r00t2/bdisk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Activity

Compare commits

base: r00t2:v2.50
Branches Tags
r00t2:master r00t2:4.x_rewrite r00t2:features r00t2:bash_OBSOLETE r00t2:python_rewrite
r00t2:v3.10 r00t2:v3.09 r00t2:v3.08 r00t2:v3.07 r00t2:v3.06 r00t2:v3.05 r00t2:v3.04 r00t2:v3.03 r00t2:v3.03-BETA r00t2:v3.02 r00t2:v3.01 r00t2:v3.00 r00t2:v3.00-BETA r00t2:v2.70 r00t2:v2.63 r00t2:v2.62 r00t2:v2.61 r00t2:v2.60 r00t2:v2.51 r00t2:v2.50 r00t2:v2.01 r00t2:v2.00 r00t2:v1.60 r00t2:v1.52 r00t2:v1.51 r00t2:v1.50 r00t2:v1.20 r00t2:v1.13 r00t2:v1.12 r00t2:v1.11 r00t2:v1.10 r00t2:v1.09 r00t2:v1.08 r00t2:OverlayFS r00t2:v1.07-ALPHA r00t2:v1.06-BETA r00t2:AUFS3 r00t2:v1.05 r00t2:v1.04 r00t2:v1.03 r00t2:v1.02 r00t2:v1.01 r00t2:v1.00 r00t2:v0.06-ALPHA r00t2:v0.05-ALPHA r00t2:v0.04-ALPHA r00t2:v0.03-ALPHA r00t2:v0.02-ALPHA r00t2:v0.01-ALPHA
..
compare: r00t2:bash_OBSOLETE
Branches Tags
r00t2:4.x_rewrite r00t2:master r00t2:features r00t2:bash_OBSOLETE r00t2:python_rewrite
r00t2:v3.10 r00t2:v3.09 r00t2:v3.08 r00t2:v3.07 r00t2:v3.06 r00t2:v3.05 r00t2:v3.04 r00t2:v3.03 r00t2:v3.03-BETA r00t2:v3.02 r00t2:v3.01 r00t2:v3.00 r00t2:v3.00-BETA r00t2:v2.70 r00t2:v2.63 r00t2:v2.62 r00t2:v2.61 r00t2:v2.60 r00t2:v2.51 r00t2:v2.50 r00t2:v2.01 r00t2:v2.00 r00t2:v1.60 r00t2:v1.52 r00t2:v1.51 r00t2:v1.50 r00t2:v1.20 r00t2:v1.13 r00t2:v1.12 r00t2:v1.11 r00t2:v1.10 r00t2:v1.09 r00t2:v1.08 r00t2:OverlayFS r00t2:v1.07-ALPHA r00t2:v1.06-BETA r00t2:AUFS3 r00t2:v1.05 r00t2:v1.04 r00t2:v1.03 r00t2:v1.02 r00t2:v1.01 r00t2:v1.00 r00t2:v0.06-ALPHA r00t2:v0.05-ALPHA r00t2:v0.04-ALPHA r00t2:v0.03-ALPHA r00t2:v0.02-ALPHA r00t2:v0.01-ALPHA

17 Commits
v2.50 ... bash_OBSOL

Author SHA1 Message Date
r00t
42f7cf5903 RIP d00d 2016-12-04 03:01:56 -05:00
r00t
ef2790eb68 minor modifications 2016-11-14 03:41:27 -05:00
r00t
6d9f24ee28 updating package list, minor tweak to mk chroot 2016-09-26 05:06:04 -04:00
r00t
c418fca548 added instructions for submitting patch 2016-07-09 14:15:39 -04:00
r00t
2d6384e15d updating mirrorlist 2016-07-09 01:09:27 -04:00
r00t
a08ae5dd06 updating patches, tweaks, etc. 2016-07-04 06:23:52 -04:00
r00t
91b8edcc26 updating, adding some package fixes 2016-04-30 06:49:05 -04:00
r00t
3cbf32be30 updating docs 2016-04-27 20:49:56 -04:00
r00t
4e2a2fecb1 adding key for my packages 2016-04-07 00:35:52 -04:00
r00t
001fdf99d3 fixing this stupid fucking patch. gorram whitespace tabs gorram it 2016-03-02 01:29:05 -05:00
r00t
e95c4f3cff updating patch... 2016-03-01 22:15:03 -05:00
r00t
f43ceb501f updating package list with some temporary workarounds (my customizepkg-scripting might be causing some to fail?), updated some embedded confs, cleaned up some functions, updated ipxe patches 2016-02-25 10:08:43 -05:00
r00t
d826082f2b ipxe update, packages update 2016-01-10 14:34:49 -05:00
r00t
5ea464fac9 fixing build 2015-10-02 02:17:33 -04:00
r00t
8726f63c7c updating TODO, etc. 2015-09-26 15:03:11 -04:00
r00t
673a54ef2e hrmm.. gpg throwing errors and killing chroot 2015-09-23 15:27:49 -04:00
r00t
f4397354a9 adding some gitignores in prep for SSL support in iPXE 2015-09-18 01:31:58 -04:00
31 changed files with 377 additions and 157 deletions
Expand all files Collapse all files

3
.gitignore vendored
View File

@@ -31,3 +31,6 @@ extra/pre-build.d/etc/openvpn/client.conf
overlay/etc/ssh/* overlay/etc/ssh/*
overlay/home/bdisk overlay/home/bdisk
overlay/etc/systemd/system/multi-user.target.wants/openvpn@client.service overlay/etc/systemd/system/multi-user.target.wants/openvpn@client.service
src/ipxe_local/ssl/keys
src/ipxe_local/ssl/crts
src/ipxe_local/ssl/txt

7
README.obsolete Normal file
View File

@@ -0,0 +1,7 @@
!!!!!!!!!!! NOTE !!!!!!!!!!!!!
THIS BRANCH IS *NO LONGER MAINTAINED*.
IT HAS BEEN OBSOLETED BY THE (now merged into master) "python_rewrite" BRANCH.
DO NOT SEND BUGS REGARDING THIS BRANCH.
DO NOT USE THIS BRANCH.
IT IS ONLY KEPT AROUND FOR HISTORICAL REASONS.

16
bin/build.sh
View File

@@ -155,6 +155,22 @@ then
exit 0 exit 0
fi fi
# implement for future, needs tweaking- JUST rebuild the ISO.
#if [[ ${1} == "respin" ]];
#then
# if [[ "${MULTIARCH}" == "y" ]];
# then
# centos_is_stupid
# yo_dj any
# else
# centos_is_stupid
# yo_dj 64
# centos_is_stupid
# yo_dj 32
# fi
#fi
#
# or are we just building? # or are we just building?
if [[ ${1} == "build" || -z ${1} || ${1} == "all" ]]; if [[ ${1} == "build" || -z ${1} || ${1} == "all" ]];
then then

