Server
/
ISO
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Browse Source

updated to new archiso procedure (v49?)

master
Dan 2 years ago
parent
6a60bd6b6b
commit
9ccd1c6c68
Signed by: dan
GPG Key ID: 7DFC51AC7A70FBAB
8 changed files with 32 additions and 342 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 39
      README.md
  2. 0
      airootfs/etc/machine-id
  3. 2
      airootfs/root/customize_airootfs.sh
  4. 6
      airootfs/root/pwoss-server.sh
  5. 306
      build.sh
  6. 3
      packages.x86_64
  7. 12
      profiledef.sh
  8. 6
      syslinux/archiso_pxe.cfg

39
README.md
Unescape View File

@ -16,44 +16,23 @@ You can use [VirtualBox](https://wiki.archlinux.org/index.php/VirtualBox) or dow
 
## Usage [options]
iso_name: PwOSS
iso_version: PWOSS_201906
iso_label: pwoss_linux
publisher: PwOSS
application:'PwOSS Linux'
 
Example:
## Build your ISO
```
git clone https://git.pwoss.org/server/iso.git
cd /path/to/repo/ISO/
sudo ./build.sh -N PwOSS-Server -V 16.02.2020 -L pwoss_server -P Dan -A 'PwOSS Server'
mkarchiso -v .
```
> **_NOTE:_**
It is recommended to perform all the following steps as the root user with the umask set to `0022`. If not, it is very likely that the live environment will have wrong file permissions.
> **_NOTE 2:_**
Change `profiledef.sh` to your needs.
 
## General options
-N <iso_name> Set an iso filename (prefix)
Default: ${iso_name}"
-V <iso_version> Set an iso version (in filename)
Default: ${iso_version}
-L <iso_label> Set an iso label (disk label)"
Default: ${iso_label}"
-P <publisher> Set a publisher for the disk"
Default: '${iso_publisher}'"
-A <application> Set an application name for the disk"
Default: '${iso_application}'"
-D <install_dir> Set an install_dir (directory inside iso)"
Default: ${install_dir}"
-w <work_dir> Set the working directory"
Default: ${work_dir}"
-o <out_dir> Set the output directory"
Default: ${out_dir}"
-v Enable verbose output"
-h This help message"
Check `mkarchiso -h`.
&nbsp;

0
airootfs/etc/machine-id
Unescape View File

2
airootfs/root/customize_airootfs.sh
Unescape View File

@ -4,7 +4,7 @@
set -e -u
echo 'Warning: customize_airootfs.sh is deprecated! Support for it will be removed in a future archiso version.'
# Warning: customize_airootfs.sh is deprecated! Support for it will be removed in a future archiso version.
sed -i 's/#\(en_US\.UTF-8\)/\1/' /etc/locale.gen
locale-gen

6
airootfs/root/pwoss-server.sh
Unescape View File

@ -58,10 +58,10 @@ TIMEZONE="Pacific/Auckland" # Your timezone (Command='timedatectl list-t
#MICROCODE="intel-ucode" # Intel CPU (choose amd OR intel)
## Packages
MINIMUM="base linux linux-firmware linux-headers base-devel grub efibootmgr networkmanager networkmanager-openvpn lvm2 $MICROCODE" # Minimum packages to get the server up and running.
MINIMUM="base linux-hardened linux-firmware linux-hardened-headers linux-hardened-docs base-devel grub efibootmgr networkmanager networkmanager-openvpn lvm2 $MICROCODE" # Minimum packages to get the server up and running.
SOFTWARE="mariadb nginx-mainline php php-fpm php-gd php-sqlite ddclient msmtp msmtp-mta" # Software pkgs
SECURITY="sudo ufw openssh wireguard-tools radicale unbound expat dnscrypt-proxy samba fail2ban python2-virtualenv rsnapshot lynis rkhunter arch-audit" # "Security/Privacy" pkgs
OTHER="bash-completion cronie nano man-db reflector git lm_sensors tree wget" # Other usefull pkgs
SECURITY="sudo ufw openssh wireguard-tools radicale unbound expat dnscrypt-proxy samba fail2ban python2-virtualenv rsnapshot lynis rkhunter arch-audit firejail" # "Security/Privacy" pkgs
OTHER="bash-completion cronie nano man-db reflector git lm_sensors tree wget bashtop python-psutil" # Other usefull pkgs
## Enable services
SERVICES="sshd ufw NetworkManager nginx php-fpm cronie unbound dnscrypt-proxy smb fail2ban"

