: + - [b2ab701] switch from bsdmainutils to bsdextrautils + bsdutils in + GRML_SMALL + GRML_FULL + + -- Michael Prokop Wed, 17 Aug 2022 13:30:33 +0200 + +grml-live (0.40.3) unstable; urgency=medium + + * [482cb8d] GRMLBASE/50-lvm: also clear /lib/udev/rules.d/69-lvm.rules + * [f131526] GRMLBASE/21-usersetup: use adduser for adding user to group + + -- Michael Prokop Thu, 28 Jul 2022 10:58:44 +0200 + +grml-live (0.40.2) unstable; urgency=medium + + * [1d02eb2] Disable man-db settings to speed up package installation. + Thanks to Thorsten Glaser for the suggestion + * Software related changes: + - [63e3a60] add stenc to GRML_FULL + - [0989e6c] add mbuffer to GRML_FULL + - [94bec0b] add sqlite3 to GRML_FULL + + -- Michael Prokop Fri, 03 Jun 2022 14:33:53 +0200 + +grml-live (0.40.1) unstable; urgency=medium + + * Software related changes: + - [3edddae] move from ntp/ntpdate to ntpsec/ntpsec-ntpdate in + GRML_SMALL + GRML_FULL + + -- Michael Prokop Wed, 20 Apr 2022 14:48:15 +0200 + +grml-live (0.40.0) unstable; urgency=medium + + * [50d26fb] buildinfo generation: avoid error message with older + versions of jo + * [581da74] Use grubx64.efi file from grml_chroot, instead of relying on + host system + * [27016a8] Redesign RELEASE_INFO handling + fix variable replacements + within templates + * Software related changes: + - [47c2f47] replace fluxbox with openbox + obconf in GRML_FULL + - [affb053] drop bonnie++ from GRML_FULL + - [b5165f0] add myrescue to GRML_FULL + + -- Michael Prokop Mon, 21 Mar 2022 16:18:34 +0100 + +grml-live (0.39.2) unstable; urgency=medium + + [ Michael Prokop ] + * Software related changes: + - [46732ed] drop ifenslave from GRML_SMALL and GRML_FULL + - [b6bb1f8] add f2fs-tools to GRML_SMALL + GRML_FULL. + Thanks to Arun for the suggestion + - [5b2e199] drop slurm from GRML_FULL + - [ba06af6] replace exfat-utils with exfatprogs in GRML_FULL + - [9b5ecef] drop bacula-* from GRML_FULL + - [ebb166f] drop firmware-ath9k-htc from GRMLBASE + - [1c4ce53] drop iptstate from GRML_SMALL + GRML_FULL + + [ Dr. András Korn ] + * [3b07e29] grml-live.txt: output dir mount options; manifold + + -- Michael Prokop Mon, 24 Jan 2022 17:18:31 +0100 + +grml-live (0.39.1) unstable; urgency=medium + + * [093e8a1] Update DEBIAN_STABLE's apt sources.list configuration for + bullseye. Thanks to d630 for the bug report + * [dfaf77a] GRMLBASE/15-initsetup: provide workaround for failing + rsyslog + * [48c2038] isolinux: fix toram=... variable usage within isolinux + configs. Thanks to Chris S for the bug report + + -- Michael Prokop Mon, 27 Sep 2021 10:54:43 +0200 + +grml-live (0.39.0) unstable; urgency=medium + + * [9453222] Provide information how ISO was generated in file + conf/buildinfo.json + * [e703806] Immediately bail out on errors when generating the ISO fails + + -- Michael Prokop Sun, 25 Jul 2021 17:25:08 +0200 + +grml-live (0.38.5) unstable; urgency=medium + + * [a4b23f1] GRMLBASE/98-clean-chroot: also nuke *.xz files + * [fe5a77d] No longer produce md5, sha1 + sha512 checksums, but only + sha256 + * [ddbbaaa] netboot creation: no longer compress the tarball + only + generate sha256 checksum file + + -- Michael Prokop Tue, 13 Jul 2021 16:03:17 +0200 + +grml-live (0.38.4) unstable; urgency=medium + + * [6e42896] etc/grml/fai/config/files/etc/hosts/GRMLBASE: sync IPv6 + entries with Debian + * Software related changes: + - [90d1996] drop rng-tools from GRMLBASE + - [438832c] add inxi to GRML_FULL. Thanks to Darshaka Pathirana for + the suggestion + - [f16d872] add speedtest-cli to GRML_FULL. Thanks to Darshaka + Pathirana for the suggestion + + -- Michael Prokop Mon, 12 Jul 2021 09:48:41 +0200 + +grml-live (0.38.3) unstable; urgency=medium + + * Software related changes: + - [c52cdfc] add jq to GRML_FULL + - [c50146e] add wireless-regdb to GRML_FULL + + -- Michael Prokop Fri, 09 Jul 2021 09:15:10 +0200 + +grml-live (0.38.2) unstable; urgency=medium + + * Software related changes: + - [dffbaef] add firmware-ath9k-htc to GRMLBASE + - [d0ce067] drop wvdial from GRML_FULL + - [7a47f8c] drop comgt from GRML_FULL + + -- Michael Prokop Mon, 07 Jun 2021 10:43:38 +0200 + +grml-live (0.38.1) unstable; urgency=medium + + [ Mihai Moldovan ] + * [fef1c19] grml-live: fix typo in (e)error command. + + [ Michael Prokop ] + + * Software related changes: + - [79d0a1c] add ntfs-3g to GRML_SMALL. Thanks to Evgeni Golov for + the suggestion + * [7e4369c] Bump Standards-Version to 4.5.1 + * [155ca2a] Refresh lintian overrides to reflect current state + + -- Michael Prokop Fri, 07 May 2021 17:48:36 +0200 + +grml-live (0.38.0) unstable; urgency=medium + + [ Michael Prokop ] + * Documentation related changes: + - [102cd35] grml-cheatcodes.txt: document getfile.retries boot option + - [63954ff] grml-cheatcodes.txt: remove several unsupported boot options + - [acbc268] grml-cheatcodes.txt: fix URL for initramfs-tools manpage + * New features: + - [07181b4] Provide apt sources.list file to support 'bullseye' as + Debian suite + - [fada6de] Use 1m as new default squashfs block size. Thanks to + Mihai Moldovan + - [8c0c9d9] GRUB templates: provide menu entry for UEFI + Firmware Settings + - [4e93b8e] GRMLBASE/01-packages: also detect and report unknown + package names + * Fixes: + - [fb26a16] GRMLBASE/16-depmod: no longer rely on /boot/System.map-* + file + - [89c4398] GRUB templates: do not set root/chainloader but just exit + for boot from next device + + [ Mihai Moldovan ] + * [c959c14] GRUB: drop loopback usage for balder10/FreeDOS. + * [aa74c00] grml-live: isohybrid is the default, reflect that. + * [7833e77] docs/grml-live.txt: fix markdown issue, escape *. + * [2ae2174] grml-cheatcodes.txt: update fromiso doc. + * [84a0622] grml-cheatcodes.txt: reflow, no actual change. + + -- Michael Prokop Wed, 10 Mar 2021 17:30:50 +0100 + +grml-live (0.37.2) unstable; urgency=medium + + [ Michael Lass ] + * [ea72028] GRUB: remove erroneous quotes around kernelopts + + [ Michael Prokop ] + * [87bef6e] initramfs-tools: use upstream's xz handling to support + multithreading + + -- Michael Prokop Fri, 22 Jan 2021 12:01:15 +0100 + +grml-live (0.37.1) unstable; urgency=medium + + * Fixes: + - [0867199] Secure Boot: update grubx64.efi.signed to fix BootHole issue + - [780b71c] Add bsdmainutils to DEBORPHAN whitelist + - [ddb26a3] Update lintian-overrides for new EFI boot files + * Software related changes: + - [771fa1a] add mmdebstrap to GRML_FULL + GRML_SMALL. + Thanks to Helmut Grohne for the suggestion + + -- Michael Prokop Tue, 25 Aug 2020 11:49:26 +0200 + +grml-live (0.37.0) unstable; urgency=medium + + * Fixes: + - [b090c76] scripts/GRMLBASE/52-mdadm: unconditionally clear + 64-md-raid-assembly.rules + - [5c3e795] Store logfiles also when FAI's dirinstall fails + - [67df700] GRUB: don't display BIOS only addons when running + in EFI mode + - [bf7faea] /e/n/i: move sourcing of /etc/network/interfaces.d/ + to begin of file + * Features: + - [7430221] Support usage of boot/addons via symlink to + corresponding git repository + - [f625781] Be more verbose about boot addons installation + - [257dba7] Support EFI capable ipxe.efi boot addon + - [871fc96] Provide setup files for EFI boot in netboot package + * Software related changes: + - [f814855] SW: add grub-efi-amd64-signed + shim-signed to + GRML_FULL (AMD64 only) + + -- Michael Prokop Sat, 18 Jul 2020 22:02:21 +0200 + +grml-live (0.36.0) unstable; urgency=medium + + * Fixes: + - [8772657] Do not depend on /proc for calculating runtime + * Software related changes: + - [6542652] add tmate to GRML_SMALL + GRML_FULL + - [4b6fd81] add qrencode to GRML_SMALL and GRML_FULL + * Features: + - [518eb39] Refresh Secure Boot support, supporting new + 'debian' method. Thanks to Jordan Uggla for feedback + + -- Michael Prokop Wed, 24 Jun 2020 11:34:03 +0200 + +grml-live (0.35.4) unstable; urgency=medium + + [ Darshaka Pathirana ] + * [d56d6fa] Add boot option pnet (Predictable Network Interface Names) + + [ Michael Prokop ] + * [950b6bb] Adjust layout of "Predictable Network Interface Names" boot + option + + -- Michael Prokop Fri, 05 Jun 2020 13:34:01 +0200 + +grml-live (0.35.3) unstable; urgency=medium + + * Software related changes: + - [cb7d1f2] add wireguard to GRML_FULL + * Fixes: + - [6b2e23d] GRMLBASE/98-clean-chroot: avoid warning messages + with resolvconf <1.80 + - [397c7e7] Use debootstrap with --no-merged-usr by default + - [b4b524c] No longer refer to sources.grml.org + + -- Michael Prokop Wed, 03 Jun 2020 16:47:04 +0200 + +grml-live (0.35.2) unstable; urgency=medium + + * Software related changes: + - [1ec1cfe] add avahi-utils to GRML_FULL + * Features: + - [a28b1c2] etc/network/interfaces/GRMLBASE: support + /etc/network/interfaces.d/* in /e/n/i (for cloud-init support) + + -- Michael Prokop Thu, 28 May 2020 17:34:05 +0200 + +grml-live (0.35.1) unstable; urgency=medium + + * Fixes: + - [ba45725] deborphan: add workaround for transitional package dnsutils + - [3140b83] deborphan: drop deprecated packages + - [f37fcf9] Move scripts/GRMLBASE/40-deborphan towards DEBORPHAN class + as file 10-whitelist + - [87be754] DEBORPHAN/10-whitelist: highlight when dnsutils gets added + to whitelist + - [cd7c095] DEBORPHAN/10-whitelist: provide workaround for Debian bug + #929273 + - [cb6179f] DEBORPHAN/10-whitelist: rework fix for broken keep file + handling of deborphan + + * Documentation: + - [856efb5] docs: update ISO sizes and disk requirements, we no + longer provide support for file-rc + + * Software related changes: + - [bda859c] add fdisk to GRMLBASE + + -- Michael Prokop Wed, 20 May 2020 17:13:24 +0200 + +grml-live (0.35.0) unstable; urgency=medium + + * Fixes: + - [e5e4578] GRMLBASE/98-clean-chroot: get rid of /wget-log* files + - [acf12d4] GRMLBASE/98-clean-chroot: fix resolvconf symlink + handling + get rid of resolvconf workarounds + - [ef6dc82] DEBIAN_STABLE: use buster-backports instead of + stretch-backports + - [31cd53a] scripts/GRMLBASE/50-lvm: unconditionally clear + 69-lvm-metad.rules file. Thanks to Dr. András Korn + - [2ece298] initramfs xz-compress: use default xz compression level. + Thanks to Dr. András Korn + - [e1e107a] GRMLBASE/80-initramfs: no longer set CRYPTSETUP=y + - [c557940] sudoers: set Defaults secure_path to have sane + default settings + + * New features: + - [3fc930d] Initial cloud-init support + + * Debian packaging: + - [914ab11] Bump Standards-Version to 4.5.0 + - [b47433a] Bump Debian compat version to 12, using + debhelper-compat approach + - [0edda67] Execute 'wrap-and-sort -a -t -s' on debian/ + + * Software related changes: + - [422c49b] SW: add radvd + - [fbb0edd] SW: drop hfsprogs from GRML_FULL + - [95f7765] SW: add cloud-init to GRML_FULL + + -- Michael Prokop Tue, 12 May 2020 16:34:01 +0200 + grml-live (0.34.4) unstable; urgency=medium [ Michael Prokop ] diff --git a/debian/compat b/debian/compat deleted file mode 100644 index ec63514..0000000 --- a/debian/compat +++ /dev/null @@ -1 +0,0 @@ -9 diff --git a/debian/control b/debian/control index 46b0032..f9dc097 100644 --- a/debian/control +++ b/debian/control @@ -2,42 +2,48 @@ Source: grml-live Section: grml Priority: optional Maintainer: Michael Prokop -Build-Depends: debhelper (>= 10) -Build-Depends-Indep: asciidoc, - docbook-xsl, - xsltproc -Standards-Version: 4.3.0 +Build-Depends: + debhelper-compat (= 12), +Build-Depends-Indep: + asciidoc, + docbook-xsl, + xsltproc, +Standards-Version: 4.6.2 Homepage: https://grml.org/grml-live/ -Vcs-git: git://git.grml.org/grml-live.git +Vcs-git: https://github.com/grml/grml-live.git Vcs-Browser: https://git.grml.org/?p=grml-live.git Origin: Grml Bugs: mailto:bugs@grml.org Package: grml-live Architecture: all -Depends: bc, - bzip2, - dosfstools, - fai-client (>= 3.4.0), - fai-server (>= 3.4.0), - isolinux (>= 3:6.03+dfsg-5+deb8u1~), - memtest86+, - mksh, - moreutils, - mtools, - pciutils, - rsync, - squashfs-tools (>= 1:4.2-0~bpo60), - syslinux, - xorriso, - ${misc:Depends} -Recommends: grml-live-db, - grub-pc-bin, - imagemagick, - ipxe, - syslinux-utils -Suggests: fai-doc, - grml-live-addons +Depends: + bc, + bzip2, + debootstrap, + dosfstools, + fai-client (>= 3.4.0), + isolinux (>= 3:6.03+dfsg-5+deb8u1~), + jo, + mksh, + moreutils, + mtools, + pciutils, + rsync, + squashfs-tools (>= 1:4.2-0~bpo60), + syslinux | syslinux-efi, + xorriso, + ${misc:Depends}, +Recommends: + grml-live-db, + grub-pc-bin, + imagemagick, + ipxe, + memtest86+, + syslinux-utils, +Suggests: + fai-doc, + grml-live-addons, Description: build system for creating a Grml (based) Linux live system This package provides the build system for creating a Debian / Grml based Linux live system (also known as live cd). It is @@ -45,13 +51,15 @@ Description: build system for creating a Grml (based) Linux live system Package: grml-live-db Architecture: all -Depends: grml-live, - libdbd-sqlite3-perl, - libdbi-perl, - libtimedate-perl, - sqlite3, - ${misc:Depends} -Recommends: perl-doc +Depends: + grml-live, + libdbd-sqlite3-perl, + libdbi-perl, + libtimedate-perl, + sqlite3, + ${misc:Depends}, +Recommends: + perl-doc, Description: log package build information of grml-live to database This package provides a database layer for storing build information about grml-live builds in a sqlite3 database. diff --git a/debian/copyright b/debian/copyright index a04f208..5741d92 100644 --- a/debian/copyright +++ b/debian/copyright @@ -4,7 +4,7 @@ Upstream-Contact: Michael Prokop Source: https://github.com/grml/grml-live/ Files: * -Copyright: 2007-2018 Michael Prokop +Copyright: 2007-2023 Michael Prokop License: GPL-2+ Files: fonts/graphicoreBitmapFont0-Light.otf @@ -15,16 +15,28 @@ Files: scripts/bootgrub.mksh scripts/bootilnx.mksh Copyright: 2007, 2008, 2009, 2010 Thorsten Glaser License: MirOS -Files: templates/EFI/BOOT/grubx64.efi.signed +Files: templates/EFI/debian/BOOT/grubx64.efi.signed +Copyright: 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, Inc + 2009-2012 Intel Corporation +Comment: see https://metadata.ftp-master.debian.org/changelogs/main/g/grub2/unstable_copyright +License: GPL-3+ + +Files: templates/EFI/debian/BOOT/shimx64.efi.signed +Copyright: 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, Inc + 2012 Canonical Ltd. +Comment: see https://metadata.ftp-master.debian.org/changelogs/main/s/shim-signed/unstable_copyright +License: BSD-2-Clause + +Files: templates/EFI/ubuntu/BOOT/grubx64.efi.signed Copyright: 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, Inc 2012 Canonical Ltd. -Comment: /usr/lib/grub/x86_64-efi-signed/grubx64.efi.signed from http://de.archive.ubuntu.com/ubuntu/pool/main/g/grub2-signed/grub-efi-amd64-signed_1.80.2+2.02~beta3-4ubuntu2.2_amd64.deb +Comment: /usr/lib/grub/x86_64-efi-signed/grubx64.efi.signed from http://de.archive.ubuntu.com/ubuntu/pool/main/g/grub2-signed/grub-efi-amd64-signed_1.93+2.02-2ubuntu8_amd64.deb License: GPL-3+ -Files: templates/EFI/BOOT/shimx64.efi.signed +Files: templates/EFI/ubuntu/BOOT/shimx64.efi.signed Copyright: 2012 Red Hat, Inc 2009-2012 Intel Corporation -Comment: /usr/lib/shim/shimx64.efi.signed from http://de.archive.ubuntu.com/ubuntu/pool/main/s/shim-signed/shim-signed_1.32~17.04.1+0.9+1474479173.6c180c6-1ubuntu1_amd64.deb +Comment: /usr/lib/shim/shimx64.efi.signed from http://de.archive.ubuntu.com/ubuntu/pool/main/s/shim-signed/shim-signed_1.34.9+13-0ubuntu2_amd64.deb License: BSD-2-Clause License: GPL-2+ diff --git a/debian/grml-live.docs b/debian/grml-live.docs index 66f2ad4..de4be2b 100644 --- a/debian/grml-live.docs +++ b/debian/grml-live.docs @@ -1,2 +1,2 @@ -docs/grml-live.html docs/grml-live-remaster.html +docs/grml-live.html diff --git a/debian/grml-live.lintian-overrides b/debian/grml-live.lintian-overrides index b163159..6ad790d 100644 --- a/debian/grml-live.lintian-overrides +++ b/debian/grml-live.lintian-overrides @@ -1,11 +1,9 @@ grml-live: bugs-field-does-not-refer-to-debian-infrastructure mailto:bugs@grml.org grml-live: executable-not-elf-or-script usr/share/grml-live/templates/windows/autostart/autorun.inf -grml-live: extra-license-file usr/share/grml-live/templates/GRML/LICENSE.txt -grml-live: font-in-non-font-package usr/share/grml-live/fonts/graphicoreBitmapFont0-Light.otf -grml-live: font-outside-font-dir usr/share/grml-live/fonts/graphicoreBitmapFont0-Light.otf grml-live: privacy-breach-generic usr/share/grml-live/templates/GRML/index.html [] (http://grml.org/) grml-live: script-not-executable usr/share/grml-live/scripts/bootgrub.mksh grml-live: script-not-executable usr/share/grml-live/scripts/bootilnx.mksh grml-live: unknown-section grml +grml-live: uses-dpkg-database-directly etc/grml/fai/config/hooks/instsoft.GRMLBASE grml-live: uses-dpkg-database-directly etc/grml/fai/config/scripts/GRMLBASE/98-clean-chroot grml-live: uses-dpkg-database-directly usr/sbin/grml-live diff --git a/debian/grml-live.maintscript b/debian/grml-live.maintscript index cd7cba6..c00535e 100644 --- a/debian/grml-live.maintscript +++ b/debian/grml-live.maintscript @@ -1,3 +1,8 @@ rm_conffile /etc/grml/fai/config/files/etc/apt/grml.key/GRMLBASE 0.32.3~ -rm_conffile /etc/grml/fai/config/scripts/GRMLBASE/36-cpufrequtils 0.33.0~ +rm_conffile /etc/grml/fai/config/files/etc/inittab/GRMLBASE 0.43.0~ +rm_conffile /etc/grml/fai/config/files/etc/inittab/GRML_SMALL 0.43.0~ +rm_conffile /etc/grml/fai/config/files/etc/lsb-base-logging.sh/GRMLBASE 0.42.3~ rm_conffile /etc/grml/fai/config/files/etc/systemd/system/serial-getty@ttyS0.service.d/override.conf/GRMLBASE 0.33.2~ +rm_conffile /etc/grml/fai/config/scripts/GRMLBASE/36-cpufrequtils 0.33.0~ +rm_conffile /etc/grml/fai/config/scripts/GRMLBASE/40-deborphan 0.35.0~ +rm_conffile /etc/grml/fai/config/scripts/GRMLBASE/93-update-usbids 0.45.0~ diff --git a/debian/grml-live.manpages b/debian/grml-live.manpages index f98382d..c36743b 100644 --- a/debian/grml-live.manpages +++ b/debian/grml-live.manpages @@ -1,2 +1,2 @@ -docs/grml-live.8 docs/grml-live-remaster.8 +docs/grml-live.8 diff --git a/debian/rules b/debian/rules index 8787428..864e829 100755 --- a/debian/rules +++ b/debian/rules @@ -13,7 +13,7 @@ override_dh_binary: dh_binary override_dh_install: - egrep -q "GRML_LIVE_VERSION=.*UNRELEASED" grml-live || \ + grep -qE "GRML_LIVE_VERSION=.*UNRELEASED" grml-live || \ (echo "Wrong version in grml-live" && exit 2) # build docs cd docs && $(MAKE) && cd ../ @@ -21,6 +21,8 @@ override_dh_install: sed -i -e "s/GRML_LIVE_VERSION='\*\*\*UNRELEASED\*\*\*'/GRML_LIVE_VERSION='$(DEB_VERSION)'/" grml-live find . -name grml-live.8 dh_install + # zsh completion + dh_install etc/zsh/completion.d/_grml-live usr/share/zsh/vendor-completions override_dh_fixperms: dh_fixperms diff --git a/debian/source/lintian-overrides b/debian/source/lintian-overrides index fc11cd9..7ff4d52 100644 --- a/debian/source/lintian-overrides +++ b/debian/source/lintian-overrides @@ -1,3 +1,4 @@ -grml-live source: source-contains-prebuilt-windows-binary templates/EFI/BOOT/grubx64.efi.signed -grml-live source: source-contains-prebuilt-windows-binary templates/EFI/BOOT/shimx64.efi.signed -grml-live source: vcs-field-uses-insecure-uri vcs-git git://git.grml.org/grml-live.git +grml-live source: source-contains-prebuilt-windows-binary templates/EFI/debian/BOOT/grubx64.efi.signed +grml-live source: source-contains-prebuilt-windows-binary templates/EFI/debian/BOOT/shimx64.efi.signed +grml-live source: source-contains-prebuilt-windows-binary templates/EFI/ubuntu/BOOT/grubx64.efi.signed +grml-live source: source-contains-prebuilt-windows-binary templates/EFI/ubuntu/BOOT/shimx64.efi.signed diff --git a/docs/grml-live.txt b/docs/grml-live.txt index 455889f..da845af 100644 --- a/docs/grml-live.txt +++ b/docs/grml-live.txt @@ -62,8 +62,8 @@ Use the specified architecture instead of the currently running one. This allows building a 32bit system on a 64bit host (though you can't build a 64bit system on a 32bit system/kernel of course). Please notice that real crosscompiling (like building a ppc system on x86) isn't possible due to the -nature and the need of working in a chroot. Currently supported values: i386 -and amd64. +nature and the need of working in a chroot. Currently supported values: i386, +amd64 and arm64. -b:: @@ -82,7 +82,7 @@ really know that you do not want to update the chroot. -c **CLASSES**:: Specify the CLASSES to be used for building the ISO via FAI. By default only -the classes GRMLBASE, GRML_FULL and I386/AMD64 (depending on system +the classes GRMLBASE, GRML_FULL and I386/AMD64/ARM64 (depending on system architecture) are assumed. Additionally you can specify a class providing a (grml-)kernel (see <> for details about available classes). So instead of GRML_FULL you can also use e.g. @@ -202,7 +202,7 @@ Specify name of the release. Specify the Debian suite you want to use for your live-system. If unset defaults to "testing". Supported values are: stable, testing, unstable (or their -corresponding release names like "stretch"). Please be aware that recent Debian +corresponding release names like "bookworm"). Please be aware that recent Debian suites might require a recent base.tgz (${GRML_FAI_CONFIG}/config/basefiles/$CLASSNAME.tar.gz) or a recent version of debootstrap. @@ -297,9 +297,9 @@ losing the simplicity in the build process. The main and base class provided by grml-live is named GRMLBASE. It's strongly recommended to **always** use the class GRMLBASE when building an ISO using grml-live, as well as the architecture dependent class which provides the kernel -(being 'I386' for x86_32 and 'AMD64' for x86_64) and a GRML_* class (like -GRML_SMALL or GRML_FULL). The following files and directories are -relevant for class GRMLBASE by default: +(being 'I386' for x86_32, 'AMD64' for x86_64 and 'ARM64' for arm64) and a GRML_* +class (like GRML_SMALL or GRML_FULL). +The following files and directories are relevant for class GRMLBASE by default: ${GRML_FAI_CONFIG}/config/scripts/GRMLBASE/ ${GRML_FAI_CONFIG}/config/debconf/GRMLBASE @@ -312,10 +312,10 @@ files/directories. If you want to use your own configuration, extend an existing configuration and/or add additional packages to your ISO just invent a new class (or extend an -existing one). For example if you want to use your own class named "FOOBAR" just -set CLASSES="GRMLBASE,GRML_SMALL,AMD64,FOOBAR" inside /etc/grml/grml-live.local -or invoke grml-live using the classes option: "grml-live -c -GRMLBASE,GRML_SMALL,AMD64,FOOBAR ...". +existing one). For example if you want to use your own class named "FOOBAR" on +your amd64 build, et CLASSES="GRMLBASE,GRML_SMALL,AMD64,FOOBAR" inside +/etc/grml/grml-live.local or invoke grml-live using the classes option: +"grml-live -c GRMLBASE,GRML_SMALL,AMD64,FOOBAR ...". More details regarding the class concept can be found in the documentation of FAI itself (being available at /usr/share/doc/fai-doc/). @@ -332,14 +332,6 @@ selected. The following classes are predefined: * DEBORPHAN: get rid of all packages listed in output of deborphan -* FILE_RC: instead of using systemd as init system use file-rc instead. file-rc -was the init system used by Grml until and including stable release 2014.11, -starting with beginning of 2016 Grml switched to systemd instead. If you want to -build a live system in the old style using file-rc instead of systemd then enable -this class. Please notice that support for file-rc is no longer being actively -maintained (the Grml team happily accepts patches though) and file-rc (upstream -wise) might disappear too. - * FRESHCLAM: execute freshclam (if it's present) to update clamav definitions (increases resulting ISO size ~70MB). By default it's skipped to avoid bigger ISO size. @@ -348,16 +340,17 @@ ISO size. defining a Grml system. Important parts of the buildprocess are specified in this class as well, so unless you have a really good reason you should always use this class. Please be aware that using *just* the GRMLBASE class won't be -enough, because the kernel packages (e.g. linux-image-*) are chosen in further -GRML_* classes (to provide maximum flexibility with kernel selection). If you -don't want to use the existing GRML_FULL or GRML_SMALL classes, define your own -CLASS file choosing the kernel package you want to use (and don't forget to -include your CLASS in the arguments of grml-live's -c... command line option). +enough, because the kernel packages (e.g. linux-image-pass:[*]) are chosen in +further GRML_pass:[*] classes (to provide maximum flexibility with kernel +selection). If you don't want to use the existing GRML_FULL or GRML_SMALL +classes, define your own CLASS file choosing the kernel package you want to use +(and don't forget to include your CLASS in the arguments of grml-live's `-c...` +command line option). * GRML_FULL: full featured Grml, also known as the "normal", full grml as -introduced in December 2011 (~600MB ISO size). +introduced in December 2011 (~750 ISO size). -* GRML_SMALL: minimum sized Grml version, known as grml-small (~300MB ISO +* GRML_SMALL: minimum sized Grml version, known as grml-small (~360MB ISO size). * LATEX: LaTeX(-related) packages like auctex, texlive,... @@ -385,6 +378,8 @@ placed in the output directory under grml_sources. * XORG: providing important packages for use with a base grml-featured X.org setup +* ZFS: package selection to add support for OpenZFS/zfsonlinux + [[files]] Files ----- @@ -485,15 +480,19 @@ please send us a bug report then). Check out <> for details how to set up grml-live on a plain, original Debian system. -* enough free disk space; at least 1.5GB are required for a minimal grml-live -run (\~850MB for the chroot [$CHROOT_OUTPUT], \~300MB for the build target -[$BUILD_OUTPUT], \~30MB for the netboot files and \~300MB for the resulting ISO +* enough free disk space; at least ~2GB are required for a minimal grml-live +run (\~1GB for the chroot [$CHROOT_OUTPUT], \~400MB for the build target +[$BUILD_OUTPUT], \~35MB for the netboot files and \~350MB for the resulting ISO [$ISO_OUTPUT] plus some temporary files), if you plan to use GRML_FULL you should have at least 4GB of total free disk space * fast network access for retrieving the Debian packages used for creating the chroot (check out "local mirror" to workaround this problem as far as possible) +* your output directory should not be mounted with any of the "nodev", "noexec" +or "nosuid" mount options. (/tmp typically is at least "nodev" and "nosuid" on +most systems.) + For further information see next section. [[X8]] @@ -516,9 +515,9 @@ The easiest way to get a running grml-live setup is to just use Grml. Of course using grml-live on a plain, original Debian installation is supported as well. So there we go. -What we have: plain, original Debian stretch (9.x). +What we have: plain, original Debian bookworm (v12). -What we want: build a Grml ISO based on Debian/stretch for the amd64 architecture +What we want: build a Grml ISO based on Debian/bookworm for the amd64 architecture using grml-live. Instructions @@ -545,6 +544,7 @@ Instructions # mkdir -p /etc/grml/fai/config/basefiles/ # mv I386.tar.gz /etc/grml/fai/config/basefiles/ # mv AMD64.tar.gz /etc/grml/fai/config/basefiles/ + # mv ARM64.tar.gz /etc/grml/fai/config/basefiles/ # install relevant tools apt-get --no-install-recommends install grml-live @@ -560,7 +560,7 @@ Instructions # CHROOT_INSTALL="/etc/grml/fai/chroot_install" ## adjust if necessary (defaults to ./grml/): ## OUTPUT="/srv/grml-live" - FAI_DEBOOTSTRAP="stretch http://ftp.debian.org/debian/" + FAI_DEBOOTSTRAP="bookworm http://deb.debian.org/debian/" # ARCH="amd64" CLASSES="GRMLBASE,GRML_FULL,AMD64" EOF @@ -606,6 +606,12 @@ If you need help with grml-live or would like to see new features as part of grml-live you can get commercial support via link:http://grml-solutions.com/[Grml Solutions]. +Note that FAI doesn't abort immediately on errors that will ultimately cause +the build to fail. Be sure to look through the logs and find the actual error; +look for lines that start with "E: " or contain "FAILED" or "exit code 1". +Some messages that may look like errors are actually benign; e.g. +"/tmp/grml64/grml_chroot/var/lib/dpkg is not a mounted ramdisk" is not an error. + [[install-local-files]] How do I install further files into the chroot/ISO? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -677,7 +683,7 @@ FAI_DEBOOTSTRAP: [...] APT_PROXY="http://localhost:3142/" [...] - FAI_DEBOOTSTRAP="stretch http://localhost:3142/ftp.debian.org/debian stretch main contrib non-free" + FAI_DEBOOTSTRAP="bookworm http://localhost:3142/ftp.debian.org/debian bookworm main contrib non-free" Make sure apt-cacher-ng is running ('/etc/init.d/apt-cacher-ng restart'). That's it. All downloaded files will be cached in /var/cache/apt-cacher-ng then. @@ -686,38 +692,41 @@ That's it. All downloaded files will be cached in /var/cache/apt-cacher-ng then How do I revert the manifold feature from an ISO? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -The so called manifold feature Grml ISOs use by default allows one to use the same -ISO for CD boot and USB boot. If you notice any problems when booting just -revert the manifold feature running: +By default, Grml ISOs use isohybrid to allow them to be booted from CDs as +well as USB sticks. Manifold is an alternative to isohybrid. + +If you notice any problems +when booting manifold-crafted media, just revert the manifold feature running: % dd if=/dev/zero of=grml.iso bs=512 count=1 conv=notrunc To switch from manifold to isohybrid mode (an alternative approach provided by -syslinux) then just execute: +syslinux, used by default for official Grml images) then just execute: % isohybrid grml.iso [[create-a-base-tgz]] -How do I create a base tar.gz (I386.tar.gz or AMD64.tar.gz) -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +How do I create a base tar.gz (I386.tar.gz or AMD64.tar.gz or ARM64.tar.gz) +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [[basetgz]] First of all create the chroot using debootstrap (requires root): BASECHROOT='/tmp/basefile' # path where the chroot gets generated - SUITE='stretch' # using the current stable release should always work - debootstrap --exclude=info,tasksel,tasksel-data "$SUITE" "$BASECHROOT" http://ftp.debian.org/debian - tar -C "$BASECHROOT" --exclude='var/cache/apt/archives/*.deb' -zcf "${SUITE}".tar.gz ./ + SUITE='bookworm' # using the current stable release should always work + debootstrap --exclude=info,tasksel,tasksel-data,isc-dhcp-client,isc-dhcp-common "${SUITE}" "${BASECHROOT}" http://deb.debian.org/debian + tar -C "$BASECHROOT" --exclude='var/cache/apt/archives/*.deb' --exclude 'var/lib/apt/lists/*_*' --xattrs --xattrs-include='*.