bdisk/extra/dist.build.ini
2016-12-06 17:51:36 -05:00

474 lines
15 KiB
INI

###########################################################
## BUILD.CONF SAMPLE FILE ##
###########################################################
#
# This file is used to define various variables/settings
# used by the build script.
#
# It is well-commented, and uses INI syntax.
# See https://wiki.python.org/moin/ConfigParserExamples
# for some advanced features if you would like to use
# them.
# Blank lines are ignored. Section integrity is important.
# #- and ;-prefixed lines are comments and are not parsed.
# If restrictions on input are present, they will be
# given in a numerical list.
#---------------------------------------------------------#
# This section controls some aspects about the live
# environment itself.
#---------------------------------------------------------#
[bdisk]
; The name of the project. If you roll your own and don't
; want it called the default, here's where you change it.
; 0.) Alphanumeric only
; 1.) 8 characters total or less
; 2.) No whitespace
; 3.) ASCII *only*
; 4.) Will be converted to uppercase if it isn't already
name = BDISK
; This is used for filenames, etc.
; I highly recommend it be the same as 'name', but
; lowercase.
; 0.) Alphanumeric only
; 1.) No whitespace
; 2.) ASCII *only*
; 3.) Will be converted to lowercase if it isn't already
uxname = bdisk
; This string is used for "pretty-printing" of the name.
; 0.) Can contain whitespace
; 1.) Can be mixed-case, uppercase, or lowercase
; 2.) ASCII *only*
pname = BDisk
; What version is this?
; If we don't have a version specified here, we'll
; try to guess based on the current git commit in build:basedir.
; 0.) No whitespace
ver =
; Your/your organization's name.
; The same rules as 'pname' apply:
; 0.) Can contain whitespace
; 1.) Can be mixed-case, uppercase, or lowercase
; 2.) ASCII *only*
dev = r00t^2
; What this distribution/project is used for.
; 0.) Can contain whitespace
; 1.) Can be mixed-case, uppercase, or lowercase
; 2.) ASCII *only*
desc = j00 got 0wnz0r3d lulz.
; What is your livedistro's URL?
; 0.) Should be a valid URI understood by minimal versions
; of curl.
uri = https://bdisk.square-r00t.net
; Should the root user have a password? IF THIS IS NOT SET,
; PASSWORD LOGIN WILL BE DISABLED! If you wish to have a
; blank password, use the string:
; BLANK
; Do NOT use a plaintext password here. You will need to
; generate a salted and hashed string in a shadow-compatible
; format. If you need help generating one, see docs/HOWTO.hashgen.
; If an assistance script is available, the path will be given
; (i.e. extras/bin/hashgen.py).
;
; Note that if you want an automatic login, this is NOT where it
; would be set. It should instead be controlled via:
; overlay/etc/systemd/system/getty@ttyN.service.d/autologin.conf
; In the following format:
; [Service]
; Type=idle
; ExecStart=
; ExecStart=-/usr/bin/agetty --autologin <USERNAME> --noclear %I 38400 linux
;(where N is the TTY number). Alternatively, if booting to a GUI, it
; can be set as according to that GUI (e.g. for LXDE,
; overlay/etc/lxdm/lxdm.conf, "autologin=<USERNAME>")
; 0.) MUST be a salted SHA512 string in shadow format
; 1.) ALL $'s (there should be three of them) MUST be escaped with a second $.
; e.g.: $6$aBcDeFgHiJ$ZxYw.... would become $$6$$aBcDeFgHiJ$$ZxYw...
root_password =
; Should we create a non-root user on the image?
; Note that this user has full sudo access.
; 0.) Only accepts (case-insensitive):
; yes|no
; true|false
; 1|0
; If it is undefined, it is assumed to be no.
user = yes
#---------------------------------------------------------#
# This section controls aspects about bdisk:user.
# Only used if bdisk:user set to True/yes/etc.
#---------------------------------------------------------#
[user]
; What username should we use for the live system?