306
build.sh
Unescape View File

@ -2,306 +2,6 @@
#
# SPDX-License-Identifier: GPL-3.0-or-later
set -e -u
iso_name=archlinux
iso_label="ARCH_$(date +%Y%m)"
iso_publisher="Arch Linux <http://www.archlinux.org>"
iso_application="Arch Linux Live/Rescue CD"
iso_version=$(date +%Y.%m.%d)
install_dir=arch
work_dir=work
out_dir=out
gpg_key=""
verbose=""
script_path="$( cd -P "$( dirname "$(readlink -f "$0")" )" && pwd )"
umask 0022
_usage ()
{
echo "usage ${0} [options]"
echo
echo " General options:"
echo " -N <iso_name> Set an iso filename (prefix)"
echo " Default: ${iso_name}"
echo " -V <iso_version> Set an iso version (in filename)"
echo " Default: ${iso_version}"
echo " -L <iso_label> Set an iso label (disk label)"
echo " Default: ${iso_label}"
echo " -P <publisher> Set a publisher for the disk"
echo " Default: '${iso_publisher}'"
echo " -A <application> Set an application name for the disk"
echo " Default: '${iso_application}'"
echo " -D <install_dir> Set an install_dir (directory inside iso)"
echo " Default: ${install_dir}"
echo " -w <work_dir> Set the working directory"
echo " Default: ${work_dir}"
echo " -o <out_dir> Set the output directory"
echo " Default: ${out_dir}"
echo " -v Enable verbose output"
echo " -h This help message"
exit "${1}"
}
# Helper function to run make_*() only one time per architecture.
run_once() {
if [[ ! -e "${work_dir}/build.${1}" ]]; then
"$1"
touch "${work_dir}/build.${1}"
fi
}
# Setup custom pacman.conf with current cache directories.
make_pacman_conf() {
local _cache_dirs
_cache_dirs=("$(pacman -v 2>&1 | grep '^Cache Dirs:' | sed 's/Cache Dirs:\s*//g')")
sed -r "s|^#?\\s*CacheDir.+|CacheDir = $(echo -n "${_cache_dirs[@]}")|g" \
"${script_path}/pacman.conf" > "${work_dir}/pacman.conf"
}
# Prepare working directory and copy custom airootfs files (airootfs)
make_custom_airootfs() {
local _airootfs="${work_dir}/x86_64/airootfs"
mkdir -p -- "${_airootfs}"
if [[ -d "${script_path}/airootfs" ]]; then
cp -af --no-preserve=ownership -- "${script_path}/airootfs/." "${_airootfs}"
[[ -e "${_airootfs}/etc/shadow" ]] && chmod -f 0400 -- "${_airootfs}/etc/shadow"
[[ -e "${_airootfs}/etc/gshadow" ]] && chmod -f 0400 -- "${_airootfs}/etc/gshadow"
# Set up user home directories and permissions
if [[ -e "${_airootfs}/etc/passwd" ]]; then
while IFS=':' read -a passwd -r; do
[[ "${passwd[5]}" == '/' ]] && continue
if [[ -d "${_airootfs}${passwd[5]}" ]]; then
chown -hR -- "${passwd[2]}:${passwd[3]}" "${_airootfs}${passwd[5]}"
chmod -f 0750 -- "${_airootfs}${passwd[5]}"
else
install -d -m 0750 -o "${passwd[2]}" -g "${passwd[3]}" -- "${_airootfs}${passwd[5]}"
fi
done < "${_airootfs}/etc/passwd"
fi
fi
}
# Packages (airootfs)
make_packages() {
if [[ "${gpg_key}" ]]; then
gpg --export "${gpg_key}" > "${work_dir}/gpgkey"
exec 17<>"${work_dir}/gpgkey"
fi
if [ -n "${verbose}" ]; then
