RIP d00d

.gitignore

@@ -31,3 +31,6 @@ extra/pre-build.d/etc/openvpn/client.conf
 overlay/etc/ssh/*
 overlay/home/bdisk
 overlay/etc/systemd/system/multi-user.target.wants/openvpn@client.service
+src/ipxe_local/ssl/keys
+src/ipxe_local/ssl/crts
+src/ipxe_local/ssl/txt

README.obsolete

@@ -0,0 +1,7 @@
+!!!!!!!!!!! NOTE !!!!!!!!!!!!!
+
+THIS BRANCH IS *NO LONGER MAINTAINED*.
+IT HAS BEEN OBSOLETED BY THE (now merged into master) "python_rewrite" BRANCH.
+DO NOT SEND BUGS REGARDING THIS BRANCH.
+DO NOT USE THIS BRANCH.
+IT IS ONLY KEPT AROUND FOR HISTORICAL REASONS.

bin/build.sh

@@ -7,6 +7,8 @@
 #DEBUG
 #set -x
 
+echo "Starting at $(date)..."
+
 ## Import settings
 if [ -f "build.conf" ];
 then
@@ -72,6 +74,8 @@ do
  fi
 done
 
+source ${BASEDIR}/lib/00-depcheck.func.sh
+
 if [ ! -f "./BUILDNO" ];
 then
  echo '0' > ./BUILDNO
@@ -81,12 +85,12 @@ CHROOTDIR_GLOB="${CHROOTDIR}"
 BUILDDIR_GLOB="${BUILDDIR}"
 
 # Set the version.
-VERSION="$(git describe --abbrev=0 --tags)-$(git rev-parse --short --verify HEAD)"
+BUILDVERSION="$(git describe --abbrev=0 --tags)-$(git rev-parse --short --verify HEAD)"
 BUILD="$(cat BUILDNO)"
 BUILD="$(expr ${BUILD} + 1)"
 echo ${BUILD} > ./BUILDNO
 BUILDTIME="$(date)"
-BUILD_MACHINE="$(hostname -f)"
+BUILD_MACHINE="$(hostname -f) (${HOST_DIST})"
 #BUILD_USERNAME="${SUDO_USER}"
 #BUILD_USERNAME="$(who am i | awk '{print $1}')"
 set +e ; logname > /dev/null 2>&1
@@ -99,8 +103,8 @@ fi
 set -e
 USERNAME_REAL="$(grep ${BUILD_USERNAME} /etc/passwd | cut -f5 -d':')"
 
-cat > VERSION_INFO.txt << EOF
-Version:	${VERSION}
+cat > ${BASEDIR}/VERSION_INFO.txt << EOF
+Version:	${BUILDVERSION}
 Build:		${BUILD}
 Time:		${BUILDTIME}
 Machine:	${BUILD_MACHINE}
@@ -109,17 +113,18 @@ EOF
 
 ## FUNCTIONS ##
 
-source lib/02-im_batman.func.sh
-source lib/03-holla_atcha_boi.func.sh
-source lib/04-release_me.func.sh
-source lib/05-facehugger.func.sh
-source lib/06-chroot_wrapper.func.sh
-source lib/07-jenny_craig.func.sh
-source lib/08-centos_is_stupid.func.sh
-source lib/09-will_it_blend.func.sh
-source lib/10-stuffy.func.sh
-source lib/11-yo_dj.func.sh
-source lib/12-mentos.func.sh
+#source ${BASEDIR}/lib/00-depcheck.func.sh ## this should be called like, VERYYYY first thing, right after sanity/safety checks and such.
+source ${BASEDIR}/lib/01-mk.chroot.func.sh ## this is called automatically and only if no chroot exists
+source ${BASEDIR}/lib/02-holla_atcha_boi.func.sh
+source ${BASEDIR}/lib/03-release_me.func.sh
+source ${BASEDIR}/lib/04-facehugger.func.sh
+source ${BASEDIR}/lib/05-chroot_wrapper.func.sh
+source ${BASEDIR}/lib/06-jenny_craig.func.sh
+source ${BASEDIR}/lib/07-centos_is_stupid.func.sh
+source ${BASEDIR}/lib/08-will_it_blend.func.sh
+source ${BASEDIR}/lib/09-stuffy.func.sh
+source ${BASEDIR}/lib/10-yo_dj.func.sh
+source ${BASEDIR}/lib/11-mentos.func.sh
 
 ## The Business-End(TM) ##
 
@@ -132,16 +137,6 @@ release_me 64 > /dev/null 2>&1
 release_me 32 > /dev/null 2>&1
 
 # do we need to perform any updates?
-if [[ -f "${CHROOTDIR}root.x86_64/root/chroot" || -f "${CHROOTDIR}root.i686/root/chroot" ]];
-then
-  chroot_wrapper 64
-  chroot_wrapper 32
-  centos_is_stupid
-  will_it_blend 64
-  will_it_blend 32
-  yo_dj
-fi
-
 if [[ ${1} == "update" ]];
 then
   mentos
@@ -160,8 +155,24 @@ then
   exit 0
 fi
 
+# implement for future, needs tweaking- JUST rebuild the ISO.
+#if [[ ${1} == "respin" ]];
+#then
+#  if [[ "${MULTIARCH}" == "y" ]]; 
+#  then
+#    centos_is_stupid
+#    yo_dj any 
+#  else
+#    centos_is_stupid
+#    yo_dj 64
+#    centos_is_stupid
+#    yo_dj 32
+#  fi  
+#fi
+# 
+
 # or are we just building?
-if [[ ${1} == "build" ]] || [ -z ${1} ] || [[ ${1} == "all" ]];
+if [[ ${1} == "build" || -z ${1} || ${1} == "all" ]];
 then
   if [[ "${MULTIARCH}" == "y" ]];
   then
@@ -194,4 +205,4 @@ fi
 
 # yay! we're done!
 rm -f ${LOCKFILE}
-echo "Finished successfully!"
+echo "Finished successfully at $(date)!"

bin/clean.sh

@@ -1,5 +1,7 @@
 #!/bin/bash
 
+echo "Started at $(date)..."
+
 ## Import settings
 if [ -f "build.conf" ];
 then
@@ -82,3 +84,5 @@ do
 done
 
 rm -f ${LOCKFILE}
+
+echo "Finished successfully at $(date)!"

docs/FAQ

@@ -0,0 +1,33 @@
+BDisk Frequently Asked(/Unasked) Questions
+
+
+
+0.) Why does it take so long to build?
+1.) Why is the generated ISO file so big?
+2.) How do I find the version/release/etc. number of an ISO?
+
+
+=========================================================
+
+
+
+0.) WHY DOES IT TAKE SO LONG TO BUILD?
+A: This typically occurs when you're building from within a LiveCD/LiveUSB situation, in a VM/container/etc., or on a headless server.
+If this is the case, you may run into what appears to be "stalling", especially while keys are generating for the chroots.
+Thankfully, there is an easy fix. You can install the "haveged"(http://www.issihosts.com/haveged/) software and run it. This will
+show an immediate and non-negligible improvement for the above contexts. If you have extra power to throw at it (or are using a dedicated build box)
+as well, I recommend enabling I_AM_A_RACECAR in your build.conf. BDisk will then be more aggressive with its resource consumption.
+
+
+1.) WHY IS THE GENERATED ISO FILE SO BIG?
+A: You may have enabled a LOT of packages in extra/packages.(32|64|both). Or you're using the default set of packages, which tries to include a LOT
+of different (and in some cases, redundant) packages for widespread utilization and usage. In addition, keep in mind that BDisk builds a single ISO
+that can be used on both i686 architectures AND full x86_64 architectures ("AMD64" as you may sometimes see it referenced). Because it doesn't cheat
+and just use a 64-bit kernel with a 32-bit userland, it needs two different squash images on each ISO- one for 32-bit userland and one for 64-bit
+userland.
+
+2.) HOW DO I FIND THE VERSION/RELEASE/ETC. NUMBER OF AN ISO?
+A: This can be found in a multitude of places. The full-size ISO file (iso/<distname>-<git tag>-<git rev number>-(32|64|any).iso) should have the
+version right in the file name. If you want more detailed information (or perhaps you renamed the file), you can mount the ISO as loopback in GNU/Linux,
+*BSD, or Mac OS X and check /path/to/mounted/iso/VERSION_INTO.txt. Lastly, within the runtime itself (especially handy if booting via iPXE), you can
+check /root/VERSION_INFO.txt within the running live environment.

docs/LICENSE

@@ -0,0 +1 @@
+COPYING

docs/README

@@ -16,6 +16,9 @@ It should be fine over ethernet, since hardware switches are much faster and eff
 Future versions, once this project has a dumping ground, will fetch highly compressed snapshotted chroot filesystems instead
 of dynamically building the entire install chroots (both x86_64 and i686) instead (with the option of building fresh locally,
 disabled by default).
+
+Maybe.
+
 Till then, sorry for the inconvenience.
 !!!!!!!!!!!!!!!!!!!!!!
 
@@ -56,11 +59,6 @@ All commands below should be issued in the root working directory of this git re
 but also disk space for working, the finished ISO(s), etc.)
 
 -The following packages installed on the build host:
-(NOTE: future versions will have dependencies checked automatically and installed if necessary,
-depending on distro your host build machine is. the OS detection and package installation component of that isn't
-done yet though. 2014.10.31)
-(NOTE2: Make sure all the packages you specify are valid package names. A mistyped package name will cause the chroot creation to
-break and everything else will break as a result.)
 
 curl
 dosfstools
@@ -72,9 +70,24 @@ squashfs-tools
 xorriso (in RPMForge repo for CentOS 7)
 xz
 
-and *probably* a few others. The scripts run with set -e for the most part, so if something's missed, you'll know.
+and maybe a few others. The scripts run with set -e for the most part, so if something's missed, you'll know.
 Oh, you will know.
 
+If these packages are missing, they will be automatically installed. Currently, the following distros as host build systems
+are supported (assumes most recent release):
+
+Antergos
+Arch
+CentOS
+Debian
+Fedora
+Gentoo
+Mageia
+Manjaro
+openSUSE
+RHEL
+SUSE
+Ubuntu
 
 ## Configuration ##
 See extra/build.conf.sample. Copy to <PROJECT ROOT>/build.conf if you wish to modify any of the values, otherwise the defaults
@@ -105,6 +118,18 @@ Also note the following files/paths:
 --/mirror.lst.sh:
 	Builds a fresh mirror list. Note that it is US based.
 
+-docs:
+	Documentation for BDisk.
+--/COPYING:
+	See LICENSE.
+--/README:
+	This file.
+--/LICENSE:
+	The license file.
+--/FAQ:
+	Several quick questions you might have.
+--/TODO:
+	Some features, bug fixes, etc. I have planned.
 -examples:
 	Included recommendation for how to lay things out, etc.
 --/HTTP:
@@ -112,7 +137,7 @@ Also note the following files/paths:
 -extra:
 	Supporting files for the base building system (mirrorlist, etc.).
 --/${UXNAME}.png:
-	A 640x480 8-bit RGBA colour PNG which will be used as the background for the bootsplash (if booting via BIOS and not UEFI)
+L	A 640x480 8-bit RGBA colour PNG which will be used as the background for the bootsplash (if booting via BIOS and not UEFI)
 --/bootstrap/apacman-*.tar.xz:
 	An AUR-enabled package manager. Necessary for AUR support.
 --/build.conf.sample:
@@ -130,6 +155,8 @@ Also note the following files/paths:
 --/pre-build.d:
 	Contains files injected into the system. Both 64-bit and 32-bit environments. Note: be sure to place them in hierarchical order
 	(e.g. if you wish to have a file at /usr/foo/bar, you will need to place it in <PROJECT ROOT>/extra/pre-build.d/usr/foo/bar)
+        (NOTE: Make sure all the packages you specify are valid package names. A mistyped or nonexistent package name will cause the chroot
+        creation to break and everything else will break as a result.)
 --/pre-build.d/32:
 	Same as above, but only for 32-bit environments.
 --/pre-build.d/64:
@@ -143,8 +170,6 @@ Also note the following files/paths:
 	Here you can find full output of the runs. They are prefixed with run's PID number, and named after the function they occur in.
 -overlay:
 	These files are applied AFTER the initial setup of the chroots. Same hierarchy rules as extra/pre-build.d.
--README:
-	This file.
 -src:
 	Supporting source code/source code from other projects.
 --ipxe/:
@@ -153,14 +178,12 @@ Also note the following files/paths:
 	Various patches and supporting configs to tweak the iPXE build.
 -tftpboot:
 	Files to be served via TFTP for PXE booting. This directory is wiped out during any bin/clean.sh operation.
--TODO:
-	This is just what I'm using to track stuff I want to add.
 
 
 You may notice other files come and go; they're mostly there for extra goodies/used to determine other things.
 
 ## (Re)Building ##
-Building must be done as root, and on an Arch x86_64 system (future versions will allow for non-Arch distros).
+Building must be done as root, and on a supported distro (see Prerequisites for a list).
 
 # bin/build.sh
 
@@ -168,3 +191,10 @@ Yeah. It's that easy. The finished product is in iso/.
 
 
 If you want more verbosity, check out the logs/ directory.
+
+
+## Submitting Patches ##
+If you have a fix or feature you'd like added, please follow the same pull request process for the kernel
+(https://www.kernel.org/doc/Documentation/SubmittingPatches) and email to bts@square-r00t.net
+
+Alternatively, file a bug at https://bugs.square-r00t.net/index.php?project=2 with a patch attached.

docs/TODO

@@ -6,6 +6,7 @@
 -- https://github.com/akopytov/sysbench
 -- (http://blog.due.io/2014/linode-digitalocean-and-vultr-comparison/ etc.)
 -package in AUR
+-base rewrite in python. pyalpm may come in handy here.
 
 
 ## NETWORKING ##
@@ -22,23 +23,28 @@
 
 ## Building ##
 
+-GUMMIBOOT IS GONE FROM THE REPOS. I could repackage it, but better to just see what the hell archiso's doing.
 -WISH: Better logging[0]
+-WISH: signing for secureboot releases (PreLoader and gummiboot handle this okay, but require manual intervention
 -use manual chrooting functions ONLY if distro not detected as arch. if /usr/bin/systemd-nspawn exists, use that instead
 --does arch-chroot work across all distros? see https://wiki.archlinux.org/index.php/Install_bundled_32-bit_system_in_Arch64 and https://wiki.archlinux.org/index.php/Chroot
 --i think this might be unnecessary. testing across other major distros is necessary, but i think i can just use the chroot'd arch-chroot
 -tweak build.conf (and build.conf.sample) to source the pwd and set as BASEDIR ***if*** the project resources are present in pwd, otherwise throw warning
 --this is half-done;PWD is currently used by default.
 -does gummiboot? loader? wtfever it's called support splash backgrounds? can i implement that differently somehow?
+--yes, see e.g. https://www.reddit.com/r/archlinux/comments/3bwgf0/where_put_the_splasharchbmp_to_splash_screen_boot/
 -strip out/remove unnecessary and orphan packages (e.g. gcc, make, automake, etc.)
 -incorporate iPXE tweaks:
 --http://ipxe.org/crypto 
 --http://ipxe.org/cmd/imgtrust
 --http://ipxe.org/cmd/imgverify
---enable use of custom CA/self-signed certs for HTTPS etc.
--X-platform
---what distros are supported?
---automatically install what we need for buildtime
---hardcode list of runtime dependencies (e.g. openssh, vim, etc.)
+--enable use of custom CA/self-signed certs for HTTPS etc. DONE, partially. need to incorporate codesign certs/keys. routines, conf variables
+-enable mirror= kernel commandline.
+--if mirror_(NAME) is present, use that as repo name.
+--if it starts with /, treat as mirrorlist (Include); otherwise use Server = 
+--if it has mirror_SIG-X, set signature options e.g. _SIG-N would be "SigLevel = Never"
+-iPXE background support. sed -rf "${BASEDIR}/src/ipxe_local/script.sed" ${SRCDIR}/ipxe/src/config/general.h ; sed -rf "${BASEDIR}/src/ipxe_local/script2.sed" ${SRCDIR}/ipxe/src/config/console.h
+--note that iPXE VESAFB console is not (yet) supported in EFI, so this is on hold.
 
