Add uefi to vyos-build

26 files changed, 587 insertions, 0 deletions

diff --git a/data/live-build-config/hooks/live/00-manifest.binary b/data/live-build-config/hooks/live/00-manifest.binary
new file mode 100755
index 00000000..6db8b6f3
--- /dev/null
+++ b/data/live-build-config/hooks/live/00-manifest.binary
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+echo I: Backwards compat packages.txt
+echo "ii  vyatta-version " > binary/live/packages.txt
diff --git a/data/live-build-config/hooks/live/00-mk_buildid.chroot b/data/live-build-config/hooks/live/00-mk_buildid.chroot
new file mode 100755
index 00000000..087addad
--- /dev/null
+++ b/data/live-build-config/hooks/live/00-mk_buildid.chroot
@@ -0,0 +1,22 @@
+#!/bin/sh
+# create the buildid file
+
+etcdir=/opt/vyatta/etc
+
+[ -d $etcdir ] || mkdir -p -m 0755 $etcdir
+rm -f $etcdir/build.txt $etcdir/iso-build.txt $etc/iso-submodules.txt
+
+## NOTE: on live image build, these files are in the chroot/root
+##       however, during install, these are in /cdrom
+for f in iso-build.txt iso-submodules.txt ; do
+    if [ -f /cdrom/$f ] ; then
+	cp /cdrom/$f $etcdir
+    elif [ -f /$f ] ; then
+	cp /$f $etcdir
+    else
+	>$etcdir/$f
+    fi
+done
+
+# backwards compatible symlink
+ln -s iso-build.txt $etcdir/build.txt
diff --git a/data/live-build-config/hooks/live/01-interfaces.chroot b/data/live-build-config/hooks/live/01-interfaces.chroot
new file mode 100755
index 00000000..8d218ea4
--- /dev/null
+++ b/data/live-build-config/hooks/live/01-interfaces.chroot
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+if ! grep '^auto lo' /etc/network/interfaces &> /dev/null ; then
+    mkdir -p -m 0755 /etc/network
+    cat >> /etc/network/interfaces <<-EOF
+
+	# The loopback network interface
+	auto lo
+	iface lo inet loopback
+
+	EOF
+fi
diff --git a/data/live-build-config/hooks/live/02-issue.chroot b/data/live-build-config/hooks/live/02-issue.chroot
new file mode 100755
index 00000000..732ebeb0
--- /dev/null
+++ b/data/live-build-config/hooks/live/02-issue.chroot
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+echo I: Rewriting /etc/issue and /etc/issue.net
+cat <<EOF > etc/issue
+Welcome to VyOS - \n \l
+
+EOF
+cat <<EOF > etc/issue.net
+Welcome to VyOS
+EOF
diff --git a/data/live-build-config/hooks/live/03-root_bash_completion.chroot b/data/live-build-config/hooks/live/03-root_bash_completion.chroot
new file mode 100755
index 00000000..b7ea8f52
--- /dev/null
+++ b/data/live-build-config/hooks/live/03-root_bash_completion.chroot
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+grep -q '\(^[^#]*\)\(\.\|source\) /etc/bash_completion' root/.bashrc || \
+    cat <<-EOF >> root/.bashrc
+
+	source /etc/bash_completion
+	EOF
+
+sed -i 's/set $BASH_COMPLETION_ORIGINAL_V_VALUE/builtin set $BASH_COMPLETION_ORIGINAL_V_VALUE/g' /usr/share/bash-completion/bash_completion
+
diff --git a/data/live-build-config/hooks/live/04-locale.chroot b/data/live-build-config/hooks/live/04-locale.chroot
new file mode 100755
index 00000000..89a5f954
--- /dev/null
+++ b/data/live-build-config/hooks/live/04-locale.chroot
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+echo I: Set default locale
+cat <<EOF >etc/default/locale
+LANG=en_US.UTF-8
+LC_ALL=C
+EOF
+
+sed -i 's/AcceptEnv LANG LC_\*/# AcceptEnv LANG LC_\*/g' /etc/ssh/sshd_config
diff --git a/data/live-build-config/hooks/live/05-event_tty.chroot b/data/live-build-config/hooks/live/05-event_tty.chroot
new file mode 100755
index 00000000..a00167f7
--- /dev/null
+++ b/data/live-build-config/hooks/live/05-event_tty.chroot
@@ -0,0 +1,34 @@
+#!/bin/sh
+
+if [ -r etc/event.d/tty1 ] ; then
+    echo I: Delay getty until rcX completes
+    sed -i 's/start on runlevel /start on stopped rc/' \
+	etc/event.d/tty[1-6]
+    if [ ! -r etc/event.d/ttyS0 ] && [ -c dev/ttyS0 ] ; then
+	echo I: Enable serial console login
+	cat <<-EOF > etc/event.d/ttyS0
+	# ttyS0 - getty
+	#
+	# This service maintains a getty on ttyS0 from the point the system is
+	# started until it is shut down again.