ARCHISO_GNUPG_FD="${gpg_key:+17}" mkarchiso -v -w "${work_dir}/x86_64" -C "${work_dir}/pacman.conf" -D "${install_dir}" \
-p "$(grep -h -v '^#' "${script_path}/packages.x86_64"| sed ':a;N;$!ba;s/\n/ /g')" install
else
ARCHISO_GNUPG_FD="${gpg_key:+17}" mkarchiso -w "${work_dir}/x86_64" -C "${work_dir}/pacman.conf" -D "${install_dir}" \
-p "$(grep -h -v '^#' "${script_path}/packages.x86_64"| sed ':a;N;$!ba;s/\n/ /g')" install
fi
if [[ "${gpg_key}" ]]; then
exec 17<&-
fi
}
# Customize installation (airootfs)
make_customize_airootfs() {
if [[ -e "${script_path}/airootfs/etc/passwd" ]]; then
while IFS=':' read -a passwd -r; do
[[ "${passwd[5]}" == '/' ]] && continue
cp -RdT --preserve=mode,timestamps,links -- "${work_dir}/x86_64/airootfs/etc/skel" "${work_dir}/x86_64/airootfs${passwd[5]}"
chown -hR -- "${passwd[2]}:${passwd[3]}" "${work_dir}/x86_64/airootfs${passwd[5]}"
done < "${script_path}/airootfs/etc/passwd"
fi
if [[ -e "${work_dir}/x86_64/airootfs/root/customize_airootfs.sh" ]]; then
if [ -n "${verbose}" ]; then
mkarchiso -v -w "${work_dir}/x86_64" -C "${work_dir}/pacman.conf" -D "${install_dir}" \
-r '/root/customize_airootfs.sh' run
else
mkarchiso -w "${work_dir}/x86_64" -C "${work_dir}/pacman.conf" -D "${install_dir}" \
-r '/root/customize_airootfs.sh' run
fi
rm "${work_dir}/x86_64/airootfs/root/customize_airootfs.sh"
fi
}
# Prepare kernel/initramfs ${install_dir}/boot/
make_boot() {
mkdir -p "${work_dir}/iso/${install_dir}/boot/x86_64"
cp "${work_dir}/x86_64/airootfs/boot/archiso.img" "${work_dir}/iso/${install_dir}/boot/x86_64/"
cp "${work_dir}/x86_64/airootfs/boot/vmlinuz-linux" "${work_dir}/iso/${install_dir}/boot/x86_64/"
}
# Add other aditional/extra files to ${install_dir}/boot/
make_boot_extra() {
if [[ -e "${work_dir}/x86_64/airootfs/boot/memtest86+/memtest.bin" ]]; then
# rename for PXE: https://wiki.archlinux.org/index.php/Syslinux#Using_memtest
cp "${work_dir}/x86_64/airootfs/boot/memtest86+/memtest.bin" "${work_dir}/iso/${install_dir}/boot/memtest"
mkdir -p "${work_dir}/iso/${install_dir}/boot/licenses/memtest86+/"
cp "${work_dir}/x86_64/airootfs/usr/share/licenses/common/GPL2/license.txt" \
"${work_dir}/iso/${install_dir}/boot/licenses/memtest86+/"
fi
if [[ -e "${work_dir}/x86_64/airootfs/boot/intel-ucode.img" ]]; then
cp "${work_dir}/x86_64/airootfs/boot/intel-ucode.img" "${work_dir}/iso/${install_dir}/boot/"
mkdir -p "${work_dir}/iso/${install_dir}/boot/licenses/intel-ucode/"
cp "${work_dir}/x86_64/airootfs/usr/share/licenses/intel-ucode/"* \
"${work_dir}/iso/${install_dir}/boot/licenses/intel-ucode/"
fi
if [[ -e "${work_dir}/x86_64/airootfs/boot/amd-ucode.img" ]]; then
cp "${work_dir}/x86_64/airootfs/boot/amd-ucode.img" "${work_dir}/iso/${install_dir}/boot/"
mkdir -p "${work_dir}/iso/${install_dir}/boot/licenses/amd-ucode/"
cp "${work_dir}/x86_64/airootfs/usr/share/licenses/amd-ucode/"* \
