r00t2/bdisk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Activity

WHEW. booting now all fixed for all implementations. can probably get that iPXE image smaller, though.

Browse Source
This commit is contained in:
brent s. 2016-12-23 16:40:38 -05:00
parent e1e464d5c5
commit 764ba2f8d0
10 changed files with 124 additions and 909 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
bdisk/build.py
View File

@ -136,14 +136,20 @@ def genUEFI(build, bdisk):
fname = 'bootx64.efi'
else:
fname = f
if not os.path.isfile(prepdir + '/EFI/boot/' + fname):
shutil.copy2('{0}/root.x86_64/usr/share/efitools/efi/{1}'.format(chrootdir, f),
'{0}/EFI/boot/{1}'.format(prepdir, fname))
with open('{0}/root.x86_64/usr/share/efitools/efi/{1}'.format(
chrootdir,
f),
'rb') as r:
with open('{0}/EFI/boot/{1}'.format(prepdir, fname), 'wb') as file:
file.write(r.read())
# And we also need the systemd efi bootloader.
if os.path.isfile(prepdir + '/EFI/boot/loader.efi'):
os.remove(prepdir + '/EFI/boot/loader.efi')
shutil.copy2(chrootdir + '/root.x86_64/usr/lib/systemd/boot/efi/systemd-bootx64.efi',
prepdir + '/EFI/boot/loader.efi')
with open('{0}/root.x86_64/usr/lib/systemd/boot/efi/systemd-bootx64.efi'.format(
chrootdir),
'rb') as r:
with open('{0}/EFI/boot/loader.efi'.format(prepdir), 'wb') as file:
file.write(r.read())
# And the accompanying configs for the systemd efi bootloader, too.
tpl_loader = jinja2.FileSystemLoader(templates_dir)
env = jinja2.Environment(loader = tpl_loader)
@ -166,9 +172,9 @@ def genUEFI(build, bdisk):
f.write(tpl_out)
# And we need to get filesizes (in bytes) for everything we need to include in the ESP.
# This is more important than it looks.
#sizetotal = 33553920 # The spec'd EFI binary size (32MB). It's okay to go over this though (and we do)
sizetotal = 33553920 # The spec'd EFI binary size (32MB). It's okay to go over this though (and we do)
# because xorriso sees it as a filesystem image and adjusts the ISO automagically.
sizetotal = 2097152 # we start with 2MB and add to it for wiggle room
#sizetotal = 2097152 # we start with 2MB and add to it for wiggle room
sizefiles = ['/boot/' + bdisk['uxname'] + '.64.img',
'/boot/' + bdisk['uxname'] + '.64.kern',
'/EFI/boot/bootx64.efi',
@ -235,10 +241,8 @@ def genUEFI(build, bdisk):
if os.path.isfile(z):
os.remove(z)
shutil.copy(y, z)
#shutil.copy2('{0}/root.{1}/boot/vmlinuz-linux-{2}'.format(chrootdir, 'x86_64', bdisk['name']),
shutil.copy2('{0}/root.{1}/boot/vmlinuz-linux'.format(chrootdir, 'x86_64'),
'{0}/EFI/{1}/{2}.efi'.format(mountpt, bdisk['name'], bdisk['uxname']))
#shutil.copy2('{0}/root.{1}/boot/initramfs-linux-{2}.img'.format(chrootdir, 'x86_64', bdisk['name']),
shutil.copy2('{0}/root.{1}/boot/initramfs-linux.img'.format(chrootdir, 'x86_64'),
'{0}/EFI/{1}/{2}.img'.format(mountpt, bdisk['name'], bdisk['uxname']))
# TODO: support both arch's as EFI bootable instead? Maybe? requires more research. very rare.

39
bdisk/ipxe.py
View File

@ -133,8 +133,8 @@ def genISO(conf):
os.makedirs(os.path.dirname(efiboot_img), exist_ok = True) # FAT32 embedded EFI dir
os.makedirs('{0}/EFI/boot'.format(bootdir), exist_ok = True) # EFI bootloader binary dir
# Inner dir (miniboot.img file)
sizetotal = 2097152 # 2MB wiggle room. increase this if we add IA64.
#sizetotal = 34603008 # 33MB wiggle room. increase this if we add IA64.
#sizetotal = 2097152 # 2MB wiggle room. increase this if we add IA64.
sizetotal = 34603008 # 33MB wiggle room. increase this if we add IA64.
sizetotal += os.path.getsize(innerefi64)
sizefiles = ['HashTool', 'PreLoader']
for f in sizefiles:
@ -161,7 +161,7 @@ def genISO(conf):
cmd = ['/bin/mount', efiboot_img, mountpt]
subprocess.call(cmd)
os.makedirs(mountpt + '/EFI/boot', exist_ok = True) # "Inner" (EFI image)
os.makedirs('{0}/EFI/{1}'.format(mountpt, bdisk['name']), exist_ok = True) # "Inner" (EFI image)
#os.makedirs('{0}/EFI/{1}'.format(mountpt, bdisk['name']), exist_ok = True) # "Inner" (EFI image)
os.makedirs('{0}/boot'.format(bootdir), exist_ok = True) # kernel(s)
os.makedirs('{0}/loader/entries'.format(bootdir), exist_ok = True) # EFI
for d in (mountpt, bootdir):
@ -171,19 +171,24 @@ def genISO(conf):
fname = 'bootx64.efi'
else:
fname = f
if not os.path.isfile('{0}/EFI/boot/{1}'.format(mountpt, fname)):
shutil.copy2('{0}/root.x86_64/usr/share/efitools/efi/{1}'.format(chrootdir, f),
'{0}/EFI/boot/{1}'.format(mountpt, fname))
if not os.path.isfile('{0}/EFI/boot/{1}'.format(bootdir, f)):
shutil.copy2('{0}/root.x86_64/usr/share/efitools/efi/{1}'.format(chrootdir, f),
'{0}/EFI/boot/{1}'.format(bootdir, fname))
# And the systemd efi bootloader.
if not os.path.isfile('{0}/EFI/boot/loader.efi'.format(mountpt)):
shutil.copy2('{0}/root.x86_64/usr/lib/systemd/boot/efi/systemd-bootx64.efi'.format(chrootdir),
'{0}/EFI/boot/loader.efi'.format(mountpt))
if not os.path.isfile('{0}/EFI/boot/loader.efi'.format(bootdir)):
shutil.copy2('{0}/root.x86_64/usr/lib/systemd/boot/efi/systemd-bootx64.efi'.format(chrootdir),
'{0}/EFI/boot/loader.efi'.format(bootdir))

