grml-live.git
11 months agoRework debian/, following current best practices
Michael Prokop [Thu, 13 Dec 2018 11:34:33 +0000 (12:34 +0100)]
Rework debian/, following current best practices

* Switch to minimal debhelper approach, Build-Depend on debhelper >= 10
* Switch from Priority 'extra' to 'optional' (deprecated as of Debian Policy v4.0.1)
* Drop unused GPL-2 section from debian/copyright
* Update copyright year information in debian/copyright
* Refresh lintian overrides
* Add postinst/postrm maintainer scripts for dpkg-maintscript-helper support

11 months agoDrop symlink etc/grml/fai/config/config
Michael Prokop [Thu, 13 Dec 2018 10:47:57 +0000 (11:47 +0100)]
Drop symlink etc/grml/fai/config/config

This was annoying since its beginning and AFAICT it's
not strictly needed anymore.

11 months agoSupport BOOT_FILE variable for usage within secureboot templates
Michael Prokop [Fri, 23 Nov 2018 07:26:00 +0000 (08:26 +0100)]
Support BOOT_FILE variable for usage within secureboot templates

This is related to:

| commit 642e1b389347bcb8d6e44b483c327e45225427f4
| Author: Michael Prokop <mika@grml.org>
| Date:   Thu Nov 22 23:54:10 2018 +0100
|
|     Ensure GRUB finds the running ISO

By using the same approach for setting $root within GRUB
also for the Secure Boot GRUB configuration we ensure to
apply the same safety measures to Secure Boot mode.

11 months agoGRUB: drop `insmod vbe`
Michael Prokop [Thu, 22 Nov 2018 23:12:27 +0000 (00:12 +0100)]
GRUB: drop `insmod vbe`

When booting in EFI mode this error message is visible for a
very short period of time:

| error: file `/boot/grub/x86_64-efi/vbe.mod' not found

This is annoying, especially because it's hard to read and identify.

It's for sure not relevant within Secure Boot mode, as it's forbidden
there. Let's also disable it by default for Non-Secure-Boot-mode,
if it's relevant for anyone or on specific systems we'll find out.

11 months agoEnsure GRUB finds the running ISO
Michael Prokop [Thu, 22 Nov 2018 22:54:10 +0000 (23:54 +0100)]
Ensure GRUB finds the running ISO

Instead of relying on the presence of the /conf/bootid.txt file, which
might be present on several Grml ISOs, let's generate a unique filename
which GRUB then can search for.

JFTR: The redirection within the layers (scripts/GRMLBASE/45-grub-images
vs main grml-live script) is necessary, because the GRUB image is
generated from within the rootfs (grml_chroot), but the rootfs is
compressed within a squashfs file, while we can only access files
available directly inside the ISO (corresponding to the files inside
grml_cd, and not the files inside grml_chroot which
scripts/GRMLBASE/45-grub-images has access to).

11 months agoRelease new version 0.32.3 v0.32.3
Michael Prokop [Thu, 15 Nov 2018 09:14:56 +0000 (10:14 +0100)]
Release new version 0.32.3

11 months agoSwitch Homepage + Vcs-Browser headers from http to https
Michael Prokop [Thu, 15 Nov 2018 09:14:37 +0000 (10:14 +0100)]
Switch Homepage + Vcs-Browser headers from http to https

11 months agoBump Standards-Version to 4.2.1
Michael Prokop [Thu, 15 Nov 2018 09:14:29 +0000 (10:14 +0100)]
Bump Standards-Version to 4.2.1

12 months agoMerge remote-tracking branch 'origin/github/pr/66'
Michael Prokop [Wed, 14 Nov 2018 20:05:33 +0000 (21:05 +0100)]
Merge remote-tracking branch 'origin/github/pr/66'

12 months agoRemove genisoimage from dependencies
Darshaka Pathirana [Wed, 14 Nov 2018 17:08:57 +0000 (18:08 +0100)]
Remove genisoimage from dependencies

When running grml-live with genisoimage (9:1.1.11-3+b2) on Debian/stretch the
following error is shown:

  # ./grml-live -s sid -a amd64 -c GRMLBASE,GRML_SMALL,AMD64 -t $(pwd)/templates/ -o /dev/shm/grml-live
  [...]
    [*] Finished execution of stage 'squashfs'
    [*] Forcing rebuild of ISO because files on ISO have been modified.
    [*] Using genisoimage to build ISO.
  genisoimage: -i option no longer supported.
  stat: cannot stat '/dev/shm/grml-live/grml_isos/grml_0.0.1.iso': No such file or directory
    [!] Error: there was a critical error executing stage 'iso build

Closes: grml/grml-live#65

12 months agoMerge remote-tracking branch 'origin/github/pr/58'
Michael Prokop [Wed, 14 Nov 2018 15:05:13 +0000 (16:05 +0100)]
Merge remote-tracking branch 'origin/github/pr/58'

12 months agoUpdate broken links
Darshaka Pathirana [Wed, 25 Jul 2018 06:57:26 +0000 (08:57 +0200)]
Update broken links

And while doing so change links to manpage to publicly available manpage
links, because the links to the manpage source is barely readable.

Thanks: David Prévot <taffit@debian.org> for the report
Closes: grml/grml-live#57

12 months agoRelease new version 0.32.2 v0.32.2
Michael Prokop [Wed, 17 Oct 2018 15:24:03 +0000 (17:24 +0200)]
Release new version 0.32.2

12 months agoEFI/BOOT: bring back files from Ubuntu 18.04
Michael Prokop [Wed, 17 Oct 2018 14:46:50 +0000 (16:46 +0200)]
EFI/BOOT: bring back files from Ubuntu 18.04

Bring back the state of EFI/BOOT files as of commit
bc4f02658ffa63a71ef1bc4f37ae3707ff580382 plus the config change with
commit c35a30b42bac4de7089f936d6917b246ade6d5c5, as this was the last
GRUB version that's known to be working with *unsigned* kernel files.