; Standard *nix username rules apply:
; 0.) ASCII only
; 1.) 32 characters or less
; 2.) Alphanumeric only
; 3.) Lowercase only
; 4.) No whitespace
; 5.) Cannot start with a number
username = ${bdisk:uxname}
; What comment/description should be used for the user?
; See passwd(5) if you need details on this.
; 0.) ASCII only
name = Default user
; What password should be set for the user, if any?
; See bdisk:root_password for how to generate this.
; DO NOT PUT A PLAINTEXT PASSWORD HERE.
password =
#---------------------------------------------------------#
# This section controls some aspects about the host
# and things like filesystem paths, etc.
#---------------------------------------------------------#
[build]
; What is the mirror for your bootstrap tarball?
; It is *highly* recommended you use an Arch Linux tarball
; as the build process is highly specialized to this.
; 0.) No whitespace
; 1.) Must be accessible remotely (no local file paths)
mirror = mirror.us.leaseweb.net
; What is the protocol for the bootstrap mirror?
; 0.) Must be one of:
; http, https, ftp
mirrorproto = https
; What is the path to the tarball directory?
; 0.) Must be a complete path
; (e.g. /dir1/subdir1/subdir2/
; 1.) No whitespace
mirrorpath = /archlinux/iso/latest/
; What is the filename for the tarball found in the above?
; If left blank, we will use the sha1 checksum file to try
; to guess the most recent file.
mirrorfile =
; What is the path to a sha1 checksum file?
; 0.) No whitespace
; 1.) Must be the full path
; 2.) Don't include the mirror domain or protocol
mirrorchksum = ${mirrorpath}sha1sums.txt
; Optional GPG checking.
; If the file has a GPG signature file,
; we can use it for extra checking.
; If it's blank, GPG checking will be disabled.
; If you specify just '.sig' (or use the default
; and don't actually specify a mirrorfile),
; we'll try to guess based on the file from the sha1
; checksums.
; 0.) No whitespace (if specified)
; 1.) Must be the full path
; 2.) Don't include the mirror domain or protocol
mirrorgpgsig = ${mirrorfile}.sig
; What is a valid key ID that should be used to
; verify the tarballs?
; 0.) Only used if mirrorgpgsig is set
; 1.) Should be in the "shortform"
; (e.g. 7F2D434B9741E8AC)
gpgkey = 7F2D434B9741E8AC
; What is a valid keyserver we should use
; to fetch gpgkey?
; 0.) Only used if mirrorgpgsig is set
; 1.) The default is probably fine.
gpgkeyserver = pgp.mit.edu
; Where should we save the bootstrap tarballs?
; 0.) No whitespace
; 1.) Will be created if it doesn't exist
dlpath = /var/tmp/${bdisk:uxname}
; Where should the bootstrap tarballs extract to and the
; chroots be built?
; 0.) No whitespace
; 1.) Will be created if it doesn't exist
chrootdir = /var/tmp/chroots
; Where is the base of the BDisk project located?
; In other words, if you cloned BDisk from git,
; what is BDisk's working tree directory?
; 0.) No whitespace
; 1.) Must exist and be populated with the BDisk's files
basedir = /opt/dev/bdisk
; This is the output directory of the ISO files when
; done building. This should not be checked into git.
; (The files will be very big!)
; 0.) No whitespace
; 1.) Will be created if it doesn't exist
isodir = ${dlpath}/iso
; This is a directory where we should save extra
; source code we download (if we need it).
; 0.) No whitespace
; 1.) Will be created if it doesn't exist, and is needed
srcdir = ${basedir}/extrasrc
; What directory should we use for staging?
; 0.) No whitespace
; 1.) Will be created if it doesn't exist
tempdir = ${dlpath}/temp
; Where should we stage the boot files?
; This should not be the same dir as other options!
; The default is recommended.
; 0.) No whitespace
; 1.) Will be created if it doesn't exist
archboot = ${tempdir}/${bdisk:name}
; What directory/path should we use as a base
; directory for mountpoints?
