########################################################### ## BUILD.CONF SAMPLE FILE ## ########################################################### # # This file is used to define various variables/settings # used by the build script. # # It is well-commented, and uses INI syntax. # See https://wiki.python.org/moin/ConfigParserExamples # for some advanced features if you would like to use # them. # Blank lines are ignored. Section integrity is important. # #- and ;-prefixed lines are comments and are not parsed. # If restrictions on input are present, they will be # given in a numerical list. #---------------------------------------------------------# # This section controls some aspects about the live # environment itself. #---------------------------------------------------------# [bdisk] ; The name of the project. If you roll your own and don't ; want it called the default, here's where you change it. ; 0.) Alphanumeric only ; 1.) 8 characters total or less ; 2.) No whitespace ; 3.) ASCII *only* ; 4.) Will be converted to uppercase if it isn't already name = BDISK ; This is used for filenames, etc. ; I highly recommend it be the same as 'name', but ; lowercase. ; 0.) Alphanumeric only ; 1.) No whitespace ; 2.) ASCII *only* ; 3.) Will be converted to lowercase if it isn't already uxname = bdisk ; This string is used for "pretty-printing" of the name. ; 0.) Can contain whitespace ; 1.) Can be mixed-case, uppercase, or lowercase ; 2.) ASCII *only* pname = BDisk ; Your/your organization's name. ; The same rules as 'pname' apply: ; 0.) Can contain whitespace ; 1.) Can be mixed-case, uppercase, or lowercase ; 2.) ASCII *only* dev = r00t^2 ; What this distribution/project is used for. ; 0.) Can contain whitespace ; 1.) Can be mixed-case, uppercase, or lowercase ; 2.) ASCII *only* desc = j00 got 0wnz0r3d lulz. ; Should the root user have a password? IF THIS IS NOT SET, ; PASSWORD LOGIN WILL BE DISABLED! ; If you wish to have a blank password, use the string: ; BLANK ; Do NOT use a plaintext password here. You will need to ; generate a salted and hashed string in a ; shadow-compatible format. ; If you need help generating one, see docs/HOWTO.hashgen. ; If an assistance script is available, the path will be given ; (i.e. extras/bin/hashgen.py). ; ; Note that if you want an automatic login, this is NOT where ; it would be set. It should instead be controlled via: ; overlay/etc/systemd/system/getty@ttyN.service.d/autologin.conf ; In the following format: ; [Service] ; Type=idle ; ExecStart= ; ExecStart=-/usr/bin/agetty --autologin --noclear %I 38400 linux ;(where N is the TTY number). Alternatively, if booting to a GUI, ; it can be set as according to that GUI (e.g. for LXDE, ; overlay/etc/lxdm/lxdm.conf, "autologin=") root_password = ; Should we create a non-root user on the image? ; Note that this user has full sudo access. ; 0.) Only accepts (case-insensitive): ; yes|no ; true|false ; 1|0 ; If it is undefined, it is assumed to be no. user = yes #---------------------------------------------------------# # This section controls aspects about bdisk:user. # Only used if bdisk:user set to True/yes/etc. #---------------------------------------------------------# [user] ; What username should we use for the live system? ; Standard *nix username rules apply: ; 0.) ASCII only ; 1.) 32 characters or less ; 2.) Alphanumeric only ; 3.) Lowercase only ; 4.) No whitespace ; 5.) Cannot start with a number username = ${bdisk:uxname} ; What comment/description should be used for the user? ; See passwd(5) if you need details on this. ; 0.) ASCII only name = Default user ; What password should be set for the user, if any? ; See bdisk:root_password for how to generate this. ; DO NOT PUT A PLAINTEXT PASSWORD HERE. password = #---------------------------------------------------------# # This section controls some aspects about the host # and things like filesystem paths, etc. #---------------------------------------------------------# [build] ; Where is the base of the BDisk project located? ; In other words, if you