Otherwise SecureBoot fails to boot with:

| Loading kernel...
| error: /boot/grml/vmlinuz has invalid signature.
| Loading initrd...
| error: you need to load the kernel first.

when using grub2-signed (corresponding to Ubuntu's GRUB 2.02+dfsg1-5ubuntu7) with files e.g. from
http://de.archive.ubuntu.com/ubuntu/pool/main/s/shim-signed/shim-signed_1.38+15+1533136590.3beb971-0ubuntu1_amd64.deb +
http://de.archive.ubuntu.com/ubuntu/pool/main/g/grub2-signed/grub-efi-amd64-signed_1.109+2.02+dfsg1-5ubuntu7_amd64.deb

This might be related to the change introduced in:

| grub2-signed (1.93.4) bionic; urgency=medium
|
|   * Rebuild against grub2 2.02-2ubuntu8.3 and check kernel is signed on
|     amd64 EFI before installing grub (LP: #1786491).
|
|  -- Julian Andres Klode <juliank@ubuntu.com>  Mon, 13 Aug 2018 12:51:32 +0200

JFTR, as of 2018-10-17 we have in Ubuntu:

| % rmadison -u ubuntu grub-efi-amd64-signed
|  grub-efi-amd64-signed | 1.9~ubuntu12.04.10+1.99-21ubuntu3.19 | precise-security | amd64
|  grub-efi-amd64-signed | 1.9~ubuntu12.04.10+1.99-21ubuntu3.19 | precise-updates  | amd64
|  grub-efi-amd64-signed | 1.34+2.02~beta2-9                    | trusty           | amd64
|  grub-efi-amd64-signed | 1.34.7+2.02~beta2-9ubuntu1.6         | trusty-security  | amd64
|  grub-efi-amd64-signed | 1.34.17+2.02~beta2-9ubuntu1.15       | trusty-updates   | amd64
|  grub-efi-amd64-signed | 1.66+2.02~beta2-36ubuntu3            | xenial           | amd64
|  grub-efi-amd64-signed | 1.66.18+2.02~beta2-36ubuntu3.18      | xenial-updates   | amd64
|  grub-efi-amd64-signed | 1.93+2.02-2ubuntu8                   | bionic           | amd64
|  grub-efi-amd64-signed | 1.93.7+2.02-2ubuntu8.6               | bionic-updates   | amd64
|  grub-efi-amd64-signed | 1.93.8+2.02-2ubuntu8.7               | bionic-proposed  | amd64
|  grub-efi-amd64-signed | 1.109+2.02+dfsg1-5ubuntu7            | cosmic           | amd64

Note that EFI boot with ovmf 0~20161202.7bbe0b3e-1 with kvm/qemu on
Debian/stretch fails, resulting in a grub shell prompt of GRUB
2.02-2ubuntu8 (without any menu), e.g. when invoked via:

| % qemu-system-x86_64 -bios /usr/share/qemu/OVMF.fd -vga qxl -hda grml.iso -m 512

Both the ovmf versions from kraxel as well from current Debian/testing
AKA buster work though:

| % wget https://www.kraxel.org/repos/jenkins/edk2/edk2.git-ovmf-x64-0-20180807.281.gc526dcd40f.noarch.rpm
| % rpm2cpio edk2.git-ovmf-x64-0-20180807.281.gc526dcd40f.noarch.rpm | cpio -idmv
| % qemu-system-x86_64 -bios ./usr/share/edk2.git/ovmf-x64/OVMF-pure-efi.fd -vga qxl -hda grml.iso -m 512

+

| % wget http://ftp.de.debian.org/debian/pool/main/e/edk2/ovmf_0~20180812.cb5f4f45-1_all.deb
| % dpkg -x ovmf_0\~20180812.cb5f4f45-1_all.deb ovmf
| % qemu-system-x86_64 -bios ovmf/usr/share/ovmf/OVMF.fd -vga qxl -hda grml.iso -m 512

Closes: https://github.com/grml/grml/issues/105

and possibly also related to https://github.com/grml/grml-live/issues/59

12 months agoEFI/BOOT/README: document file usage
Michael Prokop [Wed, 17 Oct 2018 13:48:54 +0000 (15:48 +0200)]
EFI/BOOT/README: document file usage

14 months agoMerge remote-tracking branch 'origin/github/pr/60'
Michael Prokop [Wed, 29 Aug 2018 12:15:49 +0000 (14:15 +0200)]
Merge remote-tracking branch 'origin/github/pr/60'

14 months agotemplates/EFI: Use newer grubx64 from Ubuntu
Paul Menzel [Wed, 29 Aug 2018 12:04:58 +0000 (14:04 +0200)]
templates/EFI: Use newer grubx64 from Ubuntu

15 months agoRelease new version 0.32.1 v0.32.1
Michael Prokop [Wed, 15 Aug 2018 09:21:40 +0000 (11:21 +0200)]
Release new version 0.32.1

15 months agojessie-backports: use usb-modeswitch from jessie-backports
Michael Prokop [Wed, 15 Aug 2018 09:14:52 +0000 (11:14 +0200)]
jessie-backports: use usb-modeswitch from jessie-backports

libudev1 + udev can be installed from jessie-backports
only if usb-modeswitch is also considered from
jessie-backports.

15 months agoSW: Drop qemu-kvm (qemu-system-x86 being its replacement) from GRML_FULL
Michael Prokop [Tue, 31 Jul 2018 06:54:15 +0000 (08:54 +0200)]
SW: Drop qemu-kvm (qemu-system-x86 being its replacement) from GRML_FULL

qemu-kvm is in `Section: oldlibs` and deborphan removes
the package anyway, even though we mark it as `--add-keep`.
There's no point in putting further effort into this,
as qemu-system-x86 provides everything what's needed nowadays.