with open('{0}/root.x86_64/usr/share/efitools/efi/{1}'.format(
chrootdir,f),
'rb') as r:
with open('{0}/EFI/boot/{1}'.format(mountpt, fname), 'wb') as file:
file.write(r.read())
with open('{0}/root.x86_64/usr/share/efitools/efi/{1}'.format(
chrootdir, f),
'rb') as r:
with open('{0}/EFI/boot/{1}'.format(bootdir, fname), 'wb+') as file:
file.write(r.read())
# And the systemd efi bootloader.
with open('{0}/root.x86_64/usr/lib/systemd/boot/efi/systemd-bootx64.efi'.format(
chrootdir),
'rb') as r:
with open('{0}/EFI/boot/loader.efi'.format(mountpt), 'wb+') as f:
f.write(r.read())

# And loader entries.
os.makedirs('{0}/loader/entries'.format(mountpt, exist_ok = True))
for t in ('loader', 'base'):
@ -202,7 +207,7 @@ def genISO(conf):
# Outer dir
outerdir = True
os.makedirs('{0}/isolinux'.format(bootdir), exist_ok = True) # BIOS
# and we create the loader entries (outer)
# Loader entries (outer)
for t in ('loader','base'):
if t == 'base':
name = bdisk['uxname']

1
docs/manual/USER.adoc
View File

@ -21,4 +21,5 @@ include::user/GETTING_STARTED.adoc[]
include::user/IMPORTANT_CONCEPTS.adoc[]
include::user/PROJECT_LAYOUT.adoc[]
include::user/BUILDINI.adoc[]
include::user/ADVANCED.adoc[]


2
docs/manual/user/ADVANCED.adoc Normal file
View File

@ -0,0 +1,2 @@
== Advanced Customization
If the <<_the_code_build_ini_code_file,`build.ini` file>> doesn't provide enough customization to your liking, I don't blame you! It was designed only to provide the most basic control and is primarily only used to control the build process itself.

75
docs/manual/user/BUILDINI.adoc
View File

@ -1,4 +1,4 @@
== The `build.ini` file
== The `build.ini` File
This file is where you can specify some of the very basics of BDisk building. It allows you to specify/define certain variables and settings used by the build process. It uses https://docs.python.org/3/library/configparser.html[ConfigParser^] for the parsing engine, and you can do some https://wiki.python.org/moin/ConfigParserExamples[more advanced^] things with it than I demonstrate in the default.

It's single-level, but divided into "sections". This is unfortunately a limitation of ConfigParser, but it should be easy enough to follow.
@ -510,4 +510,75 @@ Directory to hold SSL results, if we are generating keys, certificates, etc.
==== `ssl_ca`
Path to the (root) CA certificate file iPXE should use. See http://ipxe.org/crypto[iPXE's crypto page^] for more information.

NOTE: You can use your own CA to sign existing certs.
NOTE: You can use your own CA to sign existing certs. This is handy if you run a third-party/"Trusted" root-CA-signed certificate for the HTTPS target.

. No whitespace
. Must be in PEM/X509 format
. *Required* if <<__code_iso_code,`iso`>> is enabled
. If it exists, a matching key (ssl_cakey) *must* be specified
.. However, if left blank/doesn't exist, one will be automatically generated

==== `ssl_cakey`
Path to the (root) CA key file iPXE should use.

. No whitespace
. Must be in PEM/X509 format
. *Required* if <<__code_iso_code,`iso`>> is enabled
. If left blank or it doesn't exist (and <<__code_ssl_ca_code,`ssl_ca`>> is also blank), one will be automatically generated
. *Must* match/pair to <<__code_ssl_ca_code,`ssl_ca`>> if specified/exists
. MUST NOT be passphrase-protected/DES-encrypted

==== `ssl_crt`
Path to the _client_ certificate iPXE should use.

. No whitespace
. Must be in PEM/X509 format
. *Required* if <<__code_iso_code,`iso`>> is enabled
. If specified/existent, a matching CA cert (<<__code_ssl_ca_code,`ssl_ca`>>) and key (<<__code_ssl_cakey_code,`ssl_cakey`>>) *must* be specified
.. However, if left blank/doesn't exist, one will be automatically generated
. *Must* be signed by <<__code_ssl_ca_code,`ssl_ca`>>/<<__code_ssl_cakey_code,`ssl_cakey`>> if specified and already exists

==== `ssl_key`
Path to the _client_ key iPXE should use.

. No whitespace
. Must be in PEM/X509 format
. *Required* if <<__code_iso_code,`iso`>> is enabled
. If left blank/nonexistent (and <<__code_ssl_ca_code,`ssl_ca`>> is also blank), one will be automatically generated

=== `[rsync]`
This section controls aspects of rsync pushing. Only used if <<__code_rsync_code,`sync:rsync`>> is enabled.

==== `host`
The rsync destination host.

. Must resolve from the build server
. Can be host, FQDN, or IP address

==== `user`
This is the remote user we should use when performing the rsync push.

. User must exist on remote system
. SSH pubkey authorization must be configured
. The destination's hostkey must be added to your local build user's known hosts

==== `path`
This is the remote destination path we should use for pushing via rsync.


NOTE: You'll probably want to set *`http:user`* and *`group`* to what it'll need to be on the destination.

. No whitespace
. The path *must* exist on the remote host
. The path MUST be writable by <<__code_user_code_5,`user`>>

==== `iso`
Should we rsync over the ISO files too, or just the boot files?

