WHEW. booting now all fixed for all implementations. can probably get that iPXE image smaller, though.
This commit is contained in:
parent
e1e464d5c5
commit
764ba2f8d0
@ -136,14 +136,20 @@ def genUEFI(build, bdisk):
|
||||
fname = 'bootx64.efi'
|
||||
else:
|
||||
fname = f
|
||||
if not os.path.isfile(prepdir + '/EFI/boot/' + fname):
|
||||
shutil.copy2('{0}/root.x86_64/usr/share/efitools/efi/{1}'.format(chrootdir, f),
|
||||
'{0}/EFI/boot/{1}'.format(prepdir, fname))
|
||||
with open('{0}/root.x86_64/usr/share/efitools/efi/{1}'.format(
|
||||
chrootdir,
|
||||
f),
|
||||
'rb') as r:
|
||||
with open('{0}/EFI/boot/{1}'.format(prepdir, fname), 'wb') as file:
|
||||
file.write(r.read())
|
||||
# And we also need the systemd efi bootloader.
|
||||
if os.path.isfile(prepdir + '/EFI/boot/loader.efi'):
|
||||
os.remove(prepdir + '/EFI/boot/loader.efi')
|
||||
shutil.copy2(chrootdir + '/root.x86_64/usr/lib/systemd/boot/efi/systemd-bootx64.efi',
|
||||
prepdir + '/EFI/boot/loader.efi')
|
||||
with open('{0}/root.x86_64/usr/lib/systemd/boot/efi/systemd-bootx64.efi'.format(
|
||||
chrootdir),
|
||||
'rb') as r:
|
||||
with open('{0}/EFI/boot/loader.efi'.format(prepdir), 'wb') as file:
|
||||
file.write(r.read())
|
||||
# And the accompanying configs for the systemd efi bootloader, too.
|
||||
tpl_loader = jinja2.FileSystemLoader(templates_dir)
|
||||
env = jinja2.Environment(loader = tpl_loader)
|
||||
@ -166,9 +172,9 @@ def genUEFI(build, bdisk):
|
||||
f.write(tpl_out)
|
||||
# And we need to get filesizes (in bytes) for everything we need to include in the ESP.
|
||||
# This is more important than it looks.
|
||||
#sizetotal = 33553920 # The spec'd EFI binary size (32MB). It's okay to go over this though (and we do)
|
||||
sizetotal = 33553920 # The spec'd EFI binary size (32MB). It's okay to go over this though (and we do)
|
||||
# because xorriso sees it as a filesystem image and adjusts the ISO automagically.
|
||||
sizetotal = 2097152 # we start with 2MB and add to it for wiggle room
|
||||
#sizetotal = 2097152 # we start with 2MB and add to it for wiggle room
|
||||
sizefiles = ['/boot/' + bdisk['uxname'] + '.64.img',
|
||||
'/boot/' + bdisk['uxname'] + '.64.kern',
|
||||
'/EFI/boot/bootx64.efi',
|
||||
@ -235,10 +241,8 @@ def genUEFI(build, bdisk):
|
||||
if os.path.isfile(z):
|
||||
os.remove(z)
|
||||
shutil.copy(y, z)
|
||||
#shutil.copy2('{0}/root.{1}/boot/vmlinuz-linux-{2}'.format(chrootdir, 'x86_64', bdisk['name']),
|
||||
shutil.copy2('{0}/root.{1}/boot/vmlinuz-linux'.format(chrootdir, 'x86_64'),
|
||||
'{0}/EFI/{1}/{2}.efi'.format(mountpt, bdisk['name'], bdisk['uxname']))
|
||||
#shutil.copy2('{0}/root.{1}/boot/initramfs-linux-{2}.img'.format(chrootdir, 'x86_64', bdisk['name']),
|
||||
shutil.copy2('{0}/root.{1}/boot/initramfs-linux.img'.format(chrootdir, 'x86_64'),
|
||||
'{0}/EFI/{1}/{2}.img'.format(mountpt, bdisk['name'], bdisk['uxname']))
|
||||
# TODO: support both arch's as EFI bootable instead? Maybe? requires more research. very rare.
|
||||
|
@ -133,8 +133,8 @@ def genISO(conf):
|
||||
os.makedirs(os.path.dirname(efiboot_img), exist_ok = True) # FAT32 embedded EFI dir
|
||||
os.makedirs('{0}/EFI/boot'.format(bootdir), exist_ok = True) # EFI bootloader binary dir
|
||||
# Inner dir (miniboot.img file)
|
||||
sizetotal = 2097152 # 2MB wiggle room. increase this if we add IA64.
|
||||
#sizetotal = 34603008 # 33MB wiggle room. increase this if we add IA64.
|
||||
#sizetotal = 2097152 # 2MB wiggle room. increase this if we add IA64.
|
||||
sizetotal = 34603008 # 33MB wiggle room. increase this if we add IA64.
|
||||
sizetotal += os.path.getsize(innerefi64)
|
||||
sizefiles = ['HashTool', 'PreLoader']
|
||||
for f in sizefiles:
|
||||
@ -161,7 +161,7 @@ def genISO(conf):
|
||||
cmd = ['/bin/mount', efiboot_img, mountpt]
|
||||
subprocess.call(cmd)
|
||||
os.makedirs(mountpt + '/EFI/boot', exist_ok = True) # "Inner" (EFI image)
|
||||
os.makedirs('{0}/EFI/{1}'.format(mountpt, bdisk['name']), exist_ok = True) # "Inner" (EFI image)
|
||||
#os.makedirs('{0}/EFI/{1}'.format(mountpt, bdisk['name']), exist_ok = True) # "Inner" (EFI image)
|
||||
os.makedirs('{0}/boot'.format(bootdir), exist_ok = True) # kernel(s)
|
||||
os.makedirs('{0}/loader/entries'.format(bootdir), exist_ok = True) # EFI
|
||||
for d in (mountpt, bootdir):
|
||||
@ -171,19 +171,24 @@ def genISO(conf):
|
||||
fname = 'bootx64.efi'
|
||||
else:
|
||||
fname = f
|
||||
if not os.path.isfile('{0}/EFI/boot/{1}'.format(mountpt, fname)):
|
||||
shutil.copy2('{0}/root.x86_64/usr/share/efitools/efi/{1}'.format(chrootdir, f),
|
||||
'{0}/EFI/boot/{1}'.format(mountpt, fname))
|
||||
if not os.path.isfile('{0}/EFI/boot/{1}'.format(bootdir, f)):
|
||||
shutil.copy2('{0}/root.x86_64/usr/share/efitools/efi/{1}'.format(chrootdir, f),
|
||||
'{0}/EFI/boot/{1}'.format(bootdir, fname))
|
||||
|
||||
with open('{0}/root.x86_64/usr/share/efitools/efi/{1}'.format(
|
||||
chrootdir,f),
|
||||
'rb') as r:
|
||||
with open('{0}/EFI/boot/{1}'.format(mountpt, fname), 'wb') as file:
|
||||
file.write(r.read())
|
||||
with open('{0}/root.x86_64/usr/share/efitools/efi/{1}'.format(
|
||||
chrootdir, f),
|
||||
'rb') as r:
|
||||
with open('{0}/EFI/boot/{1}'.format(bootdir, fname), 'wb+') as file:
|
||||
file.write(r.read())
