set releasever and basearch so we can find the right RPM GPG key to import

switch order of serial and virtual console so logs output to serial console
because that's more useful in openstack. Note does not affect pvgrub (and therefore ec2)
2025-12-09 00:20:31 +08:00 · 2013-12-11 11:57:41 -07:00 · 2013-12-11 10:36:26 -08:00 · 2013-12-09 14:56:01 -05:00 · 2013-12-09 14:55:55 -05:00 · 2013-12-09 14:55:46 -05:00
3 changed files with 27 additions and 39 deletions
--- a/fedora-cloud-base.ks
+++ b/fedora-cloud-base.ks
@@ -19,14 +19,12 @@ auth --useshadow --enablemd5
 selinux --enforcing
 rootpw --lock --iscrypted locked

-# this is actually not used, but a static firewall
-# matching these rules is generated below.
-firewall --service=ssh
+firewall --disabled

-bootloader --timeout=1 --append="console=ttyS0,115200n8 console=tty0" extlinux
+bootloader --timeout=1 --append="console=tty1 console=ttyS0,115200n8" extlinux

 network --bootproto=dhcp --device=eth0 --onboot=on
-services --enabled=network,sshd,rsyslog,iptables,cloud-init,cloud-init-local,cloud-config,cloud-final
+services --enabled=network,sshd,rsyslog,cloud-init,cloud-init-local,cloud-config,cloud-final


 zerombr
@@ -63,10 +61,6 @@ syslinux-extlinux
 # Needed initially, but removed below.
 firewalld

-# Basic firewall. If you're going to rely on your cloud service's
-# security groups you can remove this.
-iptables-services
-
 # cherry-pick a few things from @standard
 tar
 rsync
@@ -135,28 +129,6 @@ yum -C -y remove linux-firmware
 echo "Removing firewalld."
 yum -C -y remove firewalld --setopt="clean_requirements_on_remove=1"

-# Non-firewalld-firewall
-echo -n "Writing static firewall"
-cat <<EOF > /etc/sysconfig/iptables
-# Simple static firewall loaded by iptables.service. Replace
-# this with your own custom rules, run lokkit, or switch to 
-# shorewall or firewalld as your needs dictate.
-*filter
-:INPUT ACCEPT [0:0]
-:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 22 -j ACCEPT
-#-A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 80 -j ACCEPT
-#-A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-COMMIT
-EOF
-echo .
-
 # Another one needed at install time but not after that, and it pulls
 # in some unneeded deps (like, newt and slang)
 echo "Removing authconfig."
@@ -223,8 +195,26 @@ yum history new
 yum clean all
 truncate -c -s 0 /var/log/yum.log

+echo "Import RPM GPG key"
+releasever=$(rpm -q --qf '%{version}\n' fedora-release)
+basearch=$(uname -m)
+rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
+
+echo "Packages within this cloud image:"
+echo "-----------------------------------------------------------------------"
+rpm -qa
+echo "-----------------------------------------------------------------------"
+# Note that running rpm recreates the rpm db files which aren't needed/wanted
+rm -f /var/lib/rpm/__db*
+
+
 echo "Fixing SELinux contexts."
+touch /var/log/cron
+touch /var/log/boot.log
+mkdir -p /var/cache/yum
+chattr -i /boot/extlinux/ldlinux.sys
 /usr/sbin/fixfiles -R -a restore
+chattr +i /boot/extlinux/ldlinux.sys

 echo "Zeroing out empty space."
 # This forces the filesystem to reclaim space from deleted files
--- a/fedora-live-base.ks
+++ b/fedora-live-base.ks
@@ -280,6 +280,8 @@ systemctl enable tmp.mount

 # work around for poor key import UI in PackageKit
 rm -f /var/lib/rpm/__db*
+releasever=$(rpm -q --qf '%{version}\n' fedora-release)
+basearch=$(uname -m)
 rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
 echo "Packages within this LiveCD"
 rpm -qa
--- a/fedora-lxde-packages.ks
+++ b/fedora-lxde-packages.ks
@@ -12,7 +12,9 @@
@lxde-apps
@lxde-media
@lxde-office
-@firefox
+
+# FIXME: can be omitted once comps is updated
+midori

 # pam-fprint causes a segfault in LXDM when enabled
 -fprintd-pam
@@ -35,9 +37,6 @@ metacity
 #-man-pages-*
 #-words

-# use ssmtp
-ssmtp
-
 # save some space
 -autofs
 -acpid
@@ -50,10 +49,7 @@ ssmtp
 -stix-fonts
 -ibus-typing-booster
 -xscreensaver-extras
-wqy-zenhei-fonts           # FIXME: Workaround to save space, do this in comps
-
-# FIXME: can be removed once mtpaint is gone from lxde-apps in comps
-mtpaint
+#-wqy-zenhei-fonts           # FIXME: Workaround to save space, do this in comps

 # drop some system-config things
 -system-config-boot
Author	SHA1	Message	Date
Matthew Miller	ce61f186bb	set releasever and basearch so we can find the right RPM GPG key to import	2013-12-11 11:57:41 -07:00
Matthew Miller	5579ccc249	switch order of serial and virtual console so logs output to serial console because that's more useful in openstack. Note does not affect pvgrub (and therefore ec2)	2013-12-11 10:36:26 -08:00
Matthew Miller	d761360668	cloud image import fedora GPG key for RPMs, as the livecd does (cherry picked from commit `c6f36e4c10`)	2013-12-09 14:56:01 -05:00
Matthew Miller	9625f87b66	selinux context fixes for cloud image (cherry picked from commit `77ea37a424`)	2013-12-09 14:55:55 -05:00
Matthew Miller	ba05c3ed08	by popular demand, disable the iptables firewall entirely. (cherry picked from commit `fe5b6843ac`)	2013-12-09 14:55:46 -05:00
Christoph Wickert	93227e4c16	Drop mtpaint exclusion, already in comps	2013-12-04 16:01:54 +01:00
Christoph Wickert	8d089260b2	LXDE: Switch from firefox to midori	2013-12-04 16:01:40 +01:00
Christoph Wickert	9122e0d384	LXDE: Drop ssmtp, we no longer have a smtpd in the default install	2013-12-04 16:01:25 +01:00