15 months agoSW: replace targetcli + python-urwid with targetcli-fb in GRML_FULL
Michael Prokop [Tue, 31 Jul 2018 06:44:58 +0000 (08:44 +0200)]
SW: replace targetcli + python-urwid with targetcli-fb in GRML_FULL

targetcli exists only in wheezy + experimental nowadays.
Quoting the package description of targetcli-fb:

| The targetcli-fb package is a fork of the "targetcli" code
| written by RisingTide Systems. The "-fb" differentiates between
| the original and this version. Please ensure to use either all
| "fb" versions of the targetcli components -- targetcli, rtslib,
| and configshell, or stick with all non-fb versions, since they
| are no longer strictly compatible.

15 months agoSW: drop alsa-base (no longer existing) from GRML_FULL
Michael Prokop [Tue, 31 Jul 2018 06:42:51 +0000 (08:42 +0200)]
SW: drop alsa-base (no longer existing) from GRML_FULL

Used to be `ALSA driver configuration files` package until
wheezy, then became a dummy package with jessie and later
on longer exists at all.

15 months agoSW: replace lynx-cur (transitional package) with lynx in GRML_FULL
Michael Prokop [Tue, 31 Jul 2018 06:40:59 +0000 (08:40 +0200)]
SW: replace lynx-cur (transitional package) with lynx in GRML_FULL

15 months agoSW: replace btrfs-tools (transitional package) with btrfs-progs in GRML_FULL
Michael Prokop [Tue, 31 Jul 2018 05:50:35 +0000 (07:50 +0200)]
SW: replace btrfs-tools (transitional package) with btrfs-progs in GRML_FULL

16 months agoSW: add bcache-tools to GRML_FULL
Michael Prokop [Mon, 16 Jul 2018 06:12:44 +0000 (08:12 +0200)]
SW: add bcache-tools to GRML_FULL

Quoting from 2018-07-15 on IRC:

| 11:26 < suebal> Can't mount /dev/bcache0 using grml - I suppose there's no bache support. What can I do else?

17 months agoSW: add dislocker to GRML_FULL
Michael Prokop [Thu, 14 Jun 2018 14:02:40 +0000 (16:02 +0200)]
SW: add dislocker to GRML_FULL

Thanks: f0
Closes grml/grml#60

17 months agoSW: add qemu-guest-agent to GRML_FULL
Michael Prokop [Fri, 8 Jun 2018 08:52:35 +0000 (10:52 +0200)]
SW: add qemu-guest-agent to GRML_FULL

With qemu-guest-agent service being present we support retrieving
network information from a VM, as supported with e.g. Proxmox
v5.2 (verified with qemu-guest-agent v1:2.8+dfsg-6 on grml64-full
2017.05).

Adding only to GRML_FULL as on GRML_SMALL it would pull in
libglib2.0-0 and add ~6MB of disk space, while on GRML_FULL
it's only ~1MB total.

17 months agoRelease new version 0.32.0 v0.32.0
Michael Prokop [Fri, 1 Jun 2018 14:16:35 +0000 (16:16 +0200)]
Release new version 0.32.0

17 months agoSW: add thin-provisioning-tools to GRML_FULL
Michael Prokop [Fri, 1 Jun 2018 13:22:15 +0000 (15:22 +0200)]
SW: add thin-provisioning-tools to GRML_FULL

Quoting from the bugreport:

| In order to activate lvm volumes which use lvm caching,
| /usr/sbin/cache_check (provided by thin-provisioning-tools) needs
| to be installed (see https://bugs.debian.org/773731). As grml
| currently does not include thin-provisioning-tools, volumes which
| use caching cannot be activated on startup (e.g. via the lvm boot
| option), not activated manually (naturally one can install
| thin-provisioning-tools via apt, but that doesn't help with
| activating on startup).

Closes grml/grml#81
Thanks: James Tocknell

17 months agoUpdate GRUB test for Secure Boot support mika/efiboot
Michael Prokop [Tue, 29 May 2018 22:01:00 +0000 (00:01 +0200)]
Update GRUB test for Secure Boot support

cpuid with the recent Ubuntu GRUB no longer fails,
so instead let's invoke `probe` with an incomplete
command line, which returns fine in SecureBoot
boot environment while it fails in full GRUB
session with an error message.

17 months agotemplates/EFI: use files from Ubuntu 18.04
Paul Menzel [Wed, 23 May 2018 13:05:26 +0000 (15:05 +0200)]
templates/EFI: use files from Ubuntu 18.04

Currently, the shim cannot be loaded with TianoCore (using
/usr/share/edk2.git/ovmf-x64/OVMF-pure-efi.fd from
https://www.kraxel.org/repos/jenkins/edk2/edk2.git-ovmf-x64-0-20180508.84.g7cd8a57599.noarch.rpm)
and also fails on several systems like on the Dell XPS 13 9360 and 9370,
Dell r640 (see http://ml.grml.org/pipermail/grml/2018-May/011734.html)
and HP EliteBook 820 G3.

Error message during boot:

| Reloc 0 block size 2756420659 is invalid
| Relocation failed: Unsupported

17 months agoRelease new version 0.31.3 v0.31.3
Michael Prokop [Fri, 25 May 2018 11:59:16 +0000 (13:59 +0200)]
Release new version 0.31.3

17 months agoBump Standards-Version to 4.1.4
Michael Prokop [Fri, 25 May 2018 11:58:50 +0000 (13:58 +0200)]
Bump Standards-Version to 4.1.4

17 months agoadd placeholder and explanation inviting local patches to isolinux.cfg
Marc Haber [Mon, 19 Mar 2018 16:03:52 +0000 (17:03 +0100)]
add placeholder and explanation inviting local patches to isolinux.cfg

this closes grml/grml-live #45

This is unfortunately completely untested, since to multiple issues, one
of them being grml/grml-live #44 and grml/grml-live #46 are still
unaddressed, I cannot currently reliably build grml images. As it is a
comment-only patch, this can be safely applied and I'll happily test a
daily image afterwards.