*' --acls -zcf "${SUITE}".tar.gz ./ [TIP] By default debootstrap builds a chroot matching the architecture of the running host system. If you're using an amd64 system and want to build an i386 base.tgz then invoke debootstrap using the '--arch i386' option. Disclaimer: building an AMD64 base.tgz won't work if you are using a 32bit kernel system of course. +Also building an ARM64 base.tgz requires an arm64 system. Finally place the generated tarball in /etc/grml/fai/config/basefiles/ (note that it needs to be uppercase letters matching the class names, so: e.g. -AMD64.tar.gz for amd64 and I386.tar.gz for i386). +AMD64.tar.gz for amd64, I386.tar.gz for i386 or ARM64.tar.gz for arm64). Then executing grml-live should use this file as base system instead of executing debootstrap. Check out the output for something like: diff --git a/etc/grml/fai/config/class/GRMLBASE.var b/etc/grml/fai/config/class/GRMLBASE.var index 5ac489c..caf5098 100644 --- a/etc/grml/fai/config/class/GRMLBASE.var +++ b/etc/grml/fai/config/class/GRMLBASE.var @@ -20,3 +20,6 @@ ROOTPW='x' # needs to be quite high so we can override installation # of specific packages through the IGNORE class. MAXPACKAGES=3000 + +# Do not check package names whether they are valid, but report failure instead. +# FAI_DISABLE_PACKAGE_NAME_CHECK=1 diff --git a/etc/grml/fai/config/debconf/GRMLBASE b/etc/grml/fai/config/debconf/GRMLBASE index 0308b3d..89b3503 100644 --- a/etc/grml/fai/config/debconf/GRMLBASE +++ b/etc/grml/fai/config/debconf/GRMLBASE @@ -1,9 +1,10 @@ locales locales/default_environment_locale select en_US.UTF-8 locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8 +man-db man-db/auto-update boolean false +man-db man-db/build-database boolean false openssh-server openssh-server/permit-root-login boolean true passwd passwd/shadow boolean true portmap portmap/loopback boolean false -wvdial wvdial/wvdialconf boolean false x11-common x11-common/xwrapper/actual_allowed_users string anybody x11-common x11-common/xwrapper/allowed_users select Anybody xserver-xorg shared/default-x-server select xserver-xorg diff --git a/etc/grml/fai/config/files/etc/apt/preferences.d/jessie-backports/DEBIAN_JESSIE b/etc/grml/fai/config/files/etc/apt/preferences.d/jessie-backports/DEBIAN_JESSIE deleted file mode 100644 index a877c25..0000000 --- a/etc/grml/fai/config/files/etc/apt/preferences.d/jessie-backports/DEBIAN_JESSIE +++ /dev/null @@ -1,9 +0,0 @@ -Explanation: this file was installed by grml-live to allow installation of systemd/udev (required for systemd-container) from backports -Package: systemd libsystemd0 libpam-systemd libapparmor1 ifupdown systemd-sysv udev libudev1 usb-modeswitch -Pin: release a=jessie-backports -Pin-Priority: 997 - -Explanation: this file was installed by grml-live to allow installation of linux-base (required for kernel packages) from backports -Package: linux-base firmware-misc-nonfree firmware-linux-nonfree firmware-linux -Pin: release a=jessie-backports -Pin-Priority: 997 diff --git a/etc/grml/fai/config/files/etc/apt/sources.list.d/debian.list/DEBIAN_BOOKWORM b/etc/grml/fai/config/files/etc/apt/sources.list.d/debian.list/DEBIAN_BOOKWORM new file mode 100644 index 0000000..6d48e20 --- /dev/null +++ b/etc/grml/fai/config/files/etc/apt/sources.list.d/debian.list/DEBIAN_BOOKWORM @@ -0,0 +1,7 @@ +# official debian repository: + deb http://ftp.debian.org/debian/ bookworm main contrib non-free-firmware non-free + deb-src http://ftp.debian.org/debian/ bookworm main contrib non-free-firmware non-free + +# security updates: + deb http://security.debian.org/debian-security bookworm-security main contrib non-free-firmware non-free + deb-src http://security.debian.org/debian-security bookworm-security main contrib non-free-firmware non-free diff --git a/etc/grml/fai/config/files/etc/apt/sources.list.d/debian.list/DEBIAN_BULLSEYE b/etc/grml/fai/config/files/etc/apt/sources.list.d/debian.list/DEBIAN_BULLSEYE new file mode 100644 index 0000000..54eb57f --- /dev/null +++ b/etc/grml/fai/config/files/etc/apt/sources.list.d/debian.list/DEBIAN_BULLSEYE @@ -0,0 +1,7 @@ +# official debian repository: + deb http://ftp.debian.org/debian/ bullseye main contrib non-free + deb-src http://ftp.debian.org/debian/ bullseye main contrib non-free + +# security updates: + deb http://security.debian.org/debian-security bullseye-security main contrib non-free + deb-src http://security.debian.org/debian-security bullseye-security main contrib non-free diff --git a/etc/grml/fai/config/files/etc/apt/sources.list.d/debian.list/DEBIAN_BUSTER b/etc/grml/fai/config/files/etc/apt/sources.list.d/debian.list/DEBIAN_BUSTER deleted file mode 100644 index 6be17af..0000000 --- a/etc/grml/fai/config/files/etc/apt/sources.list.d/debian.list/DEBIAN_BUSTER +++ /dev/null @@ -1,7 +0,0 @@ -# official debian repository: - deb http://ftp.debian.org/debian/ buster main contrib non-free - deb-src http://ftp.debian.org/debian/ buster main contrib non-free - -# security updates: - deb http://security.debian.org/ buster/updates main contrib - deb-src http://security.debian.org/ buster/updates main contrib diff --git a/etc/grml/fai/config/files/etc/apt/sources.list.d/debian.list/DEBIAN_JESSIE b/etc/grml/fai/config/files/etc/apt/sources.list.d/debian.list/DEBIAN_JESSIE deleted file mode 100644 index 6e8cf12..0000000 --- a/etc/grml/fai/config/files/etc/apt/sources.list.d/debian.list/DEBIAN_JESSIE +++ /dev/null @@ -1,11 +0,0 @@ -# official debian repository: - deb http://ftp.debian.org/debian/ jessie main contrib non-free - deb-src http://ftp.debian.org/debian/ jessie main contrib non-free - -# security updates: - deb http://security.debian.org/ jessie/updates main contrib - deb-src http://security.debian.org/ jessie/updates main contrib - -# backports: - deb http://ftp.debian.org/debian/ jessie-backports main contrib non-free - deb-src http://ftp.debian.org/debian/ jessie-backports main contrib non-free diff --git a/etc/grml/fai/config/files/etc/apt/sources.list.d/debian.list/DEBIAN_LENNY b/etc/grml/fai/config/files/etc/apt/sources.list.d/debian.list/DEBIAN_LENNY deleted file mode 100644 index 9f9aaab..0000000 --- a/etc/grml/fai/config/files/etc/apt/sources.list.d/debian.list/DEBIAN_LENNY +++ /dev/null @@ -1,7 +0,0 @@ -# official debian repository: - deb http://ftp.debian.org/debian/ lenny main contrib non-free - deb-src http://ftp.debian.org/debian/ lenny main contrib non-free - -# security updates: - deb http://security.debian.org/ lenny/updates main contrib - deb-src http://security.debian.org/ lenny/updates main contrib diff --git a/etc/grml/fai/config/files/etc/apt/sources.list.d/debian.list/DEBIAN_SID b/etc/grml/fai/config/files/etc/apt/sources.list.d/debian.list/DEBIAN_SID index b20afb0..2732475 100644 --- a/etc/grml/fai/config/files/etc/apt/sources.list.d/debian.list/DEBIAN_SID +++ b/etc/grml/fai/config/files/etc/apt/sources.list.d/debian.list/DEBIAN_SID @@ -1,3 +1,3 @@ # official debian repository: - deb http://ftp.debian.org/debian/ sid main contrib non-free - deb-src http://ftp.debian.org/debian/ sid main contrib non-free + deb http://ftp.debian.org/debian/ sid main contrib non-free-firmware non-free + deb-src http://ftp.debian.org/debian/ sid main contrib non-free-firmware non-free diff --git a/etc/grml/fai/config/files/etc/apt/sources.list.d/debian.list/DEBIAN_SQUEEZE b/etc/grml/fai/config/files/etc/apt/sources.list.d/debian.list/DEBIAN_SQUEEZE deleted file mode 100644 index 548e7ed..0000000 --- a/etc/grml/fai/config/files/etc/apt/sources.list.d/debian.list/DEBIAN_SQUEEZE +++ /dev/null @@ -1,11 +0,0 @@ -# official debian repository: - deb http://ftp.debian.org/debian/ squeeze main contrib non-free - deb-src http://ftp.debian.org/debian/ squeeze main contrib non-free - -# security updates: - deb http://security.debian.org/ squeeze/updates main contrib - deb-src http://security.debian.org/ squeeze/updates main contrib - -# backports: - deb http://backports.debian.org/debian-backports squeeze-backports main contrib non-free - deb-src http://backports.debian.org/debian-backports squeeze-backports main contrib non-free diff --git a/etc/grml/fai/config/files/etc/apt/sources.list.d/debian.list/DEBIAN_STABLE b/etc/grml/fai/config/files/etc/apt/sources.list.d/debian.list/DEBIAN_STABLE index 3072559..3585bfb 100644 --- a/etc/grml/fai/config/files/etc/apt/sources.list.d/debian.list/DEBIAN_STABLE +++ b/etc/grml/fai/config/files/etc/apt/sources.list.d/debian.list/DEBIAN_STABLE @@ -1,11 +1,11 @@ # official debian repository: - deb http://ftp.debian.org/debian/ stable main contrib non-free - deb-src http://ftp.debian.org/debian/ stable main contrib non-free + deb http://ftp.debian.org/debian/ stable main contrib non-free-firmware non-free + deb-src http://ftp.debian.org/debian/ stable main contrib non-free-firmware non-free # security updates: - deb http://security.debian.org/ stable/updates main contrib - deb-src http://security.debian.org/ stable/updates main contrib + deb http://security.debian.org/debian-security stable-security main contrib non-free-firmware non-free + deb-src http://security.debian.org/debian-security stable-security main contrib non-free-firmware non-free # backports: - deb http://ftp.debian.org/debian/ stretch-backports main contrib non-free - deb-src http://ftp.debian.org/debian/ stretch-backports main contrib non-free + deb http://ftp.debian.org/debian/ stable-backports main contrib non-free-firmware non-free + deb-src http://ftp.debian.org/debian/ stable-backports main contrib non-free-firmware non-free diff --git a/etc/grml/fai/config/files/etc/apt/sources.list.d/debian.list/DEBIAN_STRETCH b/etc/grml/fai/config/files/etc/apt/sources.list.d/debian.list/DEBIAN_STRETCH deleted file mode 100644 index f27cc7f..0000000 --- a/etc/grml/fai/config/files/etc/apt/sources.list.d/debian.list/DEBIAN_STRETCH +++ /dev/null @@ -1,11 +0,0 @@ -# official debian repository: - deb http://ftp.debian.org/debian/ stretch main contrib non-free - deb-src http://ftp.debian.org/debian/ stretch main contrib non-free - -# security updates: - deb http://security.debian.org/ stretch/updates main contrib - deb-src http://security.debian.org/ stretch/updates main contrib - -# backports: - deb http://ftp.debian.org/debian/ stretch-backports main contrib non-free - deb-src http://ftp.debian.org/debian/ stretch-backports main contrib non-free diff --git a/etc/grml/fai/config/files/etc/apt/sources.list.d/debian.list/DEBIAN_TESTING b/etc/grml/fai/config/files/etc/apt/sources.list.d/debian.list/DEBIAN_TESTING index a7dbe01..9b6ef42 100644 --- a/etc/grml/fai/config/files/etc/apt/sources.list.d/debian.list/DEBIAN_TESTING +++ b/etc/grml/fai/config/files/etc/apt/sources.list.d/debian.list/DEBIAN_TESTING @@ -1,7 +1,7 @@ # official debian repository: - deb http://ftp.debian.org/debian/ testing main contrib non-free - deb-src http://ftp.debian.org/debian/ testing main contrib non-free + deb http://ftp.debian.org/debian/ testing main contrib non-free-firmware non-free + deb-src http://ftp.debian.org/debian/ testing main contrib non-free-firmware non-free # security updates: - deb http://security.debian.org/ testing-security main contrib - deb-src http://security.debian.org/ testing-security main contrib + deb http://security.debian.org/ testing-security main contrib non-free-firmware non-free + deb-src http://security.debian.org/ testing-security main contrib non-free-firmware non-free diff --git a/etc/grml/fai/config/files/etc/apt/sources.list.d/debian.list/DEBIAN_TRIXIE b/etc/grml/fai/config/files/etc/apt/sources.list.d/debian.list/DEBIAN_TRIXIE new file mode 100644 index 0000000..7403459 --- /dev/null +++ b/etc/grml/fai/config/files/etc/apt/sources.list.d/debian.list/DEBIAN_TRIXIE @@ -0,0 +1,7 @@ +# official debian repository: + deb http://ftp.debian.org/debian/ trixie main contrib non-free-firmware non-free + deb-src http://ftp.debian.org/debian/ trixie main contrib non-free-firmware non-free + +# security updates: + deb http://security.debian.org/debian-security trixie-security main contrib non-free-firmware non-free + deb-src http://security.debian.org/debian-security trixie-security main contrib non-free-firmware non-free diff --git a/etc/grml/fai/config/files/etc/apt/sources.list.d/debian.list/DEBIAN_UNSTABLE b/etc/grml/fai/config/files/etc/apt/sources.list.d/debian.list/DEBIAN_UNSTABLE index 1491bcb..f280307 100644 --- a/etc/grml/fai/config/files/etc/apt/sources.list.d/debian.list/DEBIAN_UNSTABLE +++ b/etc/grml/fai/config/files/etc/apt/sources.list.d/debian.list/DEBIAN_UNSTABLE @@ -1,3 +1,3 @@ # official debian repository: - deb http://ftp.debian.org/debian/ unstable main contrib non-free - deb-src http://ftp.debian.org/debian/ unstable main contrib non-free + deb http://ftp.debian.org/debian/ unstable main contrib non-free-firmware non-free + deb-src http://ftp.debian.org/debian/ unstable main contrib non-free-firmware non-free diff --git a/etc/grml/fai/config/files/etc/cloud/cloud.cfg.d/42_grml.cfg/GRMLBASE b/etc/grml/fai/config/files/etc/cloud/cloud.cfg.d/42_grml.cfg/GRMLBASE new file mode 100644 index 0000000..646e4e2 --- /dev/null +++ b/etc/grml/fai/config/files/etc/cloud/cloud.cfg.d/42_grml.cfg/GRMLBASE @@ -0,0 +1,28 @@ +# cloud-init configuration for Grml live system. +# +# This file was deployed via grml-live's +# ${GRML_FAI_CONFIG}/config/scripts/GRMLBASE/51-cloud-init script, using +# ${GRML_FAI_CONFIG}/config/files/etc/cloud/cloud.cfg.d/42_grml.cfg/GRMLBASE + +system_info: + # This will affect which distro class gets used + distro: debian + # Default user name + that default users groups (if added/used) + default_user: + name: grml + lock_passwd: True + gecos: Grml + groups: [adm, audio, cdrom, dialout, dip, floppy, netdev, plugdev, sudo, video] + sudo: ["ALL=(ALL) NOPASSWD:ALL"] + shell: /bin/zsh + # Other config here will be given to the distro class and/or path classes + paths: + cloud_dir: /var/lib/cloud/ + templates_dir: /etc/cloud/templates/ + upstart_dir: /etc/init/ + package_mirrors: + - arches: [default] + failsafe: + primary: http://deb.debian.org/debian + security: http://security.debian.org/ + ssh_svcname: ssh diff --git a/etc/grml/fai/config/files/etc/fstab/GRMLBASE b/etc/grml/fai/config/files/etc/fstab/GRMLBASE index 37df293..ffd52b7 100644 --- a/etc/grml/fai/config/files/etc/fstab/GRMLBASE +++ b/etc/grml/fai/config/files/etc/fstab/GRMLBASE @@ -16,12 +16,12 @@ devpts /dev/pts devpts noauto,mode=0622 0 /dev/dvd /media/dvd auto user,noauto,exec,ro 0 0 # some other examples: # /dev/hda1 /Grml ext3 dev,suid,user,noauto 0 2 -# //1.2.3.4/pub /smb/pub smbfs defaults,user,noauto,uid=grml,gid=grml 0 0 +# //192.0.2.42/pub /smb/pub smbfs defaults,user,noauto,uid=grml,gid=grml 0 0 # linux:/pub /beer nfs defaults 0 0 # tmpfs /tmp tmpfs size=300M 0 0 # none /proc/bus/usb usbfs defaults,nodev,noexec,nosuid,noauto,devgid=1001,devmode=664 0 0 -# 192.168.1.101:/backups /media/nfs nfs defaults,user,wsize=8192,rsize=8192 0 0 +# 192.0.2.42:/backups /media/nfs nfs defaults,user,wsize=8192,rsize=8192 0 0 # -# Warning! Please do *not* change any lines below because they are auto-generated by. -# If you want to disable rebuildfstab set CONFIG_FSTAB='no' in /etc/grml/autoconfig! +# Warning! Please do *not* change any lines below because they are auto-generated. +# If you want to disable rebuildfstab set CONFIG_FSTAB='no' in /etc/grml/autoconfig. # See 'man grml-udev-rebuildfstab' for more details about the following entries. diff --git a/etc/grml/fai/config/files/etc/hosts/GRMLBASE b/etc/grml/fai/config/files/etc/hosts/GRMLBASE index 3f0650e..678c9e4 100644 --- a/etc/grml/fai/config/files/etc/hosts/GRMLBASE +++ b/etc/grml/fai/config/files/etc/hosts/GRMLBASE @@ -5,11 +5,6 @@ 127.0.0.1 $HOSTNAME localhost # The following lines are desirable for IPv6 capable hosts -# (added automatically by netbase upgrade) - -::1 ip6-localhost ip6-loopback $HOSTNAME -fe00::0 ip6-localnet -ff00::0 ip6-mcastprefix +::1 localhost ip6-localhost ip6-loopback $HOSTNAME ff02::1 ip6-allnodes ff02::2 ip6-allrouters -ff02::3 ip6-allhosts diff --git a/etc/grml/fai/config/files/etc/initramfs-tools/conf.d/xz-compress/GRMLBASE b/etc/grml/fai/config/files/etc/initramfs-tools/conf.d/xz-compress/GRMLBASE index 4e6b5b3..613eb4b 100644 --- a/etc/grml/fai/config/files/etc/initramfs-tools/conf.d/xz-compress/GRMLBASE +++ b/etc/grml/fai/config/files/etc/initramfs-tools/conf.d/xz-compress/GRMLBASE @@ -1,10 +1,5 @@ -# This file is installed by grml-live in 10-build-initramfs. +# This file is installed by grml-live in 80-initramfs. # Its purpose is to use XZ compression when building initramfs. -# this is a workaround to pass custom options to the xz compression -xz() { - command xz -8 --check=crc32 -} - -# enable XZ compression, reducing initramfs size from ~17MB to ~12MB -compress=xz +# enable XZ compression, reducing initramfs size from ~50MB to ~33M +COMPRESS=xz diff --git a/etc/grml/fai/config/files/etc/initramfs-tools/modules/GRMLBASE b/etc/grml/fai/config/files/etc/initramfs-tools/modules/GRMLBASE new file mode 100644 index 0000000..4500f80 --- /dev/null +++ b/etc/grml/fai/config/files/etc/initramfs-tools/modules/GRMLBASE @@ -0,0 +1,28 @@ +# This file was deployed via grml-live's +# ${GRML_FAI_CONFIG}/config/scripts/GRMLBASE/80-initramfs script, using +# ${GRML_FAI_CONFIG}/config/files/etc/initramfs-tools/modules/GRMLBASE +################################################################################ +# List of modules that you want to include in your initramfs. +# They will be loaded at boot time in the order below. +# +# Syntax: module_name [args ...] +# +# You must run update-initramfs(8) to effect this change. +# +# Examples: +# +# raid1 +# sd_mod + +# workaround for broken netboot images, see +# https://bugs.debian.org/1022172 + +# https://github.com/grml/grml/issues/192 +auth_rpcgss +grace +lockd +nfs +nfs_acl +nfsv3 +rpcrdma +rpcsec_gss_krb5 +sunrpc diff --git a/etc/grml/fai/config/files/etc/inittab/GRMLBASE b/etc/grml/fai/config/files/etc/inittab/GRMLBASE deleted file mode 100644 index 7e49dba..0000000 --- a/etc/grml/fai/config/files/etc/inittab/GRMLBASE +++ /dev/null @@ -1,96 +0,0 @@ -# This file was deployed via grml-live's -# ${GRML_FAI_CONFIG}/config/scripts/GRMLBASE/15-initsetup script, using -# ${GRML_FAI_CONFIG}/config/files/etc/inittab/GRMLBASE -################################################################################ -# Filename: inittab -# Purpose: init(8) configuration. -# Authors: grml-team (grml.org), (c) Michael Prokop -# Bug-Reports: see http://grml.org/bugs/ -# License: This file is licensed under the GPL v2. -################################################################################ - -# The default runlevel. -id:2:initdefault: - -# Boot-time system configuration/initialization script. -# This is run first except when booting in emergency (-b) mode. -si::sysinit:/etc/init.d/rcS - -# What to do in single-user mode. -~~:S:respawn:/bin/zsh --login >/dev/tty1 2>&1 ::: -# 4 virtual consoles with immortal shells -# Note that on most Debian systems tty7 is used by the X Window System. -# Use tty8 a second xserver. -1:12345:respawn:/sbin/grml-runtty /dev/tty1 /usr/share/grml-scripts/run-welcome root -2:2345:respawn:/sbin/grml-runtty /dev/tty2 /usr/share/grml-scripts/run-screen root -3:2345:respawn:/sbin/grml-runtty /dev/tty3 /usr/share/grml-scripts/run-screen root -4:2345:respawn:/sbin/grml-runtty /dev/tty4 /usr/share/grml-scripts/run-screen $USERNAME -5:2345:respawn:/sbin/grml-runtty /dev/tty5 /bin/zsh $USERNAME -6:2345:respawn:/sbin/grml-runtty /dev/tty6 /bin/zsh $USERNAME -9:2345:respawn:/sbin/getty 38400 tty9 -#10:2345:respawn:/sbin/grml-runtty /dev/tty10 /usr/sbin/grml-iptstate root -11:2345:respawn:/sbin/grml-runtty /dev/tty11 /usr/bin/htop root -12:2345:respawn:/sbin/grml-runtty /dev/tty12 /usr/share/grml-scripts/run-multitail root - -################################################################################ -# Please do NOT remove the line with the marker as it is important for the -# bootoption serial/console. line(s) will be inserted here according to the -# provided kernel command line: -#grmlserial# is a marker, important for the bootoption serial/console -################################################################################ - -# Example how to put a getty on a serial line (for a terminal) -# T0:23:respawn:/sbin/getty -L ttyS0 9600 vt100 -# T1:23:respawn:/sbin/getty -L ttyS1 9600 vt100 - -#-- isdnutils begin -# Change the lines below for your local setup and uncomment them. -# Use "init q" to reread inittab. -# look at the vboxgetty / mgetty manpage for more information (mgetty isn't -# standard!) -# -#I0:2345:respawn:/usr/sbin/vboxgetty -d /dev/ttyI0 -#I1:2345:respawn:/sbin/mgetty -D -m '"" ATZ OK AT&Eyourmsnhere OK AT&B512 OK' -s 38400 ttyI1 -#-- isdnutils end - -# Run X Window session from CDROM in runlevel 5 -#w5:5:wait:/bin/sleep 2 -#x5:5:wait:/etc/init.d/xsession start - -# Use line below to use secvpnmon. Use init q to reread inittab. -# SVPN:2345:respawn:/usr/sbin/secvpnmon diff --git a/etc/grml/fai/config/files/etc/inittab/GRML_SMALL b/etc/grml/fai/config/files/etc/inittab/GRML_SMALL deleted file mode 100644 index 09f48eb..0000000 --- a/etc/grml/fai/config/files/etc/inittab/GRML_SMALL +++ /dev/null @@ -1,96 +0,0 @@ -# This file was deployed via grml-live's -# ${GRML_FAI_CONFIG}/config/scripts/GRMLBASE/15-initsetup script, using -# ${GRML_FAI_CONFIG}/config/files/etc/inittab/GRML_SMALL -################################################################################ -# Filename: inittab.small -# Purpose: init(8) configuration for grml-small -# Authors: grml-team (grml.org), (c) Michael Prokop -# Bug-Reports: see http://grml.org/bugs/ -# License: This file is licensed under the GPL v2. -################################################################################ - -# The default runlevel. -id:2:initdefault: - -# Boot-time system configuration/initialization script. -# This is run first except when booting in emergency (-b) mode. -si::sysinit:/etc/init.d/rcS - -# What to do in single-user mode. -~~:S:respawn:/bin/zsh --login >/dev/tty1 2>&1 ::: -# 4 virtual consoles with immortal shells -# Note that on most Debian systems tty7 is used by the X Window System. -# Use tty8 a second xserver. -1:12345:respawn:/sbin/grml-runtty /dev/tty1 /usr/share/grml-scripts/run-welcome root -2:2345:respawn:/sbin/grml-runtty /dev/tty2 /usr/share/grml-scripts/run-screen root -3:2345:respawn:/sbin/grml-runtty /dev/tty3 /usr/share/grml-scripts/run-screen root -#4:2345:respawn:/sbin/grml-runtty /dev/tty4 /usr/share/grml-scripts/run-screen $USERNAME -#5:2345:respawn:/sbin/grml-runtty /dev/tty5 /bin/zsh $USERNAME -#6:2345:respawn:/sbin/grml-runtty /dev/tty6 /bin/zsh $USERNAME -#9:2345:respawn:/sbin/getty 38400 tty9 -#10:2345:respawn:/sbin/grml-runtty /dev/tty10 /usr/sbin/grml-iptstate root -#11:2345:respawn:/sbin/grml-runtty /dev/tty11 /usr/bin/htop root -#12:2345:respawn:/sbin/grml-runtty /dev/tty12 /usr/share/grml-scripts/run-multitail root - -################################################################################ -# Please do NOT remove the line with the marker as it is important for the -# bootoption serial/console. line(s) will be inserted here according to the -# provided kernel command line: -#grmlserial# is a marker, important for the bootoption serial/console -################################################################################ - -# Example how to put a getty on a serial line (for a terminal) -# T0:23:respawn:/sbin/getty -L ttyS0 9600 vt100 -# T1:23:respawn:/sbin/getty -L ttyS1 9600 vt100 - -#-- isdnutils begin -# Change the lines below for your local setup and uncomment them. -# Use "init q" to reread inittab. -# look at the vboxgetty / mgetty manpage for more information (mgetty isn't -# standard!) -# -#I0:2345:respawn:/usr/sbin/vboxgetty -d /dev/ttyI0 -#I1:2345:respawn:/sbin/mgetty -D -m '"" ATZ OK AT&Eyourmsnhere OK AT&B512 OK' -s 38400 ttyI1 -#-- isdnutils end - -# Run X Window session from CDROM in runlevel 5 -#w5:5:wait:/bin/sleep 2 -#x5:5:wait:/etc/init.d/xsession start - -# Use line below to use secvpnmon. Use init q to reread inittab. -# SVPN:2345:respawn:/usr/sbin/secvpnmon diff --git a/etc/grml/fai/config/files/etc/locale.conf/GRMLBASE b/etc/grml/fai/config/files/etc/locale.conf/GRMLBASE new file mode 100644 index 0000000..37206c4 --- /dev/null +++ b/etc/grml/fai/config/files/etc/locale.conf/GRMLBASE @@ -0,0 +1,6 @@ +# This file was deployed via grml-live's +# ${GRML_FAI_CONFIG}/config/scripts/GRMLBASE/25-locales script, using +# ${GRML_FAI_CONFIG}/config/files/etc/locale.conf/GRMLBASE +################################################################################ +# This file lists the locales configuration as used by e.g. systemd-firstboot +LANG=C.UTF-8 diff --git a/etc/grml/fai/config/files/etc/lsb-base-logging.sh/GRMLBASE b/etc/grml/fai/config/files/etc/lsb-base-logging.sh/GRMLBASE deleted file mode 100644 index ec31701..0000000 --- a/etc/grml/fai/config/files/etc/lsb-base-logging.sh/GRMLBASE +++ /dev/null @@ -1,32 +0,0 @@ -# This file was deployed via grml-live's -# ${GRML_FAI_CONFIG}/config/scripts/GRMLBASE/20-sudo script, using -# ${GRML_FAI_CONFIG}/config/files/etc/lsb-base-logging.sh/GRMLBASE - -# override output of the status on the left side of the terminal -# introduced in lsb-base >= 4.1+Debian1 -log_end_msg_pre() { :; } -log_action_msg_pre() { :; } - -if log_use_fancy_output; then - __LSB_PFX="$($TPUT -S << EOGREEN - bold - setaf 2 -EOGREEN - ) * $($TPUT -S << EONORMAL - sgr0 - op -EONORMAL - )" -else - __LSB_PFX=" * " -fi - -log_daemon_msg_pre() { - printf "${__LSB_PFX}" -} -log_action_msg() { - printf "${__LSB_PFX}$@." -} -log_action_begin_msg() { - printf "${__LSB_PFX}$@... " -} diff --git a/etc/grml/fai/config/files/etc/network/interfaces/GRMLBASE b/etc/grml/fai/config/files/etc/network/interfaces/GRMLBASE index 9f1df7b..dae8e21 100644 --- a/etc/grml/fai/config/files/etc/network/interfaces/GRMLBASE +++ b/etc/grml/fai/config/files/etc/network/interfaces/GRMLBASE @@ -2,6 +2,12 @@ # ${GRML_FAI_CONFIG}/config/scripts/GRMLBASE/35-network script, using # ${GRML_FAI_CONFIG}/config/files/etc/network/interfaces/GRMLBASE +# interfaces(5) file used by ifup(8) and ifdown(8) + +# Include files from /etc/network/interfaces.d: +source /etc/network/interfaces.d/* + # The loopback interface auto lo iface lo inet loopback + diff --git a/etc/grml/fai/config/files/etc/sudoers/GRMLBASE b/etc/grml/fai/config/files/etc/sudoers/GRMLBASE index f52c892..7a46342 100644 --- a/etc/grml/fai/config/files/etc/sudoers/GRMLBASE +++ b/etc/grml/fai/config/files/etc/sudoers/GRMLBASE @@ -20,6 +20,9 @@ root ALL=(ALL) ALL # WARNING: Never allow external access to the $USERNAME user!!! $USERNAME ALL=NOPASSWD: ALL +# Path used for every command run from sudo +Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + # allow editing of files with editor: # $USERNAME ALL=NOPASSWD: sudoedit diff --git a/etc/grml/fai/config/files/etc/systemd/system/getty@tty2.service.d/override.conf/GRMLBASE b/etc/grml/fai/config/files/etc/systemd/system/getty@tty2.service.d/override.conf/GRMLBASE index 41761bd..87b9e67 100644 --- a/etc/grml/fai/config/files/etc/systemd/system/getty@tty2.service.d/override.conf/GRMLBASE +++ b/etc/grml/fai/config/files/etc/systemd/system/getty@tty2.service.d/override.conf/GRMLBASE @@ -6,7 +6,6 @@ Restart=always StandardInput=tty StandardOutput=tty TTYPath=/dev/tty2 -Environment="SHELL=/bin/zsh" ExecStart= ExecStart=-/usr/share/grml-scripts/run-screen diff --git a/etc/grml/fai/config/files/etc/systemd/system/getty@tty3.service.d/override.conf/GRMLBASE b/etc/grml/fai/config/files/etc/systemd/system/getty@tty3.service.d/override.conf/GRMLBASE index 072e055..786468e 100644 --- a/etc/grml/fai/config/files/etc/systemd/system/getty@tty3.service.d/override.conf/GRMLBASE +++ b/etc/grml/fai/config/files/etc/systemd/system/getty@tty3.service.d/override.conf/GRMLBASE @@ -6,7 +6,6 @@ Restart=always StandardInput=tty StandardOutput=tty TTYPath=/dev/tty3 -Environment="SHELL=/bin/zsh" ExecStart= ExecStart=-/usr/share/grml-scripts/run-screen diff --git a/etc/grml/fai/config/files/etc/systemd/system/getty@tty4.service.d/override.conf/GRMLBASE b/etc/grml/fai/config/files/etc/systemd/system/getty@tty4.service.d/override.conf/GRMLBASE index fcf42ef..a94f83a 100644 --- a/etc/grml/fai/config/files/etc/systemd/system/getty@tty4.service.d/override.conf/GRMLBASE +++ b/etc/grml/fai/config/files/etc/systemd/system/getty@tty4.service.d/override.conf/GRMLBASE @@ -6,7 +6,6 @@ Restart=always StandardInput=tty StandardOutput=tty TTYPath=/dev/tty4 -Environment="SHELL=/bin/zsh" User=$USERNAME ExecStart= ExecStart=-/usr/share/grml-scripts/run-screen diff --git a/etc/grml/fai/config/files/etc/systemd/system/ssh.service/GRMLBASE b/etc/grml/fai/config/files/etc/systemd/system/ssh.service/GRMLBASE index e41b058..3a6729e 100644 --- a/etc/grml/fai/config/files/etc/systemd/system/ssh.service/GRMLBASE +++ b/etc/grml/fai/config/files/etc/systemd/system/ssh.service/GRMLBASE @@ -7,8 +7,7 @@ ConditionPathExists=!/etc/ssh/sshd_not_to_be_run [Service] EnvironmentFile=-/etc/default/ssh -ExecStartPre=-/bin/sh -c "/usr/bin/ssh-keygen -A" -ExecStartPre=/usr/sbin/sshd -t +ExecStartPre=-/usr/bin/ssh-keygen -A ExecStart=/usr/sbin/sshd -D $SSHD_OPTS ExecReload=/usr/sbin/sshd -t ExecReload=/bin/kill -HUP $MAINPID diff --git a/etc/grml/fai/config/files/etc/tmpfiles.d/man-db.conf/GRMLBASE b/etc/grml/fai/config/files/etc/tmpfiles.d/man-db.conf/GRMLBASE new file mode 100644 index 0000000..c248a47 --- /dev/null +++ b/etc/grml/fai/config/files/etc/tmpfiles.d/man-db.conf/GRMLBASE @@ -0,0 +1,6 @@ +# This file was deployed via grml-live's +# ${GRML_FAI_CONFIG}/config/scripts/GRMLBASE/85-systemd script, using +# ${GRML_FAI_CONFIG}/config/files/etc/tmpfiles.d/man-db.conf/GRMLBASE + +# Override default (age set to 1w) to avoid disappearing mandb caches +d /var/cache/man 0755 man man - diff --git a/etc/grml/fai/config/files/usr/share/doc/grml-docs/startpage.html/GRMLBASE b/etc/grml/fai/config/files/usr/share/doc/grml-docs/startpage.html/GRMLBASE index 4397911..697dd05 100644 --- a/etc/grml/fai/config/files/usr/share/doc/grml-docs/startpage.html/GRMLBASE +++ b/etc/grml/fai/config/files/usr/share/doc/grml-docs/startpage.html/GRMLBASE @@ -4,7 +4,7 @@ # Filename: startpage.html # Purpose: information page on Grml # Authors: grml-team (grml.org), (c) Michael Prokop -# Bug-Reports: see http://grml.org/bugs/ +# Bug-Reports: see https://grml.org/bugs/ # License: This file is licensed under the GPL v2. ################################################################################ --> @@ -37,53 +37,55 @@