[options="header"]
|======================
2+^|Accepts (case-insensitive) one of:
^m|yes ^m|no
^m|true ^m|false
^m|1 ^m|0
|======================

443
extra/dist.build.ini
View File

@ -5,515 +5,82 @@
# This file is used to define various variables/settings
# used by the build script.
#
# It is well-commented, and uses INI syntax.
# See https://wiki.python.org/moin/ConfigParserExamples
# for some advanced features if you would like to use
# them.
# Blank lines are ignored. Section integrity is important.
# #- and ;-prefixed lines are comments and are not parsed.
# If restrictions on input are present, they will be
# given in a numerical list.
# For full (perhaps overly-verbose ;) documentation, please
# see:
# https://bdisk.square-r00t.net/#_the_code_build_ini_code_file
# Or simply refer to the section titled "The build.ini File"
# in the user manual.

#---------------------------------------------------------#
# This section controls some aspects about the live
# environment itself.
#---------------------------------------------------------#
[bdisk]

; The name of the project. If you roll your own and don't
; want it called the default, here's where you change it.
; 0.) Alphanumeric only
; 1.) 8 characters total or less
; 2.) No whitespace
; 3.) ASCII *only*
; 4.) Will be converted to uppercase if it isn't already
name = BDISK

; This is used for filenames, etc.
; I highly recommend it be the same as 'name', but
; lowercase.
; 0.) Alphanumeric only
; 1.) No whitespace
; 2.) ASCII *only*
; 3.) Will be converted to lowercase if it isn't already
uxname = bdisk

; This string is used for "pretty-printing" of the name.
; 0.) Can contain whitespace
; 1.) Can be mixed-case, uppercase, or lowercase
; 2.) ASCII *only*
pname = BDisk

; What version is this?
; If we don't have a version specified here, we'll
; try to guess based on the current git commit in build:basedir.
; 0.) No whitespace
ver =

; Your/your organization's name.
; The same rules as 'pname' apply:
; 0.) Can contain whitespace
; 1.) Can be mixed-case, uppercase, or lowercase
; 2.) ASCII *only*
dev = r00t^2

; Your email address.
; This is only used for commit messages (sync:git),
; or GPG-signing the releases (see the associated build
; section items).
email = bts@square-r00t.net

; What this distribution/project is used for.
; 0.) Can contain whitespace
; 1.) Can be mixed-case, uppercase, or lowercase
; 2.) ASCII *only*
desc = j00 got 0wnz0r3d lulz.

; What is your livedistro's URL?
; 0.) Should be a valid URI understood by minimal versions
; of curl.
uri = https://bdisk.square-r00t.net

; Should the root user have a password? IF THIS IS NOT SET,
; PASSWORD LOGIN WILL BE DISABLED! If you wish to have a
; blank password, use the string:
; BLANK
; Do NOT use a plaintext password here. You will need to
; generate a salted and hashed string in a shadow-compatible
; format. If you need help generating one, see docs/HOWTO.hashgen.
; If an assistance script is available, the path will be given
; (i.e. extras/bin/hashgen.py).
;
; Note that if you want an automatic login, this is NOT where it
; would be set. It should instead be controlled via:
; overlay/etc/systemd/system/getty@ttyN.service.d/autologin.conf
; In the following format:
; [Service]
; Type=idle
; ExecStart=
; ExecStart=-/usr/bin/agetty --autologin <USERNAME> --noclear %I 38400 linux
;(where N is the TTY number). Alternatively, if booting to a GUI, it
; can be set as according to that GUI (e.g. for LXDE,
; overlay/etc/lxdm/lxdm.conf, "autologin=<USERNAME>")
; 0.) MUST be a salted SHA512 string in shadow format
; 1.) ALL $'s (there should be three of them) MUST be escaped with a second $.
; e.g.: $6$aBcDeFgHiJ$ZxYw.... would become $$6$$aBcDeFgHiJ$$ZxYw...
root_password =

; Should we create a non-root user on the image?
; Note that this user has full sudo access.
; 0.) Only accepts (case-insensitive):
; yes|no
; true|false
; 1|0
; If it is undefined, it is assumed to be no.
user = yes


#---------------------------------------------------------#
# This section controls aspects about bdisk:user.
# Only used if bdisk:user set to True/yes/etc.
#---------------------------------------------------------#
[user]

; What username should we use for the live system?
; Standard *nix username rules apply:
; 0.) ASCII only
; 1.) 32 characters or less
; 2.) Alphanumeric only
; 3.) Lowercase only
; 4.) No whitespace
; 5.) Cannot start with a number
username = ${bdisk:uxname}

; What comment/description should be used for the user?
; See passwd(5) if you need details on this.
; 0.) ASCII only
name = Default user

; What password should be set for the user, if any?
; See bdisk:root_password for how to generate this.
; DO NOT PUT A PLAINTEXT PASSWORD HERE.
password =

#---------------------------------------------------------#
# This section controls some aspects about the host
# and things like filesystem paths, etc.
#---------------------------------------------------------#
[build]

; What is the mirror for your bootstrap tarball?
; It is *highly* recommended you use an Arch Linux tarball
; as the build process is highly specialized to this.
; 0.) No whitespace
; 1.) Must be accessible remotely (no local file paths)
mirror = mirror.us.leaseweb.net

; What is the protocol for the bootstrap mirror?
; 0.) Must be one of:
; http, https, ftp
mirrorproto = https

; What is the path to the tarball directory?
; 0.) Must be a complete path
; (e.g. /dir1/subdir1/subdir2/
; 1.) No whitespace
mirrorpath = /archlinux/iso/latest/

; What is the filename for the tarball found in the above?
; If left blank, we will use the sha1 checksum file to try
; to guess the most recent file.
mirrorfile =

; What is the path to a sha1 checksum file?
; 0.) No whitespace
; 1.) Must be the full path
; 2.) Don't include the mirror domain or protocol
mirrorchksum = ${mirrorpath}sha1sums.txt