+
+	start on stopped rc2
+	start on stopped rc3
+	start on stopped rc4
+	start on stopped rc5
+
+	stop on runlevel 0
+	stop on runlevel 1
+	stop on runlevel 6
+
+	respawn
+	exec /sbin/getty 9600 ttyS0 vt100
+
+	EOF
+    fi
+fi
+
+if [ -r etc/inittab ] && [ -c dev/ttyS0 ] && grep -q '^#T0:.*getty.*ttyS0' etc/inittab ; then
+    echo I: Enable serial console login
+    sed -i '/^#T0:/s|^#.*$|T0:23:respawn:/sbin/getty -L ttyS0 9600 vt100|' etc/inittab
+fi
diff --git a/data/live-build-config/hooks/live/07-apt.chroot b/data/live-build-config/hooks/live/07-apt.chroot
new file mode 100755
index 00000000..8db33a78
--- /dev/null
+++ b/data/live-build-config/hooks/live/07-apt.chroot
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+if [ -e /cdrom/vyatta-pubkey.gpg ] ; then
+    apt-key add /cdrom/vyatta-pubkey.gpg
+elif [ -e /vyatta-pubkey.gpg ] ; then
+    apt-key add /vyatta-pubkey.gpg
+    rm -f /vyatta-pubkey.gpg
+fi
diff --git a/data/live-build-config/hooks/live/08-sysconf.chroot b/data/live-build-config/hooks/live/08-sysconf.chroot
new file mode 100755
index 00000000..8d1616c0
--- /dev/null
+++ b/data/live-build-config/hooks/live/08-sysconf.chroot
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+for conf in motd.tail syslog.conf; do
+  cp -f /opt/vyatta/etc/$conf /etc/$conf
+done
+
+cp -f /opt/vyatta/etc/default_ssh /etc/default/ssh
+>/etc/pam_radius_auth.conf
+
+update_sysctl_conf ()
+{
+    var=$1
+    val=$2
+    comment=$3
+    sysctl_conf=/etc/sysctl.conf
+
+    if grep -q "^${var}[[:space:]]*=" $sysctl_conf ; then
+	sed -i "/^${var}[[:space:]]*=/ s,=.*,= ${val}," $sysctl_conf
+    elif grep -q "^#[[:space:]]*${var}[[:space:]]*=" $sysctl_conf ; then
+	sed -i "/^#[[:space:]]*${var}[[:space:]]*=/ { s,^#[[:space:]]*,, ; s,[[:space:]]*=.*, = ${val},} " $sysctl_conf
+    else
+	cat <<-EOF >> $sysctl_conf
+
+	# $comment
+	$var = $val
+	EOF
+    fi
+}
+
+update_sysctl_conf kernel.printk "4 4 1 7" \
+    "the following stops low-level messages on console"
+update_sysctl_conf net.ipv4.conf.all.promote_secondaries 1 \
+    "promote secondaries with removal of primary address"
+update_sysctl_conf net.ipv4.ip_forward 1 \
+    "enable ipv4 forwarding"
+# FIXME! need to load or staticly link ipv6 module before adding this.