"${work_dir}/iso/${install_dir}/boot/licenses/amd-ucode/"
fi
}
# Prepare /${install_dir}/boot/syslinux
make_syslinux() {
_uname_r=$(file -b "${work_dir}/x86_64/airootfs/boot/vmlinuz-linux"| awk 'f{print;f=0} /version/{f=1}' RS=' ')
mkdir -p "${work_dir}/iso/${install_dir}/boot/syslinux"
for _cfg in "${script_path}/syslinux/"*.cfg; do
sed "s|%ARCHISO_LABEL%|${iso_label}|g;
s|%INSTALL_DIR%|${install_dir}|g" "${_cfg}" > "${work_dir}/iso/${install_dir}/boot/syslinux/${_cfg##*/}"
done
cp "${script_path}/syslinux/splash.png" "${work_dir}/iso/${install_dir}/boot/syslinux/"
cp "${work_dir}/x86_64/airootfs/usr/lib/syslinux/bios/"*.c32 "${work_dir}/iso/${install_dir}/boot/syslinux/"
cp "${work_dir}/x86_64/airootfs/usr/lib/syslinux/bios/lpxelinux.0" "${work_dir}/iso/${install_dir}/boot/syslinux/"
cp "${work_dir}/x86_64/airootfs/usr/lib/syslinux/bios/memdisk" "${work_dir}/iso/${install_dir}/boot/syslinux/"
mkdir -p "${work_dir}/iso/${install_dir}/boot/syslinux/hdt"
gzip -c -9 "${work_dir}/x86_64/airootfs/usr/share/hwdata/pci.ids" > \
"${work_dir}/iso/${install_dir}/boot/syslinux/hdt/pciids.gz"
gzip -c -9 "${work_dir}/x86_64/airootfs/usr/lib/modules/${_uname_r}/modules.alias" > \
"${work_dir}/iso/${install_dir}/boot/syslinux/hdt/modalias.gz"
}
# Prepare /isolinux
make_isolinux() {
mkdir -p "${work_dir}/iso/isolinux"
sed "s|%INSTALL_DIR%|${install_dir}|g" \
"${script_path}/isolinux/isolinux.cfg" > "${work_dir}/iso/isolinux/isolinux.cfg"
cp "${work_dir}/x86_64/airootfs/usr/lib/syslinux/bios/isolinux.bin" "${work_dir}/iso/isolinux/"
cp "${work_dir}/x86_64/airootfs/usr/lib/syslinux/bios/isohdpfx.bin" "${work_dir}/iso/isolinux/"
cp "${work_dir}/x86_64/airootfs/usr/lib/syslinux/bios/ldlinux.c32" "${work_dir}/iso/isolinux/"
}
# Prepare /EFI
make_efi() {
mkdir -p "${work_dir}/iso/EFI/boot"
cp "${work_dir}/x86_64/airootfs/usr/lib/systemd/boot/efi/systemd-bootx64.efi" \
"${work_dir}/iso/EFI/boot/bootx64.efi"
mkdir -p "${work_dir}/iso/loader/entries"
cp "${script_path}/efiboot/loader/loader.conf" "${work_dir}/iso/loader/"
sed "s|%ARCHISO_LABEL%|${iso_label}|g;
s|%INSTALL_DIR%|${install_dir}|g" \
"${script_path}/efiboot/loader/entries/archiso-x86_64-usb.conf" > \
"${work_dir}/iso/loader/entries/archiso-x86_64.conf"
# edk2-shell based UEFI shell
# shellx64.efi is picked up automatically when on /
cp "${work_dir}/x86_64/airootfs/usr/share/edk2-shell/x64/Shell_Full.efi" "${work_dir}/iso/shellx64.efi"
}
# Prepare efiboot.img::/EFI for "El Torito" EFI boot mode
make_efiboot() {
mkdir -p "${work_dir}/iso/EFI/archiso"
truncate -s 64M "${work_dir}/iso/EFI/archiso/efiboot.img"
mkfs.fat -n ARCHISO_EFI "${work_dir}/iso/EFI/archiso/efiboot.img"
mkdir -p "${work_dir}/efiboot"
mount "${work_dir}/iso/EFI/archiso/efiboot.img" "${work_dir}/efiboot"
mkdir -p "${work_dir}/efiboot/EFI/archiso"
cp "${work_dir}/iso/${install_dir}/boot/x86_64/vmlinuz-linux" "${work_dir}/efiboot/EFI/archiso/"
