diff options
Diffstat (limited to 'data/live-build-config')
38 files changed, 750 insertions, 0 deletions
diff --git a/data/live-build-config/archives/vyos.key.chroot b/data/live-build-config/archives/vyos.key.chroot new file mode 100644 index 00000000..a6522e36 --- /dev/null +++ b/data/live-build-config/archives/vyos.key.chroot @@ -0,0 +1,32 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.12 (GNU/Linux) + +mQENBFOQPGwBCADjm8Oq3kaJQh0rI33XVfd9mNq5ffay884SlDCbG1hkLVf8tnGV +cjH7/nFfJdW/6Gr4dj4LQuHHnin5QeWnlHfuOySlOEsJCNP5dm14oEjy7epSXOv2 +A3m2tPDDqwMgfrOyw1gN+Clit9QIujiRzbcakqearyNxcVNvinIVunNiWbAyIhvc +uI6yfMjno4q/O83c7e1zBqJj9t9guQjBuqaJrmZVf985/6ue9yWzSI4JtzxVmhKI +dfCxHWE7BiEt2hnZPSVGcb4q6cBrkpcra7Ny55eoyN51wQGokPv3a9/8b3r5speR +gene2MTvD/3eZOtTvMN000f/gJX4E6o8xx+fABEBAAG0R1Z5T1MgTWFpbnRhaW5l +cnMgKERldmVsb3BtZW50IGFuZCB0ZXN0aW5nIHJlcG9zKSA8bWFpbnRhaW5lcnNA +dnlvcy5uZXQ+iQE4BBMBAgAiBQJTkDxsAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIe +AQIXgAAKCRAywkm9DfBLXJbHB/4xlwn+6cZGEWWNZgXwUTMeHubZItl1o3Tbrzaa +E3EqYyHJMYb3gBLOomlw7JLw5qT/247tlPC8ricl+BpeE5vYA3a08mIpcymROFh6 +pKJLNvdZHjrVN9yH2xYifI5sIDyuPga8Bgq/BMRiB1ragS/on2aUs75+tsEI32NI +JO8+jIav0Nd6n/Wmw55ioTXS3fx6VDb64D80luOf1ve5LFDs8Oz2I+ZjSf7mPMY/ +b9qQHNb/300k/tIeK2F4G7LFu6o/1YMlrv0Ry7j9BsLzIkmTh0pX4mSVvF6IrxsZ +WJRKu3uQDH2qccjptZDq4jHo/ow+aWT8rakjOgL9nJgKD5u/uQENBFOQPGwBCAC0 +zHpsmcfUIDyflGL+vwHV/3L02/vItHXfIkugL+wFB9C9i6nWA1KqNJwqNflJLGQF +y+vHXs0oa3oMKj7S3p2zTbuU8s9Vz2Cg5c15sy7yGjh/LTwVOR5ZJrgbRJxTTp9K +j5bkrx/DbDjIQ5szyjZ5N1ZAUyUx5Z/xMB3mTnLxDASvaoq+/F6WNcYY7NzjI7M0 +SFtnZLj6MFUVTmSbyYdGQc/Cxu5Utl7WKJUqHW5z10vJruZsdKV2+vf98yqhAJ+v +wPhKUoVD+KtCH/CrHFrVq0hCKIMtyPLtaTeR/QnCNDEsV4p82HB9KQOYEADEL3/A +a7Dntf3Xi+5eO/3MlnshABEBAAGJAR8EGAECAAkFAlOQPGwCGwwACgkQMsJJvQ3w +S1z+wwf9GnVn9GhbB1FhKQdavljp9rUzz8FvH3tRpftdhhJ8B0PVAMl4QRcIXrgD +nyd1K9ggzyWa4Z/9PygvH0Njv4YWlZh900wei9uVD8am1ncgQ/Jqlb36WvXyr8W/ +VPzQDtKAOkUz6RhKQ4V6I0PBK9nGeqeFkeH1bF1uGXkKpa0hGWffyOT1VasaZVXT +UN4VAYNzBwkoU0mIYK73CPi7e4YJrtOp/i8MGDL3pxKaZEEZJdc4/dZassqBuwSG +MRr2kecj9f53KWI0jLQdLgTMJQxscotfzhsWoF/842sUCbezwV3/4FtBhlNeqUHA +c9HOeh3wbjjt4uONvxeleE+jM9v63Q== +=gflA +-----END PGP PUBLIC KEY BLOCK----- + diff --git a/data/live-build-config/hooks/00-manifest.binary b/data/live-build-config/hooks/00-manifest.binary new file mode 100755 index 00000000..6db8b6f3 --- /dev/null +++ b/data/live-build-config/hooks/00-manifest.binary @@ -0,0 +1,4 @@ +#!/bin/sh + +echo I: Backwards compat packages.txt +echo "ii vyatta-version " > binary/live/packages.txt diff --git a/data/live-build-config/hooks/00-mk_buildid.chroot b/data/live-build-config/hooks/00-mk_buildid.chroot new file mode 100755 index 00000000..087addad --- /dev/null +++ b/data/live-build-config/hooks/00-mk_buildid.chroot @@ -0,0 +1,22 @@ +#!