17 months agoMerge remote-tracking branch 'remotes/origin/github/pr/52'
Michael Prokop [Fri, 25 May 2018 10:52:07 +0000 (12:52 +0200)]
Merge remote-tracking branch 'remotes/origin/github/pr/52'

17 months agoMerge remote-tracking branch 'origin/github/pr/49'
Michael Prokop [Fri, 25 May 2018 08:50:49 +0000 (10:50 +0200)]
Merge remote-tracking branch 'origin/github/pr/49'

18 months agoSW: add restic
Michael Prokop [Sun, 13 May 2018 07:39:35 +0000 (09:39 +0200)]
SW: add restic

As suggested by Frank Terbeck <ft@grml.org>

18 months agoRelease new version 0.31.2 v0.31.2
Michael Prokop [Fri, 27 Apr 2018 09:54:02 +0000 (11:54 +0200)]
Release new version 0.31.2

18 months agoupdatebase.GRMLBASE: no longer install aptitude
Michael Prokop [Fri, 27 Apr 2018 09:28:24 +0000 (11:28 +0200)]
updatebase.GRMLBASE: no longer install aptitude

We sitched from aptitude to apt-get as package manager in FAI's
package list back in commit 121b3484e, so we shouldn't strictly
need aptitude any longer. The ongoing ncurses transition is
failing our builds currently, so that's a good chance to make
this change.

18 months agoReplace /etc/apt/grml.key with /etc/apt/trusted.gpg.d/grml-archive-keyring.gpg
Michael Prokop [Fri, 27 Apr 2018 09:23:10 +0000 (11:23 +0200)]
Replace /etc/apt/grml.key with /etc/apt/trusted.gpg.d/grml-archive-keyring.gpg

/etc/apt/grml.key was a PGP public key block Public-Key (old) and
required installation via apt-key.

By instead placing a `GPG key public ring` into
/etc/apt/trusted.gpg.d/grml-archive-keyring.gpg we don't need
this extra apt-key invocation any longer, which might actually
fail with:

| E: gnupg, gnupg2 and gnupg1 do not seem to be installed, but one of them is required for this operation

Installation of gnupg isn't enough though, since then we run
into:

| 10:45:56 Warning: apt-key output should not be parsed (stdout is not a terminal)
| 10:45:58 gpg: can't connect to the agent: IPC connect call failed

Drop old /etc/grml/fai/config/files/etc/apt/grml.key/GRMLBASE via maintscript

Thanks: Antoine Beaupré <anarcat@debian.org> for a related PR
in https://github.com/grml/grml-debian-keyring/pull/3

18 months agoSW: replace iproute with iproute2
Michael Prokop [Fri, 27 Apr 2018 09:17:20 +0000 (11:17 +0200)]
SW: replace iproute with iproute2

iproute is a transitional package for iproute2 since Debian/jessie
and no longer exists starting with Debian/buster.

18 months agoSW: drop apt-transport-https from GRMLBASE
Michael Prokop [Fri, 27 Apr 2018 07:33:07 +0000 (09:33 +0200)]
SW: drop apt-transport-https from GRMLBASE

apt-transport-https is a transitional package starting with
Debian/buster, so the package is no longer relevant for builds
against Debian/testing + sid/unstable nowadays.

If someone needs this package in grml-live builds using
Debian/stretch or older Debian releases then the package should
be included in local configurations.

19 months agoUse stretch-backports instead of jessie-backports for stable
Markus Lindberg [Wed, 28 Mar 2018 13:53:05 +0000 (15:53 +0200)]
Use stretch-backports instead of jessie-backports for stable

20 months agoGRMLBASE/98-clean-chroot: execute resolvconf workarounds also for systemd
Michael Prokop [Wed, 14 Mar 2018 12:29:37 +0000 (13:29 +0100)]
GRMLBASE/98-clean-chroot: execute resolvconf workarounds also for systemd

/etc/resolvconf/resolv.conf.d/original leaks data from the environment
the ISO was built in, and /etc/resolv.conf should be empty and be filled
with data from DHCP.

Thanks: András Korn

20 months agoRelease new version 0.31.1 v0.31.1
Michael Prokop [Tue, 20 Feb 2018 16:58:12 +0000 (17:58 +0100)]
Release new version 0.31.1

20 months agoDo not handle lid switch
Marcos Mello [Thu, 15 Feb 2018 16:12:31 +0000 (14:12 -0200)]
Do not handle lid switch

Fixes grml/grml#75.

23 months agossh service: set RuntimeDirectory=sshd to work with recent openssh versions
Michael Prokop [Fri, 1 Dec 2017 09:51:47 +0000 (10:51 +0100)]
ssh service: set RuntimeDirectory=sshd to work with recent openssh versions

We need to set RuntimeDirectory=sshd, otherwise /run/sshd doesn't
exist and service startup fails with:

| grml sshd[1845]: Missing privilege separation directory: /run/sshd

While at it sync our ssh service file with Debian's openssh
package 1:7.6p1-2 and drop the unused ssh-bootoption.service
file (we currently start ssh service via grml-autoconfig).

Also see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864190

Closes grml/grml#80

Thanks: sl0n for bugreport
Thanks: Darshaka Pathirana <dpat@grml.org> for feedback

23 months agoGRMLBASE/93-update-usbids: test for new update-usbids location in /usr/sbin
Michael Prokop [Wed, 22 Nov 2017 13:12:06 +0000 (14:12 +0100)]
GRMLBASE/93-update-usbids: test for new update-usbids location in /usr/sbin

"Recent" versions of usbutils ship the update-usbids
binary in /usr/sbin and no longer in /usr/bin.

23 months agoGRMLBASE/91-update-pciids: test for new update-pciids location in /usr/sbin
Michael Prokop [Wed, 22 Nov 2017 13:09:28 +0000 (14:09 +0100)]
GRMLBASE/91-update-pciids: test for new update-pciids location in /usr/sbin

Since pciutils v1:3.2.0-1 the update-pciids binary lives in
/usr/sbin and no longer in /usr/bin.

23 months agoGRMLBASE/52-mdadm: fix path for 64-md-raid-assembly.rules
Michael Prokop [Thu, 16 Nov 2017 14:11:13 +0000 (15:11 +0100)]
GRMLBASE/52-mdadm: fix path for 64-md-raid-assembly.rules

This should be /lib/udev/rules.d/64-md-raid-assembly.rules
and not /usr/lib/udev/rules.d/64-md-raid-assembly.rules

While at it use the same approach as for GRMLBASE/50-lvm
in the previous commit, by creating an empty file
instead of just removing it.

