and some more changes. fleshed out default/distributed ini file.
This commit is contained in:
parent
770293e2d8
commit
22c1f73e12
1
TODO
1
TODO
@ -1,4 +1,3 @@
|
|||||||
- maybe use ZConfig? https://pypi.python.org/pypi/ZConfig
|
- maybe use ZConfig? https://pypi.python.org/pypi/ZConfig
|
||||||
- templating via jinja2:
|
- templating via jinja2:
|
||||||
-- for VERSION_INFO.txt
|
|
||||||
-- for syslinux/isolinux configs
|
-- for syslinux/isolinux configs
|
||||||
|
@ -18,7 +18,7 @@ import pychroot
|
|||||||
# namespace.mountpoints = {}
|
# namespace.mountpoints = {}
|
||||||
# namespace.mountpoints.update(values)
|
# namespace.mountpoints.update(values)
|
||||||
|
|
||||||
def chroot(chrootdir, chroot_hostname, cmd):
|
def chroot(chrootdir, chroot_hostname, cmd = '/root/pre-build.sh'):
|
||||||
# MOUNT the chroot
|
# MOUNT the chroot
|
||||||
mountpoints = psutil.disk_partitions(all = True)
|
mountpoints = psutil.disk_partitions(all = True)
|
||||||
mounts = []
|
mounts = []
|
||||||
|
8
extra/bin/hashgen.py
Executable file
8
extra/bin/hashgen.py
Executable file
@ -0,0 +1,8 @@
|
|||||||
|
#!/bin/env python3
|
||||||
|
import crypt
|
||||||
|
import getpass
|
||||||
|
|
||||||
|
password = getpass.getpass("\nWhat password would you like to hash/salt?\n(NOTE: will NOT echo back!)\n")
|
||||||
|
salt = crypt.mksalt(crypt.METHOD_SHA512)
|
||||||
|
salthash = crypt.crypt(password, salt)
|
||||||
|
print("\nYour salted hash is:\n\t{0}\n".format(salthash))
|
388
extra/dist.build.ini
Normal file
388
extra/dist.build.ini
Normal file
@ -0,0 +1,388 @@
|
|||||||
|
###########################################################
|
||||||
|
## BUILD.CONF SAMPLE FILE ##
|
||||||
|
###########################################################
|
||||||
|
#
|
||||||
|
# This file is used to define various variables/settings
|
||||||
|
# used by the build script.
|
||||||
|
#
|
||||||
|
# It is well-commented, and uses INI syntax.
|
||||||
|
# See https://wiki.python.org/moin/ConfigParserExamples
|
||||||
|
# for some advanced features if you would like to use
|
||||||
|
# them.
|
||||||
|
# Blank lines are ignored. Section integrity is important.
|
||||||
|
# #- and ;-prefixed lines are comments and are not parsed.
|
||||||
|
# If restrictions on input are present, they will be
|
||||||
|
# given in a numerical list.
|
||||||
|
|
||||||
|
#---------------------------------------------------------#
|
||||||
|
# This section controls some aspects about the live
|
||||||
|
# environment itself.
|
||||||
|
#---------------------------------------------------------#
|
||||||
|
[bdisk]
|
||||||
|
|
||||||
|
; The name of the project. If you roll your own and don't
|
||||||
|
; want it called the default, here's where you change it.
|
||||||
|
; 0.) Alphanumeric only
|
||||||
|
; 1.) 8 characters total or less
|
||||||
|
; 2.) No whitespace
|
||||||
|
; 3.) ASCII *only*
|
||||||
|
; 4.) Will be converted to uppercase if it isn't already
|
||||||
|
name = BDISK
|
||||||
|
|
||||||
|
; This is used for filenames, etc.
|
||||||
|
; I highly recommend it be the same as 'name', but
|
||||||
|
; lowercase.
|
||||||
|
; 0.) Alphanumeric only
|
||||||
|
; 1.) No whitespace
|
||||||
|
; 2.) ASCII *only*
|
||||||
|
; 3.) Will be converted to lowercase if it isn't already
|
||||||
|
uxname = bdisk
|
||||||
|
|
||||||
|
; This string is used for "pretty-printing" of the name.
|
||||||
|
; 0.) Can contain whitespace
|
||||||
|
; 1.) Can be mixed-case, uppercase, or lowercase
|
||||||
|
; 2.) ASCII *only*
|
||||||
|
pname = BDisk
|
||||||
|
|
||||||
|
; Your/your organization's name.