Grml Live Linux

-

Grml is a Debian based Linux Live system for x86 and x86_64 systems. Its main -purpose is providing a system for system administrators.

+

+Grml is a Debian based Linux Live system for system administrators and users of texttools. +

-

You are reading this page probably in the w3m or links browser on the console -or in xlinks2 or Firefox/Iceweasel running under X. To switch between -links in w3m and links press the <tab>-key. You can move the cursor via -the cursor keys. 'B' is the key for going back one page in the browser history, -pressing 'H' brings you to the help of w3m. Press 'Q' for exiting w3m, links -and xlinks2.

+

+You are reading this page probably in the w3m or links browser on the console, or in Firefox running under X. +Press 'Q' for exiting w3m and links.

-

Note: If you find bugs, please report them! Thank you for helping -us to improve Grml!

- -

Overview

- -

Find the package list of installed software at grml.org/files/.

+

+Notice: if you find any bugs please report them to the Grml team! +Thank you for helping us to improve Grml! +

Quickstart

    +
  • Find the package list of installed software at grml.org/files/.
  • Use 'grml-tips $KEYWORD' to get hints and tips.
  • Use 'grml-x' to start the X window system.

Online resources

-

Subscribe to the Grml mailinglist and join #grml on irc.freenode.net!

+

+Subscribe to the Grml mailinglist, or join us on IRC in #grml on irc.oftc.net. +

-

Press 'Q' for exiting the browsers w3m, links and xlinks2.

+

+Press 'Q' for exiting the browsers w3m and links. +

+ +

+Enjoy Grml! +

-

Have fun with Grml!