54
docs/README
View File

@@ -16,6 +16,9 @@ It should be fine over ethernet, since hardware switches are much faster and eff
Future versions, once this project has a dumping ground, will fetch highly compressed snapshotted chroot filesystems instead Future versions, once this project has a dumping ground, will fetch highly compressed snapshotted chroot filesystems instead
of dynamically building the entire install chroots (both x86_64 and i686) instead (with the option of building fresh locally, of dynamically building the entire install chroots (both x86_64 and i686) instead (with the option of building fresh locally,
disabled by default). disabled by default).
Maybe.
Till then, sorry for the inconvenience. Till then, sorry for the inconvenience.
!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!
@@ -56,11 +59,6 @@ All commands below should be issued in the root working directory of this git re
but also disk space for working, the finished ISO(s), etc.) but also disk space for working, the finished ISO(s), etc.)
-The following packages installed on the build host: -The following packages installed on the build host:
(NOTE: future versions will have dependencies checked automatically and installed if necessary,
depending on distro your host build machine is. the OS detection and package installation component of that isn't
done yet though. 2014.10.31)
(NOTE2: Make sure all the packages you specify are valid package names. A mistyped package name will cause the chroot creation to
break and everything else will break as a result.)
curl curl
dosfstools dosfstools
@@ -72,9 +70,24 @@ squashfs-tools
xorriso (in RPMForge repo for CentOS 7) xorriso (in RPMForge repo for CentOS 7)
xz xz
and *probably* a few others. The scripts run with set -e for the most part, so if something's missed, you'll know. and maybe a few others. The scripts run with set -e for the most part, so if something's missed, you'll know.
Oh, you will know. Oh, you will know.
If these packages are missing, they will be automatically installed. Currently, the following distros as host build systems
are supported (assumes most recent release):
Antergos
Arch
CentOS
Debian
Fedora
Gentoo
Mageia
Manjaro
openSUSE
RHEL
SUSE
Ubuntu
## Configuration ## ## Configuration ##
See extra/build.conf.sample. Copy to <PROJECT ROOT>/build.conf if you wish to modify any of the values, otherwise the defaults See extra/build.conf.sample. Copy to <PROJECT ROOT>/build.conf if you wish to modify any of the values, otherwise the defaults
@@ -105,6 +118,18 @@ Also note the following files/paths:
--/mirror.lst.sh: --/mirror.lst.sh:
Builds a fresh mirror list. Note that it is US based. Builds a fresh mirror list. Note that it is US based.
-docs:
Documentation for BDisk.
--/COPYING:
See LICENSE.
--/README:
This file.
--/LICENSE:
The license file.
--/FAQ:
Several quick questions you might have.
--/TODO:
Some features, bug fixes, etc. I have planned.
-examples: -examples:
Included recommendation for how to lay things out, etc. Included recommendation for how to lay things out, etc.
--/HTTP: --/HTTP:
@@ -112,7 +137,7 @@ Also note the following files/paths:
-extra: -extra:
Supporting files for the base building system (mirrorlist, etc.). Supporting files for the base building system (mirrorlist, etc.).
--/${UXNAME}.png: --/${UXNAME}.png:
A 640x480 8-bit RGBA colour PNG which will be used as the background for the bootsplash (if booting via BIOS and not UEFI) L A 640x480 8-bit RGBA colour PNG which will be used as the background for the bootsplash (if booting via BIOS and not UEFI)
--/bootstrap/apacman-*.tar.xz: --/bootstrap/apacman-*.tar.xz:
An AUR-enabled package manager. Necessary for AUR support. An AUR-enabled package manager. Necessary for AUR support.
--/build.conf.sample: --/build.conf.sample:
@@ -130,6 +155,8 @@ Also note the following files/paths:
--/pre-build.d: --/pre-build.d:
Contains files injected into the system. Both 64-bit and 32-bit environments. Note: be sure to place them in hierarchical order Contains files injected into the system. Both 64-bit and 32-bit environments. Note: be sure to place them in hierarchical order
(e.g. if you wish to have a file at /usr/foo/bar, you will need to place it in <PROJECT ROOT>/extra/pre-build.d/usr/foo/bar) (e.g. if you wish to have a file at /usr/foo/bar, you will need to place it in <PROJECT ROOT>/extra/pre-build.d/usr/foo/bar)
(NOTE: Make sure all the packages you specify are valid package names. A mistyped or nonexistent package name will cause the chroot
creation to break and everything else will break as a result.)
--/pre-build.d/32: --/pre-build.d/32:
Same as above, but only for 32-bit environments. Same as above, but only for 32-bit environments.
--/pre-build.d/64: --/pre-build.d/64:
@@ -143,8 +170,6 @@ Also note the following files/paths:
Here you can find full output of the runs. They are prefixed with run's PID number, and named after the function they occur in. Here you can find full output of the runs. They are prefixed with run's PID number, and named after the function they occur in.
-overlay: -overlay:
These files are applied AFTER the initial setup of the chroots. Same hierarchy rules as extra/pre-build.d. These files are applied AFTER the initial setup of the chroots. Same hierarchy rules as extra/pre-build.d.
-README:
This file.
-src: -src:
Supporting source code/source code from other projects. Supporting source code/source code from other projects.
--ipxe/: --ipxe/:
@@ -153,14 +178,12 @@ Also note the following files/paths:
Various patches and supporting configs to tweak the iPXE build. Various patches and supporting configs to tweak the iPXE build.
-tftpboot: -tftpboot:
Files to be served via TFTP for PXE booting. This directory is wiped out during any bin/clean.sh operation. Files to be served via TFTP for PXE booting. This directory is wiped out during any bin/clean.sh operation.
-TODO:
This is just what I'm using to track stuff I want to add.
You may notice other files come and go; they're mostly there for extra goodies/used to determine other things. You may notice other files come and go; they're mostly there for extra goodies/used to determine other things.
## (Re)Building ## ## (Re)Building ##
Building must be done as root, and on an Arch x86_64 system (future versions will allow for non-Arch distros). Building must be done as root, and on a supported distro (see Prerequisites for a list).
# bin/build.sh # bin/build.sh
@@ -168,3 +191,10 @@ Yeah. It's that easy. The finished product is in iso/.
If you want more verbosity, check out the logs/ directory. If you want more verbosity, check out the logs/ directory.
## Submitting Patches ##
If you have a fix or feature you'd like added, please follow the same pull request process for the kernel
(https://www.kernel.org/doc/Documentation/SubmittingPatches) and email to bts@square-r00t.net
Alternatively, file a bug at https://bugs.square-r00t.net/index.php?project=2 with a patch attached.

10
docs/TODO
View File

@@ -6,6 +6,7 @@
-- https://github.com/akopytov/sysbench -- https://github.com/akopytov/sysbench
-- (http://blog.due.io/2014/linode-digitalocean-and-vultr-comparison/ etc.) -- (http://blog.due.io/2014/linode-digitalocean-and-vultr-comparison/ etc.)
-package in AUR -package in AUR
-base rewrite in python. pyalpm may come in handy here.
## NETWORKING ## ## NETWORKING ##
@@ -22,6 +23,7 @@
## Building ## ## Building ##
-GUMMIBOOT IS GONE FROM THE REPOS. I could repackage it, but better to just see what the hell archiso's doing.
-WISH: Better logging[0] -WISH: Better logging[0]
-WISH: signing for secureboot releases (PreLoader and gummiboot handle this okay, but require manual intervention -WISH: signing for secureboot releases (PreLoader and gummiboot handle this okay, but require manual intervention
-use manual chrooting functions ONLY if distro not detected as arch. if /usr/bin/systemd-nspawn exists, use that instead -use manual chrooting functions ONLY if distro not detected as arch. if /usr/bin/systemd-nspawn exists, use that instead
@@ -33,14 +35,10 @@
--yes, see e.g. https://www.reddit.com/r/archlinux/comments/3bwgf0/where_put_the_splasharchbmp_to_splash_screen_boot/ --yes, see e.g. https://www.reddit.com/r/archlinux/comments/3bwgf0/where_put_the_splasharchbmp_to_splash_screen_boot/
-strip out/remove unnecessary and orphan packages (e.g. gcc, make, automake, etc.) -strip out/remove unnecessary and orphan packages (e.g. gcc, make, automake, etc.)
-incorporate iPXE tweaks: -incorporate iPXE tweaks:
--http://ipxe.org/crypto --http://ipxe.org/crypto
--http://ipxe.org/cmd/imgtrust --http://ipxe.org/cmd/imgtrust
--http://ipxe.org/cmd/imgverify --http://ipxe.org/cmd/imgverify
--enable use of custom CA/self-signed certs for HTTPS etc. --enable use of custom CA/self-signed certs for HTTPS etc. DONE, partially. need to incorporate codesign certs/keys. routines, conf variables
-X-platform
--what distros are supported?
--automatically install what we need for buildtime
---need to finish pkg lists and then test, but meta files should be done as well as lib script
-enable mirror= kernel commandline. -enable mirror= kernel commandline.
--if mirror_(NAME) is present, use that as repo name. --if mirror_(NAME) is present, use that as repo name.
--if it starts with /, treat as mirrorlist (Include); otherwise use Server = --if it starts with /, treat as mirrorlist (Include); otherwise use Server =

BIN
extra/bootstrap/apacman-1.9-1-any.pkg.tar.xz
View File

Binary file not shown.

BIN
extra/bootstrap/apacman-2.3-1-any.FIXED.pkg.tar.xz Normal file
View File

Binary file not shown.

29
extra/build.conf.sample
View File

@@ -71,6 +71,35 @@ BUILDMINI="no"
# This currently does not work for HTTPS with self-signed certificates. # This currently does not work for HTTPS with self-signed certificates.
IPXE_URI="https://bdisk.square-r00t.net" IPXE_URI="https://bdisk.square-r00t.net"
# Path to the (root) CA certificate file (in PEM/X509 format) iPXE should use.
# If one is not specified, one will be generated.
# Only used if BUILDMINI is set to yes.
# Please properly escape any spaces or other funky characters.
# Note that you can use your own CA to sign existing certs. See http://ipxe.org/crypto for
# more info. This is handy if you run a third-party/"Trusted" root-CA-signed certificate
# for the HTTPS target.
# Requires IPXE_SSL_CAKEY if specified.
IPXE_SSL_CA=""
# Path to the (root) CA key file (in PEM/X509 format) iPXE should use.
# If one is not specified, one will be generated.
# Only used if BUILDMINI is set to yes.
# Please properly escape any spaces or other funky characters.
# Requires IPXE_SSL_CA if specified.
IPXE_SSL_CAKEY=""
# Path to the CLIENT certificate (in PEM/X509). If one is not specified, one will be generated.
# Only used if BUILDMINI is set to yes.
# Please properly escape any spaces or other funky characters.
# Requires IPXE_SSL_KEY if specified.
IPXE_SSL_CRT=""
# Path to the CLIENT key (in PEM/X509). If one is not specified, one will be generated.
# Only used if BUILDMINI is set to yes.
# Please properly escape any spaces or other funky characters.
# Requires IPXE_SSL_CRT if specified.
IPXE_SSL_KEY=""
# Set to "yes" to enable pushing new changes to a git repo/committing to a local repo # Set to "yes" to enable pushing new changes to a git repo/committing to a local repo
GIT="no" GIT="no"