 ## Split into Separate Tools CD ##
 

extra/build.conf.sample

@@ -71,6 +71,35 @@ BUILDMINI="no"
 # This currently does not work for HTTPS with self-signed certificates.
 IPXE_URI="https://bdisk.square-r00t.net"
 
+# Path to the (root) CA certificate file (in PEM/X509 format) iPXE should use.
+# If one is not specified, one will be generated.
+# Only used if BUILDMINI is set to yes.
+# Please properly escape any spaces or other funky characters.
+# Note that you can use your own CA to sign existing certs. See http://ipxe.org/crypto for
+# more info. This is handy if you run a third-party/"Trusted" root-CA-signed certificate
+# for the HTTPS target.
+# Requires IPXE_SSL_CAKEY if specified.
+IPXE_SSL_CA=""
+
+# Path to the (root) CA key file (in PEM/X509 format) iPXE should use.
+# If one is not specified, one will be generated.
+# Only used if BUILDMINI is set to yes.
+# Please properly escape any spaces or other funky characters.
+# Requires IPXE_SSL_CA if specified.
+IPXE_SSL_CAKEY=""
+
+# Path to the CLIENT certificate (in PEM/X509). If one is not specified, one will be generated.
+# Only used if BUILDMINI is set to yes.
+# Please properly escape any spaces or other funky characters.
+# Requires IPXE_SSL_KEY if specified.
+IPXE_SSL_CRT=""
+
+# Path to the CLIENT key (in PEM/X509). If one is not specified, one will be generated.
+# Only used if BUILDMINI is set to yes.
+# Please properly escape any spaces or other funky characters.
+# Requires IPXE_SSL_CRT if specified.
+IPXE_SSL_KEY=""
+
 # Set to "yes" to enable pushing new changes to a git repo/committing to a local repo
 GIT="no"
 
@@ -132,6 +161,11 @@ I_AM_A_RACECAR="no"
 # The following should not be changed unless you are ABSOLUTELY, 100% SURE and COMPLETELY POSITIVE
 # about what you are doing!!!
 
+# This can be used to override automatic distro-detection.
+# If you DO set this, be sure that you have a matching profile in
+# ${BASEDIR}/lib/prereqs/<Distro>/meta !!
+HOST_DIST=""
+
 # This used to be defined statically, but is now dynamically appended. Please don't alter this
 # unless you renamed the chroot directory paths.
 CHROOTDIR="${BASEDIR}/"

extra/mirrorlist

@@ -1,7 +1,7 @@
-# Server list generated by rankmirrors on 2015-02-26
+# Server list generated by rankmirrors on 2016-07-09
+Server = http://mirror.us.leaseweb.net/archlinux/$repo/os/$arch
 Server = http://mirrors.advancedhosters.com/archlinux/$repo/os/$arch
-Server = http://mirror.umd.edu/archlinux/$repo/os/$arch
-Server = http://mirror.vtti.vt.edu/archlinux/$repo/os/$arch
-Server = http://mirror.jmu.edu/pub/archlinux/$repo/os/$arch
-Server = http://mirror.es.its.nyu.edu/archlinux/$repo/os/$arch
+Server = http://ftp.osuosl.org/pub/archlinux/$repo/os/$arch
 Server = http://mirrors.rutgers.edu/archlinux/$repo/os/$arch
+Server = http://mirror.jmu.edu/pub/archlinux/$repo/os/$arch
+Server = http://arch.mirrors.ionfish.org/$repo/os/$arch

extra/packages.both

@@ -3,27 +3,29 @@
 abs
 acpi
 #acpidump
-afflib
+#afflib
 aircrack-ng
 apr
 apr-util
-arch-install-scripts
-archiso
 arj
 asciidoc
 atop
 autopsy
 autossh
+backuppc
+#bacula ## TODO: grab all the bacula packages in here
 beep
 bin86
 bind-tools
 binutils
 bluez-utils
 bonnie++
+boxbackup-client
+boxbackup-server
 bozocrack-git
 bridge-utils
+burp-backup-git
 btrfs-progs
-bzip2
 cabextract
 cdrtools
 cdw
@@ -33,17 +35,17 @@ chntpw
 cifs-utils
 ckermit
 clamav
+clonezilla
 cmospwd
 colordiff
-coreutils
 cowpatty
 cpio
 cpuburn
 cpupower
 crackpkcs12
-cronie
-#cryptcat
+cryptcat
 cryptsetup
+csync2
 customizepkg-scripting
 dar
 dcfldd
@@ -52,10 +54,7 @@ dd_rescue
 dd_rhelp
 debianutils
 debootstrap
-dhclient
-dhcp
-dhcpcd
-dialog
+#dialog #giving a weird dependency issue
 diffutils
 djohn
 dmidecode
@@ -63,7 +62,6 @@ dnssec-anchors
 dnstracer
 #dnsutils #replaced by bind-tools, https://www.archlinux.org/packages/extra/x86_64/bind-tools/
 dos2unix
-dosfstools
 dropbear
 dstat
 dump
@@ -73,8 +71,6 @@ dvd+rw-tools
 e2fsprogs
 ecryptfs-utils
 ed
-efibootmgr
-efivar
 elfutils
 #elilo-efi
 elinks
@@ -110,8 +106,8 @@ gpm
 gptfdisk
 gst-libav
 gst-plugins-ugly
-gummiboot
 hashcat
+hashdeep
 hddtemp
 hdparm
 hexcurse
@@ -132,10 +128,8 @@ iozone
 ipcalc
 iperf
 iperf3
-iproute2
 ipsec-tools
 iptraf-ng
-iputils
 irssi
 iso-codes
 isomaster
@@ -145,43 +139,51 @@ jfsutils
 john
 keyutils
 kismet-allplugins
-libisoburn
 lftp
 links
-localepurge
-#logkeys
-logkeys-keymaps
+#logkeys-git # requires a /dev/input, which apparently isn't included in the chroots
 lm_sensors
 lrzsz
 lshw
-lsiutil
+#lsiutil # giving intermittent errors when trying to fetch source
 lsof
 lsscsi
-lxde
+#lxde # apacman currently doesn't like package groups, so...
+gpicview
+lxappearance
+lxappearance-obconf
+lxde-common
+lxde-icon-theme
+lxdm
+lxinput
+lxlauncher
+lxmusic
+lxpanel
+lxrandr
+lxsession
+lxtask
+lxterminal
+openbox
+pcmanfm
+# end lxde
 lynx
-lz4
 #lzip
-lzo
-lzop
 macchanger
-magicrescue
+#magicrescue # no longer maintained, upstream down
 mbr
 mbuffer
 mcelog
-md5deep
 mdadm
 mdcrack
-megaraid-cli
+# superseded by storcli
+#megaraid-cli
 memtester
 mfoc
 minicom
-mkinitcpio-nfs-utils
-ms-sys
+#mondo # mindi-busybox fails to build 09.23.2016
 mtd-utils
-mtools
 mtr
 mtree
-#mtx
 multipath-tools
 myrescue
 nbd
@@ -189,11 +191,8 @@ ncftp
 ncompress
 ncrack
 net-snmp
-net-tools
-netctl
 netselect
 nettle
-networkmanager
 networkmanager-pptp
 nginx-devel
 ngrep
@@ -201,16 +200,18 @@ nmap
 nmon
 ntfs-3g
 ntfsfixboot
-nwipe
+#nwipe #broken since they moved to github(?)
+nwipe-git
+obnam
 open-iscsi
 openipmi
-openssh
-openvpn
 ophcrack
 os-prober
 p7zip
 pack
 par2cmdline
+partclone
+partclone-utils
 parted
 partimage
 pax-utils
@@ -222,21 +223,19 @@ php
 php-fpm
 php-gd
 php-mcrypt
-#phrasendrescher
+phrasendrescher
 pigz
 pkgfile
 pkgtools
 ppp
 pptpclient
-prebootloader
 procinfo-ng
 procps-ng
 progsreiserfs
 psmisc
-pv
 pwgen
-pxz
-pyrit-svn
+pixz
+pyrit
 python2-gnuplot
 python2-pyx
 rarcrack
@@ -251,37 +250,31 @@ rpcbind
 rpmextract
 rp-pppoe
 rsnapshot
-rsync
 rygel
 safecopy
 samba
+scalpel-git
 scapy
 screen
 scrounge-ntfs
 scrub
 scsiadd
 sdparm
-sed
 setserial
 sg3_utils
 sharutils
-shorewall
 sipcalc
 sipcrack
 smartmontools
 smbclient
 s-nail
 socat
-squashfs3-tools
-squashfs-tools
-#star
+#star ## do people even USE tape backups anymore?
+storcli
 strace
 stress
 sucrack
-sudo
 symlinks
-sysfsutils
-syslinux
 sysstat
 tcpdump
 tcpslice
@@ -292,14 +285,14 @@ thin-provisioning-tools
 thttpd
 tmon
 tmux
-traceroute
 tre
-truecrack-svn
+truecrack-git
 truecrypt
 tor
 udftools
 #udpcast
 unace
+unison
 unrar
 unshield
 unzip
@@ -318,7 +311,7 @@ vncrack
 vnstat
 vpnc
 weplab
-whdd
+#whdd #currently depends on dialog, which is broke as shit
 whois
 wifite-mod-pixiewps-git
 wipe
@@ -332,6 +325,8 @@ xfsprogs
 xmlto
 xorg
 xorg-drivers
+xorg-xinit
+xterm
 zerofree
 zip
 zsh

extra/pre-build.d/32/etc/pacman.conf

@@ -37,7 +37,8 @@ VerbosePkgLists
 
 # By default, pacman accepts packages signed by keys that its local keyring
 # trusts (see pacman-key and its man page), as well as unsigned packages.
-SigLevel    = Required DatabaseOptional
+#SigLevel    = Required DatabaseOptional #RE-ENABLE ME WHEN A NEW SNAPSHOT IS RELEASED WITH FIXED GPG
+SigLevel    = Never
 LocalFileSigLevel = Optional
 #RemoteFileSigLevel = Required
 

extra/pre-build.d/64/etc/pacman.conf

@@ -37,7 +37,8 @@ VerbosePkgLists
 
 # By default, pacman accepts packages signed by keys that its local keyring
 # trusts (see pacman-key and its man page), as well as unsigned packages.
-SigLevel    = Required DatabaseOptional
+#SigLevel    = Required DatabaseOptional #RE-ENABLE ME WHEN A NEW SNAPSHOT IS RELEASED WITH FIXED GPG
+SigLevel    = Never
 LocalFileSigLevel = Optional
 #RemoteFileSigLevel = Required
 

extra/pre-build.d/etc/apacman.conf

@@ -11,27 +11,26 @@
 #buildonly=1
 #cachevcs=1
 #ignorearch=1
-#needed=1
+#keepkeys=1
+needed=1
+#noaur=1
 noconfirm=1
 noedit=1
-#noaur=1
-#noconfirm=1
-#noedit=1
-#nofail=1
+nofail=1
 #preview=1
-#purgebuild=1
+progress=1
+purgebuild=1
 #quiet=1
-#skipcache=1
-skipinteg=1
+skipcache=1
+#skipinteg=1
 #skiptest=1
 #warn=1
-tmpdir=/var/tmp/apacman
-TMPDIR=/var/tmp/apacman
 
 #
 # CONFIGURATION
 #
 
+#builddir="/tmp/pkgbuild-$UID"
 #tmpdir="/tmp/apacmantmp-$UID"
 #makepkgconf="/etc/makepkg.conf"
 #usermakepkgconf="$HOME/.makepkg.conf"
@@ -39,19 +38,21 @@ TMPDIR=/var/tmp/apacman
 #downdir="/var/cache/pacman/pkg"
 #savedir="/var/cache/apacman/pkg"
 #editor="nano -w"
-editor="vim"
+#pager="less -R"
 #RPCURL="https://aur.archlinux.org/rpc.php?type"
 #PKGURL="https://aur.archlinux.org"
+#WEBURL="https://www.archlinux.org"
 #ABSURL="rsync.archlinux.org"
 
 #
 # COLORIZATION
 #
 
-COLOR1='\e[1;39m'
-COLOR2='\e[1;32m'
-COLOR3='\e[1;35m'
-COLOR4='\e[1;36m'
-COLOR5='\e[1;34m'
-COLOR6='\e[1;33m'
-COLOR7='\e[1;31m'
+#COLOR1='\e[1;39m'
+#COLOR2='\e[1;32m'
+#COLOR3='\e[1;35m'
+#COLOR4='\e[1;36m'
+#COLOR5='\e[1;34m'
+#COLOR6='\e[1;33m'
+#COLOR7='\e[1;31m'
+

extra/pre-build.d/etc/customizepkg.d/autopsy

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+# original URL at sourceforge chokes out
+sed -re 's@^(source=\(").*$@\1ftp://ftp.gnome.org/mirror/temp/sf2015/a/au/autopsy/autopsy/2.24/autopsy-2.24.tar.gz")@g' ${1}

extra/pre-build.d/etc/customizepkg.d/dd_rhelp

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+sed -i -e 's/build(/package(/g' ${1}

extra/pre-build.d/etc/customizepkg.d/etc-update

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+sed -i -re 's/^(url=)\((.*)\)$/\1\2/g' ${1}

extra/pre-build.d/etc/customizepkg.d/fang

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+sed -i -re 's/^(url=)\((.*)\)$/\1\2/g' ${1}

extra/pre-build.d/etc/customizepkg.d/libnfc

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+sed -i -re 's/^(url=)\((.*)\)$/\1\2/g' ${1}

extra/pre-build.d/etc/customizepkg.d/lsiutil

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+sed -re 's@^(source=\(").*$@\1https://github.com/kwilczynski/lsi/blob/master/lsiutil/LSIUtil_1.62.zip?raw=true")@g' ${1}

extra/pre-build.d/etc/customizepkg.d/ms-sys

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+# original URL at sourceforge chokes out
+sed -re 's@^(source=\(").*$@\1http://fossies.org/linux/privat/${pkgname}-${pkgver}.tar.gz")@g' ${1}

extra/pre-build.d/etc/customizepkg.d/whdd

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+if [[ ! -f "/usr/lib/libdialog.so" ]];
+then
+  echo "Please run the following: sudo ln -s /usr/lib/libdialog.so.1.2 /usr/lib/libdialog.so"
+  echo "This package will fail to build otherwise."
+fi

extra/pre-build.d/etc/customizepkg.d/wifite-mod-pixiewps-git

@@ -1,3 +1,3 @@
 #!/bin/bash
 
-sed -i -e 's/any/x86_64/g' ${1}
+sed -i -re "s/'any'/'i686' 'x86_64'/g" ${1}

extra/pre-build.d/etc/mkinitcpio.conf

@@ -64,4 +64,4 @@ COMPRESSION="xz"
 