cloned BDisk from git, ; what is BDisk's working tree directory? ; 0.) No whitespace ; 1.) Must exist and be populated with the BDisk's files basedir = /opt/dev/bdisk ; This is the output directory of the ISO files when ; done building. This should not be checked into git. ; (The files will be very big!) ; 0.) No whitespace ; 1.) Will be created if it doesn't exist isodir = ${basedir}/iso ; This is a directory where we should save extra ; source code we download (if we need it). ; 0.) No whitespace ; 1.) Will be created if it doesn't exist, and is needed srcdir = ${basedir}/extrasrc ; What directory should we use for staging? ; 0.) No whitespace ; 1.) Will be created if it doesn't exist tempdir = ${basedir}/temp ; Where should we stage the boot files? ; This should not be the same dir as other options! ; The default is recommended. ; 0.) No whitespace ; 1.) Will be created if it doesn't exist archboot = ${tempdir}/${bdisk:name} ; What directory/path should we use as a base ; directory for mountpoints? ; 0.) No whitespace ; 1.) Will be created if it doesn't exist mountpt = /mnt/${bdisk:uxname} ; Should we build a multiarch image? That is to say, the ; same ISO file can be used for both i686 and x86_64. ; 0.) Only accepts (case-insensitive): ; yes|no ; true|false ; 1|0 ; If it is undefined, it is assumed to be no. multiarch = yes ; Would you like to enable iPXE functionality? ; Note that this has no bearing on the 'sync' sections, ; so one can build e.g. only http files. ; 0.) Only accepts (case-insensitive): ; yes|no ; true|false ; 1|0 ; If it is undefined, it is assumed to be no. ipxe = yes ; This option should only be enabled if you are on a fairly ; powerful, multicore system with plenty of RAM. ; It will speed the build process along, but will have ; some seriously adverse effects if your system ; can't handle it. ; Most modern systems should be fine with leaving it enabled. ; 0.) Only accepts (case-insensitive): ; yes|no ; true|false ; 1|0 ; If it is undefined, it is assumed to be no. i_am_a_racecar = yes #---------------------------------------------------------# # This section controls what we should do with the # resulting build and how to handle uploads, if we # choose to use those features. #---------------------------------------------------------# [sync] ; Should we generate/prepare HTTP files? ; This is mostly only useful if you plan on using iPXE. ; However, it can also include the built ISO file(s). ; 0.) Only accepts (case-insensitive): ; yes|no ; true|false ; 1|0 ; If it is undefined, it is assumed to be no. http = yes ; Should we generate/prepare TFTP files? ; This is mostly only useful if you plan on using more ; traditional (non-iPXE) setups and regualar PXE ; bootstrapping into iPXE. ; 0.) Only accepts (case-insensitive): ; yes|no ; true|false ; 1|0 ; If it is undefined, it is assumed to be no. tftp = yes ; Enable automatic Git pushing for any changes done to the ; project itself? ; If you don't have upstream write access, you'll want to ; set this to False. ; 0.) Only accepts (case-insensitive): ; yes|no ; true|false ; 1|0 ; If it is undefined, it is assumed to be no. git = yes ; Enable rsync pushing for the ISO (and other files, if ; you choose- useful for iPXE over HTTP(S)). rsync = yes #---------------------------------------------------------# # This section controls details about HTTP file preparation/ # generation. Only used if sync:http = True (or # 'yes', etc.) #---------------------------------------------------------# [http] ; This directory is where to build an HTTP webroot. ; 0.) No whitespace ; 1.) If blank, HTTP preparation/generation will not be done ; 2.) If specified, it will be created if it doesn't exist path = ${build:basedir}/http ; What user and group, if applicable, should the HTTP files ; be owned as? This is most likely going to be either 'http', ; 'nginx', or 'apache'. ; 0.) No whitespace ; 1.) User must exist on system ; 2.) If sync:httpdir is blank, they will not be used user = http group = http #---------------------------------------------------------# # This