|
||||||
|
; The same rules as 'pname' apply:
|
||||||
|
; 0.) Can contain whitespace
|
||||||
|
; 1.) Can be mixed-case, uppercase, or lowercase
|
||||||
|
; 2.) ASCII *only*
|
||||||
|
dev = r00t^2
|
||||||
|
|
||||||
|
; What this distribution/project is used for.
|
||||||
|
; 0.) Can contain whitespace
|
||||||
|
; 1.) Can be mixed-case, uppercase, or lowercase
|
||||||
|
; 2.) ASCII *only*
|
||||||
|
desc = j00 got 0wnz0r3d lulz.
|
||||||
|
|
||||||
|
; Should the root user have a password? IF THIS IS NOT SET,
|
||||||
|
; PASSWORD LOGIN WILL BE DISABLED!
|
||||||
|
; If you wish to have a blank password, use the string:
|
||||||
|
; BLANK
|
||||||
|
; Do NOT use a plaintext password here. You will need to
|
||||||
|
; generate a salted and hashed string in a
|
||||||
|
; shadow-compatible format.
|
||||||
|
; If you need help generating one, see docs/HOWTO.hashgen.
|
||||||
|
; If an assistance script is available, the path will be given
|
||||||
|
; (i.e. extras/bin/hashgen.py).
|
||||||
|
;
|
||||||
|
; Note that if you want an automatic login, this is NOT where
|
||||||
|
; it would be set. It should instead be controlled via:
|
||||||
|
; overlay/etc/systemd/system/getty@ttyN.service.d/autologin.conf
|
||||||
|
; In the following format:
|
||||||
|
; [Service]
|
||||||
|
; Type=idle
|
||||||
|
; ExecStart=
|
||||||
|
; ExecStart=-/usr/bin/agetty --autologin <USERNAME> --noclear %I 38400 linux
|
||||||
|
;(where N is the TTY number). Alternatively, if booting to a GUI,
|
||||||
|
; it can be set as according to that GUI (e.g. for LXDE,
|
||||||
|
; overlay/etc/lxdm/lxdm.conf, "autologin=<USERNAME>")
|
||||||
|
root_password =
|
||||||
|
|
||||||
|
; Should we create a non-root user on the image?
|
||||||
|
; Note that this user has full sudo access.
|
||||||
|
; 0.) Only accepts (case-insensitive):
|
||||||
|
; yes|no
|
||||||
|
; true|false
|
||||||
|
; 1|0
|
||||||
|
; If it is undefined/commented out, it is assumed to be no.
|
||||||
|
user = yes
|
||||||
|
|
||||||
|
|
||||||
|
#---------------------------------------------------------#
|
||||||
|
# This section controls aspects about bdisk:user.
|
||||||
|
# Only used if bdisk:user set to True/yes/etc.
|
||||||
|
#---------------------------------------------------------#
|
||||||
|
[user]
|
||||||
|
|
||||||
|
; What username should we use for the live system?
|
||||||
|
; Standard *nix username rules apply:
|
||||||
|
; 0.) ASCII only
|
||||||
|
; 1.) 32 characters or less
|
||||||
|
; 2.) Alphanumeric only
|
||||||
|
; 3.) Lowercase only
|
||||||
|
; 4.) No whitespace
|
||||||
|
; 5.) Cannot start with a number
|
||||||
|
username = ${bdisk:uxname}
|
||||||
|
|
||||||
|
; What comment/description should be used for the user?
|
||||||
|
; See passwd(5) if you need details on this.
|
||||||
|
; 0.) ASCII only
|
||||||
|
name = Default user
|
||||||
|
|
||||||
|
; What password should be set for the user, if any?
|
||||||
|
; See bdisk:root_password for how to generate this.
|
||||||
|
; DO NOT PUT A PLAINTEXT PASSWORD HERE.
|
||||||
|
password =
|
||||||
|
|
||||||
|
#---------------------------------------------------------#
|
||||||
|
# This section controls some aspects about the host
|
||||||
|
# and things like filesystem paths, etc.
|
||||||
|
#---------------------------------------------------------#
|
||||||
|
[build]
|
||||||
|
|
||||||
|
; Where is the base of the BDisk project located?
|
||||||
|
; In other words, if you cloned BDisk from git,
|
||||||
|
; what is BDisk's working tree directory?
|
||||||
|
; 0.) No whitespace
|
||||||
|
; 1.) Must exist and be populated with the BDisk's files
|
||||||
|
basedir = /opt/dev/bdisk
|
||||||
|
|
||||||
|
; This is the output directory of the ISO files when
|
||||||
|
; done building. This should not be checked into git.
