diff options
Diffstat (limited to 'hooks')
| -rwxr-xr-x | hooks/build-os-post/40-ostree-demo-scripts | 1 | ||||
| -rwxr-xr-x | hooks/build-os-post/90-ostree-path-mangles | 6 | ||||
| -rwxr-xr-x | hooks/build-os/10-apt | 10 | ||||
| -rwxr-xr-x | hooks/build-os/30-packages | 9 | ||||
| -rwxr-xr-x | hooks/build-os/50-network | 12 | ||||
| -rwxr-xr-x | hooks/build-os/70-system-config | 36 | ||||
| -rwxr-xr-x | hooks/build-os/80-firstboot-repart-growfs | 4 |
7 files changed, 56 insertions, 22 deletions
diff --git a/hooks/build-os-post/40-ostree-demo-scripts b/hooks/build-os-post/40-ostree-demo-scripts index 6ea5627..cb8d693 100755 --- a/hooks/build-os-post/40-ostree-demo-scripts +++ b/hooks/build-os-post/40-ostree-demo-scripts @@ -2,6 +2,7 @@ set -o pipefail +#TODO: package this stuff in .debs and put in a reprepro cat > "${root:?}"/usr/sbin/halo-upgrade << EOF #!/bin/bash -e diff --git a/hooks/build-os-post/90-ostree-path-mangles b/hooks/build-os-post/90-ostree-path-mangles index b2709f3..8a478b8 100755 --- a/hooks/build-os-post/90-ostree-path-mangles +++ b/hooks/build-os-post/90-ostree-path-mangles @@ -1,8 +1,8 @@ #!/bin/bash -xe set -o pipefail -# remove everything from dev and var -rm -rf "${root:?}"/dev/* "${root:?}"/var/* +# remove everything from dev +rm -rvf "${root:?}"/dev/* # add sysroot mountpoint and ostree link to root mkdir -p "${root:?}"/sysroot @@ -32,7 +32,7 @@ EOF # move /etc to /usr/etc mv "${root:?}"/etc "${root:?}"/usr/etc -mkdir "${root:?}"/etc # do we need this? +mkdir "${root:?}"/etc #TODO: do we need this? # link persistent directories to /var for dir in home opt srv mnt tmp; do diff --git a/hooks/build-os/10-apt b/hooks/build-os/10-apt index 65c7056..be2059b 100755 --- a/hooks/build-os/10-apt +++ b/hooks/build-os/10-apt @@ -3,13 +3,11 @@ set -o pipefail # Enable additional sources cat > "${root:?}"/etc/apt/sources.list << EOF -deb https://deb.debian.org/debian trixie main contrib non-free non-free-firmware - -deb https://deb.debian.org/debian trixie-updates main contrib non-free non-free-firmware - -deb https://security.debian.org/debian-security trixie-security main contrib non-free non-free-firmware +deb http://deb.debian.org/debian trixie main contrib non-free non-free-firmware +deb http://deb.debian.org/debian trixie-updates main contrib non-free non-free-firmware +deb http://security.debian.org/debian-security trixie-security main contrib non-free non-free-firmware EOF # update/upgrade system chroot "${root:?}" apt-get update -chroot "${root:?}" apt-get upgrade +chroot "${root:?}" apt-get upgrade --assume-yes diff --git a/hooks/build-os/30-packages b/hooks/build-os/30-packages index b131edf..9510c87 100755 --- a/hooks/build-os/30-packages +++ b/hooks/build-os/30-packages @@ -7,15 +7,22 @@ packages=( debootstrap dosfstools e2fsprogs + flatpak + gnome-core + gnome-tweaks lvm2 nethack-console + network-manager ostree parted rsync + sudo systemd-container + systemd-homed + task-english xfsprogs ) -chroot "${root:?