 # COMPRESSION_OPTIONS
 # Additional options for the compressor
-#COMPRESSION_OPTIONS=""
+COMPRESSION_OPTIONS="-9"

extra/pre-build.d/etc/pacman.d/mirrorlist

@@ -1,7 +1,6 @@
-# Server list generated by rankmirrors on 2014-11-10
-Server = http://mirror.rit.edu/archlinux/$repo/os/$arch
-Server = http://mirror.cc.columbia.edu/pub/linux/archlinux/$repo/os/$arch
-Server = http://mirrors.acm.wpi.edu/archlinux/$repo/os/$arch
-Server = http://mirror.jmu.edu/pub/archlinux/$repo/os/$arch
-Server = http://mirror.cs.pitt.edu/archlinux/$repo/os/$arch
-Server = http://mirror.vtti.vt.edu/archlinux/$repo/os/$arch
+Server = http://mirrors.advancedhosters.com/archlinux/$repo/os/$arch
+Server = http://mirrors.gigenet.com/archlinux/$repo/os/$arch
+Server = http://il.mirrors.linaxe.net/archlinux/$repo/os/$arch
+Server = http://mirror.grig.io/archlinux/$repo/os/$arch
+Server = http://arch.mirrors.ionfish.org/$repo/os/$arch
+Server = http://cosmos.cites.illinois.edu/pub/archlinux/$repo/os/$arch

extra/pre-build.d/root/post-build.sh

@@ -3,6 +3,6 @@
 set -e
 
 apacman --noconfirm --noedit -S --needed customizepkg-scripting
-
+ln -s /usr/lib/libdialog.so.1.2 /usr/lib/libdialog.so
 
 echo "Done."

extra/pre-build.d/usr/lib/initcpio/install/archiso_http_custom

@@ -4,6 +4,9 @@ build() {
     add_runscript
 
     add_binary curl
+
+    add_full_dir /etc/ssl
+    add_full_dir /etc/ca-certificates
 }
 
 help() {

lib/00-depcheck.func.sh

@@ -1,3 +1,93 @@
 #!/bin/bash
 
-# placeholder...
+function so_check_me_out {
+
+ FUNCNAME="depcheck"
+
+ if [[ -n ${HOST_DIST} ]]; 
+ then
+   if [[ ! -f ${BASEDIR}/lib/prereqs/${HOST_DIST}/meta || ! -f ${BASEDIR}/lib/prereqs/${HOST_DIST}/pkgs ]]; 
+   then
+     echo "ERROR: You have specified ${HOST_DIST} as your host system's distro, but it is missing a meta and/or pkgs profile."
+     exit 1
+   fi  
+ fi
+
+ set +e
+ if [[ -z "${HOST_DIST}" ]]; 
+ then
+   for dist_profile in $(find "${BASEDIR}"/lib/prereqs -type f -name 'meta');
+   do  
+     source ${dist_profile}
+     if [[ "${SUPPORTED}" != "yes" ]];
+     then
+       continue
+     fi
+     eval "${CHECK_METHOD}" > /dev/null 2>&1
+     if [[ "${?}" == "0" ]]; 
+     then
+       export HOST_DIST="${NAME}"
+       echo "Detected distro as ${HOST_DIST}."
+       break 2
+     fi
+   done
+ fi
+ set -e
+
+ # Sanity is important.
+ if [[ -z "${HOST_DIST}" ]];
+ then
+   echo "ERROR: Your distro was not found/detected, or is flagged as unsupported."
+   exit 1
+ fi
+
+ # So we've validated the distro. Here, check for packages and install if necessary. maybe use an array, but it'd be better to soft-fail if one of the packages is missing.
+
+ DISTRO_DIR="${BASEDIR}/lib/prereqs/${HOST_DIST}"
+ META="${DISTRO_DIR}/meta"
+ PKGLIST="${DISTRO_DIR}/pkgs"
+
+ # And once more, just to be safe.
+ source ${META}
+
+ ## TWEAKS GET RUN HERE.
+ distro_specific_tweaks
+
+ if [[ "${PRE_RUN}" != 'none' ]];
+ then
+   echo "Now updating your local package cache..."
+   set +e
+   eval "${PRE_RUN}" >> "${LOGFILE}.${FUNCNAME}" 2>&1
+   if [[ "${?}" != "0" ]];
+   then
+     echo "ERROR: Syncing your local package cache via ${PRE_RUN} command failed."
+     echo "Please ensure you are connected to the Internet/have repositories configured correctly."
+     exit 1
+   fi
+   set -e
+ fi
+
+ set +e
+ while read pkgname;
+ do
+   eval "${PKG_CHK}" >> "${LOGFILE}.${FUNCNAME}" 2>&1
+   if [[ "${?}" != "0" ]];
+   then
+     echo "Installing ${pkgname}..."
+     eval "${PKG_MGR}" >> "${LOGFILE}.${FUNCNAME}" 2>&1
+     if [[ "${?}" != "0" ]];
+     then
+       echo "ERROR: ${pkgname} was not found to be installed and we can't install it."
+       echo "This usually means you aren't connected to the Internet or your package repositories"
+       echo "are not configured correctly. Review the list of packages in ${PKGLIST} and ensure"
+       echo "they are all available to be installed."
+       exit 1
+     fi
+   fi
+ done < ${PKGLIST}
+ set -e
+
+ rm -f "${LOCKFILE}"
+}
+
+so_check_me_out

lib/01-mk.chroot.func.sh

@@ -109,10 +109,10 @@ function mkchroot {
     echo "Local: ${LOCSUM32}"
     echo "Remote: ${CKSUM32}"
     echo "Fetching fresh copy."
-    curl -o latest.32.tar.gz "${RLSDIR}/${CURRLS32}" >> "${LOGFILE}.${FUNCNAME}" 2>&1
+    curl -o latest.32.tar.gz "${RLSDIR}/${CURRLS32}"
   fi
  else
-   curl -o latest.32.tar.gz "${RLSDIR}/${CURRLS32}" >> "${LOGFILE}.${FUNCNAME}" 2>&1
+   curl -o latest.32.tar.gz "${RLSDIR}/${CURRLS32}"
  fi
  
  if [ ! -f "${CHROOTDIR32}/etc/pacman.d/gnupg/trustdb.gpg" ] || [ ! -f "${CHROOTDIR64}/etc/pacman.d/gnupg/trustdb.gpg" ];
@@ -147,6 +147,7 @@ HOME_URL="https://www.archlinux.org/"
 SUPPORT_URL="https://bbs.archlinux.org/"
 BUG_REPORT_URL="https://bugs.archlinux.org/"
 EOF
+     cp ${BASEDIR}/VERSION_INFO.txt ${BASEDIR}/root.${i}/.
    done   
 
    # And make it usable.
@@ -167,6 +168,7 @@ EOF
     echo "Done."
     echo -n "...Importing keys..."
     ${CHROOTCMD} ${i}/ pacman-key --populate archlinux >> "${LOGFILE}.${FUNCNAME}" 2>&1
+    ${CHROOTCMD} ${i}/ pacman-key -r 93481F6B >> "${LOGFILE}.${FUNCNAME}" 2>&1  # add developer's keys
     echo "Done."
     # Prep base building system
     echo -n "...Installing base packages..."
@@ -178,7 +180,8 @@ EOF
     for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done
     echo "Done."
     echo -n "...Upgrading any outdated packages..."
-    ${CHROOTCMD} ${i}/ pacman -Syyu --noconfirm >> "${LOGFILE}.${FUNCNAME}" 2>&1
+    ${CHROOTCMD} ${i}/ pacman -Syyu --force --noconfirm >> "${LOGFILE}.${FUNCNAME}" 2>&1
+    ${CHROOTCMD} ${i}/ pacman-key --refresh-keys >> "${LOGFILE}.${FUNCNAME}" 2>&1
     for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done
     echo "Done. Finishing/cleaning up..."
     ${CHROOTCMD} ${i}/ pacman -S --noconfirm --needed base-devel >> "${LOGFILE}.${FUNCNAME}" 2>&1
@@ -194,7 +197,8 @@ EOF
     #${CHROOTCMD} ${i} "pacman --noconfirm -U /var/tmp/pkg/apacman.tar.xz" >> "${LOGFILE}.${FUNCNAME}" 2>&1
     ${CHROOTCMD} ${i} bash -c "pacman --noconfirm -U /var/tmp/pkg/apacman.tar.xz && mkdir /var/tmp/apacman && chmod 0750 /var/tmp/apacman && chown root:aurbuild /var/tmp/apacman " >> "${LOGFILE}.${FUNCNAME}" 2>&1
     for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done
-    ${CHROOTCMD} ${i} bash -c "apacman -S --noconfirm --noedit --skipinteg -S apacman-deps expac" >> "${LOGFILE}.${FUNCNAME}" 2>&1
+    ${CHROOTCMD} ${i} bash -c "apacman -S --noconfirm --noedit --skipinteg -S  apacman apacman-deps expac" >> "${LOGFILE}.${FUNCNAME}" 2>&1
+    ${CHROOTCMD} ${i} bash -c "apacman --gendb" >> "${LOGFILE}.${FUNCNAME}" 2>&1
     #rm -rf ${i}/var/tmp/pkg
     #${CHROOTCMD} ${i}/ pacman -S --noconfirm --needed yaourt >> "${LOGFILE}.${FUNCNAME}" 2>&1
     for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done
@@ -212,38 +216,76 @@ EOF
   sed -i -e "/^[[:space:]]*#*MAKEFLAGS=.*$/aMAKEFLAGS=\"-j${CPUCNT}\"" ${CHROOTDIR32}/etc/makepkg.conf
  fi
  
- # preprocessing
- sed -i -e '/base-devel/d ; /multilib-devel/d' ${BASEDIR}/extra/packages.*
+ # Baseline packages
+ echo "Installing baseline packages..."
+ PKGLIST=$(sed -e '/^[[:space:]]*#/d ; /^[[:space:]]*$/d' ${BASEDIR}/lib/prereqs/iso.pkgs.lst | tr '\n' ' ')
+ for i in ${CHROOTDIR32} ${CHROOTDIR64};
+ do
+  set +e
+  for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done
+  set -e
+  ${CHROOTCMD} ${i}/ bash -c "yes '' | apacman --noconfirm --noedit --skipinteg -S --needed ${PKGLIST}" >> "${LOGFILE}.${FUNCNAME}" 2>&1
+  ${CHROOTCMD} ${i}/ "apacman --gendb" >> "${LOGFILE}.${FUNCNAME}" 2>&1
+  set +e
+  for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done
+  set -e
+ done
+ # 32-bit
+ PKGLIST=$(sed -e '/^[[:space:]]*#/d ; /^[[:space:]]*$/d' ${BASEDIR}/lib/prereqs/iso.pkgs.lst.32 | tr '\n' ' ')
+ if [ -n "${PKGLIST}" ];
+ then
+   ${CHROOTCMD} ${CHROOTDIR32}/ /usr/bin/bash -c "apacman --noconfirm --noedit --skipinteg -S --needed ${PKGLIST}" >> "${LOGFILE}.${FUNCNAME}" 2>&1
+   ${CHROOTCMD} ${CHROOTDIR32}/ "apacman --gendb" >> "${LOGFILE}.${FUNCNAME}" 2>&1
+ fi
+ set +e
+ for x in $(find ${CHROOTDIR32}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%.pacorig} ; done
+ set -e
+ # 64-bit
+ PKGLIST=$(sed -e '/^[[:space:]]*#/d ; /^[[:space:]]*$/d' ${BASEDIR}/lib/prereqs/iso.pkgs.lst.64 | tr '\n' ' ')
+ if [ -n "${PKGLIST}" ];
+ then
+   ${CHROOTCMD} ${CHROOTDIR64}/ /usr/bin/bash -c "apacman --noconfirm --noedit --skipinteg -S --needed ${PKGLIST}" >> "${LOGFILE}.${FUNCNAME}" 2>&1
+   ${CHROOTCMD} ${CHROOTDIR64}/ "apacman --gendb" >> "${LOGFILE}.${FUNCNAME}" 2>&1
+ fi
+ set +e
+ for x in $(find ${CHROOTDIR64}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%.pacorig} ; done
+ set -e
+
+ # extra packages
+ sed -i -e '/base-devel/d ; /multilib-devel/d' ${BASEDIR}/extra/packages.{both,64}
  # both
- echo "Installing common packages..."
+ echo "Installing extra common packages..."
  PKGLIST=$(sed -e '/^[[:space:]]*#/d ; /^[[:space:]]*$/d' ${BASEDIR}/extra/packages.both | tr '\n' ' ')
  for i in ${CHROOTDIR32} ${CHROOTDIR64};
  do
     echo "Running post-build tasks in ${i}..."
+    chmod 700 ${i}/root/post-build.sh
     ${CHROOTCMD} ${i}/ "/root/post-build.sh" >> "${LOGFILE}.${FUNCNAME}" 2>&1
     for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done
     set +e
     ${CHROOTCMD} ${i}/ /usr/bin/bash -c "apacman --noconfirm --noedit --skipinteg -S --needed linux" >> "${LOGFILE}.${FUNCNAME}" 2>&1
-    cp -a ${i}/boot/vmlinuz-linux ${i}/boot/vmlinuz-linux-${PNAME}
-    cp -a ${i}/boot/initramfs-linux.img ${i}/boot/initramfs-linux-${PNAME}.img
+    ${CHROOTCMD} ${i}/ "apacman --gendb" >> "${LOGFILE}.${FUNCNAME}" 2>&1
+    cp -a ${i}/boot/vmlinuz-linux ${i}/boot/vmlinuz-linux-${DISTNAME}
+    cp -af ${i}/boot/initramfs-linux.img ${i}/boot/initramfs-linux-${DISTNAME}.img
     set -e
     for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done
     # Uncomment if you wish to use the mkpasswd binary from within the chroot...
     #${CHROOTCMD} ${i}/ bash -c "apacman --noconfirm --noedit --skipinteg -S --needed debian-whois-mkpasswd" >> "${LOGFILE}.${FUNCNAME}" 2>&1
     #for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done
     echo -n "Regular packages..."
-    set +e
     ${CHROOTCMD} ${i}/ bash -c "yes '' | apacman --noconfirm --noedit --skipinteg -S --needed ${PKGLIST}" >> "${LOGFILE}.${FUNCNAME}" 2>&1
+    ${CHROOTCMD} ${i}/ "apacman --gendb" >> "${LOGFILE}.${FUNCNAME}" 2>&1
+    set +e
     for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done
-    # User creation
     set -e
+    # User creation
     echo -n "...Creating ${REGUSR} user..."
     ${CHROOTCMD} ${i}/ useradd -m -s /bin/bash -c "Default user" ${REGUSR} >> "${LOGFILE}.${FUNCNAME}" 2>&1
     ${CHROOTCMD} ${i}/ usermod -aG users,games,video,audio ${REGUSR} >> "${LOGFILE}.${FUNCNAME}" 2>&1
     ${CHROOTCMD} ${i}/ passwd -d ${REGUSR} >> "${LOGFILE}.${FUNCNAME}" 2>&1
     mkdir -p ${i}/etc/sudoers.d ; chmod 750 ${i}/etc/sudoers.d
-    echo "${REGUSR} ALL=(ALL) ALL" >> ${i}/etc/sudoers.d/${REGUSR}
-    if [ -n "${REGUSR_PASS}" ];
+    printf "Defaults:${REGUSR} \041lecture\n${REGUSR} ALL=(ALL) ALL\n" >> ${i}/etc/sudoers.d/${REGUSR}
+    if [[ -n "${REGUSR_PASS}" && "${REGUSR_PASS}" != '{[BLANK]}' ]];
     then
       #${CHROOTCMD} ${i}/ "/usr/bin/echo ${REGUSR}:${REGUSR_PASS} | chpasswd -e" >> "${LOGFILE}.${FUNCNAME}" 2>&1
       sed -i -e "s|^${REGUSR}::|${REGUSR}:${REGUSR_PASS}:|g" ${i}/etc/shadow
@@ -253,7 +295,7 @@ EOF
     else
       ${CHROOTCMD} ${i}/ usermod -L ${REGUSR} >> "${LOGFILE}.${FUNCNAME}" 2>&1
     fi
-    if [ -n "${ROOT_PASS}" ];
+    if [[ -n "${ROOT_PASS}" && "${ROOT_PASS}" != '{[BLANK]}' ]];
     then
       #${CHROOTCMD} ${i}/ "/usr/bin/echo root:${ROOT_PASS} | chpasswd -e" >> "${LOGFILE}.${FUNCNAME}" 2>&1
       sed -i -e "s|^root::|root:${ROOT_PASS}:|g" ${i}/etc/shadow
@@ -273,12 +315,12 @@ EOF
   set +e
   for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%.pacorig} ; done
   ${CHROOTCMD} ${i}/ /usr/bin/bash -c "mkinitcpio -p linux" >> "${LOGFILE}.${FUNCNAME}" 2>&1
-  cp -a ${i}/boot/initramfs-linux.img ${i}/boot/initramfs-linux-${PNAME}.img
+  cp -af ${i}/boot/initramfs-linux.img ${i}/boot/initramfs-linux-${DISTNAME}.img
   set -e
  done
  
  # 32-bit
- echo "Installing packages for 32-bit..."
+ echo "Installing extra packages for 32-bit..."
  PKGLIST=$(sed -e '/^[[:space:]]*#/d ; /^[[:space:]]*$/d' ${BASEDIR}/extra/packages.32 | tr '\n' ' ')
  if [ -n "${PKGLIST}" ];
  then
@@ -290,7 +332,7 @@ EOF
  echo "Done."
  