23 months agoGenerate empty /lib/udev/rules.d/69-lvm-metad.rules instead of removing the file
Michael Prokop [Thu, 16 Nov 2017 12:49:43 +0000 (13:49 +0100)]
Generate empty /lib/udev/rules.d/69-lvm-metad.rules instead of removing the file

Since lvm2 2.02.176-4 initramfs generation fails if
neither /etc/udev/rules.d/69-lvm-metad.rules nor
/lib/udev/rules.d/69-lvm-metad.rules exists.
So instead of removing the file just create an empty one.

See http://bugs.debian.org/881916

2 years agoSW: add ldnsutils to GRML_SMALL
Michael Prokop [Fri, 6 Oct 2017 12:05:50 +0000 (14:05 +0200)]
SW: add ldnsutils to GRML_SMALL

dig would be nice to have, though pulls in ~41MB of disk space.
drill from ldnsutils is a nice alternative.

See grml/grml/#56

2 years agoSW: add x11vnc to GRML_FULL to properly support vnc boot option
Michael Prokop [Fri, 6 Oct 2017 10:24:09 +0000 (12:24 +0200)]
SW: add x11vnc to GRML_FULL to properly support vnc boot option

Closes grml/grml#62

Thanks: luke2261git for the bugreport

2 years agoFix a bunch of typos
Michael Prokop [Sat, 23 Sep 2017 11:55:04 +0000 (13:55 +0200)]
Fix a bunch of typos

s/and and/and/
s/simplier/simpler/
s/dependancy/dependency/
s/mesages/messages/
s/retreive/retrieve/
s/to to/to/
s/specifed/specified/

2 years agoRelease new version 0.31.0 v0.31.0
Michael Prokop [Thu, 7 Sep 2017 07:35:47 +0000 (09:35 +0200)]
Release new version 0.31.0

2 years agoscripts/generate_netboot_package.sh: use net.ifnames=0 as default boot option
Michael Prokop [Thu, 7 Sep 2017 07:22:25 +0000 (09:22 +0200)]
scripts/generate_netboot_package.sh: use net.ifnames=0 as default boot option

Otherwise we end up with arbitrary network device names which
aren't properly supported (yet).

See grml/grml#65

2 years agoSecure Boot GRUB template: be more dynamic + don't overwrite with empty variable
Michael Prokop [Wed, 6 Sep 2017 07:20:08 +0000 (09:20 +0200)]
Secure Boot GRUB template: be more dynamic + don't overwrite with empty variable

By searching for grmlenv.cfg we can make it more dynamic
instead of having to hardcode (hd0) which might be wrong
in the grml2usb situation.

There's also no need to set root/prefix multiple times, especially
since we depend on 'root=(hd0)' for the default ISO boot anyway.

Don't overwrite prefix if the grml_orig_prefix variable is empty.

Secure Boot enabled ISOs generated with grml-live >=0.31.0 are supported
with grml2usb >=0.16.0.

2 years agoSW: add btrfs-progs to GRML_SMALL
Michael Prokop [Fri, 1 Sep 2017 14:38:33 +0000 (16:38 +0200)]
SW: add btrfs-progs to GRML_SMALL

Closes grml/grml#69

2 years agoSecure Boot support
Michael Prokop [Thu, 31 Aug 2017 00:54:32 +0000 (02:54 +0200)]
Secure Boot support

Thanks to the way the signed GRUB by Ubuntu works we seem to be
able to keep our common EFI GRUB configs working next to the new
Secure Boot related EFI GRUB configs. If Secure Boot is enabled
we get the same look and feel like with common EFI boot, though
with a Secure Boot specific boot menu (since e.g. the linux16
command isn't available under Secure Boot). If EFI is running
with Secure Boot *disabled* it continues to look like it used to
do so far. If this is working out as planned there's no visible
change from a user point of view on systems with Secure Boot
disabled.

With this change we also get rid of some magic with grml-live
relying on behavior of
/etc/grml/fai/config/scripts/GRMLBASE/45-grub-images, including
moving files around.

We also no longer skip the boot stage during rebuilds. This has
been a source of frustration and annoying debugging sessions when
files inside grml_cd/boot/ didn't receive changes during rebuilds
and the user in front of the system is ignoring the according
"skip" notice or forgot to remove grml_cd/boot.

While at it rewrite debian/copyright in
http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/

Thanks: Michael Schierl <schierlm@gmx.de> for help regarding the Secure Boot setup

2 years agoSW: add whois to GRML_SMALL
Michael Prokop [Wed, 30 Aug 2017 12:23:55 +0000 (14:23 +0200)]
SW: add whois to GRML_SMALL

It adds only 346kb of additional disk space.

Debian's mkpasswd is part of the whois package.
It's the mkpassword that can generate salted hashes suitable for /etc/shadow.

Thanks: Marc Haber for the suggestion
Closes grml/grml#66

2 years agoUse stretch instead of jessie for current defaults in docs + grml-live config file
Michael Prokop [Wed, 30 Aug 2017 12:02:47 +0000 (14:02 +0200)]
Use stretch instead of jessie for current defaults in docs + grml-live config file

2 years agoAdd support for Debian buster (AKA Debian v10 and current Detian testing)
Michael Prokop [Wed, 30 Aug 2017 12:02:09 +0000 (14:02 +0200)]
Add support for Debian buster (AKA Debian v10 and current Detian testing)

2 years agoDrop support for Debian wheezy
Michael Prokop [Wed, 30 Aug 2017 11:48:57 +0000 (13:48 +0200)]
Drop support for Debian wheezy

It's oldoldstable nowadays and we no longer use it anywhere,
so let's drop related zsh completion and config files.

2 years agoProvide jessie support for systemd + recent kernel packages
Michael Prokop [Wed, 30 Aug 2017 11:46:26 +0000 (13:46 +0200)]
Provide jessie support for systemd + recent kernel packages

To be able to use systemd-container we need the systemd
version from jessie-backports.