10
extra/mirrorlist
View File

@@ -1,7 +1,7 @@
# Server list generated by rankmirrors on 2015-02-26 # Server list generated by rankmirrors on 2016-07-09
Server = http://mirror.us.leaseweb.net/archlinux/$repo/os/$arch
Server = http://mirrors.advancedhosters.com/archlinux/$repo/os/$arch Server = http://mirrors.advancedhosters.com/archlinux/$repo/os/$arch
Server = http://mirror.umd.edu/archlinux/$repo/os/$arch Server = http://ftp.osuosl.org/pub/archlinux/$repo/os/$arch
Server = http://mirror.vtti.vt.edu/archlinux/$repo/os/$arch
Server = http://mirror.jmu.edu/pub/archlinux/$repo/os/$arch
Server = http://mirror.es.its.nyu.edu/archlinux/$repo/os/$arch
Server = http://mirrors.rutgers.edu/archlinux/$repo/os/$arch Server = http://mirrors.rutgers.edu/archlinux/$repo/os/$arch
Server = http://mirror.jmu.edu/pub/archlinux/$repo/os/$arch
Server = http://arch.mirrors.ionfish.org/$repo/os/$arch

47
extra/packages.both
View File

@@ -43,7 +43,7 @@ cpio
cpuburn cpuburn
cpupower cpupower
crackpkcs12 crackpkcs12
#cryptcat cryptcat
cryptsetup cryptsetup
csync2 csync2
customizepkg-scripting customizepkg-scripting
@@ -54,7 +54,7 @@ dd_rescue
dd_rhelp dd_rhelp
debianutils debianutils
debootstrap debootstrap
dialog #dialog #giving a weird dependency issue
diffutils diffutils
djohn djohn
dmidecode dmidecode
@@ -107,6 +107,7 @@ gptfdisk
gst-libav gst-libav
gst-plugins-ugly gst-plugins-ugly
hashcat hashcat
hashdeep
hddtemp hddtemp
hdparm hdparm
hexcurse hexcurse
@@ -140,23 +141,38 @@ keyutils
kismet-allplugins kismet-allplugins
lftp lftp
links links
#logkeys #logkeys-git # requires a /dev/input, which apparently isn't included in the chroots
logkeys-keymaps
lm_sensors lm_sensors
lrzsz lrzsz
lshw lshw
lsiutil #lsiutil # giving intermittent errors when trying to fetch source
lsof lsof
lsscsi lsscsi
lxde #lxde # apacman currently doesn't like package groups, so...
gpicview
lxappearance
lxappearance-obconf
lxde-common
lxde-icon-theme
lxdm
lxinput
lxlauncher
lxmusic
lxpanel
lxrandr
lxsession
lxtask
lxterminal
openbox
pcmanfm
# end lxde
lynx lynx
#lzip #lzip
macchanger macchanger
magicrescue #magicrescue # no longer maintained, upstream down
mbr mbr
mbuffer mbuffer
mcelog mcelog
md5deep
mdadm mdadm
mdcrack mdcrack
# superseded by storcli # superseded by storcli
@@ -164,11 +180,10 @@ mdcrack
memtester memtester
mfoc mfoc
minicom minicom
mondo #mondo # mindi-busybox fails to build 09.23.2016
mtd-utils mtd-utils
mtr mtr
mtree mtree
#mtx
multipath-tools multipath-tools
myrescue myrescue
nbd nbd
@@ -208,20 +223,19 @@ php
php-fpm php-fpm
php-gd php-gd
php-mcrypt php-mcrypt
#phrasendrescher phrasendrescher
pigz pigz
pkgfile pkgfile
pkgtools pkgtools
ppp ppp
pptpclient pptpclient
prebootloader
procinfo-ng procinfo-ng
procps-ng procps-ng
progsreiserfs progsreiserfs
psmisc psmisc
pwgen pwgen
pixz pixz
pyrit-svn pyrit
python2-gnuplot python2-gnuplot
python2-pyx python2-pyx
rarcrack rarcrack
@@ -239,6 +253,7 @@ rsnapshot
rygel rygel
safecopy safecopy
samba samba
scalpel-git
scapy scapy
screen screen
scrounge-ntfs scrounge-ntfs
@@ -254,7 +269,7 @@ smartmontools
smbclient smbclient
s-nail s-nail
socat socat
#star ## do people even USE tape packups anymore? #star ## do people even USE tape backups anymore?
storcli storcli
strace strace
stress stress
@@ -271,7 +286,7 @@ thttpd
tmon tmon
tmux tmux
tre tre
truecrack-svn truecrack-git
truecrypt truecrypt
tor tor
udftools udftools
@@ -296,7 +311,7 @@ vncrack
vnstat vnstat
vpnc vpnc
weplab weplab
whdd #whdd #currently depends on dialog, which is broke as shit
whois whois
wifite-mod-pixiewps-git wifite-mod-pixiewps-git
wipe wipe

3
extra/pre-build.d/32/etc/pacman.conf
View File

@@ -37,7 +37,8 @@ VerbosePkgLists
# By default, pacman accepts packages signed by keys that its local keyring # By default, pacman accepts packages signed by keys that its local keyring
# trusts (see pacman-key and its man page), as well as unsigned packages. # trusts (see pacman-key and its man page), as well as unsigned packages.
SigLevel = Required DatabaseOptional #SigLevel = Required DatabaseOptional #RE-ENABLE ME WHEN A NEW SNAPSHOT IS RELEASED WITH FIXED GPG
SigLevel = Never
LocalFileSigLevel = Optional LocalFileSigLevel = Optional
#RemoteFileSigLevel = Required #RemoteFileSigLevel = Required

3
extra/pre-build.d/64/etc/pacman.conf
View File

@@ -37,7 +37,8 @@ VerbosePkgLists
# By default, pacman accepts packages signed by keys that its local keyring # By default, pacman accepts packages signed by keys that its local keyring
# trusts (see pacman-key and its man page), as well as unsigned packages. # trusts (see pacman-key and its man page), as well as unsigned packages.
SigLevel = Required DatabaseOptional #SigLevel = Required DatabaseOptional #RE-ENABLE ME WHEN A NEW SNAPSHOT IS RELEASED WITH FIXED GPG
SigLevel = Never
LocalFileSigLevel = Optional LocalFileSigLevel = Optional
#RemoteFileSigLevel = Required #RemoteFileSigLevel = Required

37
extra/pre-build.d/etc/apacman.conf
View File

@@ -11,27 +11,26 @@
#buildonly=1 #buildonly=1
#cachevcs=1 #cachevcs=1
#ignorearch=1 #ignorearch=1
#needed=1 #keepkeys=1
needed=1
#noaur=1
noconfirm=1 noconfirm=1
noedit=1 noedit=1
#noaur=1 nofail=1
#noconfirm=1
#noedit=1
#nofail=1
#preview=1 #preview=1
#purgebuild=1 progress=1
purgebuild=1
#quiet=1 #quiet=1
#skipcache=1 skipcache=1
skipinteg=1 #skipinteg=1
#skiptest=1 #skiptest=1
#warn=1 #warn=1
#tmpdir=/var/tmp/apacman
#TMPDIR=/var/tmp/apacman
# #
# CONFIGURATION # CONFIGURATION
# #
#builddir="/tmp/pkgbuild-$UID"
#tmpdir="/tmp/apacmantmp-$UID" #tmpdir="/tmp/apacmantmp-$UID"
#makepkgconf="/etc/makepkg.conf" #makepkgconf="/etc/makepkg.conf"
#usermakepkgconf="$HOME/.makepkg.conf" #usermakepkgconf="$HOME/.makepkg.conf"
@@ -39,19 +38,21 @@ skipinteg=1
#downdir="/var/cache/pacman/pkg" #downdir="/var/cache/pacman/pkg"
#savedir="/var/cache/apacman/pkg" #savedir="/var/cache/apacman/pkg"
#editor="nano -w" #editor="nano -w"
editor="vim" #pager="less -R"
#RPCURL="https://aur.archlinux.org/rpc.php?type" #RPCURL="https://aur.archlinux.org/rpc.php?type"
#PKGURL="https://aur.archlinux.org" #PKGURL="https://aur.archlinux.org"
#WEBURL="https://www.archlinux.org"
#ABSURL="rsync.archlinux.org" #ABSURL="rsync.archlinux.org"
# #
# COLORIZATION # COLORIZATION
# #
COLOR1='\e[1;39m' #COLOR1='\e[1;39m'
COLOR2='\e[1;32m' #COLOR2='\e[1;32m'
COLOR3='\e[1;35m' #COLOR3='\e[1;35m'
COLOR4='\e[1;36m' #COLOR4='\e[1;36m'
COLOR5='\e[1;34m' #COLOR5='\e[1;34m'
COLOR6='\e[1;33m' #COLOR6='\e[1;33m'
COLOR7='\e[1;31m' #COLOR7='\e[1;31m'