  # 64-bit
- echo "Installing packages for 64-bit..."
+ echo "Installing estra packages for 64-bit..."
  PKGLIST=$(sed -e '/^[[:space:]]*#/d ; /^[[:space:]]*$/d' ${BASEDIR}/extra/packages.64 | tr '\n' ' ')
  if [ -n "${PKGLIST}" ];
  then
@@ -326,10 +368,13 @@ EOF
  echo "Done."
 
  
- rm -f ${LOCKFILE}
+ #rm -f ${LOCKFILE}
  
  echo "Chroot setup complete."
 
 }
 
-mkchroot
+if [[ ! -f "${BASEDIR}/root.x86_64/VERSION_INFO.txt" && ! -f "${BASEDIR}/root.x86_64/VERSION_INFO.txt" ]];
+then
+  mkchroot
+fi

lib/02-holla_atcha_boi.func.sh

@@ -1,5 +1,7 @@
 function holla_atcha_boi {
 
+ FUNCNAME="holla_atcha_boi"
+
  if [[ "${I_AM_A_RACECAR}" == "y" ]]; 
  then
    RACECAR_CHK='nice -n -19 '
@@ -7,6 +9,7 @@ function holla_atcha_boi {
    RACECAR_CHK=""
  fi
 
+ so_check_me_out
 
   # Do we have an existing chroot set up yet? If not, create.
   if [[ ! -d "root.x86_64/root" || ! -d "root.i686/root" ]];

lib/02-im_batman.func.sh

@@ -1,30 +0,0 @@
-function im_batman {
-  set +e # false errors are bad mmk
-  # Detect the distro and set some vars
-  if [ -f "/usr/bin/yum" ]; # CentOS/Redhat, etc.
-  then
-    OS_STRING='RHEL-like'
-    DISTRO='RHEL'
-    INST_CMD='yum -y install '
-  elif [ -f "/usr/bin/pacman" ]; # Arch, Manjaro, etc.
-  then
-    OS_STRING='Arch-like'
-    DISTRO='Arch'
-    INST_CMD='pacman -S '
-  elif [ -f "/usr/bin/emerge" ]; # Gentoo
-  then
-    OS_STRING='Gentoo-like'
-    DISTRO='Gentoo'
-    INST_CMD='emerge '
-  elif [ -f "/usr/bin/apt-get" ]; # Debian, Ubuntu (and derivatives), etc.
-  then
-    OS_STRING='Debian-like'
-    DISTRO="Debian"
-    INST_CMD='apt-get install '
-  else
-    echo 'Sorry, I cannot detect which distro you are running. Please report this along with what distro you are running. Dying now.'
-    exit 1
-  fi
-
-  set -e # and turn this back on lolz
-}

lib/03-release_me.func.sh

@@ -1,4 +1,7 @@
 function release_me () {
+
+  FUNCNAME="release_me"
+
   ## check for mountpoints from a manual chroot and umount them if they're still mounted.
   ## NOTE: you can use findmnt(8) to view a tree of mountpoints, including bindmounts etc.
   # Is there an active chroot?

lib/04-facehugger.func.sh

@@ -1,4 +1,7 @@
 function facehugger () {
+
+  FUNCNAME="facehugger"
+
   local ARCHSUFFIX="${1}"
   if [[ "${1}" == "64" ]]; 
   then

lib/05-chroot_wrapper.func.sh

@@ -1,4 +1,7 @@
 function chroot_wrapper () {
+
+  FUNCNAME="chroot_wrapper"
+
   local ARCHSUFFIX="${1}"
   if [[ "${1}" == "64" ]]; 
   then

lib/06-jenny_craig.func.sh

@@ -1,4 +1,7 @@
 function jenny_craig () {
+
+  FUNCNAME="jenny_craig"
+
   BUILDDIR="${BUILDDIR_GLOB}"
   if [[ "${1}" == "64" ]]; 
   then

lib/07-centos_is_stupid.func.sh

@@ -0,0 +1,102 @@
+function centos_is_stupid {
+
+  FUNCNAME="centos_is_stupid"
+
+  if [[ "${HOST_DIST}" == "CentOS" || "${HOST_DIST}" == "RHEL" ]];
+  then
+    if [[ "$(rpm -qa | egrep -q '^xorriso-[0-9]')" != "0" ]];
+    then
+      # Download/install the proper xorriso
+      EL_VER="$(rpm -qa coreutils | sed -re 's/^coreutils-[0-9.-]*el([0-9])*.*$/\1/g')"
+      if (("${EL_VER}" < "7"));
+      then
+        echo "Wow. Your CentOS/RHEL is too old. Sorry; this is only supported on CentOS/RHEL 7 and up."
+        exit 1
+      fi
+      XORRISO_RPM=$(curl -s http://pkgs.repoforge.org/xorriso/ | egrep "\"xorriso-[0-9.-]*el${EL_VER}.rf.x86_64.rpm\"" | sed -re "s/^.*\"(xorriso[0-9.-]*el${EL_VER}.rf.x86_64.rpm).*$/\1/g")
+      echo "Since you're using either CentOS or RHEL, we need to install xorriso directly from an RPM. Please wait while we do this..."
+      curl -sLo /tmp/${XORRISO_RPM} http://pkgs.repoforge.org/xorriso/${XORRISO_RPM}
+      set +e
+      yum -y install /tmp/${XORRISO_RPM} >> "${LOGFILE}.${FUNCNAME}" 2>&1
+      set -e
+      echo "Done."
+      echo
+    fi
+    # We used to fetch and compile mksquashfs from source here, but no longer- because a new enough version is *finally* in CentOS repos as of CentOS 7.
+    # This also lets us cut out the crufty version check and replace it with the one above.
+  fi
+
+  # UGH. And you know what? Fuck SUSE too.
+  if [[ "${HOST_DIST}" == "openSUSE" || "${HOST_DIST}" == "SUSE" ]];
+  then
+    if [[ "$(rpm -qa | egrep -q '^xorriso-[0-9]')" != "0" ]];
+    then
+      # Download/install the proper xorriso
+      source /etc/os-release
+      SUSE_VER="${VERSION_ID}"
+      XORRISO_RPM=$(curl -s "http://software.opensuse.org/download.html?project=home%3AKnolleblau&package=xorriso" | egrep "/openSUSE_${SUSE_VER}/x86_64/xorriso-[0-9.-]" | tail -n1 | sed -re 's|^.*x86_64/(xorriso-[0-9.-]*.x86_64.rpm).*$|\1|g')
+      echo "Since you're using openSUSE or SLED/SLES, we need to install xorriso directly from an RPM. Please wait while we do this..."
+      curl -sLo /tmp/${XORRISO_RPM} "http://download.opensuse.org/repositories/home:/Knolleblau/openSUSE_${SUSE_VER}/x86_64/${XORRISO_RPM}"
+      cp /etc/zypp/zypp.conf /etc/zypp/zypp.conf_BAK."${$}"
+      echo 'pkg_gpgcheck = no' >> /etc/zypp/zypp.conf
+      zypper install --no-confirm -l /tmp/${XORRISO_RPM} >> "${LOGFILE}.${FUNCNAME}" 2>&1
+      mv -f /etc/zypp/zypp.conf_BAK."${$}" /etc/zypp/zypp.conf
+      echo "Done."
+ 
+      echo
+    fi
+  fi
+ 
+  # And a double fuck-you to SLED/SLES.
+  if [[ "${HOST_DIST}" == "SUSE" ]];
+  then
+    source /etc/os-release
+    source ${BASEDIR}/lib/prereqs/SUSE/meta
+    SUSE_VER="${VERSION_ID}"
+    SUSE_REL="${ID}"
+    SDK_PKGS=(binutils-devel git xz-devel xz-devel-32bit zlib-devel zlib-devel-32bit)
+    
+    if [[ "${PRE_RUN}" != 'none' ]];
+    then
+      echo "Now updating your local package cache..."
+      set +e
+      eval "${PRE_RUN}" >> "${LOGFILE}.${FUNCNAME}" 2>&1
+      if [[ "${?}" != "0" ]];
+      then
+        echo "ERROR: Syncing your local package cache via ${PRE_RUN} command failed."
+        echo "Please ensure you are connected to the Internet/have repositories configured correctly."
+        exit 1
+      fi
+      set -e
+    fi
+
+    zypper search binutils-devel | egrep -q '^[[:space:]]*|[[:space:]]*binutils-devel[[:space:]]*'
+    if [[ "${?}" != "0" ]];
+    then
+      echo
+      echo "In order to install some of the necessary packages on the host, you will need to add the SLE SDK repository."
+      echo "It can be downloaded by visiting http://download.suse.com/ and search for 'SUSE Linux Enterprise Software Development Kit'"
+      echo "(or add it to your subscriptions)."
+      echo "See https://www.suse.com/documentation/${SUSE_REL}-${SUSE_VER}/book_sle_deployment/data/sec_add-ons_sdk.html for more information."
+      exit 1
+    else
+      for pkgname in "${SDK_PKGS[@]}";
+      do
+        eval "${PKG_CHK}" >> "${LOGFILE}.${FUNCNAME}" 2>&1
+        if [[ "${?}" != "0" ]];
+        then
+          echo "Installing ${pkgname}..."
+          eval "${PKG_MGR}" >> "${LOGFILE}.${FUNCNAME}" 2>&1
+          if [[ "${?}" != "0" ]];
+          then
+            echo "ERROR: ${pkgname} was not found to be installed and we can't install it."
+            echo "This usually means you aren't connected to the Internet or your package repositories"
+            echo "are not configured correctly. Review the list of packages in ${PKGLIST} and ensure"
+            echo "they are all available to be installed."
+          fi
+        fi
+      done
+   fi
+ fi
+
+}

lib/08-centos_is_stupid.func.sh

@@ -1,70 +0,0 @@
-function centos_is_stupid {
-  echo "Checking for appropriate kernel version and mksquashfs version..."
-  SQFS_VER=$(mksquashfs -version 2>&1 | head -n1 | awk '{print $3}' | sed -re 's/(^[0-9]*\.[0-9]*).*$/\1/g')
-  KERN_VER=$(uname -r | cut -f1 -d"-")
-  SQUASH_OPTS="-noappend -comp xz"
-
-  set +e
-  ver_check() {
-    [ "$1" == "$2" ] && return 10
-    ver1front=`echo $1 | cut -d "." -f -1`
-    ver1back=`echo $1 | cut -d "." -f 2-`
-    ver2front=`echo $2 | cut -d "." -f -1`
-    ver2back=`echo $2 | cut -d "." -f 2-`
-     if [ "$ver1front" != "$1" ] || [ "$ver2front" != "$2" ]; then
-         [ "$ver1front" -gt "$ver2front" ] && return 11
-         [ "$ver1front" -lt "$ver2front" ] && return 9
-         [ "$ver1front" == "$1" ] || [ -z "$ver1back" ] && ver1back=0
-         [ "$ver2front" == "$2" ] || [ -z "$ver2back" ] && ver2back=0
-         ver_check "$ver1back" "$ver2back"
-         return $?
-     else
-         [ "$1" -gt "$2" ] && return 11 || return 9
-     fi
-  }    
-  ver_check ${KERN_VER} "2.6.38"
-  KERNTEST=${?}
-  ver_check ${SQFS_VER} "4.2"
-  SQFSTEST=${?}
-  if [ ${KERNTEST} -lt "10" ];
-  then
-    echo "You need a newer kernel to even think about doing this. (>= 2.6.38)"
-    echo "If you're on CentOS, there are 3.x branches available via the elrepo repository."
-    echo "I recommend the 'kernel-lt' package from there."
-    echo "Bailing out."
-    exit 1
-  #elif [ ${SQFS_VER} -ge "4.2" ] && [ ${KERN_VER} -ge "2.6.38" ];
-  elif [ ${SQFSTEST} -ge "10" ] && [ ${KERNTEST} -ge "10" ];
-  then
-    #echo "Awesome; your mksquashfs (if found) is not less than v4.2."
-    SQUASH_CMD=$(which mksquashfs)
-    if [ ${?} != "0" ];
-    then
-      echo "...Except you need to install whatever package you need to for mksquashfs."
-      exit 1
-    else
-     SQUASH_CMD=$(which mksquashfs)
-    fi
-  elif [ ${SQFSTEST} -lt "10" ] && [ ${KERNTEST} -ge "10" ];
-  then
-    if [ ! -f ${SRCDIR}/squashfs4.2/squashfs-tools/mksquashfs ];
-    then
-      echo "Boy howdy. We need to compile a custom version of the squashfs-tools because you aren't running a version that supports XZ. Give me a second."
-      set -e
-      mkdir -p ${SRCDIR} ${BASEDIR}/bin
-      cd ${SRCDIR}
-      #wget --quiet -O squashfs4.2.tar.gz "http://downloads.sourceforge.net/project/squashfs/squashfs/squashfs4.2/squashfs4.2.tar.gz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fsquashfs%2Ffiles%2F&ts=1387047818&use_mirror=hivelocity"
-      curl -o squashfs4.2.tar.gz "http://downloads.sourceforge.net/project/squashfs/squashfs/squashfs4.2/squashfs4.2.tar.gz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fsquashfs%2Ffiles%2F&ts=1387047818&use_mirror=hivelocity" >> "${LOGFILE}.${FUNCNAME}" 2>&1
-      tar -zxf squashfs4.2.tar.gz
-      cd squashfs4.2/squashfs-tools
-      make clean
-      sed -i -e 's/^#\(XZ_SUPPORT\)/\1/g' Makefile
-      make
-      SQUASH_CMD="${SRCDIR}/squashfs4.2/squashfs-tools/mksquashfs"
-    else
-      echo "Using custom-compiled mksquashfs from an earlier run."
-      SQUASH_CMD="${SRCDIR}/squashfs4.2/squashfs-tools/mksquashfs"
-    fi
-  fi
-  set -e
-}