; Optional GPG checking.
; If the file has a GPG signature file,
; we can use it for extra checking.
; If it's blank, GPG checking will be disabled.
; If you specify just '.sig' (or use the default
; and don't actually specify a mirrorfile),
; we'll try to guess based on the file from the sha1
; checksums. Note that this must evaluate to a full
; URL (e.g.:
; ${mirrorproto}://${mirror}${mirrorpath}somefile.sig)
; 0.) No whitespace (if specified)
; 1.) Must be the full path
mirrorgpgsig =

; What is a valid key ID that should be used to
; verify the tarballs?
; 0.) Only used if mirrorgpgsig is set
; 1.) Should be in the "shortform"
; (e.g. 7F2D434B9741E8AC)
gpgkey = 7F2D434B9741E8AC

; What is a valid keyserver we should use
; to fetch gpgkey?
; 0.) Only used if mirrorgpgsig is set
; 1.) The default (blank) is probably fine.
; If you don't specify a personal GPG config
; (under the gpg section), then you'll definitely probably
; want to leave this blank.
; 2.) If set, make sure you use a valid URI (e.g.:
; hkp://pgp.mit.edu )
gpgkeyserver =

; Should we sign our release files? (See the GPG section)
; 0.) Only accepts (case-insensitive):
; yes|no
; true|false
; 1|0
gpg = no

; Where should we save the bootstrap tarballs?
; 0.) No whitespace
; 1.) Will be created if it doesn't exist
dlpath = /var/tmp/${bdisk:uxname}

; Where should the bootstrap tarballs extract to and the
; chroots be built?
; 0.) No whitespace
; 1.) Will be created if it doesn't exist
chrootdir = /var/tmp/chroots

; Where is the base of the BDisk project located?
; In other words, if you cloned BDisk from git,
; what is BDisk's working tree directory?
; 0.) No whitespace
; 1.) Must exist and be populated with the BDisk's files
basedir = /opt/dev/bdisk

; This is the output directory of the ISO files when
; done building. This should not be checked into git.
; (The files will be very big!)
; 0.) No whitespace
; 1.) Will be created if it doesn't exist
isodir = ${dlpath}/iso

; This is a directory where we should save extra
; source code we download (if we need it).
; 0.) No whitespace
; 1.) Will be created if it doesn't exist, and is needed
srcdir = ${dlpath}/src

; What directory should we use for staging?
; 0.) No whitespace
; 1.) Will be created if it doesn't exist
prepdir = ${dlpath}/temp

; Where should we stage the boot files?
; This should not be the same dir as other options!
; The default is recommended.
; 0.) No whitespace
; 1.) Will be created if it doesn't exist
archboot = ${prepdir}/${bdisk:name}

; What directory/path should we use as a base
; directory for mountpoints?
; 0.) No whitespace
; 1.) Will be created if it doesn't exist
mountpt = /mnt/${bdisk:uxname}

; Should we build a multiarch image? That is to say, the
; same ISO file can be used for both i686 and x86_64.
; 0.) Only accepts (case-insensitive):
; yes/true (buld both i686, x86_64 in same image)
; no/false (build separate images, both arch's)
; i686 (ONLY build i686 architecture)
; x86_64 (ONLY build x86_64 architecture)
; If it is undefined, it is assumed to be no.
multiarch = yes

; Would you like to enable iPXE functionality?
; Note that this has no bearing on the 'sync' sections,
; so one can build e.g. only http files.
; 0.) Only accepts (case-insensitive):
; yes|no
; true|false
; 1|0
; If it is undefined, it is assumed to be no.
ipxe =

; This option should only be enabled if you are on a fairly
; powerful, multicore system with plenty of RAM. It will
; speed the build process along, but will have some
; seriously adverse effects if your system can't handle it.
; Most modern systems should be fine with leaving it enabled.
; 0.) Only accepts (case-insensitive):
; yes|no
; true|false
; 1|0
; If it is undefined, it is assumed to be no.
i_am_a_racecar = yes


#---------------------------------------------------------#
# This section controls settings for signing our release
# files. This is only used if build:gpg is
# yes/true/etc.
#---------------------------------------------------------#
[gpg]

; What is a valid key ID that we should use to
; *sign* our release files?
; 0.) You will be prompted for a passphrase if your
; key has one/you don't have an open and authorized
; gpg-agent session. Make sure you have a working
; pinentry configuration set up!
; 1.) If you leave this blank we will use the key
; we generate automatically earlier in the build
; process.
; 2.) We will generate one if this is blank and you
; have selected sign as yes.
mygpgkey =

; What directory should we use for the above GPG key?
; Make sure it contains your private key.
mygpghome =


#---------------------------------------------------------#
# This section controls what we should do with the
# resulting build and how to handle uploads, if we
# choose to use those features.
#---------------------------------------------------------#
[sync]

; Should we generate/prepare HTTP files?
; This is mostly only useful if you plan on using iPXE.
; However, it can also include the built ISO file(s).
; 0.) Only accepts (case-insensitive):
; yes|no
; true|false
; 1|0
; If it is undefined, it is assumed to be no.
http = no

; Should we generate/prepare TFTP files?
; This is mostly only useful if you plan on using more
; traditional (non-iPXE) setups and regualar PXE bootstrapping
; into iPXE.
; 0.) Only accepts (case-insensitive):
; yes|no
; true|false
; 1|0
; If it is undefined, it is assumed to be no.
tftp = no

; Enable automatic Git pushing for any changes done to the
; project itself? If you don't have upstream write access,
; you'll want to set this to False.
; 0.) Only accepts (case-insensitive):
; yes|no
; true|false
; 1|0
; If it is undefined, it is assumed to be no.
git = no

; Enable rsync pushing for the ISO (and other files, if
; you choose- useful for iPXE over HTTP(S)).
rsync = no


#---------------------------------------------------------#
# This section controls details about HTTP file preparation/
# generation. Only used if sync:http = True (or
# 'yes', etc.)
#---------------------------------------------------------#
[http]