We also need recent versions of linux-base, firmware-misc-nonfree,
firmware-linux-nonfree + firmware-linux from jessie-backports
for the related kernel packages.

2 years agoProvide workaround for systemd's systemctl failures on jessie
Michael Prokop [Wed, 30 Aug 2017 11:45:35 +0000 (13:45 +0200)]
Provide workaround for systemd's systemctl failures on jessie

For unknown reasons `systemctl preset-all` and
`systemctl set-default grml-boot.target` return with exit code 1
even though it seems to be working fine.

2 years agoSW: add ndisc6 + rdnssd to GRML_SMALL and GRML_FULL
Michael Prokop [Wed, 30 Aug 2017 08:32:49 +0000 (10:32 +0200)]
SW: add ndisc6 + rdnssd to GRML_SMALL and GRML_FULL

It adds only 381kB of additional disk space.

Quoting from the feature request:

| rdnssd is a tool that will listen to DNS server being offered in
| an IPv6 router anouncement and configure the local system to use
| the DNS servers included in there. The daemon just needs to be
| installed and enabled. Without this, an IPv6 only grml system
| will be with network, but without DNS.
|
| While we're at it, IPv6 is much more easily debugged if ndisc6, a
| user space tool to send out IPv6 router solicitations and to
| display the contents of router advertisements received, is
| included.

Thanks: Marc Haber for the suggestion
Closes grml/grml#67

2 years agoSW: add fsarchiver to GRML_SMALL
Michael Prokop [Wed, 30 Aug 2017 08:30:14 +0000 (10:30 +0200)]
SW: add fsarchiver to GRML_SMALL

It adds only 443kB of additional disk space.

Thanks: Marcos Mello for the suggestion
Closes grml/grml#69

2 years agoNo longer ship mkdebmirror example script
Michael Prokop [Thu, 24 Aug 2017 22:06:35 +0000 (00:06 +0200)]
No longer ship mkdebmirror example script

License and current state (is it working at all) are unclear.

2 years agoRelease new version 0.30.1 v0.30.1
Michael Prokop [Thu, 17 Aug 2017 13:08:44 +0000 (15:08 +0200)]
Release new version 0.30.1

2 years agoBump Standards-Version to 4.0.1
Michael Prokop [Thu, 17 Aug 2017 13:08:17 +0000 (15:08 +0200)]
Bump Standards-Version to 4.0.1

2 years agoSW: add stressant package to GRML_FULL
Antoine Beaupré [Sun, 19 Mar 2017 19:08:48 +0000 (15:08 -0400)]
SW: add stressant package to GRML_FULL

to quote from the control file:

> Stressant is a simple stress testing and burn-in tool
>
> It is designed to run on new machines to make sure they will work
> reliably by testing various parts of the system (CPU, RAM, disk,
> network) by putting them under heavy load and try to detect failures.
>
> As much as possible, stressant tries to reuse existing tools to
> perform the various tasks and aims to be run automatically.

it has just entered Debian sid and will pull at least 3 new
dependencies in (python-humanize, python-colorlog and stress-ng)

adding this is essential for the Stressant project to continue
collaborating with Grml.

2 years agoRelease new version 0.30.0 v0.30.0
Michael Prokop [Fri, 9 Jun 2017 20:52:56 +0000 (22:52 +0200)]
Release new version 0.30.0

2 years agoSW: add ed to GRML_FULL since it's also shipped on GRML_SMALL
Michael Prokop [Fri, 9 Jun 2017 20:45:21 +0000 (22:45 +0200)]
SW: add ed to GRML_FULL since it's also shipped on GRML_SMALL

Thanks: Darshaka Pathirana <dpat@syn-net.org>
for bringing this up in https://github.com/grml/grml-live/pull/43

2 years agoSW: drop tcpd from GRML_SMALL, not shipped on GRML_FULL
Michael Prokop [Fri, 9 Jun 2017 20:43:53 +0000 (22:43 +0200)]
SW: drop tcpd from GRML_SMALL, not shipped on GRML_FULL

Thanks: Darshaka Pathirana <dpat@syn-net.org>
for bringing this up in https://github.com/grml/grml-live/pull/43

2 years agoSW: no longer ship grml2hd* packages via GRMLBASE
Michael Prokop [Fri, 9 Jun 2017 20:34:23 +0000 (22:34 +0200)]
SW: no longer ship grml2hd* packages via GRMLBASE

Usage of grml2hd is unrecommended and we don't test nor
support it anymore, so there's no reason why it should
be shipped.

2 years agoSW: drop packages from GRML_FULL that are already part of GRMLBASE
Michael Prokop [Fri, 9 Jun 2017 20:32:29 +0000 (22:32 +0200)]
SW: drop packages from GRML_FULL that are already part of GRMLBASE

The following packages are part of GRMLBASE already and
shouldn't be listed in GRML_FULL therefore:

* dbus
* dmidecode
* grml-debootstrap
* grml-etc-core
* hdparm
* lvm2
* mdadm
* strace

Thanks to Darshaka Pathirana for triggering this via
https://github.com/grml/grml-live/pull/43

2 years agoSW: add lm-sensors to GRML_FULL
Michael Prokop [Fri, 9 Jun 2017 20:23:33 +0000 (22:23 +0200)]
SW: add lm-sensors to GRML_FULL

Thanks: Grégoire Sutre for suggestion
Closes grml/grml#48

2 years agoSupport EFI on 32-bit systems, increase EFI image size + switch from isohybrid to...
Michael Prokop [Wed, 7 Jun 2017 21:25:34 +0000 (23:25 +0200)]
Support EFI on 32-bit systems, increase EFI image size + switch from isohybrid to xorriso/isohybrid combination