|
||||
# And the systemd efi bootloader.
|
||||
if not os.path.isfile('{0}/EFI/boot/loader.efi'.format(mountpt)):
|
||||
shutil.copy2('{0}/root.x86_64/usr/lib/systemd/boot/efi/systemd-bootx64.efi'.format(chrootdir),
|
||||
'{0}/EFI/boot/loader.efi'.format(mountpt))
|
||||
if not os.path.isfile('{0}/EFI/boot/loader.efi'.format(bootdir)):
|
||||
shutil.copy2('{0}/root.x86_64/usr/lib/systemd/boot/efi/systemd-bootx64.efi'.format(chrootdir),
|
||||
'{0}/EFI/boot/loader.efi'.format(bootdir))
|
||||
with open('{0}/root.x86_64/usr/lib/systemd/boot/efi/systemd-bootx64.efi'.format(
|
||||
chrootdir),
|
||||
'rb') as r:
|
||||
with open('{0}/EFI/boot/loader.efi'.format(mountpt), 'wb+') as f:
|
||||
f.write(r.read())
|
||||
|
||||
# And loader entries.
|
||||
os.makedirs('{0}/loader/entries'.format(mountpt, exist_ok = True))
|
||||
for t in ('loader', 'base'):
|
||||
@ -202,7 +207,7 @@ def genISO(conf):
|
||||
# Outer dir
|
||||
outerdir = True
|
||||
os.makedirs('{0}/isolinux'.format(bootdir), exist_ok = True) # BIOS
|
||||
# and we create the loader entries (outer)
|
||||
# Loader entries (outer)
|
||||
for t in ('loader','base'):
|
||||
if t == 'base':
|
||||
name = bdisk['uxname']
|
||||
|
@ -21,4 +21,5 @@ include::user/GETTING_STARTED.adoc[]
|
||||
include::user/IMPORTANT_CONCEPTS.adoc[]
|
||||
include::user/PROJECT_LAYOUT.adoc[]
|
||||
include::user/BUILDINI.adoc[]
|
||||
include::user/ADVANCED.adoc[]
|
||||
|
||||
|
2
docs/manual/user/ADVANCED.adoc
Normal file
2
docs/manual/user/ADVANCED.adoc
Normal file
@ -0,0 +1,2 @@
|
||||
== Advanced Customization
|
||||
If the <<_the_code_build_ini_code_file,`build.ini` file>> doesn't provide enough customization to your liking, I don't blame you! It was designed only to provide the most basic control and is primarily only used to control the build process itself.
|
@ -1,4 +1,4 @@
|
||||
== The `build.ini` file
|
||||
== The `build.ini` File
|
||||
This file is where you can specify some of the very basics of BDisk building. It allows you to specify/define certain variables and settings used by the build process. It uses https://docs.python.org/3/library/configparser.html[ConfigParser^] for the parsing engine, and you can do some https://wiki.python.org/moin/ConfigParserExamples[more advanced^] things with it than I demonstrate in the default.
|
||||
|
||||
It's single-level, but divided into "sections". This is unfortunately a limitation of ConfigParser, but it should be easy enough to follow.
|
||||
@ -510,4 +510,75 @@ Directory to hold SSL results, if we are generating keys, certificates, etc.
|
||||
==== `ssl_ca`
|
||||
Path to the (root) CA certificate file iPXE should use. See http://ipxe.org/crypto[iPXE's crypto page^] for more information.
|
||||
|
||||
NOTE: You can use your own CA to sign existing certs.
|
||||
NOTE: You can use your own CA to sign existing certs. This is handy if you run a third-party/"Trusted" root-CA-signed certificate for the HTTPS target.
|
||||
|
||||
. No whitespace
|
||||
. Must be in PEM/X509 format
|
||||
. *Required* if <<__code_iso_code,`iso`>> is enabled
|
||||
. If it exists, a matching key (ssl_cakey) *must* be specified
|
||||
.. However, if left blank/doesn't exist, one will be automatically generated
|
||||
|
||||
==== `ssl_cakey`
|
||||
Path to the (root) CA key file iPXE should use.
|
||||
|
||||
. No whitespace
|
||||
. Must be in PEM/X509 format
|
||||
. *Required* if <<__code_iso_code,`iso`>> is enabled
|
||||
. If left blank or it doesn't exist (and <<__code_ssl_ca_code,`ssl_ca`>> is also blank), one will be automatically generated
|
||||
. *Must* match/pair to <<__code_ssl_ca_code,`ssl_ca`>> if specified/exists
|
||||
. MUST NOT be passphrase-protected/DES-encrypted
|
||||
|
||||
==== `ssl_crt`
|
||||
Path to the _client_ certificate iPXE should use.
|
||||
|
||||
. No whitespace
|
||||
. Must be in PEM/X509 format
|
||||
. *Required* if <<__code_iso_code,`iso`>> is enabled
|
||||
. If specified/existent, a matching CA cert (<<__code_ssl_ca_code,`ssl_ca`>>) and key (<<__code_ssl_cakey_code,`ssl_cakey`>>) *must* be specified
|
||||
.. However, if left blank/doesn't exist, one will be automatically generated
|
||||
. *Must* be signed by <<__code_ssl_ca_code,`ssl_ca`>>/<<__code_ssl_cakey_code,`ssl_cakey`>> if specified and already exists
|
||||
|
||||
==== `ssl_key`
|
||||
Path to the _client_ key iPXE should use.
|
||||
|
||||
. No whitespace
|
||||
. Must be in PEM/X509 format
|
||||
. *Required* if <<__code_iso_code,`iso`>> is enabled
|
||||
. If left blank/nonexistent (and <<__code_ssl_ca_code,`ssl_ca`>> is also blank), one will be automatically generated
|
||||
|
||||
=== `[rsync]`
|
||||
This section controls aspects of rsync pushing. Only used if <<__code_rsync_code,`sync:rsync`>> is enabled.
|
||||
|
||||
==== `host`
|
||||
The rsync destination host.
|
||||
|
||||
. Must resolve from the build server
|
||||
. Can be host, FQDN, or IP address
|
||||
|
||||
==== `user`
|
||||
This is the remote user we should use when performing the rsync push.
|
||||
|
||||
. User must exist on remote system
|
||||
. SSH pubkey authorization must be configured
|
||||
. The destination's hostkey must be added to your local build user's known hosts
|
||||
|
||||
==== `path`
|
||||
This is the remote destination path we should use for pushing via rsync.
|
||||
|
||||
|
||||
NOTE: You'll probably want to set *`http:user`* and *`group`* to what it'll need to be on the destination.
|
||||
|
||||
. No whitespace
|
||||
. The path *must* exist on the remote host
|
||||
. The path MUST be writable by <<__code_user_code_5,`user`>>
|
||||
|
||||
==== `iso`
|
||||
Should we rsync over the ISO files too, or just the boot files?
|
||||
|
||||
[options="header"]
|
||||
|======================
|
||||
2+^|Accepts (case-insensitive) one of:
|
||||
^m|yes ^m|no
|
||||
^m|true ^m|false
|
||||
^m|1 ^m|0
|
||||
|======================
|
||||
|
@ -5,515 +5,82 @@
|
||||
# This file is used to define various variables/settings
|
||||
# used by the build script.
|
||||
#
|
||||
# It is well-commented, and uses INI syntax.
|
||||
# See https://wiki.python.org/moin/ConfigParserExamples
|
||||
# for some advanced features if you would like to use
|
||||
# them.
|
||||
# Blank lines are ignored. Section integrity is important.
|
||||
# #- and ;-prefixed lines are comments and are not parsed.
|
||||
# If restrictions on input are present, they will be
|
||||
# given in a numerical list.
|
||||
# For full (perhaps overly-verbose ;) documentation, please
|
||||
# see:
|
||||
# https://bdisk.square-r00t.net/#_the_code_build_ini_code_file
|
||||
# Or simply refer to the section titled "The build.ini File"
|
||||
# in the user manual.
|
||||
|
||||
#---------------------------------------------------------#
|
||||
# This section controls some aspects about the live
|
||||
# environment itself.
|
||||
#---------------------------------------------------------#
|
||||
[bdisk]
|
||||
|
||||
; The name of the project. If you roll your own and don't
|
||||
; want it called the default, here's where you change it.