|
||||||
|
; (The files will be very big!)
|
||||||
|
; 0.) No whitespace
|
||||||
|
; 1.) Will be created if it doesn't exist
|
||||||
|
isodir = ${basedir}/iso
|
||||||
|
|
||||||
|
; This is a directory where we should save extra
|
||||||
|
; source code we download (if we need it).
|
||||||
|
; 0.) No whitespace
|
||||||
|
; 1.) Will be created if it doesn't exist, and is needed
|
||||||
|
srcdir = ${basedir}/extrasrc
|
||||||
|
|
||||||
|
; What directory should we use for staging?
|
||||||
|
; 0.) No whitespace
|
||||||
|
; 1.) Will be created if it doesn't exist
|
||||||
|
tempdir = ${basedir}/temp
|
||||||
|
|
||||||
|
; Where should we stage the boot files?
|
||||||
|
; This should not be the same dir as other options!
|
||||||
|
; The default is recommended.
|
||||||
|
; 0.) No whitespace
|
||||||
|
; 1.) Will be created if it doesn't exist
|
||||||
|
archboot = ${tempdir}/${bdisk:name}
|
||||||
|
|
||||||
|
; What directory/path should we use as a base
|
||||||
|
; directory for mountpoints?
|
||||||
|
; 0.) No whitespace
|
||||||
|
; 1.) Will be created if it doesn't exist
|
||||||
|
mountpt = /mnt/${bdisk:uxname}
|
||||||
|
|
||||||
|
; Should we build a multiarch image? That is to say, the
|
||||||
|
; same ISO file can be used for both i686 and x86_64.
|
||||||
|
; 0.) Only accepts (case-insensitive):
|
||||||
|
; yes|no
|
||||||
|
; true|false
|
||||||
|
; 1|0
|
||||||
|
; If it is undefined/commented out, it is assumed to be no.
|
||||||
|
multiarch = yes
|
||||||
|
|
||||||
|
; Would you like to enable iPXE functionality?
|
||||||
|
; Note that this has no bearing on the 'sync' sections,
|
||||||
|
; so one can build e.g. only http files.
|
||||||
|
; 0.) Only accepts (case-insensitive):
|
||||||
|
; yes|no
|
||||||
|
; true|false
|
||||||
|
; 1|0
|
||||||
|
; If it is undefined/commented out, it is assumed to be no.
|
||||||
|
ipxe = yes
|
||||||
|
|
||||||
|
; This option should only be enabled if you are on a fairly
|
||||||
|
; powerful, multicore system with plenty of RAM.
|
||||||
|
; It will speed the build process along, but will have
|
||||||
|
; some seriously adverse effects if your system
|
||||||
|
; can't handle it.
|
||||||
|
; Most modern systems should be fine with leaving it enabled.
|
||||||
|
; 0.) Only accepts (case-insensitive):
|
||||||
|
; yes|no
|
||||||
|
; true|false
|
||||||
|
; 1|0
|
||||||
|
; If it is undefined/commented out, it is assumed to be no.
|
||||||
|
i_am_a_racecar = yes
|
||||||
|
|
||||||
|
|
||||||
|
#---------------------------------------------------------#
|
||||||
|
# This section controls what we should do with the
|
||||||
|
# resulting build and how to handle uploads, if we
|
||||||
|
# choose to use those features.
|
||||||
|
#---------------------------------------------------------#
|
||||||
|
[sync]
|
||||||
|
|
||||||
|
; Should we generate/prepare HTTP files?
|
||||||
|
; This is mostly only useful if you plan on using iPXE.
|
||||||
|
; However, it can also include the built ISO file(s).
|
||||||
|
; 0.) Only accepts (case-insensitive):
|
||||||
|
; yes|no
|
||||||
|
; true|false
|
||||||
|
; 1|0
|
||||||
|
; If it is undefined/commented out, it is assumed to be no.
|
||||||
|
http = yes
|
||||||
|
|
||||||
|
; Should we generate/prepare TFTP files?
|
||||||
|
; This is mostly only useful if you plan on using more
|
||||||
|
; traditional (non-iPXE) setups and regualar PXE
|
||||||
|
; bootstrapping into iPXE.
|
||||||
|
; 0.) Only accepts (case-insensitive):
|
||||||
|
; yes|no
|
||||||
|
; true|false
|
||||||
|
; 1|0
|
||||||
|
; If it is undefined/commented out, it is assumed to be no.