EFI on 32-bit systems is a requested feature for Grml-Forensic,
since cheap tablets and notebooks (e.g. Intel Atom-based tablets)
are out there with only 32-bit EFI support (and UEFI only, so no
legacy BIOS support), quoting clairelyclaire from
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1341944:

| As of now, Ubuntu and other major Linux distributions do not
| support the use of a 32-bit EFI bootloader on UEFI machines. This
| has become extremely problematic due to the popularity of Intel
| Atom-based tablets and compact laptops. Atom-based devices are
| generally limited in storage space (32GB or 64GB eMMC is common),
| and as a result these devices almost universally ship with
| Windows 8.1 32-bit installed (winsxs consumes a significant
| amount of storage space in order to support 32-bit binaries in a
| 64-bit environment). By design, UEFI must use the same
| architecture used by the bootloader.
|
| While most modern computers indeed use a 64-bit UEFI
| implementation due to the fact that new computers generally ship
| with a 64-bit operating system (be it OS X or Windows 8.1),
| Atom-based devices do *not* use a 64-bit operating system or UEFI
| implementation. This is by design.
|
| Intel released a new Atom iteration (Bay Trail) in late 2013 and
| has indicated that they will continue to develop and release Atom
| CPUs due to consumer market demand. At the time of this filing
| there are a number of Atom-based tablets and compact
| laptops/netbooks being actively sold and marketed by major OEMs
| including Dell, HP, ASUS, and Acer. None of these devices have
| 64-bit UEFI firmware. It is also important to note that these
| Atom CPUs are 64-bit, but explicitly require a 32-bit UEFI
| bootloader.
|
| The current Linux kernel in Ubuntu 14.04 does support booting the
| 64-bit signed kernel from a 32-bit Grub EFI bootloader. I can
| confirm this on at least two 32-bit UEFI devices, the ASUS
| Transformer T100TA and the Acer Aspire Switch 10.

Increase EFI image size (previously automatically
calculated on-demand, resulting in ~285KB) to 4MB,
giving us more flexibility with what we're installing
into the image (esp. useful with usage on USB drives).

The isohybrid binary doesn't support 32-bit FI systems
and fails hard when using `--uefi` on a 32-bit ISO.
But xorriso with appropriate options for EFI usage
(see $EFI_ARGS) and /usr/lib/ISOLINUX/isohdpfx.bin
from the isolinux package seems to provide everything
we need.

Useful resources for further information:
* http://www.syslinux.org/wiki/index.php?title=Isohybrid
* https://fedoraproject.org/wiki/Using_UEFI_with_QEMU
* https://wiki.archlinux.org/index.php/Remastering_the_Install_ISO

For testing the resulting 32-bit ISO with EFI the
OVMF.fd file from OVMF-IA32-r15214.zip available from
https://sourceforge.net/projects/edk2/files/OVMF/ works via e.g.:

| qemu-system-i386 -m 1024 -bios ./OVMF.fd -cdrom grml.iso

2 years agotemplates: fix isolinux boot option label for grub
Darshaka Pathirana [Fri, 2 Jun 2017 17:29:52 +0000 (19:29 +0200)]
templates: fix isolinux boot option label for grub

A long time ago (rev# 7d0f02a63) grub2 was introduced and the boot option
label grub was changed to grub1 (aside with grub2). Later grub1 support
was removed (rev# bfbf9fb3). So it makes sense to change the grub2 label
to grub as we do not have anything else anymore.

2 years agoUpdate cheatcodes documentation to clarify isolinux vs GRUB situation
Darshaka Pathirana [Wed, 31 May 2017 15:30:01 +0000 (17:30 +0200)]
Update cheatcodes documentation to clarify isolinux vs GRUB situation

The listed boot options / cheatcodes only work with the isolinux bootprompt.
Updated the documentation to make that clear.

Relates to grml/grml#9

2 years agotemplates: remove bootoption nostats
Darshaka Pathirana [Wed, 31 May 2017 14:20:24 +0000 (16:20 +0200)]
templates: remove bootoption nostats

The stats feature was removed, therefore we also do not need the nostats
option anymore.

The stats feature was removed in grml-autconfig-commit# 7138a24fb

Relates to grml/grml#9

2 years agoUpdate comment regarding checksum generation
Michael Prokop [Wed, 7 Jun 2017 21:25:09 +0000 (23:25 +0200)]
Update comment regarding checksum generation

It's no longer just md5sum + sha1sum

2 years agoRelease new version 0.29.7 v0.29.7
Michael Prokop [Mon, 29 May 2017 17:27:16 +0000 (19:27 +0200)]
Release new version 0.29.7

2 years agoGet rid of /etc/network/if-up.d/aoe-discover
Michael Prokop [Mon, 29 May 2017 17:21:43 +0000 (19:21 +0200)]
Get rid of /etc/network/if-up.d/aoe-discover

Closes grml/grml#47

2 years agoRelease new version 0.29.6 v0.29.6
Michael Prokop [Fri, 26 May 2017 21:38:39 +0000 (23:38 +0200)]
Release new version 0.29.6

2 years agoDelete /usr/lib/udev/rules.d/64-md-raid-assembly.rules to avoid automatic mdadm scanning
Michael Prokop [Fri, 26 May 2017 21:20:44 +0000 (23:20 +0200)]
Delete /usr/lib/udev/rules.d/64-md-raid-assembly.rules to avoid automatic mdadm scanning

We don't want to automatically enable any present mdadm devices.
The safest way is to just remove
/usr/lib/udev/rules.d/64-md-raid-assembly.rules, since it doesn't
seem to provide a stable and long-term working way how to adjust
its behavior.

Closes grml/grml#45

2 years agoRelease new version 0.29.5 v0.29.5
Michael Prokop [Wed, 24 May 2017 12:34:12 +0000 (14:34 +0200)]
Release new version 0.29.5

2 years agoSwitch from grml-runtty to agetty also on tty11 + tty12
Michael Prokop [Wed, 24 May 2017 12:30:40 +0000 (14:30 +0200)]
Switch from grml-runtty to agetty also on tty11 + tty12

Closes grml/grml#14 now that grml-runtty is only used with non-systemd systems

2 years agoRun zsh when starting screen
Darshaka Pathirana [Sun, 21 May 2017 17:56:58 +0000 (19:56 +0200)]
Run zsh when starting screen

When starting GNU/screen via systemd the SHELL varible is empty whereas
SHELL=/bin/zsh when starting screen via grml-runtty.