; This directory is where to build an HTTP webroot.
; 0.) No whitespace
; 1.) If blank, HTTP preparation/generation will not be done
; 2.) If specified, it will be created if it doesn't exist
; 3.) If it does exist, it will be deleted first- MAKE SURE
; you do not store files here that you want to keep.
path = ${build:dlpath}/http

; What user and group, if applicable, should the HTTP files
; be owned as? This is most likely going to be either 'http',
; 'nginx', or 'apache'.
; 0.) No whitespace
; 1.) User must exist on system
; 2.) If path is blank, they will not be used
user = http
group = http


#---------------------------------------------------------#
# This section controls details about TFTP file
# preparation/generation. Only used if
# sync:tftp = True (or 'yes', etc.)
#---------------------------------------------------------#
[tftp]

; The directory where we want to build a TFTP root.
; 0.) No whitespace
; 1.) If blank, TFTP preparation/generation will not be done
; 2.) If specified, it will be created if it doesn't exist
; 3.) If it does exist, it will be deleted first- MAKE SURE
; you do not store files here that you want to keep.
path = ${build:dlpath}/tftpboot

; What user and group, if applicable, should the TFTP files
; be owned as? This is most likely going to be either 'tftp'
; or 'root'.
; 0.) No whitespace
; 1.) User must exist on system
; 2.) If sync:tftp is blank, they will not be used
user = root
group = root


#---------------------------------------------------------#
# This section controls aspects of iPXE building. Only used
# if build:ipxe = True (or 'yes', etc.)
#---------------------------------------------------------#
[ipxe]

; Build a "mini-ISO"; that is, an ISO file that can be used
; to bootstrap an iPXE environment (so you don't need to set
; up a traditional PXE environment on your LAN). We'll still
; build a full standalone ISO no matter what.
; 0.) Only accepts (case-insensitive):
; yes|no
; true|false
; 1|0
; 1.) Requires actual git to be installed.
; If it is undefined, it is assumed to be no.
iso = no

; What URI should iPXE's EMBED script use?
; If you require HTTP BASIC Authentication or HTTP Digest
; Authentication (untested), you can format it via:
;
; https://user:password@domain.tld/page.php
;
; This currently does not work for HTTPS with self-signed
; certificates.
; 0.) REQUIRED if iso and/or usb is set to True/yes/etc.
; 1.) Must be a valid URI understood by minimal versions
; of curl.
uri = https://bdisk.square-r00t.net

; Directory to hold SSL results, if we are generating
; keys, certificates, etc.
ssldir = ${build:dlpath}/ssl

; Path to the (root) CA certificate file iPXE should use.
; Note that you can use your own CA to sign existing certs.
; See http://ipxe.org/crypto for more info. This is handy if
; you run a third-party/"Trusted" root-CA-signed certificate
; for the HTTPS target.
; 0.) No whitespace
; 1.) Must be in PEM/X509 format
; 2.) REQUIRED if iso and/or usb is set to True/yes/etc.
; 3.) If it exists, a matching key (ssl_cakey) MUST be
; specified
; 4.) HOWEVER, if left blank/doesn't exist, one will be
; automatically generated
ssl_ca = ${ssldir}/ca.crt

; Path to the (root) CA key file iPXE should use.
; 0.) No whitespace
; 1.) Must be in PEM/X509 format
; 2.) REQUIRED if iso and/or usb is set to True/yes/etc.
; 3.) If left blank or it doesn't exist (and ssl_ca is also
; blank), one will be automatically generated
; 4.) MUST match ssl_ca if specified/exists
; 5.) MUST NOT be passphrase-protected
ssl_cakey = ${ssldir}/ca.key

; Path to the CLIENT certificate iPXE should use.
; 0.) No whitespace
; 1.) Must be in PEM/X509 format
; 2.) REQUIRED if iso and/or usb is set to True/yes/etc.
; 3.) If specified/existent, a matching CA cert (ssl_ca)
; and key (ssl_cakey) MUST be specified
; 4.) HOWEVER, if left blank/nonexistent, one will be generated
; 5.) MUST be signed by ssl_ca/ssl_ca if specified
ssl_crt = ${ssldir}/main.crt

; Path to the CLIENT key iPXE should use.
; 0.) No whitespace
; 1.) Must be in PEM/X509 format
; 2.) REQUIRED if iso and/or usb is set to True/yes/etc.
; 4.) If left blank/nonexistent (and ssl_ca is also blank),
; one will be automatically generated
ssl_key = ${ssldir}/main.key


#---------------------------------------------------------#
# This section controls aspects of rsync pushing. Only used
# if sync:rsync = True (or 'yes', etc.)
#---------------------------------------------------------#
[rsync]

; This is the rsync destination host.
host =

; This is the remote user we should use when performing the
; rsync push.
user =

; This is the remote destination path we should use for
; pushing via rsync.
; 0.) No whitespace
; 1.) The path MUST exist on the remote host
; 2.) The path MUST be writable by rsync:user
; RECOMMENDED: you'll probably want to set http:(user|group)
; to what it'll need to be on the destination.
path =

; Should we rsync over the ISO files too, or just the boot
; files?
; 0.) Only accepts (case-insensitive):
; yes|no
; true|false
; 1|0
iso = yes

443
extra/pkg.build.ini
View File

@ -5,515 +5,82 @@
# This file is used to define various variables/settings
# used by the build script.
#
# It is well-commented, and uses INI syntax.
# See https://wiki.python.org/moin/ConfigParserExamples
# for some advanced features if you would like to use
# them.
# Blank lines are ignored. Section integrity is important.
# #- and ;-prefixed lines are comments and are not parsed.
# If restrictions on input are present, they will be
# given in a numerical list.
# For full (perhaps overly-verbose ;) documentation, please
# see:
# https://bdisk.square-r00t.net/#_the_code_build_ini_code_file
# Or simply refer to the section titled "The build.ini File"
# in the user manual.