-© Copyright 2004++ by the grml-team. +© Copyright 2004++ by the Grml team.
diff --git a/etc/grml/fai/config/grml/squashfs-excludes b/etc/grml/fai/config/grml/squashfs-excludes index 6c28c80..fed1ce9 100644 --- a/etc/grml/fai/config/grml/squashfs-excludes +++ b/etc/grml/fai/config/grml/squashfs-excludes @@ -1,3 +1,4 @@ run/* var/run/* var/lock/* +var/lib/dkms/* diff --git a/etc/grml/fai/config/hooks/instsoft.GRMLBASE b/etc/grml/fai/config/hooks/instsoft.GRMLBASE index c9932d8..2c4a880 100755 --- a/etc/grml/fai/config/hooks/instsoft.GRMLBASE +++ b/etc/grml/fai/config/hooks/instsoft.GRMLBASE @@ -6,11 +6,6 @@ # License: This file is licensed under the GPL v2 or any later version. ################################################################################ -FILE_RC=false -if ifclass FILE_RC ; then - FILE_RC=true -fi - set -u set -e @@ -66,15 +61,16 @@ EOF # anyway $ROOTCMD /usr/lib/dpkg/methods/apt/update /var/lib/dpkg/ apt apt - if $FILE_RC ; then - echo "Installing file-rc as FILE_RC class is enabled." - # newer aptitude versions won't remove essential packages using - # 'aptitude -f -y install file-rc' anymore, therefore force it: - $ROOTCMD aptitude -o Aptitude::ProblemResolver::Keep-All-Tier=60000 -f -y install file-rc systemd-sysv- - fi - if ! $ROOTCMD test -x /usr/bin/aptitude ; then - $ROOTCMD apt-get -y install aptitude + # the apt-get update might return an error if there's for example + # a hashsum mismatch on Debian mirror sources, we might want to continue + # but should warn the user + if ! $ROOTCMD apt-get update ; then + echo "Warning: there was an error executing apt-get update, continuing anyway." + echo "Warning: there was an error executing apt-get update, continuing anyway." >&2 + fi + + $ROOTCMD apt-get -y install aptitude fi # make sure we can upgrade automatically, @@ -119,21 +115,6 @@ if ! $ROOTCMD dpkg-divert --list | grep -q '/usr/sbin/grub-probe' ; then $ROOTCMD ln -s /bin/true /usr/sbin/grub-probe fi -# make sure we have file-rc available before package_config/GRML* is being executed {{{ -# the apt-get update might return an error if there's for example -# a hashsum mismatch on Debian mirror sources, we might want to continue -# but should warn the user -if ! $ROOTCMD apt-get update ; then - echo "Warning: there was an error executing apt-get update, continuing anyway." - echo "Warning: there was an error executing apt-get update, continuing anyway." >&2 -fi - -if $FILE_RC ; then - echo "Installing file-rc as FILE_RC class is enabled." - # newer aptitude versions won't remove essential packages using - # 'aptitude -f -y install file-rc' anymore, therefore force it via: - $ROOTCMD aptitude -o Aptitude::ProblemResolver::Keep-All-Tier=60000 -f -y install file-rc systemd-sysv- -fi # }}} # we definitely don't want to fail running fai dirinstall just diff --git a/etc/grml/fai/config/hooks/instsoft.ZFS b/etc/grml/fai/config/hooks/instsoft.ZFS new file mode 100755 index 0000000..2e8a072 --- /dev/null +++ b/etc/grml/fai/config/hooks/instsoft.ZFS @@ -0,0 +1,81 @@ +#!/bin/bash +# Filename: ${GRML_FAI_CONFIG}/hooks/instsoft.ZFS +# Purpose: Build zfs modules in the chroot, then get rid of packages installed for this alone +# Authors: (c) András Korn +# Bug-Reports: see http://grml.org/bugs/ +# License: This file is licensed under the GPL v2, or, at your option, any later version. +################################################################################ + +set -u +set -e + +# We don't want to install build-essential, dkms et al via package_config +# because they will end up bloating the iso; it seems cleaner to install +# them, build the zfs modules, then remove them. +# +# TODO: if https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009179 is ever +# fixed, switch to building a zfs-modules deb and including that. +# +# TODO: convert this into a framework for other classes to ship dkms +# modules: have a hook/script that installs the build-related packages, +# another that builds whatever must be built, and a third that does the cleanup. +# +# TODO: support other architectures grml and grml-live supports (PRs +# welcome, I'm sure). + +echo "$0: Installing latest kernel and its headers, as well as build-essential." +# For some reason, apt's autoremove function doesn't pick up some of the +# extra packages we install here, e.g. gcc-11, so work around that by +# keeping track of what gets installed. This is an ugly hack and should not +# be needed, but without it the resulting ISO is hundreds of megabytes +# larger. I hope this kludge can go away eventually. +extra_packages=($($ROOTCMD apt-get --assume-no --download-only --mark-auto -u install \ + build-essential linux-image-amd64 linux-headers-amd64 \ + | sed '0,/The following NEW packages will be installed/d;/^[^ ]/,$d')) +$ROOTCMD apt-get --yes --mark-auto -u install build-essential linux-image-amd64 linux-headers-amd64 + +# Remove all but the latest kernel (TODO: support passing in the desired +# kernel version by configuration variable instead of using the latest): +echo "$0: Removing all kernel packages except the latest one, if any." +for kernelversion in $($ROOTCMD sh -c 'cd /boot; ls -rt vmlinuz-*' | sed 's/^vmlinuz-//;$d'); do + echo "$0: Removing obsolete kernel version $kernelversion" + $ROOTCMD apt-get --yes --purge remove "linux-.*$kernelversion.*" +done + +# Earlier Debian releases have a dwarves package; newer ones have pahole. +# This can be needed to build the zfs modules, perhaps depending on kernel +# configuration (TODO: look into this). +echo "$0: Installing pahole or dwarves, whichever is available." +if $ROOTCMD apt-get --yes --mark-auto -u install pahole; then + pahole=pahole +else + $ROOTCMD apt-get --mark-auto --yes -u install dwarves + pahole=dwarves +fi + +echo "$0: Installing zfs-dkms itself." +extra_packages=(${extra_packages[@]} $($ROOTCMD apt-get --assume-no --download-only --mark-auto -u install zfs-dkms | sed '0,/The following NEW packages will be installed/d;/^[^ ]/,$d')) +$ROOTCMD apt-get --yes --mark-auto -u install zfs-dkms + +# Now invoke the dkms kernel postinst script for the only kernel that's left +# -- normally the zfs-dkms postinst script should do this, but maybe it +# didn't, and redoing it is almost free: +kernelversion=$($ROOTCMD sh -c 'ls -1 /boot/vmlinuz-*' | sed 's@.*boot/vmlinuz-@@') +echo "$0: Building zfs-dkms modules for kernel $kernelversion." +$ROOTCMD /etc/kernel/postinst.d/dkms "$kernelversion" + +tempfile=$(mktemp) +echo "$0: Saving built modules into a backup file (removing the dkms package will remove them, but we'll put them back)." +$ROOTCMD tar cf - /lib/modules/$kernelversion/updates/dkms >$tempfile + +echo "$0: Removing packages only needed to build zfs modules." +remove_packages=($(echo "${extra_packages[@]}" zfs-dkms '^linux-headers-.*' build-essential $pahole | tr ' ' '\n' | sort -u)) +$ROOTCMD apt-get --yes --purge --autoremove remove ${remove_packages[@]} +echo "$0: Trying extra hard to get rid of auto-installed packages. This is a hack that is one of the ways we're trying to work around a perceived bug in apt autoremove and should be a no-op." +$ROOTCMD apt-get --yes --purge autoremove + +echo "$0: Restoring backed-up kernel modules." +$ROOTCMD tar xf - <$tempfile +rm $tempfile +$ROOTCMD depmod -a $kernelversion +echo "$0: Completed successfully. Enjoy your zfs." diff --git a/etc/grml/fai/config/package_config/DEBIAN_BOOKWORM b/etc/grml/fai/config/package_config/DEBIAN_BOOKWORM new file mode 100644 index 0000000..af1c28b --- /dev/null +++ b/etc/grml/fai/config/package_config/DEBIAN_BOOKWORM @@ -0,0 +1,10 @@ +PACKAGES install + +# NOTE: as of grml-live v0.44.0 we switched from isc-dhcp-client to dhcpcd. +# But cloud-init has a hard dependency on isc-dhcp-client (at least as of +# v21.4-2 and up and until incl. v23.2.1-1). To ensure that GRML_FULL also +# works on bookworm OOTB and we can ship cloud-init, we enable the switch +# towards dhcpcd only for Debian trixie/testing and newer. Also see +# https://bugs.debian.org/1051421 and +# https://github.com/grml/grml-live/issues/138 +isc-dhcp-client diff --git a/etc/grml/fai/config/package_config/DEBIAN_SQUEEZE b/etc/grml/fai/config/package_config/DEBIAN_SQUEEZE deleted file mode 100644 index bf18dac..0000000 --- a/etc/grml/fai/config/package_config/DEBIAN_SQUEEZE +++ /dev/null @@ -1,5 +0,0 @@ -PACKAGES install - -# needed for linux-image-amd64-grml -linux-base/squeeze-backports -initramfs-tools/squeeze-backports diff --git a/etc/grml/fai/config/package_config/DEBIAN_STABLE b/etc/grml/fai/config/package_config/DEBIAN_STABLE new file mode 100644 index 0000000..af1c28b --- /dev/null +++ b/etc/grml/fai/config/package_config/DEBIAN_STABLE @@ -0,0 +1,10 @@ +PACKAGES install + +# NOTE: as of grml-live v0.44.0 we switched from isc-dhcp-client to dhcpcd. +# But cloud-init has a hard dependency on isc-dhcp-client (at least as of +# v21.4-2 and up and until incl. v23.2.1-1). To ensure that GRML_FULL also +# works on bookworm OOTB and we can ship cloud-init, we enable the switch +# towards dhcpcd only for Debian trixie/testing and newer. Also see +# https://bugs.debian.org/1051421 and +# https://github.com/grml/grml-live/issues/138 +isc-dhcp-client diff --git a/etc/grml/fai/config/package_config/DEBIAN_TESTING b/etc/grml/fai/config/package_config/DEBIAN_TESTING new file mode 100644 index 0000000..9a7cc24 --- /dev/null +++ b/etc/grml/fai/config/package_config/DEBIAN_TESTING @@ -0,0 +1,10 @@ +PACKAGES install + +# NOTE: as of grml-live v0.44.0 we switched from isc-dhcp-client to dhcpcd. +# But cloud-init has a hard dependency on isc-dhcp-client (at least as of +# v21.4-2 and up and until incl. v23.2.1-1). To ensure that GRML_FULL also +# works on bookworm OOTB and we can ship cloud-init, we enable the switch +# towards dhcpcd only for Debian trixie/testing and newer. Also see +# https://bugs.debian.org/1051421 and +# https://github.com/grml/grml-live/issues/138 +dhcpcd diff --git a/etc/grml/fai/config/package_config/DEBIAN_TRIXIE b/etc/grml/fai/config/package_config/DEBIAN_TRIXIE new file mode 100644 index 0000000..9a7cc24 --- /dev/null +++ b/etc/grml/fai/config/package_config/DEBIAN_TRIXIE @@ -0,0 +1,10 @@ +PACKAGES install + +# NOTE: as of grml-live v0.44.0 we switched from isc-dhcp-client to dhcpcd. +# But cloud-init has a hard dependency on isc-dhcp-client (at least as of +# v21.4-2 and up and until incl. v23.2.1-1). To ensure that GRML_FULL also +# works on bookworm OOTB and we can ship cloud-init, we enable the switch +# towards dhcpcd only for Debian trixie/testing and newer. Also see +# https://bugs.debian.org/1051421 and +# https://github.com/grml/grml-live/issues/138 +dhcpcd diff --git a/etc/grml/fai/config/package_config/DEBIAN_UNSTABLE b/etc/grml/fai/config/package_config/DEBIAN_UNSTABLE new file mode 100644 index 0000000..9a7cc24 --- /dev/null +++ b/etc/grml/fai/config/package_config/DEBIAN_UNSTABLE @@ -0,0 +1,10 @@ +PACKAGES install + +# NOTE: as of grml-live v0.44.0 we switched from isc-dhcp-client to dhcpcd. +# But cloud-init has a hard dependency on isc-dhcp-client (at least as of +# v21.4-2 and up and until incl. v23.2.1-1). To ensure that GRML_FULL also +# works on bookworm OOTB and we can ship cloud-init, we enable the switch +# towards dhcpcd only for Debian trixie/testing and newer. Also see +# https://bugs.debian.org/1051421 and +# https://github.com/grml/grml-live/issues/138 +dhcpcd diff --git a/etc/grml/fai/config/package_config/GRMLBASE b/etc/grml/fai/config/package_config/GRMLBASE index dcdd137..115df2d 100644 --- a/etc/grml/fai/config/package_config/GRMLBASE +++ b/etc/grml/fai/config/package_config/GRMLBASE @@ -10,9 +10,9 @@ deborphan dmidecode efibootmgr eject +fdisk file gpm -grml2usb grml-autoconfig grml-crypt grml-debian-keyring @@ -27,9 +27,6 @@ grml-scripts grml-scripts-core grml-tips grml-udev-config -grub-efi-amd64-bin -grub-efi-ia32-bin -grub-pc haveged hdparm hwinfo @@ -47,11 +44,9 @@ pciutils physlock pxelinux resolvconf -rng-tools rsync rsyslog strace -syslinux syslinux-common syslinux-utils udev usbutils uuid-runtime @@ -68,7 +63,6 @@ firmware-bnx2x firmware-brcm80211 firmware-cavium firmware-intel-sound -firmware-intelwimax firmware-iwlwifi firmware-libertas firmware-linux @@ -85,7 +79,19 @@ firmware-zd1211 libpam-systemd systemd-container -PACKAGES install FILE_RC -libpam-systemd- -systemd-container- -acpid +PACKAGES install I386 +grub-pc +grub-efi-amd64-bin +grub-efi-ia32-bin +syslinux syslinux-common syslinux-utils +grml2usb + +PACKAGES install AMD64 +grub-pc +grub-efi-amd64-bin +grub-efi-ia32-bin +syslinux syslinux-common syslinux-utils +grml2usb + +PACKAGES install ARM64 +grub-efi-arm64-bin diff --git a/etc/grml/fai/config/package_config/GRML_FULL b/etc/grml/fai/config/package_config/GRML_FULL index dfb99ce..2d83c2f 100644 --- a/etc/grml/fai/config/package_config/GRML_FULL +++ b/etc/grml/fai/config/package_config/GRML_FULL @@ -3,17 +3,16 @@ PACKAGES install grml-live grml-paste grml-quickconfig-standard -grml-terminalserver # base os apt aptitude binfmt-support -bsdmainutils +bsdextrautils +bsdutils dctrl-tools devscripts dos2unix -dstat findutils htop libnss-myhostname @@ -22,8 +21,8 @@ locales lsb-release lsof mount -ntp -ntpdate +ntpsec +ntpsec-ntpdate nullmailer passwd procps @@ -36,12 +35,10 @@ tzdata util-linux # basic accessibility +alsa-utils brltty +espeak-ng espeakup -alsa-utils - -# broken userland debugging -ltrace # deploy on remote sites openvpn @@ -50,12 +47,10 @@ pppoeconf # disk subsystems support/debugging array-info -bonnie++ -cciss-vol-status cryptsetup disktype -dmraid dmsetup +f3 fai-setup-storage fio gdisk @@ -70,11 +65,11 @@ scsitools sdparm sg3-utils smartmontools +stenc # disk partitioning/boot boot-info-script gparted -grub-pc-bin kpartx mbr partclone @@ -91,6 +86,7 @@ hexedit nano vim vim-gtk3 +xxd zile # filesystem support @@ -102,16 +98,15 @@ dislocker dosfstools e2fsprogs exfat-fuse -exfat-utils +exfatprogs +f2fs-tools genisoimage -hfsprogs hfsutils jfsutils ntfs-3g reiser4progs reiserfsprogs tcplay -thin-provisioning-tools xfsdump xfsprogs xmount @@ -125,6 +120,7 @@ mtools # generic tools cpp +sqlite3 whois xorriso @@ -133,6 +129,7 @@ cdebootstrap crosshurd debootstrap kexec-tools +mmdebstrap rinse # iscsi (target) support @@ -148,16 +145,18 @@ vblade # networking atftp avahi-daemon +avahi-utils bind9-host bridge-utils cdpr cifs-utils -comgt +cloud-init dnsmasq dnsutils ethstatus ethtool hostapd +hping3 ifenslave iftop ifupdown @@ -171,7 +170,6 @@ iptstate iputils-arping iputils-ping iputils-tracepath -isc-dhcp-client iw libnss-mdns libteam-utils @@ -190,21 +188,21 @@ rdnssd rfkill ser2net sipcalc -slurm snmp socat +speedtest-cli ssh ssmping tcpdump tcptraceroute telnet -tshark +tmate tsocks uml-utilities usb-modeswitch vlan -wireshark -wvdial +wireguard +wireless-regdb # network transfers ca-certificates @@ -232,8 +230,6 @@ pwgen # popular VCS to pull config from git -mercurial -subversion # recovery afflib-tools @@ -244,23 +240,22 @@ ewf-tools extundelete gddrescue gpart +myrescue recoverjpeg testdisk # restore from backup -bacula-common -bacula-console -bacula-fd -bacula-sd borgbackup clonezilla dirvish dump duplicity fsarchiver +mtx restic # compressions for backup/restore +lz4 lzop zstd @@ -276,10 +271,13 @@ binutils buffer coreutils diffutils +jq mawk +mbuffer mc patch pv +qrencode screen sed tmux @@ -287,11 +285,9 @@ zsh # system info/mgmt augeas-tools -facter flashrom -mcollective +inxi memtester -puppet stressant # virtualization support @@ -331,14 +327,17 @@ xterm # x86 hardware support acpi acpi-support -cmospwd -cpuid irqbalance lm-sensors lshw numactl usbview +# firmware updates +fwupd +policykit-1 +udisks2 + # testing bats stress @@ -346,10 +345,63 @@ stress # docs man-db +# special terminal output +lolcat +toilet + PACKAGES install I386 +# kernel related linux-image-686 linux-cpupower +# disk subsystems support/debugging, I386/AMD64 specific +cciss-vol-status +# x86 hardware support +cmospwd +cpuid +memtest86+ +# broken userland debugging +ltrace +# disk partitioning/boot +grub-pc-bin + +# PXE boot +grml-terminalserver + +# firmware updates +fwupd-i386-signed + +# X - not relevant on more recent systems, so ship on i386 only +xserver-xorg-video-intel PACKAGES install AMD64 +# kernel related linux-image-amd64 linux-cpupower +# disk subsystems support/debugging +cciss-vol-status +# x86 hardware support +cmospwd +cpuid +memtest86+ +# broken userland debugging +ltrace +# disk partitioning/boot +grub-pc-bin + +# PXE boot +grml-terminalserver + +# EFI PXE boot support in grml-terminalserver +grub-efi-amd64-signed +shim-signed + +# firmware updates +fwupd-amd64-signed + +PACKAGES install ARM64 +# kernel related +linux-image-arm64 +linux-cpupower + +# firmware updates +fwupd-arm64-signed diff --git a/etc/grml/fai/config/package_config/GRML_SMALL b/etc/grml/fai/config/package_config/GRML_SMALL index ecf3fc6..34c1647 100644 --- a/etc/grml/fai/config/package_config/GRML_SMALL +++ b/etc/grml/fai/config/package_config/GRML_SMALL @@ -6,7 +6,8 @@ attr bash binutils bridge-utils -bsdmainutils +bsdextrautils +bsdutils btrfs-progs buffer chntpw @@ -17,16 +18,17 @@ cu dctrl-tools diffutils disktype -dmraid dmsetup dos2unix dosfstools e2fsprogs ed ethtool +f2fs-tools findutils fsarchiver gddrescue +gdisk grml-paste grml-quickconfig-standard htop @@ -37,7 +39,6 @@ iperf3 iproute2 iptstate iputils-ping -isc-dhcp-client iw jfsutils kexec-tools @@ -53,6 +54,7 @@ lsscsi mawk mbr memtester +mmdebstrap mount mtools mtr-tiny @@ -61,7 +63,8 @@ ndisc6 netbase netcat-openbsd net-tools -ntpdate +ntfs-3g +ntpsec-ntpdate nwipe parted partimage @@ -72,6 +75,7 @@ pppoeconf procps psmisc qemu-guest-agent +qrencode rdnssd reiserfsprogs rfkill @@ -87,6 +91,8 @@ sysvinit-utils tar tcpdump telnet +tmate +tmux tree tsocks tzdata @@ -98,11 +104,19 @@ wget whois wipe xfsprogs +xxd zip zsh +zstd + +# special terminal output +toilet PACKAGES install I386 linux-image-686 PACKAGES install AMD64 linux-image-amd64 + +PACKAGES install ARM64 +linux-image-arm64 diff --git a/etc/grml/fai/config/package_config/SYSTEMD b/etc/grml/fai/config/package_config/SYSTEMD deleted file mode 100644 index 3533dba..0000000 --- a/etc/grml/fai/config/package_config/SYSTEMD +++ /dev/null @@ -1,7 +0,0 @@ -PACKAGES install - -network-manager - -# network-manager-openvpn -# network-manager-pptp -# network-manager-vpnc diff --git a/etc/grml/fai/config/package_config/FILE_RC b/etc/grml/fai/config/package_config/ZFS similarity index 50% rename from etc/grml/fai/config/package_config/FILE_RC rename to etc/grml/fai/config/package_config/ZFS index 953aad2..02ca370 100644 --- a/etc/grml/fai/config/package_config/FILE_RC +++ b/etc/grml/fai/config/package_config/ZFS @@ -1,4 +1,4 @@ PACKAGES install -file-rc -multitail +zfsutils-linux + diff --git a/etc/grml/fai/config/scripts/DEBORPHAN/10-whitelist b/etc/grml/fai/config/scripts/DEBORPHAN/10-whitelist new file mode 100755 index 0000000..ec97fc4 --- /dev/null +++ b/etc/grml/fai/config/scripts/DEBORPHAN/10-whitelist @@ -0,0 +1,41 @@ +#!/bin/bash +# Filename: ${GRML_FAI_CONFIG}/config/scripts/DEBORPHAN/10-whitelist +# Purpose: whitelist packages to keep with deborphan +# Authors: grml-team (grml.org), (c) Michael Prokop +# Bug-Reports: see http://grml.org/bugs/ +# License: This file is licensed under the GPL v2 or any later version. +################################################################################ + +set -u +set -e + +# workaround for dnsutils transitional package, we can drop this as soon as the +# bind9-dnsutils package is available in all our supported Debian releases +if [[ -r "${target}/usr/share/doc/dnsutils" ]] && [ -x "${target}/usr/bin/deborphan" ] ; then + echo "Adding dnsutils to deborphan whitelist" + # workaround for https://bugs.debian.org/929273 ("fseek on /var/lib/deborphan/keep: Invalid argument") + if ! [ -f "${target}"/var/lib/deborphan/keep ] ; then + printf 'dnsutils\n' > "${target}"/var/lib/deborphan/keep + elif grep -q '^dnsutils$' "${target}"/var/lib/deborphan/keep ; then + : # entry already present, avoid duplicates + else + printf 'dnsutils\n' >> "${target}"/var/lib/deborphan/keep + fi +fi + +# workaround for bsdmainutils transitional package, we can drop this as soon as the +# bsdextrautils + ncal packages are available in all our supported Debian releases +if [[ -r "${target}/usr/share/doc/bsdmainutils" ]] && [ -x "${target}/usr/bin/deborphan" ] ; then + echo "Adding bsdmainutils to deborphan whitelist" + # workaround for https://bugs.debian.org/929273 ("fseek on /var/lib/deborphan/keep: Invalid argument") + if ! [ -f "${target}"/var/lib/deborphan/keep ] ; then + printf 'bsdmainutils\n' > "${target}"/var/lib/deborphan/keep + elif grep -q '^bsdmainutils$' "${target}"/var/lib/deborphan/keep ; then + : # entry already present, avoid duplicates + else + printf 'bsdmainutils\n' >> "${target}"/var/lib/deborphan/keep + fi +fi + +## END OF FILE ################################################################# +# vim:ft=sh expandtab ai tw=80 tabstop=4 shiftwidth=2 diff --git a/etc/grml/fai/config/scripts/GRMLBASE/01-packages b/etc/grml/fai/config/scripts/GRMLBASE/01-packages index bf92ae9..aae58ae 100755 --- a/etc/grml/fai/config/scripts/GRMLBASE/01-packages +++ b/etc/grml/fai/config/scripts/GRMLBASE/01-packages @@ -9,12 +9,24 @@ set -u set -e -PACKAGE_LIST=/var/log/install_packages.list +echo -n > "${LOGDIR}"/package_errors.log # ensure we start with an empty file -if ! [ -r "$target/${PACKAGE_LIST}" ] ; then - echo "No $target/${PACKAGE_LIST} found, will not run package validation check." +if ! [ -e "${LOGDIR}"/software.log ] ; then + echo "Warning: no ${LOGDIR}/software.log found (build/update run?), skipping check for unknown packages." else - printf "Validating package list: " + if grep -q 'These unknown packages' "${LOGDIR}"/software.log ; then + echo "Identified unknown packages in ${LOGDIR}/software.log" + grep 'These unknown packages' "${LOGDIR}"/software.log | \ + sed 's/.*These unknown packages.*: //; s/ / not_installable\n/g' >> "${LOGDIR}/package_errors.log" + fi +fi + +PACKAGE_LIST=/var/log/install_packages.list +# shellcheck disable=SC2154 +if ! [ -r "${target}/${PACKAGE_LIST}" ] ; then + echo "No ${target}/${PACKAGE_LIST} found, will not run package validation check." +else + echo "Validating package list against dpkg state..." TMPSTDOUT=$(mktemp) TMPSTDERR=$(mktemp) @@ -25,23 +37,24 @@ else # for packages unknown to dpkg on stderr # NOTE: 'grep -v -- '-$' ignores packages in FAI's package list that are # marked for removal - $ROOTCMD dpkg --list $(grep -v '^#' $target/${PACKAGE_LIST} | grep -v -- '-$') 2>"$TMPSTDERR" | \ - grep -e '^[urph][ncufhWt]' > "$TMPSTDOUT" || true + # shellcheck disable=SC2046 + ${ROOTCMD} dpkg --list $(grep -v '^#' "${target}/${PACKAGE_LIST}" | grep -v -- '-$') 2>"${TMPSTDERR}" | \ + grep -e '^[urph][ncufhWt]' > "${TMPSTDOUT}" || true # extract packages from stdout - awk '/^un/ {print $2 " not_installable"}' "$TMPSTDOUT" > "$LOGDIR/package_errors.log" + awk '/^un/ {print $2 " not_installable"}' "${TMPSTDOUT}" >> "${LOGDIR}/package_errors.log" # extract packages from stderr - grep 'packages found matching' "$TMPSTDERR" | \ - sed 's/dpkg-query: [Nn]o packages found matching \(.*\)/\1 not_installable/' >> "$LOGDIR/package_errors.log" + grep 'packages found matching' "${TMPSTDERR}" | \ + sed 's/dpkg-query: [Nn]o packages found matching \(.*\)/\1 not_installable/' >> "${LOGDIR}/package_errors.log" - if [ -s "$LOGDIR/package_errors.log" ] ; then - printf "failed (there have been errors, find them at $LOGDIR/package_errors.log)\n" - else - printf "done - no errors found\n" - fi + rm -f "${TMPSTDOUT}" "${TMPSTDERR}" +fi - rm -f "$TMPSTDOUT" "$TMPSTDERR" +if [ -s "${LOGDIR}/package_errors.log" ] ; then + echo "Warning: failed (there have been errors, find them at ${LOGDIR}/package_errors.log)." +else + echo "Done - no errors found." fi ## END OF FILE ################################################################# diff --git a/etc/grml/fai/config/scripts/GRMLBASE/05-hostname b/etc/grml/fai/config/scripts/GRMLBASE/05-hostname index 0d52914..cf55d8d 100755 --- a/etc/grml/fai/config/scripts/GRMLBASE/05-hostname +++ b/etc/grml/fai/config/scripts/GRMLBASE/05-hostname @@ -29,9 +29,5 @@ if [ -r $target/etc/postfix/main.cf ] ; then $ROOTCMD newaliases fi -if [ -r $target/etc/bacula/bacula-fd.conf ] ; then - sed -i "s/$BUILD_HOSTNAME/$HOSTNAME/g" $target/etc/bacula/bacula-fd.conf -fi - ## END OF FILE ################################################################# # vim:ft=sh expandtab ai tw=80 tabstop=4 shiftwidth=2 diff --git a/etc/grml/fai/config/scripts/GRMLBASE/15-initsetup b/etc/grml/fai/config/scripts/GRMLBASE/15-initsetup index dd074ea..4b63a99 100755 --- a/etc/grml/fai/config/scripts/GRMLBASE/15-initsetup +++ b/etc/grml/fai/config/scripts/GRMLBASE/15-initsetup @@ -16,54 +16,14 @@ systemd_setup() { echo "Enabling user '$USERNAME' for autologin" sed -i "s/\$USERNAME/$USERNAME/" "$target"/etc/systemd/system/getty@tty*.service.d/override.conf - case "$(cat "${target}"/etc/debian_version)" in - 8.*) - echo "Debian jessie detected. Enabling workaround for unknown systemctl preset-all/set-default exit failure." - $ROOTCMD systemctl preset-all || true - $ROOTCMD systemctl set-default grml-boot.target || true - ;; - *) - $ROOTCMD systemctl preset-all - $ROOTCMD systemctl set-default grml-boot.target - ;; - esac -} - -file_rc_setup() { - if ! [ -r "${target}"/etc/runlevel.conf ] ; then - echo 'Warning: /etc/runlevel.conf does not exist...' - echo '... assuming we do not have file-rc, skipping 15-initsetup' - exit 0 - fi - - # keep a backup of the original runlevel.conf file for reference - if [ -r "${target}"/etc/runlevel.conf.original ] ; then - # make sure to store old backup files if they differ as well - if ! cmp "${target}"/etc/runlevel.conf "${target}"/etc/runlevel.conf.original >/dev/null ; then - cp "${target}"/etc/runlevel.conf.original "${target}/etc/runlevel.conf.original.$(date +%Y%m%d_%k:%M:%S)" - fi - fi - - cp "${target}"/etc/runlevel.conf "${target}"/etc/runlevel.conf.original - - # provide Grml's default file-rc configuration - fcopy -v /etc/runlevel.conf - - # provide Grml's inittab configuration - fcopy -v /etc/inittab - sed -i "s/\$USERNAME\$/${USERNAME}/" "${target}"/etc/inittab + # workaround for #992847 to workaround /lib/systemd -> /usr/lib/systemd transition + $ROOTCMD rm -f /etc/systemd/system/syslog.service - # provide Grml's bootlocal init scripts - fcopy -v -mroot,root,0755 /etc/init.d/bootlocal.first - fcopy -v -mroot,root,0755 /etc/init.d/bootlocal.middle - fcopy -v -mroot,root,0755 /etc/init.d/bootlocal.last + $ROOTCMD systemctl preset-all + $ROOTCMD systemctl set-default grml-boot.target } -if ifclass FILE_RC ; then - file_rc_setup -else - systemd_setup -fi +systemd_setup ## END OF FILE ################################################################# # vim:ft=sh expandtab ai tw=80 tabstop=4 shiftwidth=2 diff --git a/etc/grml/fai/config/scripts/GRMLBASE/16-depmod b/etc/grml/fai/config/scripts/GRMLBASE/16-depmod index 15695c5..047a50e 100755 --- a/etc/grml/fai/config/scripts/GRMLBASE/16-depmod +++ b/etc/grml/fai/config/scripts/GRMLBASE/16-depmod @@ -18,8 +18,8 @@ for kernel in ${target}/boot/vmlinuz-* ; do kernelversion=${kernel##$target} kernelversion=${kernelversion##/boot/vmlinuz-} - echo "Updating modules.dep for kernel $kernelversion" - $ROOTCMD depmod -ae -F /boot/System.map-"$kernelversion" "$kernelversion" + echo "Updating modules.dep for kernel ${kernelversion}" + $ROOTCMD depmod -a "${kernelversion}" done ## END OF FILE ################################################################# diff --git a/etc/grml/fai/config/scripts/GRMLBASE/18-timesetup b/etc/grml/fai/config/scripts/GRMLBASE/18-timesetup index da40243..d44efb2 100755 --- a/etc/grml/fai/config/scripts/GRMLBASE/18-timesetup +++ b/etc/grml/fai/config/scripts/GRMLBASE/18-timesetup @@ -13,7 +13,7 @@ set -e # by default it's set to UTC=no if [ -n "$UTC" ] && [ "$UTC" = "yes" ] ; then echo "UTC is set to 'yes', setting hwclock parameter UTC" - sed -i "s/^LOCAL/UTC/" "${target}/etc/adjtime" + [ -e "${target}/etc/adjtime" ] && sed -i "s/^LOCAL/UTC/" "${target}/etc/adjtime" fi # default timezone settings diff --git a/etc/grml/fai/config/scripts/GRMLBASE/21-usersetup b/etc/grml/fai/config/scripts/GRMLBASE/21-usersetup index bc09c1f..50d43e6 100755 --- a/etc/grml/fai/config/scripts/GRMLBASE/21-usersetup +++ b/etc/grml/fai/config/scripts/GRMLBASE/21-usersetup @@ -26,7 +26,7 @@ fi add_user_to_group() { [ -n "$1" ] || return 1 if grep -q $1 $target/etc/group ; then - grep "$1:x:.*$USERNAME" $target/etc/group || $ROOTCMD addgroup $USERNAME $1 + grep "$1:x:.