# rocky-live-base.ks # lang zh_CN.UTF-8 keyboard us timezone Asia/Shanghai # selinux --enforcing selinux --disabled firewall --disabled xconfig --startxonboot zerombr clearpart --all part / --size 12288 --fstype ext4 # services --enabled=NetworkManager,ModemManager --disabled=sshd services --enabled=NetworkManager,sshd network --bootproto=dhcp --device=link --activate rootpw --lock --iscrypted locked shutdown # # %include fedora-repo.ks # url --url "http://172.27.175.219/repos/rocky9/BaseOS/x86_64/os/" # # repo --name="local-rocky9-baseos" --baseurl="http://172.27.175.219/repos/rocky9/BaseOS/x86_64/os/" # repo --name="local-rocky9-appstream" --baseurl="http://172.27.175.219/repos/rocky9/AppStream/x86_64/os/" # repo --name="epel" --baseurl="https://download.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm" --install # 主要安装源 - 你的本地 BaseOS 仓库 url --url "https://mirrors.aliyun.com/rockylinux/9.7/BaseOS/x86_64/os/" # url --url "http://172.27.175.219/repos/rocky9/Custom/x86_64/os/Packages/" # 你的本地 AppStream 仓库 repo --name="appstream" --baseurl="https://mirrors.aliyun.com/rockylinux/9.7/AppStream/x86_64/os/" repo --name="extras" --baseurl="https://mirrors.aliyun.com/rockylinux/9.7/extras/x86_64/os/" repo --name="epel" --baseurl="https://mirrors.aliyun.com/epel/9/Everything/x86_64/" repo --name="my-local-repo" --baseurl="http://172.27.175.219/repos/rocky9/Custom/x86_64/os/Packages/" # repo --name="local-rocky9-appstream" --baseurl="http://172.27.175.219/repos/rocky9/AppStream/x86_64/os/" # repo --name="my-local-repo" --baseurl="http://172.27.175.219/repos/rocky9/Custom/x86_64/os/Packages/" # 添加公共 EPEL 仓库 (需要互联网连接) #repo --name="epel" --baseurl="https://download.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm" --install # 添加 CRB (CodeReady Builder) 仓库 # CRB 提供了许多开发工具和库,经常是 EPEL 软件包的依赖。强烈建议启用。 # 确保你的构建环境可以访问此公共 URL。 #repo --name="crb" --baseurl="https://download.rockylinux.org/pub/rocky/9/CRB/x86_64/os/" # --- 添加 Rocky Linux 官方的 Extras 仓库 --- # 这个仓库通常包含一些官方支持但不在核心 BaseOS 或 AppStream 中的软件包。 # 确保你的构建环境可以访问此公共 URL。 #repo --name="rocky-extras" --baseurl="https://download.rockylinux.org/pub/rocky/9/extras/x86_64/os/" # --- 添加 Rocky Linux 官方的 Plus 仓库 --- # Plus 仓库可能包含一些增强功能或特定软件包。 # 确保你的构建环境可以访问此公共 URL。 #repo --name="rocky-plus" --baseurl="https://download.rockylinux.org/pub/rocky/9/plus/x86_64/os/" %packages # 基础包 @core kernel memtest86+ kernel-modules kernel-modules-extra authselect-compat chrony cryptsetup device-mapper-multipath dosfstools dracut-network e2fsprogs efibootmgr fcoe-utils firewalld glibc-all-langpacks grub2-efi-x64 grub2-efi-x64-cdboot grub2-pc grub2-tools grub2-tools-efi grub2-tools-extra iscsi-initiator-utils kdump-anaconda-addon libblockdev-plugins-all libreport-plugin-bugzilla lvm2 mdadm realmd restore shim-x64 syslinux-extlinux teamd tmux xfsprogs # live环境包 anaconda-install-env-deps anaconda-live device-mapper-multipath aajohan-comfortaa-fonts dracut-live glibc-all-langpacks livesys-scripts # xfce 桌面环境,以及应用 @Xfce -gdm lightdm lightdm-gtk-greeter xorg-x11-server-Xorg xorg-x11-drivers xfce4-about xfce4-mount-plugin mousepad