4
extra/pre-build.d/etc/customizepkg.d/autopsy Executable file
View File

@@ -0,0 +1,4 @@
#!/bin/bash
# original URL at sourceforge chokes out
sed -re 's@^(source=\(").*$@\1ftp://ftp.gnome.org/mirror/temp/sf2015/a/au/autopsy/autopsy/2.24/autopsy-2.24.tar.gz")@g' ${1}

3
extra/pre-build.d/etc/customizepkg.d/etc-update Executable file
View File

@@ -0,0 +1,3 @@
#!/bin/bash
sed -i -re 's/^(url=)\((.*)\)$/\1\2/g' ${1}

3
extra/pre-build.d/etc/customizepkg.d/fang Executable file
View File

@@ -0,0 +1,3 @@
#!/bin/bash
sed -i -re 's/^(url=)\((.*)\)$/\1\2/g' ${1}

3
extra/pre-build.d/etc/customizepkg.d/libnfc Executable file
View File

@@ -0,0 +1,3 @@
#!/bin/bash
sed -i -re 's/^(url=)\((.*)\)$/\1\2/g' ${1}

4
extra/pre-build.d/etc/customizepkg.d/ms-sys Executable file
View File

@@ -0,0 +1,4 @@
#!/bin/bash
# original URL at sourceforge chokes out
sed -re 's@^(source=\(").*$@\1http://fossies.org/linux/privat/${pkgname}-${pkgver}.tar.gz")@g' ${1}

2
extra/pre-build.d/etc/mkinitcpio.conf
View File

@@ -64,4 +64,4 @@ COMPRESSION="xz"
# COMPRESSION_OPTIONS # COMPRESSION_OPTIONS
# Additional options for the compressor # Additional options for the compressor
#COMPRESSION_OPTIONS="" COMPRESSION_OPTIONS="-9"

13
extra/pre-build.d/etc/pacman.d/mirrorlist
View File

@@ -1,7 +1,6 @@
# Server list generated by rankmirrors on 2014-11-10 Server = http://mirrors.advancedhosters.com/archlinux/$repo/os/$arch
Server = http://mirror.rit.edu/archlinux/$repo/os/$arch Server = http://mirrors.gigenet.com/archlinux/$repo/os/$arch
Server = http://mirror.cc.columbia.edu/pub/linux/archlinux/$repo/os/$arch Server = http://il.mirrors.linaxe.net/archlinux/$repo/os/$arch
Server = http://mirrors.acm.wpi.edu/archlinux/$repo/os/$arch Server = http://mirror.grig.io/archlinux/$repo/os/$arch
Server = http://mirror.jmu.edu/pub/archlinux/$repo/os/$arch Server = http://arch.mirrors.ionfish.org/$repo/os/$arch
Server = http://mirror.cs.pitt.edu/archlinux/$repo/os/$arch Server = http://cosmos.cites.illinois.edu/pub/archlinux/$repo/os/$arch
Server = http://mirror.vtti.vt.edu/archlinux/$repo/os/$arch

16
lib/01-mk.chroot.func.sh
View File

@@ -168,6 +168,7 @@ EOF
echo "Done." echo "Done."
echo -n "...Importing keys..." echo -n "...Importing keys..."
${CHROOTCMD} ${i}/ pacman-key --populate archlinux >> "${LOGFILE}.${FUNCNAME}" 2>&1 ${CHROOTCMD} ${i}/ pacman-key --populate archlinux >> "${LOGFILE}.${FUNCNAME}" 2>&1
${CHROOTCMD} ${i}/ pacman-key -r 93481F6B >> "${LOGFILE}.${FUNCNAME}" 2>&1 # add developer's keys
echo "Done." echo "Done."
# Prep base building system # Prep base building system
echo -n "...Installing base packages..." echo -n "...Installing base packages..."
@@ -179,7 +180,8 @@ EOF
for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done
echo "Done." echo "Done."
echo -n "...Upgrading any outdated packages..." echo -n "...Upgrading any outdated packages..."
${CHROOTCMD} ${i}/ pacman -Syyu --noconfirm >> "${LOGFILE}.${FUNCNAME}" 2>&1 ${CHROOTCMD} ${i}/ pacman -Syyu --force --noconfirm >> "${LOGFILE}.${FUNCNAME}" 2>&1
${CHROOTCMD} ${i}/ pacman-key --refresh-keys >> "${LOGFILE}.${FUNCNAME}" 2>&1
for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done
echo "Done. Finishing/cleaning up..." echo "Done. Finishing/cleaning up..."
${CHROOTCMD} ${i}/ pacman -S --noconfirm --needed base-devel >> "${LOGFILE}.${FUNCNAME}" 2>&1 ${CHROOTCMD} ${i}/ pacman -S --noconfirm --needed base-devel >> "${LOGFILE}.${FUNCNAME}" 2>&1
@@ -195,7 +197,8 @@ EOF
#${CHROOTCMD} ${i} "pacman --noconfirm -U /var/tmp/pkg/apacman.tar.xz" >> "${LOGFILE}.${FUNCNAME}" 2>&1 #${CHROOTCMD} ${i} "pacman --noconfirm -U /var/tmp/pkg/apacman.tar.xz" >> "${LOGFILE}.${FUNCNAME}" 2>&1
${CHROOTCMD} ${i} bash -c "pacman --noconfirm -U /var/tmp/pkg/apacman.tar.xz && mkdir /var/tmp/apacman && chmod 0750 /var/tmp/apacman && chown root:aurbuild /var/tmp/apacman " >> "${LOGFILE}.${FUNCNAME}" 2>&1 ${CHROOTCMD} ${i} bash -c "pacman --noconfirm -U /var/tmp/pkg/apacman.tar.xz && mkdir /var/tmp/apacman && chmod 0750 /var/tmp/apacman && chown root:aurbuild /var/tmp/apacman " >> "${LOGFILE}.${FUNCNAME}" 2>&1
for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done
${CHROOTCMD} ${i} bash -c "apacman -S --noconfirm --noedit --skipinteg -S apacman-deps expac" >> "${LOGFILE}.${FUNCNAME}" 2>&1 ${CHROOTCMD} ${i} bash -c "apacman -S --noconfirm --noedit --skipinteg -S apacman apacman-deps expac" >> "${LOGFILE}.${FUNCNAME}" 2>&1
${CHROOTCMD} ${i} bash -c "apacman --gendb" >> "${LOGFILE}.${FUNCNAME}" 2>&1
#rm -rf ${i}/var/tmp/pkg #rm -rf ${i}/var/tmp/pkg
#${CHROOTCMD} ${i}/ pacman -S --noconfirm --needed yaourt >> "${LOGFILE}.${FUNCNAME}" 2>&1 #${CHROOTCMD} ${i}/ pacman -S --noconfirm --needed yaourt >> "${LOGFILE}.${FUNCNAME}" 2>&1
for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done
@@ -222,6 +225,7 @@ EOF
for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done
set -e set -e
${CHROOTCMD} ${i}/ bash -c "yes '' | apacman --noconfirm --noedit --skipinteg -S --needed ${PKGLIST}" >> "${LOGFILE}.${FUNCNAME}" 2>&1 ${CHROOTCMD} ${i}/ bash -c "yes '' | apacman --noconfirm --noedit --skipinteg -S --needed ${PKGLIST}" >> "${LOGFILE}.${FUNCNAME}" 2>&1
${CHROOTCMD} ${i}/ "apacman --gendb" >> "${LOGFILE}.${FUNCNAME}" 2>&1
set +e set +e
for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done
set -e set -e
@@ -231,6 +235,7 @@ EOF
if [ -n "${PKGLIST}" ]; if [ -n "${PKGLIST}" ];
then then
${CHROOTCMD} ${CHROOTDIR32}/ /usr/bin/bash -c "apacman --noconfirm --noedit --skipinteg -S --needed ${PKGLIST}" >> "${LOGFILE}.${FUNCNAME}" 2>&1 ${CHROOTCMD} ${CHROOTDIR32}/ /usr/bin/bash -c "apacman --noconfirm --noedit --skipinteg -S --needed ${PKGLIST}" >> "${LOGFILE}.${FUNCNAME}" 2>&1
${CHROOTCMD} ${CHROOTDIR32}/ "apacman --gendb" >> "${LOGFILE}.${FUNCNAME}" 2>&1
fi fi
set +e set +e
for x in $(find ${CHROOTDIR32}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%.pacorig} ; done for x in $(find ${CHROOTDIR32}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%.pacorig} ; done
@@ -240,6 +245,7 @@ EOF
if [ -n "${PKGLIST}" ]; if [ -n "${PKGLIST}" ];
then then
${CHROOTCMD} ${CHROOTDIR64}/ /usr/bin/bash -c "apacman --noconfirm --noedit --skipinteg -S --needed ${PKGLIST}" >> "${LOGFILE}.${FUNCNAME}" 2>&1 ${CHROOTCMD} ${CHROOTDIR64}/ /usr/bin/bash -c "apacman --noconfirm --noedit --skipinteg -S --needed ${PKGLIST}" >> "${LOGFILE}.${FUNCNAME}" 2>&1
${CHROOTCMD} ${CHROOTDIR64}/ "apacman --gendb" >> "${LOGFILE}.${FUNCNAME}" 2>&1
fi fi
set +e set +e
for x in $(find ${CHROOTDIR64}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%.pacorig} ; done for x in $(find ${CHROOTDIR64}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%.pacorig} ; done
@@ -258,8 +264,9 @@ EOF
for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done
set +e set +e
${CHROOTCMD} ${i}/ /usr/bin/bash -c "apacman --noconfirm --noedit --skipinteg -S --needed linux" >> "${LOGFILE}.${FUNCNAME}" 2>&1 ${CHROOTCMD} ${i}/ /usr/bin/bash -c "apacman --noconfirm --noedit --skipinteg -S --needed linux" >> "${LOGFILE}.${FUNCNAME}" 2>&1
${CHROOTCMD} ${i}/ "apacman --gendb" >> "${LOGFILE}.${FUNCNAME}" 2>&1
cp -a ${i}/boot/vmlinuz-linux ${i}/boot/vmlinuz-linux-${DISTNAME} cp -a ${i}/boot/vmlinuz-linux ${i}/boot/vmlinuz-linux-${DISTNAME}
cp -a ${i}/boot/initramfs-linux.img ${i}/boot/initramfs-linux-${DISTNAME}.img cp -af ${i}/boot/initramfs-linux.img ${i}/boot/initramfs-linux-${DISTNAME}.img
set -e set -e
for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done
# Uncomment if you wish to use the mkpasswd binary from within the chroot... # Uncomment if you wish to use the mkpasswd binary from within the chroot...
@@ -267,6 +274,7 @@ EOF
#for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done #for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done
echo -n "Regular packages..." echo -n "Regular packages..."
${CHROOTCMD} ${i}/ bash -c "yes '' | apacman --noconfirm --noedit --skipinteg -S --needed ${PKGLIST}" >> "${LOGFILE}.${FUNCNAME}" 2>&1 ${CHROOTCMD} ${i}/ bash -c "yes '' | apacman --noconfirm --noedit --skipinteg -S --needed ${PKGLIST}" >> "${LOGFILE}.${FUNCNAME}" 2>&1
${CHROOTCMD} ${i}/ "apacman --gendb" >> "${LOGFILE}.${FUNCNAME}" 2>&1
set +e set +e
for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done
set -e set -e
@@ -307,7 +315,7 @@ EOF
set +e set +e
for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%.pacorig} ; done for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%.pacorig} ; done
${CHROOTCMD} ${i}/ /usr/bin/bash -c "mkinitcpio -p linux" >> "${LOGFILE}.${FUNCNAME}" 2>&1 ${CHROOTCMD} ${i}/ /usr/bin/bash -c "mkinitcpio -p linux" >> "${LOGFILE}.${FUNCNAME}" 2>&1
cp -a ${i}/boot/initramfs-linux.img ${i}/boot/initramfs-linux-${DISTNAME}.img cp -af ${i}/boot/initramfs-linux.img ${i}/boot/initramfs-linux-${DISTNAME}.img
set -e set -e
done done