*$USERNAME" $target/etc/group || $ROOTCMD adduser $USERNAME $1 fi } diff --git a/etc/grml/fai/config/scripts/GRMLBASE/25-locales b/etc/grml/fai/config/scripts/GRMLBASE/25-locales index 277b684..59a4e71 100755 --- a/etc/grml/fai/config/scripts/GRMLBASE/25-locales +++ b/etc/grml/fai/config/scripts/GRMLBASE/25-locales @@ -13,6 +13,9 @@ set -e # the full setup, GRMLBASE installs a minimal configuration fcopy -v /etc/locale.gen +# set up /etc/locale.conf, to avoid systemd-firstboot prompting for user input +fcopy -v /etc/locale.conf + # get rid of locales unless using class LOCALES set +u if ! ifclass LOCALES ; then diff --git a/etc/grml/fai/config/scripts/GRMLBASE/39-modprobe b/etc/grml/fai/config/scripts/GRMLBASE/39-modprobe index fae8d06..849809d 100755 --- a/etc/grml/fai/config/scripts/GRMLBASE/39-modprobe +++ b/etc/grml/fai/config/scripts/GRMLBASE/39-modprobe @@ -15,7 +15,12 @@ set -e find $target/etc/modprobe.d -maxdepth 1 -type f ! -name \*\.conf -exec mv {} {}.conf \; # Install all present modprobe.d configuration files -fcopy -v -r /etc/modprobe.d +fcopy -v -i -r /etc/modprobe.d + +if [ -f "${target}/lib/modprobe.d/50-nfs.conf" ] ; then # nfs-kernel-server >=1:2.6.2-1 + echo "Clearing /lib/modprobe.d/50-nfs.conf to avoid automatic kmod/busybox issues" + echo '# this file was generated by grml-live script GRMLBASE/39-modprobe' > "${target}/lib/modprobe.d/50-nfs.conf" +fi ## END OF FILE ################################################################# # vim:ft=sh expandtab ai tw=80 tabstop=4 shiftwidth=2 diff --git a/etc/grml/fai/config/scripts/GRMLBASE/40-deborphan b/etc/grml/fai/config/scripts/GRMLBASE/40-deborphan deleted file mode 100755 index b465379..0000000 --- a/etc/grml/fai/config/scripts/GRMLBASE/40-deborphan +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash -# Filename: ${GRML_FAI_CONFIG}/config/scripts/GRMLBASE/40-deborphan -# Purpose: configure packages for deborphan (usually exception rules) -# Authors: grml-team (grml.org), (c) Michael Prokop -# Bug-Reports: see http://grml.org/bugs/ -# License: This file is licensed under the GPL v2 or any later version. -################################################################################ - -set -u -set -e - -if [ -r $target/lib/shadowfs/liblogfs.so -a -x $target/usr/bin/deborphan ] ; then - $ROOTCMD deborphan --add-keep shadowfs || /bin/true -fi - -if [ -r $target/usr/bin/bsdtar -a -x $target/usr/bin/deborphan ] ; then - $ROOTCMD deborphan --add-keep bsdtar || /bin/true -fi - -if [ -r $target/usr/bin/ewfinfo -a -x $target/usr/bin/deborphan ] ; then - $ROOTCMD deborphan --add-keep libewf1 || /bin/true -fi - -if [ -r $target/usr/lib/libstdc++-libc6.2-2.so.3 -a -x $target/usr/bin/deborphan ] ; then - $ROOTCMD deborphan --add-keep libstdc++2.10-glibc2.2 || /bin/true -fi - -## END OF FILE ################################################################# -# vim:ft=sh expandtab ai tw=80 tabstop=4 shiftwidth=2 diff --git a/etc/grml/fai/config/scripts/GRMLBASE/42-branding b/etc/grml/fai/config/scripts/GRMLBASE/42-branding index 8cdaed5..66746d9 100755 --- a/etc/grml/fai/config/scripts/GRMLBASE/42-branding +++ b/etc/grml/fai/config/scripts/GRMLBASE/42-branding @@ -9,7 +9,6 @@ set -u set -e -fcopy -v /etc/lsb-base-logging.sh fcopy -v /usr/share/initramfs-tools/scripts/init-top/grml fcopy -v /usr/share/grml/desktop-bg.png fcopy -v /usr/share/doc/grml-docs/startpage.html diff --git a/etc/grml/fai/config/scripts/GRMLBASE/44-grub b/etc/grml/fai/config/scripts/GRMLBASE/44-grub index 5caa73a..d00d376 100755 --- a/etc/grml/fai/config/scripts/GRMLBASE/44-grub +++ b/etc/grml/fai/config/scripts/GRMLBASE/44-grub @@ -11,7 +11,14 @@ set -u $ROOTCMD mkdir -p /boot/grub -$ROOTCMD grub-mkimage -d /usr/lib/grub/i386-pc \ +if ifclass ARM64 ; then + echo "Skipping execution of script on ARM64" + exit 0 +fi + +# generate /boot/grub/core.img +$ROOTCMD grub-mkimage \ + -d /usr/lib/grub/i386-pc \ -p /boot/grub \ -o /boot/grub/core.img \ biosdisk iso9660 \ diff --git a/etc/grml/fai/config/scripts/GRMLBASE/45-grub-images b/etc/grml/fai/config/scripts/GRMLBASE/45-grub-images index 16c0e9a..76c0e10 100755 --- a/etc/grml/fai/config/scripts/GRMLBASE/45-grub-images +++ b/etc/grml/fai/config/scripts/GRMLBASE/45-grub-images @@ -28,6 +28,19 @@ ARCHS=(i386-pc) declare -A ADDITIONAL_MODULES ADDITIONAL_MODULES[i386-pc]="biosdisk" +# arm64 doesn't provide /usr/lib/grub/i386-efi, so we don't include +# i386-pc in $ARCHS (whereas on AMD64 we have both i386-pc + x86_64-efi) +if ifclass ARM64 ; then + if [ -r "${target}"/usr/lib/grub/arm64-efi/moddep.lst ] ; then + ARCHS=(arm64-efi) + # NOTE: efi_uga (EFI Universal Graphics Adapter) is deprecated + unavailable on arm64 + ADDITIONAL_MODULES[arm64-efi]="efi_gop" # no efi_uga available + else + echo "/usr/lib/grub/arm64-efi/moddep.lst.lst could not be found, skipping." + echo "NOTE: grub-efi-arm64-bin not installed?" + fi +fi + if ifclass AMD64 ; then if [ -r "${target}"/usr/lib/grub/x86_64-efi/moddep.lst ] ; then ARCHS+=(x86_64-efi) @@ -54,6 +67,7 @@ for arch in "${ARCHS[@]}" ; do i386-pc) filename=/boot/grub/grub.img ;; x86_64-efi) filename=/boot/bootx64.efi ;; i386-efi) filename=/boot/bootia32.efi ;; + arm64-efi) filename=/boot/bootaa64.efi ;; esac $ROOTCMD grub-mkimage -O $arch -o "$filename" --prefix=/boot/grub/ --config="$TMP_CONFIG" \ diff --git a/etc/grml/fai/config/scripts/GRMLBASE/50-lvm b/etc/grml/fai/config/scripts/GRMLBASE/50-lvm index 4cecce4..1f65279 100755 --- a/etc/grml/fai/config/scripts/GRMLBASE/50-lvm +++ b/etc/grml/fai/config/scripts/GRMLBASE/50-lvm @@ -9,13 +9,15 @@ set -u set -e -if ! [ -r "${target}/lib/udev/rules.d/69-lvm-metad.rules" ] ; then - echo "File /lib/udev/rules.d/69-lvm-metad.rules doesn't exist, skipping execution of script." - exit 0 +if [ -f "${target}/lib/udev/rules.d/69-lvm.rules" ] ; then # lvm2 >=2.03.15 + echo "Clearing /lib/udev/rules.d/69-lvm.rules to avoid automatic LVM scanning" + echo '# this file was generated by grml-live script GRMLBASE/50-lvm' > "${target}/lib/udev/rules.d/69-lvm.rules" fi -echo "Clearing /lib/udev/rules.d/69-lvm-metad.rules to avoid automatic LVM scanning" -echo '# this file was generated by grml-live script GRMLBASE/50-lvm' > "${target}/lib/udev/rules.d/69-lvm-metad.rules" +if [ -f "${target}/lib/udev/rules.d/69-lvm-metad.rules" ] ; then # lvm2 <= 2.03.11 + echo "Clearing /lib/udev/rules.d/69-lvm-metad.rules to avoid automatic LVM scanning" + echo '# this file was generated by grml-live script GRMLBASE/50-lvm' > "${target}/lib/udev/rules.d/69-lvm-metad.rules" +fi ## END OF FILE ################################################################# # vim:ft=sh expandtab ai tw=80 tabstop=4 shiftwidth=2 diff --git a/etc/grml/fai/config/scripts/GRMLBASE/51-cloud-init b/etc/grml/fai/config/scripts/GRMLBASE/51-cloud-init new file mode 100755 index 0000000..017408d --- /dev/null +++ b/etc/grml/fai/config/scripts/GRMLBASE/51-cloud-init @@ -0,0 +1,18 @@ +#!/bin/bash +# Filename: ${GRML_FAI_CONFIG}/config/scripts/GRMLBASE/51-cloud-init +# Purpose: configure cloud-init package +# Authors: grml-team (grml.org), (c) Michael Prokop +# Bug-Reports: see http://grml.org/bugs/ +# License: This file is licensed under the GPL v2 or any later version. +################################################################################ + +set -u +set -e + +# NOTE: this file is relevant only with cloud-init package installed, +# though we install it unconditionally via GRMLBASE class to have it +# available and configured as shipped by Grml ISOs +fcopy -v /etc/cloud/cloud.cfg.d/42_grml.cfg + +## END OF FILE ################################################################# +# vim:ft=sh expandtab ai tw=80 tabstop=4 shiftwidth=2 diff --git a/etc/grml/fai/config/scripts/GRMLBASE/52-mdadm b/etc/grml/fai/config/scripts/GRMLBASE/52-mdadm index 1bceb58..625065f 100755 --- a/etc/grml/fai/config/scripts/GRMLBASE/52-mdadm +++ b/etc/grml/fai/config/scripts/GRMLBASE/52-mdadm @@ -9,11 +9,6 @@ set -u set -e -if ! [ -r "${target}/lib/udev/rules.d/64-md-raid-assembly.rules" ] ; then - echo "File /lib/udev/rules.d/64-md-raid-assembly.rules doesn't exist, skipping execution of script." - exit 0 -fi - echo "Removing /lib/udev/rules.d/64-md-raid-assembly.rules to avoid automatic mdadm scanning" echo '# this file was generated by grml-live script GRMLBASE/52-mdadm' > "${target}/lib/udev/rules.d/64-md-raid-assembly.rules" diff --git a/etc/grml/fai/config/scripts/GRMLBASE/80-initramfs b/etc/grml/fai/config/scripts/GRMLBASE/80-initramfs index a56a579..de694cc 100755 --- a/etc/grml/fai/config/scripts/GRMLBASE/80-initramfs +++ b/etc/grml/fai/config/scripts/GRMLBASE/80-initramfs @@ -11,6 +11,7 @@ set -e fcopy -v /etc/initramfs-tools/hooks/000-udev-shutup fcopy -v /etc/initramfs-tools/conf.d/xz-compress +fcopy -v /etc/initramfs-tools/modules if ! [ -f $target/usr/share/initramfs-tools/scripts/live ] ; then echo "Error: live-boot/-initramfs does not seem to be present, can not create initramfs. Exiting.">&2 @@ -20,8 +21,8 @@ fi echo "Rebuilding initramfs" for initrd in "$(basename $target/boot/vmlinuz-*)" ; do - if ! CRYPTSETUP=y $ROOTCMD update-initramfs -k "${initrd##vmlinuz-}" -c ; then - echo "Creating fresh initrd did not work, trying update instead:" - CRYPTSETUP=y $ROOTCMD update-initramfs -k "${initrd##vmlinuz-}" -u + if ! $ROOTCMD update-initramfs -k "${initrd##vmlinuz-}" -c ; then + echo "Creating fresh initramfs did not work, trying update instead:" + $ROOTCMD update-initramfs -k "${initrd##vmlinuz-}" -u fi done diff --git a/etc/grml/fai/config/scripts/GRMLBASE/85-systemd b/etc/grml/fai/config/scripts/GRMLBASE/85-systemd new file mode 100755 index 0000000..4ea4247 --- /dev/null +++ b/etc/grml/fai/config/scripts/GRMLBASE/85-systemd @@ -0,0 +1,16 @@ +#!/bin/bash +# Filename: ${GRML_FAI_CONFIG}/config/scripts/GRMLBASE/85-systemd +# Purpose: configure systemd and related services +# Authors: grml-team (grml.org), (c) Michael Prokop +# Bug-Reports: see http://grml.org/bugs/ +# License: This file is licensed under the GPL v2 or any later version. +################################################################################ + +set -u +set -e +. "$GRML_LIVE_CONFIG" + +fcopy -M -i -B -v -r /etc/tmpfiles.d + +## END OF FILE ################################################################# +# vim:ft=sh expandtab ai tw=80 tabstop=4 shiftwidth=2 diff --git a/etc/grml/fai/config/scripts/GRMLBASE/91-update-pciids b/etc/grml/fai/config/scripts/GRMLBASE/91-update-pciids index 039c423..07666b1 100755 --- a/etc/grml/fai/config/scripts/GRMLBASE/91-update-pciids +++ b/etc/grml/fai/config/scripts/GRMLBASE/91-update-pciids @@ -14,11 +14,11 @@ fi set -u bailout() { - if [ "${1:-}" = "4" ] ; then - echo "Warning: update-pciids returned with exit code 4." >&2 + if [ "${1:-}" = "4" ] || [ "${1:-}" = "1" ] ; then + echo "Warning: update-pciids returned with exit code ${1:-}." >&2 # be verbose in logs - echo "Warning: update-pciids returned with exit code 4." + echo "Warning: update-pciids returned with exit code ${1:-}." echo "-> This indicates that networking inside the chroot did not work" echo " while GRMLBASE/91-update-pciids was running." echo " To address this issue you can either configure /etc/resolv.conf" diff --git a/etc/grml/fai/config/scripts/GRMLBASE/93-update-usbids b/etc/grml/fai/config/scripts/GRMLBASE/93-update-usbids deleted file mode 100755 index d2972d3..0000000 --- a/etc/grml/fai/config/scripts/GRMLBASE/93-update-usbids +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash -# Filename: ${GRML_FAI_CONFIG}/config/scripts/GRMLBASE/93-update-usbids -# Purpose: update pciids -# Authors: (c) Michael Prokop -# Bug-Reports: see http://grml.org/bugs/ -# License: This file is licensed under the GPL v2. -################################################################################ - -if ifclass NO_ONLINE ; then - echo "Ignoring script 93-update-usbids as NO_ONLINE is set." - exit 0 -fi - -set -u -set -e - -[ -x $target/usr/bin/timeout ] && TIMEOUT="10" || TIMEOUT="" - -if ! [ -x "${target}/usr/sbin/update-usbids" ] && ! [ -x "${target}/usr/bin/update-usbids" ] ; then - echo "Warning: update-usbids not installed (neither /usr/sbin/update-usbids nor /usr/bin/update-usbids exists)" - exit 0 -fi - -echo "Updating USB-IDs" -if [ -n "$TIMEOUT" ] ; then - $ROOTCMD timeout $TIMEOUT update-usbids -else - $ROOTCMD update-usbids -fi - -## END OF FILE ################################################################# -# vim:ft=sh expandtab ai tw=80 tabstop=4 shiftwidth=2 diff --git a/etc/grml/fai/config/scripts/GRMLBASE/98-clean-chroot b/etc/grml/fai/config/scripts/GRMLBASE/98-clean-chroot index f293e91..3b07e5e 100755 --- a/etc/grml/fai/config/scripts/GRMLBASE/98-clean-chroot +++ b/etc/grml/fai/config/scripts/GRMLBASE/98-clean-chroot @@ -101,7 +101,7 @@ rm -rf --one-file-system $target/etc/sysconfig/* \ # remove only "temporary" or saved files in the given directories nuke(){ - for i in $(find "$@" -name \*.gz -o -name \*.bz2 -o -name \*.0 2>/dev/null); do + for i in $(find "$@" -name \*.gz -o -name \*.bz2 -o -name \*.xz -o -name \*.0 2>/dev/null); do rm -f --one-file-system "$i" done } @@ -189,7 +189,20 @@ else echo "Setting up resolvconf" rm -f "${target}"/etc/resolvconf/resolv.conf.d/original rm -f "${target}"/etc/resolv.conf - ln -s /run/resolvconf/resolv.conf "${target}"/etc/resolv.conf + + # avoid "/etc/resolvconf/update.d/libc: Warning: /etc/resolv.conf is not a + # symbolic link to /etc/resolvconf/run/resolv.conf" for resolvconf versions + # before 1.80 + RESOLVCONF_VERSION=$($ROOTCMD dpkg-query -W -f='${Version}\n' resolvconf || true) + echo "-> Identified resolvconf version '${RESOLVCONF_VERSION}'" + if dpkg --compare-versions "${RESOLVCONF_VERSION}" lt 1.80 ; then + echo "-> Installing resolvconf symlink for versions <1.80" + ln -s /etc/resolvconf/run/resolv.conf "${target}"/etc/resolv.conf + else + echo "-> Installing resolvconf symlink for versions >=1.80" + ln -s /run/resolvconf/resolv.conf "${target}"/etc/resolv.conf + fi + fi # make sure we don't leak any mdadm configurations diff --git a/etc/grml/grml-live.conf b/etc/grml/grml-live.conf index c069563..6762ff7 100644 --- a/etc/grml/grml-live.conf +++ b/etc/grml/grml-live.conf @@ -49,7 +49,7 @@ # Which Debian suite/release do you want to use? # Supported values are: stable, testing, unstable (or their corresponding release -# names like "stretch"). +# names like "bookworm"). # Unless it is set it defaults to "testing". # SUITE="unstable" @@ -58,7 +58,7 @@ # Notice: GRMLBASE is recommended in any case unless you *really* know what you # are doing; make sure to also use a GRML_* class (for example GRML_SMALL # or GRML_FULL) to get an according kernel and also select the -# architecture (I386 for x86; AMD64 for x86_64) +# architecture (I386 for x86; AMD64 for x86_64, ARM64 for arm64) # CLASSES="GRMLBASE,GRML_FULL,I386" # HTTP Proxy to use for APT @@ -66,7 +66,7 @@ # Which Debian suite and which mirror do you want to use for debootstrapping? # Usage: " " -# FAI_DEBOOTSTRAP="stretch http://ftp.debian.org/debian" +# FAI_DEBOOTSTRAP="bookworm http://ftp.debian.org/debian" # Do you want to use a local mirror (like NFS)? # If so specify the directory where debian/ is available: @@ -74,7 +74,7 @@ # ... and then set up an according class file in # ${GRML_FAI_CONFIG}/config/files/etc/apt/sources.list.d/ # containing something like: -# deb file:///media/mirror/debian sid main contrib non-free +# deb file:///media/mirror/debian sid main contrib non-free-firmware non-free # Version number of ISO: # VERSION="0.0-1" @@ -152,25 +152,32 @@ # boot the CD using normal el torito mode or copy it to USB device # *without* having to run grml2usb (like: 'dd if=grml.iso of=/dev/sdX') # - working both with the same ISO +# Note that the manifold method is currently not be compatible with UEFI +# setups. # HYBRID_METHOD='disable' # do not create a hybrid ISO -# HYBRID_METHOD='isohybrid' # use isohybrid from SYSLINUX +# HYBRID_METHOD='isohybrid' # use isohybrid from SYSLINUX (default) # HYBRID_METHOD='grub2' # use manifold with GRUB 2 -# HYBRID_METHOD='manifold' # use manifold with ISOLINUX (default) - -# By default Secure Boot is enabled using the approach from Ubuntu. -# Currently only the Ubuntu approach is supported, which is restricted -# to loading Linux kernels and using a minimal version of GRUB. -# If unset defaults to "ubuntu" -# SECURE_BOOT='disable' # do not enable Secure Boot -# SECURE_BOOT="ubuntu" # use approach from Ubuntu +# HYBRID_METHOD='manifold' # use manifold with ISOLINUX + +# Secure Boot method that should be used (amd64 only). +# If unset defaults to "disabled" (which means no Secure Boot will be present) +# The following approaches are supported: +# debian: use the Debian GRUB version which requires a signed kernel, +# this is the recommended way to use Secure Boot with Grml +# ubuntu: use an older Ubuntu GRUB version which doesn't require a signed kernel, +# though has a limited feature set only and requires customized GRUB +# templates (the files shipped templates/boot/grub/ don't work as such) +# SECURE_BOOT='disable' # do not enable Secure Boot (default) +# SECURE_BOOT='debian' # use approach from Debian +# SECURE_BOOT='ubuntu' # use approach from Ubuntu # Binary that should be used for creating the squashfs file. # Defaults to the executable matching the kernel version, falls back to mksquashfs. # SQUASHFS_BINARY='mksquashfs' # Options that should be used by mksquashfs during build process. -# Defaults to '-b 256k' and the according LZMA/XZ option. -# SQUASHFS_OPTIONS='-b 256k' +# Defaults to '-b 1m' and the according LZMA/XZ option. +# SQUASHFS_OPTIONS='-b 1m' # exclude files from compressed squashfs file using the # the mksquashfs option -ef: diff --git a/etc/zsh/completion.d/_grml-live b/etc/zsh/completion.d/_grml-live index cb43f59..b0750ec 100644 --- a/etc/zsh/completion.d/_grml-live +++ b/etc/zsh/completion.d/_grml-live @@ -12,7 +12,7 @@ _grmllive_flavours() { #{{{ flavours=( grml grml64 - grml-medium grml64-medium + grml-full grml64-full grml-small grml64-small ) _wanted list expl 'grml flavour(s)' compadd ${expl} -- ${flavours} @@ -33,8 +33,10 @@ _grmllive_classes() { #{{{ local -a already static_classes static_classes=( - RELEASE LATEX_CLEANUP NO_ONLINE REMOVE_DOCS LOCALES - I386 AMD64 + DEBORPHAN FRESHCLAM + GRMLBASE GRML_FULL GRML_SMALL + LATEX LATEX_CLEANUP LOCALES NO_ONLINE RELEASE REMOVE_DOCS SOURCES XORG ZFS + I386 AMD64 ARM64 ) compset -P '*,' already=(${(s<,>)IPREFIX}) @@ -47,23 +49,40 @@ _grmllive_suites() { #{{{ local -a suites suites=( - stable testing unstable jessie stretch buster sid + stable testing unstable bookworm sid trixie ) _wanted list expl 'Debian suite' compadd ${expl} -- ${suites} } #}}} arguments=( #{{{ - '-F[force execution without prompting for yes/no]' '-a[specifiy architecture to use]:arch(s):_grmllive_archs' + '-A[clean build directories before and after running]' + '-b[build the ISO without updating the chroot via FAI]' + '-B[build the ISO without touching the chroot (skips cleanup)]' '-c[available grml-live classes]:classe(s):_grmllive_classes' + '-C[configuration file for grml-live]:configuration file:_files' + '-d[use specified date instead of build time as date of release]:date:' + '-D[use specified configuration directory instead of /etc/grml/fai]:directory:_path_files -/' + '-e[extract ISO and squashfs contents from iso_name]:ISO file:' + '-F[force execution without prompting for yes/no]' '-g[grml flavour to use]:grml flavour(s):_grmllive_flavours' '-h[display usage information]' - '-i[iso name, ends up in $OUTPUT_DIRECTORY/grml_isos]:iso name:' + '-i[iso name, ends up in $OUTPUT_DIRECTORY/grml_isos (also see -o)]:ISO name:_files' + '-I[directory which provides files that should become part of the chroot/ISO]:directory to include:_path_files -/' + '-n[skip generation of ISO]' + '-N[bootstrap (build chroot) only, do not create files for ISO]' '-o[output directory]:output directory:_path_files -/' + '-q[skip mksquashfs]' + '-Q[skip netboot package build]' + '-r[release name]:release name:' '-s[debian suite to be used for live-system]:Debian suite:_grmllive_suites' + '-S[place of scripts (defaults to /usr/share/grml-live/scripts)]:script directory:_path_files -/' '-t[template directory]:template directory:_path_files -/' - '-u[update existing chroot if possible]' + '-u[update existing chroot instead of rebuilding it from scratch]' + '-U[arrange output to be owned by specified username]' '-V[increase verbosity]' + '-w[wayback machine, build system using Debian archives from specified date]:date:' + '-z[use ZLIB instead of LZMA/XZ compression]' ) #}}} diff --git a/examples/reprepro/conf/distributions b/examples/reprepro/conf/distributions index 93127e9..46fe5e6 100644 --- a/examples/reprepro/conf/distributions +++ b/examples/reprepro/conf/distributions @@ -1,10 +1,11 @@ Origin: Debian Label: Debian-All -Suite: stable -Codename: etch -Version: 4.0 -Architectures: i386 -Components: main contrib non-free -Description: Debian -Update: debian -# SignWith: yes +Codename: bookworm +Description: Debian bookworm mirror +Architectures: amd64 source +Components: main contrib non-free non-free-firmware +Contents: .gz +Update: - debian-bookworm +Tracking: minimal +Log: bookworm +# SignWith: ... diff --git a/examples/reprepro/conf/updates b/examples/reprepro/conf/updates index 682d5e6..69f36db 100644 --- a/examples/reprepro/conf/updates +++ b/examples/reprepro/conf/updates @@ -1,4 +1,8 @@ -Name: debian -Method: http://ftp.debian.org/debian/ -# Method: http://localhost/debian/ -# Fallback: http://snapshot.debian.net/archive/2007/04/02/debian/ +Name: debian-bookworm +Method: http://deb.debian.org/debian +Suite: bookworm +Components: main contrib non-free non-free-firmware +Architectures: amd64 source +GetInRelease: no +# VerifyRelease: 0E98404D386FA1D9 +# Fallback: http://snapshot.debian.net/archive/2023/02/02/debian/ diff --git a/grml-live b/grml-live index daa4da9..72fe591 100755 --- a/grml-live +++ b/grml-live @@ -43,7 +43,7 @@ $PN - build process script for generating a (grml based) Linux Live-ISO Usage: $PN [options, see as follows] - -a architecture; available values: i386 and amd64 + -a architecture; available values: i386, amd64 + arm64 -A clean build directories before and after running -b build the ISO without updating the chroot via FAI -B build the ISO without touching the chroot (skips cleanup) @@ -184,6 +184,24 @@ umount_all() { } # }}} +# store logfiles {{{ +store_logfiles() { + # move fai logs into grml_logs directory + mkdir -p "$LOG_OUTPUT"/fai/ + cp -r "$CHROOT_OUTPUT"/var/log/fai/"$HOSTNAME"/last/* "$LOG_OUTPUT"/fai/ + rm -rf "$CHROOT_OUTPUT"/var/log/fai + + # store copy of autogenerated configuration file + cp ${GRML_FAI_CONFIG}/nfsroot.conf "$LOG_OUTPUT"/fai/ + + # copy fai package list + cp "$CHROOT_OUTPUT"/var/log/install_packages.list "$LOG_OUTPUT"/fai/ + # fixup owners + chown root:adm "$LOG_OUTPUT"/fai/* + chmod 664 "$LOG_OUTPUT"/fai/* +} +# }}} + # clean exit {{{ bailout() { rm -f /var/run/fai/fai_softupdate_is_running \ @@ -203,7 +221,6 @@ bailout() { # get rid of automatically generated conffiles rm -f ${GRML_FAI_CONFIG}/nfsroot.conf - rm -f ${GRML_FAI_CONFIG}/make-fai-nfsroot.conf if [ -n "$CHOWN_USER" ]; then log "Setting ownership" @@ -310,6 +327,7 @@ copy_addon_file() { msg="Missing addon file: \"$1\"" ewarn "$msg" ; eend 1 log "copy_addon_file: $msg" + return 1 } # replace placeholders in template files with actual information @@ -319,6 +337,19 @@ adjust_boot_files() { exit 1 fi + local release_info + if [ -n "${RELEASE_INFO:-}" ] ; then + release_info="${RELEASE_INFO}" + else + ewarn "Variable RELEASE_INFO is unset, applying fallback for usage in adjust_boot_files." ; eend 1 + release_info="$GRML_NAME $VERSION - Release Codename $RELEASENAME" + fi + + # ensure this has a specific length + local fixed_release_info + fixed_release_info="$(cut_string 68 "$release_info")" + fixed_release_info="$(extend_string_end 68 "$fixed_release_info")" + for file in "$@" ; do if [ -r "${file}" ] && [ -f "${file}" ] ; then sed -i "s/%ARCH%/$ARCH/g" "${file}" @@ -328,7 +359,7 @@ adjust_boot_files() { sed -i "s/%DISTRI_SPLASH%/$DISTRI_SPLASH/g" "${file}" sed -i "s/%GRML_NAME%/$GRML_NAME/g" "${file}" sed -i "s/%SQUASHFS_NAME%/$SQUASHFS_NAME/g" "${file}" - sed -i "s/%RELEASE_INFO%/$RELEASE_INFO/g" "${file}" + sed -i "s/%RELEASE_INFO%/$fixed_release_info/g" "${file}" sed -i "s/%SHORT_NAME%/$SHORT_NAME/g" "${file}" sed -i "s/%VERSION%/$VERSION/g" "${file}" if [ -n "${BOOT_FILE}" ] ; then @@ -430,6 +461,7 @@ fi [ -n "$HYBRID_METHOD" ] || HYBRID_METHOD='isohybrid' [ -n "$RELEASENAME" ] || RELEASENAME='grml-live rocks' [ -n "$SECURE_BOOT" ] || SECURE_BOOT='disable' +[ -n "$SQUASHFS_BINARY" ] || SQUASHFS_BINARY='mksquashfs' [ -n "$SQUASHFS_EXCLUDES_FILE" ] || SQUASHFS_EXCLUDES_FILE="${GRML_FAI_CONFIG}/config/grml/squashfs-excludes" [ -n "$SUITE" ] || SUITE='testing' [ -n "$TEMPLATE_DIRECTORY" ] || TEMPLATE_DIRECTORY='/usr/share/grml-live/templates' @@ -453,6 +485,12 @@ specify it on the command line using the -c option." [ -n "$OUTPUT" ] || bailout 1 "Error: \$OUTPUT unset, please set it in $LIVE_CONF or specify it on the command line using the -o option." +if [[ "$(dpkg --print-architecture)" != "arm64" ]] && [[ "$ARCH" == "arm64" ]] ; then + eerror "Failure: trying to build for arm64, but not running on arm64." + eend 1 + bailout +fi + # trim characters that are known to cause problems inside $GRML_NAME; # for example isolinux does not like '-' inside the directory name [ -n "$GRML_NAME" ] && export SHORT_NAME="$(echo $GRML_NAME | tr -d ',./;\- ')" @@ -462,6 +500,7 @@ specify it on the command line using the -o option." [ -n "$RELEASENAME" ] && export RELEASENAME="$RELEASENAME" # }}} + # ZERO_LOGFILE - check for backwards compatibility reasons {{{ # this was default behaviour until grml-live 0.9.34: if [ -n "$ZERO_LOGFILE" ] ; then @@ -493,6 +532,7 @@ if [ -z "$FORCE" ] ; then [ -n "$ARCH" ] && echo " Architecture: $ARCH" [ -n "$BOOT_METHOD" ] && echo " Boot method: $BOOT_METHOD" [ -n "$HYBRID_METHOD" ] && echo " Hybrid method: $HYBRID_METHOD" + [ -n "$SECURE_BOOT" ] && echo " Secure Boot: $SECURE_BOOT" [ -n "$TEMPLATE_DIRECTORY" ] && echo " Template files: $TEMPLATE_DIRECTORY" [ -n "$CHROOT_INSTALL" ] && echo " Install files from directory to chroot: $CHROOT_INSTALL" [ -n "$BOOTID" ] && echo " Boot identifier: $BOOTID" @@ -579,7 +619,8 @@ if [ -n "$CONFIG" ] ; then fi fi -start_seconds=$(cut -d . -f 1 /proc/uptime) +SECONDS=unknown +start_seconds="$(date +%s)" log "------------------------------------------------------------------------------" log "Starting grml-live [${GRML_LIVE_VERSION}] run on $(date)" log "Using local config file: $LOCAL_CONFIG" @@ -591,7 +632,7 @@ einfo "Logging actions to logfile $LOGFILE" # dump config variables into file, for script access {{{ CONFIGDUMP=$(mktemp) -set | egrep \ +set | grep -E \ '^(GRML_NAME|RELEASENAME|DATE|VERSION|SUITE|ARCH|DISTRI_NAME|USERNAME|HOSTNAME|APT_PROXY)=' \ > ${CONFIGDUMP} # }}} @@ -652,20 +693,28 @@ export SUITE # make sure it's available in FAI scripts # architecture (option), otherwise installation of kernel will fail if echo $CLASSES | grep -qw I386 ; then if ! [[ "$ARCH" == "i386" ]] ; then - log "Error: You specified the I386 class but are trying to build something else (AMD64?)." - eerror "Error: You specified the I386 class but are trying to build something else (AMD64?)." + log "Error: You specified the I386 class but are trying to build something else (AMD64/ARM64?)." + eerror "Error: You specified the I386 class but are trying to build something else (AMD64/ARM64?)." eerror "Tip: Either invoke grml-live with '-a i386' or adjust the architecture class. Exiting." eend 1 bailout fi elif echo $CLASSES | grep -qi amd64 ; then if ! [[ "$ARCH" == "amd64" ]] ; then - log "Error: You specified the AMD64 class but are trying to build something else (I386?)." - eerror "Error: You specified the AMD64 class but are trying to build something else (I386?)." + log "Error: You specified the AMD64 class but are trying to build something else (I386/ARM64?)." + eerror "Error: You specified the AMD64 class but are trying to build something else (I386/ARM64?)." eerror "Tip: Either invoke grml-live with '-a amd64' or adjust the architecture class. Exiting." eend 1 bailout fi +elif echo $CLASSES | grep -qi arm64 ; then + if ! [[ "$ARCH" == "arm64" ]] ; then + log "Error: You specified the ARM64 class but are trying to build something else (I386/AMD64?)." + eerror "Error: You specified the ARM64 class but are trying to build something else (I386/AMD64?)." + eerror "Tip: Either invoke grml-live with '-a arm64' or adjust the architecture class. Exiting." + eend 1 + bailout + fi fi # generate nfsroot configuration for FAI on the fly @@ -678,16 +727,7 @@ if [ -z "$FAI_DEBOOTSTRAP" ] ; then fi if [ -z "$FAI_DEBOOTSTRAP_OPTS" ] ; then - FAI_DEBOOTSTRAP_OPTS="--exclude=info,tasksel,tasksel-data --include=aptitude --arch $ARCH" -fi - -# create backup of old (not yet automatically generated) config file -if [ -f "${GRML_FAI_CONFIG}/make-fai-nfsroot.conf" ] ; then - if ! grep -q 'This is an automatically generated file by grml-live' "${GRML_FAI_CONFIG}/make-fai-nfsroot.conf" ; then - ewarn "Found old ${GRML_FAI_CONFIG}/make-fai-nfsroot.conf - moving to ${GRML_FAI_CONFIG}/make-fai-nfsroot.conf.outdated" - mv "${GRML_FAI_CONFIG}/make-fai-nfsroot.conf" "${GRML_FAI_CONFIG}/make-fai-nfsroot.conf.outdated" - eend $? - fi + FAI_DEBOOTSTRAP_OPTS="--exclude=info,tasksel,tasksel-data,isc-dhcp-client,isc-dhcp-common --include=aptitude --arch $ARCH" fi echo "# This is an automatically generated file by grml-live. @@ -695,8 +735,6 @@ echo "# This is an automatically generated file by grml-live. FAI_DEBOOTSTRAP=\"$FAI_DEBOOTSTRAP\" FAI_DEBOOTSTRAP_OPTS=\"$FAI_DEBOOTSTRAP_OPTS\" # EOF " > "${GRML_FAI_CONFIG}/nfsroot.conf" -# support FAI <=3.4.8, versions >=4.0 use nfsroot.conf -( cd ${GRML_FAI_CONFIG} && ln -sf nfsroot.conf make-fai-nfsroot.conf ) # }}} # CHROOT_OUTPUT - execute FAI {{{ @@ -743,9 +781,10 @@ else RC="$PIPESTATUS" # notice: bash-only if [ "$RC" != 0 ] ; then - log "Error: critical error while executing fai [exit code ${RC}]. Exiting." - eerror "Error: critical error while executing fai [exit code ${RC}]. Exiting." ; eend 1 - bailout 1 + store_logfiles # ensure to have logfiles available even if building failed + log "Error: critical error while executing fai [exit code ${RC}]. Exiting." + eerror "Error: critical error while executing fai [exit code ${RC}]. Exiting." ; eend 1 + bailout 1 fi # provide inform fai about the ISO we build, needs to be provided @@ -757,19 +796,7 @@ else FORCE_ISO_REBUILD=true - # move fai logs into grml_logs directory - mkdir -p "$LOG_OUTPUT"/fai/ - cp -r "$CHROOT_OUTPUT"/var/log/fai/"$HOSTNAME"/last/* "$LOG_OUTPUT"/fai/ - rm -rf "$CHROOT_OUTPUT"/var/log/fai - - # store copy of autogenerated configuration file - cp ${GRML_FAI_CONFIG}/nfsroot.conf "$LOG_OUTPUT"/fai/ - - # copy fai package list - cp "$CHROOT_OUTPUT"/var/log/install_packages.list "$LOG_OUTPUT"/fai/ - # fixup owners - chown root:adm "$LOG_OUTPUT"/fai/* - chmod 664 "$LOG_OUTPUT"/fai/* + store_logfiles umount_all @@ -785,10 +812,16 @@ else grep 'Unable to write mmap - msync (28 No space left on device)' $CHECKLOG/software.log >> $LOGFILE && ERROR=5 fi + # FAI versions <6.0 used to write to shell.log if [ -r "$CHECKLOG/shell.log" ] ; then grep 'FAILED with exit code' $CHECKLOG/shell.log >> $LOGFILE && ERROR=6 fi + # FAI versions >=6.0 always writes to scripts.log + if [ -r "$CHECKLOG/scripts.log" ] ; then + grep 'FAILED with exit code' $CHECKLOG/scripts.log >> $LOGFILE && ERROR=6 + fi + if [ -r "$CHECKLOG/fai.log" ] ; then grep 'updatebase.*FAILED with exit code' "$CHECKLOG/fai.log" >> "$LOGFILE" && ERROR=7 grep 'instsoft.