#---------------------------------------------------------#
# This section controls some aspects about the live
# environment itself.
#---------------------------------------------------------#
[bdisk]

; The name of the project. If you roll your own and don't
; want it called the default, here's where you change it.
; 0.) Alphanumeric only
; 1.) 8 characters total or less
; 2.) No whitespace
; 3.) ASCII *only*
; 4.) Will be converted to uppercase if it isn't already
name = BDISK

; This is used for filenames, etc.
; I highly recommend it be the same as 'name', but
; lowercase.
; 0.) Alphanumeric only
; 1.) No whitespace
; 2.) ASCII *only*
; 3.) Will be converted to lowercase if it isn't already
uxname = bdisk

; This string is used for "pretty-printing" of the name.
; 0.) Can contain whitespace
; 1.) Can be mixed-case, uppercase, or lowercase
; 2.) ASCII *only*
pname = BDisk

; What version is this?
; If we don't have a version specified here, we'll
; try to guess based on the current git commit in build:basedir.
; 0.) No whitespace
ver =

; Your/your organization's name.
; The same rules as 'pname' apply:
; 0.) Can contain whitespace
; 1.) Can be mixed-case, uppercase, or lowercase
; 2.) ASCII *only*
dev = A Developer

; Your email address.
; This is only used for commit messages (sync:git),
; or GPG-signing the releases (see the associated build
; section items).
email = dev@domain.tld

; What this distribution/project is used for.
; 0.) Can contain whitespace
; 1.) Can be mixed-case, uppercase, or lowercase
; 2.) ASCII *only*
desc = A rescue/restore live environment.

; What is your livedistro's URL?
; 0.) Should be a valid URI understood by minimal versions
; of curl.
uri = https://domain.tld

; Should the root user have a password? IF THIS IS NOT SET,
; PASSWORD LOGIN WILL BE DISABLED! If you wish to have a
; blank password, use the string:
; BLANK
; Do NOT use a plaintext password here. You will need to
; generate a salted and hashed string in a shadow-compatible
; format. If you need help generating one, see docs/HOWTO.hashgen.
; If an assistance script is available, the path will be given
; (i.e. extras/bin/hashgen.py).
;
; Note that if you want an automatic login, this is NOT where it
; would be set. It should instead be controlled via:
; overlay/etc/systemd/system/getty@ttyN.service.d/autologin.conf
; In the following format:
; [Service]
; Type=idle
; ExecStart=
; ExecStart=-/usr/bin/agetty --autologin <USERNAME> --noclear %I 38400 linux
;(where N is the TTY number). Alternatively, if booting to a GUI, it
; can be set as according to that GUI (e.g. for LXDE,
; overlay/etc/lxdm/lxdm.conf, "autologin=<USERNAME>")
; 0.) MUST be a salted SHA512 string in shadow format
; 1.) ALL $'s (there should be three of them) MUST be escaped with a second $.
; e.g.: $6$aBcDeFgHiJ$ZxYw.... would become $$6$$aBcDeFgHiJ$$ZxYw...
root_password =

; Should we create a non-root user on the image?
; Note that this user has full sudo access.
; 0.) Only accepts (case-insensitive):
; yes|no
; true|false
; 1|0
; If it is undefined, it is assumed to be no.
user = yes


#---------------------------------------------------------#
# This section controls aspects about bdisk:user.
# Only used if bdisk:user set to True/yes/etc.
#---------------------------------------------------------#
[user]

; What username should we use for the live system?
; Standard *nix username rules apply:
; 0.) ASCII only
; 1.) 32 characters or less
; 2.) Alphanumeric only
; 3.) Lowercase only
; 4.) No whitespace
; 5.) Cannot start with a number
username = ${bdisk:uxname}

; What comment/description should be used for the user?
; See passwd(5) if you need details on this.
; 0.) ASCII only
name = Default user

; What password should be set for the user, if any?
; See bdisk:root_password for how to generate this.
; DO NOT PUT A PLAINTEXT PASSWORD HERE.
password =

#---------------------------------------------------------#
# This section controls some aspects about the host
# and things like filesystem paths, etc.
#---------------------------------------------------------#
[build]

; What is the mirror for your bootstrap tarball?
; It is *highly* recommended you use an Arch Linux tarball
; as the build process is highly specialized to this.
; 0.) No whitespace
; 1.) Must be accessible remotely (no local file paths)
mirror = mirror.us.leaseweb.net

; What is the protocol for the bootstrap mirror?
; 0.) Must be one of:
; http, https, ftp
mirrorproto = https

; What is the path to the tarball directory?
; 0.) Must be a complete path
; (e.g. /dir1/subdir1/subdir2/
; 1.) No whitespace
mirrorpath = /archlinux/iso/latest/

; What is the filename for the tarball found in the above?
; If left blank, we will use the sha1 checksum file to try
; to guess the most recent file.
mirrorfile =

; What is the path to a sha1 checksum file?
; 0.) No whitespace
; 1.) Must be the full path
; 2.) Don't include the mirror domain or protocol
mirrorchksum = ${mirrorpath}sha1sums.txt

; Optional GPG checking.
; If the file has a GPG signature file,
; we can use it for extra checking.
; If it's blank, GPG checking will be disabled.
; If you specify just '.sig' (or use the default
; and don't actually specify a mirrorfile),
; we'll try to guess based on the file from the sha1
; checksums. Note that this must evaluate to a full
; URL (e.g.:
; ${mirrorproto}://${mirror}${mirrorpath}somefile.sig)
; 0.) No whitespace (if specified)
; 1.) Must be the full path
mirrorgpgsig =

; What is a valid key ID that should be used to
; verify the tarballs?
; 0.) Only used if mirrorgpgsig is set
; 1.) Should be in the "shortform"
; (e.g. 7F2D434B9741E8AC)
gpgkey = 7F2D434B9741E8AC