+# update_sysctl_conf net.ipv6.conf.all.forwarding 1 \
+#    "enable ipv6 forwarding"
+update_sysctl_conf net.core.rmem_max 223232 \
+    "maximize netlink buffers"
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 4
+# End:
diff --git a/data/live-build-config/hooks/live/09-live.chroot b/data/live-build-config/hooks/live/09-live.chroot
new file mode 100755
index 00000000..f19f0ae6
--- /dev/null
+++ b/data/live-build-config/hooks/live/09-live.chroot
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+# hack live script that tries to mount ext[23] floppies as root
+# remove user settings live config scripts
+
+sed -e '/ln -s "${devname}"/,/return 0/ s/^/: FIXME/' \
+    -i /usr/share/initramfs-tools/scripts/live
+
+rm -rf /lib/live/config/0030-live-debconfig_passwd
+rm -rf /lib/live/config/0030-user-setup
+rm -rf /lib/live/config/0040-sudo
diff --git a/data/live-build-config/hooks/live/10-unmountfs.chroot b/data/live-build-config/hooks/live/10-unmountfs.chroot
new file mode 100755
index 00000000..7992a4d2
--- /dev/null
+++ b/data/live-build-config/hooks/live/10-unmountfs.chroot
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+# hack umountfs script to cleanly unmount live systems
+
+sed \
+    -e '/proc|procfs|linprocfs/ s/)/|squashfs|iso9660)/' \
+    -e '/tmpfs)/ a\
+			[ "$MTPT" != "/media" ] && \
+			[ "$MTPT" != "/live" ] && \
+			[ "$MTPT" != "/live/cow" ] &&
+'   \
+    -i /etc/init.d/umountfs
diff --git a/data/live-build-config/hooks/live/11-busybox.chroot b/data/live-build-config/hooks/live/11-busybox.chroot
new file mode 100755
index 00000000..fecce616
--- /dev/null
+++ b/data/live-build-config/hooks/live/11-busybox.chroot
@@ -0,0 +1,183 @@
+#!/bin/sh
+
+# create busybox alternatives
+
+bb=`which busybox`
+applets=$(busybox | sed '1,/^Currently defined functions:/d; s/[\[,]//g; s/	/ /g; s/$/ /g')
+
+bb_alternative ()
+{
+    full=$1
+    full_bb=${full}.bb
+    app=${full##*/}
+    if [ ! -x $full ] && (echo -n "$applets" | grep -q " $app "); then
+      ln -s $bb $full_bb
+      update-alternatives --install $full $app $full_bb 10
+    fi
+}
+
+bb_alternative /bin/bunzip2
+bb_alternative /bin/bzcat
+bb_alternative /bin/cat
+bb_alternative /bin/chgrp
+bb_alternative /bin/chmod
+bb_alternative /bin/chown
+bb_alternative /bin/cp
+bb_alternative /bin/cpio
+bb_alternative /bin/date
+bb_alternative /bin/dd
+bb_alternative /bin/df
+bb_alternative /bin/dmesg
+bb_alternative /bin/echo
+bb_alternative /bin/egrep
+bb_alternative /bin/false
+bb_alternative /bin/fgrep
+bb_alternative /bin/grep
+bb_alternative /bin/gunzip
+bb_alternative /bin/gzip
+bb_alternative /bin/hostname
+bb_alternative /bin/ip
+bb_alternative /bin/kill
+bb_alternative /bin/ln
+bb_alternative /bin/login
+bb_alternative /bin/ls
+bb_alternative /bin/mkdir
+bb_alternative /bin/mknod
+bb_alternative /bin/mktemp
+bb_alternative /bin/more
+bb_alternative /bin/mount
+bb_alternative /bin/mt
+bb_alternative /bin/mv
+bb_alternative /bin/nc
+bb_alternative /bin/netstat
+bb_alternative /bin/pidof
+bb_alternative /bin/ping
+bb_alternative /bin/ping6
+bb_alternative /bin/ps
+bb_alternative /bin/pwd
+bb_alternative /bin/readlink
+bb_alternative /bin/rm
+bb_alternative /bin/rmdir
+bb_alternative /bin/run-parts
+bb_alternative /bin/sed
+bb_alternative /bin/sh
+bb_alternative /bin/sleep
+bb_alternative /bin/stty
+bb_alternative /bin/sync
+bb_alternative /bin/tar
+bb_alternative /bin/touch
+bb_alternative /bin/true
+bb_alternative /bin/umount
+bb_alternative /bin/uname
+bb_alternative /bin/uncompress
+bb_alternative /bin/which
+bb_alternative /bin/zcat
+
+bb_alternative /sbin/ifconfig
+bb_alternative /sbin/ip
+bb_alternative /sbin/iptunnel
