Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package combustion for openSUSE:Factory checked in at 2021-06-19 23:03:21 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/combustion (Old) and /work/SRC/openSUSE:Factory/.combustion.new.2625 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "combustion" Sat Jun 19 23:03:21 2021 rev:9 rq:900741 version:0.2 Changes: -------- --- /work/SRC/openSUSE:Factory/combustion/combustion.changes 2021-01-25 18:25:35.088599980 +0100 +++ /work/SRC/openSUSE:Factory/.combustion.new.2625/combustion.changes 2021-06-19 23:03:55.459753111 +0200 @@ -1,0 +2,11 @@ +Mon Jun 7 14:13:14 UTC 2021 - Fabian Vogt <fv...@suse.com> + +- combustion: Relabel the old snapshot (if necessary) and explicitly + trigger autorelabel for the new snapshot + +------------------------------------------------------------------- +Fri Mar 5 13:35:22 UTC 2021 - Fabian Vogt <fv...@suse.com> + +- Expand and clarify README + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ README ++++++ --- /var/tmp/diff_new_pack.Putw5k/_old 2021-06-19 23:03:55.899753790 +0200 +++ /var/tmp/diff_new_pack.Putw5k/_new 2021-06-19 23:03:55.903753796 +0200 @@ -19,11 +19,25 @@ It expects a directory "combustion" at the root level of the filesystem and a file "script" inside, which is executed inside a transactional-update shell. + <root directory> + ????????? combustion + ??? ????????? script + ??? ????????? ... other files + ????????? ignition (optional) + ????????? config.ign + If a QEMU fw_cfg blob with the name "opt/org.opensuse.combustion/script" is found, it is preferred and the content of that is used as script. Example parameter for QEMU: -fw_cfg name=opt/org.opensuse.combustion/script,file=/var/combustion-script +You can do everything necessary for initial system configuration from this +script, including addition of ssh keys, adding users, changing passwords +or even doing partitioning changes. + +Simple example +-------------- + Example for formatting a USB drive and adding a config, which installs the "vim-small" package and creates a /root/welcome file: @@ -43,12 +57,34 @@ umount /mnt ``` -The "# combustion: network" comment indicates that network needs to be -configured before running the script. +The "# combustion: network" comment triggers networking initialization before +running the script. This is equivalent to passing "rd.neednet=1" on the kernel +cmdline and so the network configuration parameters (man dracut.cmdline) apply +here as well. If those aren't specified, it defaults to "ip=dhcp" for each +available interface. -You can do everything necessary for initial system configuration from this -script, including addition of ssh keys, adding users, changing passwords -or even doing partitioning changes. +More complex configuration example +---------------------------------- + +This script additionally provides visible feedback during boot, sets a password +and copies a public ssh key (which has to be in the "combustion" folder). + +``` +#!/bin/bash +# combustion: network +# Redirect output to the console +exec > >(exec tee -a /dev/tty0) 2>&1 +# Set a password for root, generate the hash with "openssl passwd -6" +echo 'root:$5$.wn2BZHlEJ5R3B1C$TAHEchlU.h2tvfOpOki54NaHpGYKwdNhjaBuSpDotD7' | chpasswd -e +# Add a public ssh key and enable sshd +mkdir -pm700 /root/.ssh/ +cat id_rsa_new.pub >> /root/.ssh/authorized_keys +systemctl enable sshd.service +# Install vim-small +zypper --non-interactive install vim-small +# Leave a marker +echo "Configured with combustion" > /etc/issue.d/combustion +``` How it works ------------ ++++++ combustion ++++++ --- /var/tmp/diff_new_pack.Putw5k/_old 2021-06-19 23:03:55.911753808 +0200 +++ /var/tmp/diff_new_pack.Putw5k/_new 2021-06-19 23:03:55.915753814 +0200 @@ -106,6 +106,14 @@ exit 1 fi +# Have to take care of x-initrd.mount first and from the outside +awk '$4 ~ /x-initrd.mount/ { system("findmnt /sysroot" $2 " >/dev/null || mount -t " $3 " -o " $4 " " $1 " /sysroot" $2) }' /sysroot/etc/fstab + +# Make sure the old snapshot is relabeled too, otherwise syncing its /etc fails. +if [ -e /sysroot/etc/selinux/.autorelabel ]; then + NEWROOT=/sysroot bash -c '. /lib/dracut-lib.sh; . /lib/dracut/hooks/pre-pivot/50-selinux-microos-relabel.sh' +fi + # Prepare chroot for i in proc sys dev; do mount --rbind /$i /sysroot/$i @@ -113,8 +121,6 @@ mount --make-rslave /sysroot # Mount everything we can, errors deliberately ignored -# Have to take care of x-initrd.mount first and from the outside -awk '$4 ~ /x-initrd.mount/ { system("findmnt /sysroot" $2 " >/dev/null || mount -t " $3 " -o " $4 " " $1 " /sysroot" $2) }' /sysroot/etc/fstab chroot /sysroot mount -a || true # t-u needs writable /var/run and /tmp findmnt /sysroot/run >/dev/null || mount -t tmpfs tmpfs /sysroot/run @@ -150,6 +156,9 @@ chroot /sysroot transactional-update --no-selfupdate rollback exit 1 fi + + # Snapshot got touched while the policy isn't active, needs relabeling again. + [ -e /sysroot/etc/selinux/.relabelled ] && >> /sysroot/etc/selinux/.autorelabel else mount -o remount,rw /sysroot if ! chroot /sysroot sh -e -c "cd '${config_dir}'; chmod a+x script; ./script"; then