If we can assume that zsh is installed on Grml then this solution is ok.
If not, we should address that in the run-screen script with something like:

  SHELL=/bin/sh
  [ -x /bin/zsh ] && SHELL=/bin/zsh

  # now run screen with config

    if [ `id -u` = 0 ] ; then
      exec screen -U -c /etc/grml/screenrc -s $SHELL
  [snip]

(partly) fixes grml/grml#14

2 years agoGet rid of grml-runtty
Darshaka Pathirana [Sun, 21 May 2017 17:34:32 +0000 (19:34 +0200)]
Get rid of grml-runtty

What once was done by grml-runtty can be now be accomplished by systemd.

That said, there is a weird behavior when starting GNU/screen via
"run-screen". When started via grml-runtty screen runs zsh, but
when started directly via systemd screen runs /bin/sh (= dash).

The reason for that is, that the SHELL variable is empty when called
directly via systemd whereas SHELL=/bin/zsh when started via
grml-runtty. I could not figure out why but a solution would be to set
the "Environment"-option in the systemd-unit which I will propose in a
separate commit.

(partly) fixes grml/grml#14

2 years agoSwitch from grml-runtty to agetty
Darshaka Pathirana [Fri, 19 May 2017 23:39:13 +0000 (01:39 +0200)]
Switch from grml-runtty to agetty

grml-runtty used to fix most of the pre-systemd environment problems. It
seems that it causes more troubles nowadays than it solved back then.
First and foremost grml-runtty does not provide a (systemd) login
session which prevents us from starting X reliably. Therefor replacing
grml-runtty with agetty with autologin where a grml-shell is used so far.

tty1 to tty4, where grml-runtty starts run-welcome (grml-quickconfig),
two root- and a grml-GNU-screen session, should also be replaced with a
proper systemd-unit.

Relates to grml/grml#14 and grml/grml#20

2 years agoSW: add haveged to GRMLBASE [Closes: issue1336]
Michael Prokop [Fri, 19 May 2017 14:42:58 +0000 (16:42 +0200)]
SW: add haveged to GRMLBASE [Closes: issue1336]

It's useful especially on VMs with low entropy, so provide it by default.

2 years agoSW: add rng-tools to GRMLBASE [Closes: issue1336]
Michael Prokop [Fri, 19 May 2017 14:39:36 +0000 (16:39 +0200)]
SW: add rng-tools to GRMLBASE [Closes: issue1336]

2 years agoProvide consistent header information for all /etc/systemd/ files that are deployed...
Michael Prokop [Fri, 19 May 2017 13:58:16 +0000 (15:58 +0200)]
Provide consistent header information for all /etc/systemd/ files that are deployed via grml-live

2 years agoWarn in initramfs if there is <256MM memory
Thomas Stewart [Fri, 19 May 2017 11:59:47 +0000 (12:59 +0100)]
Warn in initramfs if there is <256MM memory

Closes grml/grml#35

2 years agoTTY6/VT6 should start a shell if bootoption startx is not given
Darshaka Pathirana [Fri, 19 May 2017 13:15:24 +0000 (15:15 +0200)]
TTY6/VT6 should start a shell if bootoption startx is not given

When the bootoption "startx" is given, the helper-script
"/etc/init.d/startx" is created during the bootprocess (via
grml-autoconfig).

That means, that if the booptions "startx" is not given, the
helper-script is not created and tty6/vt6 should not try to start X but
should just start a grml-user-shell.

Related to grml/grml#20

2 years agoEnable systemd specific debug boot options in debugging mode
Michael Prokop [Thu, 18 May 2017 15:41:13 +0000 (17:41 +0200)]
Enable systemd specific debug boot options in debugging mode

See grml/grml#3

2 years agoDisable automatic 'ATA over Ethernet discovery'
Michael Prokop [Thu, 18 May 2017 15:00:41 +0000 (17:00 +0200)]
Disable automatic 'ATA over Ethernet discovery'

/usr/lib/modules-load.d/aoetools.conf by default contains:

| ## If you need to restrict the interfaces aoe will use, copy this
| ## file to /etc/modules-load.d/ and use this example:
| # aoe aoe_iflist="eth0,eth1"
|
| ## Load aoe driver with no interface restriction:
| aoe

and /lib/systemd/system/aoe-discover.service contains:

| [Unit]
| Description=ATA over Ethernet discovery
| BindsTo=sys-devices-virtual-aoe-discover.device
| DefaultDependencies=no
| Conflicts=shutdown.target
| After=network-online.target
|
| [Service]
| Type=oneshot
| ExecStart=/sbin/aoe-discover

Since the aeotools.conf file tells systemd to load the aoe module
which then triggers the udev rule we end up with automatic
aoe-discover execution on default Grml boot, even though we
disable the aoe-discover service (since enabling/disabling only
affects starting via transitive dependencies, but the udev rule
is doing the equivalent of `systemctl start $unit`). By removing
/usr/lib/modules-load.d/aoetools.conf we ensure that automatic
'ATA over Ethernet discovery' is NOT executed, though if a user
runs 'modprobe aoe' it executes aoe-discover as intended.

Thanks: Felipe Sateler + Darshaka Pathirana for help in coming up with a solution
Closes grml/grml#32

2 years agoSW: add cpufrequtils to GRML_SMALL
Michael Prokop [Tue, 16 May 2017 22:29:17 +0000 (00:29 +0200)]
SW: add cpufrequtils to GRML_SMALL

It adds only ~250kb of additional disk space and provides
/etc/init.d/loadcpufreq which we use in grml-autoconfig.

Closes grml/grml#24

2 years agoEnable autologin for user root on serial console ttyS0
Michael Prokop [Tue, 16 May 2017 22:02:12 +0000 (00:02 +0200)]
Enable autologin for user root on serial console ttyS0

Closes grml/grml#21