25
lib/09-stuffy.func.sh
View File

@@ -14,10 +14,14 @@ function stuffy {
echo "Setting up EFI stuff..." echo "Setting up EFI stuff..."
mkdir -p ${TEMPDIR}/{EFI/{${DISTNAME},boot},loader/entries} mkdir -p ${TEMPDIR}/{EFI/{${DISTNAME},boot},loader/entries}
# this stuff comes from the prebootloader pkg and gummiboot pkg. lets us boot on UEFI machines with secureboot still enabled. # this stuff comes from the prebootloader pkg and systemd-boot. lets us boot on UEFI machines with secureboot still enabled.
cp ${BASEDIR}/root.x86_64/usr/lib/prebootloader/PreLoader.efi ${TEMPDIR}/EFI/boot/bootx64.efi # the signed prebootloader binaries, however, have been replaced by non-signed ones. so we need to fetch them.
cp ${BASEDIR}/root.x86_64/usr/lib/prebootloader/HashTool.efi ${TEMPDIR}/EFI/boot/. # fetched from http://blog.hansenpartnership.com/linux-foundation-secure-boot-system-released/
cp ${BASEDIR}/root.x86_64/usr/lib/gummiboot/gummibootx64.efi ${TEMPDIR}/EFI/boot/loader.efi # TODO: can i use syslinux.efi instead? curl -so ${TEMPDIR}/EFI/boot/bootx64.efi "http://blog.hansenpartnership.com/wp-uploads/2013/PreLoader.efi" # MD5: 4f7a4f566781869d252a09dc84923a82 TODO: implement checksumming check
curl -so ${TEMPDIR}/EFI/boot/HashTool.efi http://blog.hansenpartnership.com/wp-uploads/2013/HashTool.efi
#cp ${BASEDIR}/root.x86_64/usr/lib/prebootloader/PreLoader.efi ${TEMPDIR}/EFI/boot/bootx64.efi
#cp ${BASEDIR}/root.x86_64/usr/lib/prebootloader/HashTool.efi ${TEMPDIR}/EFI/boot/.
cp ${BASEDIR}/root.x86_64/usr/lib/systemd/boot/efi/systemd-bootx64.efi ${TEMPDIR}/EFI/boot/loader.efi # TODO: can i use syslinux.efi instead?
echo "Checking/fetching UEFI shells..." echo "Checking/fetching UEFI shells..."
if [ ! -f "${TEMPDIR}/EFI/shellx64_v2.efi" ]; if [ ! -f "${TEMPDIR}/EFI/shellx64_v2.efi" ];
@@ -69,9 +73,10 @@ EOF
# now we need to calculate the space for various files we're going to include... # now we need to calculate the space for various files we're going to include...
FATSIZE=$(stat --format="%s" ${TEMPDIR}/boot/${UXNAME}.64.kern) # EFI/BDISK/bdisk.efi FATSIZE=$(stat --format="%s" ${TEMPDIR}/boot/${UXNAME}.64.kern) # EFI/BDISK/bdisk.efi
FATSIZE=$((${FATSIZE} + $(stat --format="%s" ${TEMPDIR}/boot/${UXNAME}.64.img))) # EFI/BDISK/bdisk.img FATSIZE=$((${FATSIZE} + $(stat --format="%s" ${TEMPDIR}/boot/${UXNAME}.64.img))) # EFI/BDISK/bdisk.img
FATSIZE=$((${FATSIZE} + $(stat --format="%s" ${BASEDIR}/root.x86_64/usr/lib/prebootloader/PreLoader.efi))) # EFI/boot/bootx64.efi #FATSIZE=$((${FATSIZE} + $(stat --format="%s" ${BASEDIR}/root.x86_64/usr/lib/prebootloader/PreLoader.efi))) # EFI/boot/bootx64.efi
FATSIZE=$((${FATSIZE} + $(stat --format="%s" ${BASEDIR}/root.x86_64/usr/lib/prebootloader/HashTool.efi))) # EFI/boot/HashTool.efi FATSIZE=$((${FATSIZE} + $(stat --format="%s" ${TEMPDIR}/EFI/boot/bootx64.efi))) # EFI/boot/bootx64.efi
FATSIZE=$((${FATSIZE} + $(stat --format="%s" ${BASEDIR}/root.x86_64/usr/lib/gummiboot/gummibootx64.efi))) # EFI/boot/loader.efi FATSIZE=$((${FATSIZE} + $(stat --format="%s" ${TEMPDIR}/EFI/boot/HashTool.efi))) # EFI/boot/HashTool.efi
FATSIZE=$((${FATSIZE} + $(stat --format="%s" ${BASEDIR}/root.x86_64/usr/lib/systemd/boot/efi/systemd-bootx64.efi))) # EFI/boot/loader.efi
FATSIZE=$((${FATSIZE} + $(stat --format="%s" ${TEMPDIR}/EFI/shellx64_v1.efi))) FATSIZE=$((${FATSIZE} + $(stat --format="%s" ${TEMPDIR}/EFI/shellx64_v1.efi)))
FATSIZE=$((${FATSIZE} + $(stat --format="%s" ${TEMPDIR}/EFI/shellx64_v2.efi))) FATSIZE=$((${FATSIZE} + $(stat --format="%s" ${TEMPDIR}/EFI/shellx64_v2.efi)))
FATSIZE=$((${FATSIZE} + $(du -sb ${TEMPDIR}/loader | tail -n1 | awk '{print $1}'))) # loader/* (okay so i cheated a little here.) FATSIZE=$((${FATSIZE} + $(du -sb ${TEMPDIR}/loader | tail -n1 | awk '{print $1}'))) # loader/* (okay so i cheated a little here.)
@@ -110,9 +115,9 @@ title UEFI Shell (v1)
efi /EFI/shellx64_v1.efi efi /EFI/shellx64_v1.efi
EOF EOF
cp ${BASEDIR}/root.x86_64/usr/lib/prebootloader/PreLoader.efi ${SRCDIR}/efiboot/EFI/boot/bootx64.efi cp ${TEMPDIR}/EFI/boot/bootx64.efi ${SRCDIR}/efiboot/EFI/boot/bootx64.efi
cp ${BASEDIR}/root.x86_64/usr/lib/prebootloader/HashTool.efi ${SRCDIR}/efiboot/EFI/boot/. cp ${TEMPDIR}/EFI/boot/HashTool.efi ${SRCDIR}/efiboot/EFI/boot/.
cp ${BASEDIR}/root.x86_64/usr/lib/gummiboot/gummibootx64.efi ${SRCDIR}/efiboot/EFI/boot/loader.efi # TODO: can i use syslinux.efi instead? cp ${BASEDIR}/root.x86_64/usr/lib/systemd/boot/efi/systemd-bootx64.efi ${SRCDIR}/efiboot/EFI/boot/loader.efi # TODO: can i use syslinux.efi instead?
cp ${TEMPDIR}/EFI/shellx64_v{1,2}.efi ${SRCDIR}/efiboot/EFI/. cp ${TEMPDIR}/EFI/shellx64_v{1,2}.efi ${SRCDIR}/efiboot/EFI/.
umount ${SRCDIR}/efiboot umount ${SRCDIR}/efiboot
echo "EFI configuration complete..." echo "EFI configuration complete..."