+bb_alternative /sbin/klogd
+bb_alternative /sbin/losetup
+bb_alternative /sbin/nameif
+bb_alternative /sbin/route
+bb_alternative /sbin/start-stop-daemon
+bb_alternative /sbin/swapoff
+bb_alternative /sbin/swapon
+bb_alternative /sbin/syslogd
+
+bb_alternative /usr/bin/adjtimex
+bb_alternative /usr/bin/ar
+bb_alternative /usr/bin/arping
+bb_alternative /usr/bin/awk
+bb_alternative /usr/bin/basename
+bb_alternative /usr/bin/cal
+bb_alternative /usr/bin/chvt
+bb_alternative /usr/bin/clear
+bb_alternative /usr/bin/cmp
+bb_alternative /usr/bin/cut
+bb_alternative /usr/bin/dc
+bb_alternative /usr/bin/deallocvt
+bb_alternative /usr/bin/dirname
+bb_alternative /usr/bin/dos2unix
+bb_alternative /usr/bin/dumpkmap
+bb_alternative /usr/bin/du
+bb_alternative /usr/bin/env
+bb_alternative /usr/bin/expr
+bb_alternative /usr/bin/find
+bb_alternative /usr/bin/fold
+bb_alternative /usr/bin/free
+bb_alternative /usr/bin/ftpget
+bb_alternative /usr/bin/ftpput
+bb_alternative /usr/bin/getopt
+bb_alternative /usr/bin/head
+bb_alternative /usr/bin/hexdump
+bb_alternative /usr/bin/hostid
+bb_alternative /usr/bin/id
+bb_alternative /usr/bin/ipaddr
+bb_alternative /usr/bin/ipcalc
+bb_alternative /usr/bin/iplink
+bb_alternative /usr/bin/iproute
+bb_alternative /usr/bin/killall
+bb_alternative /usr/bin/last
+bb_alternative /usr/bin/loadfont
+bb_alternative /usr/bin/loadkmap
+bb_alternative /usr/bin/logger
+bb_alternative /usr/bin/logname
+bb_alternative /usr/bin/logread
+bb_alternative /usr/bin/md5sum
+bb_alternative /usr/bin/mkfifo
+bb_alternative /usr/bin/nslookup
+bb_alternative /usr/bin/od
+bb_alternative /usr/bin/openvt
+bb_alternative /usr/bin/patch
+bb_alternative /usr/bin/printf
+bb_alternative /usr/bin/rdate
+bb_alternative /usr/bin/realpath
+bb_alternative /usr/bin/rpm
+bb_alternative /usr/bin/rpm2cpio
+bb_alternative /usr/bin/renice
+bb_alternative /usr/bin/reset
+bb_alternative /usr/bin/setkeycodes
+bb_alternative /usr/bin/sha1sum
+bb_alternative /usr/bin/sort
+bb_alternative /usr/bin/strings
+bb_alternative /usr/bin/tail
+bb_alternative /usr/bin/tee
+bb_alternative /usr/bin/test
+bb_alternative /usr/bin/tftp
+bb_alternative /usr/bin/time
+bb_alternative /usr/bin/top
+bb_alternative /usr/bin/touch
+bb_alternative /usr/bin/tr
+bb_alternative /usr/bin/traceroute
+bb_alternative /usr/bin/tty
+bb_alternative /usr/bin/uniq
+bb_alternative /usr/bin/unix2dos
+bb_alternative /usr/bin/unzip
+bb_alternative /usr/bin/uptime
+bb_alternative /usr/bin/usleep
+bb_alternative /usr/bin/uudecode
+bb_alternative /usr/bin/uuencode
+bb_alternative /usr/bin/vi
+bb_alternative /usr/bin/watch
+bb_alternative /usr/bin/wc
+bb_alternative /usr/bin/wget
+bb_alternative /usr/bin/which
+bb_alternative /usr/bin/who
+bb_alternative /usr/bin/whoami
+bb_alternative /usr/bin/xargs
+bb_alternative /usr/bin/yes
+
+bb_alternative /usr/sbin/chroot
+bb_alternative /usr/sbin/dumpleases
+bb_alternative /usr/sbin/httpd
+bb_alternative /usr/sbin/telnetd
+bb_alternative /usr/sbin/traceroute
+bb_alternative /usr/sbin/udhcpc
+bb_alternative /usr/sbin/udhcpd
+bb_alternative /usr/sbin/watchdog
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 4
+# End:
diff --git a/data/live-build-config/hooks/live/12-udev-initramfs.chroot b/data/live-build-config/hooks/live/12-udev-initramfs.chroot
new file mode 100755
index 00000000..13bdfb89
--- /dev/null
+++ b/data/live-build-config/hooks/live/12-udev-initramfs.chroot
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+# this was a "local patch" but patch generates a .orig file if it doesn't
+# apply cleanly, which is not good when all files in the hook directory are
+# executed. just use sed to hack the udev hook here.