|
||||
; 0.) Alphanumeric only
|
||||
; 1.) 8 characters total or less
|
||||
; 2.) No whitespace
|
||||
; 3.) ASCII *only*
|
||||
; 4.) Will be converted to uppercase if it isn't already
|
||||
name = BDISK
|
||||
|
||||
; This is used for filenames, etc.
|
||||
; I highly recommend it be the same as 'name', but
|
||||
; lowercase.
|
||||
; 0.) Alphanumeric only
|
||||
; 1.) No whitespace
|
||||
; 2.) ASCII *only*
|
||||
; 3.) Will be converted to lowercase if it isn't already
|
||||
uxname = bdisk
|
||||
|
||||
; This string is used for "pretty-printing" of the name.
|
||||
; 0.) Can contain whitespace
|
||||
; 1.) Can be mixed-case, uppercase, or lowercase
|
||||
; 2.) ASCII *only*
|
||||
pname = BDisk
|
||||
|
||||
; What version is this?
|
||||
; If we don't have a version specified here, we'll
|
||||
; try to guess based on the current git commit in build:basedir.
|
||||
; 0.) No whitespace
|
||||
ver =
|
||||
|
||||
; Your/your organization's name.
|
||||
; The same rules as 'pname' apply:
|
||||
; 0.) Can contain whitespace
|
||||
; 1.) Can be mixed-case, uppercase, or lowercase
|
||||
; 2.) ASCII *only*
|
||||
dev = r00t^2
|
||||
|
||||
; Your email address.
|
||||
; This is only used for commit messages (sync:git),
|
||||
; or GPG-signing the releases (see the associated build
|
||||
; section items).
|
||||
email = bts@square-r00t.net
|
||||
|
||||
; What this distribution/project is used for.
|
||||
; 0.) Can contain whitespace
|
||||
; 1.) Can be mixed-case, uppercase, or lowercase
|
||||
; 2.) ASCII *only*
|
||||
desc = j00 got 0wnz0r3d lulz.
|
||||
|
||||
; What is your livedistro's URL?
|
||||
; 0.) Should be a valid URI understood by minimal versions
|
||||
; of curl.
|
||||
uri = https://bdisk.square-r00t.net
|
||||
|
||||
; Should the root user have a password? IF THIS IS NOT SET,
|
||||
; PASSWORD LOGIN WILL BE DISABLED! If you wish to have a
|
||||
; blank password, use the string:
|
||||
; BLANK
|
||||
; Do NOT use a plaintext password here. You will need to
|
||||
; generate a salted and hashed string in a shadow-compatible
|
||||
; format. If you need help generating one, see docs/HOWTO.hashgen.
|
||||
; If an assistance script is available, the path will be given
|
||||
; (i.e. extras/bin/hashgen.py).
|
||||
;
|
||||
; Note that if you want an automatic login, this is NOT where it
|
||||
; would be set. It should instead be controlled via:
|
||||
; overlay/etc/systemd/system/getty@ttyN.service.d/autologin.conf
|
||||
; In the following format:
|
||||
; [Service]
|
||||
; Type=idle
|
||||
; ExecStart=
|
||||
; ExecStart=-/usr/bin/agetty --autologin <USERNAME> --noclear %I 38400 linux
|
||||
;(where N is the TTY number). Alternatively, if booting to a GUI, it
|
||||
; can be set as according to that GUI (e.g. for LXDE,
|
||||
; overlay/etc/lxdm/lxdm.conf, "autologin=<USERNAME>")
|
||||
; 0.) MUST be a salted SHA512 string in shadow format
|
||||
; 1.) ALL $'s (there should be three of them) MUST be escaped with a second $.
|
||||
; e.g.: $6$aBcDeFgHiJ$ZxYw.... would become $$6$$aBcDeFgHiJ$$ZxYw...
|
||||
root_password =
|
||||
|
||||
; Should we create a non-root user on the image?
|
||||
; Note that this user has full sudo access.
|
||||
; 0.) Only accepts (case-insensitive):
|
||||
; yes|no
|
||||
; true|false
|
||||
; 1|0
|
||||
; If it is undefined, it is assumed to be no.
|
||||
user = yes
|
||||
|
||||
|
||||
#---------------------------------------------------------#
|
||||
# This section controls aspects about bdisk:user.
|
||||
# Only used if bdisk:user set to True/yes/etc.
|
||||
#---------------------------------------------------------#
|
||||
[user]
|
||||
|
||||
; What username should we use for the live system?
|
||||
; Standard *nix username rules apply:
|
||||
; 0.) ASCII only
|
||||
; 1.) 32 characters or less
|
||||
; 2.) Alphanumeric only
|
||||
; 3.) Lowercase only
|
||||
; 4.) No whitespace
|
||||
; 5.) Cannot start with a number
|
||||
username = ${bdisk:uxname}
|
||||
|
||||
; What comment/description should be used for the user?
|
||||
; See passwd(5) if you need details on this.
|
||||
; 0.) ASCII only
|
||||
name = Default user
|
||||
|
||||
; What password should be set for the user, if any?
|
||||
; See bdisk:root_password for how to generate this.
|
||||
; DO NOT PUT A PLAINTEXT PASSWORD HERE.
|
||||
password =
|
||||
|
||||
#---------------------------------------------------------#
|
||||
# This section controls some aspects about the host
|
||||
# and things like filesystem paths, etc.
|
||||
#---------------------------------------------------------#
|
||||
[build]
|
||||
|
||||
; What is the mirror for your bootstrap tarball?
|
||||
; It is *highly* recommended you use an Arch Linux tarball
|
||||
; as the build process is highly specialized to this.
|
||||
; 0.) No whitespace
|
||||
; 1.) Must be accessible remotely (no local file paths)
|
||||
mirror = mirror.us.leaseweb.net
|
||||
|
||||
; What is the protocol for the bootstrap mirror?
|
||||
; 0.) Must be one of:
|
||||
; http, https, ftp
|
||||
mirrorproto = https
|
||||
|
||||
; What is the path to the tarball directory?
|
||||
; 0.) Must be a complete path
|
||||
; (e.g. /dir1/subdir1/subdir2/
|
||||
; 1.) No whitespace
|
||||
mirrorpath = /archlinux/iso/latest/
|
||||
|
||||
; What is the filename for the tarball found in the above?
|
||||
; If left blank, we will use the sha1 checksum file to try
|
||||
; to guess the most recent file.
|
||||
mirrorfile =
|
||||
|
||||
; What is the path to a sha1 checksum file?
|
||||
; 0.) No whitespace
|
||||
; 1.) Must be the full path
|
||||
; 2.) Don't include the mirror domain or protocol
|
||||
mirrorchksum = ${mirrorpath}sha1sums.txt
|
||||
|
||||
; Optional GPG checking.
|
||||
; If the file has a GPG signature file,
|
||||
; we can use it for extra checking.
|
||||
; If it's blank, GPG checking will be disabled.
|
||||
; If you specify just '.sig' (or use the default
|
||||
; and don't actually specify a mirrorfile),
|
||||
; we'll try to guess based on the file from the sha1
|
||||
; checksums. Note that this must evaluate to a full
|
||||
; URL (e.g.:
|
||||
; ${mirrorproto}://${mirror}${mirrorpath}somefile.sig)
|
||||
; 0.) No whitespace (if specified)
|
||||
; 1.) Must be the full path
|
||||
mirrorgpgsig =
|
||||
|
||||
; What is a valid key ID that should be used to
|
||||
; verify the tarballs?
|
||||
; 0.) Only used if mirrorgpgsig is set
|
||||
; 1.) Should be in the "shortform"
|
||||
; (e.g. 7F2D434B9741E8AC)
|
||||
gpgkey = 7F2D434B9741E8AC
|
||||
|
||||
; What is a valid keyserver we should use
|
||||
; to fetch gpgkey?
|
||||
; 0.) Only used if mirrorgpgsig is set
|
||||
; 1.) The default (blank) is probably fine.
