sablink/molecules
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[molecules] add Sabayon "Hardened Server" spec files

Browse Source
This commit is contained in:
Fabio Erculiani 2012-08-30 18:22:53 +02:00
parent 533b167775
commit 9cf8d7bd50
6 changed files with 149 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
molecules/hardenedserver.common Normal file
View File

@ -0,0 +1,53 @@
# Define an alternative execution strategy, in this case, the value must be
# "iso_remaster"
execution_strategy: iso_remaster
# ISO Image title
iso_title: Sabayon Hardened Server
# Release string
release_string: Sabayon Linux
# File to write release string
release_file: /etc/sabayon-edition
# Outer chroot script command, to be executed outside destination chroot before
# before entering it (and before inner_chroot_script)
%env outer_chroot_script: ${SABAYON_MOLECULE_HOME:-/sabayon}/scripts/remaster_pre.sh
# Execute repositories update here, in a more fault-tolerant flavor
%env inner_chroot_script: ${SABAYON_MOLECULE_HOME:-/sabayon}/scripts/remaster_generic_inner_chroot_script.sh
# Inner chroot script command, to be executed inside destination chroot after
# packages installation and removal
%env inner_chroot_script_after: ${SABAYON_MOLECULE_HOME:-/sabayon}/scripts/remaster_hardenedserver_inner_chroot_script_after.sh
# Outer chroot script command, to be executed outside destination chroot before
# before entering it (and AFTER inner_chroot_script)
%env outer_chroot_script_after: ${SABAYON_MOLECULE_HOME:-/sabayon}/scripts/remaster_post.sh
# Used to umount /proc and unbind packages dir
%env error_script: ${SABAYON_MOLECULE_HOME:-/sabayon}/scripts/remaster_error_script.sh
# Extra mkisofs parameters, perhaps something to include/use your bootloader
extra_mkisofs_parameters: -b isolinux/isolinux.bin -c isolinux/boot.cat
# Pre-ISO building script. Hook to be able to copy kernel images in place, for example
%env pre_iso_script: ${SABAYON_MOLECULE_HOME:-/sabayon}/scripts/generic_pre_iso_script.sh HardenedServer
# Post-ISO building script, called after ISO image generation.
%env post_iso_script: ${SABAYON_MOLECULE_HOME:-/sabayon}/scripts/generic_post_iso_script.sh
# Destination directory for the ISO image path (MANDATORY)
%env destination_iso_directory: ${SABAYON_MOLECULE_HOME:-/sabayon}/iso
packages_to_add:
sys-kernel/linux-hardened,
sys-apps/paxctl
packages_to_remove:
sys-kernel/linux-sabayon
# Determine whether repositories update should be run (if packages_to_add is set)
# (default is: no), values are: yes, no.
execute_repositories_update: no

11
molecules/sabayon-amd64-hardenedserver.spec Normal file
View File

@ -0,0 +1,11 @@
# Use abs path, otherwise daily iso build won't work
%env %import ${SABAYON_MOLECULE_HOME:-/sabayon}/molecules/hardenedserver.common
release_version: 10
release_desc: amd64 Hardened Server
# Path to source ISO file (MANDATORY)
%env source_iso: ${SABAYON_MOLECULE_HOME:-/sabayon}/iso/Sabayon_Linux_SpinBase_DAILY_amd64.iso
# Destination ISO image name, call whatever you want.iso, not mandatory
destination_iso_image_name: Sabayon_Linux_HardenedServer_10_amd64.iso

15
molecules/sabayon-x86-hardenedserver.spec Normal file
View File

@ -0,0 +1,15 @@
# use abs path, otherwise daily iso build automagic won't work
%env %import ${SABAYON_MOLECULE_HOME:-/sabayon}/molecules/hardenedserver.common
release_version: 10
release_desc: x86 Hardened Server
# pre chroot command, example, for 32bit chroots on 64bit system, you always
# have to append "linux32" this is useful for inner_chroot_script
prechroot: linux32
# Path to source ISO file (MANDATORY)
%env source_iso: ${SABAYON_MOLECULE_HOME:-/sabayon}/iso/Sabayon_Linux_SpinBase_DAILY_x86.iso
# Destination ISO image name, call whatever you want.iso, not mandatory
destination_iso_image_name: Sabayon_Linux_HardenedServer_10_x86.iso