*FAILED with exit code' "$CHECKLOG/fai.log" >> "$LOGFILE" && ERROR=8 @@ -888,11 +921,26 @@ fi # grub boot {{{ grub_setup() { - BOOTX64="/boot/bootx64.efi" - BOOTX32="/boot/bootia32.efi" EFI_IMG="/boot/efi.img" - if [[ "$ARCH" == "amd64" ]] ; then + local efi_size + if [[ "${SECURE_BOOT:-}" == "disable" ]] || [[ "${ARCH:-}" == "i386" ]] ; then + efi_size='4M' + else + # e.g. templates/EFI/debian for Secure Boot has >4MB and needs more space + efi_size='8M' + fi + + if [[ "$ARCH" == "amd64" ]] || [[ "$ARCH" == "arm64" ]] ; then + case "$ARCH" in + arm64) + BOOTX64="/boot/bootaa64.efi" + ;; + amd64) + BOOTX64="/boot/bootx64.efi" + ;; + esac + # important: this depends on execution of ${GRML_FAI_CONFIG}/config/scripts/GRMLBASE/45-grub-images if ! [ -r "${CHROOT_OUTPUT}/${BOOTX64}" ] ; then log "Can not access GRUB efi image ${CHROOT_OUTPUT}/${BOOTX64}, required for Secure Boot support" @@ -902,7 +950,7 @@ grub_setup() { bailout 50 fi - dd if=/dev/zero of="${CHROOT_OUTPUT}/${EFI_IMG}" bs=4M count=1 2>/dev/null || bailout 50 + dd if=/dev/zero of="${CHROOT_OUTPUT}/${EFI_IMG}" bs="${efi_size}" count=1 2>/dev/null || bailout 50 mkfs.vfat -n GRML "${CHROOT_OUTPUT}/${EFI_IMG}" >/dev/null || bailout 51 mmd -i "${CHROOT_OUTPUT}/${EFI_IMG}" ::EFI || bailout 52 mmd -i "${CHROOT_OUTPUT}/${EFI_IMG}" ::EFI/BOOT || bailout 52 @@ -911,42 +959,76 @@ grub_setup() { log "Secure Boot is disabled." einfo "Secure Boot is disabled." ; eend 0 - # install "$BOOTX64" as ::EFI/BOOT/bootx64.efi inside image file "$EFI_IMG": - mcopy -i "${CHROOT_OUTPUT}/${EFI_IMG}" "${CHROOT_OUTPUT}/${BOOTX64}" ::EFI/BOOT/bootx64.efi >/dev/null || bailout 53 + # install "$BOOTX64" as ::EFI/BOOT/{bootx64.efi|bootaa64.efi} inside image file "$EFI_IMG": + case "$ARCH" in + arm64) + mcopy -i "${CHROOT_OUTPUT}/${EFI_IMG}" "${CHROOT_OUTPUT}/${BOOTX64}" ::EFI/BOOT/bootaa64.efi >/dev/null || bailout 53 + ;; + amd64) + mcopy -i "${CHROOT_OUTPUT}/${EFI_IMG}" "${CHROOT_OUTPUT}/${BOOTX64}" ::EFI/BOOT/bootx64.efi >/dev/null || bailout 53 + ;; + esac log "Generated 64-bit EFI image $BOOTX64" einfo "Generated 64-bit EFI image $BOOTX64" ; eend 0 else - log "Secure Boot is enabled [mode: $SECURE_BOOT]" - einfo "Secure Boot is enabled [mode: $SECURE_BOOT]" ; eend 0 + case "${SECURE_BOOT}" in + disable*) + log "Secure Boot is disabled [mode: ${SECURE_BOOT}]" + einfo "Secure Boot is disabled [mode: ${SECURE_BOOT}]" ; eend 0 + ;; + debian|ubuntu) + log "Secure Boot is enabled [mode: ${SECURE_BOOT}]" + einfo "Secure Boot is enabled [mode: ${SECURE_BOOT}]" ; eend 0 + + local GRUBCFG_TEMPLATE="${TEMPLATE_DIRECTORY}/secureboot/grub.cfg" + local GRUBCFG_TMP=$(mktemp) + + if ! [ -r "${GRUBCFG_TEMPLATE}" ] ; then + log "Secure Boot template for GRUB [${GRUBCFG_TEMPLATE}] not found." + eerror "Secure Boot template for GRUB [${GRUBCFG_TEMPLATE}] not found." ; eend 1 + bailout 54 + fi - if [ "${SECURE_BOOT}" = "ubuntu" ] ; then - local GRUBCFG_TEMPLATE="${TEMPLATE_DIRECTORY}/secureboot/grub.cfg" - local GRUBCFG_TMP=$(mktemp) + cp "${GRUBCFG_TEMPLATE}" "${GRUBCFG_TMP}" + adjust_boot_files "${GRUBCFG_TMP}" - if ! [ -r "${GRUBCFG_TEMPLATE}" ] ; then - log "Secure Boot template for GRUB [${GRUBCFG_TEMPLATE}] not found." - eerror "Secure Boot template for GRUB [${GRUBCFG_TEMPLATE}] not found." ; eend 1 - bailout 54 - fi + mmd -i "${CHROOT_OUTPUT}/${EFI_IMG}" ::boot || bailout 55 + mmd -i "${CHROOT_OUTPUT}/${EFI_IMG}" ::boot/grub || bailout 55 + mcopy -i "${CHROOT_OUTPUT}/${EFI_IMG}" "${GRUBCFG_TMP}" ::boot/grub/grub.cfg || bailout 56 - cp "${GRUBCFG_TEMPLATE}" "${GRUBCFG_TMP}" - adjust_boot_files "${GRUBCFG_TMP}" + rm "${GRUBCFG_TMP}" - mmd -i "${CHROOT_OUTPUT}/${EFI_IMG}" ::EFI/ubuntu || bailout 55 - mcopy -i "${CHROOT_OUTPUT}/${EFI_IMG}" "${GRUBCFG_TMP}" ::EFI/ubuntu/grub.cfg || bailout 56 - rm "${GRUBCFG_TMP}" + if [ -r "${TEMPLATE_DIRECTORY}/EFI/${SECURE_BOOT}/BOOT/grubx64.efi.signed" ] ; then + mcopy -i "${CHROOT_OUTPUT}/${EFI_IMG}" "${TEMPLATE_DIRECTORY}/EFI/${SECURE_BOOT}/BOOT/grubx64.efi.signed" ::EFI/BOOT/grubx64.efi >/dev/null || bailout 57 + else + log "Secure Boot GRUB binary '${TEMPLATE_DIRECTORY}/EFI/${SECURE_BOOT}/BOOT/grubx64.efi.signed' not found." + eerror "Secure Boot GRUB binary '${TEMPLATE_DIRECTORY}/EFI/${SECURE_BOOT}/BOOT/grubx64.efi.signed' not found." ; eend 1 + bailout 57 + fi - mcopy -i "${CHROOT_OUTPUT}/${EFI_IMG}" "${TEMPLATE_DIRECTORY}"/EFI/BOOT/grubx64.efi.signed ::EFI/BOOT/grubx64.efi >/dev/null || bailout 57 - mcopy -i "${CHROOT_OUTPUT}/${EFI_IMG}" "${TEMPLATE_DIRECTORY}"/EFI/BOOT/shimx64.efi.signed ::EFI/BOOT/bootx64.efi >/dev/null || bailout 58 + if [ -r "${TEMPLATE_DIRECTORY}/EFI/${SECURE_BOOT}/BOOT/shimx64.efi.signed" ] ; then + mcopy -i "${CHROOT_OUTPUT}/${EFI_IMG}" "${TEMPLATE_DIRECTORY}/EFI/${SECURE_BOOT}/BOOT/shimx64.efi.signed" ::EFI/BOOT/bootx64.efi >/dev/null || bailout 58 + else + log "Secure Boot GRUB binary '${TEMPLATE_DIRECTORY}/EFI/${SECURE_BOOT}/BOOT/shimx64.efi.signed' not found." + eerror "Secure Boot GRUB binary '${TEMPLATE_DIRECTORY}/EFI/${SECURE_BOOT}/BOOT/shimx64.efi.signed' not found." ; eend 1 + bailout 57 + fi - log "Generated 64-bit Secure Boot (ubuntu) EFI image ${CHROOT_OUTPUT}/${EFI_IMG}" - einfo "Generated 64-bit Secure Boot (ubuntu) EFI image ${CHROOT_OUTPUT}/${EFI_IMG}" ; eend 0 - fi + log "Generated 64-bit Secure Boot (${SECURE_BOOT}) EFI image ${CHROOT_OUTPUT}/${EFI_IMG}" + einfo "Generated 64-bit Secure Boot (${SECURE_BOOT}) EFI image ${CHROOT_OUTPUT}/${EFI_IMG}" ; eend 0 + ;; + *) + log "Secure Boot method '${SECURE_BOOT}' is unsupported." + eerror "Secure Boot method '${SECURE_BOOT}' is unsupported." ; eend 1 + bailout 59 + ;; + esac fi fi if [[ "$ARCH" == "i386" ]] ; then + BOOTX32="/boot/bootia32.efi" if ! [ -r "${CHROOT_OUTPUT}/${BOOTX32}" ] ; then log "Can not access GRUB efi image ${CHROOT_OUTPUT}/${BOOTX32}." eerror "Can not access GRUB efi image ${CHROOT_OUTPUT}/${BOOTX32}." ; eend 1 @@ -955,7 +1037,7 @@ grub_setup() { bailout 50 fi - dd if=/dev/zero of="${CHROOT_OUTPUT}/${EFI_IMG}" bs=4M count=1 2>/dev/null || bailout 50 + dd if=/dev/zero of="${CHROOT_OUTPUT}/${EFI_IMG}" bs="${efi_size}" count=1 2>/dev/null || bailout 50 mkfs.vfat -n GRML "${CHROOT_OUTPUT}/${EFI_IMG}" >/dev/null || bailout 51 mmd -i "${CHROOT_OUTPUT}/${EFI_IMG}" ::EFI || bailout 52 mmd -i "${CHROOT_OUTPUT}/${EFI_IMG}" ::EFI/BOOT || bailout 52 @@ -971,7 +1053,7 @@ grub_setup() { mkdir -p "$BUILD_OUTPUT" || bailout 6 "Problem with creating $BUILD_OUTPUT for stage ARCH" # prepare ISO -if [ "$ARCH" = i386 ] || [ "$ARCH" = amd64 ] ; then +if [ "$ARCH" = i386 ] || [ "$ARCH" = amd64 ] || [ "$ARCH" = arm64 ] ; then if [ -n "$BOOTSTRAP_ONLY" ] ; then log "Skipping stage 'boot' as building with bootstrap only." ewarn "Skipping stage 'boot' as building with bootstrap only." ; eend 0 @@ -980,6 +1062,10 @@ if [ "$ARCH" = i386 ] || [ "$ARCH" = amd64 ] ; then mkdir -p "$BUILD_OUTPUT"/boot/isolinux mkdir -p "$BUILD_OUTPUT"/boot/"${SHORT_NAME}" + # this is a variable we're using for adjusting boot templates, not only in + # adjust_boot_files though, so set here + RELEASE_INFO="$GRML_NAME $VERSION - Release Codename $RELEASENAME" + # if we don't have an initrd we a) can't boot and b) there was an error # during build, so check for the file: INITRD="$(ls $CHROOT_OUTPUT/boot/initrd* 2>/dev/null| grep -v '.bak$' | sort -r | head -1)" @@ -1037,9 +1123,17 @@ if [ "$ARCH" = i386 ] || [ "$ARCH" = amd64 ] ; then grub_setup # EFI boot files - if [ -r "${CHROOT_OUTPUT}/boot/efi.img" -a -r "${CHROOT_OUTPUT}/boot/bootx64.efi" ] ; then - einfo "Copying 64-bit EFI boot files into ISO path." - log "Copying 64-bit EFI boot files into ISO path." + if [ -r "${CHROOT_OUTPUT}/boot/efi.img" -a -r "${CHROOT_OUTPUT}/boot/bootaa64.efi" ] ; then + einfo "Copying 64-bit EFI boot files (arm64) into ISO path." + log "Copying 64-bit EFI boot files (arm64) into ISO path." + RC=$0 + cp "${CHROOT_OUTPUT}/boot/efi.img" "${BUILD_OUTPUT}/boot/" || RC=$? + mkdir -p "${BUILD_OUTPUT}/EFI/BOOT/" || RC=$? + cp "${CHROOT_OUTPUT}/boot/bootaa64.efi" "${BUILD_OUTPUT}/EFI/BOOT/bootaa64.efi" || RC=$? + eend $? + elif [ -r "${CHROOT_OUTPUT}/boot/efi.img" -a -r "${CHROOT_OUTPUT}/boot/bootx64.efi" ] ; then + einfo "Copying 64-bit EFI boot files (amd64) into ISO path." + log "Copying 64-bit EFI boot files (amd64) into ISO path." RC=$0 cp "${CHROOT_OUTPUT}/boot/efi.img" "${BUILD_OUTPUT}/boot/" || RC=$? mkdir -p "${BUILD_OUTPUT}/EFI/BOOT/" || RC=$? @@ -1047,7 +1141,7 @@ if [ "$ARCH" = i386 ] || [ "$ARCH" = amd64 ] ; then eend $? elif [ -r "${CHROOT_OUTPUT}/boot/efi.img" -a -r "${CHROOT_OUTPUT}/boot/bootia32.efi" ] ; then einfo "Copying 32-bit EFI boot files into ISO path." - log "Copying 32-bit EFI boot files into ISO path." + log "Copying 32-bit EFI boot files into ISO path." RC=$0 cp "${CHROOT_OUTPUT}/boot/efi.img" "${BUILD_OUTPUT}/boot/" || RC=$? mkdir -p "${BUILD_OUTPUT}/EFI/BOOT/" || RC=$? @@ -1088,14 +1182,50 @@ if [ "$ARCH" = i386 ] || [ "$ARCH" = amd64 ] ; then log "Skipping installation of boot addons as requested via \$NO_ADDONS." einfo "Skipping installation of boot addons as requested via \$NO_ADDONS."; eend 0 else - if ! [ -d "$TEMPLATE_DIRECTORY"/boot/addons ] ; then + if ! [ -r "$TEMPLATE_DIRECTORY"/boot/addons ] ; then log "Boot addons not found, skipping therefore. (Consider installing package grml-live-addons)" ewarn "Boot addons not found, skipping therefore. (Consider installing package grml-live-addons)" ; eend 0 else + log "Installing boot addons." + einfo "Installing boot addons." + # copy addons from system packages or grml-live-addons copy_addon_file ipxe.lkrn /usr/lib/ipxe addons + copy_addon_file ipxe.efi /usr/lib/ipxe addons copy_addon_file pci.ids /usr/share/misc addons - copy_addon_file memtest86+.bin /boot addons + + # memtest86+ >=6.00-1 + if [[ "$ARCH" == "amd64" ]] ; then + copy_addon_file memtest86+x64.efi /boot addons + elif [[ "$ARCH" == "i386" ]] ; then + copy_addon_file memtest86+ia32.efi /boot addons + fi + + # provide memtest86+ >=6.00-1 files as "memtest" file + # for BIOS boot in isolinux/syslinux + if ! [ -r "${BUILD_OUTPUT}/boot/addons/memtest" ] ; then + if [[ "$ARCH" == "amd64" ]] ; then + copy_addon_file memtest86+x64.bin /boot addons && + # make memtest filename FAT16/8.3 compatible + mv "${BUILD_OUTPUT}/boot/addons/memtest86+x64.bin" \ + "${BUILD_OUTPUT}/boot/addons/memtest" + elif [[ "$ARCH" == "i386" ]] ; then + copy_addon_file memtest86+ia32.bin /boot addons && + # make memtest filename FAT16/8.3 compatible + mv "${BUILD_OUTPUT}/boot/addons/memtest86+ia32.bin" \ + "${BUILD_OUTPUT}/boot/addons/memtest" + fi + fi + + # fallback: if we still don't have /boot/addons/memtest available, we + # might have an older memtest86+ version (<=5.01-3.1) which ships + # file "memtest86+.bin" instead + if ! [ -r "${BUILD_OUTPUT}/boot/addons/memtest" ] ; then + copy_addon_file memtest86+.bin /boot addons && + # make memtest filename FAT16/8.3 compatible + mv "${BUILD_OUTPUT}/boot/addons/memtest86+.bin" \ + "${BUILD_OUTPUT}/boot/addons/memtest" + fi # since syslinux(-common) v3:6.03~pre1+dfsg-4 the files are in a # different directory :( @@ -1110,15 +1240,13 @@ if [ "$ARCH" = i386 ] || [ "$ARCH" = amd64 ] ; then copy_addon_file memdisk /usr/lib/syslinux addons - # make memtest filename FAT16/8.3 compatible - mv "${BUILD_OUTPUT}/boot/addons/memtest86+.bin" \ - "${BUILD_OUTPUT}/boot/addons/memtest" - # copy only files so we can handle bsd4grml on its own for file in ${TEMPLATE_DIRECTORY}/boot/addons/* ; do test -f $file && cp $file "$BUILD_OUTPUT"/boot/addons/ done + eend 0 + if [ -n "$NO_ADDONS_BSD4GRML" ] ; then log "Skipping installation of bsd4grml as requested via \$NO_ADDONS_BSD4GRML." einfo "Skipping installation of bsd4grml as requested via \$NO_ADDONS_BSD4GRML."; eend 0 @@ -1147,22 +1275,34 @@ if [ "$ARCH" = i386 ] || [ "$ARCH" = amd64 ] ; then fi echo "source /boot/grub/footer.cfg" >> "${BUILD_OUTPUT}"/boot/grub/loopback.cfg - # copy grub files from target - mkdir -p "${BUILD_OUTPUT}"/boot/grub/i386-pc/ - cp -a "${CHROOT_OUTPUT}"/usr/lib/grub/*-pc/*.mod "${BUILD_OUTPUT}"/boot/grub/i386-pc/ - cp -a "${CHROOT_OUTPUT}"/usr/lib/grub/*-pc/*.o "${BUILD_OUTPUT}"/boot/grub/i386-pc/ - cp -a "${CHROOT_OUTPUT}"/usr/lib/grub/*-pc/*.lst "${BUILD_OUTPUT}"/boot/grub/i386-pc/ - cp -a "${CHROOT_OUTPUT}"/usr/share/grub/ascii.pf2 "${BUILD_OUTPUT}"/boot/grub/ - cp -a "${CHROOT_OUTPUT}"/boot/grub/core.img "${BUILD_OUTPUT}"/boot/grub/ - cp -a "${CHROOT_OUTPUT}"/boot/grub/grub.img "${BUILD_OUTPUT}"/boot/grub/ - - # copy modules for UEFI grub, 64-bit - mkdir -p "${BUILD_OUTPUT}"/boot/grub/x86_64-efi/ - cp -a "${CHROOT_OUTPUT}"/usr/lib/grub/x86_64-efi/*.{mod,lst} "${BUILD_OUTPUT}"/boot/grub/x86_64-efi/ + # copy modules for GRUB + if [ "${ARCH}" = "arm64" ] ; then + mkdir -p "${BUILD_OUTPUT}"/boot/grub/arm64-efi/ + cp -a "${CHROOT_OUTPUT}"/usr/lib/grub/arm64-efi/*.mod "${BUILD_OUTPUT}"/boot/grub/arm64-efi/ + cp -a "${CHROOT_OUTPUT}"/usr/lib/grub/arm64-efi/*.lst "${BUILD_OUTPUT}"/boot/grub/arm64-efi/ + # NOTE: usage of /boot/grub/core.img + /boot/grub/grub.img unclear yet + elif [ "${ARCH}" = "amd64" ] || [ "${ARCH}" = "i386" ] ; then + # grub-pc-bin + mkdir -p "${BUILD_OUTPUT}"/boot/grub/i386-pc/ + cp -a "${CHROOT_OUTPUT}"/usr/lib/grub/*-pc/*.mod "${BUILD_OUTPUT}"/boot/grub/i386-pc/ + cp -a "${CHROOT_OUTPUT}"/usr/lib/grub/*-pc/*.o "${BUILD_OUTPUT}"/boot/grub/i386-pc/ + cp -a "${CHROOT_OUTPUT}"/usr/lib/grub/*-pc/*.lst "${BUILD_OUTPUT}"/boot/grub/i386-pc/ + + # grub-efi-amd64-bin + mkdir -p "${BUILD_OUTPUT}"/boot/grub/x86_64-efi/ + cp -a "${CHROOT_OUTPUT}"/usr/lib/grub/x86_64-efi/*.{mod,lst} "${BUILD_OUTPUT}"/boot/grub/x86_64-efi/ + + # grub-efi-ia32-bin + mkdir -p "${BUILD_OUTPUT}"/boot/grub/i386-efi/ + cp -a "${CHROOT_OUTPUT}"/usr/lib/grub/i386-efi/*.{mod,lst} "${BUILD_OUTPUT}"/boot/grub/i386-efi/ + + cp -a "${CHROOT_OUTPUT}"/boot/grub/core.img "${BUILD_OUTPUT}"/boot/grub/ + cp -a "${CHROOT_OUTPUT}"/boot/grub/grub.img "${BUILD_OUTPUT}"/boot/grub/ + fi - # copy modules for UEFI grub, 32-bit - mkdir -p "${BUILD_OUTPUT}"/boot/grub/i386-efi/ - cp -a "${CHROOT_OUTPUT}"/usr/lib/grub/i386-efi/*.{mod,lst} "${BUILD_OUTPUT}"/boot/grub/i386-efi/ + # arch independent files + cp -a "${CHROOT_OUTPUT}"/usr/share/grub/ascii.pf2 "${BUILD_OUTPUT}"/boot/grub/ + cp -a "${CHROOT_OUTPUT}"/usr/share/grub/unicode.pf2 "${BUILD_OUTPUT}"/boot/grub/ # clarify if ! [ -d "${TEMPLATE_DIRECTORY}"/GRML ] ; then log "Error: ${TEMPLATE_DIRECTORY}/GRML does not exist. Exiting." @@ -1173,24 +1313,27 @@ if [ "$ARCH" = i386 ] || [ "$ARCH" = amd64 ] ; then mkdir -p "$BUILD_OUTPUT"/GRML/"${GRML_NAME}"/ cp -a ${TEMPLATE_DIRECTORY}/GRML/* "$BUILD_OUTPUT"/GRML/"${GRML_NAME}"/ - # adjust boot splash information: - RELEASE_INFO="$GRML_NAME $VERSION - Release Codename $RELEASENAME" - RELEASE_INFO="$(cut_string 68 "$RELEASE_INFO")" - RELEASE_INFO="$(extend_string_end 68 "$RELEASE_INFO")" - if [ -r "$BUILD_OUTPUT"/GRML/"${GRML_NAME}"/grml-version ] ; then - sed -i "s/%RELEASE_INFO%/$GRML_NAME $VERSION - $RELEASENAME/" "$BUILD_OUTPUT"/GRML/"${GRML_NAME}"/grml-version - sed -i "s/%DATE%/$DATE/" "$BUILD_OUTPUT"/GRML/"${GRML_NAME}"/grml-version + sed -i "s/%RELEASE_INFO%/$RELEASE_INFO/" "$BUILD_OUTPUT"/GRML/"${GRML_NAME}"/grml-version + sed -i "s/%DATE%/$DATE/" "$BUILD_OUTPUT"/GRML/"${GRML_NAME}"/grml-version fi # make sure the squashfs filename is set accordingly: SQUASHFS_NAME="$GRML_NAME.squashfs" + # adjust bootsplash accordingly but make sure the string has the according length + fixed_squashfs_name="$(cut_string 20 "$SQUASHFS_NAME")" + fixed_squashfs_name="$(extend_string_end 20 "$fixed_squashfs_name")" + for file in f4 f5 ; do + if [ -r "${BUILD_OUTPUT}/boot/isolinux/${file}" ] ; then + sed -i "s/%SQUASHFS_NAME%/${fixed_squashfs_name}/" "${BUILD_OUTPUT}/boot/isolinux/${file}" + sed -i "s/%SQUASHFS_NAME%/${fixed_squashfs_name}/" "${BUILD_OUTPUT}/boot/isolinux/${file}" + fi + done # adjust all variables in the templates with the according distribution information adjust_boot_files "${BUILD_OUTPUT}"/boot/isolinux/*.cfg \ "${BUILD_OUTPUT}"/boot/isolinux/*.msg \ - "${BUILD_OUTPUT}"/boot/grub/* \ - "${BUILD_OUTPUT}"/boot/ubuntu/* + "${BUILD_OUTPUT}"/boot/grub/* for param in ARCH DATE DISTRI_INFO DISTRI_NAME DISTRI_SPLASH GRML_NAME SQUASHFS_NAME \ RELEASE_INFO SHORT_NAME VERSION ; do @@ -1200,16 +1343,6 @@ if [ "$ARCH" = i386 ] || [ "$ARCH" = amd64 ] ; then done done - # adjust bootsplash accordingly but make sure the string has the according length - SQUASHFS_NAME="$(cut_string 20 "$SQUASHFS_NAME")" - SQUASHFS_NAME="$(extend_string_end 20 "$SQUASHFS_NAME")" - for file in f4 f5 ; do - if [ -r "${BUILD_OUTPUT}/boot/isolinux/${file}" ] ; then - sed -i "s/%SQUASHFS_NAME%/$SQUASHFS_NAME/" "${BUILD_OUTPUT}/boot/isolinux/${file}" - sed -i "s/%SQUASHFS_NAME%/$SQUASHFS_NAME/" "${BUILD_OUTPUT}/boot/isolinux/${file}" - fi - done - # generate addon list rm -f "${BUILD_OUTPUT}/${ADDONS_LIST_FILE}" for name in "${BUILD_OUTPUT}"/boot/isolinux/addon_*.cfg ; do @@ -1277,7 +1410,7 @@ if [ "$ARCH" = i386 ] || [ "$ARCH" = amd64 ] ; then fi if [ -e "$BUILD_OUTPUT"/boot/addons/bsd4grml/boot.6 ]; then - sed -i "s/%RELEASE_INFO%/$GRML_NAME $VERSION - $RELEASENAME/" "$BUILD_OUTPUT"/boot/addons/bsd4grml/boot.6 + sed -i "s/%RELEASE_INFO%/$RELEASE_INFO/" "$BUILD_OUTPUT"/boot/addons/bsd4grml/boot.6 fi DPKG_LIST="/var/log/fai/$HOSTNAME/last/dpkg.list" # the dpkg --list output of the chroot @@ -1329,11 +1462,6 @@ else # make sure we don't leave (even an empty) base.tgz: [ -f "$CHROOT_OUTPUT/base.tgz" ] && rm -f "$CHROOT_OUTPUT/base.tgz" - # if unconfigured default to squashfs-tools' mksquashfs binary - if [ -z "$SQUASHFS_BINARY" ] ; then - SQUASHFS_BINARY='mksquashfs' - fi - if which "$SQUASHFS_BINARY" >/dev/null 2>&1 ; then log "Using mksquashfs binary ${SQUASHFS_BINARY}" einfo "Using mksquashfs binary ${SQUASHFS_BINARY}" ; eend 0 @@ -1345,8 +1473,8 @@ else # use sane defaults if $SQUASHFS_OPTIONS isn't set if [ -z "$SQUASHFS_OPTIONS" ] ; then - # use blocksize 256k as this gives best result with regards to time + compression - SQUASHFS_OPTIONS="-b 256k" + # use block size 1m as this gives good result with regards to time + compression + SQUASHFS_OPTIONS="-b 1m" # set lzma/xz compression by default, unless -z option has been specified on command line if [ -z "$SQUASHFS_ZLIB" ] ; then @@ -1400,6 +1528,65 @@ if [ -z "$BOOTSTRAP_ONLY" ] ; then fi # }}} +# information how the ISO was generated {{{ +# shellcheck disable=SC2034 +generate_build_info() { + jo -p \ + boot_method="${BOOT_METHOD}" \ + bootstrap_only="${BOOTSTRAP_ONLY}" \ + build_date="${DATE}" \ + build_dirty="${BUILD_DIRTY}" \ + build_only="${BUILD_ONLY}" \ + chroot_install="${CHROOT_INSTALL}" \ + classes="${CLASSES}" \ + clean_artifacts="${CLEAN_ARTIFACTS}" \ + default_bootoptions="${DEFAULT_BOOTOPTIONS}" \ + distri_info="${DISTRI_INFO}" \ + distri_name="${DISTRI_NAME}" \ + extract_iso_name="${EXTRACT_ISO_NAME}" \ + fai_cmdline="BUILD_ONLY=${BUILD_ONLY} BOOTSTRAP_ONLY=${BOOTSTRAP_ONLY} GRML_LIVE_CONFIG=${CONFIGDUMP} WAYBACK_DATE=${WAYBACK_DATE} fai ${VERBOSE} -C ${GRML_FAI_CONFIG} -s file:///${GRML_FAI_CONFIG}/config -c${CLASSES} -u ${HOSTNAME} ${FAI_ACTION} ${CHROOT_OUTPUT} ${FAI_ARGS}" \ + fai_version="$(fai --help 2>/dev/null | head -1 | awk '{print $2}' | sed 's/\.$//' || true)" \ + grml_architecture="${ARCH}" \ + grml_bootid="${BOOTID}" \ + grml_build_output="${BUILD_OUTPUT}" \ + grml_chroot_output="${CHROOT_OUTPUT}" \ + grml_debian_version="${SUITE}" \ + grml_iso_name="${ISO_NAME}" \ + grml_iso_output="${ISO_OUTPUT}" \ + grml_live_cmdline="${CMDLINE}" \ + grml_live_config_file="${LIVE_CONF}" \ + grml_live_scripts_directory="${SCRIPTS_DIRECTORY}" \ + grml_live_template_directory="${TEMPLATE_DIRECTORY}" \ + grml_live_version="${GRML_LIVE_VERSION}" \ + grml_local_config="${LOCAL_CONFIG}" \ + grml_name="${GRML_NAME}" \ + grml_short_name="${SHORT_NAME}" \ + grml_username="${USERNAME}" \ + grml_version="${VERSION}" \ + host_architecture="$(dpkg --print-architecture || true)" \ + host_debian_version="$(cat /etc/debian_version 2>/dev/null || true)" \ + host_kernel_version="$(uname -a)" \ + hybrid_method="${HYBRID_METHOD}" \ + mkisofs_cmdline="${MKISOFS} -V ${GRML_NAME} ${VERSION} -publisher 'grml-live | grml.org' -l -r -J ${BOOT_ARGS} ${EFI_ARGS} -no-pad -o ${ISO_OUTPUT}/${ISO_NAME}" \ + mkisofs_version="$(${MKISOFS} --version 2>/dev/null | head -1 || true)" \ + mksquashfs_cmdline="${SQUASHFS_BINARY} ${CHROOT_OUTPUT}/ ${BUILD_OUTPUT}/live/${GRML_NAME}/${GRML_NAME}.squashfs -noappend ${SQUASHFS_OPTIONS}" \ + mksquashfs_version="$(${SQUASHFS_BINARY} -version | head -1 || true)" \ + output_owner="${CHOWN_USER}" \ + release_info="${RELEASE_INFO}" \ + release_name="${RELEASENAME}" \ + secure_boot="${SECURE_BOOT}" \ + skip_mkisofs="${SKIP_MKISOFS}" \ + skip_mksquashfs_="${SKIP_MKSQUASHFS}" \ + skip_netboot="${SKIP_NETBOOT}" \ + squashfs_name="${SQUASHFS_NAME}" \ + template_directory="${TEMPLATE_DIRECTORY}" \ + timestamp="$(TZ=UTC date +%s)" \ + update_only="${UPDATE}" \ + wayback_date="${WAYBACK_DATE}" \ + -- +} +# }}} + # ISO_OUTPUT - mkisofs {{{ [ -n "$ISO_OUTPUT" ] || ISO_OUTPUT="$OUTPUT/grml_isos" [ -n "$ISO_NAME" ] || ISO_NAME="${GRML_NAME}_${VERSION}.iso" @@ -1482,10 +1669,27 @@ else echo 1 16 | mksh "${SCRIPTS_DIRECTORY}/bootgrub.mksh" -B 11 | \ dd of=boot/grub/toriboot.bin conv=notrunc 2>/dev/null fi + + log "Generating build information in conf/buildinfo.json" + einfo "Generating build information in conf/buildinfo.json" + mkdir -p conf/ + generate_build_info > conf/buildinfo.json + eend $? + log "$MKISOFS -V '${GRML_NAME} ${VERSION}' -publisher 'grml-live | grml.org' -l -r -J $BOOT_ARGS $EFI_ARGS -no-pad -o ${ISO_OUTPUT}/${ISO_NAME} ." + einfo "Generating ISO file..." $MKISOFS -V "${GRML_NAME} ${VERSION}" -publisher 'grml-live | grml.org' \ -l -r -J $BOOT_ARGS $EFI_ARGS -no-pad \ -o "${ISO_OUTPUT}/${ISO_NAME}" . ; RC=$? + eend $RC + + # do not continue on errors, otherwise we might generate/overwrite the ISO with dd if=... stuff + if [ "$RC" != 0 ] ; then + log "Error: critical error while generating ISO [exit code ${RC}]. Exiting." + eerror "Error: critical error while generating ISO [exit code ${RC}]. Exiting." ; eend 1 + bailout $RC + fi + # both of these need core.img there, so it’s easier to write it here if [ "$BOOT_METHOD" = "grub2" ] || [ "$HYBRID_METHOD" = "grub2" ]; then # must be <= 30720 bytes @@ -1542,14 +1746,8 @@ else [ "$RC" = 0 ] && \ ( if cd $ISO_OUTPUT ; then - md5sum ${ISO_NAME} > ${ISO_NAME}.md5 && \ - touch -r ${ISO_NAME} ${ISO_NAME}.md5 - sha1sum ${ISO_NAME} > ${ISO_NAME}.sha1 && \ - touch -r ${ISO_NAME} ${ISO_NAME}.sha1 sha256sum ${ISO_NAME} > ${ISO_NAME}.sha256 && \ touch -r ${ISO_NAME} ${ISO_NAME}.sha256 - sha512sum ${ISO_NAME} > ${ISO_NAME}.sha512 && \ - touch -r ${ISO_NAME} ${ISO_NAME}.sha512 fi ) ;; @@ -1571,7 +1769,7 @@ fi # netboot package {{{ create_netbootpackage() { - local OUTPUT_FILE="${NETBOOT}/grml_netboot_package_${GRML_NAME}_${VERSION}.tar.bz2" + local OUTPUT_FILE="${NETBOOT}/grml_netboot_package_${GRML_NAME}_${VERSION}.tar" if [ -f "${OUTPUT_FILE}" -a -z "$UPDATE" -a -z "$BUILD_ONLY" -a -z "$BUILD_DIRTY" ] ; then log "Skipping stage 'netboot' as $OUTPUT_FILE exists already." @@ -1626,12 +1824,57 @@ create_netbootpackage() { eoutdent fi - if tar -C "$OUTPUTDIR" -jcf "${OUTPUT_FILE}" "grml_netboot_package_${GRML_NAME}_${VERSION}" ; then + # don't include shim + grubnetx64 + grub files in i386 netboot packages, + # as those don't make much sense there + if [ "$ARCH" = amd64 ] ; then + if ! [ -r "${BUILD_OUTPUT}/boot/grub/netboot.cfg" ] ; then + log "File ${BUILD_OUTPUT}/boot/grub/netboot.cfg not found." + ewarn "File ${BUILD_OUTPUT}/boot/grub/netboot.cfg not found." + eindent + log "Hint: Are you using custom templates which do not provide grub.cfg?" + ewarn "Hint: Are you using custom templates which do not provide grub.cfg?" ; eend 0 + eoutdent + else + cp "${BUILD_OUTPUT}/boot/grub/netboot.cfg" "${WORKING_DIR}/grub.cfg" + adjust_boot_files "${WORKING_DIR}/grub.cfg" + + if [ -r "${CHROOT_OUTPUT}"/usr/lib/shim/shimx64.efi.signed ] ; then + log "Installing ${CHROOT_OUTPUT}/usr/lib/shim/shimx64.efi.signed as shim.efi in netboot package" + cp "${CHROOT_OUTPUT}"/usr/lib/shim/shimx64.efi.signed "${WORKING_DIR}"/shim.efi + elif [ -r "${CHROOT_OUTPUT}"/usr/lib/shim/shimx64.efi ] ; then + log "Installing ${CHROOT_OUTPUT}/usr/lib/shim/shimx64.efi as shim.efi in netboot package" + cp "${CHROOT_OUTPUT}"/usr/lib/shim/shimx64.efi "${WORKING_DIR}"/shim.efi + else + log "No shimx64.efi for usage with PXE boot found (shim-signed not present?)" + ewarn "No shimx64.efi for usage with PXE boot found (shim-signed not present?)" ; eend 0 + fi + + if [ -r "${CHROOT_OUTPUT}"/usr/lib/grub/x86_64-efi-signed/grubnetx64.efi.signed ] ; then + log "Installing /usr/lib/grub/x86_64-efi-signed/grubnetx64.efi.signed as grubx64.efi in netboot package" + cp "${CHROOT_OUTPUT}"/usr/lib/grub/x86_64-efi-signed/grubnetx64.efi.signed "${WORKING_DIR}"/grubx64.efi + elif [ -r "${CHROOT_OUTPUT}"/usr/lib/grub/x86_64-efi/monolithic/grubnetx64.efi ] ; then + log "Installing /usr/lib/grub/x86_64-efi/monolithic/grubnetx64.efi as grubx64.efi in netboot package" + cp "${CHROOT_OUTPUT}"/usr/lib/grub/x86_64-efi/monolithic/grubnetx64.efi "${WORKING_DIR}"/grubx64.efi + else + log "No grubnetx64.efi for usage with PXE boot found (grub-efi-amd64-signed not present?)" + ewarn "No grubnetx64.efi for usage with PXE boot found (grub-efi-amd64-signed not present?)." ; eend 0 + fi + + if [ -r "${CHROOT_OUTPUT}"/usr/share/grub/unicode.pf2 ] ; then + log "Installing ${CHROOT_OUTPUT}/usr/share/grub/unicode.pf2 as grub/fonts/unicode.pf2 in netboot package" + mkdir -p "${WORKING_DIR}"/grub/fonts/ + cp "${CHROOT_OUTPUT}"/usr/share/grub/unicode.pf2 "${WORKING_DIR}"/grub/fonts/ + else + log "No unicode.pf2 for usage with PXE boot found (grub-common not present?)" + ewarn "No unicode.pf2 for usage with PXE boot found (grub-common not present?)" ; eend 0 + fi + fi + fi + + if tar -C "$OUTPUTDIR" -cf "${OUTPUT_FILE}" "grml_netboot_package_${GRML_NAME}_${VERSION}" ; then ( cd $(dirname "${OUTPUT_FILE}") - sha1sum $(basename "${OUTPUT_FILE}") > "${OUTPUT_FILE}.sha1" sha256sum $(basename "${OUTPUT_FILE}") > "${OUTPUT_FILE}.sha256" - sha512sum $(basename "${OUTPUT_FILE}") > "${OUTPUT_FILE}.sha512" ) einfo "Generated netboot package ${OUTPUT_FILE}" ; eend 0 rm -rf "${OUTPUTDIR}" @@ -1692,7 +1935,10 @@ fi # }}} # finalize {{{ -[ -n "$start_seconds" ] && SECONDS="$[$(cut -d . -f 1 /proc/uptime)-$start_seconds]" || SECONDS="unknown" +if [ -n "${start_seconds}" ] ; then + end_seconds="$(date +%s)" + SECONDS="$(( end_seconds - start_seconds ))" +fi log "Successfully finished execution of $PN [$(date) - running ${SECONDS} seconds]" dpkg_to_db # make sure we catch the last log line as well, therefore execute between log + einfo diff --git a/remaster/grml-live-remaster b/remaster/grml-live-remaster index 326a189..ab8ca18 100755 --- a/remaster/grml-live-remaster +++ b/remaster/grml-live-remaster @@ -94,8 +94,8 @@ if [ ! -r /remaster ]; then exit 1 fi -mkdir -p /remaster/chroot /remaster/tmp /remaster/cdrom -mount -t tmpfs tmpfs /remaster/tmp +mkdir -p /remaster/chroot /remaster/tmp /remaster/cdrom /remaster/work + echo "#:# edit the following two lines to change the boot message" >/remaster/msg echo "#:#" >>/remaster/msg if [ -r ${LIVE_PATH_BOOT}/isolinux/boot.msg ] ; then @@ -107,8 +107,8 @@ if ! grep -q "/remaster/cdrom squashfs" /proc/mounts ; then mount -t squashfs "$SQUASHFS_FILE" /remaster/cdrom -o ro,loop fi -if ! grep -q "aufs /remaster/chroot" /proc/mounts ; then - mount -t aufs aufs /remaster/chroot -o br:/remaster/tmp=rw:/remaster/cdrom=rr +if ! grep -q "overlay /remaster/chroot" /proc/mounts ; then + mount -t overlay overlay -o lowerdir=/remaster/cdrom,upperdir=/remaster/tmp,workdir=/remaster/work /remaster/chroot fi for i in run dev dev/pts proc root sys tmp; do diff --git a/templates/EFI/debian/BOOT/README b/templates/EFI/debian/BOOT/README new file mode 100644 index 0000000..32e2d3c --- /dev/null +++ b/templates/EFI/debian/BOOT/README @@ -0,0 +1,7 @@ +# debian approach: +shimx64.efi.signed = /usr/lib/shim/shimx64.efi.signed from https://deb.debian.org/debian/pool/main/s/shim-signed/shim-signed_1.38+15.4-7_amd64.deb +grubx64.efi.signed = /usr/lib/grub/x86_64-efi-signed/gcdx64.efi.signed from https://deb.debian.org/debian/pool/main/g/grub-efi-amd64-signed/grub-efi-amd64-signed_1+2.06+7_amd64.deb +# NOTE: +# shimx64.efi.signed ends up as /EFI/BOOT/bootx64.efi inside [grml_cd]/boot/efi.img, and +# grubx64.efi.signed ends up as /EFI/BOOT/grubx64.efi inside [grml_cd]/boot/efi.img, whereas +# [grml_cd]/boot/efi.img is used as `boot/efi.img` inside `xorriso -as mkisofs [...] -e boot/efi.img -no-emul-boot [...]