diff --git a/bdisk/build.py b/bdisk/build.py index d4ca3d2..ccead4b 100755 --- a/bdisk/build.py +++ b/bdisk/build.py @@ -136,14 +136,20 @@ def genUEFI(build, bdisk): fname = 'bootx64.efi' else: fname = f - if not os.path.isfile(prepdir + '/EFI/boot/' + fname): - shutil.copy2('{0}/root.x86_64/usr/share/efitools/efi/{1}'.format(chrootdir, f), - '{0}/EFI/boot/{1}'.format(prepdir, fname)) + with open('{0}/root.x86_64/usr/share/efitools/efi/{1}'.format( + chrootdir, + f), + 'rb') as r: + with open('{0}/EFI/boot/{1}'.format(prepdir, fname), 'wb') as file: + file.write(r.read()) # And we also need the systemd efi bootloader. if os.path.isfile(prepdir + '/EFI/boot/loader.efi'): os.remove(prepdir + '/EFI/boot/loader.efi') - shutil.copy2(chrootdir + '/root.x86_64/usr/lib/systemd/boot/efi/systemd-bootx64.efi', - prepdir + '/EFI/boot/loader.efi') + with open('{0}/root.x86_64/usr/lib/systemd/boot/efi/systemd-bootx64.efi'.format( + chrootdir), + 'rb') as r: + with open('{0}/EFI/boot/loader.efi'.format(prepdir), 'wb') as file: + file.write(r.read()) # And the accompanying configs for the systemd efi bootloader, too. tpl_loader = jinja2.FileSystemLoader(templates_dir) env = jinja2.Environment(loader = tpl_loader) @@ -166,9 +172,9 @@ def genUEFI(build, bdisk): f.write(tpl_out) # And we need to get filesizes (in bytes) for everything we need to include in the ESP. # This is more important than it looks. - #sizetotal = 33553920 # The spec'd EFI binary size (32MB). It's okay to go over this though (and we do) + sizetotal = 33553920 # The spec'd EFI binary size (32MB). It's okay to go over this though (and we do) # because xorriso sees it as a filesystem image and adjusts the ISO automagically. - sizetotal = 2097152 # we start with 2MB and add to it for wiggle room + #sizetotal = 2097152 # we start with 2MB and add to it for wiggle room sizefiles = ['/boot/' + bdisk['uxname'] + '.64.img', '/boot/' + bdisk['uxname'] + '.64.kern', '/EFI/boot/bootx64.efi', @@ -235,10 +241,8 @@ def genUEFI(build, bdisk): if os.path.isfile(z): os.remove(z) shutil.copy(y, z) - #shutil.copy2('{0}/root.{1}/boot/vmlinuz-linux-{2}'.format(chrootdir, 'x86_64', bdisk['name']), shutil.copy2('{0}/root.{1}/boot/vmlinuz-linux'.format(chrootdir, 'x86_64'), '{0}/EFI/{1}/{2}.efi'.format(mountpt, bdisk['name'], bdisk['uxname'])) - #shutil.copy2('{0}/root.{1}/boot/initramfs-linux-{2}.img'.format(chrootdir, 'x86_64', bdisk['name']), shutil.copy2('{0}/root.{1}/boot/initramfs-linux.img'.format(chrootdir, 'x86_64'), '{0}/EFI/{1}/{2}.img'.format(mountpt, bdisk['name'], bdisk['uxname'])) # TODO: support both arch's as EFI bootable instead? Maybe? requires more research. very rare. diff --git a/bdisk/ipxe.py b/bdisk/ipxe.py index 702e675..a8ad5a1 100755 --- a/bdisk/ipxe.py +++ b/bdisk/ipxe.py @@ -133,8 +133,8 @@ def genISO(conf): os.makedirs(os.path.dirname(efiboot_img), exist_ok = True) # FAT32 embedded EFI dir os.makedirs('{0}/EFI/boot'.format(bootdir), exist_ok = True) # EFI bootloader binary dir # Inner dir (miniboot.img file) - sizetotal = 2097152 # 2MB wiggle room. increase this if we add IA64. - #sizetotal = 34603008 # 33MB wiggle room. increase this if we add IA64. + #sizetotal = 2097152 # 2MB wiggle room. increase this if we add IA64. + sizetotal = 34603008 # 33MB wiggle room. increase this if we add IA64. sizetotal += os.path.getsize(innerefi64) sizefiles = ['HashTool', 'PreLoader'] for f in sizefiles: @@ -161,7 +161,7 @@ def genISO(conf): cmd = ['/bin/mount', efiboot_img, mountpt] subprocess.call(cmd) os.makedirs(mountpt + '/EFI/boot', exist_ok = True) # "Inner" (EFI image) - os.makedirs('{0}/EFI/{1}'.format(mountpt, bdisk['name']), exist_ok = True) # "Inner" (EFI image) + #os.makedirs('{0}/EFI/{1}'.format(mountpt, bdisk['name']), exist_ok = True) # "Inner" (EFI image) os.makedirs('{0}/boot'.format(bootdir), exist_ok = True) # kernel(s) os.makedirs('{0}/loader/entries'.format(bootdir), exist_ok = True) # EFI for d in (mountpt, bootdir): @@ -171,19 +171,24 @@ def genISO(conf): fname = 'bootx64.efi' else: fname = f - if not os.path.isfile('{0}/EFI/boot/{1}'.format(mountpt, fname)): - shutil.copy2('{0}/root.x86_64/usr/share/efitools/efi/{1}'.format(chrootdir, f), - '{0}/EFI/boot/{1}'.format(mountpt, fname)) - if not os.path.isfile('{0}/EFI/boot/{1}'.format(bootdir, f)): - shutil.copy2('{0}/root.x86_64/usr/share/efitools/efi/{1}'.format(chrootdir, f), - '{0}/EFI/boot/{1}'.format(bootdir, fname)) - # And the systemd efi bootloader. - if not os.path.isfile('{0}/EFI/boot/loader.efi'.format(mountpt)): - shutil.copy2('{0}/root.x86_64/usr/lib/systemd/boot/efi/systemd-bootx64.efi'.format(chrootdir), - '{0}/EFI/boot/loader.efi'.format(mountpt)) - if not os.path.isfile('{0}/EFI/boot/loader.efi'.format(bootdir)): - shutil.copy2('{0}/root.x86_64/usr/lib/systemd/boot/efi/systemd-bootx64.efi'.format(chrootdir), - '{0}/EFI/boot/loader.efi'.format(bootdir)) + + with open('{0}/root.x86_64/usr/share/efitools/efi/{1}'.format( + chrootdir,f), + 'rb') as r: + with open('{0}/EFI/boot/{1}'.format(mountpt, fname), 'wb') as file: + file.write(r.read()) + with open('{0}/root.x86_64/usr/share/efitools/efi/{1}'.format( + chrootdir, f), + 'rb') as r: + with open('{0}/EFI/boot/{1}'.format(bootdir, fname), 'wb+') as file: + file.write(r.read()) + # And the systemd efi bootloader. + with open('{0}/root.x86_64/usr/lib/systemd/boot/efi/systemd-bootx64.efi'.format( + chrootdir), + 'rb') as r: + with open('{0}/EFI/boot/loader.efi'.format(mountpt), 'wb+') as f: + f.write(r.read()) + # And loader entries. os.makedirs('{0}/loader/entries'.format(mountpt, exist_ok = True)) for t in ('loader', 'base'): @@ -202,7 +207,7 @@ def genISO(conf): # Outer dir outerdir = True os.makedirs('{0}/isolinux'.format(bootdir), exist_ok = True) # BIOS - # and we create the loader entries (outer) + # Loader entries (outer) for t in ('loader','base'): if t == 'base': name = bdisk['uxname'] diff --git a/docs/manual/USER.adoc b/docs/manual/USER.adoc index 14afc16..0bb5357 100644 --- a/docs/manual/USER.adoc +++ b/docs/manual/USER.adoc @@ -21,4 +21,5 @@ include::user/GETTING_STARTED.adoc[] include::user/IMPORTANT_CONCEPTS.adoc[] include::user/PROJECT_LAYOUT.adoc[] include::user/BUILDINI.adoc[] +include::user/ADVANCED.adoc[] diff --git a/docs/manual/user/ADVANCED.adoc b/docs/manual/user/ADVANCED.adoc new file mode 100644 index 0000000..32e8401 --- /dev/null +++ b/docs/manual/user/ADVANCED.adoc @@ -0,0 +1,2 @@ +== Advanced Customization +If the <<_the_code_build_ini_code_file,`build.ini` file>> doesn't provide enough customization to your liking, I don't blame you! It was designed only to provide the most basic control and is primarily only used to control the build process itself. \ No newline at end of file diff --git a/docs/manual/user/BUILDINI.adoc b/docs/manual/user/BUILDINI.adoc index 171fa77..f64c0e4 100644 --- a/docs/manual/user/BUILDINI.adoc +++ b/docs/manual/user/BUILDINI.adoc @@ -1,4 +1,4 @@ -== The `build.ini` file +== The `build.ini` File This file is where you can specify some of the very basics of BDisk building. It allows you to specify/define certain variables and settings used by the build process. It uses https://docs.python.org/3/library/configparser.html[ConfigParser^] for the parsing engine, and you can do some https://wiki.python.org/moin/ConfigParserExamples[more advanced^] things with it than I demonstrate in the default. It's single-level, but divided into "sections". This is unfortunately a limitation of ConfigParser, but it should be easy enough to follow. @@ -510,4 +510,75 @@ Directory to hold SSL results, if we are generating keys, certificates, etc. ==== `ssl_ca` Path to the (root) CA certificate file iPXE should use. See http://ipxe.org/crypto[iPXE's crypto page^] for more information. -NOTE: You can use your own CA to sign existing certs. \ No newline at end of file +NOTE: You can use your own CA to sign existing certs. This is handy if you run a third-party/"Trusted" root-CA-signed certificate for the HTTPS target. + +. No whitespace +. Must be in PEM/X509 format +. *Required* if <<__code_iso_code,`iso`>> is enabled +. If it exists, a matching key (ssl_cakey) *must* be specified +.. However, if left blank/doesn't exist, one will be automatically generated + +==== `ssl_cakey` +Path to the (root) CA key file iPXE should use. + +. No whitespace +. Must be in PEM/X509 format +. *Required* if <<__code_iso_code,`iso`>> is enabled +. If left blank or it doesn't exist (and <<__code_ssl_ca_code,`ssl_ca`>> is also blank), one will be automatically generated +. *Must* match/pair to <<__code_ssl_ca_code,`ssl_ca`>> if specified/exists +. MUST NOT be passphrase-protected/DES-encrypted + +==== `ssl_crt` +Path to the _client_ certificate iPXE should use. + +. No whitespace +. Must be in PEM/X509 format +. *Required* if <<__code_iso_code,`iso`>> is enabled +. If specified/existent, a matching CA cert (<<__code_ssl_ca_code,`ssl_ca`>>) and key (<<__code_ssl_cakey_code,`ssl_cakey`>>) *must* be specified +.. However, if left blank/doesn't exist, one will be automatically generated +. *Must* be signed by <<__code_ssl_ca_code,`ssl_ca`>>/<<__code_ssl_cakey_code,`ssl_cakey`>> if specified and already exists + +==== `ssl_key` +Path to the _client_ key iPXE should use. + +. No whitespace +. Must be in PEM/X509 format +. *Required* if <<__code_iso_code,`iso`>> is enabled +. If left blank/nonexistent (and <<__code_ssl_ca_code,`ssl_ca`>> is also blank), one will be automatically generated + +=== `[rsync]` +This section controls aspects of rsync pushing. Only used if <<__code_rsync_code,`sync:rsync`>> is enabled. + +==== `host` +The rsync destination host. + +. Must resolve from the build server +. Can be host, FQDN, or IP address + +==== `user` +This is the remote user we should use when performing the rsync push. + +. User must exist on remote system +. SSH pubkey authorization must be configured +. The destination's hostkey must be added to your local build user's known hosts + +==== `path` +This is the remote destination path we should use for pushing via rsync. + + +NOTE: You'll probably want to set *`http:user`* and *`group`* to what it'll need to be on the destination. + +. No whitespace +. The path *must* exist on the remote host +. The path MUST be writable by <<__code_user_code_5,`user`>> + +==== `iso` +Should we rsync over the ISO files too, or just the boot files? + +[options="header"] +|====================== +2+^|Accepts (case-insensitive) one of: +^m|yes ^m|no +^m|true ^m|false +^m|1 ^m|0 +|====================== diff --git a/extra/dist.build.ini b/extra/dist.build.ini index a593458..ea4bb98 100644 --- a/extra/dist.build.ini +++ b/extra/dist.build.ini @@ -3,517 +3,84 @@ ########################################################### # # This file is used to define various variables/settings -# used by the build script. +# used by the build script. # -# It is well-commented, and uses INI syntax. -# See https://wiki.python.org/moin/ConfigParserExamples -# for some advanced features if you would like to use -# them. -# Blank lines are ignored. Section integrity is important. -# #- and ;-prefixed lines are comments and are not parsed. -# If restrictions on input are present, they will be -# given in a numerical list. +# For full (perhaps overly-verbose ;) documentation, please +# see: +# https://bdisk.square-r00t.net/#_the_code_build_ini_code_file +# Or simply refer to the section titled "The build.ini File" +# in the user manual. -#---------------------------------------------------------# -# This section controls some aspects about the live -# environment itself. -#---------------------------------------------------------# [bdisk] - -; The name of the project. If you roll your own and don't -; want it called the default, here's where you change it. -; 0.) Alphanumeric only -; 1.) 