; What is a valid keyserver we should use
; to fetch gpgkey?
; 0.) Only used if mirrorgpgsig is set
; 1.) The default (blank) is probably fine.
; If you don't specify a personal GPG config
; (under the gpg section), then you'll definitely probably
; want to leave this blank.
; 2.) If set, make sure you use a valid URI (e.g.:
; hkp://pgp.mit.edu )
gpgkeyserver =

; Should we sign our release files? (See the GPG section)
; 0.) Only accepts (case-insensitive):
; yes|no
; true|false
; 1|0
gpg = no

; Where should we save the bootstrap tarballs?
; 0.) No whitespace
; 1.) Will be created if it doesn't exist
dlpath = /var/tmp/${bdisk:uxname}

; Where should the bootstrap tarballs extract to and the
; chroots be built?
; 0.) No whitespace
; 1.) Will be created if it doesn't exist
chrootdir = /var/tmp/chroots

; Where is the base of the BDisk project located?
; In other words, if you cloned BDisk from git,
; what is BDisk's working tree directory?
; 0.) No whitespace
; 1.) Must exist and be populated with the BDisk's files
basedir = /opt/dev/bdisk

; This is the output directory of the ISO files when
; done building. This should not be checked into git.
; (The files will be very big!)
; 0.) No whitespace
; 1.) Will be created if it doesn't exist
isodir = ${dlpath}/iso

; This is a directory where we should save extra
; source code we download (if we need it).
; 0.) No whitespace
; 1.) Will be created if it doesn't exist, and is needed
srcdir = ${dlpath}/src

; What directory should we use for staging?
; 0.) No whitespace
; 1.) Will be created if it doesn't exist
prepdir = ${dlpath}/temp

; Where should we stage the boot files?
; This should not be the same dir as other options!
; The default is recommended.
; 0.) No whitespace
; 1.) Will be created if it doesn't exist
archboot = ${prepdir}/${bdisk:name}

; What directory/path should we use as a base
; directory for mountpoints?
; 0.) No whitespace
; 1.) Will be created if it doesn't exist
mountpt = /mnt/${bdisk:uxname}

; Should we build a multiarch image? That is to say, the
; same ISO file can be used for both i686 and x86_64.
; 0.) Only accepts (case-insensitive):
; yes/true (buld both i686, x86_64 in same image)
; no/false (build separate images, both arch's)
; i686 (ONLY build i686 architecture)
; x86_64 (ONLY build x86_64 architecture)
; If it is undefined, it is assumed to be no.
multiarch = yes

; Would you like to enable iPXE functionality?
; Note that this has no bearing on the 'sync' sections,
; so one can build e.g. only http files.
; 0.) Only accepts (case-insensitive):
; yes|no
; true|false
; 1|0
; If it is undefined, it is assumed to be no.
ipxe = no

; This option should only be enabled if you are on a fairly
; powerful, multicore system with plenty of RAM. It will
; speed the build process along, but will have some
; seriously adverse effects if your system can't handle it.
; Most modern systems should be fine with leaving it enabled.
; 0.) Only accepts (case-insensitive):
; yes|no
; true|false
; 1|0
; If it is undefined, it is assumed to be no.
i_am_a_racecar = no


#---------------------------------------------------------#
# This section controls settings for signing our release
# files. This is only used if build:gpg is
# yes/true/etc.
#---------------------------------------------------------#
[gpg]

; What is a valid key ID that we should use to
; *sign* our release files?
; 0.) You will be prompted for a passphrase if your
; key has one/you don't have an open and authorized
; gpg-agent session. Make sure you have a working
; pinentry configuration set up!
; 1.) If you leave this blank we will use the key
; we generate automatically earlier in the build
; process.
; 2.) We will generate one if this is blank and you
; have selected sign as yes.
mygpgkey =

; What directory should we use for the above GPG key?
; Make sure it contains your private key.
mygpghome =


#---------------------------------------------------------#
# This section controls what we should do with the
# resulting build and how to handle uploads, if we
# choose to use those features.
#---------------------------------------------------------#
[sync]

; Should we generate/prepare HTTP files?
; This is mostly only useful if you plan on using iPXE.
; However, it can also include the built ISO file(s).
; 0.) Only accepts (case-insensitive):
; yes|no
; true|false
; 1|0
; If it is undefined, it is assumed to be no.
http = no

; Should we generate/prepare TFTP files?
; This is mostly only useful if you plan on using more
; traditional (non-iPXE) setups and regualar PXE bootstrapping
; into iPXE.
; 0.) Only accepts (case-insensitive):
; yes|no
; true|false
; 1|0
; If it is undefined, it is assumed to be no.
tftp = no

; Enable automatic Git pushing for any changes done to the
; project itself? If you don't have upstream write access,
; you'll want to set this to False.
; 0.) Only accepts (case-insensitive):
; yes|no
; true|false
; 1|0
; If it is undefined, it is assumed to be no.
git = no

; Enable rsync pushing for the ISO (and other files, if
; you choose- useful for iPXE over HTTP(S)).
rsync = no


#---------------------------------------------------------#
# This section controls details about HTTP file preparation/
# generation. Only used if sync:http = True (or
# 'yes', etc.)
#---------------------------------------------------------#
[http]

; This directory is where to build an HTTP webroot.
; 0.) No whitespace
; 1.) If blank, HTTP preparation/generation will not be done
; 2.) If specified, it will be created if it doesn't exist
; 3.) If it does exist, it will be deleted first- MAKE SURE
; you do not store files here that you want to keep.
path = ${build:dlpath}/http

; What user and group, if applicable, should the HTTP files
; be owned as? This is most likely going to be either 'http',
; 'nginx', or 'apache'.
; 0.) No whitespace
; 1.) User must exist on system
; 2.) If path is blank, they will not be used
user = http
group = http


#---------------------------------------------------------#
# This section controls details about TFTP file
# preparation/generation. Only used if
# sync:tftp = True (or 'yes', etc.)
#---------------------------------------------------------#
[tftp]