lib/08-will_it_blend.func.sh

@@ -1,4 +1,10 @@
 function will_it_blend () {
+
+  FUNCNAME="will_it_blend"
+
+  SQUASH_CMD="mksquashfs"
+  SQUASH_OPTS="-noappend -comp xz"
+
   local ARCHSUFFIX="${1}"
   if [[ "${1}" == "64" ]]; 
   then
@@ -69,14 +75,19 @@ function will_it_blend () {
   # and now we copy stuff into the live directories
   echo "[${ARCHSUFFIX}-bit] Copying files for PXE, and ISO building, please be patient."
   #rm -rf ${TEMPDIR}/*
+  if [ ! -f ${BASEDIR}/extra/${UXNAME}.png ];
+  then
+    cat ${BASEDIR}/extra/bdisk.png > ${BASEDIR}/extra/${UXNAME}.png
+  fi
   cp -af ${BASEDIR}/extra/${UXNAME}.png ${TEMPDIR}/.
   cp -af ${BASEDIR}/extra/${UXNAME}.png ${TFTPDIR}/.
   mkdir -p ${TEMPDIR}/boot
-  cp -af ${CHROOTDIR}/boot/initramfs-linux-${PNAME}.img ${TEMPDIR}/boot/${UXNAME}.${ARCHSUFFIX}.img
-  cp -af ${CHROOTDIR}/boot/vmlinuz-linux-${PNAME} ${TEMPDIR}/boot/${UXNAME}.${ARCHSUFFIX}.kern
-  cp -af ${CHROOTDIR}/boot/initramfs-linux-${PNAME}.img ${TFTPDIR}/${UXNAME}.${ARCHSUFFIX}.img
-  cp -af ${CHROOTDIR}/boot/vmlinuz-linux-${PNAME} ${TFTPDIR}/${UXNAME}.${ARCHSUFFIX}.kern
+  cp -af ${CHROOTDIR}/boot/initramfs-linux-${DISTNAME}.img ${TEMPDIR}/boot/${UXNAME}.${ARCHSUFFIX}.img
+  cp -af ${CHROOTDIR}/boot/vmlinuz-linux-${DISTNAME} ${TEMPDIR}/boot/${UXNAME}.${ARCHSUFFIX}.kern
+  cp -af ${CHROOTDIR}/boot/initramfs-linux-${DISTNAME}.img ${TFTPDIR}/${UXNAME}.${ARCHSUFFIX}.img
+  cp -af ${CHROOTDIR}/boot/vmlinuz-linux-${DISTNAME} ${TFTPDIR}/${UXNAME}.${ARCHSUFFIX}.kern
   cp -af ${ARCHBOOT}/* ${HTTPDIR}/${DISTNAME}/.
+  cp -af ${TFTPDIR}/* ${HTTPDIR}/.
   chown -R ${HTTPUSR}:${HTTPGRP} ${HTTPDIR}
   chown ${TFTPUSR}:${TFTPGRP} ${TFTPDIR}/${UXNAME}.*
 }

lib/09-stuffy.func.sh

@@ -1,5 +1,7 @@
 function stuffy {
 
+  FUNCNAME="stuffy"
+
   cp -f ${BASEDIR}/VERSION_INFO.txt ${TEMPDIR}/.
 
   if [[ "${I_AM_A_RACECAR}" == "y" ]]; 
@@ -12,21 +14,25 @@ function stuffy {
   echo "Setting up EFI stuff..."
 
   mkdir -p ${TEMPDIR}/{EFI/{${DISTNAME},boot},loader/entries}
-  # this stuff comes from the prebootloader pkg and gummiboot pkg. lets us boot on UEFI machines with secureboot still enabled.
-  cp ${BASEDIR}/root.x86_64/usr/lib/prebootloader/PreLoader.efi ${TEMPDIR}/EFI/boot/bootx64.efi
-  cp ${BASEDIR}/root.x86_64/usr/lib/prebootloader/HashTool.efi ${TEMPDIR}/EFI/boot/.
-  cp ${BASEDIR}/root.x86_64/usr/lib/gummiboot/gummibootx64.efi ${TEMPDIR}/EFI/boot/loader.efi # TODO: can i use syslinux.efi instead?
+  # this stuff comes from the prebootloader pkg and systemd-boot. lets us boot on UEFI machines with secureboot still enabled.
+  # the signed prebootloader binaries, however, have been replaced by non-signed ones. so we need to fetch them.
+  # fetched from http://blog.hansenpartnership.com/linux-foundation-secure-boot-system-released/
+  curl -so ${TEMPDIR}/EFI/boot/bootx64.efi "http://blog.hansenpartnership.com/wp-uploads/2013/PreLoader.efi" # MD5: 4f7a4f566781869d252a09dc84923a82 TODO: implement checksumming check
+  curl -so ${TEMPDIR}/EFI/boot/HashTool.efi http://blog.hansenpartnership.com/wp-uploads/2013/HashTool.efi
+  #cp ${BASEDIR}/root.x86_64/usr/lib/prebootloader/PreLoader.efi ${TEMPDIR}/EFI/boot/bootx64.efi
+  #cp ${BASEDIR}/root.x86_64/usr/lib/prebootloader/HashTool.efi ${TEMPDIR}/EFI/boot/.
+  cp ${BASEDIR}/root.x86_64/usr/lib/systemd/boot/efi/systemd-bootx64.efi ${TEMPDIR}/EFI/boot/loader.efi # TODO: can i use syslinux.efi instead?
 
   echo "Checking/fetching UEFI shells..."
   if [ ! -f "${TEMPDIR}/EFI/shellx64_v2.efi" ];
   then
     # EFI Shell 2.0 for UEFI 2.3+ ( http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=UEFI_Shell )
-    curl -o ${TEMPDIR}/EFI/shellx64_v2.efi https://svn.code.sf.net/p/edk2/code/trunk/edk2/ShellBinPkg/UefiShell/X64/Shell.efi >> "${LOGFILE}.${FUNCNAME}" 2>&1
+    curl -o ${TEMPDIR}/EFI/shellx64_v2.efi "https://github.com/tianocore/edk2/blob/master/ShellBinPkg/UefiShell/X64/Shell.efi?raw=true" >> "${LOGFILE}.${FUNCNAME}" 2>&1
   fi
   if [ ! -f "${TEMPDIR}/EFI/shellx64_v1.efi" ];
   then
     # EFI Shell 1.0 for non UEFI 2.3+ ( http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=Efi-shell )
-    curl -o ${TEMPDIR}/EFI/shellx64_v1.efi https://svn.code.sf.net/p/edk2/code/trunk/edk2/EdkShellBinPkg/FullShell/X64/Shell_Full.efi >> "${LOGFILE}.${FUNCNAME}" 2>&1
+    curl -o ${TEMPDIR}/EFI/shellx64_v1.efi "https://github.com/tianocore/edk2/blob/master/EdkShellBinPkg/FullShell/X64/Shell_Full.efi?raw=true" >> "${LOGFILE}.${FUNCNAME}" 2>&1
   fi
 
   # now for setting up loader config/entries. maybe add memtest or something in the future? i dunno.
@@ -67,9 +73,10 @@ EOF
   # now we need to calculate the space for various files we're going to include...
   FATSIZE=$(stat --format="%s" ${TEMPDIR}/boot/${UXNAME}.64.kern) # EFI/BDISK/bdisk.efi
   FATSIZE=$((${FATSIZE} + $(stat --format="%s" ${TEMPDIR}/boot/${UXNAME}.64.img))) # EFI/BDISK/bdisk.img
-  FATSIZE=$((${FATSIZE} + $(stat --format="%s" ${BASEDIR}/root.x86_64/usr/lib/prebootloader/PreLoader.efi))) # EFI/boot/bootx64.efi
-  FATSIZE=$((${FATSIZE} + $(stat --format="%s" ${BASEDIR}/root.x86_64/usr/lib/prebootloader/HashTool.efi))) # EFI/boot/HashTool.efi
-  FATSIZE=$((${FATSIZE} + $(stat --format="%s" ${BASEDIR}/root.x86_64/usr/lib/gummiboot/gummibootx64.efi))) # EFI/boot/loader.efi
+  #FATSIZE=$((${FATSIZE} + $(stat --format="%s" ${BASEDIR}/root.x86_64/usr/lib/prebootloader/PreLoader.efi))) # EFI/boot/bootx64.efi
+  FATSIZE=$((${FATSIZE} + $(stat --format="%s" ${TEMPDIR}/EFI/boot/bootx64.efi))) # EFI/boot/bootx64.efi
+  FATSIZE=$((${FATSIZE} + $(stat --format="%s" ${TEMPDIR}/EFI/boot/HashTool.efi))) # EFI/boot/HashTool.efi
+  FATSIZE=$((${FATSIZE} + $(stat --format="%s" ${BASEDIR}/root.x86_64/usr/lib/systemd/boot/efi/systemd-bootx64.efi))) # EFI/boot/loader.efi
   FATSIZE=$((${FATSIZE} + $(stat --format="%s" ${TEMPDIR}/EFI/shellx64_v1.efi)))
   FATSIZE=$((${FATSIZE} + $(stat --format="%s" ${TEMPDIR}/EFI/shellx64_v2.efi)))
   FATSIZE=$((${FATSIZE} + $(du -sb ${TEMPDIR}/loader | tail -n1 | awk '{print $1}'))) # loader/* (okay so i cheated a little here.)
@@ -108,9 +115,9 @@ title   UEFI Shell (v1)
 efi    /EFI/shellx64_v1.efi
 EOF
 
-  cp ${BASEDIR}/root.x86_64/usr/lib/prebootloader/PreLoader.efi ${SRCDIR}/efiboot/EFI/boot/bootx64.efi
-  cp ${BASEDIR}/root.x86_64/usr/lib/prebootloader/HashTool.efi ${SRCDIR}/efiboot/EFI/boot/.
-  cp ${BASEDIR}/root.x86_64/usr/lib/gummiboot/gummibootx64.efi ${SRCDIR}/efiboot/EFI/boot/loader.efi # TODO: can i use syslinux.efi instead?
+  cp ${TEMPDIR}/EFI/boot/bootx64.efi ${SRCDIR}/efiboot/EFI/boot/bootx64.efi
+  cp ${TEMPDIR}/EFI/boot/HashTool.efi ${SRCDIR}/efiboot/EFI/boot/.
+  cp ${BASEDIR}/root.x86_64/usr/lib/systemd/boot/efi/systemd-bootx64.efi ${SRCDIR}/efiboot/EFI/boot/loader.efi # TODO: can i use syslinux.efi instead?
   cp ${TEMPDIR}/EFI/shellx64_v{1,2}.efi ${SRCDIR}/efiboot/EFI/.
   umount ${SRCDIR}/efiboot
   echo "EFI configuration complete..."

lib/10-yo_dj.func.sh

@@ -1,16 +1,19 @@
 function yo_dj () {
+
+  FUNCNAME="yo_dj"
+
   ARCH="${1}"
   echo "Building the actual .iso image. This may take a while."
-  im_batman
-  ISOFILENAME="${UXNAME}-${VERSION}.iso"
-  #MINIFILENAME="${UXNAME}-${VERSION}-mini.iso"
+  #im_batman ## WHYTF IS THIS HERE?!
+  ISOFILENAME="${UXNAME}-${BUILDVERSION}.iso"
+  #MINIFILENAME="${UXNAME}-${BUILDVERSION}-mini.iso"
   MINIFILENAME="${UXNAME}-mini.iso"
   USBFILENAME="${UXNAME}-mini.usb.img"
   if [[ "${MULTIARCH}" == "y" ]];
   then
-    ISOFILENAME="${UXNAME}-${VERSION}-any.iso"
+    ISOFILENAME="${UXNAME}-${BUILDVERSION}-any.iso"
   else
-    ISOFILENAME="${UXNAME}-${VERSION}-${ARCH}.iso"
+    ISOFILENAME="${UXNAME}-${BUILDVERSION}-${ARCH}.iso"
   fi
 