|
||||||
|
tftp = yes
|
||||||
|
|
||||||
|
; Enable automatic Git pushing for any changes done to the
|
||||||
|
; project itself?
|
||||||
|
; If you don't have upstream write access, you'll want to
|
||||||
|
; set this to False.
|
||||||
|
; 0.) Only accepts (case-insensitive):
|
||||||
|
; yes|no
|
||||||
|
; true|false
|
||||||
|
; 1|0
|
||||||
|
; If it is undefined/commented out, it is assumed to be no.
|
||||||
|
git = yes
|
||||||
|
|
||||||
|
; Enable rsync pushing for the ISO (and other files, if
|
||||||
|
; you choose- useful for iPXE over HTTP(S)).
|
||||||
|
rsync = yes
|
||||||
|
|
||||||
|
|
||||||
|
#---------------------------------------------------------#
|
||||||
|
# This section controls details about HTTP file preparation/
|
||||||
|
# generation. Only used if sync:http = True (or
|
||||||
|
# 'yes', etc.)
|
||||||
|
#---------------------------------------------------------#
|
||||||
|
[http]
|
||||||
|
|
||||||
|
; This directory is where to build an HTTP webroot.
|
||||||
|
; 0.) No whitespace
|
||||||
|
; 1.) If blank, HTTP preparation/generation will not be done
|
||||||
|
; 2.) If specified, it will be created if it doesn't exist
|
||||||
|
path = ${build:basedir}/http
|
||||||
|
|
||||||
|
; What user and group, if applicable, should the HTTP files
|
||||||
|
; be owned as? This is most likely going to be either 'http',
|
||||||
|
; 'nginx', or 'apache'.
|
||||||
|
; 0.) No whitespace
|
||||||
|
; 1.) User must exist on system
|
||||||
|
; 2.) If sync:httpdir is blank, they will not be used
|
||||||
|
user = http
|
||||||
|
group = http
|
||||||
|
|
||||||
|
|
||||||
|
#---------------------------------------------------------#
|
||||||
|
# This section controls details about TFTP file
|
||||||
|
# preparation/generation. Only used if
|
||||||
|
# sync:tftp = True (or 'yes', etc.)
|
||||||
|
#---------------------------------------------------------#
|
||||||
|
[tftp]
|
||||||
|
|
||||||
|
; The directory where we want to build a TFTP root.
|
||||||
|
; 0.) No whitespace
|
||||||
|
; 1.) If blank, TFTP preparation/generation will not be done
|
||||||
|
; 2.) If specified, it will be created if it doesn't exist
|
||||||
|
path = ${build:basedir}/tftpboot
|
||||||
|
|
||||||
|
; What user and group, if applicable, should the TFTP files
|
||||||
|
; be owned as? This is most likely going to be either
|
||||||
|
; 'tftp' or 'root'.
|
||||||
|
; 0.) No whitespace
|
||||||
|
; 1.) User must exist on system
|
||||||
|
; 2.) If sync:tftpdir is blank, they will not be used
|
||||||
|
user = root
|
||||||
|
group = root
|
||||||
|
|
||||||
|
|
||||||
|
#---------------------------------------------------------#
|
||||||
|
# This section controls aspects of iPXE building. Only used
|
||||||
|
# if build:ipxe = True (or 'yes', etc.)
|
||||||
|
#---------------------------------------------------------#
|
||||||
|
[ipxe]
|
||||||
|
|
||||||
|
; Build a "mini-ISO"; that is, an ISO file that can be used
|
||||||
|
; to bootstrap an iPXE environment (so you don't need
|
||||||
|
; to set up a traditional PXE environment on your LAN).
|
||||||
|
;We'll still build a full standalone ISO no matter what.
|
||||||
|
; 0.) Only accepts (case-insensitive):
|
||||||
|
; yes|no
|
||||||
|
; true|false
|
||||||
|
; 1|0
|
||||||
|
; If it is undefined/commented out, it is assumed to be no.
|
||||||
|
iso = yes
|
||||||
|
|
||||||
|
; Build a "mini-USB" image? Same concept as the ISO file
|
||||||
|
; but this can be dd'd onto a USB thumbdrive for the
|
||||||
|
; same effect.
|
||||||
|
usb = yes
|
||||||
|
|
||||||
|
; What URI should iPXE's EMBED script use?