section controls details about TFTP file # preparation/generation. Only used if # sync:tftp = True (or 'yes', etc.) #---------------------------------------------------------# [tftp] ; The directory where we want to build a TFTP root. ; 0.) No whitespace ; 1.) If blank, TFTP preparation/generation will not be done ; 2.) If specified, it will be created if it doesn't exist path = ${build:basedir}/tftpboot ; What user and group, if applicable, should the TFTP files ; be owned as? This is most likely going to be either ; 'tftp' or 'root'. ; 0.) No whitespace ; 1.) User must exist on system ; 2.) If sync:tftpdir is blank, they will not be used user = root group = root #---------------------------------------------------------# # This section controls aspects of iPXE building. Only used # if build:ipxe = True (or 'yes', etc.) #---------------------------------------------------------# [ipxe] ; Build a "mini-ISO"; that is, an ISO file that can be used ; to bootstrap an iPXE environment (so you don't need ; to set up a traditional PXE environment on your LAN). ;We'll still build a full standalone ISO no matter what. ; 0.) Only accepts (case-insensitive): ; yes|no ; true|false ; 1|0 ; If it is undefined, it is assumed to be no. iso = yes ; Build a "mini-USB" image? Same concept as the ISO file ; but this can be dd'd onto a USB thumbdrive for the ; same effect. usb = yes ; What URI should iPXE's EMBED script use? ; DO NOT USE A ',' (comma); instead, replace it with: ; %%COMMA%% ; If you require HTTP BASIC Authentication or HTTP Digest ; Authentication (untested), you can format it via: ; ; https://user:password@domain.tld/page.php ; ; This currently does not work for HTTPS with self-signed ; certificates. ; 0.) REQUIRED if iso and/or usb is set to True/yes/etc. ; 1.) Must be a valid URI understood by minimal versions ; of curl. uri = https://bdisk.square-r00t.net ; Path to the (root) CA certificate file iPXE should use. ; Note that you can use your own CA to sign existing certs. ; See http://ipxe.org/crypto for more info. This is handy if ; you run a third-party/"Trusted" root-CA-signed ; certificate for the HTTPS target. ; 0.) No whitespace ; 1.) Must be in PEM/X509 format ; 2.) REQUIRED if iso and/or usb is set to True/yes/etc. ; 3.) If specified, a matching key (ssl_cakey) MUST be ; specified ; 4.) HOWEVER, if left blank, one will be automatically ; generated ssl_ca = ; Path to the (root) CA key file iPXE should use. ; 0.) No whitespace ; 1.) Must be in PEM/X509 format ; 2.) REQUIRED if iso and/or usb is set to True/yes/etc. ; 3.) If left blank (and ssl_ca is also blank), ; one will be automatically generated ; 4.) MUST match ssl_ca if specified ; 5.) MUST NOT be passphrase-protected ssl_cakey = ; Path to the CLIENT certificate iPXE should use. ; 0.) No whitespace ; 1.) Must be in PEM/X509 format ; 2.) REQUIRED if iso and/or usb is set to True/yes/etc. ; 3.) If unspecified, a CA cert (ssl_ca) and key ; (ssl_cakey) MUST be specified ; 4.) HOWEVER, if left blank one will be generated ; 5.) MUST be signed by ssl_ca/ssl_ca if specified ssl_crt = ; Path to the CLIENT key iPXE should use. ; 0.) No whitespace ; 1.) Must be in PEM/X509 format ; 2.) REQUIRED if iso and/or usb is set to True/yes/etc. ; 4.) If left blank (and ssl_ca is also blank), ; one will be automatically generated ssl_key = #---------------------------------------------------------# # This section controls aspects of rsync pushing. Only used # if sync:rsync = True (or 'yes', etc.) #---------------------------------------------------------# [rsync] ; This is the rsync destination host. host = bdisk.square-r00t.net ; This is the remote user we should use when performing the ; rsync push. user = root ; This is the remote destination path we should use for ; pushing via rsync. ; 0.) No whitespace ; 1.) The path MUST exist on the remote host ; 2.) The path MUST be writable by rsync:user ; RECOMMENDED: you'll probably want to set http:(user|group) ; to what it'll need to be on the destination. path = /srv/http/${bdisk:uxname}_ipxe