; The directory where we want to build a TFTP root.
; 0.) No whitespace
; 1.) If blank, TFTP preparation/generation will not be done
; 2.) If specified, it will be created if it doesn't exist
; 3.) If it does exist, it will be deleted first- MAKE SURE
; you do not store files here that you want to keep.
path = ${build:dlpath}/tftpboot

; What user and group, if applicable, should the TFTP files
; be owned as? This is most likely going to be either 'tftp'
; or 'root'.
; 0.) No whitespace
; 1.) User must exist on system
; 2.) If sync:tftp is blank, they will not be used
user = root
group = root


#---------------------------------------------------------#
# This section controls aspects of iPXE building. Only used
# if build:ipxe = True (or 'yes', etc.)
#---------------------------------------------------------#
[ipxe]

; Build a "mini-ISO"; that is, an ISO file that can be used
; to bootstrap an iPXE environment (so you don't need to set
; up a traditional PXE environment on your LAN). We'll still
; build a full standalone ISO no matter what.
; 0.) Only accepts (case-insensitive):
; yes|no
; true|false
; 1|0
; 1.) Requires actual git to be installed.
; If it is undefined, it is assumed to be no.
iso = no

; What URI should iPXE's EMBED script use?
; If you require HTTP BASIC Authentication or HTTP Digest
; Authentication (untested), you can format it via:
;
; https://user:password@domain.tld/page.php
;
; This currently does not work for HTTPS with self-signed
; certificates.
; 0.) REQUIRED if iso and/or usb is set to True/yes/etc.
; 1.) Must be a valid URI understood by minimal versions
; of curl.
uri = https://domain.tld

; Directory to hold SSL results, if we are generating
; keys, certificates, etc.
ssldir = ${build:dlpath}/ssl

; Path to the (root) CA certificate file iPXE should use.
; Note that you can use your own CA to sign existing certs.
; See http://ipxe.org/crypto for more info. This is handy if
; you run a third-party/"Trusted" root-CA-signed certificate
; for the HTTPS target.
; 0.) No whitespace
; 1.) Must be in PEM/X509 format
; 2.) REQUIRED if iso and/or usb is set to True/yes/etc.
; 3.) If it exists, a matching key (ssl_cakey) MUST be
; specified
; 4.) HOWEVER, if left blank/doesn't exist, one will be
; automatically generated
ssl_ca = ${ssldir}/ca.crt

; Path to the (root) CA key file iPXE should use.
; 0.) No whitespace
; 1.) Must be in PEM/X509 format
; 2.) REQUIRED if iso and/or usb is set to True/yes/etc.
; 3.) If left blank or it doesn't exist (and ssl_ca is also
; blank), one will be automatically generated
; 4.) MUST match ssl_ca if specified/exists
; 5.) MUST NOT be passphrase-protected
ssl_cakey = ${ssldir}/ca.key

; Path to the CLIENT certificate iPXE should use.
; 0.) No whitespace
; 1.) Must be in PEM/X509 format
; 2.) REQUIRED if iso and/or usb is set to True/yes/etc.
; 3.) If specified/existent, a matching CA cert (ssl_ca)
; and key (ssl_cakey) MUST be specified
; 4.) HOWEVER, if left blank/nonexistent, one will be generated
; 5.) MUST be signed by ssl_ca/ssl_ca if specified
ssl_crt = ${ssldir}/main.crt

; Path to the CLIENT key iPXE should use.
; 0.) No whitespace
; 1.) Must be in PEM/X509 format
; 2.) REQUIRED if iso and/or usb is set to True/yes/etc.
; 4.) If left blank/nonexistent (and ssl_ca is also blank),
; one will be automatically generated
ssl_key = ${ssldir}/main.key


#---------------------------------------------------------#
# This section controls aspects of rsync pushing. Only used
# if sync:rsync = True (or 'yes', etc.)
#---------------------------------------------------------#
[rsync]

; This is the rsync destination host.
host =

; This is the remote user we should use when performing the
; rsync push.
user =

; This is the remote destination path we should use for
; pushing via rsync.
; 0.) No whitespace
; 1.) The path MUST exist on the remote host
; 2.) The path MUST be writable by rsync:user
; RECOMMENDED: you'll probably want to set http:(user|group)
; to what it'll need to be on the destination.
path =

; Should we rsync over the ISO files too, or just the boot
; files?
; 0.) Only accepts (case-insensitive):
; yes|no
; true|false
; 1|0
iso = no

2
extra/pre-build.d/etc/mkinitcpio.conf
View File

@ -3,7 +3,7 @@
# run. Advanced users may wish to specify all system modules
# in this array. For instance:
# MODULES="piix ide_disk reiserfs"
MODULES="overlay ata_generic ata_piix loop nls_cp437 ext4 raid456 vfat netconsole"
MODULES="overlay ata_generic ata_piix loop nls_cp437 ext4 raid456 vfat netconsole isofs"

# BINARIES
# This setting includes any additional binaries a given user may

2
extra/pre-build.d/root/pre-build.sh
View File

@ -115,7 +115,6 @@ ln -s /usr/lib/libdialog.so.1.2 /usr/lib/libdialog.so
cleanPacorigs
apacman --noconfirm --noedit --skipinteg -S --needed linux
apacman --gendb
#mv -f /boot/vmlinuz-linux /boot/vmlinuz-linux-${DISTNAME}
cleanPacorigs

# And install EXTRA functionality packages, if there are any.
@ -161,7 +160,6 @@ else
usermod -L root
fi
cleanPacorigs
mv -f /boot/initramfs-linux.img /boot/initramfs-linux-${DISTNAME}.img
# And install arch-specific extra packages, if there are any.
#PKGLIST=$(sed -re '/^[[:space:]]*(#|$)/d' /root/packages.arch | tr '\n' ' ')
PKGLIST=$(getPkgList /root/packages.arch)

2
extra/templates/iPXE/BIOS/isolinux.cfg.j2
View File

@ -3,5 +3,5 @@ PROMPT 0
TIMEOUT 10

LABEL ipxe
KERNEL boot/ipxe.krn
KERNEL /boot/ipxe.krn