[molecules] add Sabayon "Hardened Server" spec files
This commit is contained in:
Fabio Erculiani
parent
533b167775
commit
9cf8d7bd50
53
molecules/hardenedserver.common
Normal file
53
molecules/hardenedserver.common
Normal file
@ -0,0 +1,53 @@
|
||||
# Define an alternative execution strategy, in this case, the value must be
|
||||
# "iso_remaster"
|
||||
execution_strategy: iso_remaster
|
||||
|
||||
# ISO Image title
|
||||
iso_title: Sabayon Hardened Server
|
||||
|
||||
# Release string
|
||||
release_string: Sabayon Linux
|
||||
|
||||
# File to write release string
|
||||
release_file: /etc/sabayon-edition
|
||||
|
||||
# Outer chroot script command, to be executed outside destination chroot before
|
||||
# before entering it (and before inner_chroot_script)
|
||||
%env outer_chroot_script: ${SABAYON_MOLECULE_HOME:-/sabayon}/scripts/remaster_pre.sh
|
||||
|
||||
# Execute repositories update here, in a more fault-tolerant flavor
|
||||
%env inner_chroot_script: ${SABAYON_MOLECULE_HOME:-/sabayon}/scripts/remaster_generic_inner_chroot_script.sh
|
||||
|
||||
# Inner chroot script command, to be executed inside destination chroot after
|
||||
# packages installation and removal
|
||||
%env inner_chroot_script_after: ${SABAYON_MOLECULE_HOME:-/sabayon}/scripts/remaster_hardenedserver_inner_chroot_script_after.sh
|
||||
|
||||
# Outer chroot script command, to be executed outside destination chroot before
|
||||
# before entering it (and AFTER inner_chroot_script)
|
||||
%env outer_chroot_script_after: ${SABAYON_MOLECULE_HOME:-/sabayon}/scripts/remaster_post.sh
|
||||
|
||||
# Used to umount /proc and unbind packages dir
|
||||
%env error_script: ${SABAYON_MOLECULE_HOME:-/sabayon}/scripts/remaster_error_script.sh
|
||||
|
||||
# Extra mkisofs parameters, perhaps something to include/use your bootloader
|
||||
extra_mkisofs_parameters: -b isolinux/isolinux.bin -c isolinux/boot.cat
|
||||
|
||||
# Pre-ISO building script. Hook to be able to copy kernel images in place, for example
|
||||
%env pre_iso_script: ${SABAYON_MOLECULE_HOME:-/sabayon}/scripts/generic_pre_iso_script.sh HardenedServer
|
||||
|
||||
# Post-ISO building script, called after ISO image generation.
|
||||
%env post_iso_script: ${SABAYON_MOLECULE_HOME:-/sabayon}/scripts/generic_post_iso_script.sh
|
||||
|
||||
# Destination directory for the ISO image path (MANDATORY)
|
||||
%env destination_iso_directory: ${SABAYON_MOLECULE_HOME:-/sabayon}/iso
|
||||
|
||||
packages_to_add:
|
||||
sys-kernel/linux-hardened,
|
||||
sys-apps/paxctl
|
||||
|
||||
packages_to_remove:
|
||||
sys-kernel/linux-sabayon
|
||||
|
||||
# Determine whether repositories update should be run (if packages_to_add is set)
|
||||
# (default is: no), values are: yes, no.
|
||||
execute_repositories_update: no
|
||||
11
molecules/sabayon-amd64-hardenedserver.spec
Normal file
11
molecules/sabayon-amd64-hardenedserver.spec
Normal file
@ -0,0 +1,11 @@
|
||||
# Use abs path, otherwise daily iso build won't work
|
||||
%env %import ${SABAYON_MOLECULE_HOME:-/sabayon}/molecules/hardenedserver.common
|
||||
|
||||
release_version: 10
|
||||
release_desc: amd64 Hardened Server
|
||||
|
||||
# Path to source ISO file (MANDATORY)
|
||||
%env source_iso: ${SABAYON_MOLECULE_HOME:-/sabayon}/iso/Sabayon_Linux_SpinBase_DAILY_amd64.iso
|
||||
|
||||
# Destination ISO image name, call whatever you want.iso, not mandatory
|
||||
destination_iso_image_name: Sabayon_Linux_HardenedServer_10_amd64.iso
|
||||
15
molecules/sabayon-x86-hardenedserver.spec
Normal file
15
molecules/sabayon-x86-hardenedserver.spec
Normal file
@ -0,0 +1,15 @@
|
||||
# use abs path, otherwise daily iso build automagic won't work
|
||||
%env %import ${SABAYON_MOLECULE_HOME:-/sabayon}/molecules/hardenedserver.common
|
||||
|
||||
release_version: 10
|
||||
release_desc: x86 Hardened Server
|
||||
|
||||
# pre chroot command, example, for 32bit chroots on 64bit system, you always
|
||||