cp "${work_dir}/iso/${install_dir}/boot/x86_64/archiso.img" "${work_dir}/efiboot/EFI/archiso/"
cp "${work_dir}/iso/${install_dir}/boot/intel-ucode.img" "${work_dir}/efiboot/EFI/archiso/"
cp "${work_dir}/iso/${install_dir}/boot/amd-ucode.img" "${work_dir}/efiboot/EFI/archiso/"
mkdir -p "${work_dir}/efiboot/EFI/boot"
cp "${work_dir}/x86_64/airootfs/usr/lib/systemd/boot/efi/systemd-bootx64.efi" \
"${work_dir}/efiboot/EFI/boot/bootx64.efi"
mkdir -p "${work_dir}/efiboot/loader/entries"
cp "${script_path}/efiboot/loader/loader.conf" "${work_dir}/efiboot/loader/"
sed "s|%ARCHISO_LABEL%|${iso_label}|g;
s|%INSTALL_DIR%|${install_dir}|g" \
"${script_path}/efiboot/loader/entries/archiso-x86_64-cd.conf" > \
"${work_dir}/efiboot/loader/entries/archiso-x86_64.conf"
# shellx64.efi is picked up automatically when on /
cp "${work_dir}/iso/shellx64.efi" "${work_dir}/efiboot/"
umount -d "${work_dir}/efiboot"
}
# Build airootfs filesystem image
make_prepare() {
cp -a -l -f "${work_dir}/x86_64/airootfs" "${work_dir}"
if [ -n "${verbose}" ]; then
mkarchiso -v -w "${work_dir}" -D "${install_dir}" pkglist
mkarchiso -v -w "${work_dir}" -D "${install_dir}" ${gpg_key:+-g ${gpg_key}} prepare
else
mkarchiso -w "${work_dir}" -D "${install_dir}" pkglist
mkarchiso -w "${work_dir}" -D "${install_dir}" ${gpg_key:+-g ${gpg_key}} prepare
fi
rm -rf "${work_dir}/airootfs"
# rm -rf "${work_dir}/x86_64/airootfs" (if low space, this helps)
}
# Build ISO
make_iso() {
if [ -n "${verbose}" ]; then
mkarchiso -v -w "${work_dir}" -D "${install_dir}" -L "${iso_label}" -P "${iso_publisher}" \
-A "${iso_application}" -o "${out_dir}" iso "${iso_name}-${iso_version}-x86_64.iso"
else
mkarchiso -w "${work_dir}" -D "${install_dir}" -L "${iso_label}" -P "${iso_publisher}" \
-A "${iso_application}" -o "${out_dir}" iso "${iso_name}-${iso_version}-x86_64.iso"
fi
}
if [[ ${EUID} -ne 0 ]]; then
echo "This script must be run as root."
_usage 1
fi
while getopts 'N:V:L:P:A:D:w:o:g:vh' arg; do
case "${arg}" in
N) iso_name="${OPTARG}" ;;
V) iso_version="${OPTARG}" ;;
L) iso_label="${OPTARG}" ;;
P) iso_publisher="${OPTARG}" ;;
A) iso_application="${OPTARG}" ;;
D) install_dir="${OPTARG}" ;;
w) work_dir="${OPTARG}" ;;
o) out_dir="${OPTARG}" ;;
g) gpg_key="${OPTARG}" ;;
v) verbose="-v" ;;
h) _usage 0 ;;
*)
echo "Invalid argument '${arg}'"
_usage 1
;;
esac
done
mkdir -p "${work_dir}"
run_once make_pacman_conf
run_once make_custom_airootfs
run_once make_packages
run_once make_customize_airootfs
run_once make_boot
run_once make_boot_extra
run_once make_syslinux
run_once make_isolinux
run_once make_efi
run_once make_efiboot
run_once make_prepare
run_once make_iso
printf '\n[%s] WARNING: %s\n\n' "mkarchiso" "build.sh scripts are deprecated! Please use mkarchiso directly." >&2
_buildsh_path="$(realpath -- "$0")"
exec mkarchiso "$@" "${_buildsh_path%/*}"