87
lib/10-yo_dj.func.sh
View File

@@ -284,32 +284,109 @@ EOF
if [[ "${BUILDMINI}" == "y" ]]; if [[ "${BUILDMINI}" == "y" ]];
then then
echo "Now generating the iPXE images; please wait..." echo "Now generating the iPXE images; please wait..."
## Get the latest version of ipxe from git.
git submodule init >> "${LOGFILE}.${FUNCNAME}" 2>&1 git submodule init >> "${LOGFILE}.${FUNCNAME}" 2>&1
git submodule update >> "${LOGFILE}.${FUNCNAME}" 2>&1 git submodule update >> "${LOGFILE}.${FUNCNAME}" 2>&1
cd ${BASEDIR}/src/ipxe/src cd ${BASEDIR}/src/ipxe/src
git checkout master .
git clean -xdf > /dev/null 2>&1 git clean -xdf > /dev/null 2>&1
git reset --hard HEAD >> "${LOGFILE}.${FUNCNAME}" 2>&1 git reset --hard HEAD >> "${LOGFILE}.${FUNCNAME}" 2>&1
git checkout master >> "${LOGFILE}.${FUNCNAME}" 2>&1 git checkout master >> "${LOGFILE}.${FUNCNAME}" 2>&1
git pull >> "${LOGFILE}.${FUNCNAME}" 2>&1 git pull >> "${LOGFILE}.${FUNCNAME}" 2>&1
git checkout master >> "${LOGFILE}.${FUNCNAME}" 2>&1 git checkout master >> "${LOGFILE}.${FUNCNAME}" 2>&1
# It will not build if we don't do this. Apparently we *need* libiberty.
# ...or do we?
#git revert -n 40a9a0f0
## Apply our patches.
# This replaces the 0003 and 0004 patches.
# curl -s https://patch-diff.githubusercontent.com/raw/ipxe/ipxe/pull/49.patch > ${BASEDIR}/src/ipxe_local/patches/ipxe-0003-no-PIE.patch 2>/dev/null # this isn't really necessary, I think? If you're dying right around this step, uncomment.
curl -s https://patch-diff.githubusercontent.com/raw/ipxe/ipxe/pull/50.patch > ${BASEDIR}/src/ipxe_local/patches/ipxe-0004-eiso.patch 2>/dev/null
for i in $(find ${BASEDIR}/src/ipxe_local/patches/ -type f -iname "*.patch" -printf '%P\n' | sort); for i in $(find ${BASEDIR}/src/ipxe_local/patches/ -type f -iname "*.patch" -printf '%P\n' | sort);
do do
patch -Np2 < ${BASEDIR}/src/ipxe_local/patches/${i} >> "${LOGFILE}.${FUNCNAME}" 2>&1 patch --verbose -Np2 < ${BASEDIR}/src/ipxe_local/patches/${i} >> "${LOGFILE}.${FUNCNAME}" 2>&1
done done
## SSL
SSLDIR="${BASEDIR}/src/ipxe_local/ssl"
mkdir -p ${SSLDIR}/{keys,crts,txt}
chmod 000 ${SSLDIR}/keys
chown root:root ${SSLDIR}/keys
if [[ -z "${IPXE_SSL_CA}" && -z "${IPXE_SSL_KEY}" ]];
then
# Generate SSL CA
#rm -rf ${SSLDIR}/*
cd "${SSLDIR}"
IPXE_SSL_CA="${SSLDIR}/crts/ca.crt"
IPXE_SSL_CAKEY="${SSLDIR}/keys/ca.key"
IPXE_DOMAIN=$(echo ${IPXE_URI} | sed -re 's/^(f|ht)tps?:\/\/// ; s/\/.*//')
if [[ ! -f "${SSLDIR}/txt/ca.srl" ]];
then
echo 01 > ${SSLDIR}/txt/ca.srl
fi
touch ${SSLDIR}/txt/ca.idx
openssl req -days 3650 -subj "/CN=${IPXE_DOMAIN}/O=${PNAME}/C=NA" -x509 -newkey rsa:4096 -nodes -out ${IPXE_SSL_CA} -keyout ${IPXE_SSL_CAKEY} -sha512 >> "${LOGFILE}.${FUNCNAME}" 2>&1
openssl req -days 3650 -subj "/CN=${IPXE_DOMAIN}/O=${PNAME}/C=NA" -newkey rsa:4096 -keyout ${SSLDIR}/keys/server.key -nodes -out ${SSLDIR}/crts/server.csr -sha512 >> "${LOGFILE}.${FUNCNAME}" 2>&1
openssl ca -days 3650 -batch -config ${SSLDIR}/openssl.cnf -keyfile ${IPXE_SSL_CAKEY} -in ${SSLDIR}/crts/server.csr -out ${SSLDIR}/crts/server.crt >> "${LOGFILE}.${FUNCNAME}" 2>&1
#cat crts/server.crt crts/ca.crt > crts/server_chained.crt
elif [[ -z "${IPXE_SSL_CA}" && -e "${IPXE_SSL_CAKEY}" ]];
then
echo "ERROR: You specified IPXE_SSL_CAKEY but not IPXE_SSL_CA. If one is specified, the other must be also."
exit 1
elif [[ -z "${IPXE_SSL_CAKEY}" && -e "${IPXE_SSL_CA}" ]];
then
echo "ERROR: You specified IPXE_SSL_CA but not IPXE_SSL_CAKEY. If one is specified, the other must be also."
exit 1
elif [[ ! -e "${IPXE_SSL_CA}" || ! -e "${IPXE_SSL_CAKEY}" ]];
then
echo "ERROR: You have specified both IPXE_SSL_CA and IPXE_SSL_CAKEY but one (or both) are not valid paths/files."
exit 1
fi
if [[ -z "${IPXE_SSL_KEY}" && -z "${IPXE_SSL_CRT}" ]];
then
IPXE_SSL_KEY="${SSLDIR}/keys/client.key"
IPXE_SSL_CRT="${SSLDIR}/crts/client.crt"
IPXE_DOMAIN=$(echo ${IPXE_URI} | sed -re 's/^(f|ht)tps?:\/\/// ; s/\/.*//')
# Generate SSL client key.
openssl req -days 3650 -subj "/CN=${IPXE_DOMAIN}/O=${PNAME}/C=NA" -newkey rsa:4096 -keyout ${IPXE_SSL_KEY} -nodes -out ${SSLDIR}/crts/client.csr -sha512 >> "${LOGFILE}.${FUNCNAME}" 2>&1
# Sign the crt.
openssl ca -days 3650 -batch -config ${SSLDIR}/openssl.cnf -keyfile ${IPXE_SSL_CAKEY} -in ${SSLDIR}/crts/client.csr -out ${IPXE_SSL_CRT} >> "${LOGFILE}.${FUNCNAME}" 2>&1
elif [[ -z "${IPXE_SSL_CRT}" && -e "${IPXE_SSL_KEY}" ]];
then
echo "ERROR: You specified IPXE_SSL_KEY but not IPXE_SSL_CRT. If one is specified, the other must be also."
exit 1
elif [[ -z "${IPXE_SSL_KEY}" && -e "${IPXE_SSL_CRT}" ]];
then
echo "ERROR: You specified IPXE_SSL_CRT but not IPXE_SSL_KEY. If one is specified, the other must be also."
exit 1
elif [[ ! -e "${IPXE_SSL_CRT}" || ! -e "${IPXE_SSL_KEY}" ]];
then
echo "ERROR: You have specified both IPXE_SSL_CRT and IPXE_SSL_KEY but one (or both) are not valid paths/files."
exit 1
fi
cd ${BASEDIR}/src/ipxe/src
# Generate the iPXE EMBED script... # Generate the iPXE EMBED script...
sed -re "s,^(chain\ ).*$,\1${IPXE_URI},g" \ sed -re "s,^(chain\ ).*$,\1${IPXE_URI},g" \
-e 's/%%COMMA%%/,/g' ${BASEDIR}/src/ipxe_local/EMBED > ${SRCDIR}/EMBED -e 's/%%COMMA%%/,/g' ${BASEDIR}/src/ipxe_local/EMBED > ${SRCDIR}/EMBED
# And now we build!
#make everything EMBED="${SRCDIR}/EMBED" >> "${LOGFILE}.${FUNCNAME}" 2>&1 #make everything EMBED="${SRCDIR}/EMBED" >> "${LOGFILE}.${FUNCNAME}" 2>&1
make bin-i386-efi/ipxe.efi bin-x86_64-efi/ipxe.efi EMBED="${SRCDIR}/EMBED" >> "${LOGFILE}.${FUNCNAME}" 2>&1 make bin-i386-efi/ipxe.efi bin-x86_64-efi/ipxe.efi \
make bin/ipxe.eiso bin/ipxe.usb EMBED="${SRCDIR}/EMBED" >> "${LOGFILE}.${FUNCNAME}" 2>&1 EMBED="${SRCDIR}/EMBED" \
TRUST="${IPXE_SSL_CA}" \
CERT="${IPXE_SSL_CA},${IPXE_SSL_CRT}" \
PRIVKEY="${IPXE_SSL_KEY}" >> "${LOGFILE}.${FUNCNAME}" 2>&1
make bin/ipxe.eiso bin/ipxe.usb \
EMBED="${SRCDIR}/EMBED" \
TRUST="${IPXE_SSL_CA}" \
CERT="${IPXE_SSL_CA},${IPXE_SSL_CRT}" \
PRIVKEY="${IPXE_SSL_KEY}" >> "${LOGFILE}.${FUNCNAME}" 2>&1
# Change this to USB-only... # Change this to USB-only...
#make all EMBED="${BASEDIR}/src/ipxe_local/EMBED" >> "${LOGFILE}.${FUNCNAME}" 2>&1 #make all EMBED="${BASEDIR}/src/ipxe_local/EMBED" >> "${LOGFILE}.${FUNCNAME}" 2>&1
mv -f ${BASEDIR}/src/ipxe/src/bin/ipxe.usb ${ISODIR}/${USBFILENAME} mv -f ${BASEDIR}/src/ipxe/src/bin/ipxe.usb ${ISODIR}/${USBFILENAME}
mv -f ${BASEDIR}/src/ipxe/src/bin/ipxe.eiso ${ISODIR}/${MINIFILENAME} mv -f ${BASEDIR}/src/ipxe/src/bin/ipxe.eiso ${ISODIR}/${MINIFILENAME}
make clean >> "${LOGFILE}.${FUNCNAME}" 2>&1 make clean >> "${LOGFILE}.${FUNCNAME}" 2>&1
git reset --hard >> "${LOGFILE}.${FUNCNAME}" 2>&1 cd ${BASEDIR}/src/ipxe
git checkout master . > /dev/null 2>&1
git clean -xdf > /dev/null 2>&1 git clean -xdf > /dev/null 2>&1
git checkout master > /dev/null 2>&1 git reset --hard >> "${LOGFILE}.${FUNCNAME}" 2>&1
#git reset --hard HEAD > /dev/null 2>&1 #git reset --hard HEAD > /dev/null 2>&1
echo echo
fi fi