|
||||
; If you don't specify a personal GPG config
|
||||
; (under the gpg section), then you'll definitely probably
|
||||
; want to leave this blank.
|
||||
; 2.) If set, make sure you use a valid URI (e.g.:
|
||||
; hkp://pgp.mit.edu )
|
||||
gpgkeyserver =
|
||||
|
||||
; Should we sign our release files? (See the GPG section)
|
||||
; 0.) Only accepts (case-insensitive):
|
||||
; yes|no
|
||||
; true|false
|
||||
; 1|0
|
||||
gpg = no
|
||||
|
||||
; Where should we save the bootstrap tarballs?
|
||||
; 0.) No whitespace
|
||||
; 1.) Will be created if it doesn't exist
|
||||
dlpath = /var/tmp/${bdisk:uxname}
|
||||
|
||||
; Where should the bootstrap tarballs extract to and the
|
||||
; chroots be built?
|
||||
; 0.) No whitespace
|
||||
; 1.) Will be created if it doesn't exist
|
||||
chrootdir = /var/tmp/chroots
|
||||
|
||||
; Where is the base of the BDisk project located?
|
||||
; In other words, if you cloned BDisk from git,
|
||||
; what is BDisk's working tree directory?
|
||||
; 0.) No whitespace
|
||||
; 1.) Must exist and be populated with the BDisk's files
|
||||
basedir = /opt/dev/bdisk
|
||||
|
||||
; This is the output directory of the ISO files when
|
||||
; done building. This should not be checked into git.
|
||||
; (The files will be very big!)
|
||||
; 0.) No whitespace
|
||||
; 1.) Will be created if it doesn't exist
|
||||
isodir = ${dlpath}/iso
|
||||
|
||||
; This is a directory where we should save extra
|
||||
; source code we download (if we need it).
|
||||
; 0.) No whitespace
|
||||
; 1.) Will be created if it doesn't exist, and is needed
|
||||
srcdir = ${dlpath}/src
|
||||
|
||||
; What directory should we use for staging?
|
||||
; 0.) No whitespace
|
||||
; 1.) Will be created if it doesn't exist
|
||||
prepdir = ${dlpath}/temp
|
||||
|
||||
; Where should we stage the boot files?
|
||||
; This should not be the same dir as other options!
|
||||
; The default is recommended.
|
||||
; 0.) No whitespace
|
||||
; 1.) Will be created if it doesn't exist
|
||||
archboot = ${prepdir}/${bdisk:name}
|
||||
|
||||
; What directory/path should we use as a base
|
||||
; directory for mountpoints?
|
||||
; 0.) No whitespace
|
||||
; 1.) Will be created if it doesn't exist
|
||||
mountpt = /mnt/${bdisk:uxname}
|
||||
|
||||
; Should we build a multiarch image? That is to say, the
|
||||
; same ISO file can be used for both i686 and x86_64.
|
||||
; 0.) Only accepts (case-insensitive):
|
||||
; yes/true (buld both i686, x86_64 in same image)
|
||||
; no/false (build separate images, both arch's)
|
||||
; i686 (ONLY build i686 architecture)
|
||||
; x86_64 (ONLY build x86_64 architecture)
|
||||
; If it is undefined, it is assumed to be no.
|
||||
multiarch = yes
|
||||
|
||||
; Would you like to enable iPXE functionality?
|
||||
; Note that this has no bearing on the 'sync' sections,
|
||||
; so one can build e.g. only http files.
|
||||
; 0.) Only accepts (case-insensitive):
|
||||
; yes|no
|
||||
; true|false
|
||||
; 1|0
|
||||
; If it is undefined, it is assumed to be no.
|
||||
ipxe =
|
||||
|
||||
; This option should only be enabled if you are on a fairly
|
||||
; powerful, multicore system with plenty of RAM. It will
|
||||
; speed the build process along, but will have some
|
||||
; seriously adverse effects if your system can't handle it.
|
||||
; Most modern systems should be fine with leaving it enabled.
|
||||
; 0.) Only accepts (case-insensitive):
|
||||
; yes|no
|
||||
; true|false
|
||||
; 1|0
|
||||
; If it is undefined, it is assumed to be no.
|
||||
i_am_a_racecar = yes
|
||||
|
||||
|
||||
#---------------------------------------------------------#
|
||||
# This section controls settings for signing our release
|
||||
# files. This is only used if build:gpg is
|
||||
# yes/true/etc.
|
||||
#---------------------------------------------------------#
|
||||
[gpg]
|
||||
|
||||
; What is a valid key ID that we should use to
|
||||
; *sign* our release files?
|
||||
; 0.) You will be prompted for a passphrase if your
|
||||
; key has one/you don't have an open and authorized
|
||||
; gpg-agent session. Make sure you have a working
|
||||
; pinentry configuration set up!
|
||||
; 1.) If you leave this blank we will use the key
|
||||
; we generate automatically earlier in the build
|
||||
; process.
|
||||
; 2.) We will generate one if this is blank and you
|
||||
; have selected sign as yes.
|
||||
mygpgkey =
|
||||
|
||||
; What directory should we use for the above GPG key?
|
||||
; Make sure it contains your private key.
|
||||
mygpghome =
|
||||
|
||||
|
||||
#---------------------------------------------------------#
|
||||
# This section controls what we should do with the
|
||||
# resulting build and how to handle uploads, if we
|
||||
# choose to use those features.
|
||||
#---------------------------------------------------------#
|
||||
[sync]
|
||||
|
||||
; Should we generate/prepare HTTP files?
|
||||
; This is mostly only useful if you plan on using iPXE.
|
||||
; However, it can also include the built ISO file(s).
|
||||
; 0.) Only accepts (case-insensitive):
|
||||
; yes|no
|
||||
; true|false
|
||||
; 1|0
|
||||
; If it is undefined, it is assumed to be no.
|
||||
http = no
|
||||
|
||||
; Should we generate/prepare TFTP files?
|
||||
; This is mostly only useful if you plan on using more
|
||||
; traditional (non-iPXE) setups and regualar PXE bootstrapping
|
||||
; into iPXE.
|
||||
; 0.) Only accepts (case-insensitive):
|
||||
; yes|no
|
||||
; true|false
|
||||
; 1|0
|
||||
; If it is undefined, it is assumed to be no.
|
||||
tftp = no
|
||||
|
||||
; Enable automatic Git pushing for any changes done to the
|
||||
; project itself? If you don't have upstream write access,
|
||||
; you'll want to set this to False.
|
||||
; 0.) Only accepts (case-insensitive):
|
||||
; yes|no
|
||||
; true|false
|
||||
; 1|0
|
||||
; If it is undefined, it is assumed to be no.
|
||||
git = no
|
||||
|
||||
; Enable rsync pushing for the ISO (and other files, if
|
||||
; you choose- useful for iPXE over HTTP(S)).
|
||||
rsync = no
|
||||
|
||||
|
||||
#---------------------------------------------------------#
|
||||
# This section controls details about HTTP file preparation/
|
||||
# generation. Only used if sync:http = True (or
|
||||
# 'yes', etc.)
|
||||
#---------------------------------------------------------#
|
||||
[http]
|
||||
|
||||
; This directory is where to build an HTTP webroot.
|
||||
; 0.) No whitespace
|
||||
; 1.) If blank, HTTP preparation/generation will not be done
|
||||
; 2.) If specified, it will be created if it doesn't exist
|
||||
; 3.) If it does exist, it will be deleted first- MAKE SURE
|
||||
; you do not store files here that you want to keep.
|
||||
path = ${build:dlpath}/http
|
||||
|
||||
; What user and group, if applicable, should the HTTP files
|
||||
; be owned as? This is most likely going to be either 'http',
|
||||
; 'nginx', or 'apache'.