8 characters total or less -; 2.) No whitespace -; 3.) ASCII *only* -; 4.) Will be converted to uppercase if it isn't already name = BDISK - -; This is used for filenames, etc. -; I highly recommend it be the same as 'name', but -; lowercase. -; 0.) Alphanumeric only -; 1.) No whitespace -; 2.) ASCII *only* -; 3.) Will be converted to lowercase if it isn't already uxname = bdisk - -; This string is used for "pretty-printing" of the name. -; 0.) Can contain whitespace -; 1.) Can be mixed-case, uppercase, or lowercase -; 2.) ASCII *only* pname = BDisk - -; What version is this? -; If we don't have a version specified here, we'll -; try to guess based on the current git commit in build:basedir. -; 0.) No whitespace ver = - -; Your/your organization's name. -; The same rules as 'pname' apply: -; 0.) Can contain whitespace -; 1.) Can be mixed-case, uppercase, or lowercase -; 2.) ASCII *only* dev = r00t^2 - -; Your email address. -; This is only used for commit messages (sync:git), -; or GPG-signing the releases (see the associated build -; section items). email = bts@square-r00t.net - -; What this distribution/project is used for. -; 0.) Can contain whitespace -; 1.) Can be mixed-case, uppercase, or lowercase -; 2.) ASCII *only* desc = j00 got 0wnz0r3d lulz. - -; What is your livedistro's URL? -; 0.) Should be a valid URI understood by minimal versions -; of curl. uri = https://bdisk.square-r00t.net - -; Should the root user have a password? IF THIS IS NOT SET, -; PASSWORD LOGIN WILL BE DISABLED! If you wish to have a -; blank password, use the string: -; BLANK -; Do NOT use a plaintext password here. You will need to -; generate a salted and hashed string in a shadow-compatible -; format. If you need help generating one, see docs/HOWTO.hashgen. -; If an assistance script is available, the path will be given -; (i.e. extras/bin/hashgen.py). -; -; Note that if you want an automatic login, this is NOT where it -; would be set. It should instead be controlled via: -; overlay/etc/systemd/system/getty@ttyN.service.d/autologin.conf -; In the following format: -; [Service] -; Type=idle -; ExecStart= -; ExecStart=-/usr/bin/agetty --autologin --noclear %I 38400 linux -;(where N is the TTY number). Alternatively, if booting to a GUI, it -; can be set as according to that GUI (e.g. for LXDE, -; overlay/etc/lxdm/lxdm.conf, "autologin=") -; 0.) MUST be a salted SHA512 string in shadow format -; 1.) ALL $'s (there should be three of them) MUST be escaped with a second $. -; e.g.: $6$aBcDeFgHiJ$ZxYw.... would become $$6$$aBcDeFgHiJ$$ZxYw... root_password = - -; Should we create a non-root user on the image? -; Note that this user has full sudo access. -; 0.) Only accepts (case-insensitive): -; yes|no -; true|false -; 1|0 -; If it is undefined, it is assumed to be no. user = yes - -#---------------------------------------------------------# -# This section controls aspects about bdisk:user. -# Only used if bdisk:user set to True/yes/etc. -#---------------------------------------------------------# [user] - -; What username should we use for the live system? -; Standard *nix username rules apply: -; 0.) ASCII only -; 1.) 32 characters or less -; 2.) Alphanumeric only -; 3.) Lowercase only -; 4.) No whitespace -; 5.) Cannot start with a number username = ${bdisk:uxname} - -; What comment/description should be used for the user? -; See passwd(5) if you need details on this. -; 0.) ASCII only name = Default user - -; What password should be set for the user, if any? -; See bdisk:root_password for how to generate this. -; DO NOT PUT A PLAINTEXT PASSWORD HERE. password = -#---------------------------------------------------------# -# This section controls some aspects about the host -# and things like filesystem paths, etc. -#---------------------------------------------------------# [build] - -; What is the mirror for your bootstrap tarball? -; It is *highly* recommended you use an Arch Linux tarball -; as the build process is highly specialized to this. -; 0.) No whitespace -; 1.) Must be accessible remotely (no local file paths) mirror = mirror.us.leaseweb.net - -; What is the protocol for the bootstrap mirror? -; 0.) Must be one of: -; http, https, ftp mirrorproto = https - -; What is the path to the tarball directory? -; 0.) Must be a complete path -; (e.g. /dir1/subdir1/subdir2/ -; 1.) No whitespace mirrorpath = /archlinux/iso/latest/ - -; What is the filename for the tarball found in the above? -; If left blank, we will use the sha1 checksum file to try -; to guess the most recent file. mirrorfile = - -; What is the path to a sha1 checksum file? -; 0.) No whitespace -; 1.) Must be the full path -; 2.) Don't include the mirror domain or protocol mirrorchksum = ${mirrorpath}sha1sums.txt - -; Optional GPG checking. -; If the file has a GPG signature file, -; we can use it for extra checking. -; If it's blank, GPG checking will be disabled. -; If you specify just '.sig' (or use the default -; and don't actually specify a mirrorfile), -; we'll try to guess based on the file from the sha1 -; checksums. Note that this must evaluate to a full -; URL (e.g.: -; ${mirrorproto}://${mirror}${mirrorpath}somefile.sig) -; 0.) No whitespace (if specified) -; 1.) Must be the full path mirrorgpgsig = - -; What is a valid key ID that should be used to -; verify the tarballs? -; 0.) Only used if mirrorgpgsig is set -; 1.) Should be in the "shortform" -; (e.g. 7F2D434B9741E8AC) gpgkey = 7F2D434B9741E8AC - -; What is a valid keyserver we should use -; to fetch gpgkey? -; 0.) Only used if mirrorgpgsig is set -; 1.) The default (blank) is probably fine. -; If you don't specify a personal GPG config -; (under the gpg section), then you'll definitely probably -; want to leave this blank. -; 2.) If set, make sure you use a valid URI (e.g.: -; hkp://pgp.mit.edu ) gpgkeyserver = - -; Should we sign our release files? (See the GPG section) -; 0.) Only accepts (case-insensitive): -; yes|no -; true|false -; 1|0 gpg = no - -; Where should we save the bootstrap tarballs? -; 0.) No whitespace -; 1.) Will be created if it doesn't exist dlpath = /var/tmp/${bdisk:uxname} - -; Where should the bootstrap tarballs extract to and the -; chroots be built? -; 0.) No whitespace -; 1.) Will be created if it doesn't exist chrootdir = /var/tmp/chroots - -; Where is the base of the BDisk project located? -; In other words, if you cloned BDisk from git, -; what is BDisk's working tree directory? -; 0.) No whitespace -; 1.) Must exist and be populated with the BDisk's files basedir = /opt/dev/bdisk - -; This is the output directory of the ISO files when -; done building. This should not be checked into git. -; (The files will be very big!) -; 0.) No whitespace -; 1.) Will be created if it doesn't exist isodir = ${dlpath}/iso - -; This is a directory where we should save extra -; source code we download (if we need it). -; 0.) No whitespace -; 1.) Will be created if it doesn't exist, and is needed srcdir = ${dlpath}/src - -; What directory should we use for staging? -; 0.) No whitespace -; 1.) Will be created if it doesn't exist prepdir = ${dlpath}/temp - -; Where should we stage the boot files? -; This should not be the same dir as other options! -; The default is recommended. -; 0.) No whitespace -; 1.) Will be created if it doesn't exist archboot = ${prepdir}/${bdisk:name} - -; What directory/path should we use as a base -; directory for mountpoints? -; 0.) No whitespace -; 1.) Will be created if it doesn't exist mountpt = /mnt/${bdisk:uxname} - -; Should we build a multiarch image? That is to say, the -; same ISO file can be used for both i686 and x86_64. -; 0.) Only accepts (case-insensitive): -; yes/true (buld both i686, x86_64 in same image) -; no/false (build separate images, both arch's) -; i686 (ONLY build i686 architecture) -; x86_64 (ONLY build x86_64 architecture) -; If it is undefined, it is assumed to be no. multiarch = yes - -; Would you like to enable iPXE functionality? -; Note that this has no bearing on the 'sync' sections, -; so one can build e.g. only http files. -; 0.) Only accepts (case-insensitive): -; yes|no -; true|false -; 1|0 -; If it is undefined, it is assumed to be no. ipxe = - -; This option should only be enabled if you are on a fairly -; powerful, multicore system with plenty of RAM. It will -; speed the build process along, but will have some -; seriously adverse effects if your system can't handle it. -; Most modern systems should be fine with leaving it enabled. -; 0.) Only accepts (case-insensitive): -; yes|no -; true|false -; 1|0 -; If it is undefined, it is assumed to be no. i_am_a_racecar = yes - -#---------------------------------------------------------# -# This section controls settings for signing our release -# files. This is only used if build:gpg is -# yes/true/etc. -#---------------------------------------------------------# [gpg] - -; What is a valid key ID that we should use to -; *sign* our release files? -; 0.) You will be prompted for a passphrase if your -; key has one/you don't have an open and authorized -; gpg-agent session. Make sure you have a working -; pinentry configuration set up! -; 1.) If you leave this blank we will use the key -; we generate automatically earlier in the build -; process. -; 2.) We will generate one if this is blank and you -; have selected sign as yes. mygpgkey = - -; What directory should we use for the above GPG key? -; Make sure it contains your private key. mygpghome = - -#---------------------------------------------------------# -# This section controls what we should do with the -# resulting build and how to handle uploads, if we -# choose to use those features. -#---------------------------------------------------------# [sync] - -; Should we generate/prepare HTTP files? -; This is mostly only useful if you plan on using iPXE. -; However, it can also include the built ISO file(s). -; 0.) Only accepts (case-insensitive): -; yes|no -; true|false -; 1|0 -; If it is undefined, it is assumed to be no. http = no - -; Should we generate/prepare TFTP files? -; This is mostly only useful if you plan on using more -; traditional (non-iPXE) setups and regualar PXE bootstrapping -; into iPXE. -; 0.) Only accepts (case-insensitive): -; yes|no -; true|false -; 1|0 -; If it is undefined, it is assumed to be no. tftp = no - -; Enable automatic Git pushing for any changes done to the -; project itself? If you don't have upstream write access, -; you'll want to set this to False. -; 0.) Only accepts (case-insensitive): -; yes|no -; true|false -; 1|0 -; If it is undefined, it is assumed to be no. git = no - -; Enable rsync pushing for the ISO (and other files, if -; you choose- useful for iPXE over HTTP(S)). rsync = no - -#---------------------------------------------------------# -# This section controls details about HTTP file preparation/ -# generation. Only used if sync:http = True (or -# 'yes', etc.) -#---------------------------------------------------------# [http] - -; This directory is where to build an HTTP webroot. -; 0.) No whitespace -; 1.) If blank, HTTP preparation/generation will not be done -; 2.) If specified, it will be created if it doesn't exist -; 3.) If it does exist, it will be deleted first- MAKE SURE -; you do not store files here that you want to keep. path = ${build:dlpath}/http - -; What user and group, if applicable, should the HTTP files -; be owned as? This is most likely going to be either 'http', -; 'nginx', or 'apache'. -; 0.) No whitespace -; 1.) User must exist on system -; 2.) If path is blank, they will not be used user = http group = http - -#---------------------------------------------------------# -# This section controls details about TFTP file -# preparation/generation. Only used if -# sync:tftp = True (or 'yes', etc.) -#---------------------------------------------------------# [tftp] - -; The directory where we want to build a TFTP root. -; 0.) No whitespace -; 1.) If blank, TFTP preparation/generation will not be done -; 2.) If specified, it will be created if it doesn't exist -; 3.) If it does exist, it will be deleted first- MAKE SURE -; you do not store files here that you want to keep. path = ${build:dlpath}/tftpboot - -; What user and group, if applicable, should the TFTP files -; be owned as? This is most likely going to be either 'tftp' -; or 'root'. -; 0.) No whitespace -; 1.) User must exist on system -; 2.) If sync:tftp is blank, they will not be used user = root group = root - -#---------------------------------------------------------# -# This section controls aspects of iPXE building. Only used -# if build:ipxe = True (or 'yes', etc.) -#---------------------------------------------------------# [ipxe] - -; Build a "mini-ISO"; that is, an ISO file that can be used -; to bootstrap an iPXE environment (so you don't need to set -; up a traditional PXE environment on your LAN). We'll still -; build a full standalone ISO no matter what. -; 0.) Only accepts (case-insensitive): -; yes|no -; true|false -; 1|0 -; 1.) Requires actual git to be installed. -; If it is undefined, it is assumed to be no. iso = no - -; What URI should iPXE's EMBED script use? -; If you require HTTP BASIC Authentication or HTTP Digest -; Authentication (untested), you can format it via: -; -; https://user:password@domain.tld/page.php -; -; This currently does not work for HTTPS with self-signed -; certificates. -; 0.) REQUIRED if iso and/or usb is set to True/yes/etc. -; 1.) Must be a valid URI understood by minimal versions -; of curl. uri = https://bdisk.square-r00t.net - -; Directory to hold SSL results, if we are generating -; keys, certificates, etc. ssldir = ${build:dlpath}/ssl - -; Path to the (root) CA certificate file iPXE should use. -; Note that you can use your own CA to sign existing certs. -; See http://ipxe.org/crypto for more info. This is handy if -; you run a third-party/"Trusted" root-CA-signed certificate -; for the HTTPS target. -; 0.) No whitespace -; 1.) Must be in PEM/X509 format -; 2.) REQUIRED if iso and/or usb is set to True/yes/etc. -; 3.) If it exists, a matching key (ssl_cakey) MUST be -; specified -; 4.) HOWEVER, if left blank/doesn't exist, one will be -; automatically generated ssl_ca = ${ssldir}/ca.crt - -; Path to the (root) CA key file iPXE should use. -; 0.) No whitespace -; 1.) Must be in PEM/X509 format -; 2.) REQUIRED if iso and/or usb is set to True/yes/etc. -; 3.) If left blank or it doesn't exist (and ssl_ca is also -; blank), one will be automatically generated -; 4.) MUST match ssl_ca if specified/exists -; 5.) MUST NOT be passphrase-protected ssl_cakey = ${ssldir}/ca.key - -; Path to the CLIENT certificate iPXE should use. -; 0.) No whitespace -; 1.) Must be in PEM/X509 format -; 2.) REQUIRED if iso and/or usb is set to True/yes/etc. -; 3.) If specified/existent, a matching CA cert (ssl_ca) -; and key (ssl_cakey) MUST be specified -; 4.) HOWEVER, if left blank/nonexistent, one will be generated -; 5.) MUST be signed by ssl_ca/ssl_ca if specified ssl_crt = ${ssldir}/main.crt - -; Path to the CLIENT key iPXE should use. -; 0.) No whitespace -; 1.) Must be in PEM/X509 format -; 2.) REQUIRED if iso and/or usb is set to True/yes/etc. -; 4.) If left blank/nonexistent (and ssl_ca is also blank), -; one will be automatically generated ssl_key = ${ssldir}/main.key - -#---------------------------------------------------------# -# This section controls aspects of rsync pushing. Only used -# if sync:rsync = True (or 'yes', etc.) -#---------------------------------------------------------# [rsync] - -; This is the rsync destination host. host = - -; This is the remote user we should use when performing the -; rsync push. user = - -; This is the remote destination path we should use for -; pushing via rsync. -; 0.) No whitespace -; 1.) The path MUST exist on the remote host -; 2.) The path MUST be writable by rsync:user -; RECOMMENDED: you'll probably want to set http:(user|group) -; to what it'll need to be on the destination. path = - -; Should we rsync over the ISO files too, or just the boot -; files? -; 0.) Only accepts (case-insensitive): -; yes|no -; true|false -; 1|0 iso = yes diff --git a/extra/pkg.build.ini b/extra/pkg.build.ini index a536a83..4ecb810 100644 --- a/extra/pkg.build.ini +++ b/extra/pkg.build.ini @@ -5,515 +5,82 @@ # This file is used to define various variables/settings # used by the build script. # -# It is well-commented, and uses INI syntax. -# See https://wiki.python.org/moin/ConfigParserExamples -# for some advanced features if you would like to use -# them. -# Blank lines are ignored. Section integrity is important. -# #- and ;-prefixed lines are comments and are not parsed. -# If restrictions on input are present, they will be -# given in a numerical list. +# For full (perhaps overly-verbose ;) documentation, please +# see: +# https://bdisk.square-r00t.net/#_the_code_build_ini_code_file +# Or simply refer to the section titled "The build.ini File" +# in the user manual. -#---------------------------------------------------------# -# This section controls some aspects about the live -# environment itself. -#---------------------------------------------------------# [bdisk] - -; The name of the project. If you roll your own and don't -; want it called the default, here's where you change it. -; 0.) Alphanumeric only -; 1.) 