; 0.) No whitespace
; 1.) Will be created if it doesn't exist
mountpt = /mnt/${bdisk:uxname}
; Should we build a multiarch image? That is to say, the
; same ISO file can be used for both i686 and x86_64.
; 0.) Only accepts (case-insensitive):
; yes/true (buld both i686, x86_64 in same image)
; no/false (build separate images, both arch's)
; i686 (ONLY build i686 architecture)
; x86_64 (ONLY build x86_64 architecture)
; If it is undefined, it is assumed to be no.
multiarch = yes
; Would you like to enable iPXE functionality?
; Note that this has no bearing on the 'sync' sections,
; so one can build e.g. only http files.
; 0.) Only accepts (case-insensitive):
; yes|no
; true|false
; 1|0
; If it is undefined, it is assumed to be no.
ipxe = yes
; This option should only be enabled if you are on a fairly
; powerful, multicore system with plenty of RAM. It will
; speed the build process along, but will have some
; seriously adverse effects if your system can't handle it.
; Most modern systems should be fine with leaving it enabled.
; 0.) Only accepts (case-insensitive):
; yes|no
; true|false
; 1|0
; If it is undefined, it is assumed to be no.
i_am_a_racecar = yes
#---------------------------------------------------------#
# This section controls what we should do with the
# resulting build and how to handle uploads, if we
# choose to use those features.
#---------------------------------------------------------#
[sync]
; Should we generate/prepare HTTP files?
; This is mostly only useful if you plan on using iPXE.
; However, it can also include the built ISO file(s).
; 0.) Only accepts (case-insensitive):
; yes|no
; true|false
; 1|0
; If it is undefined, it is assumed to be no.
http = yes
; Should we generate/prepare TFTP files?
; This is mostly only useful if you plan on using more
; traditional (non-iPXE) setups and regualar PXE bootstrapping
; into iPXE.
; 0.) Only accepts (case-insensitive):
; yes|no
; true|false
; 1|0
; If it is undefined, it is assumed to be no.
tftp = yes
; Enable automatic Git pushing for any changes done to the
; project itself? If you don't have upstream write access,
; you'll want to set this to False.
; 0.) Only accepts (case-insensitive):
; yes|no
; true|false
; 1|0
; If it is undefined, it is assumed to be no.
git = no
; Enable rsync pushing for the ISO (and other files, if
; you choose- useful for iPXE over HTTP(S)).
rsync = no
#---------------------------------------------------------#
# This section controls details about HTTP file preparation/
# generation. Only used if sync:http = True (or
# 'yes', etc.)
#---------------------------------------------------------#
[http]
; This directory is where to build an HTTP webroot.
; 0.) No whitespace
; 1.) If blank, HTTP preparation/generation will not be done
; 2.) If specified, it will be created if it doesn't exist
path = ${build:basedir}/http
; What user and group, if applicable, should the HTTP files
; be owned as? This is most likely going to be either 'http',
; 'nginx', or 'apache'.
; 0.) No whitespace
; 1.) User must exist on system
; 2.) If sync:httpdir is blank, they will not be used
user = http
group = http
#---------------------------------------------------------#
# This section controls details about TFTP file
# preparation/generation. Only used if
# sync:tftp = True (or 'yes', etc.)
#---------------------------------------------------------#
[tftp]
; The directory where we want to build a TFTP root.
; 0.) No whitespace
; 1.) If blank, TFTP preparation/generation will not be done
; 2.) If specified, it will be created if it doesn't exist
path = ${build:basedir}/tftpboot
; What user and group, if applicable, should the TFTP files
; be owned as? This is most likely going to be either 'tftp'
; or 'root'.
; 0.) No whitespace
; 1.) User must exist on system
; 2.) If sync:tftpdir is blank, they will not be used
user = root
group = root
#---------------------------------------------------------#
# This section controls aspects of iPXE building. Only used
# if build:ipxe = True (or 'yes', etc.)
#---------------------------------------------------------#
[ipxe]
; Build a "mini-ISO"; that is, an ISO file that can be used
; to bootstrap an iPXE environment (so you don't need to set
; up a traditional PXE environment on your LAN). We'll still
; build a full standalone ISO no matter what.