3
lib/prereqs/iso.pkgs.lst
View File

@@ -8,11 +8,11 @@ dhcp
dhcpcd dhcpcd
dosfstools dosfstools
efibootmgr efibootmgr
efitools
efivar efivar
ethtool ethtool
file file
findutils findutils
gummiboot
iproute2 iproute2
iputils iputils
libisoburn libisoburn
@@ -28,7 +28,6 @@ netctl
networkmanager networkmanager
openssh openssh
openvpn openvpn
prebootloader
pv pv
rsync rsync
sed sed

2
src/ipxe

Submodule src/ipxe updated: c522c11c7b...827dd1bfee

5
src/ipxe_local/00-general.sed
View File

@@ -1,7 +1,10 @@
## Enable IPv6 support
s/^#undef([[:space:]]*NET_PROTO_IPV6)/#define\1/g s/^#undef([[:space:]]*NET_PROTO_IPV6)/#define\1/g
## Enable HTTPS
s/^#undef([[:space:]]*DOWNLOAD_PROTO_HTTPS)/#define\1/g s/^#undef([[:space:]]*DOWNLOAD_PROTO_HTTPS)/#define\1/g
s@^//(#define[[:space:]]*IMAGE_TRUST_CMD@\1@g
## Enable FTP
s/^#undef([[:space:]]*DOWNLOAD_PROTO_FTP)/#define\1/g s/^#undef([[:space:]]*DOWNLOAD_PROTO_FTP)/#define\1/g
## Currently broken for EFI building ## Currently broken for EFI building
#s@^//(#define[[:space:]]*CONSOLE_CMD)@\1@g #s@^//(#define[[:space:]]*CONSOLE_CMD)@\1@g
#s@^//(#define[[:space:]]*IMAGE_PNG@\1@g #s@^//(#define[[:space:]]*IMAGE_PNG@\1@g
s@^//(#define[[:space:]]*IMAGE_TRUST_CMD@\1@g

4
src/ipxe_local/EMBED
View File

@@ -1,4 +1,8 @@
#!ipxe #!ipxe
dhcp dhcp
## TODO: signed kernel and initrd
#imgtrust --permanent
#imgverify vmlinuz path/to/vmlinuz.sig
#imgverify initrd path/to/initrd.sig
chain https://bdisk.square-r00t.net chain https://bdisk.square-r00t.net

33
src/ipxe_local/patches/ipxe-0002-banner.patch
View File

@@ -1,6 +1,8 @@
--- a/src/usr/autoboot.c 2015-06-29 04:18:17.055394598 -0400 diff --git a/src/usr/autoboot.c b/src/usr/autoboot.c
+++ b/src/usr/autoboot.c 2015-06-29 22:04:28.692916217 -0400 index e93b015..758e187 100644
@@ -71,6 +71,7 @@ --- a/src/usr/autoboot.c
+++ b/src/usr/autoboot.c
@@ -71,6 +71,7 @@ static int ( * is_autoboot_device ) ( struct net_device *netdev );
#define NORMAL "\033[0m" #define NORMAL "\033[0m"
#define BOLD "\033[1m" #define BOLD "\033[1m"
#define CYAN "\033[36m" #define CYAN "\033[36m"
@@ -8,16 +10,27 @@
/** The "scriptlet" setting */ /** The "scriptlet" setting */
const struct setting scriptlet_setting __setting ( SETTING_MISC, scriptlet ) = { const struct setting scriptlet_setting __setting ( SETTING_MISC, scriptlet ) = {
@@ -560,9 +561,9 @@ @@ -521,7 +522,6 @@ static int shell_banner ( void ) {
* @ret rc Return status code
*/
int ipxe ( struct net_device *netdev ) {
- struct feature *feature;
struct image *image;
char *scriptlet;
int rc;
@@ -538,11 +538,11 @@ int ipxe ( struct net_device *netdev ) {
* do so. * do so.
* *
*/ */
- printf ( NORMAL "\n\n" PRODUCT_NAME "\n" BOLD PRODUCT_SHORT_NAME " %s" - printf ( NORMAL "\n\n" PRODUCT_NAME "\n" BOLD PRODUCT_SHORT_NAME " %s"
- NORMAL " -- " PRODUCT_TAG_LINE " -- " + printf ( NORMAL "\n\n" PRODUCT_NAME "\n" BOLD PRODUCT_SHORT_NAME
NORMAL " -- " PRODUCT_TAG_LINE " -- "
- CYAN PRODUCT_URI NORMAL "\nFeatures:", product_version ); - CYAN PRODUCT_URI NORMAL "\nFeatures:", product_version );
+ printf ( NORMAL "\n\n" PRODUCT_NAME "\n" BOLD PRODUCT_SHORT_NAME - for_each_table_entry ( feature, FEATURES )
+ CYAN PRODUCT_URI NORMAL "\n" - printf ( " %s", feature->name );
+ BOLD BLUE "http://bdisk.square-r00t.net/" NORMAL "\n" ); + CYAN PRODUCT_URI NORMAL "\n"
for_each_table_entry ( feature, FEATURES ) + BOLD "BDisk" BLUE "LiveDistro" NORMAL " -- Welp, Yer Boned!(TM) -- "
printf ( " %s", feature->name ); + BOLD BLUE "https://bdisk.square-r00t.net/" NORMAL "\n" );
printf ( "\n" ); printf ( "\n" );
/* Boot system */