` ISO generation [inside grml_cd directory] diff --git a/templates/EFI/debian/BOOT/grubx64.efi.signed b/templates/EFI/debian/BOOT/grubx64.efi.signed new file mode 100644 index 0000000..c87eb6f Binary files /dev/null and b/templates/EFI/debian/BOOT/grubx64.efi.signed differ diff --git a/templates/EFI/debian/BOOT/shimx64.efi.signed b/templates/EFI/debian/BOOT/shimx64.efi.signed new file mode 100644 index 0000000..dcd8b50 Binary files /dev/null and b/templates/EFI/debian/BOOT/shimx64.efi.signed differ diff --git a/templates/EFI/BOOT/README b/templates/EFI/ubuntu/BOOT/README similarity index 82% rename from templates/EFI/BOOT/README rename to templates/EFI/ubuntu/BOOT/README index 6e0ed87..eaa0172 100644 --- a/templates/EFI/BOOT/README +++ b/templates/EFI/ubuntu/BOOT/README @@ -1,6 +1,6 @@ # ubuntu approach: shimx64.efi.signed = /usr/lib/shim/shimx64.efi.signed from http://de.archive.ubuntu.com/ubuntu/pool/main/s/shim-signed/shim-signed_1.34.9+13-0ubuntu2_amd64.deb -grubx64.efi.signed = /usr/lib/grub/x86_64-efi-signed/grubx64.efi.signed from http://de.archive.ubuntu.com/ubuntu/pool/main/g/grub2-signed/grub-efi-amd64-signed_1.93+2.02-2ubuntu8_amd64.deb +grubx64.efi.signed = /usr/lib/grub/x86_64-efi-signed/gcdx64.efi.signed from http://de.archive.ubuntu.com/ubuntu/pool/main/g/grub2-signed/grub-efi-amd64-signed_1.93+2.02-2ubuntu8_amd64.deb # NOTE: # shimx64.efi.signed ends up as /EFI/BOOT/bootx64.efi inside [grml_cd]/boot/efi.img, and # grubx64.efi.signed ends up as /EFI/BOOT/grubx64.efi inside [grml_cd]/boot/efi.img, whereas diff --git a/templates/EFI/BOOT/grubx64.efi.signed b/templates/EFI/ubuntu/BOOT/grubx64.efi.signed similarity index 94% rename from templates/EFI/BOOT/grubx64.efi.signed rename to templates/EFI/ubuntu/BOOT/grubx64.efi.signed index d502e5f..e68f734 100644 Binary files a/templates/EFI/BOOT/grubx64.efi.signed and b/templates/EFI/ubuntu/BOOT/grubx64.efi.signed differ diff --git a/templates/EFI/BOOT/shimx64.efi.signed b/templates/EFI/ubuntu/BOOT/shimx64.efi.signed similarity index 100% rename from templates/EFI/BOOT/shimx64.efi.signed rename to templates/EFI/ubuntu/BOOT/shimx64.efi.signed diff --git a/templates/GRML/LICENSE.txt b/templates/GRML/LICENSE.txt index 84836cc..535d704 100644 --- a/templates/GRML/LICENSE.txt +++ b/templates/GRML/LICENSE.txt @@ -1,6 +1,6 @@ ================================================================== -The grml software collection and all included programs that are -authored by the grml-team, are subject to the terms and conditions +The Grml software collection and all included programs that are +authored by the Grml team, are subject to the terms and conditions of the GNU GENERAL PUBLIC LICENSE Version 2 or any later version, as quoted herein. @@ -8,9 +8,6 @@ Please note that this license does NOT automatically apply to third-party programs included on this CD. Check /usr/share/doc/*/copyright* and other supplied license files of each software package carefully for more information. - -Information regarding the sources of this ISO can be found at -http://sources.grml.org/ ================================================================== GNU GENERAL PUBLIC LICENSE diff --git a/templates/GRML/grml-cheatcodes.txt b/templates/GRML/grml-cheatcodes.txt index 1f7080e..3dd33bf 100644 --- a/templates/GRML/grml-cheatcodes.txt +++ b/templates/GRML/grml-cheatcodes.txt @@ -7,27 +7,26 @@ Isolinux bootprompt options: These options work from the isolinux bootprompt of Grml based (live) systems. (Do NOT use them as 'grml $OPTION', use them as '$OPTION'!): -grml Use default settings (same as just pressing return) -grml2ram Copy Grml's squashfs file to RAM and - run from there (compare with 'grml toram') -memtest Run Memtest86+ instead of Linux -fb1280x1024 Use fixed framebuffer graphics (1) -fb1024x768 Use fixed framebuffer graphics (2) [notice: Grml's default] -fb800x600 Use fixed framebuffer graphics (3) -nofb Disable framebuffer -floppy Boot from floppydisk -hd / hd1 / hd2 / hd3 Boot from (local) primary / secondary /... harddisk -debug Get shells during process of booting for debugging -forensic Do not touch any harddisks during hardware recognition -serial Activate ttyS0 and start a getty -grub Boot Grub bootloader (special all-in-one-image) -dos Boot FreeDOS -hdt Boot Hardware Detection Tool (from syslinux project) +grml Use default settings (same as just pressing return) +grml2ram Copy Grml's squashfs file to RAM and + run from there (compare with 'grml toram') +memtest Run Memtest86+ instead of Linux +fb1280x1024 Use fixed framebuffer graphics (1) +fb1024x768 Use fixed framebuffer graphics (2) [notice: Grml's default] +fb800x600 Use fixed framebuffer graphics (3) +nofb Disable framebuffer +floppy Boot from floppydisk +hd / hd1 / hd2 / hd3 Boot from (local) primary / secondary /... harddisk +debug Get shells during process of booting for debugging +forensic Do not touch any harddisks during hardware recognition +serial Activate ttyS0 and start a getty +grub Boot Grub bootloader (special all-in-one-image) +dos Boot FreeDOS +hdt Boot Hardware Detection Tool (from syslinux project) Further documentation regarding the boot process can be found at: -* http://git.grml.org/?p=live-initramfs-grml.git;a=blob_plain;f=manpages/live-initramfs.en.7.txt;hb=HEAD * https://manpages.debian.org/live-boot-doc/live-boot.7.en.html -* https://manpages.debian.org/initramfs-tools-core/initramfs-tools.8.en.html +* https://manpages.debian.org/initramfs-tools-core/initramfs-tools.7.en.html * https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html The following boot options can be combined. @@ -36,209 +35,212 @@ For example the X window system is not part of grml-small. Regional settings: ------------------ -grml lang=at|de|cn|da|es|fr|it Specify language ($LANG, $LC_ALL, $LANGUAGE - utf8) + keyboard -grml lang=nl|pl|ru|sk|tr|tw|us Specify language ($LANG, $LC_ALL, $LANGUAGE - utf8) + keyboard -grml utc Hardware Clock is set to Coordinated Universal Time (UTC) -grml localtime Hardware Clock is set to local time (LOCAL), this is the default -grml tz=Europe/Vienna Use specified timezone for TZ, defaults to TZ=UTC -grml keyboard=us Use different keyboard layout +grml lang=at|de|cn|da|es|fr|it Specify language ($LANG, $LC_ALL, $LANGUAGE - utf8) + keyboard +grml lang=nl|pl|ru|sk|tr|tw|us Specify language ($LANG, $LC_ALL, $LANGUAGE - utf8) + keyboard +grml utc Hardware Clock is set to Coordinated Universal Time (UTC) +grml localtime Hardware Clock is set to local time (LOCAL), this is the default +grml tz=Europe/Vienna Use specified timezone for TZ, defaults to TZ=UTC +grml keyboard=us Use different keyboard layout Configuration settings: ----------------------- -grml myconfig=/dev/fd0 Set the DCS dir (debs, config, scripts) to the root of this device - DCS dir defaults to the live image or a device labeled GRMLCFG - If a file /config.tbz exists, it is extracted from there. - /dev/fd0 for floppy disk - /dev/sda1 for USB-stick/first SCSI-device -grml autoconfig=SOMELABEL Set the DCS dir to the root of the device labeled with SOMELABEL. - If undefined search for a device labeled with GRMLCFG. -grml netconfig=server/config.tbz Download file and extract configuration archive -grml netscript=server/file Download and execute file -grml partconf=/dev/sda2 Copy files specified in /etc/grml/partconf from /dev/sda2 - to booting grml system -grml file=foobar.tbz Use specified file as name for configuration archive - instead of the default one (config.tbz) -grml extract=/etc Extract only /etc from configuration archive, - use it in combination with myconfig or netconfig -grml persistence Enable persistency feature, more details available at - http://wiki.grml.org/doku.php?id=persistency -grml hostname=... Set hostname to given argument -grml hostname Set a random hostname - [Note: only available with releases newer than 2010.04] -grml nonetworking Do not create/overwrite /etc/network/interface during startup -grml distri=... Set distribution name to given argument. If a jpg file named like the - given distri name can be found in directory desktop on the ISO - (/cdrom/desktop/"$DISTRI") it will be taken as wallpaper for grml -grml debnet Search through local partitions for file /etc/network/interfaces, - copy /etc/network to local system and restart networking then -grml dns=8.8.8.8,8.8.4.4 Set DNS resolvers during boot and for live system. -grml ip=... Standard Linux kernel ip= boot option. Arguments: - clientip:nfsserverip:gwip:netmask:hostname:device:autoconf - Valid values for autoconf: off, on, dhcp, bootp, rarp, both. - Almost everything is optional. Most common form: ip=dhcp -grml mypath=... Add specified option into $PATH of Zsh - For example when using "grml mypath=/foobar" then /foobar - will be added to the end of $PATH inside Zsh -grml debs Install all Debian packages from the "debs" directory of your DCS - directory (see myconfig=, typically the root of your ISO image). -grml debs=path-name-wildcard Install Debian packages from DCS directory (see myconfig=, - typically the root of your ISO image). If path does not contain a - "/" the package(s) will be installed from directory "debs" of the - DCS directory instead. The "path-name-wildcard" can contain - wildcards (e.g. debs=rat* will install a packages starting with "rat" - from directory debs/). -grml scripts=path-name Execute script (defaulting to grml.sh) inside DCS dir. Path names - allowed. If path-name points to a directory, all scripts found in - the directory are executed. -grml config=path-name Unpack archive that path-name points to -grml noautoconfig Disable searching for device labeled GRMLCFG -grml nobeep Disable welcome chime, sounded before grml-quickconfig starts. +grml myconfig=/dev/fd0 Set the DCS dir (debs, config, scripts) to the root of this device + DCS dir defaults to the live image or a device labeled GRMLCFG + If a file /config.tbz exists, it is extracted from there. + /dev/fd0 for floppy disk + /dev/sda1 for USB-stick/first SCSI-device +grml autoconfig=SOMELABEL Set the DCS dir to the root of the device labeled with SOMELABEL. + If undefined search for a device labeled with GRMLCFG. +grml netconfig=server/config.tbz Download file and extract configuration archive +grml netscript=server/file Download and execute file +grml partconf=/dev/sda2 Copy files specified in /etc/grml/partconf from /dev/sda2 + to booting grml system +grml file=foobar.tbz Use specified file as name for configuration archive + instead of the default one (config.tbz) +grml extract=/etc Extract only /etc from configuration archive, + use it in combination with myconfig or netconfig +grml persistence Enable persistency feature, more details available at + http://wiki.grml.org/doku.php?id=persistency +grml hostname=... Set hostname to given argument +grml hostname Set a random hostname + [Note: only available with releases newer than 2010.04] +grml nonetworking Do not create/overwrite /etc/network/interface during startup +grml distri=... Set distribution name to given argument. If a jpg file named like the + given distri name can be found in directory desktop on the ISO + (/cdrom/desktop/"$DISTRI") it will be taken as wallpaper for grml +grml debnet Search through local partitions for file /etc/network/interfaces, + copy /etc/network to local system and restart networking then +grml dns=8.8.8.8,8.8.4.4 Set DNS resolvers during boot and for live system. +grml ip=... Standard Linux kernel ip= boot option. Arguments: + clientip:nfsserverip:gwip:netmask:hostname:device:autoconf + Valid values for autoconf: off, on, dhcp, bootp, rarp, both. + Almost everything is optional. Most common form: ip=dhcp +grml mypath=... Add specified option into $PATH of Zsh + For example when using "grml mypath=/foobar" then /foobar + will be added to the end of $PATH inside Zsh +grml debs Install all Debian packages from the "debs" directory of your DCS + directory (see myconfig=, typically the root of your ISO image). +grml debs=path-name-wildcard Install Debian packages from DCS directory (see myconfig=, + typically the root of your ISO image). If path does not contain a + "/" the package(s) will be installed from directory "debs" of the + DCS directory instead. The "path-name-wildcard" can contain + wildcards (e.g. debs=rat* will install a packages starting with "rat" + from directory debs/). +grml scripts=path-name Execute script (defaulting to grml.sh) inside DCS dir. Path names + allowed. If path-name points to a directory, all scripts found in + the directory are executed. +grml config=path-name Unpack archive that path-name points to +grml noautoconfig Disable searching for device labeled GRMLCFG +grml nobeep Disable welcome chime, sounded before grml-quickconfig starts. Notice: Take a look at http://grml.org/config/ and 'man 1 grml-autoconfig' for more information regarding the configuration framework of Grml. Booting related options: ------------------------ -grml toram Copy the whole CD/medium to RAM and run from there -grml toram=filename.squashfs Copy the specified file to RAM and run from there - Usage example: grml toram=grml-medium.squashfs - Notice: grml2ram is an alias for this option which - corresponds with the grml flavour settings by default -grml tohd=/dev/sda1 Copy Grml's squashfs file to harddisk partition for later - use via "grml bootfrom=/dev/sda1" -grml bootfrom=/dev/sda1 Use the squashfs file from directory 'live' of the specified device - Setup can be done booting 'grml tohd=/dev/sda1' or - running 'rsync -a --progress /run/live/medium/live /media/sda1/' -grml bootfrom=removable Restrict search for the live media to removable type only. -grml bootfrom=removable-usb Restrict search for the live media to usb mass storage only. -grml isofrom=/dev/sda1/grml.iso Use specified ISO image for booting - Useful when booting as a rescue system from harddisk - just boot - the according grml kernel and initrd using the bootoptions - "boot=live isofrom=/dev/sda1/grml.iso" - Notice: "fromiso" does the same as "isofrom", it's just there - to prevent any typing errors -grml findiso=/grml_2010.12.iso Look for the specified ISO file on all disks where it usually - looks for the .squashfs file (so you don't have to know the device name - as in isofrom=....). -grml fetch=$IP/filename.squashfs Download a squashfs image from a given url, copying to ram and booting it. - [Note: releases before 2011.05 didn't support DNS but IP only.] -grml live-media-path=/live/grml... Sets the path to the live filesystem on the medium - By default, it is set to /live/$GRML_FLAVOUR/ (where $GRML_FLAVOUR - is corresponding to grml64-full, grml32-full, grml64-small,... - [Note: this option is mandatory since release 2011.12] -grml module=grml Instead of using the default "$name.module" another file can - be specified without the extension ".module"; it should be placed - on "/live" directory of the live medium - Useful for Multiboot USB pen, see - http://wiki.grml.org/doku.php?id=tips#multiboot_usb_pen -grml bootid=mybootid Use specified argument as identifier for the ISO. - mybootid is specified in /conf/bootid.txt on the ISO. - [Note: only available since release 2010.04] -grml ignore_bootid Disable bootid verification. - [Note: only available since release 2010.04] +grml toram Copy the whole CD/medium to RAM and run from there +grml toram=filename.squashfs Copy the specified file to RAM and run from there + Usage example: grml toram=grml-medium.squashfs + Notice: grml2ram is an alias for this option which + corresponds with the grml flavour settings by default +grml bootfrom=/dev/sda1 Use the squashfs file from directory 'live' of the specified device + Setup can be done by executing: + rsync -a --progress /run/live/medium/live /media/sda1/ + NOTE: you can can also use bootfrom=/dev/disk/by-label/yourlabel + (adjust yourlabel as needed), which should prevent choosing the + wrong block device (e.g. if more than one disk is present). +grml bootfrom=removable Restrict search for the live media to removable type only. +grml bootfrom=removable-usb Restrict search for the live media to usb mass storage only. +grml isofrom=[fs:][/device]/grml.iso Use specified ISO image for booting. + Useful when booting as a rescue system from a different device. + If you want to load the image from a device different from the root device + specified through the bootloader, prefix its device path to the path, like + in "/dev/sda1/grml.iso". + Internally, the initrd will mount the given device, automatically detecting + the file system. + If needed, prefix the file system separated with a colon character to + override the automatic detection, like in "reiserfs:/dev/sda1/grml.iso". + As an example, boot the according grml kernel and initrd using the + bootoptions "boot=live isofrom=btrfs:/dev/vda40/path/to/grml.iso" + NOTE: "fromiso" does the same as "isofrom", it's just there + to prevent any typing errors + NOTE: you can can also use isofrom=/dev/disk/by-label/yourlabel + (adjust yourlabel as needed), which should prevent choosing the + wrong block device (e.g. if more than one disk is present). +grml findiso=/grml_2010.12.iso Look for the specified ISO file on all disks where it usually + looks for the .squashfs file (so you don't have to know the device name + as in isofrom=....). +grml fetch=$IP/filename.squashfs Download a squashfs image from a given url, copying to ram and booting it. + [Note: releases before 2011.05 didn't support DNS but IP only.] +grml live-media-path=/live/grml... Sets the path to the live filesystem on the medium + By default, it is set to /live/$GRML_FLAVOUR/ (where $GRML_FLAVOUR + is corresponding to grml64-full, grml32-full, grml64-small,... + [Note: this option is mandatory since release 2011.12] +grml module=grml Instead of using the default "$name.module" another file can + be specified without the extension ".module"; it should be placed + on "/live" directory of the live medium + Useful for Multiboot USB pen, see + http://wiki.grml.org/doku.php?id=tips#multiboot_usb_pen +grml bootid=mybootid Use specified argument as identifier for the ISO. + mybootid is specified in /conf/bootid.txt on the ISO. + [Note: only available since release 2010.04] +grml ignore_bootid Disable bootid verification. + [Note: only available since release 2010.04] Debugging related settings: --------------------------- -grml debug Get shells during process of booting, using GNU screen, be verbose -grml debug=1 Get shells during process of booting, using GNU screen, be verbose and - display shell code being executed in initramfs. -grml debug=noscreen Get shells during process of booting, verbose, but without using GNU screen -grml nocolor Disable colorized output while booting - Also set SYSTEMD_COLORS=0 to disable colors in systemd output -grml log Log error messages while booting to /tmp/grml.log.`date +%Y%m%d`" - and /var/log/boot -grml testcd Check CD data integrity and md5sums +grml debug Get shells during process of booting, using GNU screen, be verbose +grml debug=1 Get shells during process of booting, using GNU screen, be verbose and + display shell code being executed in initramfs. +grml debug=noscreen Get shells during process of booting, verbose, but without using GNU screen +grml nocolor Disable colorized output while booting + Also set SYSTEMD_COLORS=0 to disable colors in systemd output +grml log Log error messages while booting to /tmp/grml.log.`date +%Y%m%d`" + and /var/log/boot +grml testcd Check CD data integrity and md5sums Security / login related settings: ---------------------------------- -grml ssh=password Set password for root & grml user and start ssh-server -grml passwd=... Set password for root & grml user -grml encpasswd=.... Set specified hash as password for root & grml user, use e.g. - 'mkpasswd -H md5' to generate such a hash (available in Grml >=2013.09) +grml ssh=password Set password for root & grml user and start ssh-server +grml passwd=... Set password for root & grml user +grml encpasswd=.... Set specified hash as password for root & grml user, use e.g. + 'mkpasswd -H md5' to generate such a hash (available in Grml >=2013.09) Service related settings: ------------------------- -grml startup=script Start $script instead of grml-quickconfig on startup -grml nosyslog Do not start syslog daemon -grml nogpm Disable GPM daemon -grml noconsolefont Disable setting of console font (using consolechars) -grml noblank Disable console blanking -grml noquick Disable grml-quickconfig startup script -grml wondershaper=eth0,1000,500 Set up basic traffic shaping -grml services={postfix,mysql,...} Start service(s) which have an init-script (/etc/init.d/) -grml welcome Welcome message via soundoutput -grml noeject Do NOT eject CD after halt/reboot -grml noprompt Do NOT prompt to remove the CD when halting/rebooting the system -grml distcc=$NETWORK,$INTERFACE Activate distcc-daemon to listen on specified network - and interface, usage example: - distcc=192.168.0.1/24,eth0 -grml gcc=3.4 gpp=3.4 Link /usr/bin/gcc, /usr/bin/cpp and /usr/bin/c++ to specified version -grml startx{=windowmanager} Start X window system automatically - Default window manager (if not provided): wm-ng (wrapper around fluxbox) -grml nostartx If using startx as default bootoption the nostartx *disables* automatic - startup of X again. (This bootoption is relevant for grml based derivatives - which decide to enable startx by default only, plain grml does not use - automatic startup of X by default.) -grml vnc=password Start VNC server with startup of X.org and sets the password to the specified - one. To automatically start the VNC server use the startx bootoption. - [Note: Grml 2011.12+ doesn't include a VNC server.] -grml vnc_connect=host[:port] Connect to a listening VNC client ("vncviewer -listen" reverse connection). - Can be used to connect from devices behind firewalls as connection is - initiated from the VNC server instead of the VNC client. Has to be - combined with the vnc bootoption. - [Note: Grml 2011.12+ doesn't include a VNC client.] +grml startup=script Start $script instead of grml-quickconfig on startup +grml nosyslog Do not start syslog daemon +grml nogpm Disable GPM daemon +grml noconsolefont Disable setting of console font (using consolechars) +grml noblank Disable console blanking +grml noquick Disable grml-quickconfig startup script +grml wondershaper=eth0,1000,500 Set up basic traffic shaping +grml services={postfix,mysql,...} Start service(s) which have an init-script (/etc/init.d/) +grml welcome Welcome message via soundoutput +grml noeject Do NOT eject CD after halt/reboot +grml noprompt Do NOT prompt to remove the CD when halting/rebooting the system +grml startx{=windowmanager} Start X window system automatically + Default window manager (if not provided): wm-ng (wrapper around fluxbox) +grml nostartx If using startx as default bootoption the nostartx *disables* automatic + startup of X again. (This bootoption is relevant for grml based derivatives + which decide to enable startx by default only, plain grml does not use + automatic startup of X by default.) +grml vnc=password Start VNC server with startup of X.org and sets the password to the specified + one. To automatically start the VNC server use the startx bootoption. + [Note: Grml 2011.12+ doesn't include a VNC server.] +grml vnc_connect=host[:port] Connect to a listening VNC client ("vncviewer -listen" reverse connection). + Can be used to connect from devices behind firewalls as connection is + initiated from the VNC server instead of the VNC client. Has to be + combined with the vnc bootoption. + [Note: Grml 2011.12+ doesn't include a VNC client.] +grml getfile.retries=$NUM Retry the download of the files specified in the netconfig=... + + netscript=... options up to $NUM times + Accessibility related settings: ------------------------------- -grml brltty=type,port,table Parameters for Braille device (e.g.: brltty=al,/dev/ttyS0,text.de.tbl) - See http://mielke.cc/brltty/guidelines.html for documentation. +grml brltty=type,port,table Parameters for Braille device (e.g.: brltty=al,/dev/ttyS0,text.de.tbl) + See http://mielke.cc/brltty/guidelines.html for documentation. Hardware related settings: -------------------------- -grml swap Activate present/detected swap partitions -grml noswraid Disable scanning for software raid arrays (creates /etc/mdadm/mdadm.conf) -grml swraid Enable automatic assembling of software raid arrays -grml nodmraid Do not enable present dmraid devices. -grml dmraid=on Automatically enable any present dmraid devices. -grml dmraid=off Actively try to stop any present dmraid devices. -grml nolvm Disable scanning for Logical Volumes (LVM) -grml lvm Automatically activate Logival Volumes (LVM) during boot -grml read-only Make sure all harddisk devices (/dev/hd* /dev/sd*) are forced to read-only mode -grml ethdevice=... Use specified network device for network boot instead of default (eth0) -grml ethdevice-timeout=... Use specified network configuration timeout instead of default (15sec) -grml xmodule=ati|fbdev|i810|mga Use specified X.org-Module (1) -grml xmodule=nv|radeon|savage|s3 Use specified X.org-Module (2) -grml xmodule=radeon|svga|i810 Use specified X.org-Module (3) -grml no{acpi,agp,cpu,dhcp} Skip parts of HW-detection (1) -grml no{dma,fstab,modem} Skip parts of HW-detection (2) -grml no{pcmcia,scsi,swap,usb} Skip parts of HW-detection (3) -grml blacklist=modulename[,module2] Completely disable loading of specified module(s) via - blacklisting through udev's /etc/modprobe.d/grml -grml fwtimeout=50 Set firmware timeout via /sys/class/firmware/timeout to specified value -grml nosound Mute sound devices (notice: this does not deactivate loading of sound drivers!) -grml vol=number Set mixer volumes to level $number -grml micvol=number Set mixer volume of microphone to level $number (default: 0) -grml pnpbios=off No PnP Bios initialization -grml acpi=off Disable ACPI Bios completely -grml nofirewire Disable initialization of firewire devices in booting sequence -grml pci=irqmask=0x0e98 Try this, if PS/2 mouse doesn't work *) -grml pci=bios Workaround for bad PCI controllers -grml ide2=0x180 nopcmcia Boot from PCMCIA-CD-ROM (some notebooks) -grml mem=128M Specify Memory size in MByte -grml libata.force=[ID:]VAL Force configurations for libata. - Usage example: grml libata.force=1:pio4 - to force pio4 mode on device "ata1:00:" -grml libata.dma=0 Disable DMA on PATA and SATA devices -grml libata.ignore_hpa=1 Disable host protected area (which should enable the whole disk) -grml vga=normal No-framebuffer mode (does not influence X) -grml vga=ask Display menu for framebuffer mode -grml radeon.modeset=0 nomodeset Disable Kernel Mode Setting (KMS) for Radeon driver. -grml i915.modeset=0 nomodeset Disable Kernel Mode Setting (KMS) for Intel driver. -grml nouveau.modeset=0 nomodeset Disable Kernel Mode Setting (KMS) for Nouveau driver. -grml cirrus.modeset=0 nomodeset Disable Kernel Mode Setting (KMS) for Cirrus driver. -grml mgag200.modeset=0 nomodeset Disable Kernel Mode Setting (KMS) for MGAG200 driver. +grml swap Activate present/detected swap partitions +grml noswraid Disable scanning for software raid arrays (creates /etc/mdadm/mdadm.conf) +grml swraid Enable automatic assembling of software raid arrays +grml nodmraid Do not enable present dmraid devices (deprecated as of releases in 2024) +grml dmraid=on Automatically enable any present dmraid devices (deprecated as of releases in 2024) +grml dmraid=off Actively try to stop any present dmraid devices (deprecated as of releases in 2024) +grml nolvm Disable scanning for Logical Volumes (LVM) +grml lvm Automatically activate Logival Volumes (LVM) during boot +grml read-only Make sure all harddisk devices (/dev/hd* /dev/sd*) are forced to read-only mode +grml ethdevice=... Use specified network device for network boot instead of default (eth0) +grml ethdevice-timeout=... Use specified network configuration timeout instead of default (15sec) +grml xmodule=ati|fbdev|i810|mga Use specified X.org-Module (1) +grml xmodule=nv|radeon|savage|s3 Use specified X.org-Module (2) +grml xmodule=radeon|svga|i810 Use specified X.org-Module (3) +grml no{acpi,cpu,dhcp,fstab,swap} Skip parts of HW-detection +grml blacklist=modulename[,module2] Completely disable loading of specified module(s) via + blacklisting through udev's /etc/modprobe.d/grml +grml nosound Mute sound devices (notice: this does not deactivate loading of sound drivers!) +grml vol=number Set mixer volumes to level $number +grml micvol=number Set mixer volume of microphone to level $number (default: 0) +grml acpi=off Disable ACPI Bios completely +grml pci=irqmask=0x0e98 Try this, if PS/2 mouse doesn't work *) +grml pci=bios Workaround for bad PCI controllers +grml libata.force=[ID:]VAL Force configurations for libata. + Usage example: grml libata.force=1:pio4 + to force pio4 mode on device "ata1:00:" +grml libata.dma=0 Disable DMA on PATA and SATA devices +grml libata.ignore_hpa=1 Disable host protected area (which should enable the whole disk) +grml vga=normal No-framebuffer mode (does not influence X) +grml vga=ask Display menu for framebuffer mode +grml radeon.modeset=0 nomodeset Disable Kernel Mode Setting (KMS) for Radeon driver. +grml i915.modeset=0 nomodeset Disable Kernel Mode Setting (KMS) for Intel driver. +grml nouveau.modeset=0 nomodeset Disable Kernel Mode Setting (KMS) for Nouveau driver. +grml cirrus.modeset=0 nomodeset Disable Kernel Mode Setting (KMS) for Cirrus driver. +grml mgag200.modeset=0 nomodeset Disable Kernel Mode Setting (KMS) for MGAG200 driver. Installation related settings: ------------------------------ @@ -247,7 +249,7 @@ Caution: do *NOT* use the debian2hd bootoption if you do not know what you are d Install plain Debian via debian2hd bootoption (which runs grml-debootstrap in non-interactive mode): -debian2hd ... whereas valid options for debian2hd are: +debian2hd ... whereas valid options for debian2hd are: target= target partition/directory of the new Debian system, e.g.: target=/dev/sda1 grub= where to install grub to, e.g.: grub=/dev/sda @@ -280,12 +282,6 @@ the "no-" options as shown in the table above, like in grml noagp noapic acpi=off nodma to skip some critical parts of the autodetection system. -*) Some boards (especially those with E-ISA slots) apparently don't pass -the proper memory size to the linux-kernel. It may cause the message -"Panic: cannot mount root file system" and the system hangs. Use "grml -mem=128M" to solve that problem if your system has 128MByte memory for -example (caution: you MUST use a capital "M" here). - *) The "myconfig=/dev/partition" option allows you to reconfigure the system after autoconfiguration by running a bourne shell script called "grml.sh" and/or extracting configuration files from a file named diff --git a/templates/boot/grub/%SHORT_NAME%_default.cfg b/templates/boot/grub/%SHORT_NAME%_default.cfg index 8ef295b..5b34383 100644 --- a/templates/boot/grub/%SHORT_NAME%_default.cfg +++ b/templates/boot/grub/%SHORT_NAME%_default.cfg @@ -1,7 +1,7 @@ menuentry "%GRML_NAME% - release %VERSION% (default)" { set gfxpayload=keep echo 'Loading kernel...' - linux /boot/%SHORT_NAME%/vmlinuz apm=power-off boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% "${loopback}" "${kernelopts}" nomce net.ifnames=0 + linux /boot/%SHORT_NAME%/vmlinuz apm=power-off boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% "${loopback}" ${kernelopts} nomce net.ifnames=0 echo 'Loading initrd...' initrd /boot/%SHORT_NAME%/initrd.img } diff --git a/templates/boot/grub/%SHORT_NAME%_options.cfg b/templates/boot/grub/%SHORT_NAME%_options.cfg index d3a2193..0168459 100644 --- a/templates/boot/grub/%SHORT_NAME%_options.cfg +++ b/templates/boot/grub/%SHORT_NAME%_options.cfg @@ -1,72 +1,96 @@ submenu "%GRML_NAME% - advanced options ->" --class=submenu { -menuentry "%GRML_NAME% - enable persistency mode" { +menuentry "Enable Predictable Network Interface Names" { set gfxpayload=keep echo 'Loading kernel...' - linux /boot/%SHORT_NAME%/vmlinuz apm=power-off boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% nomce net.ifnames=0 "${loopback}" "${kernelopts}" persistence + linux /boot/%SHORT_NAME%/vmlinuz apm=power-off boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% nomce "${loopback}" ${kernelopts} echo 'Loading initrd...' initrd /boot/%SHORT_NAME%/initrd.img } -menuentry "%GRML_NAME% - copy Grml to RAM" { +menuentry "Enable SSH (with random password)" { set gfxpayload=keep echo 'Loading kernel...' - linux /boot/%SHORT_NAME%/vmlinuz apm=power-off boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% nomce net.ifnames=0 "${loopback}" "${kernelopts}" toram=%GRML_NAME%.squashfs + linux /boot/%SHORT_NAME%/vmlinuz apm=power-off boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% nomce net.ifnames=0 "${loopback}" ${kernelopts} ssh echo 'Loading initrd...' initrd /boot/%SHORT_NAME%/initrd.img } -menuentry "%GRML_NAME% - copy whole medium to RAM" { +menuentry "Load Grml to RAM" { set gfxpayload=keep echo 'Loading kernel...' - linux /boot/%SHORT_NAME%/vmlinuz apm=power-off boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% nomce net.ifnames=0 "${loopback}" "${kernelopts}" toram + linux /boot/%SHORT_NAME%/vmlinuz apm=power-off boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% nomce net.ifnames=0 "${loopback}" ${kernelopts} toram=%GRML_NAME%.squashfs echo 'Loading initrd...' initrd /boot/%SHORT_NAME%/initrd.img } -menuentry "%GRML_NAME% - start X by default" { +menuentry "Load whole medium to RAM" { set gfxpayload=keep echo 'Loading kernel...' - linux /boot/%SHORT_NAME%/vmlinuz