ristretto firefox # 中文支持 google-droid-sans-fonts google-noto-cjk-fonts-common google-noto-emoji-color-fonts google-noto-fonts-common google-noto-sans-cjk-ttc-fonts google-noto-sans-gurmukhi-fonts google-noto-sans-sinhala-vf-fonts google-noto-serif-cjk-ttc-fonts fontconfig glibc-langpack-zh # 中文输入法 ibus ibus-libpinyin ibus-gtk2 ibus-gtk3 # 远程工具 teamviewer todesk # 工具 wget vim nmap zip unzip open-vm-tools open-vm-tools-desktop %end %post # Enable livesys services systemctl enable livesys.service systemctl enable livesys-late.service systemctl enable vmtoolsd # enable tmpfs for /tmp systemctl enable tmp.mount # make it so that we don't do writing to the overlay for things which # are just tmpdirs/caches # note https://bugzilla.redhat.com/show_bug.cgi?id=1135475 cat >> /etc/fstab << EOF vartmp /var/tmp tmpfs defaults 0 0 EOF # work around for poor key import UI in PackageKit rm -f /var/lib/rpm/__db* echo "Packages within this LiveCD" rpm -qa --qf '%{size}\t%{name}-%{version}-%{release}.%{arch}\n' |sort -rn # Note that running rpm recreates the rpm db files which aren't needed or wanted rm -f /var/lib/rpm/__db* # go ahead and pre-make the man -k cache (#455968) /usr/bin/mandb # make sure there aren't core files lying around rm -f /core* # remove random seed, the newly installed instance should make it's own rm -f /var/lib/systemd/random-seed # convince readahead not to collect # FIXME: for systemd echo 'File created by kickstart. See systemd-update-done.service(8).' \ | tee /etc/.updated >/var/.updated # Drop the rescue kernel and initramfs, we don't need them on the live media itself. # See bug 1317709 rm -f /boot/*-rescue* # Disable network service here, as doing it in the services line # fails due to RHBZ #1369794 systemctl disable network # Remove machine-id on pre generated images rm -f /etc/machine-id touch /etc/machine-id %end %post mkdir -p /etc/xdg/autostart/ cat > /etc/xdg/autostart/ibus.desktop <> /etc/environment << EOF export GTK_IM_MODULE=ibus export QT_IM_MODULE=ibus export XMODIFIERS=@im=ibus export IM_CONFIG_PHASE=2 EOF fc-cache -fv # xfce configuration # create /etc/sysconfig/desktop (needed for installation) cat > /etc/sysconfig/desktop <> /etc/teamviewer/global.conf << EOF TeamViewer Global Settings [int32] Always_Online = 1 [int32] EulaAccepted = 1 [int32] General_DirectLAN = 1 [bin ] PermanentPassword = 13b0a813880888089e8ac6a1dcdeee4db2db172fa0d33d68c903aac7500a9ec8978b1106e8ea26a978ec58f3d073f05507cb0a96ce973f1abdd25b24cc971d2297b83d090d2ab380507dd0e106b7e890599680af5c2afd6166a65c13b6697684878b3aa1ca58b0c7d3ddd0405354ad608c0a5089a588b4cea8528a1937ce4d22b2b8b764660b54218af08baa04925bfcf1cbaf59de19dea8244f022ba43cbcb09b4087b5d5c39ffd91bd4d2cc9443b05bd90d28b690a4300c5f87fef8b9d94d03416413c40aa8941d81dfdeed4e7e19be457e774b0346befb05d68eba1d5090c0798cbed803635bba6c5a4c8f608813d931bc742d5c47498ce16a335e2fdd391a7f9ee188b23381fda251ac8b6472f67daa63b377d1374a67af639045bf2ba4b22d0c1607d5af5ed0dc6a3c67371da9c [strng] PermanentPasswordDate = "20251119T120621" [int32] Security_PasswordStrength = 1 EOF teamviewer --passwd 'Bbt123!@#' %end