# have to append "linux32" this is useful for inner_chroot_script
|
||||
prechroot: linux32
|
||||
|
||||
# Path to source ISO file (MANDATORY)
|
||||
%env source_iso: ${SABAYON_MOLECULE_HOME:-/sabayon}/iso/Sabayon_Linux_SpinBase_DAILY_x86.iso
|
||||
|
||||
# Destination ISO image name, call whatever you want.iso, not mandatory
|
||||
destination_iso_image_name: Sabayon_Linux_HardenedServer_10_x86.iso
|
||||
31
remaster/hardenedserver_isolinux.cfg
Normal file
31
remaster/hardenedserver_isolinux.cfg
Normal file
@ -0,0 +1,31 @@
|
||||
default console
|
||||
|
||||
label console
|
||||
menu label Start Sabayon __VERSION__ ServerBase
|
||||
kernel /boot/sabayon
|
||||
append root=/dev/ram0 initrd=/boot/sabayon.igz init=/linuxrc cdroot cdroot_type=udf looptype=squashfs loop=/livecd.squashfs splash=verbose,theme:sabayon vga=791 gfxpayload=1024x768x16 console=tty1 quiet --
|
||||
|
||||
label text-install
|
||||
menu label ^Installation
|
||||
kernel /boot/sabayon
|
||||
append root=/dev/ram0 initrd=/boot/sabayon.igz init=/linuxrc cdroot cdroot_type=udf looptype=squashfs loop=/livecd.squashfs splash=verbose,theme:sabayon vga=791 gfxpayload=1024x768x16 console=tty1 quiet installer-text --
|
||||
|
||||
label genuine
|
||||
menu label Start in Safe ^Mode
|
||||
kernel /boot/sabayon
|
||||
append root=/dev/ram0 initrd=/boot/sabayon.igz init=/linuxrc cdroot cdroot_type=udf looptype=squashfs loop=/livecd.squashfs splash=silent,theme:sabayon vga=788 gfxpayload=800x600x16 noproprietary res=1024x768 pci=routeirq irqpoll console=tty1 quiet nokvm --
|
||||
|
||||
label debug
|
||||
menu label Deb^ug mode
|
||||
kernel /boot/sabayon
|
||||
append root=/dev/ram0 initrd=/boot/sabayon.igz init=/linuxrc cdroot cdroot_type=udf looptype=squashfs loop=/livecd.squashfs console=tty1 debug --
|
||||
|
||||
label memtest
|
||||
menu label Memory ^test
|
||||
kernel /boot/memtest
|
||||
append -
|
||||
|
||||
label hd
|
||||
menu label ^Boot from first hard disk
|
||||
localboot 0x80
|
||||
append -
|
||||
@ -20,6 +20,13 @@ elif [ "${remaster_type}" = "ServerBase" ]; then
|
||||
cp "${boot_kernel}" "${CDROOT_DIR}/boot/sabayon" || exit 1
|
||||
cp "${boot_ramfs}" "${CDROOT_DIR}/boot/sabayon.igz" || exit 1
|
||||
isolinux_source="${SABAYON_MOLECULE_HOME}/remaster/serverbase_isolinux.cfg"
|
||||
elif [ "${remaster_type}" = "HardenedServer" ]; then
|
||||
echo "HardenedServer trigger, copying server kernel over"
|
||||
boot_kernel=$(find "${CHROOT_DIR}/boot" -name "kernel-*" | sort | head -n 1)
|
||||
boot_ramfs=$(find "${CHROOT_DIR}/boot" -name "initramfs-*" | sort | head -n 1)
|
||||
cp "${boot_kernel}" "${CDROOT_DIR}/boot/sabayon" || exit 1
|
||||
cp "${boot_ramfs}" "${CDROOT_DIR}/boot/sabayon.igz" || exit 1
|
||||
isolinux_source="${SABAYON_MOLECULE_HOME}/remaster/hardenedserver_isolinux.cfg"
|
||||
fi
|
||||
cp "${isolinux_source}" "${isolinux_destination}" || exit 1
|
||||
|
||||
|
||||
32
scripts/remaster_hardenedserver_inner_chroot_script_after.sh
Executable file
32
scripts/remaster_hardenedserver_inner_chroot_script_after.sh
Executable file
@ -0,0 +1,32 @@
|
||||
#!/bin/sh
|
||||
|
||||
rc-update del installer-gui boot
|
||||
rc-update del x-setup boot
|
||||
rc-update del hald boot
|
||||
rc-update del avahi-daemon default
|
||||
|
||||
# A RUNNING NetworkManager is required by Anaconda !!
|
||||
# re-enable rc_hotplug
|
||||
# sed -i 's:^rc_hotplug=.*:rc_hotplug="*":g' /etc/rc.conf
|
||||
# rc-update del NetworkManager default
|
||||
|
||||
# install-data dir is really not needed
|
||||
rm -rf /install-data
|
||||
|
||||
mount -t proc proc /proc
|
||||
/lib/rc/bin/rc-depend -u
|
||||
|
||||
# Generate openrc cache
|
||||
touch /lib/rc/init.d/softlevel
|
||||
/etc/init.d/savecache start
|
||||
/etc/init.d/savecache zap
|
||||
|
||||
ldconfig
|
||||
ldconfig
|
||||
umount /proc
|
||||
|
||||
emaint --fix world
|
||||
|
||||
rm -rf /var/lib/entropy/*cache*
|
||||
|
||||
exit 0
|
||||
Loading…
Reference in New Issue
Block a user