+
+sed -i 's/^\(mount -n -o move \/dev .*\/dev\)$/\1 2>\/dev\/null/' \
+  /usr/share/initramfs-tools/scripts/init-bottom/udev
+
diff --git a/data/live-build-config/hooks/live/13-vyos_replace.chroot b/data/live-build-config/hooks/live/13-vyos_replace.chroot
new file mode 100755
index 00000000..dcb00ff6
--- /dev/null
+++ b/data/live-build-config/hooks/live/13-vyos_replace.chroot
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+apt-get -y install vyos-replace
diff --git a/data/live-build-config/hooks/live/14-firmware-linux-nonfree.chroot b/data/live-build-config/hooks/live/14-firmware-linux-nonfree.chroot
new file mode 100755
index 00000000..887831cc
--- /dev/null
+++ b/data/live-build-config/hooks/live/14-firmware-linux-nonfree.chroot
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+cp /etc/apt/sources.list /etc/apt/sources.list.d/non-free.list
+sed -i 's/main/non-free/g' /etc/apt/sources.list.d/non-free.list
+
+if [ -e /etc/apt/sources.list.d/zz-sources.list ] ; then
+	cp /etc/apt/sources.list /etc/apt/sources.list.d/zz-non-free.list
+	sed -i 's/main/non-free/g' /etc/apt/sources.list.d/zz-non-free.list
+fi
+
+apt-get update
+apt-get -y install firmware-linux-nonfree
diff --git a/data/live-build-config/hooks/live/15-sources_list.chroot b/data/live-build-config/hooks/live/15-sources_list.chroot
new file mode 100755
index 00000000..956f9bba
--- /dev/null
+++ b/data/live-build-config/hooks/live/15-sources_list.chroot
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+rm -f /etc/apt/sources.list.d/*.list >/dev/null 2>&1 || true
+
diff --git a/data/live-build-config/hooks/live/16-fuse.chroot b/data/live-build-config/hooks/live/16-fuse.chroot
new file mode 100755
index 00000000..126dc626
--- /dev/null
+++ b/data/live-build-config/hooks/live/16-fuse.chroot
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+sed -i 's/#user_allow_other/user_allow_other/g' /etc/fuse.conf
+chmod a+r /etc/fuse.conf
diff --git a/data/live-build-config/hooks/live/17-gen_initramfs.chroot b/data/live-build-config/hooks/live/17-gen_initramfs.chroot
new file mode 100755
index 00000000..aced728a
--- /dev/null
+++ b/data/live-build-config/hooks/live/17-gen_initramfs.chroot
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+echo I: Create initramfs if it does not exist.
+update-initramfs -c -k `ls /boot | grep vmlinuz- | sed 's/vmlinuz-//g'`
diff --git a/data/live-build-config/hooks/live/18-enable-disable_services.chroot b/data/live-build-config/hooks/live/18-enable-disable_services.chroot
new file mode 100755
index 00000000..d4d89ba8
--- /dev/null
+++ b/data/live-build-config/hooks/live/18-enable-disable_services.chroot
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+echo I: Enabling/Disabling services.