; 0.) Only accepts (case-insensitive):
; yes|no
; true|false
; 1|0
; 1.) Requires actual git to be installed.
; If it is undefined, it is assumed to be no.
iso = yes
; Build a "mini-USB" image? Same concept as the ISO file but
; this can be dd'd onto a USB thumbdrive for the same effect.
; 0.) Only accepts (case-insensitive):
; yes|no
; true|false
; 1|0
; 1.) Requires actual git to be installed.
; If it is undefined, it is assumed to be no.
usb = yes
; What URI should iPXE's EMBED script use?
; If you require HTTP BASIC Authentication or HTTP Digest
; Authentication (untested), you can format it via:
;
; https://user:password@domain.tld/page.php
;
; This currently does not work for HTTPS with self-signed
; certificates.
; 0.) REQUIRED if iso and/or usb is set to True/yes/etc.
; 1.) Must be a valid URI understood by minimal versions
; of curl.
uri = https://bdisk.square-r00t.net
; Directory to hold SSL results, if we are generating
; keys, certificates, etc.
ssldir = ${build:dlpath}/ssl
; Path to the (root) CA certificate file iPXE should use.
; Note that you can use your own CA to sign existing certs.
; See http://ipxe.org/crypto for more info. This is handy if
; you run a third-party/"Trusted" root-CA-signed certificate
; for the HTTPS target.
; 0.) No whitespace
; 1.) Must be in PEM/X509 format
; 2.) REQUIRED if iso and/or usb is set to True/yes/etc.
; 3.) If it exists, a matching key (ssl_cakey) MUST be
; specified
; 4.) HOWEVER, if left blank/doesn't exist, one will be
; automatically generated
ssl_ca = ${ssldir}/ca.crt
; Path to the (root) CA key file iPXE should use.
; 0.) No whitespace
; 1.) Must be in PEM/X509 format
; 2.) REQUIRED if iso and/or usb is set to True/yes/etc.
; 3.) If left blank or it doesn't exist (and ssl_ca is also
; blank), one will be automatically generated
; 4.) MUST match ssl_ca if specified/exists
; 5.) MUST NOT be passphrase-protected
ssl_cakey = ${ssldir}/ca.key
; Path to the CLIENT certificate iPXE should use.
; 0.) No whitespace
; 1.) Must be in PEM/X509 format
; 2.) REQUIRED if iso and/or usb is set to True/yes/etc.
; 3.) If specified/existent, a matching CA cert (ssl_ca)
; and key (ssl_cakey) MUST be specified
; 4.) HOWEVER, if left blank/nonexistent, one will be generated
; 5.) MUST be signed by ssl_ca/ssl_ca if specified
ssl_crt = ${ssldir}/main.crt
; Path to the CLIENT key iPXE should use.
; 0.) No whitespace
; 1.) Must be in PEM/X509 format
; 2.) REQUIRED if iso and/or usb is set to True/yes/etc.
; 4.) If left blank/nonexistent (and ssl_ca is also blank),
; one will be automatically generated
ssl_key = ${ssldir}/main.key
#---------------------------------------------------------#
# This section controls aspects of rsync pushing. Only used
# if sync:rsync = True (or 'yes', etc.)
#---------------------------------------------------------#
[rsync]
; This is the rsync destination host.
host = bdisk.square-r00t.net
; This is the remote user we should use when performing the
; rsync push.
user = root
; This is the remote destination path we should use for
; pushing via rsync.
; 0.) No whitespace
; 1.) The path MUST exist on the remote host
; 2.) The path MUST be writable by rsync:user
; RECOMMENDED: you'll probably want to set http:(user|group)
; to what it'll need to be on the destination.
path = /srv/http/${bdisk:uxname}_ipxe