|
||||
; 0.) No whitespace
|
||||
; 1.) User must exist on system
|
||||
; 2.) If path is blank, they will not be used
|
||||
user = http
|
||||
group = http
|
||||
|
||||
|
||||
#---------------------------------------------------------#
|
||||
# This section controls details about TFTP file
|
||||
# preparation/generation. Only used if
|
||||
# sync:tftp = True (or 'yes', etc.)
|
||||
#---------------------------------------------------------#
|
||||
[tftp]
|
||||
|
||||
; The directory where we want to build a TFTP root.
|
||||
; 0.) No whitespace
|
||||
; 1.) If blank, TFTP preparation/generation will not be done
|
||||
; 2.) If specified, it will be created if it doesn't exist
|
||||
; 3.) If it does exist, it will be deleted first- MAKE SURE
|
||||
; you do not store files here that you want to keep.
|
||||
path = ${build:dlpath}/tftpboot
|
||||
|
||||
; What user and group, if applicable, should the TFTP files
|
||||
; be owned as? This is most likely going to be either 'tftp'
|
||||
; or 'root'.
|
||||
; 0.) No whitespace
|
||||
; 1.) User must exist on system
|
||||
; 2.) If sync:tftp is blank, they will not be used
|
||||
user = root
|
||||
group = root
|
||||
|
||||
|
||||
#---------------------------------------------------------#
|
||||
# This section controls aspects of iPXE building. Only used
|
||||
# if build:ipxe = True (or 'yes', etc.)
|
||||
#---------------------------------------------------------#
|
||||
[ipxe]
|
||||
|
||||
; Build a "mini-ISO"; that is, an ISO file that can be used
|
||||
; to bootstrap an iPXE environment (so you don't need to set
|
||||
; up a traditional PXE environment on your LAN). We'll still
|
||||
; build a full standalone ISO no matter what.
|
||||
; 0.) Only accepts (case-insensitive):
|
||||
; yes|no
|
||||
; true|false
|
||||
; 1|0
|
||||
; 1.) Requires actual git to be installed.
|
||||
; If it is undefined, it is assumed to be no.
|
||||
iso = no
|
||||
|
||||
; What URI should iPXE's EMBED script use?
|
||||
; If you require HTTP BASIC Authentication or HTTP Digest
|
||||
; Authentication (untested), you can format it via:
|
||||
;
|
||||
; https://user:password@domain.tld/page.php
|
||||
;
|
||||
; This currently does not work for HTTPS with self-signed
|
||||
; certificates.
|
||||
; 0.) REQUIRED if iso and/or usb is set to True/yes/etc.
|
||||
; 1.) Must be a valid URI understood by minimal versions
|
||||
; of curl.
|
||||
uri = https://bdisk.square-r00t.net
|
||||
|
||||
; Directory to hold SSL results, if we are generating
|
||||
; keys, certificates, etc.
|
||||
ssldir = ${build:dlpath}/ssl
|
||||
|
||||
; Path to the (root) CA certificate file iPXE should use.
|
||||
; Note that you can use your own CA to sign existing certs.
|
||||
; See http://ipxe.org/crypto for more info. This is handy if
|
||||
; you run a third-party/"Trusted" root-CA-signed certificate
|
||||
; for the HTTPS target.
|
||||
; 0.) No whitespace
|
||||
; 1.) Must be in PEM/X509 format
|
||||
; 2.) REQUIRED if iso and/or usb is set to True/yes/etc.
|
||||
; 3.) If it exists, a matching key (ssl_cakey) MUST be
|
||||
; specified
|
||||
; 4.) HOWEVER, if left blank/doesn't exist, one will be
|
||||
; automatically generated
|
||||
ssl_ca = ${ssldir}/ca.crt
|
||||
|
||||
; Path to the (root) CA key file iPXE should use.
|
||||
; 0.) No whitespace
|
||||
; 1.) Must be in PEM/X509 format
|
||||
; 2.) REQUIRED if iso and/or usb is set to True/yes/etc.
|
||||
; 3.) If left blank or it doesn't exist (and ssl_ca is also
|
||||
; blank), one will be automatically generated
|
||||
; 4.) MUST match ssl_ca if specified/exists
|
||||
; 5.) MUST NOT be passphrase-protected
|
||||
ssl_cakey = ${ssldir}/ca.key
|
||||
|
||||
; Path to the CLIENT certificate iPXE should use.
|
||||
; 0.) No whitespace
|
||||
; 1.) Must be in PEM/X509 format
|
||||
; 2.) REQUIRED if iso and/or usb is set to True/yes/etc.
|
||||
; 3.) If specified/existent, a matching CA cert (ssl_ca)
|
||||
; and key (ssl_cakey) MUST be specified
|
||||
; 4.) HOWEVER, if left blank/nonexistent, one will be generated
|
||||
; 5.) MUST be signed by ssl_ca/ssl_ca if specified
|
||||
ssl_crt = ${ssldir}/main.crt
|
||||
|
||||
; Path to the CLIENT key iPXE should use.
|
||||
; 0.) No whitespace
|
||||
; 1.) Must be in PEM/X509 format
|
||||
; 2.) REQUIRED if iso and/or usb is set to True/yes/etc.
|
||||
; 4.) If left blank/nonexistent (and ssl_ca is also blank),
|
||||
; one will be automatically generated
|
||||
ssl_key = ${ssldir}/main.key
|
||||
|
||||
|
||||
#---------------------------------------------------------#
|
||||
# This section controls aspects of rsync pushing. Only used
|
||||
# if sync:rsync = True (or 'yes', etc.)
|
||||
#---------------------------------------------------------#
|
||||
[rsync]
|
||||
|
||||
; This is the rsync destination host.
|
||||
host =
|
||||
|
||||
; This is the remote user we should use when performing the
|
||||
; rsync push.
|
||||
user =
|
||||
|
||||
; This is the remote destination path we should use for
|
||||
; pushing via rsync.
|
||||
; 0.) No whitespace
|
||||
; 1.) The path MUST exist on the remote host
|
||||
; 2.) The path MUST be writable by rsync:user
|
||||
; RECOMMENDED: you'll probably want to set http:(user|group)
|
||||
; to what it'll need to be on the destination.
|
||||
path =
|
||||
|
||||
; Should we rsync over the ISO files too, or just the boot
|
||||
; files?
|
||||
; 0.) Only accepts (case-insensitive):
|
||||
; yes|no
|
||||
; true|false
|
||||
; 1|0
|
||||
iso = yes
|
||||
|
@ -5,515 +5,82 @@
|
||||
# This file is used to define various variables/settings
|
||||
# used by the build script.
|
||||
#
|
||||
# It is well-commented, and uses INI syntax.
|
||||
# See https://wiki.python.org/moin/ConfigParserExamples
|
||||
# for some advanced features if you would like to use
|
||||
# them.
|
||||
# Blank lines are ignored. Section integrity is important.
|
||||
# #- and ;-prefixed lines are comments and are not parsed.
|
||||
# If restrictions on input are present, they will be
|
||||
# given in a numerical list.
|
||||
# For full (perhaps overly-verbose ;) documentation, please
|
||||
# see:
|
||||
# https://bdisk.square-r00t.net/#_the_code_build_ini_code_file
|
||||
# Or simply refer to the section titled "The build.ini File"
|
||||
# in the user manual.
|
||||
|
||||
#---------------------------------------------------------#
|
||||
# This section controls some aspects about the live
|
||||
# environment itself.
|
||||
#---------------------------------------------------------#
|
||||
[bdisk]
|
||||
|
||||
; The name of the project. If you roll your own and don't
|
||||
; want it called the default, here's where you change it.
|
||||
; 0.) Alphanumeric only
|
||||
; 1.) 8 characters total or less
|
||||
; 2.) No whitespace
|
||||
; 3.) ASCII *only*
|
||||
; 4.) Will be converted to uppercase if it isn't already
|
||||
name = BDISK
|
||||
|
||||
; This is used for filenames, etc.
|
||||
; I highly recommend it be the same as 'name', but
|
||||
; lowercase.