/bin/sh +# create the buildid file + +etcdir=/opt/vyatta/etc + +[ -d $etcdir ] || mkdir -p -m 0755 $etcdir +rm -f $etcdir/build.txt $etcdir/iso-build.txt $etc/iso-submodules.txt + +## NOTE: on live image build, these files are in the chroot/root +## however, during install, these are in /cdrom +for f in iso-build.txt iso-submodules.txt ; do + if [ -f /cdrom/$f ] ; then + cp /cdrom/$f $etcdir + elif [ -f /$f ] ; then + cp /$f $etcdir + else + >$etcdir/$f + fi +done + +# backwards compatible symlink +ln -s iso-build.txt $etcdir/build.txt diff --git a/data/live-build-config/hooks/01-interfaces.chroot b/data/live-build-config/hooks/01-interfaces.chroot new file mode 100755 index 00000000..8d218ea4 --- /dev/null +++ b/data/live-build-config/hooks/01-interfaces.chroot @@ -0,0 +1,12 @@ +#!/bin/sh + +if ! grep '^auto lo' /etc/network/interfaces &> /dev/null ; then + mkdir -p -m 0755 /etc/network + cat >> /etc/network/interfaces <<-EOF + + # The loopback network interface + auto lo + iface lo inet loopback + + EOF +fi diff --git a/data/live-build-config/hooks/02-issue.chroot b/data/live-build-config/hooks/02-issue.chroot new file mode 100755 index 00000000..732ebeb0 --- /dev/null +++ b/data/live-build-config/hooks/02-issue.chroot @@ -0,0 +1,10 @@ +#!/bin/sh + +echo I: Rewriting /etc/issue and /etc/issue.net +cat <<EOF > etc/issue +Welcome to VyOS - \n \l + +EOF +cat <<EOF > etc/issue.net +Welcome to VyOS +EOF diff --git a/data/live-build-config/hooks/03-root_bash_completion.chroot b/data/live-build-config/hooks/03-root_bash_completion.chroot new file mode 100755 index 00000000..b7ea8f52 --- /dev/null +++ b/data/live-build-config/hooks/03-root_bash_completion.chroot @@ -0,0 +1,10 @@ +#!/bin/sh + +grep -q '\(^[^#]*\)\(\.\|source\) /etc/bash_completion' root/.bashrc || \ + cat <<-EOF >> root/.bashrc + + source /etc/bash_completion + EOF + +sed -i 's/set $BASH_COMPLETION_ORIGINAL_V_VALUE/builtin set $BASH_COMPLETION_ORIGINAL_V_VALUE/g' /usr/share/bash-completion/bash_completion + diff --git a/data/live-build-config/hooks/04-locale.chroot b/data/live-build-config/hooks/04-locale.chroot new file mode 100755 index 00000000..89a5f954 --- /dev/null +++ b/data/live-build-config/hooks/04-locale.chroot @@ -0,0 +1,9 @@ +#!/bin/sh + +echo I: Set default locale +cat <<EOF >etc/default/locale +LANG=en_US.UTF-8 +LC_ALL=C +EOF + +sed -i 's/AcceptEnv LANG LC_\*/# AcceptEnv LANG LC_\*/g' /etc/ssh/sshd_config diff --git a/data/live-build-config/hooks/05-event_tty.chroot b/data/live-build-config/hooks/05-event_tty.chroot new file mode 100755 index 00000000..a00167f7 --- /dev/null +++ b/data/live-build-config/hooks/05-event_tty.chroot @@ -0,0 +1,34 @@ +#!