+systemctl disable exim4
+/usr/sbin/update-rc.d -f exim4 remove
+systemctl disable isc-dhcp-server
+/usr/sbin/update-rc.d -f isc-dhcp-server remove
+systemctl disable isc-dhcp-relay
+/usr/sbin/update-rc.d -f isc-dhcp-relay remove
+systemctl disable nfacctd
+/usr/sbin/update-rc.d -f nfacctd remove
+systemctl disable pmacctd
+/usr/sbin/update-rc.d -f pmacctd remove
+systemctl disable sfacctd
+/usr/sbin/update-rc.d -f sfacctd remove
+systemctl disable uacctd
+/usr/sbin/update-rc.d -f uacctd remove
+systemctl disable lighttpd
+/usr/sbin/update-rc.d -f lighttpd remove
+systemctl disable ssh
+/usr/sbin/update-rc.d -f ssh remove
+systemctl disable openvpn
+/usr/sbin/update-rc.d -f openvpn remove
+systemctl disable lldpd
+/usr/sbin/update-rc.d -f lldpd remove
+systemctl enable ssh-session-cleanup
+systemctl disable conntrackd
+/usr/sbin/update-rc.d -f conntrackd remove
+systemctl disable mdns-repeater
+/usr/sbin/update-rc.d -f mdns-repeater remove
+systemctl disable udp-broadcast-relay{1.99}
+/usr/sbin/update-rc.d -f udp-broadcast-relay remove
+systemctl disable pdns-recursor
+/usr/sbin/update-rc.d -f pdns-recursor remove
+systemctl disable tftpd-hpa.service
+/usr/sbin/update-rc.d -f tftpd-hpa.service remove
+
+systemctl disable strongswan.service
+systemctl disable frr.service
+systemctl disable salt-minion.service
diff --git a/data/live-build-config/hooks/live/19-kernel_symlinks.chroot b/data/live-build-config/hooks/live/19-kernel_symlinks.chroot
new file mode 100755
index 00000000..e63ca263
--- /dev/null
+++ b/data/live-build-config/hooks/live/19-kernel_symlinks.chroot
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+echo I: Creating kernel symlinks.
+cd /boot
+ln -s initrd.img-* initrd.img
+ln -s vmlinuz-* vmlinuz
diff --git a/data/live-build-config/hooks/live/20-rm_ddclient_hook.chroot b/data/live-build-config/hooks/live/20-rm_ddclient_hook.chroot
new file mode 100755
index 00000000..173b4e5c
--- /dev/null
+++ b/data/live-build-config/hooks/live/20-rm_ddclient_hook.chroot
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+rm -f /etc/dhcp/dhclient-exit-hooks.d/ddclient
diff --git a/data/live-build-config/hooks/live/21-pam_mkhomedir.chroot b/data/live-build-config/hooks/live/21-pam_mkhomedir.chroot
new file mode 100755
index 00000000..af155ba4
--- /dev/null
+++ b/data/live-build-config/hooks/live/21-pam_mkhomedir.chroot
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+echo I: Create home directory on login.
+
+cat > /usr/share/pam-configs/mkhomedir <<EOF
+Name: Create home directory during login
+Default: yes
+Priority: 900
+Session-Type: Additional
+Session:
+        required        pam_mkhomedir.so umask=0022 skel=/etc/skel
+EOF
+sync
+sed -i '/mkhomedir/d' /var/lib/pam/seen
+pam-auth-update --package
+
diff --git a/data/live-build-config/hooks/live/24-efi_packages.chroot b/data/live-build-config/hooks/live/24-efi_packages.chroot
new file mode 100755
index 00000000..c2b1ff11
--- /dev/null
+++ b/data/live-build-config/hooks/live/24-efi_packages.chroot
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+echo I: Download grub-efi packages.
+
+mkdir -p /usr/share/vyos/packages
+cd /usr/share/vyos/packages
+aptitude download grub-efi
+aptitude download grub-efi-amd64
diff --git a/data/live-build-config/hooks/live/30-frr-configs.chroot b/data/live-build-config/hooks/live/30-frr-configs.chroot
new file mode 100755
index 00000000..cc169fb5
--- /dev/null
+++ b/data/live-build-config/hooks/live/30-frr-configs.chroot
@@ -0,0 +1,66 @@
+#!/usr/bin/env python
+
+# For FRR to work in VyOS as expected we need a few fixups
+#
+# 1. Enable daemons we use in /etc/frr/daemons
+# 2. Set the VRF backend of Zebra to netns (-n option) in /etc/frr/daemons.conf
+#    Otherwise multiple routing tables for PBR won't work