|
||||
; 0.) Alphanumeric only
|
||||
; 1.) No whitespace
|
||||
; 2.) ASCII *only*
|
||||
; 3.) Will be converted to lowercase if it isn't already
|
||||
uxname = bdisk
|
||||
|
||||
; This string is used for "pretty-printing" of the name.
|
||||
; 0.) Can contain whitespace
|
||||
; 1.) Can be mixed-case, uppercase, or lowercase
|
||||
; 2.) ASCII *only*
|
||||
pname = BDisk
|
||||
|
||||
; What version is this?
|
||||
; If we don't have a version specified here, we'll
|
||||
; try to guess based on the current git commit in build:basedir.
|
||||
; 0.) No whitespace
|
||||
ver =
|
||||
|
||||
; Your/your organization's name.
|
||||
; The same rules as 'pname' apply:
|
||||
; 0.) Can contain whitespace
|
||||
; 1.) Can be mixed-case, uppercase, or lowercase
|
||||
; 2.) ASCII *only*
|
||||
dev = A Developer
|
||||
|
||||
; Your email address.
|
||||
; This is only used for commit messages (sync:git),
|
||||
; or GPG-signing the releases (see the associated build
|
||||
; section items).
|
||||
email = dev@domain.tld
|
||||
|
||||
; What this distribution/project is used for.
|
||||
; 0.) Can contain whitespace
|
||||
; 1.) Can be mixed-case, uppercase, or lowercase
|
||||
; 2.) ASCII *only*
|
||||
desc = A rescue/restore live environment.
|
||||
|
||||
; What is your livedistro's URL?
|
||||
; 0.) Should be a valid URI understood by minimal versions
|
||||
; of curl.
|
||||
uri = https://domain.tld
|
||||
|
||||
; Should the root user have a password? IF THIS IS NOT SET,
|
||||
; PASSWORD LOGIN WILL BE DISABLED! If you wish to have a
|
||||
; blank password, use the string:
|
||||
; BLANK
|
||||
; Do NOT use a plaintext password here. You will need to
|
||||
; generate a salted and hashed string in a shadow-compatible
|
||||
; format. If you need help generating one, see docs/HOWTO.hashgen.
|
||||
; If an assistance script is available, the path will be given
|
||||
; (i.e. extras/bin/hashgen.py).
|
||||
;
|
||||
; Note that if you want an automatic login, this is NOT where it
|
||||
; would be set. It should instead be controlled via:
|
||||
; overlay/etc/systemd/system/getty@ttyN.service.d/autologin.conf
|
||||
; In the following format:
|
||||
; [Service]
|
||||
; Type=idle
|
||||
; ExecStart=
|
||||
; ExecStart=-/usr/bin/agetty --autologin <USERNAME> --noclear %I 38400 linux
|
||||
;(where N is the TTY number). Alternatively, if booting to a GUI, it
|
||||
; can be set as according to that GUI (e.g. for LXDE,
|
||||
; overlay/etc/lxdm/lxdm.conf, "autologin=<USERNAME>")
|
||||
; 0.) MUST be a salted SHA512 string in shadow format
|
||||
; 1.) ALL $'s (there should be three of them) MUST be escaped with a second $.
|
||||
; e.g.: $6$aBcDeFgHiJ$ZxYw.... would become $$6$$aBcDeFgHiJ$$ZxYw...
|
||||
root_password =
|
||||
|
||||
; Should we create a non-root user on the image?
|
||||
; Note that this user has full sudo access.
|
||||
; 0.) Only accepts (case-insensitive):
|
||||
; yes|no
|
||||
; true|false
|
||||
; 1|0
|
||||
; If it is undefined, it is assumed to be no.
|
||||
user = yes
|
||||
|
||||
|
||||
#---------------------------------------------------------#
|
||||
# This section controls aspects about bdisk:user.
|
||||
# Only used if bdisk:user set to True/yes/etc.
|
||||
#---------------------------------------------------------#
|
||||
[user]
|
||||
|
||||
; What username should we use for the live system?
|
||||
; Standard *nix username rules apply:
|
||||
; 0.) ASCII only
|
||||
; 1.) 32 characters or less
|
||||
; 2.) Alphanumeric only
|
||||
; 3.) Lowercase only
|
||||
; 4.) No whitespace
|
||||
; 5.) Cannot start with a number
|
||||
username = ${bdisk:uxname}
|
||||
|
||||
; What comment/description should be used for the user?
|
||||
; See passwd(5) if you need details on this.
|
||||
; 0.) ASCII only
|
||||
name = Default user
|
||||
|
||||
; What password should be set for the user, if any?
|
||||
; See bdisk:root_password for how to generate this.
|
||||
; DO NOT PUT A PLAINTEXT PASSWORD HERE.
|
||||
password =
|
||||
|
||||
#---------------------------------------------------------#
|
||||
# This section controls some aspects about the host
|
||||
# and things like filesystem paths, etc.
|
||||
#---------------------------------------------------------#
|
||||
[build]
|
||||
|
||||
; What is the mirror for your bootstrap tarball?
|
||||
; It is *highly* recommended you use an Arch Linux tarball
|
||||
; as the build process is highly specialized to this.
|
||||
; 0.) No whitespace
|
||||
; 1.) Must be accessible remotely (no local file paths)
|
||||
mirror = mirror.us.leaseweb.net
|
||||
|
||||
; What is the protocol for the bootstrap mirror?
|
||||
; 0.) Must be one of:
|
||||
; http, https, ftp
|
||||
mirrorproto = https
|
||||
|
||||
; What is the path to the tarball directory?
|
||||
; 0.) Must be a complete path
|
||||
; (e.g. /dir1/subdir1/subdir2/
|
||||
; 1.) No whitespace
|
||||
mirrorpath = /archlinux/iso/latest/
|
||||
|
||||
; What is the filename for the tarball found in the above?
|
||||
; If left blank, we will use the sha1 checksum file to try
|
||||
; to guess the most recent file.
|
||||
mirrorfile =
|
||||
|
||||
; What is the path to a sha1 checksum file?
|
||||
; 0.) No whitespace
|
||||
; 1.) Must be the full path
|
||||
; 2.) Don't include the mirror domain or protocol
|
||||
mirrorchksum = ${mirrorpath}sha1sums.txt
|
||||
|
||||
; Optional GPG checking.
|
||||
; If the file has a GPG signature file,
|
||||
; we can use it for extra checking.
|
||||
; If it's blank, GPG checking will be disabled.
|
||||
; If you specify just '.sig' (or use the default
|
||||
; and don't actually specify a mirrorfile),
|
||||
; we'll try to guess based on the file from the sha1
|
||||
; checksums. Note that this must evaluate to a full
|
||||
; URL (e.g.:
|
||||
; ${mirrorproto}://${mirror}${mirrorpath}somefile.sig)
|
||||
; 0.) No whitespace (if specified)
|
||||
; 1.) Must be the full path
|
||||
mirrorgpgsig =
|
||||
|
||||
; What is a valid key ID that should be used to
|
||||
; verify the tarballs?
|
||||
; 0.) Only used if mirrorgpgsig is set
|
||||
; 1.) Should be in the "shortform"
|
||||
; (e.g. 7F2D434B9741E8AC)
|
||||
gpgkey = 7F2D434B9741E8AC
|
||||
|
||||
; What is a valid keyserver we should use
|
||||
; to fetch gpgkey?
|
||||
; 0.) Only used if mirrorgpgsig is set
|
||||
; 1.) The default (blank) is probably fine.
|
||||
; If you don't specify a personal GPG config
|
||||
; (under the gpg section), then you'll definitely probably
|
||||
; want to leave this blank.