/bin/sh + +if [ -r etc/event.d/tty1 ] ; then + echo I: Delay getty until rcX completes + sed -i 's/start on runlevel /start on stopped rc/' \ + etc/event.d/tty[1-6] + if [ ! -r etc/event.d/ttyS0 ] && [ -c dev/ttyS0 ] ; then + echo I: Enable serial console login + cat <<-EOF > etc/event.d/ttyS0 + # ttyS0 - getty + # + # This service maintains a getty on ttyS0 from the point the system is + # started until it is shut down again. + + start on stopped rc2 + start on stopped rc3 + start on stopped rc4 + start on stopped rc5 + + stop on runlevel 0 + stop on runlevel 1 + stop on runlevel 6 + + respawn + exec /sbin/getty 9600 ttyS0 vt100 + + EOF + fi +fi + +if [ -r etc/inittab ] && [ -c dev/ttyS0 ] && grep -q '^#T0:.*getty.*ttyS0' etc/inittab ; then + echo I: Enable serial console login + sed -i '/^#T0:/s|^#.*$|T0:23:respawn:/sbin/getty -L ttyS0 9600 vt100|' etc/inittab +fi diff --git a/data/live-build-config/hooks/07-apt.chroot b/data/live-build-config/hooks/07-apt.chroot new file mode 100755 index 00000000..8db33a78 --- /dev/null +++ b/data/live-build-config/hooks/07-apt.chroot @@ -0,0 +1,8 @@ +#!/bin/sh + +if [ -e /cdrom/vyatta-pubkey.gpg ] ; then + apt-key add /cdrom/vyatta-pubkey.gpg +elif [ -e /vyatta-pubkey.gpg ] ; then + apt-key add /vyatta-pubkey.gpg + rm -f /vyatta-pubkey.gpg +fi diff --git a/data/live-build-config/hooks/08-sysconf.chroot b/data/live-build-config/hooks/08-sysconf.chroot new file mode 100755 index 00000000..b0399027 --- /dev/null +++ b/data/live-build-config/hooks/08-sysconf.chroot @@ -0,0 +1,47 @@ +#!/bin/sh + +for conf in motd.tail syslog.conf; do + cp -f /opt/vyatta/etc/$conf /etc/$conf +done + +cp -f /opt/vyatta/etc/default_ssh /etc/default/ssh +>/etc/pam_radius_auth.conf + +update_sysctl_conf () +{ + var=$1 + val=$2 + comment=$3 + sysctl_conf=/etc/sysctl.conf + + if grep -q "^${var}[[:space:]]*=" $sysctl_conf ; then + sed -i "/^${var}[[:space:]]*=/ s,=.*,= ${val}," $sysctl_conf + elif grep -q "^#[[:space:]]*${var}[[:space:]]*=" $sysctl_conf ; then + sed -i "/^#[[:space:]]*${var}[[:space:]]*=/ { s,^#[[:space:]]*,, ; s,[[:space:]]*=.*, = ${val},} " $sysctl_conf + else + cat <<-EOF >> $sysctl_conf + + # $comment + $var = $val + EOF + fi +} + +update_sysctl_conf kernel.printk "4 4 1 7" \ + "the following stops low-level messages on console" +update_sysctl_conf net.ipv4.conf.default.arp_filter 1 \ + "reset promiscous arp response" +update_sysctl_conf net.ipv4.conf.all.promote_secondaries 1 \ + "promote secondaries with removal of primary address" +update_sysctl_conf net.ipv4.ip_forward 1 \ + "enable ipv4 forwarding" +# FIXME! need to load or staticly link ipv6 module before adding this. +# update_sysctl_conf net.ipv6.conf.all.forwarding 1 \ +# "enable ipv6 forwarding" +update_sysctl_conf net.core.rmem_max 223232 \ + "maximize netlink buffers" + +# Local Variables: +# mode: shell-script +# sh-indentation: 4 +# End: diff --git a/data/live-build-config/hooks/09-live.chroot b/data/live-build-config/hooks/09-live.chroot new file mode 100755 index 00000000..f19f0ae6 --- /dev/null +++ b/data/live-build-config/hooks/09-live.chroot @@ -0,0 +1,11 @@ +#!