31
remaster/hardenedserver_isolinux.cfg Normal file
View File

@ -0,0 +1,31 @@
default console
label console
menu label Start Sabayon __VERSION__ ServerBase
kernel /boot/sabayon
append root=/dev/ram0 initrd=/boot/sabayon.igz init=/linuxrc cdroot cdroot_type=udf looptype=squashfs loop=/livecd.squashfs splash=verbose,theme:sabayon vga=791 gfxpayload=1024x768x16 console=tty1 quiet --
label text-install
menu label ^Installation
kernel /boot/sabayon
append root=/dev/ram0 initrd=/boot/sabayon.igz init=/linuxrc cdroot cdroot_type=udf looptype=squashfs loop=/livecd.squashfs splash=verbose,theme:sabayon vga=791 gfxpayload=1024x768x16 console=tty1 quiet installer-text --
label genuine
menu label Start in Safe ^Mode
kernel /boot/sabayon
append root=/dev/ram0 initrd=/boot/sabayon.igz init=/linuxrc cdroot cdroot_type=udf looptype=squashfs loop=/livecd.squashfs splash=silent,theme:sabayon vga=788 gfxpayload=800x600x16 noproprietary res=1024x768 pci=routeirq irqpoll console=tty1 quiet nokvm --
label debug
menu label Deb^ug mode
kernel /boot/sabayon
append root=/dev/ram0 initrd=/boot/sabayon.igz init=/linuxrc cdroot cdroot_type=udf looptype=squashfs loop=/livecd.squashfs console=tty1 debug --
label memtest
menu label Memory ^test
kernel /boot/memtest
append -
label hd
menu label ^Boot from first hard disk
localboot 0x80
append -

7
scripts/generic_pre_iso_script.sh
View File

@ -20,6 +20,13 @@ elif [ "${remaster_type}" = "ServerBase" ]; then
cp "${boot_kernel}" "${CDROOT_DIR}/boot/sabayon" || exit 1 cp "${boot_kernel}" "${CDROOT_DIR}/boot/sabayon" || exit 1
cp "${boot_ramfs}" "${CDROOT_DIR}/boot/sabayon.igz" || exit 1 cp "${boot_ramfs}" "${CDROOT_DIR}/boot/sabayon.igz" || exit 1
isolinux_source="${SABAYON_MOLECULE_HOME}/remaster/serverbase_isolinux.cfg" isolinux_source="${SABAYON_MOLECULE_HOME}/remaster/serverbase_isolinux.cfg"
elif [ "${remaster_type}" = "HardenedServer" ]; then
echo "HardenedServer trigger, copying server kernel over"
boot_kernel=$(find "${CHROOT_DIR}/boot" -name "kernel-*" | sort | head -n 1)
boot_ramfs=$(find "${CHROOT_DIR}/boot" -name "initramfs-*" | sort | head -n 1)
cp "${boot_kernel}" "${CDROOT_DIR}/boot/sabayon" || exit 1
cp "${boot_ramfs}" "${CDROOT_DIR}/boot/sabayon.igz" || exit 1
isolinux_source="${SABAYON_MOLECULE_HOME}/remaster/hardenedserver_isolinux.cfg"
fi fi
cp "${isolinux_source}" "${isolinux_destination}" || exit 1 cp "${isolinux_source}" "${isolinux_destination}" || exit 1

32
scripts/remaster_hardenedserver_inner_chroot_script_after.sh Executable file
View File

@ -0,0 +1,32 @@
#!/bin/sh
rc-update del installer-gui boot
rc-update del x-setup boot
rc-update del hald boot
rc-update del avahi-daemon default
# A RUNNING NetworkManager is required by Anaconda !!
# re-enable rc_hotplug
# sed -i 's:^rc_hotplug=.*:rc_hotplug="*":g' /etc/rc.conf
# rc-update del NetworkManager default
# install-data dir is really not needed
rm -rf /install-data
mount -t proc proc /proc
/lib/rc/bin/rc-depend -u
# Generate openrc cache
touch /lib/rc/init.d/softlevel
/etc/init.d/savecache start
/etc/init.d/savecache zap
ldconfig
ldconfig
umount /proc
emaint --fix world
rm -rf /var/lib/entropy/*cache*
exit 0