import the gpg key since live and cloud is

use uname -i as it gives the arch used as the basearch by yum uname -m is incorrect
correct path when copying GPL to live root (unversioned docdirs)
2025-12-10 17:10:31 +08:00 · 2013-12-21 15:40:44 -06:00 · 2013-12-21 15:40:44 -06:00 · 2013-12-21 15:40:44 -06:00 · 2013-12-11 11:57:41 -07:00 · 2013-12-11 10:36:26 -08:00
3 changed files with 34 additions and 32 deletions
--- a/fedora-arm-base.ks
+++ b/fedora-arm-base.ks
@@ -48,6 +48,16 @@ uboot-wandboard_quad
 %post
 # work around for poor key import UI in PackageKit
 rm -f /var/lib/rpm/__db*
 releasever=$(rpm -q --qf '%{version}\n' fedora-release)
 basearch=armhfp
 rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
 echo "Packages within this LiveCD"
 rpm -qa
 # Note that running rpm recreates the rpm db files which aren't needed or wanted
 rm -f /var/lib/rpm/__db*
 # Because memory is scarce resource in most arm systems we are differing from the Fedora
 # default of having /tmp on tmpfs.
 echo "Disabling tmpfs for /tmp."
--- a/fedora-cloud-base.ks
+++ b/fedora-cloud-base.ks
@@ -19,14 +19,12 @@ auth --useshadow --enablemd5
 selinux --enforcing
 rootpw --lock --iscrypted locked
-# this is actually not used, but a static firewall
+firewall --disabled
 # matching these rules is generated below.
 firewall --service=ssh
-bootloader --timeout=1 --append="console=ttyS0,115200n8 console=tty0" extlinux
+bootloader --timeout=1 --append="console=tty1 console=ttyS0,115200n8" extlinux
 network --bootproto=dhcp --device=eth0 --onboot=on
-services --enabled=network,sshd,rsyslog,iptables,cloud-init,cloud-init-local,cloud-config,cloud-final
+services --enabled=network,sshd,rsyslog,cloud-init,cloud-init-local,cloud-config,cloud-final
 zerombr
@@ -63,10 +61,6 @@ syslinux-extlinux
 # Needed initially, but removed below.
 firewalld
 # Basic firewall. If you're going to rely on your cloud service's
 # security groups you can remove this.
 iptables-services
 # cherry-pick a few things from @standard
 tar
 rsync
@@ -135,28 +129,6 @@ yum -C -y remove linux-firmware
 echo "Removing firewalld."
 yum -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
 # Non-firewalld-firewall
 echo -n "Writing static firewall"
 cat <<EOF > /etc/sysconfig/iptables
 # Simple static firewall loaded by iptables.service. Replace
 # this with your own custom rules, run lokkit, or switch to 
 # shorewall or firewalld as your needs dictate.
 *filter
 :INPUT ACCEPT [0:0]
 :FORWARD ACCEPT [0:0]
 :OUTPUT ACCEPT [0:0]
 -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
 -A INPUT -p icmp -j ACCEPT
 -A INPUT -i lo -j ACCEPT
 -A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 22 -j ACCEPT
 #-A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 80 -j ACCEPT
 #-A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 443 -j ACCEPT
 -A INPUT -j REJECT --reject-with icmp-host-prohibited
 -A FORWARD -j REJECT --reject-with icmp-host-prohibited
 COMMIT
 EOF
 echo .
 # Another one needed at install time but not after that, and it pulls
 # in some unneeded deps (like, newt and slang)
 echo "Removing authconfig."
@@ -223,8 +195,26 @@ yum history new
 yum clean all
 truncate -c -s 0 /var/log/yum.log
 echo "Import RPM GPG key"
 releasever=$(rpm -q --qf '%{version}\n' fedora-release)
 basearch=$(uname -i)
 rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
 echo "Packages within this cloud image:"
 echo "-----------------------------------------------------------------------"
 rpm -qa
 echo "-----------------------------------------------------------------------"
 # Note that running rpm recreates the rpm db files which aren't needed/wanted
 rm -f /var/lib/rpm/__db*
 echo "Fixing SELinux contexts."
 touch /var/log/cron
 touch /var/log/boot.log
 mkdir -p /var/cache/yum
 chattr -i /boot/extlinux/ldlinux.sys
 /usr/sbin/fixfiles -R -a restore
 chattr +i /boot/extlinux/ldlinux.sys
 echo "Zeroing out empty space."
 # This forces the filesystem to reclaim space from deleted files
--- a/fedora-live-base.ks
+++ b/fedora-live-base.ks
@@ -280,6 +280,8 @@ systemctl enable tmp.mount
 # work around for poor key import UI in PackageKit
 rm -f /var/lib/rpm/__db*
 releasever=$(rpm -q --qf '%{version}\n' fedora-release)
 basearch=$(uname -i)
 rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
 echo "Packages within this LiveCD"
 rpm -qa
@@ -301,7 +303,7 @@ rm -f /core*
 %post --nochroot
-cp $INSTALL_ROOT/usr/share/doc/*-release-*/GPL $LIVE_ROOT/GPL
+cp $INSTALL_ROOT/usr/share/doc/*-release/GPL $LIVE_ROOT/GPL
 # only works on x86, x86_64
 if [ "$(uname -i)" = "i386" -o "$(uname -i)" = "x86_64" ]; then
Author	SHA1	Message	Date
Dennis Gilmore	9bfe625d34	import the gpg key since live and cloud is	2013-12-21 15:40:44 -06:00
Dennis Gilmore	de56fb5bf2	use uname -i as it gives the arch used as the basearch by yum uname -m is incorrect	2013-12-21 15:40:44 -06:00
Adam Williamson	4d772b386c	correct path when copying GPL to live root (unversioned docdirs)	2013-12-21 15:40:44 -06:00
Matthew Miller	ce61f186bb	set releasever and basearch so we can find the right RPM GPG key to import	2013-12-11 11:57:41 -07:00
Matthew Miller	5579ccc249	switch order of serial and virtual console so logs output to serial console because that's more useful in openstack. Note does not affect pvgrub (and therefore ec2)	2013-12-11 10:36:26 -08:00
Matthew Miller	d761360668	cloud image import fedora GPG key for RPMs, as the livecd does (cherry picked from commit `c6f36e4c10`)	2013-12-09 14:56:01 -05:00
Matthew Miller	9625f87b66	selinux context fixes for cloud image (cherry picked from commit `77ea37a424`)	2013-12-09 14:55:55 -05:00
Matthew Miller	ba05c3ed08	by popular demand, disable the iptables firewall entirely. (cherry picked from commit `fe5b6843ac`)	2013-12-09 14:55:46 -05:00