|
||||
; 2.) If set, make sure you use a valid URI (e.g.:
|
||||
; hkp://pgp.mit.edu )
|
||||
gpgkeyserver =
|
||||
|
||||
; Should we sign our release files? (See the GPG section)
|
||||
; 0.) Only accepts (case-insensitive):
|
||||
; yes|no
|
||||
; true|false
|
||||
; 1|0
|
||||
gpg = no
|
||||
|
||||
; Where should we save the bootstrap tarballs?
|
||||
; 0.) No whitespace
|
||||
; 1.) Will be created if it doesn't exist
|
||||
dlpath = /var/tmp/${bdisk:uxname}
|
||||
|
||||
; Where should the bootstrap tarballs extract to and the
|
||||
; chroots be built?
|
||||
; 0.) No whitespace
|
||||
; 1.) Will be created if it doesn't exist
|
||||
chrootdir = /var/tmp/chroots
|
||||
|
||||
; Where is the base of the BDisk project located?
|
||||
; In other words, if you cloned BDisk from git,
|
||||
; what is BDisk's working tree directory?
|
||||
; 0.) No whitespace
|
||||
; 1.) Must exist and be populated with the BDisk's files
|
||||
basedir = /opt/dev/bdisk
|
||||
|
||||
; This is the output directory of the ISO files when
|
||||
; done building. This should not be checked into git.
|
||||
; (The files will be very big!)
|
||||
; 0.) No whitespace
|
||||
; 1.) Will be created if it doesn't exist
|
||||
isodir = ${dlpath}/iso
|
||||
|
||||
; This is a directory where we should save extra
|
||||
; source code we download (if we need it).
|
||||
; 0.) No whitespace
|
||||
; 1.) Will be created if it doesn't exist, and is needed
|
||||
srcdir = ${dlpath}/src
|
||||
|
||||
; What directory should we use for staging?
|
||||
; 0.) No whitespace
|
||||
; 1.) Will be created if it doesn't exist
|
||||
prepdir = ${dlpath}/temp
|
||||
|
||||
; Where should we stage the boot files?
|
||||
; This should not be the same dir as other options!
|
||||
; The default is recommended.
|
||||
; 0.) No whitespace
|
||||
; 1.) Will be created if it doesn't exist
|
||||
archboot = ${prepdir}/${bdisk:name}
|
||||
|
||||
; What directory/path should we use as a base
|
||||
; directory for mountpoints?
|
||||
; 0.) No whitespace
|
||||
; 1.) Will be created if it doesn't exist
|
||||
mountpt = /mnt/${bdisk:uxname}
|
||||
|
||||
; Should we build a multiarch image? That is to say, the
|
||||
; same ISO file can be used for both i686 and x86_64.
|
||||
; 0.) Only accepts (case-insensitive):
|
||||
; yes/true (buld both i686, x86_64 in same image)
|
||||
; no/false (build separate images, both arch's)
|
||||
; i686 (ONLY build i686 architecture)
|
||||
; x86_64 (ONLY build x86_64 architecture)
|
||||
; If it is undefined, it is assumed to be no.
|
||||
multiarch = yes
|
||||
|
||||
; Would you like to enable iPXE functionality?
|
||||
; Note that this has no bearing on the 'sync' sections,
|
||||
; so one can build e.g. only http files.
|
||||
; 0.) Only accepts (case-insensitive):
|
||||
; yes|no
|
||||
; true|false
|
||||
; 1|0
|
||||
; If it is undefined, it is assumed to be no.
|
||||
ipxe = no
|
||||
|
||||
; This option should only be enabled if you are on a fairly
|
||||
; powerful, multicore system with plenty of RAM. It will
|
||||
; speed the build process along, but will have some
|
||||
; seriously adverse effects if your system can't handle it.
|
||||
; Most modern systems should be fine with leaving it enabled.
|
||||
; 0.) Only accepts (case-insensitive):
|
||||
; yes|no
|
||||
; true|false
|
||||
; 1|0
|
||||
; If it is undefined, it is assumed to be no.
|
||||
i_am_a_racecar = no
|
||||
|
||||
|
||||
#---------------------------------------------------------#
|
||||
# This section controls settings for signing our release
|
||||
# files. This is only used if build:gpg is
|
||||
# yes/true/etc.
|
||||
#---------------------------------------------------------#
|
||||
[gpg]
|
||||
|
||||
; What is a valid key ID that we should use to
|
||||
; *sign* our release files?
|
||||
; 0.) You will be prompted for a passphrase if your
|
||||
; key has one/you don't have an open and authorized
|
||||
; gpg-agent session. Make sure you have a working
|
||||
; pinentry configuration set up!
|
||||
; 1.) If you leave this blank we will use the key
|
||||
; we generate automatically earlier in the build
|
||||
; process.
|
||||
; 2.) We will generate one if this is blank and you
|
||||
; have selected sign as yes.
|
||||
mygpgkey =
|
||||
|
||||
; What directory should we use for the above GPG key?
|
||||
; Make sure it contains your private key.
|
||||
mygpghome =
|
||||
|
||||
|
||||
#---------------------------------------------------------#
|
||||
# This section controls what we should do with the
|
||||
# resulting build and how to handle uploads, if we
|
||||
# choose to use those features.
|
||||
#---------------------------------------------------------#
|
||||
[sync]
|
||||
|
||||
; Should we generate/prepare HTTP files?
|
||||
; This is mostly only useful if you plan on using iPXE.
|
||||
; However, it can also include the built ISO file(s).
|
||||
; 0.) Only accepts (case-insensitive):
|
||||
; yes|no
|
||||
; true|false
|
||||
; 1|0
|
||||
; If it is undefined, it is assumed to be no.
|
||||
http = no
|
||||
|
||||
; Should we generate/prepare TFTP files?
|
||||
; This is mostly only useful if you plan on using more
|
||||
; traditional (non-iPXE) setups and regualar PXE bootstrapping
|
||||
; into iPXE.
|
||||
; 0.) Only accepts (case-insensitive):
|
||||
; yes|no
|
||||
; true|false
|
||||
; 1|0
|
||||
; If it is undefined, it is assumed to be no.
|
||||
tftp = no
|
||||
|
||||
; Enable automatic Git pushing for any changes done to the
|
||||
; project itself? If you don't have upstream write access,
|
||||
; you'll want to set this to False.
|
||||
; 0.) Only accepts (case-insensitive):
|
||||
; yes|no
|
||||
; true|false
|
||||
; 1|0
|
||||
; If it is undefined, it is assumed to be no.
|
||||
git = no
|
||||
|
||||
; Enable rsync pushing for the ISO (and other files, if
|
||||
; you choose- useful for iPXE over HTTP(S)).
|
||||
rsync = no
|
||||
|
||||
|
||||
#---------------------------------------------------------#
|
||||
# This section controls details about HTTP file preparation/
|
||||
# generation. Only used if sync:http = True (or
|
||||
# 'yes', etc.)
|
||||
#---------------------------------------------------------#
|
||||
[http]
|
||||
|
||||
; This directory is where to build an HTTP webroot.
|
||||
; 0.) No whitespace
|
||||
; 1.) If blank, HTTP preparation/generation will not be done
|
||||
; 2.) If specified, it will be created if it doesn't exist
|
||||
; 3.) If it does exist, it will be deleted first- MAKE SURE
|
||||
; you do not store files here that you want to keep.
|
||||
path = ${build:dlpath}/http
|
||||
|
||||
; What user and group, if applicable, should the HTTP files
|
||||
; be owned as? This is most likely going to be either 'http',
|
||||
; 'nginx', or 'apache'.
|
||||
; 0.) No whitespace
|
||||
; 1.) User must exist on system
|
||||
; 2.) If path is blank, they will not be used
|
||||
user = http
|
||||
group = http
|
||||
|
||||
|
||||
#---------------------------------------------------------#
|
||||
# This section controls details about TFTP file
|
||||
# preparation/generation. Only used if
|
||||
# sync:tftp = True (or 'yes', etc.)
|
||||
#---------------------------------------------------------#
|
||||
[tftp]
|
||||
|
||||
; The directory where we want to build a TFTP root.