   if [[ "${I_AM_A_RACECAR}" == "y" ]]; 
@@ -281,32 +284,109 @@ EOF
   if [[ "${BUILDMINI}" == "y" ]];
   then
     echo "Now generating the iPXE images; please wait..."
+    ## Get the latest version of ipxe from git.
     git submodule init >> "${LOGFILE}.${FUNCNAME}" 2>&1
     git submodule update >> "${LOGFILE}.${FUNCNAME}" 2>&1
     cd ${BASEDIR}/src/ipxe/src
+    git checkout master .
     git clean -xdf > /dev/null 2>&1
     git reset --hard HEAD >> "${LOGFILE}.${FUNCNAME}" 2>&1
     git checkout master >> "${LOGFILE}.${FUNCNAME}" 2>&1
     git pull >> "${LOGFILE}.${FUNCNAME}" 2>&1
     git checkout master >> "${LOGFILE}.${FUNCNAME}" 2>&1
+    # It will not build if we don't do this. Apparently we *need* libiberty.
+    # ...or do we?
+    #git revert -n 40a9a0f0
+    ## Apply our patches.
+    # This replaces the 0003 and 0004 patches.
+    # curl -s https://patch-diff.githubusercontent.com/raw/ipxe/ipxe/pull/49.patch > ${BASEDIR}/src/ipxe_local/patches/ipxe-0003-no-PIE.patch 2>/dev/null  # this isn't really necessary, I think? If you're dying right around this step, uncomment.
+    curl -s https://patch-diff.githubusercontent.com/raw/ipxe/ipxe/pull/50.patch > ${BASEDIR}/src/ipxe_local/patches/ipxe-0004-eiso.patch 2>/dev/null
     for i in $(find ${BASEDIR}/src/ipxe_local/patches/ -type f -iname "*.patch" -printf '%P\n' | sort);
     do
-      patch -Np2 < ${BASEDIR}/src/ipxe_local/patches/${i} >> "${LOGFILE}.${FUNCNAME}" 2>&1
+      patch --verbose -Np2 < ${BASEDIR}/src/ipxe_local/patches/${i} >> "${LOGFILE}.${FUNCNAME}" 2>&1
     done
+    ## SSL
+    SSLDIR="${BASEDIR}/src/ipxe_local/ssl"
+    mkdir -p ${SSLDIR}/{keys,crts,txt}
+    chmod 000 ${SSLDIR}/keys
+    chown root:root ${SSLDIR}/keys
+    if [[ -z "${IPXE_SSL_CA}" && -z "${IPXE_SSL_KEY}" ]];
+    then
+      # Generate SSL CA
+      #rm -rf ${SSLDIR}/*
+      cd "${SSLDIR}"
+      IPXE_SSL_CA="${SSLDIR}/crts/ca.crt"
+      IPXE_SSL_CAKEY="${SSLDIR}/keys/ca.key"
+      IPXE_DOMAIN=$(echo ${IPXE_URI} | sed -re 's/^(f|ht)tps?:\/\/// ; s/\/.*//')
+      if [[ ! -f "${SSLDIR}/txt/ca.srl" ]];
+      then
+        echo 01 > ${SSLDIR}/txt/ca.srl
+      fi
+      touch ${SSLDIR}/txt/ca.idx
+      openssl req -days 3650 -subj "/CN=${IPXE_DOMAIN}/O=${PNAME}/C=NA" -x509 -newkey rsa:4096 -nodes -out ${IPXE_SSL_CA} -keyout ${IPXE_SSL_CAKEY} -sha512 >> "${LOGFILE}.${FUNCNAME}" 2>&1
+      openssl req -days 3650 -subj "/CN=${IPXE_DOMAIN}/O=${PNAME}/C=NA" -newkey rsa:4096 -keyout ${SSLDIR}/keys/server.key -nodes -out ${SSLDIR}/crts/server.csr -sha512 >> "${LOGFILE}.${FUNCNAME}" 2>&1
+      openssl ca -days 3650 -batch -config ${SSLDIR}/openssl.cnf -keyfile ${IPXE_SSL_CAKEY} -in ${SSLDIR}/crts/server.csr -out ${SSLDIR}/crts/server.crt >> "${LOGFILE}.${FUNCNAME}" 2>&1
+      #cat crts/server.crt crts/ca.crt > crts/server_chained.crt
+    elif [[ -z "${IPXE_SSL_CA}" && -e "${IPXE_SSL_CAKEY}" ]];
+    then
+      echo "ERROR: You specified IPXE_SSL_CAKEY but not IPXE_SSL_CA. If one is specified, the other must be also."
+      exit 1
+    elif [[ -z "${IPXE_SSL_CAKEY}" && -e "${IPXE_SSL_CA}" ]];
+    then
+      echo "ERROR: You specified IPXE_SSL_CA but not IPXE_SSL_CAKEY. If one is specified, the other must be also."
+      exit 1
+    elif [[ ! -e "${IPXE_SSL_CA}" || ! -e "${IPXE_SSL_CAKEY}" ]];
+    then
+      echo "ERROR: You have specified both IPXE_SSL_CA and IPXE_SSL_CAKEY but one (or both) are not valid paths/files."
+      exit 1
+    fi
+    if [[ -z "${IPXE_SSL_KEY}" && -z "${IPXE_SSL_CRT}" ]];
+    then
+      IPXE_SSL_KEY="${SSLDIR}/keys/client.key"
+      IPXE_SSL_CRT="${SSLDIR}/crts/client.crt"
+      IPXE_DOMAIN=$(echo ${IPXE_URI} | sed -re 's/^(f|ht)tps?:\/\/// ; s/\/.*//')
+      # Generate SSL client key.
+      openssl req -days 3650 -subj "/CN=${IPXE_DOMAIN}/O=${PNAME}/C=NA" -newkey rsa:4096 -keyout ${IPXE_SSL_KEY} -nodes -out ${SSLDIR}/crts/client.csr -sha512 >> "${LOGFILE}.${FUNCNAME}" 2>&1
+      # Sign the crt.
+      openssl ca -days 3650 -batch -config ${SSLDIR}/openssl.cnf -keyfile ${IPXE_SSL_CAKEY} -in ${SSLDIR}/crts/client.csr -out ${IPXE_SSL_CRT} >> "${LOGFILE}.${FUNCNAME}" 2>&1
+    elif [[ -z "${IPXE_SSL_CRT}" && -e "${IPXE_SSL_KEY}" ]]; 
+    then
+      echo "ERROR: You specified IPXE_SSL_KEY but not IPXE_SSL_CRT. If one is specified, the other must be also."
+      exit 1
+    elif [[ -z "${IPXE_SSL_KEY}" && -e "${IPXE_SSL_CRT}" ]]; 
+    then
+      echo "ERROR: You specified IPXE_SSL_CRT but not IPXE_SSL_KEY. If one is specified, the other must be also."
+      exit 1
+    elif [[ ! -e "${IPXE_SSL_CRT}" || ! -e "${IPXE_SSL_KEY}" ]]; 
+    then
+      echo "ERROR: You have specified both IPXE_SSL_CRT and IPXE_SSL_KEY but one (or both) are not valid paths/files."
+      exit 1
+    fi
+    cd ${BASEDIR}/src/ipxe/src
     # Generate the iPXE EMBED script...
     sed -re "s,^(chain\ ).*$,\1${IPXE_URI},g" \
 	-e 's/%%COMMA%%/,/g' ${BASEDIR}/src/ipxe_local/EMBED > ${SRCDIR}/EMBED
+    # And now we build!
     #make everything EMBED="${SRCDIR}/EMBED" >> "${LOGFILE}.${FUNCNAME}" 2>&1
-    make bin-i386-efi/ipxe.efi bin-x86_64-efi/ipxe.efi EMBED="${SRCDIR}/EMBED" >> "${LOGFILE}.${FUNCNAME}" 2>&1
-    make bin/ipxe.eiso bin/ipxe.usb EMBED="${SRCDIR}/EMBED" >> "${LOGFILE}.${FUNCNAME}" 2>&1
+    make bin-i386-efi/ipxe.efi bin-x86_64-efi/ipxe.efi \
+         EMBED="${SRCDIR}/EMBED" \
+         TRUST="${IPXE_SSL_CA}" \
+         CERT="${IPXE_SSL_CA},${IPXE_SSL_CRT}" \
+         PRIVKEY="${IPXE_SSL_KEY}" >> "${LOGFILE}.${FUNCNAME}" 2>&1
+    make bin/ipxe.eiso bin/ipxe.usb \
+         EMBED="${SRCDIR}/EMBED" \
+         TRUST="${IPXE_SSL_CA}" \
+         CERT="${IPXE_SSL_CA},${IPXE_SSL_CRT}" \
+         PRIVKEY="${IPXE_SSL_KEY}" >> "${LOGFILE}.${FUNCNAME}" 2>&1
     # Change this to USB-only...
     #make all EMBED="${BASEDIR}/src/ipxe_local/EMBED" >> "${LOGFILE}.${FUNCNAME}" 2>&1
     mv -f ${BASEDIR}/src/ipxe/src/bin/ipxe.usb  ${ISODIR}/${USBFILENAME}
     mv -f ${BASEDIR}/src/ipxe/src/bin/ipxe.eiso  ${ISODIR}/${MINIFILENAME}
     make clean >> "${LOGFILE}.${FUNCNAME}" 2>&1
-    git reset --hard >> "${LOGFILE}.${FUNCNAME}" 2>&1
+    cd ${BASEDIR}/src/ipxe
+    git checkout master . > /dev/null 2>&1
     git clean -xdf > /dev/null 2>&1
-    git checkout master > /dev/null 2>&1
+    git reset --hard >> "${LOGFILE}.${FUNCNAME}" 2>&1
     #git reset --hard HEAD > /dev/null 2>&1
     echo
   fi

lib/11-mentos.func.sh

@@ -1,4 +1,7 @@
 function mentos {
+
+ FUNCNAME="mentos"
+
  # Freshen up the chroots to git's HEAD. Package lists, overlay, etc.
  sed -i -e '/base-devel/d ; /multilib-devel/d' ${BASEDIR}/extra/packages.*
  # both
@@ -19,7 +22,7 @@ function mentos {
    RACECAR_CHK=""
  fi
 
- if [[ -n $(find ${BASEDIR}/extra/pre-build.d/ -type f -newer ${BASEDIR}/root.x86_64/boot/vmlinuz-linux-${PNAME}) ]];
+ if [[ -n $(find ${BASEDIR}/extra/pre-build.d/ -type f -newer ${BASEDIR}/root.x86_64/boot/vmlinuz-linux-${DISTNAME}) ]];
  then
   touch ${LOCKFILE}
   sleep 2
@@ -33,7 +36,7 @@ function mentos {
  for i in ${CHROOTDIR32} ${CHROOTDIR64};
  do
     echo -n "...Packages installing/upgrading to ${i}..."
-    local INSTKERN=$(file ${i}/boot/vmlinuz-linux-${PNAME} | awk '{print $9}' | cut -f1 -d"-")
+    local INSTKERN=$(file ${i}/boot/vmlinuz-linux-${DISTNAME} | awk '{print $9}' | cut -f1 -d"-")
     local MIRROR=$(egrep '^Server' ${i}/etc/pacman.d/mirrorlist | head -n1 | sed -e 's/^Server\ =\ //g  ; s#$repo.*#core/os/x86_64/#g')
     local NEWKERN=$(curl -s "${MIRROR}" | grep linux | awk '{print $3}' | cut -f2 -d\" | egrep '^linux-[0-9].*pkg.tar.xz$' | cut -f2 -d"-")
 
@@ -42,8 +45,8 @@ function mentos {
     for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%.pacorig} ; done
     ${CHROOTCMD} ${i}/ /usr/bin/bash -c "mkinitcpio -p linux" >> "${LOGFILE}.${FUNCNAME}" 2>&1
     #${CHROOTCMD} ${i}/ bash -c "apacman --noconfirm --noedit --skipinteg -S --needed ${PKGLIST}"
-    cp -a ${i}/boot/vmlinuz-linux ${i}/boot/vmlinuz-linux-${PNAME}
-    cp -a ${i}/boot/initramfs-linux.img ${i}/boot/initramfs-linux-${PNAME}.img
+    cp -a ${i}/boot/vmlinuz-linux ${i}/boot/vmlinuz-linux-${DISTNAME}
+    cp -a ${i}/boot/initramfs-linux.img ${i}/boot/initramfs-linux-${DISTNAME}.img
     echo "Done."
  done
  

lib/prereqs/Antergos/meta

@@ -0,0 +1,27 @@
+NAME='Antergos'
+SUPPORTED='yes'
+CHECK_METHOD='egrep "^NAME=\"Antergos Linux\"$" /etc/os-release'
+PKG_MGR='pacman -S --needed --noconfirm ${pkgname}'
+PRE_RUN='pacman -Syyy'
+PKG_CHK='pacman -Q ${pkgname}'
+URL='http://antergos.com/'
+
+function distro_specific_tweaks {
+ # For some reason, I can't get "yes y | " to parse correctly with eval. And Arch isn't smart enough
+ # to figure out that if I enable the multilib repos, *I want multilib gcc*. Fuck it. We'll just remove it first.
+
+ pacman -S --needed --noconfirm haveged >> "${LOGFILE}.${FUNCNAME}" 2>&1
+ haveged
+
+ set +e
+ for pkg_override in gcc gcc-libs;
+ do
+   pacman -Q ${pkg_override} >> "${LOGFILE}.${FUNCNAME}" 2>&1
+   if [[ "${?}" == "0" ]];
+   then
+     pacman -Rdd --noconfirm ${pkg_override} >> "${LOGFILE}.${FUNCNAME}" 2>&1
+   fi
+ done
+set -e
+
+}

lib/prereqs/Antergos/pkgs

@@ -0,0 +1 @@
+../Arch/pkgs

lib/prereqs/Arch/meta

@@ -0,0 +1,27 @@
+NAME='Arch'
+SUPPORTED='yes'
+CHECK_METHOD='egrep "^NAME=\"Arch Linux\"$" /etc/os-release'
+PKG_MGR='pacman -S --needed --noconfirm ${pkgname}'
+PRE_RUN='pacman -Syyy'
+PKG_CHK='pacman -Q ${pkgname}'
+URL='https://www.archlinux.org/'
+
+function distro_specific_tweaks {
+ # For some reason, I can't get "yes y | " to parse correctly with eval. And Arch isn't smart enough
+ # to figure out that if I enable the multilib repos, *I want multilib gcc*. Fuck it. We'll just remove it first.
+
+ pacman -S --needed --noconfirm haveged >> "${LOGFILE}.${FUNCNAME}" 2>&1
+ haveged
+
+ set +e
+ for pkg_override in gcc gcc-libs;
+ do
+   pacman -Q ${pkg_override} >> "${LOGFILE}.${FUNCNAME}" 2>&1
+   if [[ "${?}" == "0" ]];
+   then
+     pacman -Rdd --noconfirm ${pkg_override} >> "${LOGFILE}.${FUNCNAME}" 2>&1
+   fi
+ done
+set -e
+
+} 

lib/prereqs/Arch/pkgs

@@ -0,0 +1,19 @@
+binutils
+curl
+dosfstools
+findutils
+gcc-libs-multilib
+gcc-multilib
+git
+libisoburn
+lynx
+make
+mtools
+patch
+perl
+rsync
+sed
+squashfs-tools
+syslinux
+xz
+zlib

lib/prereqs/CentOS/meta

@@ -0,0 +1,17 @@
+NAME='CentOS'
+# Currently fails on installing software *inside* the chroot. Will troubleshoot and restore when figured out.
+SUPPORTED='yes'
+CHECK_METHOD='egrep "^CentOS" /etc/redhat-release'
+PKG_MGR='yum -y install ${pkgname}'
+PRE_RUN='none'
+PKG_CHK='rpm -q ${pkgname} | egrep "^${pkgname}-[0-9]"'
+URL='http://centos.org/'
+
+function distro_specific_tweaks {
+ # NOTE: we handle installing of squashfs-tools (maybe) and xorriso in centos_is_stupid function.
+ # because they *suck*. Seriously. I need to install tk just to install xorriso. I mean, what?
+ # You need EPEL enabled, by the way.
+
+ echo "No tweaks found."
+
+}

lib/prereqs/CentOS/pkgs

@@ -0,0 +1 @@
+../RHEL/pkgs

lib/prereqs/Debian/meta

@@ -0,0 +1,13 @@
+NAME='Debian'
+SUPPORTED='yes'
+CHECK_METHOD='egrep "^NAME=\"Debian\ GNU/Linux\"$" /etc/os-release'
+PKG_MGR='apt-get -y install ${pkgname}'
+PRE_RUN='apt-get update'
+PKG_CHK='dpkg-query -l ${pkgname} | egrep "^ii[[:space:]]*${pkgname}"'
+URL='http://www.debian.org/'
+
+function distro_specific_tweaks {
+
+ echo "No tweaks found."
+
+}

lib/prereqs/Debian/pkgs

@@ -0,0 +1,26 @@
+binutils
+binutils-dev
+curl
+dosfstools
+gcc
+gcc-multilib
+git
+isolinux
+libiberty-dev
+libisoburn1
+lynx
+liblzma5
+liblzma-dev
+make
+mtools
+patch
+perl
+rsync
+sed
+squashfs-tools
+syslinux
+syslinux-efi
+xorriso
+xz-utils
+zlib1g
+zlib1g-dev

lib/prereqs/Devuan/meta

@@ -0,0 +1,14 @@
+NAME='Devuan'
+SUPPORTED='no'
+CHECK_METHOD='egrep "^NAME=\"Devuan\ GNU/Linux\"$" /etc/os-release'
+PKG_MGR='apt-get -y install ${pkgname}'
+PRE_RUN='apt-get update'
+PKG_CHK='dpkg-query -l ${pkgname} | egrep "^ii[[:space:]]*${pkgname}"'
+URL='http://www.debian.org/'
+
+function distro_specific_tweaks {
+
+ echo "No tweaks found."
+
+}
+

lib/prereqs/Devuan/pkgs

@@ -0,0 +1 @@
+../Debian/pkgs

lib/prereqs/Fedora/meta

@@ -0,0 +1,14 @@
+NAME='Fedora'
+SUPPORTED='yes'
+CHECK_METHOD='egrep '^Fedora' /etc/redhat-release'
+PKG_MGR='dnf -y install ${pkgname}'
+PRE_RUN='none'
+PKG_CHK='rpm -q ${pkgname} | egrep "^${pkgname}-[0-9]"'
+URL='https://getfedora.org/'
+
+function distro_specific_tweaks {
+
+ echo "No tweaks found."
+
+}
+

lib/prereqs/Fedora/pkgs

@@ -0,0 +1,23 @@
+binutils
+binutils-devel
+curl
+dosfstools
+gcc
+git
+libisofs
+lynx
+make
+mtools
+patch
+perl
+rsync
+sed
+squashfs-tools
+syslinux
+syslinux-devel
+tar
+xorriso
+xz
+xz-devel
+zlib
+zlib-devel

lib/prereqs/Gentoo/meta

@@ -0,0 +1,20 @@
+NAME='Gentoo'
+SUPPORTED='yes'
+CHECK_METHOD='egrep "^Gentoo\ Base\ System" /etc/gentoo-release'
+PKG_MGR='emerge -q1Dn ${pkgname}'
+PRE_RUN='emerge -q --sync'
+PKG_CHK='emerge -qp @installed 2>/dev/null | egrep -E "/${pkgname}-[0-9.]+"'
+URL='https://www.gentoo.org/'
+
+function distro_specific_tweaks {
+ # WHY IS THIS EVEN MASKED?!
+
+ set +e
+ grep -q 'app-arch/lzma' /etc/portage/package.accept_keywords
+ if [[ "${?}" != "0" ]];
+ then
+   echo 'app-arch/lzma' >> /etc/portage/package.accept_keywords
+ fi
+ set -e
+
+}