8 characters total or less -; 2.) No whitespace -; 3.) ASCII *only* -; 4.) Will be converted to uppercase if it isn't already name = BDISK - -; This is used for filenames, etc. -; I highly recommend it be the same as 'name', but -; lowercase. -; 0.) Alphanumeric only -; 1.) No whitespace -; 2.) ASCII *only* -; 3.) Will be converted to lowercase if it isn't already uxname = bdisk - -; This string is used for "pretty-printing" of the name. -; 0.) Can contain whitespace -; 1.) Can be mixed-case, uppercase, or lowercase -; 2.) ASCII *only* pname = BDisk - -; What version is this? -; If we don't have a version specified here, we'll -; try to guess based on the current git commit in build:basedir. -; 0.) No whitespace ver = - -; Your/your organization's name. -; The same rules as 'pname' apply: -; 0.) Can contain whitespace -; 1.) Can be mixed-case, uppercase, or lowercase -; 2.) ASCII *only* dev = A Developer - -; Your email address. -; This is only used for commit messages (sync:git), -; or GPG-signing the releases (see the associated build -; section items). email = dev@domain.tld - -; What this distribution/project is used for. -; 0.) Can contain whitespace -; 1.) Can be mixed-case, uppercase, or lowercase -; 2.) ASCII *only* desc = A rescue/restore live environment. - -; What is your livedistro's URL? -; 0.) Should be a valid URI understood by minimal versions -; of curl. uri = https://domain.tld - -; Should the root user have a password? IF THIS IS NOT SET, -; PASSWORD LOGIN WILL BE DISABLED! If you wish to have a -; blank password, use the string: -; BLANK -; Do NOT use a plaintext password here. You will need to -; generate a salted and hashed string in a shadow-compatible -; format. If you need help generating one, see docs/HOWTO.hashgen. -; If an assistance script is available, the path will be given -; (i.e. extras/bin/hashgen.py). -; -; Note that if you want an automatic login, this is NOT where it -; would be set. It should instead be controlled via: -; overlay/etc/systemd/system/getty@ttyN.service.d/autologin.conf -; In the following format: -; [Service] -; Type=idle -; ExecStart= -; ExecStart=-/usr/bin/agetty --autologin --noclear %I 38400 linux -;(where N is the TTY number). Alternatively, if booting to a GUI, it -; can be set as according to that GUI (e.g. for LXDE, -; overlay/etc/lxdm/lxdm.conf, "autologin=") -; 0.) MUST be a salted SHA512 string in shadow format -; 1.) ALL $'s (there should be three of them) MUST be escaped with a second $. -; e.g.: $6$aBcDeFgHiJ$ZxYw.... would become $$6$$aBcDeFgHiJ$$ZxYw... root_password = - -; Should we create a non-root user on the image? -; Note that this user has full sudo access. -; 0.) Only accepts (case-insensitive): -; yes|no -; true|false -; 1|0 -; If it is undefined, it is assumed to be no. user = yes - -#---------------------------------------------------------# -# This section controls aspects about bdisk:user. -# Only used if bdisk:user set to True/yes/etc. -#---------------------------------------------------------# [user] - -; What username should we use for the live system? -; Standard *nix username rules apply: -; 0.) ASCII only -; 1.) 32 characters or less -; 2.) Alphanumeric only -; 3.) Lowercase only -; 4.) No whitespace -; 5.) Cannot start with a number username = ${bdisk:uxname} - -; What comment/description should be used for the user? -; See passwd(5) if you need details on this. -; 0.) ASCII only name = Default user - -; What password should be set for the user, if any? -; See bdisk:root_password for how to generate this. -; DO NOT PUT A PLAINTEXT PASSWORD HERE. password = -#---------------------------------------------------------# -# This section controls some aspects about the host -# and things like filesystem paths, etc. -#---------------------------------------------------------# [build] - -; What is the mirror for your bootstrap tarball? -; It is *highly* recommended you use an Arch Linux tarball -; as the build process is highly specialized to this. -; 0.) No whitespace -; 1.) Must be accessible remotely (no local file paths) mirror = mirror.us.leaseweb.net - -; What is the protocol for the bootstrap mirror? -; 0.) Must be one of: -; http, https, ftp mirrorproto = https - -; What is the path to the tarball directory? -; 0.) Must be a complete path -; (e.g. /dir1/subdir1/subdir2/ -; 1.) No whitespace mirrorpath = /archlinux/iso/latest/ - -; What is the filename for the tarball found in the above? -; If left blank, we will use the sha1 checksum file to try -; to guess the most recent file. mirrorfile = - -; What is the path to a sha1 checksum file? -; 0.) No whitespace -; 1.) Must be the full path -; 2.) Don't include the mirror domain or protocol mirrorchksum = ${mirrorpath}sha1sums.txt - -; Optional GPG checking. -; If the file has a GPG signature file, -; we can use it for extra checking. -; If it's blank, GPG checking will be disabled. -; If you specify just '.sig' (or use the default -; and don't actually specify a mirrorfile), -; we'll try to guess based on the file from the sha1 -; checksums. Note that this must evaluate to a full -; URL (e.g.: -; ${mirrorproto}://${mirror}${mirrorpath}somefile.sig) -; 0.) No whitespace (if specified) -; 1.) Must be the full path mirrorgpgsig = - -; What is a valid key ID that should be used to -; verify the tarballs? -; 0.) Only used if mirrorgpgsig is set -; 1.) Should be in the "shortform" -; (e.g. 7F2D434B9741E8AC) gpgkey = 7F2D434B9741E8AC - -; What is a valid keyserver we should use -; to fetch gpgkey? -; 0.) Only used if mirrorgpgsig is set -; 1.) The default (blank) is probably fine. -; If you don't specify a personal GPG config -; (under the gpg section), then you'll definitely probably -; want to leave this blank. -; 2.) If set, make sure you use a valid URI (e.g.: -; hkp://pgp.mit.edu ) gpgkeyserver = - -; Should we sign our release files? (See the GPG section) -; 0.) Only accepts (case-insensitive): -; yes|no -; true|false -; 1|0 gpg = no - -; Where should we save the bootstrap tarballs? -; 0.) No whitespace -; 1.) Will be created if it doesn't exist dlpath = /var/tmp/${bdisk:uxname} - -; Where