|
||||
; 0.) No whitespace
|
||||
; 1.) If blank, TFTP preparation/generation will not be done
|
||||
; 2.) If specified, it will be created if it doesn't exist
|
||||
; 3.) If it does exist, it will be deleted first- MAKE SURE
|
||||
; you do not store files here that you want to keep.
|
||||
path = ${build:dlpath}/tftpboot
|
||||
|
||||
; What user and group, if applicable, should the TFTP files
|
||||
; be owned as? This is most likely going to be either 'tftp'
|
||||
; or 'root'.
|
||||
; 0.) No whitespace
|
||||
; 1.) User must exist on system
|
||||
; 2.) If sync:tftp is blank, they will not be used
|
||||
user = root
|
||||
group = root
|
||||
|
||||
|
||||
#---------------------------------------------------------#
|
||||
# This section controls aspects of iPXE building. Only used
|
||||
# if build:ipxe = True (or 'yes', etc.)
|
||||
#---------------------------------------------------------#
|
||||
[ipxe]
|
||||
|
||||
; Build a "mini-ISO"; that is, an ISO file that can be used
|
||||
; to bootstrap an iPXE environment (so you don't need to set
|
||||
; up a traditional PXE environment on your LAN). We'll still
|
||||
; build a full standalone ISO no matter what.
|
||||
; 0.) Only accepts (case-insensitive):
|
||||
; yes|no
|
||||
; true|false
|
||||
; 1|0
|
||||
; 1.) Requires actual git to be installed.
|
||||
; If it is undefined, it is assumed to be no.
|
||||
iso = no
|
||||
|
||||
; What URI should iPXE's EMBED script use?
|
||||
; If you require HTTP BASIC Authentication or HTTP Digest
|
||||
; Authentication (untested), you can format it via:
|
||||
;
|
||||
; https://user:password@domain.tld/page.php
|
||||
;
|
||||
; This currently does not work for HTTPS with self-signed
|
||||
; certificates.
|
||||
; 0.) REQUIRED if iso and/or usb is set to True/yes/etc.
|
||||
; 1.) Must be a valid URI understood by minimal versions
|
||||
; of curl.
|
||||
uri = https://domain.tld
|
||||
|
||||
; Directory to hold SSL results, if we are generating
|
||||
; keys, certificates, etc.
|
||||
ssldir = ${build:dlpath}/ssl
|
||||
|
||||
; Path to the (root) CA certificate file iPXE should use.
|
||||
; Note that you can use your own CA to sign existing certs.
|
||||
; See http://ipxe.org/crypto for more info. This is handy if
|
||||
; you run a third-party/"Trusted" root-CA-signed certificate
|
||||
; for the HTTPS target.
|
||||
; 0.) No whitespace
|
||||
; 1.) Must be in PEM/X509 format
|
||||
; 2.) REQUIRED if iso and/or usb is set to True/yes/etc.
|
||||
; 3.) If it exists, a matching key (ssl_cakey) MUST be
|
||||
; specified
|
||||
; 4.) HOWEVER, if left blank/doesn't exist, one will be
|
||||
; automatically generated
|
||||
ssl_ca = ${ssldir}/ca.crt
|
||||
|
||||
; Path to the (root) CA key file iPXE should use.
|
||||
; 0.) No whitespace
|
||||
; 1.) Must be in PEM/X509 format
|
||||
; 2.) REQUIRED if iso and/or usb is set to True/yes/etc.
|
||||
; 3.) If left blank or it doesn't exist (and ssl_ca is also
|
||||
; blank), one will be automatically generated
|
||||
; 4.) MUST match ssl_ca if specified/exists
|
||||
; 5.) MUST NOT be passphrase-protected
|
||||
ssl_cakey = ${ssldir}/ca.key
|
||||
|
||||
; Path to the CLIENT certificate iPXE should use.
|
||||
; 0.) No whitespace
|
||||
; 1.) Must be in PEM/X509 format
|
||||
; 2.) REQUIRED if iso and/or usb is set to True/yes/etc.
|
||||
; 3.) If specified/existent, a matching CA cert (ssl_ca)
|
||||
; and key (ssl_cakey) MUST be specified
|
||||
; 4.) HOWEVER, if left blank/nonexistent, one will be generated
|
||||
; 5.) MUST be signed by ssl_ca/ssl_ca if specified
|
||||
ssl_crt = ${ssldir}/main.crt
|
||||
|
||||
; Path to the CLIENT key iPXE should use.
|
||||
; 0.) No whitespace
|
||||
; 1.) Must be in PEM/X509 format
|
||||
; 2.) REQUIRED if iso and/or usb is set to True/yes/etc.
|
||||
; 4.) If left blank/nonexistent (and ssl_ca is also blank),
|
||||
; one will be automatically generated
|
||||
ssl_key = ${ssldir}/main.key
|
||||
|
||||
|
||||
#---------------------------------------------------------#
|
||||
# This section controls aspects of rsync pushing. Only used
|
||||
# if sync:rsync = True (or 'yes', etc.)
|
||||
#---------------------------------------------------------#
|
||||
[rsync]
|
||||
|
||||
; This is the rsync destination host.
|
||||
host =
|
||||
|
||||
; This is the remote user we should use when performing the
|
||||
; rsync push.
|
||||
user =
|
||||
|
||||
; This is the remote destination path we should use for
|
||||
; pushing via rsync.
|
||||
; 0.) No whitespace
|
||||
; 1.) The path MUST exist on the remote host
|
||||
; 2.) The path MUST be writable by rsync:user
|
||||
; RECOMMENDED: you'll probably want to set http:(user|group)
|
||||
; to what it'll need to be on the destination.
|
||||
path =
|
||||
|
||||
; Should we rsync over the ISO files too, or just the boot
|
||||
; files?
|
||||
; 0.) Only accepts (case-insensitive):
|
||||
; yes|no
|
||||
; true|false
|
||||
; 1|0
|
||||
iso = no
|
||||
|
@ -3,7 +3,7 @@
|
||||
# run. Advanced users may wish to specify all system modules
|
||||
# in this array. For instance:
|
||||
# MODULES="piix ide_disk reiserfs"
|
||||
MODULES="overlay ata_generic ata_piix loop nls_cp437 ext4 raid456 vfat netconsole"
|
||||
MODULES="overlay ata_generic ata_piix loop nls_cp437 ext4 raid456 vfat netconsole isofs"
|
||||
|
||||
# BINARIES
|
||||
# This setting includes any additional binaries a given user may
|
||||
|
@ -115,7 +115,6 @@ ln -s /usr/lib/libdialog.so.1.2 /usr/lib/libdialog.so
|
||||
cleanPacorigs
|
||||
apacman --noconfirm --noedit --skipinteg -S --needed linux
|
||||
apacman --gendb
|
||||
#mv -f /boot/vmlinuz-linux /boot/vmlinuz-linux-${DISTNAME}
|
||||
cleanPacorigs
|
||||
|
||||
# And install EXTRA functionality packages, if there are any.
|
||||
@ -161,7 +160,6 @@ else
|
||||
usermod -L root
|
||||
fi
|
||||
cleanPacorigs
|
||||
mv -f /boot/initramfs-linux.img /boot/initramfs-linux-${DISTNAME}.img
|
||||
# And install arch-specific extra packages, if there are any.
|
||||
#PKGLIST=$(sed -re '/^[[:space:]]*(#|$)/d' /root/packages.arch | tr '\n' ' ')
|
||||
PKGLIST=$(getPkgList /root/packages.arch)
|
||||
|
@ -3,5 +3,5 @@ PROMPT 0
|
||||
TIMEOUT 10
|
||||
|
||||
LABEL ipxe
|
||||
KERNEL boot/ipxe.krn
|
||||
KERNEL /boot/ipxe.krn
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user