lib/prereqs/Gentoo/pkgs

@@ -0,0 +1,18 @@
+sys-devel/binutils
+net-misc/curl
+sys-fs/dosfstools
+sys-devel/gcc
+dev-vcs/git
+dev-libs/libisoburn
+www-client/lynx
+app-arch/lzma
+sys-devel/make
+sys-fs/mtools
+sys-devel/patch
+dev-lang/perl
+net-misc/rsync
+sys-apps/sed
+sys-fs/squashfs-tools
+sys-boot/syslinux
+app-arch/xz-utils
+sys-libs/zlib

lib/prereqs/HUMAN

@@ -0,0 +1,19 @@
+This directory is used to enable cross-distro support and set baseline ISO packages needed for it to boot. A list of packages is needed for the *host* to build the ISO as well, which you'll find detailed below. Adding distro support is easy; there simply needs to be the following added:
+
+<basedir>/lib/prereqs/<Distro>/{meta,pkgs}
+
+"pkgs" should contain a list of the specific package names needed to install for that specific distro (as this isn't always standardized).
+
+"meta" is a file consisting of the following variables (enclosed in single or double quotes, please:
+
+NAME=<Distro - this should match the name of the directory this file is in!>
+SUPPORTED=<yes or no- yes by default>
+CHECK_METHOD=<a command that will be run that should return '0' (success) on *only* this specific distro
+		(or fully compatible derivatives, i.e. CentOS/RHEL)>
+PKG_MGR=<a command used to prefix installation of packages e.g. for RHEL, "yum -y install">
+PRE_RUN=<a command to be run before PKG_MGR (e.g. on Ubuntu, "apt-get update"). commonly used to update package caches/metadata.
+		if your distro does not require this, set PRE_RUN=none >
+PKG_CHK=<a command that will be run that should return '0' (success) *only* if any given package in the pkgs file is installed. e.g. for RHEL, "rpm -q">
+URL=<the URL for the distro. optional, as it isn't really used as any active part of the scripts- at least not presently.>
+
+Oh- and your distro *must be able to install the package*. That means if you need to enable/add additional repositories, be sure to do so ahead of time.

lib/prereqs/Mageia/meta

@@ -0,0 +1,14 @@
+NAME='Mageia'
+SUPPORTED='yes'
+CHECK_METHOD='egrep "^Mageia\ release\ " /etc/mageia-release'
+PKG_MGR='urpmi --force --auto ${pkgname}'
+PRE_RUN='urpmi.update -a'
+PKG_CHK='rpm -q ${pkgname} | egrep "^${pkgname}-[0-9]"'
+URL='https://www.mageia.org/'
+
+function distro_specific_tweaks {
+
+ echo "No tweaks found."
+
+}
+

lib/prereqs/Mageia/pkgs

@@ -0,0 +1,27 @@
+binutils
+binutils-devel
+curl
+gcc
+git
+lib64isofs6
+lib64apr1_0
+lib64apr-util1_0
+lib64lzma5
+lib64lzma-devel
+lib64lzmalib1
+lib64lzmalib-devel
+libstdc++-devel
+lynx
+make
+mtools
+patch
+perl
+rsync
+sed
+squashfs-tools
+syslinux
+syslinux-devel
+xorriso
+xz
+zlib
+zlib-devel

lib/prereqs/Manjaro/meta

@@ -0,0 +1,28 @@
+NAME='Manjaro'
+SUPPORTED='yes'
+CHECK_METHOD='egrep "^NAME=\"Manjaro Linux\"$" /etc/os-release'
+PKG_MGR='pacman -S --needed --noconfirm ${pkgname}'
+PRE_RUN='pacman -Syyy --noconfirm'
+PKG_CHK='pacman -Q ${pkgname}'
+URL='https://manjaro.org/'
+
+function distro_specific_tweaks {
+ # For some reason, I can't get "yes y | " to parse correctly with eval. And Arch isn't smart enough
+ # to figure out that if I enable the multilib repos, *I want multilib gcc*. Fuck it. We'll just remove it first.
+
+ pacman -S --needed --noconfirm haveged >> "${LOGFILE}.${FUNCNAME}" 2>&1
+ haveged
+
+ set +e
+ for pkg_override in gcc gcc-libs;
+ do
+   pacman -Q ${pkg_override} >> "${LOGFILE}.${FUNCNAME}" 2>&1
+   if [[ "${?}" == "0" ]];
+   then
+     pacman -Rdd --noconfirm ${pkg_override} >> "${LOGFILE}.${FUNCNAME}" 2>&1
+     pacman -S --noconfirm ${pkg_override}-multilib >> "${LOGFILE}.${FUNCNAME}" 2>&1
+   fi
+ done
+set -e
+
+}

lib/prereqs/Manjaro/pkgs

@@ -0,0 +1 @@
+../Arch/pkgs

lib/prereqs/Mint/meta

@@ -0,0 +1,14 @@
+NAME='Mint'
+SUPPORTED='no'
+# Needs non-systemd chroot method
+CHECK_METHOD='egrep "^DESCRIPTION=\"Linux\ Mint" /etc/linuxmint/info'
+PKG_MGR='apt-get -y install ${pkgname}'
+PRE_RUN='apt-get -y update'
+PKG_CHK='dpkg-query -l ${pkgname}'
+URL='http://www.linuxmint.com/'
+
+function distro_specific_tweaks {
+
+ echo "No tweaks found."
+
+}

lib/prereqs/Mint/pkgs

@@ -0,0 +1 @@
+../Ubuntu/pkgs

lib/prereqs/RHEL/meta

@@ -0,0 +1,15 @@
+NAME='RHEL'
+SUPPORTED='yes'
+# Red Hat Enterprise Linux Server release 6.5 (Santiago)
+CHECK_METHOD='egrep "^Red\ Hat\ Enterprise\ Linux" /etc/redhat-release'
+PKG_MGR='yum -y install'
+PRE_RUN='none'
+PKG_CHK='rpm -q ${pkgname} | egrep "^${pkgname}-[0-9]"'
+URL='http://www.redhat.com/en/technologies/linux-platforms/enterprise-linux'
+
+function distro_specific_tweaks {
+
+ echo "No tweaks found."
+
+}
+

lib/prereqs/RHEL/pkgs

@@ -0,0 +1,21 @@
+binutils
+binutils-devel
+curl
+dosfstools
+gcc
+git
+libisofs
+lynx
+make
+mtools
+patch
+perl
+rsync
+sed
+squashfs-tools
+syslinux
+syslinux-devel
+xz
+xz-devel
+zlib
+zlib-devel

lib/prereqs/SUSE/meta

@@ -0,0 +1,16 @@
+NAME='SUSE'
+SUPPORTED='yes'
+# Both SLED and SLES. We can probably safely combine them.
+CHECK_METHOD='egrep "^NAME=\"SLE(D|S)\"$" /etc/os-release'
+PKG_MGR='zypper install --no-confirm -l ${pkgname}'
+PRE_RUN='zypper refresh'
+PKG_CHK='rpm -q ${pkgname} | egrep "^${pkgname}-[0-9]"'
+URL='https://www.suse.com/'
+
+function distro_specific_tweaks {
+ # See the centos_is_stupid function. we do some tweaks there since -devel pkgs require the SDK on SLES/SLED.
+
+ echo "No tweaks found."
+
+}
+

lib/prereqs/SUSE/pkgs

@@ -0,0 +1 @@
+../openSUSE/pkgs

lib/prereqs/Ubuntu/meta

@@ -0,0 +1,14 @@
+NAME='Ubuntu'
+SUPPORTED='yes'
+CHECK_METHOD='egrep "^DISTRIB_ID=Ubuntu$" /etc/lsb-release'
+PKG_MGR='apt-get -y install ${pkgname}'
+PRE_RUN='apt-get -y update'
+PKG_CHK='dpkg-query -l ${pkgname} | egrep "^ii[[:space:]]*${pkgname}"'
+URL='http://www.ubuntu.com/'
+
+function distro_specific_tweaks {
+
+ echo "No tweaks found."
+
+}
+

lib/prereqs/Ubuntu/pkgs

@@ -0,0 +1,25 @@
+binutils
+binutils-dev
+curl
+dosfstools
+gcc
+gcc-multilib
+git
+isolinux
+libiberty-dev
+libisoburn1
+lynx
+liblzma5
+liblzma-dev
+make
+mtools
+patch
+perl
+rsync
+sed
+squashfs-tools
+syslinux
+xorriso
+xz-utils
+zlib1g
+zlib1g-dev

lib/prereqs/elementaryOS/meta

@@ -0,0 +1,14 @@
+NAME='elementaryOS'
+SUPPORTED='no'
+CHECK_METHOD='egrep "^DISTRIB_ID=\"elementary OS\"$" /etc/lsb-release'
+PKG_MGR='apt-get -y install ${pkgname}'
+PRE_RUN='apt-get -y update'
+PKG_CHK='dpkg-query -l ${pkgname} | egrep "^ii[[:space:]]*${pkgname}"'
+URL='https://elementary.io/'
+
+function distro_specific_tweaks {
+
+ echo "No tweaks found."
+
+}
+

lib/prereqs/elementaryOS/pkgs

@@ -0,0 +1 @@
+../Ubuntu/pkgs

lib/prereqs/iso.pkgs.lst

@@ -0,0 +1,39 @@
+arch-install-scripts
+archiso
+bzip2
+coreutils
+cronie
+dhclient
+dhcp
+dhcpcd
+dosfstools
+efibootmgr
+efitools
+efivar
+ethtool
+file
+findutils
+iproute2
+iputils
+libisoburn
+localepurge
+lz4
+lzo
+lzop
+mkinitcpio-nfs-utils
+ms-sys
+mtools
+net-tools
+netctl
+networkmanager
+openssh
+openvpn
+pv
+rsync
+sed
+shorewall
+squashfs-tools
+sudo
+sysfsutils
+syslinux
+traceroute

lib/prereqs/iso.pkgs.lst.32

@@ -0,0 +1 @@
+# This can be used for 32-bit only packages

lib/prereqs/iso.pkgs.lst.64

@@ -0,0 +1 @@
+# This can be used for 64-bit only packages

lib/prereqs/openSUSE/meta

@@ -0,0 +1,15 @@
+NAME='openSUSE'
+SUPPORTED='yes'
+# Default doesn't have the quotes around the value, but I have a feeling that's a bug that will get "fixed" soon.
+CHECK_METHOD='egrep "^NAME=\"?openSUSE\"?$" /etc/os-release'
+PKG_MGR='zypper install --no-confirm -l ${pkgname}'
+PRE_RUN='zypper refresh'
+PKG_CHK='rpm -q ${pkgname} | egrep "^${pkgname}-[0-9]"'
+URL='https://www.opensuse.org/'
+
+function distro_specific_tweaks {
+
+ echo "No tweaks found."
+
+}
+

lib/prereqs/openSUSE/pkgs

@@ -0,0 +1,22 @@
+binutils
+binutils-devel
+binutils-devel-32bit
+curl
+dosfstools
+gcc
+gcc-32bit
+git
+libisoburn1
+libisofs6
+lynx
+make
+mtools
+patch
+perl
+rsync
+sed
+squashfs
+syslinux
+xz
+xz-devel
+xz-devel-32bit

overlay/etc/bash.bashrc

@@ -50,9 +50,10 @@ echo "==================================="
 date
 if [ -n "${DEFROUTEIF}" ];
 then
+ IPADDR=$(ip a s dev ${DEFROUTEIF} | egrep '^[[:space:]]*inet\ ' | awk '{print $2}' | cut -f1 -d"/")
+ HWADDR=$(ip l show dev ${DEFROUTEIF} | egrep '^[[:space:]]*link' | awk '{print $2}')
  echo
- echo -n "${DEFROUTEIF} is: "
- ifconfig "${DEFROUTEIF}" | egrep 'inet|ether' | grep -v "inet6" | awk '{print $2}'
+ echo -n "${DEFROUTEIF} (${HWADDR}) is: ${IPADDR}"
 fi
 echo
 echo  -n "tun0 is:"

overlay/etc/systemd/scripts/livecd.fix.sh

@@ -1,11 +1,6 @@
 #/bin/sh -
 
 #chmod 4755 /opt/google/chrome-beta/chrome-sandbox
-mkdir -p /var/db/sudo/lectured
-touch /var/db/sudo/lectured/bdisk
-chmod 700 /var/db/sudo/lectured
-chgrp bdisk /var/db/sudo/lectured/bdisk
-chmod 600 /var/db/sudo/lectured/bdisk
 chmod 4755 /usr/bin/sudo
 
 function fuck_you_gimme_net() {

src/ipxe_local/00-general.sed

@@ -0,0 +1,10 @@
+## Enable IPv6 support
+s/^#undef([[:space:]]*NET_PROTO_IPV6)/#define\1/g
+## Enable HTTPS
+s/^#undef([[:space:]]*DOWNLOAD_PROTO_HTTPS)/#define\1/g
+s@^//(#define[[:space:]]*IMAGE_TRUST_CMD@\1@g
+## Enable FTP
+s/^#undef([[:space:]]*DOWNLOAD_PROTO_FTP)/#define\1/g
+## Currently broken for EFI building
+#s@^//(#define[[:space:]]*CONSOLE_CMD)@\1@g
+#s@^//(#define[[:space:]]*IMAGE_PNG@\1@g

src/ipxe_local/01-console.sed

@@ -0,0 +1,2 @@
+## Currently broken on EFI systems
+#s@^//(#define[[:space:]]*CONSOLE_VESAFB)@\1@g

src/ipxe_local/EMBED

@@ -1,4 +1,8 @@
 #!ipxe
 
 dhcp
+## TODO: signed kernel and initrd
+#imgtrust --permanent
+#imgverify vmlinuz path/to/vmlinuz.sig
+#imgverify initrd path/to/initrd.sig
 chain https://bdisk.square-r00t.net

src/ipxe_local/patches/ipxe-0002-banner.patch

@@ -1,6 +1,8 @@
---- a/src/usr/autoboot.c	2015-06-29 04:18:17.055394598 -0400
-+++ b/src/usr/autoboot.c	2015-06-29 22:04:28.692916217 -0400
-@@ -71,6 +71,7 @@
+diff --git a/src/usr/autoboot.c b/src/usr/autoboot.c
+index e93b015..758e187 100644
+--- a/src/usr/autoboot.c
++++ b/src/usr/autoboot.c
+@@ -71,6 +71,7 @@ static int ( * is_autoboot_device ) ( struct net_device *netdev );
  #define NORMAL	"\033[0m"
  #define BOLD	"\033[1m"
  #define CYAN	"\033[36m"
@@ -8,16 +10,27 @@
  