3
packages.x86_64
Unescape View File

@ -20,7 +20,7 @@ dosfstools
edk2-shell
efibootmgr
ethtool
exfat-utils
exfatprogs
f2fs-tools
fsarchiver
gnu-netcat
@ -94,4 +94,3 @@ wvdial
xfsprogs
xl2tpd
zsh
wget

12
profiledef.sh
Unescape View File

@ -0,0 +1,12 @@
#!/usr/bin/env bash
# shellcheck disable=SC2034
iso_name="pwoss-server"
iso_label="pwoss-server_$(date +%Y%m)"
iso_publisher="PwOSS <https://pwoss.org>"
iso_application="PwOSS - Server Live ISO"
iso_version="$(date +%Y.%m.%d)"
install_dir="pwoss"
bootmodes=('bios.syslinux.mbr' 'bios.syslinux.eltorito' 'uefi-x64.systemd-boot.esp' 'uefi-x64.systemd-boot.eltorito')
arch="x86_64"
pacman_conf="pacman.conf"

6
syslinux/archiso_pxe.cfg
Unescape View File

@ -11,7 +11,7 @@ ENDTEXT
MENU LABEL Arch Linux install medium (x86_64, NBD)
LINUX boot/x86_64/vmlinuz-linux
INITRD boot/intel-ucode.img,boot/amd-ucode.img,boot/x86_64/archiso.img
APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% archiso_nbd_srv=${pxeserver}
APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% archiso_nbd_srv=${pxeserver} checksum verify
SYSAPPEND 3
LABEL arch64_nfs
@ -22,7 +22,7 @@ ENDTEXT
MENU LABEL Arch Linux install medium (x86_64, NFS)
LINUX boot/x86_64/vmlinuz-linux
INITRD boot/intel-ucode.img,boot/amd-ucode.img,boot/x86_64/archiso.img
APPEND archisobasedir=%INSTALL_DIR% archiso_nfs_srv=${pxeserver}:/run/archiso/bootmnt
APPEND archisobasedir=%INSTALL_DIR% archiso_nfs_srv=${pxeserver}:/run/archiso/bootmnt checksum verify
SYSAPPEND 3
LABEL arch64_http
@ -33,7 +33,7 @@ ENDTEXT
MENU LABEL Arch Linux install medium (x86_64, HTTP)
LINUX boot/x86_64/vmlinuz-linux
INITRD boot/intel-ucode.img,boot/amd-ucode.img,boot/x86_64/archiso.img
APPEND archisobasedir=%INSTALL_DIR% archiso_http_srv=http://${pxeserver}/
APPEND archisobasedir=%INSTALL_DIR% archiso_http_srv=http://${pxeserver}/ checksum verify
SYSAPPEND 3
INCLUDE boot/syslinux/archiso_tail.cfg

Write Preview
Loading…
Cancel
Save