+# 3. Create empty configs for daemons with use
+#    That is to make them possible to start on boot before config is loaded
+#
+
+import os
+
+daemons = """
+zebra=yes
+bgpd=yes
+ospfd=yes
+ospf6d=yes
+ripd=yes
+ripngd=yes
+isisd=no
+pimd=no
+ldpd=no
+nhrpd=no
+eigrpd=no
+babeld=no
+sharpd=no
+pbrd=no
+bfdd=no
+"""
+
+daemons_conf = """
+vtysh_enable=yes
+zebra_options="  -s 90000000 --daemon -A 127.0.0.1 -M snmp -n"
+bgpd_options="   --daemon -A 127.0.0.1 -M snmp"
+ospfd_options="  --daemon -A 127.0.0.1 -M snmp"
+ospf6d_options=" --daemon -A ::1 -M snmp"
+ripd_options="   --daemon -A 127.0.0.1 -M snmp"
+ripngd_options=" --daemon -A ::1"
+isisd_options="  --daemon -A 127.0.0.1"
+pimd_options="  --daemon -A 127.0.0.1"
+ldpd_options="  --daemon -A 127.0.0.1"
+nhrpd_options="  --daemon -A 127.0.0.1"
+eigrpd_options="  --daemon -A 127.0.0.1"
+babeld_options="  --daemon -A 127.0.0.1"
+sharpd_options="  --daemon -A 127.0.0.1"
+pbrd_options="  --daemon -A 127.0.0.1"
+staticd_options="  --daemon -A 127.0.0.1"
+bfdd_options="  --daemon -A 127.0.0.1"
+
+watchfrr_enable=no
+watchfrr_options=(-d -r /usr/sbin/servicebBfrrbBrestartbB%s -s /usr/sbin/servicebBfrrbBstartbB%s -k /usr/sbin/servicebBfrrbBstopbB%s -b bB)
+
+valgrind_enable=no
+valgrind=/usr/bin/valgrind
+"""
+
+with open("/etc/frr/daemons", "w") as f:
+    f.write(daemons)
+
+with open("/etc/frr/daemons.conf", "w") as f:
+    f.write(daemons_conf)
+
+# Create empty daemon configs so that they start properly
+for name in ["zebra.conf", "bgpd.conf", "ospfd.conf", "ospf6d.conf", "ripd.conf", "ripngd.conf"]:
+    open(os.path.join("/etc/frr", name), 'a').close()
diff --git a/data/live-build-config/hooks/live/30-strongswan-configs.chroot b/data/live-build-config/hooks/live/30-strongswan-configs.chroot
new file mode 100755
index 00000000..25562a65
--- /dev/null
+++ b/data/live-build-config/hooks/live/30-strongswan-configs.chroot
@@ -0,0 +1,38 @@
+#!/usr/bin/env python
+
+# The Cisco Unity plugin, that implements a proprietary extension
+# for IPsec split tunneling, interfers with DMVPN
+#
+# Since we do not do remote access IPsec, the simplest solution
+# is to disable it entirely from the start.
+
+import re
+
+# Disable the 'cisco_unity' option in charon.conf
+with open('/etc/strongswan.d/charon.conf', 'r') as f:
+    charon_conf = f.read()
+    charon_conf = re.sub(r'# (cisco_unity = no)', r"\1", charon_conf)
+
+with open('/etc/strongswan.d/charon.conf', 'w') as f:
+    f.write(charon_conf)
+
+
+
+# Prevent the 'cisco_unity' plugin from loading
+with open('/etc/strongswan.d/charon/unity.conf', 'r') as f:
+    unity_conf = f.read()
+    unity_conf = re.sub(r'load = yes', r'load = no', unity_conf)
+
+with open('/etc/strongswan.d/charon/unity.conf', 'w') as f:
+    f.write(unity_conf)
+
+
+
+# Prevent the 'farp' plugin from loading
+with open('/etc/strongswan.d/charon/farp.conf', 'r') as f:
+    farp_conf = f.read()
+
+    farp_conf = re.sub(r'load = yes', r'load = no', farp_conf)
+
+with open('/etc/strongswan.d/charon/farp.conf', 'w') as f:
+    f.write(farp_conf)
diff --git a/data/live-build-config/hooks/live/99-cleanup-packages.chroot b/data/live-build-config/hooks/live/99-cleanup-packages.chroot
new file mode 100755
index 00000000..63be7df6
--- /dev/null
+++ b/data/live-build-config/hooks/live/99-cleanup-packages.chroot
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+# Clean up packages that were installed for dependencies but are no longer needed
+# and packages installed by metapackages that we'll never need
+
+UNWANTED_PKGS="dahdi-firmware-nonfree \
+               firmware-crystalhd firmware-ivtv \
+               firmware-samsung"
+
+for p in $UNWANTED_PKGS; do
+  apt-get -y remove $p
+done
+
+#apt-get -y autoremove