  /** The "scriptlet" setting */
  const struct setting scriptlet_setting __setting ( SETTING_MISC, scriptlet ) = {
-@@ -560,9 +561,9 @@
+@@ -521,7 +522,6 @@ static int shell_banner ( void ) {
+  * @ret rc		Return status code
+  */
+ int ipxe ( struct net_device *netdev ) {
+-	struct feature *feature;
+ 	struct image *image;
+ 	char *scriptlet;
+ 	int rc;
+@@ -538,11 +538,11 @@ int ipxe ( struct net_device *netdev ) {
  	 * do so.
  	 *
  	 */
 -	printf ( NORMAL "\n\n" PRODUCT_NAME "\n" BOLD PRODUCT_SHORT_NAME " %s"
--		 NORMAL " -- " PRODUCT_TAG_LINE " -- "
--		 CYAN PRODUCT_URI NORMAL "\nFeatures:", product_version );
 +       printf ( NORMAL "\n\n" PRODUCT_NAME "\n" BOLD PRODUCT_SHORT_NAME 
+ 		 NORMAL " -- " PRODUCT_TAG_LINE " -- "
+-		 CYAN PRODUCT_URI NORMAL "\nFeatures:", product_version );
+-	for_each_table_entry ( feature, FEATURES )
+-		printf ( " %s", feature->name );
 +                CYAN PRODUCT_URI NORMAL "\n"
-+		 BOLD BLUE "http://bdisk.square-r00t.net/" NORMAL "\n" );
- 	for_each_table_entry ( feature, FEATURES )
- 		printf ( " %s", feature->name );
++                BOLD "BDisk" BLUE "LiveDistro" NORMAL " -- Welp, Yer Boned!(TM) -- "
++                BOLD BLUE "https://bdisk.square-r00t.net/" NORMAL "\n" );
  	printf ( "\n" );
+ 
+ 	/* Boot system */

src/ipxe_local/patches/ipxe-0003-iso-efi.patch

@@ -1,128 +0,0 @@
-From ddf6f6ac945654b00121ab899fb0bbb63293e51e Mon Sep 17 00:00:00 2001
-From: Christian Hesse <mail@eworm.de>
-Date: Tue, 7 Apr 2015 16:04:31 +0200
-Subject: [PATCH 1/2] [build] allow to build ISO image with EFI support
- (ipxe.eiso)
-
-Signed-off-by: Christian Hesse <mail@eworm.de>
----
- src/arch/i386/Makefile.pcbios |  6 ++++++
- src/util/geniso               | 39 ++++++++++++++++++++++++++++++---------
- 2 files changed, 36 insertions(+), 9 deletions(-)
-
-diff --git a/src/arch/i386/Makefile.pcbios b/src/arch/i386/Makefile.pcbios
-index ff82373..c7a58eb 100644
---- a/src/arch/i386/Makefile.pcbios
-+++ b/src/arch/i386/Makefile.pcbios
-@@ -59,6 +59,12 @@ NON_AUTO_MEDIA	+= iso
- 	$(QM)$(ECHO) "  [GENISO] $@"
- 	$(Q)ISOLINUX_BIN=$(ISOLINUX_BIN) VERSION="$(VERSION)" bash util/geniso -o $@ $<
- 
-+# rule to make a non-emulation ISO boot image with EFI support
-+NON_AUTO_MEDIA	+= eiso
-+%eiso:	%lkrn bin-i386-efi/ipxe.efi bin-x86_64-efi/ipxe.efi util/geniso
-+	$(QM)$(ECHO) "  [GENISO] $@"
-+	$(Q)ISOLINUX_BIN=$(ISOLINUX_BIN) VERSION="$(VERSION)" bash util/geniso -e -o $@ $<
-+
- # rule to make a floppy emulation ISO boot image
- NON_AUTO_MEDIA	+= liso
- %liso:	%lkrn util/geniso
-diff --git a/src/util/geniso b/src/util/geniso
-index 521c929..998370d 100755
---- a/src/util/geniso
-+++ b/src/util/geniso
-@@ -6,16 +6,21 @@ function help() {
- 	echo "usage: ${0} [OPTIONS] foo.lkrn [bar.lkrn,...]"
- 	echo
- 	echo "where OPTIONS are:"
-+	echo " -e	build image with EFI support"
- 	echo " -h       show this help"
- 	echo " -l       build legacy image with floppy emulation"
- 	echo " -o FILE  save iso image to file"
- }
- 
-+EFI=0
- LEGACY=0
- FIRST=""
- 
--while getopts "hlo:" opt; do
-+while getopts "ehlo:" opt; do
- 	case ${opt} in
-+		e)
-+			EFI=1
-+			;;
- 		h)
- 			help
- 			exit 0
-@@ -37,23 +42,24 @@ if [ -z "${OUT}" ]; then
- 	exit 1
- fi
- 
--# There should either be mkisofs or the compatible genisoimage program
--for command in genisoimage mkisofs; do
-+# We require xorriso (from libisoburn) for EFI support
-+# genisoimage and mkisofs are missing some features
-+for command in xorriso; do
- 	if ${command} --version >/dev/null 2>/dev/null; then
--		mkisofs=(${command})
-+		xorriso=(${command})
- 		break
- 	fi
- done
- 
--if [ -z "${mkisofs}" ]; then
--	echo "${0}: mkisofs or genisoimage not found, please install or set PATH" >&2
-+if [ -z "${xorriso}" ]; then
-+	echo "${0}: xorriso not found, please install or set PATH" >&2
- 	exit 1
- fi
- 
- dir=$(mktemp -d bin/iso.dir.XXXXXX)
- cfg=${dir}/isolinux.cfg
- 
--mkisofs+=(-quiet -l -volid "iPXE" -preparer "iPXE build system"
-+xorriso+=(-as mkisofs -quiet -l -volid "iPXE" -preparer "iPXE build system"
- 	-appid "iPXE ${VERSION} - Open Source Network Boot Firmware"
- 	-publisher "http://ipxe.org/" -c boot.cat)
- 
-@@ -116,12 +122,27 @@ case "${LEGACY}" in
- 		fi
- 
- 		# generate the iso image
--		"${mkisofs[@]}" -b boot.img -output ${OUT} ${dir}
-+		"${xorriso[@]}" -b boot.img -output ${OUT} ${dir}
- 		;;
- 	0)
- 		# copy isolinux bootloader
- 		cp ${ISOLINUX_BIN} ${dir}
- 
-+		xorriso+=(-b isolinux.bin -no-emul-boot -boot-load-size 4 -boot-info-table)
-+
-+		if [ "${EFI}" -eq 1 ]; then
-+			# generate EFI image
-+			img=${dir}/efiboot.img
-+
-+			mformat -f 2880 -C -i ${img} ::
-+			mmd -i ${img} "::/EFI"
-+			mmd -i ${img} "::/EFI/BOOT"
-+			mcopy -m -i ${img} bin-x86_64-efi/ipxe.efi "::EFI/BOOT/BOOTX64.EFI"
-+			mcopy -m -i ${img} bin-i386-efi/ipxe.efi "::EFI/BOOT/BOOTIA32.EFI"
-+
-+			xorriso+=(-eltorito-alt-boot -e efiboot.img -isohybrid-gpt-basdat -no-emul-boot)
-+		fi
-+
- 		# syslinux 6.x needs a file called ldlinux.c32
- 		LDLINUX_C32=$(dirname ${ISOLINUX_BIN})/ldlinux.c32
- 		if [ -s ${LDLINUX_C32} ]; then
-@@ -129,7 +150,7 @@ case "${LEGACY}" in
- 		fi
- 
- 		# generate the iso image
--		"${mkisofs[@]}" -b isolinux.bin -no-emul-boot -boot-load-size 4 -boot-info-table -output ${OUT} ${dir}
-+		"${xorriso[@]}" -output ${OUT} ${dir}
- 
- 		# isohybrid will be used if available
- 		if isohybrid --version >/dev/null 2>/dev/null; then
--- 
-2.3.5
-

src/ipxe_local/patches/ipxe-0004-eiso.patch

@@ -0,0 +1,120 @@
+From 189652b03032305a2db860e76fb58e81e3420c4d Mon Sep 17 00:00:00 2001
+From: Christian Hesse <mail@eworm.de>
+Date: Wed, 24 Feb 2016 09:16:51 +0100
+Subject: [PATCH] allow to build ISO image with EFI support (ipxe.eiso)
+
+---
+ src/arch/x86/Makefile.pcbios |  6 +++++
+ src/util/geniso              | 52 ++++++++++++++++++++++++++++++++++----------
+ 2 files changed, 46 insertions(+), 12 deletions(-)
+
+diff --git a/src/arch/x86/Makefile.pcbios b/src/arch/x86/Makefile.pcbios
+index f8c2253..1e01636 100644
+--- a/src/arch/x86/Makefile.pcbios
++++ b/src/arch/x86/Makefile.pcbios
+@@ -86,6 +86,12 @@ NON_AUTO_MEDIA	+= iso
+ 	$(Q)ISOLINUX_BIN=$(ISOLINUX_BIN) LDLINUX_C32=$(LDLINUX_C32) \
+ 	    VERSION="$(VERSION)" bash util/geniso -o $@ $<
+ 
++# rule to make a non-emulation ISO boot image with EFI support
++NON_AUTO_MEDIA += eiso
++%eiso: %lkrn bin-i386-efi/ipxe.efi bin-x86_64-efi/ipxe.efi util/geniso
++	$(QM)$(ECHO) "  [GENISO] $@"
++	$(Q)ISOLINUX_BIN=$(ISOLINUX_BIN) VERSION="$(VERSION)" bash util/geniso -e -o $@ $<
++
+ # rule to make a floppy emulation ISO boot image
+ NON_AUTO_MEDIA	+= liso
+ %liso:	%lkrn util/geniso
+diff --git a/src/util/geniso b/src/util/geniso
+index ff090d4..7694036 100755
+--- a/src/util/geniso
++++ b/src/util/geniso
+@@ -6,16 +6,21 @@ function help() {
+ 	echo "usage: ${0} [OPTIONS] foo.lkrn [bar.lkrn,...]"
+ 	echo
+ 	echo "where OPTIONS are:"
++	echo " -e       build image with EFI support"
+ 	echo " -h       show this help"
+ 	echo " -l       build legacy image with floppy emulation"
+ 	echo " -o FILE  save iso image to file"
+ }
+ 
++EFI=0
+ LEGACY=0
+ FIRST=""
+ 
+-while getopts "hlo:" opt; do
++while getopts "ehlo:" opt; do
+ 	case ${opt} in
++		e)
++			EFI=1
++			;;
+ 		h)
+ 			help
+ 			exit 0
+@@ -37,17 +42,25 @@ if [ -z "${OUT}" ]; then
+ 	exit 1
+ fi
+ 
+-# There should either be mkisofs or the compatible genisoimage program
+-for command in genisoimage mkisofs; do
+-	if ${command} --version >/dev/null 2>/dev/null; then
+-		mkisofs=(${command})
+-		break
+-	fi
+-done
+-
+-if [ -z "${mkisofs}" ]; then
+-	echo "${0}: mkisofs or genisoimage not found, please install or set PATH" >&2
++# We need xorriso (from libisoburn) for EFI support, so try that first.
++if xorriso --version >/dev/null 2>/dev/null; then
++	mkisofs=(xorriso -as mkisofs)
++elif [ ${EFI} -eq 1 ]; then
++	echo "${0}: xorriso not found, but required for EFI support. Please install." >&2
+ 	exit 1
++else
++	# fall back to mkisofs or the compatible genisoimage program
++	for command in genisoimage mkisofs; do
++		if ${command} --version >/dev/null 2>/dev/null; then
++			mkisofs=(${command})
++			break
++		fi
++	done
++
++	if [ -z "${mkisofs}" ]; then
++		echo "${0}: mkisofs or genisoimage not found, please install or set PATH" >&2
++		exit 1
++	fi
+ fi
+ 
+ dir=$(mktemp -d bin/iso.dir.XXXXXX)
+@@ -122,13 +135,28 @@ case "${LEGACY}" in
+ 		# copy isolinux bootloader
+ 		cp ${ISOLINUX_BIN} ${dir}
+ 
++		mkisofs+=(-b isolinux.bin -no-emul-boot -boot-load-size 4 -boot-info-table)
++
++		if [ "${EFI}" -eq 1 ]; then
++			# generate EFI image
++			img=${dir}/efiboot.img
++
++			mformat -f 2880 -C -i ${img} ::
++			mmd -i ${img} "::/EFI"
++			mmd -i ${img} "::/EFI/BOOT"
++			mcopy -m -i ${img} bin-x86_64-efi/ipxe.efi "::EFI/BOOT/BOOTX64.EFI"
++			mcopy -m -i ${img} bin-i386-efi/ipxe.efi "::EFI/BOOT/BOOTIA32.EFI"
++
++			mkisofs+=(-eltorito-alt-boot -e efiboot.img -isohybrid-gpt-basdat -no-emul-boot)
++		fi
++
+ 		# syslinux 6.x needs a file called ldlinux.c32
+ 		if [ -n "${LDLINUX_C32}" -a -s "${LDLINUX_C32}" ]; then
+ 			cp ${LDLINUX_C32} ${dir}
+ 		fi
+ 
+ 		# generate the iso image
+-		"${mkisofs[@]}" -b isolinux.bin -no-emul-boot -boot-load-size 4 -boot-info-table -output ${OUT} ${dir}
++		"${mkisofs[@]}" -output ${OUT} ${dir}
+ 
+ 		# isohybrid will be used if available
+ 		if isohybrid --version >/dev/null 2>/dev/null; then

src/ipxe_local/patches/ipxe-0004-fix-no-pie-workaround.patch

@@ -1,34 +0,0 @@
-From a4f7e3ba395af4cd0a706df635309d4ef837ecf8 Mon Sep 17 00:00:00 2001
-From: Christian Hesse <mail@eworm.de>
-Date: Wed, 8 Apr 2015 09:51:41 +0200
-Subject: [PATCH 2/2] Fix no-PIE workaround for i386 builds
-
-This workaround did not work for my version of gcc (4.9.2 20150304) as
-no option -nopie exists.
-
-We take another way: Let's check whether or not the macro __PIE__ is defined
-and add -fno-PIE if it is.
-
-Signed-off-by: Christian Hesse <mail@eworm.de>
----
- src/arch/i386/Makefile | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/arch/i386/Makefile b/src/arch/i386/Makefile
-index 99f8753..897081b 100644
---- a/src/arch/i386/Makefile
-+++ b/src/arch/i386/Makefile
-@@ -75,8 +75,8 @@ CFLAGS			+= -Ui386
- # output on stderr instead of checking the exit status.
- #
- ifeq ($(CCTYPE),gcc)
--PIE_TEST = [ -z "`$(CC) -fno-PIE -nopie -x c -c /dev/null -o /dev/null 2>&1`" ]
--PIE_FLAGS := $(shell $(PIE_TEST) && $(ECHO) '-fno-PIE -nopie')
-+PIE_TEST = $(CC) -dM -E - < /dev/null | grep -q '__PIE__'
-+PIE_FLAGS := $(shell $(PIE_TEST) && $(ECHO) '-fno-PIE')
- WORKAROUND_CFLAGS += $(PIE_FLAGS)
- endif
- 
--- 
-2.3.5
-

src/ipxe_local/ssl/openssl.cnf

@@ -0,0 +1,33 @@
+[ ca ]
+default_ca             = ca_default
+
+[ ca_default ]
+certificate            = crts/ca.crt
+private_key            = keys/ca.key
+serial                 = txt/ca.srl
+database               = txt/ca.idx
+#new_certs_dir          = signed
+new_certs_dir          = crts
+#default_md             = default
+default_md             = sha512
+policy                 = policy_anything
+preserve               = yes
+default_days           = 90
+unique_subject         = no
+
+[ policy_anything ]
+countryName            = optional
+stateOrProvinceName    = optional
+localityName           = optional
+organizationName       = optional
+organizationalUnitName = optional
+commonName             = optional
+emailAddress           = optional
+
+[ cross ]
+basicConstraints       = critical,CA:true
+keyUsage               = critical,cRLSign,keyCertSign
+
+[ codesigning ]
+keyUsage                = digitalSignature
+extendedKeyUsage        = codeSigning