}" apt-get -y install "${packages[@]}" +chroot "${root:?}" apt-get -y --no-install-recommends install "${packages[@]}" echo 'kernel.unprivileged_userns_clone=1' > "${root:?}"/etc/sysctl.d/nspawn.conf diff --git a/hooks/build-os/50-network b/hooks/build-os/50-network index c2cb6ee..a7ec432 100755 --- a/hooks/build-os/50-network +++ b/hooks/build-os/50-network @@ -1,16 +1,14 @@ #!/bin/bash -xe set -o pipefail -# Append motd +# Append to motd cat >> "${root:?}"/etc/motd << EOF -${osname:?}/${osversion:?} (${osdesc:?}) v${version:?} +${osname:?}/${osversion:?}/${build:?}/${buildenv:?}/${arch:?} (${osdesc:?}) v${version:?} EOF # Set hostname -echo "${osname:?}-${osversion:?}" > "${root:?}"/etc/hostname -echo "127.0.1.1 ${osname:?}-${osversion:?}" >> "${root:?}"/etc/hosts - -# Install network manager -chroot "${root:?}" apt-get install -y network-manager +echo "${osname:?}-${osversion:?}-${build:?}-${buildenv:?}" > "${root:?}"/etc/hostname +echo "127.0.1.1 ${osname:?}-${osversion:?}-${build:?}-${buildenv:?}" >> "${root:?}"/etc/hosts +echo "Etc/UTC" > "${root:?}"/etc/localtime diff --git a/hooks/build-os/70-system-config b/hooks/build-os/70-system-config index 0fc5bde..38b6f68 100755 --- a/hooks/build-os/70-system-config +++ b/hooks/build-os/70-system-config @@ -1,10 +1,40 @@ #!/bin/bash -xe set -o pipefail -# Set a root password -echo "root:guest" | chroot "${root:?}" chpasswd +## Set a root password +echo "root:reznor" | chroot "${root:?}" chpasswd + +## add a default regular user with systemd-homed on firstboot +mkdir -p "${root:?}"/usr/lib/credstore +cat > "${root:?}"/usr/lib/credstore/home.create.trent << EOF +{ + "disposition" : "regular", + "memberOf" : [ + "sudo" + ], + "privileged" : { + "hashedPassword" : [ + "\$y\$j9T\$KiIvlGKRHOAfV600NZhag.\$cKOX95FUr7aSVL3EpU2dlDmf/xmL.UoeYonmI3ZkXXA" + ] + }, + "secret" : { + "password" : [ + "reznor" + ] + }, + "userName" : "trent" +} +EOF + +mkdir "${root:?}"/etc/systemd/system/systemd-homed-firstboot.service.d +cat > "${root:?}"/etc/systemd/system/systemd-homed-firstboot.service.d/override.conf << EOF +[Service] +ExecStart= +ExecStart=homectl firstboot --enforce-password-policy=no +EOF + # Make console quieter cat > "${root:?}"/etc/sysctl.d/printk.conf << EOF -kernel.printk = 3 4 1 3 +kernel.printk = 3 4 1 3 EOF diff --git a/hooks/build-os/80-firstboot-repart-growfs b/hooks/build-os/80-firstboot-repart-growfs index 78648cc..97aceff 100755 --- a/hooks/build-os/80-firstboot-repart-growfs +++ b/hooks/build-os/80-firstboot-repart-growfs @@ -36,7 +36,7 @@ mkdir "${root:?}"/etc/systemd/system/systemd-firstboot.service.d cat > "${root:?}"/etc/systemd/system/systemd-firstboot.service.d/install.conf << EOF [Service] ExecStart= -ExecStart=/usr/bin/systemd-firstboot --prompt +ExecStart=/usr/bin/systemd-firstboot [Install] WantedBy=sysinit.target @@ -44,4 +44,4 @@ EOF chroot "${root:?}" systemctl enable systemd-firstboot.service -rm "${root:?}"/etc/{machine-id,localtime} +rm "${root:?}"/etc/machine-id |