should the bootstrap tarballs extract to and the -; chroots be built? -; 0.) No whitespace -; 1.) Will be created if it doesn't exist chrootdir = /var/tmp/chroots - -; Where is the base of the BDisk project located? -; In other words, if you cloned BDisk from git, -; what is BDisk's working tree directory? -; 0.) No whitespace -; 1.) Must exist and be populated with the BDisk's files basedir = /opt/dev/bdisk - -; This is the output directory of the ISO files when -; done building. This should not be checked into git. -; (The files will be very big!) -; 0.) No whitespace -; 1.) Will be created if it doesn't exist isodir = ${dlpath}/iso - -; This is a directory where we should save extra -; source code we download (if we need it). -; 0.) No whitespace -; 1.) Will be created if it doesn't exist, and is needed srcdir = ${dlpath}/src - -; What directory should we use for staging? -; 0.) No whitespace -; 1.) Will be created if it doesn't exist prepdir = ${dlpath}/temp - -; Where should we stage the boot files? -; This should not be the same dir as other options! -; The default is recommended. -; 0.) No whitespace -; 1.) Will be created if it doesn't exist archboot = ${prepdir}/${bdisk:name} - -; What directory/path should we use as a base -; directory for mountpoints? -; 0.) No whitespace -; 1.) Will be created if it doesn't exist mountpt = /mnt/${bdisk:uxname} - -; Should we build a multiarch image? That is to say, the -; same ISO file can be used for both i686 and x86_64. -; 0.) Only accepts (case-insensitive): -; yes/true (buld both i686, x86_64 in same image) -; no/false (build separate images, both arch's) -; i686 (ONLY build i686 architecture) -; x86_64 (ONLY build x86_64 architecture) -; If it is undefined, it is assumed to be no. multiarch = yes - -; Would you like to enable iPXE functionality? -; Note that this has no bearing on the 'sync' sections, -; so one can build e.g. only http files. -; 0.) Only accepts (case-insensitive): -; yes|no -; true|false -; 1|0 -; If it is undefined, it is assumed to be no. ipxe = no - -; This option should only be enabled if you are on a fairly -; powerful, multicore system with plenty of RAM. It will -; speed the build process along, but will have some -; seriously adverse effects if your system can't handle it. -; Most modern systems should be fine with leaving it enabled. -; 0.) Only accepts (case-insensitive): -; yes|no -; true|false -; 1|0 -; If it is undefined, it is assumed to be no. i_am_a_racecar = no - -#---------------------------------------------------------# -# This section controls settings for signing our release -# files. This is only used if build:gpg is -# yes/true/etc. -#---------------------------------------------------------# [gpg] - -; What is a valid key ID that we should use to -; *sign* our release files? -; 0.) You will be prompted for a passphrase if your -; key has one/you don't have an open and authorized -; gpg-agent session. Make sure you have a working -; pinentry configuration set up! -; 1.) If you leave this blank we will use the key -; we generate automatically earlier in the build -; process. -; 2.) We will generate one if this is blank and you -; have selected sign as yes. mygpgkey = - -; What directory should we use for the above GPG key? -; Make sure it contains your private key. mygpghome = - -#---------------------------------------------------------# -# This section controls what we should do with the -# resulting build and how to handle uploads, if we -# choose to use those features. -#---------------------------------------------------------# [sync] - -; Should we generate/prepare HTTP files? -; This is mostly only useful if you plan on using iPXE. -; However, it can also include the built ISO file(s). -; 0.) Only accepts (case-insensitive): -; yes|no -; true|false -; 1|0 -; If it is undefined, it is assumed to be no. http = no - -; Should we generate/prepare TFTP files? -; This is mostly only useful if you plan on using more -; traditional (non-iPXE) setups and regualar PXE bootstrapping -; into iPXE. -; 0.) Only accepts (case-insensitive): -; yes|no -; true|false -; 1|0 -; If it is undefined, it is assumed to be no. tftp = no - -; Enable automatic Git pushing for any changes done to the -; project itself? If you don't have upstream write access, -; you'll want to set this to False. -; 0.) Only accepts (case-insensitive): -; yes|no -; true|false -; 1|0 -; If it is undefined, it is assumed to be no. git = no - -; Enable rsync pushing for the ISO (and other files, if -; you choose- useful for iPXE over HTTP(S)). rsync = no - -#---------------------------------------------------------# -# This section controls details about HTTP file preparation/ -# generation. Only used if sync:http = True (or -# 'yes', etc.) -#---------------------------------------------------------# [http] - -; This directory is where to build an HTTP webroot. -; 0.) No whitespace -; 1.) If blank, HTTP preparation/generation will not be done -; 2.) If specified, it will be created if it doesn't exist -; 3.) If it does exist, it will be deleted first- MAKE SURE -; you do not store files here that you want to keep. path = ${build:dlpath}/http - -; What user and group, if applicable, should the HTTP files -; be owned as? This is most likely going to be either 'http', -; 'nginx', or 'apache'. -; 0.) No whitespace -; 1.) User must exist on system -; 2.) If path is blank, they will not be used user = http group = http - -#---------------------------------------------------------# -# This section controls details about TFTP file -# preparation/generation. Only used if -# sync:tftp = True (or 'yes', etc.) -#---------------------------------------------------------# [tftp] - -; The directory where we want to build a TFTP root. -; 0.) No whitespace -; 1.) If blank, TFTP preparation/generation will not be done -; 2.) If specified, it will be created if it doesn't exist -; 3.) If it does exist, it will be deleted first- MAKE SURE -; you do not store files here that you want to keep. path = ${build:dlpath}/tftpboot - -; What user and group, if applicable, should the TFTP files -; be owned as? This is most likely going to be either 'tftp' -; or 'root'. -; 0.) No whitespace -; 1.) User must exist on system -; 2.) If sync:tftp is blank, they will not be used user = root group = root - -#---------------------------------------------------------# -# This section controls aspects of iPXE building. Only used -# if build:ipxe = True (or 'yes', etc.) -#---------------------------------------------------------# [ipxe] - -; Build a "mini-ISO"; that is, an ISO file that can be used -; to bootstrap an iPXE environment (so you don't need to set -; up a traditional PXE environment on your LAN). We'll still -; build a full standalone ISO no matter what. -; 0.) Only accepts (case-insensitive): -; yes|no -; true|false -; 1|0 -; 1.) Requires actual git to be installed. -; If it is undefined, it is assumed to be no. iso = no - -; What URI should iPXE's EMBED script use? -; If you require HTTP BASIC Authentication or HTTP Digest -; Authentication (untested), you can format it via: -; -; https://user:password@domain.tld/page.php -; -; This currently does not work for HTTPS with self-signed -; certificates. -; 0.) REQUIRED if iso and/or usb is set to True/yes/etc. -; 1.) Must be a valid URI understood by minimal versions -; of curl. uri = https://domain.tld - -; Directory to hold SSL results, if we are generating -; keys, certificates, etc. ssldir = ${build:dlpath}/ssl - -; Path to the (root) CA certificate file iPXE should use. -; Note that you can use your own CA to sign existing certs. -; See http://ipxe.org/crypto for more info. This is handy if -; you run a third-party/"Trusted" root-CA-signed certificate -; for the HTTPS target. -; 0.) No whitespace -; 1.) Must be in PEM/X509 format -; 2.) REQUIRED if iso and/or usb is set to True/yes/etc. -; 3.) If it exists, a matching key (ssl_cakey) MUST be -; specified -; 4.) HOWEVER, if left blank/doesn't exist, one will be -; automatically generated ssl_ca = ${ssldir}/ca.crt - -; Path to the (root) CA key file iPXE should use. -; 0.) No whitespace -; 1.) Must be in PEM/X509 format -; 2.) REQUIRED if iso and/or usb is set to True/yes/etc. -; 3.) If left blank or it doesn't exist (and ssl_ca is also -; blank), one will be automatically generated -; 4.) MUST match ssl_ca if specified/exists -; 5.) MUST NOT be passphrase-protected ssl_cakey = ${ssldir}/ca.key - -; Path to the CLIENT certificate iPXE should use. -; 0.) No whitespace -; 1.) Must be in PEM/X509 format -; 2.) REQUIRED if iso and/or usb is set to True/yes/etc. -; 3.) If specified/existent, a matching CA cert (ssl_ca) -; and key (ssl_cakey) MUST be specified -; 4.) HOWEVER, if left blank/nonexistent, one will be generated -; 5.) MUST be signed by ssl_ca/ssl_ca if specified ssl_crt = ${ssldir}/main.crt - -; Path to the CLIENT key iPXE should use. -; 0.) No whitespace -; 1.) Must be in PEM/X509 format -; 2.) REQUIRED if iso and/or usb is set to True/yes/etc. -; 4.) If left blank/nonexistent (and ssl_ca is also blank), -; one will be automatically generated ssl_key = ${ssldir}/main.key - -#---------------------------------------------------------# -# This section controls aspects of rsync pushing. Only used -# if sync:rsync = True (or 'yes', etc.) -#---------------------------------------------------------# [rsync] - -; This is the rsync destination host. host = - -; This is the remote user we should use when performing the -; rsync push. user = - -; This is the remote destination path we should use for -; pushing via rsync. -; 0.) No whitespace -; 1.) The path MUST exist on the remote host -; 2.) The path MUST be writable by rsync:user -; RECOMMENDED: you'll probably want to set http:(user|group) -; to what it'll need to be on the destination. path = - -; Should we rsync over the ISO files too, or just the boot -; files? -; 0.) Only accepts (case-insensitive): -; yes|no -; true|false -; 1|0 iso = no diff --git a/extra/pre-build.d/etc/mkinitcpio.conf b/extra/pre-build.d/etc/mkinitcpio.conf index 8f65f84..e6e2c1d 100644 --- a/extra/pre-build.d/etc/mkinitcpio.conf +++ b/extra/pre-build.d/etc/mkinitcpio.conf @@ -3,7 +3,7 @@ # run. Advanced users may wish to specify all system modules # in this array. For instance: # MODULES="piix ide_disk reiserfs" -MODULES="overlay ata_generic ata_piix loop nls_cp437 ext4 raid456 vfat netconsole" +MODULES="overlay ata_generic ata_piix loop nls_cp437 ext4 raid456 vfat netconsole isofs" # BINARIES # This setting includes any additional binaries a given user may diff --git a/extra/pre-build.d/root/pre-build.sh b/extra/pre-build.d/root/pre-build.sh index 41ab276..b43891d 100755 --- a/extra/pre-build.d/root/pre-build.sh +++ b/extra/pre-build.d/root/pre-build.sh @@ -115,7 +115,6 @@ ln -s /usr/lib/libdialog.so.1.2 /usr/lib/libdialog.so cleanPacorigs apacman --noconfirm --noedit --skipinteg -S --needed linux apacman --gendb -#mv -f /boot/vmlinuz-linux /boot/vmlinuz-linux-${DISTNAME} cleanPacorigs # And install EXTRA functionality packages, if there are any. @@ -161,7 +160,6 @@ else usermod -L root fi cleanPacorigs -mv -f /boot/initramfs-linux.img /boot/initramfs-linux-${DISTNAME}.img # And install arch-specific extra packages, if there are any. #PKGLIST=$(sed -re '/^[[:space:]]*(#|$)/d' /root/packages.arch | tr '\n' ' ') PKGLIST=$(getPkgList /root/packages.arch) diff --git a/extra/templates/iPXE/BIOS/isolinux.cfg.j2 b/extra/templates/iPXE/BIOS/isolinux.cfg.j2 index ba0a630..00ad0f1 100644 --- a/extra/templates/iPXE/BIOS/isolinux.cfg.j2 +++ b/extra/templates/iPXE/BIOS/isolinux.cfg.j2 @@ -3,5 +3,5 @@ PROMPT 0 TIMEOUT 10 LABEL ipxe - KERNEL boot/ipxe.krn +KERNEL /boot/ipxe.krn