41
src/ipxe_local/patches/ipxe-0003-iso-efi.patch → src/ipxe_local/patches/ipxe-0004-eiso.patch
View File

@@ -1,25 +1,24 @@
From d2092664b3cf866b2ab338fe056149d3266d0acc Mon Sep 17 00:00:00 2001 From 189652b03032305a2db860e76fb58e81e3420c4d Mon Sep 17 00:00:00 2001
From: Christian Hesse <mail@eworm.de> From: Christian Hesse <mail@eworm.de>
Date: Sun, 19 Apr 2015 13:16:09 +0200 Date: Wed, 24 Feb 2016 09:16:51 +0100
Subject: [PATCH 1/1] allow to build ISO image with EFI support (ipxe.eiso) Subject: [PATCH] allow to build ISO image with EFI support (ipxe.eiso)
Signed-off-by: Christian Hesse <mail@eworm.de>
--- ---
src/arch/i386/Makefile.pcbios | 6 +++++ src/arch/x86/Makefile.pcbios | 6 +++++
src/util/geniso | 52 +++++++++++++++++++++++++++++++++---------- src/util/geniso | 52 ++++++++++++++++++++++++++++++++++----------
2 files changed, 46 insertions(+), 12 deletions(-) 2 files changed, 46 insertions(+), 12 deletions(-)
diff --git a/src/arch/i386/Makefile.pcbios b/src/arch/i386/Makefile.pcbios diff --git a/src/arch/x86/Makefile.pcbios b/src/arch/x86/Makefile.pcbios
index ff82373..c7a58eb 100644 index f8c2253..1e01636 100644
--- a/src/arch/i386/Makefile.pcbios --- a/src/arch/x86/Makefile.pcbios
+++ b/src/arch/i386/Makefile.pcbios +++ b/src/arch/x86/Makefile.pcbios
@@ -59,6 +59,12 @@ NON_AUTO_MEDIA += iso @@ -86,6 +86,12 @@ NON_AUTO_MEDIA += iso
$(QM)$(ECHO) " [GENISO] $@" $(Q)ISOLINUX_BIN=$(ISOLINUX_BIN) LDLINUX_C32=$(LDLINUX_C32) \
$(Q)ISOLINUX_BIN=$(ISOLINUX_BIN) VERSION="$(VERSION)" bash util/geniso -o $@ $< VERSION="$(VERSION)" bash util/geniso -o $@ $<
+# rule to make a non-emulation ISO boot image with EFI support +# rule to make a non-emulation ISO boot image with EFI support
+NON_AUTO_MEDIA += eiso +NON_AUTO_MEDIA += eiso
+%eiso: %lkrn bin-i386-efi/ipxe.efi bin-x86_64-efi/ipxe.efi util/geniso +%eiso: %lkrn bin-i386-efi/ipxe.efi bin-x86_64-efi/ipxe.efi util/geniso
+ $(QM)$(ECHO) " [GENISO] $@" + $(QM)$(ECHO) " [GENISO] $@"
+ $(Q)ISOLINUX_BIN=$(ISOLINUX_BIN) VERSION="$(VERSION)" bash util/geniso -e -o $@ $< + $(Q)ISOLINUX_BIN=$(ISOLINUX_BIN) VERSION="$(VERSION)" bash util/geniso -e -o $@ $<
+ +
@@ -27,7 +26,7 @@ index ff82373..c7a58eb 100644
NON_AUTO_MEDIA += liso NON_AUTO_MEDIA += liso
%liso: %lkrn util/geniso %liso: %lkrn util/geniso
diff --git a/src/util/geniso b/src/util/geniso diff --git a/src/util/geniso b/src/util/geniso
index 521c929..9e8588c 100755 index ff090d4..7694036 100755
--- a/src/util/geniso --- a/src/util/geniso
+++ b/src/util/geniso +++ b/src/util/geniso
@@ -6,16 +6,21 @@ function help() { @@ -6,16 +6,21 @@ function help() {
@@ -89,7 +88,7 @@ index 521c929..9e8588c 100755
fi fi
dir=$(mktemp -d bin/iso.dir.XXXXXX) dir=$(mktemp -d bin/iso.dir.XXXXXX)
@@ -122,6 +135,21 @@ case "${LEGACY}" in @@ -122,13 +135,28 @@ case "${LEGACY}" in
# copy isolinux bootloader # copy isolinux bootloader
cp ${ISOLINUX_BIN} ${dir} cp ${ISOLINUX_BIN} ${dir}
@@ -109,9 +108,8 @@ index 521c929..9e8588c 100755
+ fi + fi
+ +
# syslinux 6.x needs a file called ldlinux.c32 # syslinux 6.x needs a file called ldlinux.c32
LDLINUX_C32=$(dirname ${ISOLINUX_BIN})/ldlinux.c32 if [ -n "${LDLINUX_C32}" -a -s "${LDLINUX_C32}" ]; then
if [ -s ${LDLINUX_C32} ]; then cp ${LDLINUX_C32} ${dir}
@@ -129,7 +157,7 @@ case "${LEGACY}" in
fi fi
# generate the iso image # generate the iso image
@@ -120,6 +118,3 @@ index 521c929..9e8588c 100755
# isohybrid will be used if available # isohybrid will be used if available
if isohybrid --version >/dev/null 2>/dev/null; then if isohybrid --version >/dev/null 2>/dev/null; then
--
2.3.5

34
src/ipxe_local/patches/ipxe-0004-fix-no-pie-workaround.patch
View File

@@ -1,34 +0,0 @@
From a4f7e3ba395af4cd0a706df635309d4ef837ecf8 Mon Sep 17 00:00:00 2001
From: Christian Hesse <mail@eworm.de>
Date: Wed, 8 Apr 2015 09:51:41 +0200
Subject: [PATCH 2/2] Fix no-PIE workaround for i386 builds
This workaround did not work for my version of gcc (4.9.2 20150304) as
no option -nopie exists.
We take another way: Let's check whether or not the macro __PIE__ is defined
and add -fno-PIE if it is.
Signed-off-by: Christian Hesse <mail@eworm.de>
---
src/arch/i386/Makefile | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/arch/i386/Makefile b/src/arch/i386/Makefile
index 99f8753..897081b 100644
--- a/src/arch/i386/Makefile
+++ b/src/arch/i386/Makefile
@@ -75,8 +75,8 @@ CFLAGS += -Ui386
# output on stderr instead of checking the exit status.
#
ifeq ($(CCTYPE),gcc)
-PIE_TEST = [ -z "`$(CC) -fno-PIE -nopie -x c -c /dev/null -o /dev/null 2>&1`" ]
-PIE_FLAGS := $(shell $(PIE_TEST) && $(ECHO) '-fno-PIE -nopie')
+PIE_TEST = $(CC) -dM -E - < /dev/null | grep -q '__PIE__'
+PIE_FLAGS := $(shell $(PIE_TEST) && $(ECHO) '-fno-PIE')
WORKAROUND_CFLAGS += $(PIE_FLAGS)
endif
--
2.3.5

33
src/ipxe_local/ssl/openssl.cnf Normal file
View File

@@ -0,0 +1,33 @@
[ ca ]
default_ca = ca_default
[ ca_default ]
certificate = crts/ca.crt
private_key = keys/ca.key
serial = txt/ca.srl
database = txt/ca.idx
#new_certs_dir = signed
new_certs_dir = crts
#default_md = default
default_md = sha512
policy = policy_anything
preserve = yes
default_days = 90
unique_subject = no
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = optional
emailAddress = optional
[ cross ]
basicConstraints = critical,CA:true
keyUsage = critical,cRLSign,keyCertSign
[ codesigning ]
keyUsage = digitalSignature
extendedKeyUsage = codeSigning