|
||||||
|
; DO NOT USE A ',' (comma); instead, replace it with:
|
||||||
|
; %%COMMA%%
|
||||||
|
; If you require HTTP BASIC Authentication or HTTP Digest
|
||||||
|
; Authentication (untested), you can format it via the
|
||||||
|
; following:
|
||||||
|
;
|
||||||
|
; https://user:password@domain.tld/page.php
|
||||||
|
;
|
||||||
|
; This currently does not work for HTTPS with self-signed
|
||||||
|
; certificates.
|
||||||
|
; 0.) REQUIRED if iso and/or usb is set to True/yes/etc.
|
||||||
|
; 1.) Must be a valid URI understood by minimal versions
|
||||||
|
; of curl.
|
||||||
|
uri = https://bdisk.square-r00t.net
|
||||||
|
|
||||||
|
; Path to the (root) CA certificate file iPXE should use.
|
||||||
|
; Note that you can use your own CA to sign existing certs.
|
||||||
|
; See http://ipxe.org/crypto for more info. This is handy if
|
||||||
|
; you run a third-party/"Trusted" root-CA-signed
|
||||||
|
; certificate for the HTTPS target.
|
||||||
|
; 0.) No whitespace
|
||||||
|
; 1.) Must be in PEM/X509 format
|
||||||
|
; 2.) REQUIRED if iso and/or usb is set to True/yes/etc.
|
||||||
|
; 3.) If specified, a matching key (ssl_cakey) MUST be
|
||||||
|
; specified
|
||||||
|
; 4.) HOWEVER, if left blank, one will be automatically
|
||||||
|
; generated
|
||||||
|
ssl_ca =
|
||||||
|
|
||||||
|
; Path to the (root) CA key file iPXE should use.
|
||||||
|
; 0.) No whitespace
|
||||||
|
; 1.) Must be in PEM/X509 format
|
||||||
|
; 2.) REQUIRED if iso and/or usb is set to True/yes/etc.
|
||||||
|
; 3.) If left blank (and ssl_ca is also blank),
|
||||||
|
; one will be automatically generated
|
||||||
|
; 4.) MUST match ssl_ca if specified
|
||||||
|
; 5.) MUST NOT be passphrase-protected
|
||||||
|
ssl_cakey =
|
||||||
|
|
||||||
|
; Path to the CLIENT certificate iPXE should use.
|
||||||
|
; 0.) No whitespace
|
||||||
|
; 1.) Must be in PEM/X509 format
|
||||||
|
; 2.) REQUIRED if iso and/or usb is set to True/yes/etc.
|
||||||
|
; 3.) If unspecified, a CA cert (ssl_ca) and key
|
||||||
|
; (ssl_cakey) MUST be specified
|
||||||
|
; 4.) HOWEVER, if left blank one will be generated
|
||||||
|
; 5.) MUST be signed by ssl_ca/ssl_ca if specified
|
||||||
|
ssl_crt =
|
||||||
|
|
||||||
|
; Path to the CLIENT key iPXE should use.
|
||||||
|
; 0.) No whitespace
|
||||||
|
; 1.) Must be in PEM/X509 format
|
||||||
|
; 2.) REQUIRED if iso and/or usb is set to True/yes/etc.
|
||||||
|
; 4.) If left blank (and ssl_ca is also blank),
|
||||||
|
; one will be automatically generated
|
||||||
|
ssl_key =
|
||||||
|
|
||||||
|
|
||||||
|
#---------------------------------------------------------#
|
||||||
|
# This section controls aspects of rsync pushing. Only used
|
||||||
|
# if sync:rsync = True (or 'yes', etc.)
|
||||||
|
#---------------------------------------------------------#
|
||||||
|
[rsync]
|
||||||
|
|
||||||
|
; This is the rsync destination host.
|
||||||
|
host = bdisk.square-r00t.net
|
||||||
|
|
||||||
|
; This is the remote user we should use when performing the
|
||||||
|
; rsync push.
|
||||||
|
user = root
|
||||||
|
|
||||||
|
; This is the remote destination path we should use for
|
||||||
|
; pushing via rsync.
|
||||||
|
; 0.) No whitespace
|
||||||
|
; 1.) The path MUST exist on the remote host
|
||||||
|
; 2.) The path MUST be writable by rsync:user
|
||||||
|
; RECOMMENDED: you'll probably want to set http:(user|group)
|
||||||
|
; to what it'll need to be on the destination.
|
||||||
|
path = /srv/http/${bdisk:uxname}_ipxe
|
Loading…
Reference in New Issue
Block a user