apm=power-off boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% nomce net.ifnames=0 "${loopback}" "${kernelopts}" startx + linux /boot/%SHORT_NAME%/vmlinuz apm=power-off boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% nomce net.ifnames=0 "${loopback}" ${kernelopts} toram echo 'Loading initrd...' initrd /boot/%SHORT_NAME%/initrd.img } -menuentry "%GRML_NAME% - disable framebuffer" { - set gfxpayload=text +menuentry "Forensic Mode" { + set gfxpayload=keep + echo 'Loading kernel...' + linux /boot/%SHORT_NAME%/vmlinuz apm=power-off boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% nomce net.ifnames=0 "${loopback}" ${kernelopts} read-only nofstab noraid nolvm noautoconfig noswap raid=noautodetect + echo 'Loading initrd...' + initrd /boot/%SHORT_NAME%/initrd.img +} + +menuentry "Persistency Mode" { + set gfxpayload=keep + echo 'Loading kernel...' + linux /boot/%SHORT_NAME%/vmlinuz apm=power-off boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% nomce net.ifnames=0 "${loopback}" ${kernelopts} persistence + echo 'Loading initrd...' + initrd /boot/%SHORT_NAME%/initrd.img +} + +menuentry "Load German Keyboard Layout" { + set gfxpayload=keep echo 'Loading kernel...' - linux /boot/%SHORT_NAME%/vmlinuz apm=power-off boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% nomce net.ifnames=0 "${loopback}" "${kernelopts}" video=ofonly radeon.modeset=0 i915.modeset=0 nouveau.modeset=0 cirrus.modeset=0 mgag200.modeset=0 nomodeset + linux /boot/%SHORT_NAME%/vmlinuz apm=power-off boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% nomce net.ifnames=0 "${loopback}" ${kernelopts} lang=de echo 'Loading initrd...' initrd /boot/%SHORT_NAME%/initrd.img } -menuentry "%GRML_NAME% - disable Kernel Mode-Setting" { +menuentry "Graphical Mode" { set gfxpayload=keep echo 'Loading kernel...' - linux /boot/%SHORT_NAME%/vmlinuz apm=power-off boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% nomce net.ifnames=0 "${loopback}" "${kernelopts}" radeon.modeset=0 i915.modeset=0 nouveau.modeset=0 cirrus.modeset=0 mgag200.modeset=0 nomodeset + linux /boot/%SHORT_NAME%/vmlinuz apm=power-off boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% nomce net.ifnames=0 "${loopback}" ${kernelopts} startx + echo 'Loading initrd...' + initrd /boot/%SHORT_NAME%/initrd.img +} + +menuentry "Disable Framebuffer" { + set gfxpayload=text + echo 'Loading kernel...' + linux /boot/%SHORT_NAME%/vmlinuz apm=power-off boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% nomce net.ifnames=0 "${loopback}" ${kernelopts} video=ofonly radeon.modeset=0 i915.modeset=0 nouveau.modeset=0 cirrus.modeset=0 mgag200.modeset=0 nomodeset echo 'Loading initrd...' initrd /boot/%SHORT_NAME%/initrd.img } -menuentry "%GRML_NAME% - forensic mode" { +menuentry "Disable Video Kernel Mode Setting" { set gfxpayload=keep echo 'Loading kernel...' - linux /boot/%SHORT_NAME%/vmlinuz apm=power-off boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% nomce net.ifnames=0 "${loopback}" "${kernelopts}" read-only nofstab noraid nodmraid nolvm noautoconfig noswap raid=noautodetect + linux /boot/%SHORT_NAME%/vmlinuz apm=power-off boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% nomce net.ifnames=0 "${loopback}" ${kernelopts} radeon.modeset=0 i915.modeset=0 nouveau.modeset=0 cirrus.modeset=0 mgag200.modeset=0 nomodeset echo 'Loading initrd...' initrd /boot/%SHORT_NAME%/initrd.img } -menuentry "%GRML_NAME% - debug mode" { +menuentry "Debug Mode" { set gfxpayload=keep echo 'Loading kernel...' - linux /boot/%SHORT_NAME%/vmlinuz apm=power-off boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% nomce net.ifnames=0 "${loopback}" "${kernelopts}" initcall verbose debug=vc systemd.log_level=debug systemd.log_target=kmsg log_buf_len=1M + linux /boot/%SHORT_NAME%/vmlinuz apm=power-off boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% nomce net.ifnames=0 "${loopback}" ${kernelopts} initcall verbose debug=vc systemd.log_level=debug systemd.log_target=kmsg log_buf_len=1M echo 'Loading initrd...' initrd /boot/%SHORT_NAME%/initrd.img } -menuentry "%GRML_NAME% - serial mode" { +menuentry "Serial Console" { set gfxpayload=text echo 'Loading kernel...' - linux /boot/%SHORT_NAME%/vmlinuz apm=power-off boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% nomce net.ifnames=0 "${loopback}" "${kernelopts}" video=vesafb:off console=tty1 console=ttyS0,9600n8 + linux /boot/%SHORT_NAME%/vmlinuz apm=power-off boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% nomce net.ifnames=0 "${loopback}" ${kernelopts} video=vesafb:off console=tty1 console=ttyS0,115200n8 echo 'Loading initrd...' initrd /boot/%SHORT_NAME%/initrd.img } diff --git a/templates/boot/grub/addons.cfg b/templates/boot/grub/addons.cfg index 130ab05..5aea931 100644 --- a/templates/boot/grub/addons.cfg +++ b/templates/boot/grub/addons.cfg @@ -1,68 +1,135 @@ submenu "Addons ->" --class=submenu { -menuentry "Memory test (memtest86+)" { - insmod linux16 - linux16 /boot/addons/memtest -} -menuentry "iPXE - boot via network/PXE" { - insmod linux16 - linux16 /boot/addons/ipxe.lkrn -} +# EFI: +if [ "${grub_platform}" == "efi" ] ; then + # arm64 doesn't provide the cpuid command, and we also + # don't have any memtest* efi files available, so only + # run on architectures other than arm64 (amd64 + i386) + if [ "${grub_cpu}" != "arm64" ] ; then + # try to detect amd64 by checking whether CPU supports 64-bit (long) mode + if cpuid -l ; then + if test -e /boot/addons/memtest86+x64.efi ; then + menuentry "Memory test (memtest86+x64.efi)" { + chainloader /boot/addons/memtest86+x64.efi + } + fi + else # assume i386 + if test -e /boot/addons/memtest86+ia32.efi ; then + menuentry "Memory test (memtest86+ia32.efi)" { + chainloader /boot/addons/memtest86+ia32.efi + } + fi + fi + fi +fi -menuentry "Netboot.xyz" { - insmod linux16 - linux16 /boot/addons/netboot.xyz.lkrn -} +# BIOS/non-EFI: +if [ "${grub_platform}" != "efi" ] ; then + # try to detect amd64 by checking whether CPU supports 64-bit (long) mode + if cpuid -l ; then + if test -e /boot/addons/memtest86+x64.bin ; then + menuentry "Memory test (memtest86+x64.bin)" { + insmod linux16 + linux16 /boot/addons/memtest86+x64.bin + } + elif test -e /boot/addons/memtest ; then # fallback to old memtest + menuentry "Memory test (memtest86+)" { + insmod linux16 + linux16 /boot/addons/memtest + } + fi + else # assume i386 + if test -e /boot/addons/memtest86+ia32.bin ; then + menuentry "Memory test (memtest86+ia32.bin)" { + insmod linux16 + linux16 /boot/addons/memtest86+ia32.bin + } + elif test -e /boot/addons/memtest ; then # fallback to old memtest + menuentry "Memory test (memtest86+)" { + insmod linux16 + linux16 /boot/addons/memtest + } + fi + fi +fi -menuentry "GRUB - all in one image" { - insmod linux16 - linux16 /boot/addons/memdisk - initrd16 /boot/addons/allinone.img +menuentry "iPXE - boot via network/PXE" { + if [ "${grub_platform}" == "efi" ] ; then + chainloader /boot/addons/ipxe.efi + else + insmod linux16 + linux16 /boot/addons/ipxe.lkrn + fi } -menuentry "FreeDOS" { - insmod linux16 - linux16 /boot/addons/memdisk - loopback balder /boot/addons/balder10.imz - initrd16 (balder)+2880 +menuentry "Netboot.xyz" { + if [ "${grub_platform}" == "efi" ] ; then + chainloader /boot/addons/netboot.xyz.efi + else + insmod linux16 + linux16 /boot/addons/netboot.xyz.lkrn + fi } -if [ ${iso_path} ] ; then - # assume loopback.cfg boot - menuentry "MirOS bsd4grml (via loopback)" { - multiboot /boot/addons/bsd4grml/ldbsd.com - module /boot/addons/bsd4grml/bsd.rd bsd - module /boot/addons/bsd4grml/loopback.0 boot.cfg - module /boot/addons/bsd4grml/loopback.1 boot.1 - module /boot/addons/bsd4grml/loopback.2 boot.2 - module /boot/addons/bsd4grml/loopback.3 boot.3 - module /boot/addons/bsd4grml/loopback.4 boot.4 - module /boot/addons/bsd4grml/loopback.5 boot.5 - module /boot/addons/bsd4grml/loopback.6 boot.6 +if [ "${grub_platform}" != "efi" ] ; then + menuentry "Netboot.xyz" { + insmod linux16 + linux16 /boot/addons/netboot.xyz.lkrn } -else - # assume grub.cfg boot - menuentry "MirOS bsd4grml (regular method)" { - multiboot /boot/addons/bsd4grml/ldbsd.com + + menuentry "GRUB - all in one image" { + insmod linux16 + linux16 /boot/addons/memdisk + initrd16 /boot/addons/allinone.img } - menuentry "MirOS bsd4grml (fallback method)" { - multiboot /boot/addons/bsd4grml/ldbsd.com - module /boot/addons/bsd4grml/bsd.rd bsd.rd - module /boot/addons/bsd4grml/boot.1 boot.1 - module /boot/addons/bsd4grml/boot.2 boot.2 - module /boot/addons/bsd4grml/boot.3 boot.3 - module /boot/addons/bsd4grml/boot.4 boot.4 - module /boot/addons/bsd4grml/boot.5 boot.5 - module /boot/addons/bsd4grml/boot.6 boot.6 - module /boot/addons/bsd4grml/boot.cfg boot.cfg - module /boot/grub/grub.img grub.img + menuentry "FreeDOS" { + insmod linux16 + linux16 /boot/addons/memdisk + initrd16 /boot/addons/balder10.imz } -fi + if [ ${iso_path} ] ; then + # assume loopback.cfg boot + menuentry "MirOS bsd4grml (via loopback)" { + multiboot /boot/addons/bsd4grml/ldbsd.com + module /boot/addons/bsd4grml/bsd.rd bsd + module /boot/addons/bsd4grml/loopback.0 boot.cfg + module /boot/addons/bsd4grml/loopback.1 boot.1 + module /boot/addons/bsd4grml/loopback.2 boot.2 + module /boot/addons/bsd4grml/loopback.3 boot.3 + module /boot/addons/bsd4grml/loopback.4 boot.4 + module /boot/addons/bsd4grml/loopback.5 boot.5 + module /boot/addons/bsd4grml/loopback.6 boot.6 + } + else + # assume grub.cfg boot + menuentry "MirOS bsd4grml (regular method)" { + multiboot /boot/addons/bsd4grml/ldbsd.com + } + + menuentry "MirOS bsd4grml (fallback method)" { + multiboot /boot/addons/bsd4grml/ldbsd.com + module /boot/addons/bsd4grml/bsd.rd bsd.rd + module /boot/addons/bsd4grml/boot.1 boot.1 + module /boot/addons/bsd4grml/boot.2 boot.2 + module /boot/addons/bsd4grml/boot.3 boot.3 + module /boot/addons/bsd4grml/boot.4 boot.4 + module /boot/addons/bsd4grml/boot.5 boot.5 + module /boot/addons/bsd4grml/boot.6 boot.6 + module /boot/addons/bsd4grml/boot.cfg boot.cfg + module /boot/grub/grub.img grub.img + } + fi # iso_path +fi # efi mode +} + +if [ "${grub_platform}" == "efi" ] ; then +menuentry "UEFI Firmware Settings" { + fwsetup } +fi # efi mode -menuentry "Boot OS of first partition on first disk" { - set root=(hd0,1) - chainloader +1 +menuentry "Boot from next device" { + exit } diff --git a/templates/boot/grub/grml-theme/sb-theme.txt b/templates/boot/grub/grml-theme/sb-theme.txt new file mode 100644 index 0000000..f9d5335 --- /dev/null +++ b/templates/boot/grub/grml-theme/sb-theme.txt @@ -0,0 +1,45 @@ +# This is the theme to be used in Secure Boot mode + +title-text: "" +title-color: "#FFFFFF" +desktop-image: "black.png" +message-color: "#FFFFFF" + ++ image { + file = "grml-logo.png" + left = 45% + top = 2% +} ++ boot_menu { + left = 15% + width = 70% + top = 16% + height = 36% + item_color = "#FFFFFF" + selected_item_color = "orange" + item_spacing = 4 + item_height = 12 + border_color = "#FFFFFF" +} + + +# Show an informational message. ++ vbox { + top = 55% + left = 20% + + label {text = "Running in Secure Boot mode" color = "white" align = "left"} + + label {text = ""} + + label {text = "Press ENTER to boot or E to edit menu entry " color = "white"} + + label {text = "Press C to enter the Grub commandline" color = "white"} +} + ++ progress_bar { + id = "__timeout__" + top = 75% + left = 20% + text_color = "#FFFFFF" + fg_color = "orange" + bg_color = #66B + border_color = #006 + text = "@TIMEOUT_NOTIFICATION_LONG@" +} diff --git a/templates/boot/grub/grml-theme/theme.txt b/templates/boot/grub/grml-theme/theme.txt index ef8af04..3a7be37 100644 --- a/templates/boot/grub/grml-theme/theme.txt +++ b/templates/boot/grub/grml-theme/theme.txt @@ -1,7 +1,9 @@ +# This is the default GRUB theme of Grml + title-text: "" title-color: "#FFFFFF" desktop-image: "black.png" -message-color: "#FFFFFF" +message-color: "#FFFFFF" + image { file = "grml-logo.png" @@ -9,29 +11,27 @@ message-color: "#FFFFFF" top = 2% } + boot_menu { - left = 15% - width = 70% - top = 16% - height = 36% - item_color = "#FFFFFF" - selected_item_color = "orange" - item_spacing = 4 - item_height = 12 - border_color = "#FFFFFF" - + left = 15% + width = 70% + top = 16% + height = 36% + item_color = "#FFFFFF" + selected_item_color = "orange" + item_spacing = 4 + item_height = 12 + border_color = "#FFFFFF" } # Show an informational message. + vbox { - top = 55% - left = 20% - + label {text = "Press ENTER to boot or E to edit menu entry " color = "white" align = "left"} - + label {text = "Press C to enter the Grub commandline" color = "white"} + top = 55% + left = 20% + + label {text = "Press ENTER to boot or E to edit menu entry " color = "white" align = "left"} + + label {text = "Press C to enter the Grub commandline" color = "white"} } -+ progress_bar -{ ++ progress_bar { id = "__timeout__" top = 75% left = 20% @@ -40,5 +40,4 @@ message-color: "#FFFFFF" bg_color = #66B border_color = #006 text = "@TIMEOUT_NOTIFICATION_LONG@" - } diff --git a/templates/boot/grub/grmlenv.cfg b/templates/boot/grub/grmlenv.cfg deleted file mode 100644 index ef37872..0000000 --- a/templates/boot/grub/grmlenv.cfg +++ /dev/null @@ -1,12 +0,0 @@ -# this is a simple test to identify whether it looks like the Secure Boot enabled/signed -# GRUB is running or if it's a full featured GRUB version, the former doesn't -# fail with invalid usage, while the later will fail with "error: device name required." -if probe ; then - echo "It looks like Secure Boot is enabled." - set grml_secureboot=true - export grml_secureboot -else - echo "It looks like Secure Boot is NOT enabled." - set grml_secureboot=false - export grml_secureboot -fi diff --git a/templates/boot/grub/header.cfg b/templates/boot/grub/header.cfg index fe6382d..bf79d81 100644 --- a/templates/boot/grub/header.cfg +++ b/templates/boot/grub/header.cfg @@ -8,7 +8,17 @@ if loadfont /boot/grub/ascii.pf2 ; then terminal_output gfxterm fi -if [ -f /boot/grub/grml-theme/theme.txt ] ; then +if [ "${grml_secureboot}" = "true" ] ; then + if [ -f /boot/grub/grml-theme/sb-theme.txt ] ; then + set theme=/boot/grub/grml-theme/sb-theme.txt + export theme + else + set menu_color_normal=white/black + set menu_color_highlight=black/orange + export menu_color_normal + export menu_color_highlight + fi +elif [ -f /boot/grub/grml-theme/theme.txt ] ; then set theme=/boot/grub/grml-theme/theme.txt export theme else diff --git a/templates/boot/grub/netboot.cfg b/templates/boot/grub/netboot.cfg new file mode 100644 index 0000000..7e4bff4 --- /dev/null +++ b/templates/boot/grub/netboot.cfg @@ -0,0 +1,32 @@ +# GRUB PXE configuration file + +# adjust according to your needs +#set timeout=300 + +insmod png +set gfxmode=auto +insmod gfxterm +terminal_output gfxterm + +loadfont unicode + +set menu_color_normal=white/black +set menu_color_highlight=black/yellow + +menuentry "%GRML_NAME% Standard (%VERSION%, %ARCH%)" { + set gfxpayload=keep + echo 'Loading kernel...' + linux vmlinuz root=/dev/nfs rw nfsroot=192.168.0.1:/live/image boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% apm=power-off nomce net.ifnames=0 noprompt noeject + echo 'Loading initrd...' + initrd initrd.img +} + +if [ "${grub_platform}" == "efi" ] ; then +menuentry "UEFI Firmware Settings" { + fwsetup +} +fi # efi mode + +menuentry "Boot from next device" { + exit +} diff --git a/templates/boot/isolinux/f10 b/templates/boot/isolinux/f10 index ec85979..8020cde 100644 --- a/templates/boot/isolinux/f10 +++ b/templates/boot/isolinux/f10 @@ -11,13 +11,13 @@ profit from your experience! Contact us: - Web: http://grml.org/contact/ - IRC: #grml on irc.freenode.org + Web: https://grml.org/contact/ + IRC: #grml on irc.oftc.net Mail: contact (at) grml.org - Bugs: http://grml.org/bugs/ + Bugs: https://grml.org/bugs/ See the FAQ for more information: - 0fhttp://grml.org/faq/70 + 0fhttps://grml.org/faq/70 Thank you for helping us to improve Grml! 1f diff --git a/templates/boot/isolinux/grml.cfg b/templates/boot/isolinux/grml.cfg index dd19d4d..b940f01 100644 --- a/templates/boot/isolinux/grml.cfg +++ b/templates/boot/isolinux/grml.cfg @@ -2,55 +2,67 @@ # generic ones -label debug - menu label %GRML_NAME% - ^Debug Mode +label pnet + menu label Enable Predictable ^Network Interface Names kernel /boot/%SHORT_NAME%/vmlinuz - append initrd=/boot/%SHORT_NAME%/initrd.img boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% apm=power-off vga=791 verbose debug=vc initcall nomce net.ifnames=0 systemd.log_level=debug systemd.log_target=kmsg log_buf_len=1M + append initrd=/boot/%SHORT_NAME%/initrd.img boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% apm=power-off vga=791 nomce text help - Boot Grml in debug mode, which - activates debug shells during - bootup sequence. + Boot Grml with Predictable Network + Interface Names. endtext -label nofb - menu label %GRML_NAME% - Dis^able Framebuffer +label ssh + menu label Enable ^SSH (with random password) kernel /boot/%SHORT_NAME%/vmlinuz - append initrd=/boot/%SHORT_NAME%/initrd.img boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% apm=power-off vga=normal radeon.modeset=0 i915.modeset=0 nouveau.modeset=0 cirrus.modeset=0 mgag200.modeset=0 nomodeset nomce net.ifnames=0 + append initrd=/boot/%SHORT_NAME%/initrd.img boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% apm=power-off vga=791 nomce net.ifnames=0 ssh text help - Boot Grml without framebuffer. + Boot Grml and automatically start + SSH Server. The password for user + 'grml' and 'root' will be set to + a random password, unless you add + an option to the ssh argument in + the command line (for example: + ssh=secret). endtext -label nokms - menu label %GRML_NAME% - Disable ^Kernel Mode-Setting +label grml2ram + menu label Load Grml to ^RAM kernel /boot/%SHORT_NAME%/vmlinuz - append initrd=/boot/%SHORT_NAME%/initrd.img boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% apm=power-off radeon.modeset=0 i915.modeset=0 nouveau.modeset=0 cirrus.modeset=0 mgag200.modeset=0 nomodeset nomce net.ifnames=0 vga=791 + append initrd=/boot/%SHORT_NAME%/initrd.img boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% apm=power-off vga=791 nomce net.ifnames=0 toram=%SQUASHFS_NAME% text help - Boot Grml without KMS (Kernel - Mode Setting). + Load Grml into RAM. + This allows you to remove the Grml + media after Grml finished booting. + + Note: you should have enough RAM + (>= size of ISO * 1.2) to be able + to use this option. endtext -label ssh - menu label %GRML_NAME% - Enable ^SSH (with random password) +label grmlmedium2ram + menu label Load ^whole medium to RAM kernel /boot/%SHORT_NAME%/vmlinuz - append initrd=/boot/%SHORT_NAME%/initrd.img boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% apm=power-off vga=791 nomce net.ifnames=0 ssh + append initrd=/boot/%SHORT_NAME%/initrd.img boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% apm=power-off vga=791 nomce net.ifnames=0 toram text help - Boot Grml and automatically start - SSH Server. The password for user - 'grml' and 'root' will be set to - a random password, unless you add - an option to the ssh argument in - the command line (for example: - ssh=secret). + Load whole medium into RAM. + This allows you to remove the Grml + media after Grml has finished booting, + and also to access the rest of the + media. + + Note: you should have enough RAM + (>= size of ISO * 1.2) to be able + to use this option. endtext label forensic - menu label %GRML_NAME% - F^orensic Mode + menu label F^orensic Mode kernel /boot/%SHORT_NAME%/vmlinuz - append initrd=/boot/%SHORT_NAME%/initrd.img boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% apm=power-off nomce net.ifnames=0 vga=791 nofstab noraid nodmraid nolvm noautoconfig noswap raid=noautodetect read-only + append initrd=/boot/%SHORT_NAME%/initrd.img boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% apm=power-off nomce net.ifnames=0 vga=791 nofstab noraid nolvm noautoconfig noswap raid=noautodetect read-only text help Boot Grml in forensic mode. This @@ -60,17 +72,29 @@ label forensic mode. endtext +label persistence + menu label ^Persistency mode + kernel /boot/%SHORT_NAME%/vmlinuz + append initrd=/boot/%SHORT_NAME%/initrd.img boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% apm=power-off vga=791 nomce net.ifnames=0 persistence + + text help + Boot Grml and enable persistency + feature to store system and + settings on an external device + with label persistence. + endtext + label lang-de - menu label %GRML_NAME% - ^German Settings + menu label Load ^German Keyboard Layout kernel /boot/%SHORT_NAME%/vmlinuz append initrd=/boot/%SHORT_NAME%/initrd.img boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% apm=power-off vga=791 nomce net.ifnames=0 lang=de text help - Boot Grml with german settings. + Boot Grml with German keyboard layout. endtext label %GRML_NAME%x - menu label %GRML_NAME% - Graphical ^Mode + menu label Graphical ^Mode kernel /boot/%SHORT_NAME%/vmlinuz append initrd=/boot/%SHORT_NAME%/initrd.img boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% apm=power-off vga=791 nomce net.ifnames=0 startx @@ -79,37 +103,40 @@ label %GRML_NAME%x grml-x to start X Window System. endtext -label grml2ram - menu label %GRML_NAME% - Load to ^RAM +label nofb + menu label Dis^able Framebuffer kernel /boot/%SHORT_NAME%/vmlinuz - append initrd=/boot/%SHORT_NAME%/initrd.img boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% apm=power-off vga=791 nomce net.ifnames=0 toram=%SQUASHFS_NAME% + append initrd=/boot/%SHORT_NAME%/initrd.img boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% apm=power-off vga=normal radeon.modeset=0 i915.modeset=0 nouveau.modeset=0 cirrus.modeset=0 mgag200.modeset=0 nomodeset nomce net.ifnames=0 text help - Load Grml into the memory (RAM). - This allows you to remove the Grml - media after Grml finished booting. + Boot Grml without framebuffer. + endtext - Note: you should have enough RAM - (>= size of ISO * 1.2) to be able - to use this option. +label nokms + menu label Disable Video ^Kernel Mode Setting + kernel /boot/%SHORT_NAME%/vmlinuz + append initrd=/boot/%SHORT_NAME%/initrd.img boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% apm=power-off radeon.modeset=0 i915.modeset=0 nouveau.modeset=0 cirrus.modeset=0 mgag200.modeset=0 nomodeset nomce net.ifnames=0 vga=791 + + text help + Boot Grml without Kernel Mode Setting + for various video drivers. endtext -label persistence - menu label %GRML_NAME% - ^Persistency mode +label debug + menu label ^Debug Mode kernel /boot/%SHORT_NAME%/vmlinuz - append initrd=/boot/%SHORT_NAME%/initrd.img boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% apm=power-off vga=791 nomce net.ifnames=0 persistence + append initrd=/boot/%SHORT_NAME%/initrd.img boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% apm=power-off vga=791 verbose debug=vc initcall nomce net.ifnames=0 systemd.log_level=debug systemd.log_target=kmsg log_buf_len=1M text help - Boot Grml and enable persistency - feature to store system and - settings on an external device - with label persistence. + Boot Grml in debug mode, which + activates debug shells during + bootup sequence. endtext label serial - menu label %GRML_NAME% - Serial ^Console + menu label Serial ^Console kernel /boot/%SHORT_NAME%/vmlinuz - append initrd=/boot/%SHORT_NAME%/initrd.img boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% apm=power-off vga=normal video=vesafb:off nomce net.ifnames=0 console=tty1 console=ttyS0,9600n8 + append initrd=/boot/%SHORT_NAME%/initrd.img boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% apm=power-off vga=normal video=vesafb:off nomce net.ifnames=0 console=tty1 console=ttyS0,115200n8 text help diff --git a/templates/boot/isolinux/hidden.cfg b/templates/boot/isolinux/hidden.cfg index a7f0738..e23ed09 100644 --- a/templates/boot/isolinux/hidden.cfg +++ b/templates/boot/isolinux/hidden.cfg @@ -56,7 +56,7 @@ append apm=power-off vga=788 initrd=/boot/%SHORT_NAME%/initrd.img boot=live live label serial menu hide kernel /boot/%SHORT_NAME%/vmlinuz -append apm=power-off vga=normal video=vesafb:off initrd=/boot/%SHORT_NAME%/initrd.img boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% nomce net.ifnames=0 console=tty1 console=ttyS0,9600n8 +append apm=power-off vga=normal video=vesafb:off initrd=/boot/%SHORT_NAME%/initrd.img boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% nomce net.ifnames=0 console=tty1 console=ttyS0,115200n8 label userdef menu hide diff --git a/templates/boot/isolinux/isolinux.cfg b/templates/boot/isolinux/isolinux.cfg index 51c8e43..fb64279 100644 --- a/templates/boot/isolinux/isolinux.cfg +++ b/templates/boot/isolinux/isolinux.cfg @@ -74,7 +74,7 @@ timeout 300 # ontimeout chain.c32 hd0 0 # use this to control the bootup via a serial port: -# serial 0 9600 +# serial 0 115200 # following is a placeholder just in case you want to patch your own startup # options right into the Grml ISO. Feel free to use a hex editor like dhex to diff --git a/templates/secureboot/grub.cfg b/templates/secureboot/grub.cfg index f98e37e..0fc7e26 100644 --- a/templates/secureboot/grub.cfg +++ b/templates/secureboot/grub.cfg @@ -1,3 +1,6 @@ +# Secure Boot support +# We are supposed to end up in this file only when running with enabled Secure Boot + set grml_orig_prefix=$prefix export grml_orig_prefix set grml_orig_root=$root @@ -5,104 +8,36 @@ export grml_orig_root search.file %BOOT_FILE% root set prefix=($root)/boot/grub/ -source ($root)/boot/grub/grmlenv.cfg -if [ "$grml_secureboot" = false ] ; then - configfile /boot/grub/grub.cfg - # if that fails we need to fallback, but how? +# this is a simple test to identify whether GRUB is running in Secure Boot mode +# or not; "wrmsr" is in the list of disabled_mods of GRUB and is supposed to be +# invoked with two arguments (and if not fails with exit code 18), but when +# running under Secure Boot it fails with: "error: Secure Boot forbits loading +# module from [...]/boot/grub/x86_64-efi/wrmsr.mod" + returns with exit code 30 +wrmsr +if [ $? = 30 ] ; then + echo "It looks like Secure Boot is enabled." + set grml_secureboot=true + export grml_secureboot else - if [ "$grml_orig_prefix" != "" ] ; then - set prefix=$grml_orig_prefix - fi - - # this is basically a copy of templates/boot/grub/header.cfg but to avoid - # failures due to Secure Boot restrictions and sourcing addons.cfg via - # /boot/grub/loopback.cfg (and then showing entries that are at the wrong - # position as well as don't work at all) we have to specify the appropriate - # config here - set timeout=20 - if loadfont /boot/grub/ascii.pf2 ; then - set gfxmode=auto - insmod efi_gop - insmod efi_uga - insmod gfxterm - insmod png - terminal_output gfxterm - fi - - if [ -f /boot/grub/%GRML_NAME%-theme/theme.txt ] ; then - set theme=/boot/grub/%GRML_NAME%-theme/theme.txt - export theme - elif [ -f /boot/grub/grml-theme/theme.txt ] ; then - set theme=/boot/grub/grml-theme/theme.txt - export theme - else - set menu_color_normal=white/black - set menu_color_highlight=black/light-gray - set color_normal=white/black - fi - - menuentry "Boot %GRML_NAME% in normal mode (release %VERSION%, Secure Boot enabled)" { - set gfxpayload=keep - echo 'Loading kernel...' - linux /boot/%SHORT_NAME%/vmlinuz apm=power-off boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% "${loopback}" "${kernelopts}" nomce net.ifnames=0 - echo 'Loading initrd...' - initrd /boot/%SHORT_NAME%/initrd.img - } - - menuentry "Boot %GRML_NAME% - enable persistency" { - set gfxpayload=keep - echo 'Loading kernel...' - linux /boot/%SHORT_NAME%/vmlinuz apm=power-off boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% "${loopback}" "${kernelopts}" nomce net.ifnames=0 persistence - echo 'Loading initrd...' - initrd /boot/%SHORT_NAME%/initrd.img - } - - menuentry "Boot %GRML_NAME% - copy %GRML_NAME% to RAM" { - set gfxpayload=keep - echo 'Loading kernel...' - linux /boot/%SHORT_NAME%/vmlinuz apm=power-off boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% "${loopback}" "${kernelopts}" nomce net.ifnames=0 toram=%GRML_NAME%.squashfs - echo 'Loading initrd...' - initrd /boot/%SHORT_NAME%/initrd.img - } + echo "It looks like Secure Boot is NOT enabled." + set grml_secureboot=false + export grml_secureboot +fi - menuentry "Boot %GRML_NAME% - copy whole medium to RAM" { - set gfxpayload=keep - echo 'Loading kernel...' - linux /boot/%SHORT_NAME%/vmlinuz apm=power-off boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% "${loopback}" "${kernelopts}" nomce net.ifnames=0 toram - echo 'Loading initrd...' - initrd /boot/%SHORT_NAME%/initrd.img - } +if [ -e /boot/grub/grub.cfg ] ; then + configfile /boot/grub/grub.cfg +else + echo "ERROR: It looks like SecureBoot is enabled but reading GRUB configuration failed. - menuentry "Boot %GRML_NAME% - disable framebuffer/kernel mode setting" { - set gfxpayload=keep - echo 'Loading kernel...' - linux /boot/%SHORT_NAME%/vmlinuz apm=power-off boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% "${loopback}" "${kernelopts}" nomce net.ifnames=0 video=vesafb:off cirrus.modeset=0 i915.modeset=0 mgag200.modeset=0 nomodeset nouveau.modeset=0 radeon.modeset=0 - echo 'Loading initrd...' - initrd /boot/%SHORT_NAME%/initrd.img - } +Please execute the following commands and provide the output to the Grml team: - menuentry "Boot %GRML_NAME% - enable forensic mode" { - set gfxpayload=keep - echo 'Loading kernel...' - linux /boot/%SHORT_NAME%/vmlinuz apm=power-off boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% "${loopback}" "${kernelopts}" nomce net.ifnames=0 read-only nofstab noraid nodmraid nolvm noautoconfig noswap raid=noautodetect - echo 'Loading initrd...' - initrd /boot/%SHORT_NAME%/initrd.img - } +echo \$prefix +echo \$root +echo \$grml_orig_prefix +echo \$grml_orig_root +search.file /boot/grub/grub.cfg - menuentry "Boot %GRML_NAME% - enable serial console" { - set gfxpayload=keep - echo 'Loading kernel...' - linux /boot/%SHORT_NAME%/vmlinuz apm=power-off boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% "${loopback}" "${kernelopts}" nomce net.ifnames=0 video=vesafb:off console=tty1 console=ttyS0,9600n8 - echo 'Loading initrd...' - initrd /boot/%SHORT_NAME%/initrd.img - } +Hint: Create a screenshot or a picture with your digital camera or mobile phone." - menuentry "Boot %GRML_NAME% - debug mode" { - set gfxpayload=keep - echo 'Loading kernel...' - linux /boot/%SHORT_NAME%/vmlinuz apm=power-off boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% "${loopback}" "${kernelopts}" nomce net.ifnames=0 initcall verbose debug=vc systemd.log_level=debug systemd.log_target=kmsg log_buf_len=1M - echo 'Loading initrd...' - initrd /boot/%SHORT_NAME%/initrd.img - } fi