/bin/sh + +# hack live script that tries to mount ext[23] floppies as root +# remove user settings live config scripts + +sed -e '/ln -s "${devname}"/,/return 0/ s/^/: FIXME/' \ + -i /usr/share/initramfs-tools/scripts/live + +rm -rf /lib/live/config/0030-live-debconfig_passwd +rm -rf /lib/live/config/0030-user-setup +rm -rf /lib/live/config/0040-sudo diff --git a/data/live-build-config/hooks/10-unmountfs.chroot b/data/live-build-config/hooks/10-unmountfs.chroot new file mode 100755 index 00000000..7992a4d2 --- /dev/null +++ b/data/live-build-config/hooks/10-unmountfs.chroot @@ -0,0 +1,12 @@ +#!/bin/sh + +# hack umountfs script to cleanly unmount live systems + +sed \ + -e '/proc|procfs|linprocfs/ s/)/|squashfs|iso9660)/' \ + -e '/tmpfs)/ a\ + [ "$MTPT" != "/media" ] && \ + [ "$MTPT" != "/live" ] && \ + [ "$MTPT" != "/live/cow" ] && +' \ + -i /etc/init.d/umountfs diff --git a/data/live-build-config/hooks/11-busybox.chroot b/data/live-build-config/hooks/11-busybox.chroot new file mode 100755 index 00000000..fecce616 --- /dev/null +++ b/data/live-build-config/hooks/11-busybox.chroot @@ -0,0 +1,183 @@ +#!/bin/sh + +# create busybox alternatives + +bb=`which busybox` +applets=$(busybox | sed '1,/^Currently defined functions:/d; s/[\[,]//g; s/ / /g; s/$/ /g') + +bb_alternative () +{ + full=$1 + full_bb=${full}.bb + app=${full##*/} + if [ ! -x $full ] && (echo -n "$applets" | grep -q " $app "); then + ln -s $bb $full_bb + update-alternatives --install $full $app $full_bb 10 + fi +} + +bb_alternative /bin/bunzip2 +bb_alternative /bin/bzcat +bb_alternative /bin/cat +bb_alternative /bin/chgrp +bb_alternative /bin/chmod +bb_alternative /bin/chown +bb_alternative /bin/cp +bb_alternative /bin/cpio +bb_alternative /bin/date +bb_alternative /bin/dd +bb_alternative /bin/df +bb_alternative /bin/dmesg +bb_alternative /bin/echo +bb_alternative /bin/egrep +bb_alternative /bin/false +bb_alternative /bin/fgrep +bb_alternative /bin/grep +bb_alternative /bin/gunzip +bb_alternative /bin/gzip +bb_alternative /bin/hostname +bb_alternative /bin/ip +bb_alternative /bin/kill +bb_alternative /bin/ln +bb_alternative /bin/login +bb_alternative /bin/ls +bb_alternative /bin/mkdir +bb_alternative /bin/mknod +bb_alternative /bin/mktemp +bb_alternative /bin/more +bb_alternative /bin/mount +bb_alternative /bin/mt +bb_alternative /bin/mv +bb_alternative /bin/nc +bb_alternative /bin/netstat +bb_alternative /bin/pidof +bb_alternative /bin/ping +bb_alternative /bin/ping6 +bb_alternative /bin/ps +bb_alternative /bin/pwd +bb_alternative /bin/readlink +bb_alternative /bin/rm +bb_alternative /bin/rmdir +bb_alternative /bin/run-parts +bb_alternative /bin/sed +bb_alternative /bin/sh +bb_alternative /bin/sleep +bb_alternative /bin/stty +bb_alternative /bin/sync +bb_alternative /bin/tar +bb_alternative /bin/touch +bb_alternative /bin/true +bb_alternative /bin/umount +bb_alternative /bin/uname +bb_alternative /bin/uncompress +bb_alternative /bin/which +bb_alternative /bin/zcat + +bb_alternative /sbin/ifconfig +bb_alternative /sbin/ip +bb_alternative /sbin/iptunnel +bb_alternative /sbin/klogd +bb_alternative /sbin/losetup +bb_alternative /sbin/nameif +bb_alternative /sbin/route +bb_alternative /sbin/start-stop-daemon +bb_alternative /sbin/swapoff +bb_alternative /sbin/swapon +bb_alternative /sbin/syslogd + +bb_alternative /usr/bin/adjtimex +bb_alternative /usr/bin/ar +bb_alternative /usr/bin/arping +bb_alternative /usr/bin/awk +bb_alternative /usr/bin/basename +bb_alternative /usr/bin/cal +bb_alternative /usr/bin/chvt +bb_alternative /usr/bin/clear +bb_alternative /usr/bin/cmp +bb_alternative /usr/bin/cut +bb_alternative /usr/bin/dc +bb_alternative /usr/bin/deallocvt +bb_alternative /usr/bin/dirname +bb_alternative /usr/bin/dos2unix +bb_alternative /usr/bin/dumpkmap +bb_alternative /usr/bin/du +bb_alternative /usr/bin/env +bb_alternative /usr/bin/expr +bb_alternative /usr/bin/find +bb_alternative /usr/bin/fold +bb_alternative /usr/bin/free +bb_alternative /usr/bin/ftpget +bb_alternative /usr/bin/ftpput +bb_alternative /usr/bin/getopt +bb_alternative /usr/bin/head +bb_alternative /usr/bin/hexdump +bb_alternative /usr/bin/hostid +bb_alternative /usr/bin/id +bb_alternative /usr/bin/ipaddr +bb_alternative /usr/bin/ipcalc +bb_alternative /usr/bin/iplink +bb_alternative /usr/bin/iproute +bb_alternative /usr/bin/killall +bb_alternative /usr/bin/last +bb_alternative /usr/bin/loadfont +bb_alternative /usr/bin/loadkmap +bb_alternative /usr/bin/logger +bb_alternative /usr/bin/logname +bb_alternative /usr/bin/logread +bb_alternative /usr/bin/md5sum +bb_alternative /usr/bin/mkfifo +bb_alternative /usr/bin/nslookup +bb_alternative /usr/bin/od +bb_alternative /usr/bin/openvt +bb_alternative /usr/bin/patch +bb_alternative /usr/bin/printf +bb_alternative /usr/bin/rdate +bb_alternative /usr/bin/realpath +bb_alternative /usr/bin/rpm +bb_alternative /usr/bin/rpm2cpio +bb_alternative /usr/bin/renice +bb_alternative /usr/bin/reset +bb_alternative /usr/bin/setkeycodes +bb_alternative /usr/bin/sha1sum +bb_alternative /usr/bin/sort +bb_alternative /usr/bin/strings +bb_alternative /usr/bin/tail +bb_alternative /usr/bin/tee +bb_alternative /usr/bin/test +bb_alternative /usr/bin/tftp +bb_alternative /usr/bin/time +bb_alternative /usr/bin/top +bb_alternative /usr/bin/touch +bb_alternative /usr/bin/tr +bb_alternative /usr/bin/traceroute +bb_alternative /usr/bin/tty +bb_alternative /usr/bin/uniq +bb_alternative /usr/bin/unix2dos +bb_alternative /usr/bin/unzip +bb_alternative /usr/bin/uptime +bb_alternative /usr/bin/usleep +bb_alternative /usr/bin/uudecode +bb_alternative /usr/bin/uuencode +bb_alternative /usr/bin/vi +bb_alternative /usr/bin/watch +bb_alternative /usr/bin/wc +bb_alternative /usr/bin/wget +bb_alternative /usr/bin/which +bb_alternative /usr/bin/who +bb_alternative /usr/bin/whoami +bb_alternative /usr/bin/xargs +bb_alternative /usr/bin/yes + +bb_alternative /usr/sbin/chroot +bb_alternative /usr/sbin/dumpleases +bb_alternative /usr/sbin/httpd +bb_alternative /usr/sbin/telnetd +bb_alternative /usr/sbin/traceroute +bb_alternative /usr/sbin/udhcpc +bb_alternative /usr/sbin/udhcpd +bb_alternative /usr/sbin/watchdog + +# Local Variables: +# mode: shell-script +# sh-indentation: 4 +# End: diff --git a/data/live-build-config/hooks/12-udev-initramfs.chroot b/data/live-build-config/hooks/12-udev-initramfs.chroot new file mode 100755 index 00000000..13bdfb89 --- /dev/null +++ b/data/live-build-config/hooks/12-udev-initramfs.chroot @@ -0,0 +1,9 @@ +#!/bin/sh + +# this was a "local patch" but patch generates a .orig file if it doesn't +# apply cleanly, which is not good when all files in the hook directory are +# executed. just use sed to hack the udev hook here. + +sed -i 's/^\(mount -n -o move \/dev .*\/dev\)$/\1 2>\/dev\/null/' \ + /usr/share/initramfs-tools/scripts/init-bottom/udev + diff --git a/data/live-build-config/hooks/13-vyos_replace.chroot b/data/live-build-config/hooks/13-vyos_replace.chroot new file mode 100755 index 00000000..dcb00ff6 --- /dev/null +++ b/data/live-build-config/hooks/13-vyos_replace.chroot @@ -0,0 +1,3 @@ +#!/bin/sh + +apt-get -y install vyos-replace diff --git a/data/live-build-config/hooks/14-firmware-linux-nonfree.chroot b/data/live-build-config/hooks/14-firmware-linux-nonfree.chroot new file mode 100755 index 00000000..887831cc --- /dev/null +++ b/data/live-build-config/hooks/14-firmware-linux-nonfree.chroot @@ -0,0 +1,12 @@ +#!/bin/sh + +cp /etc/apt/sources.list /etc/apt/sources.list.d/non-free.list +sed -i 's/main/non-free/g' /etc/apt/sources.list.d/non-free.list + +if [ -e /etc/apt/sources.list.d/zz-sources.list ] ; then + cp /etc/apt/sources.list /etc/apt/sources.list.d/zz-non-free.list + sed -i 's/main/non-free/g' /etc/apt/sources.list.d/zz-non-free.list +fi + +apt-get update +apt-get -y install firmware-linux-nonfree diff --git a/data/live-build-config/hooks/15-sources_list.chroot b/data/live-build-config/hooks/15-sources_list.chroot new file mode 100755 index 00000000..956f9bba --- /dev/null +++ b/data/live-build-config/hooks/15-sources_list.chroot @@ -0,0 +1,4 @@ +#!/bin/sh + +rm -f /etc/apt/sources.list.d/*.list >/dev/null 2>&1 || true + diff --git a/data/live-build-config/hooks/16-fuse.chroot b/data/live-build-config/hooks/16-fuse.chroot new file mode 100755 index 00000000..126dc626 --- /dev/null +++ b/data/live-build-config/hooks/16-fuse.chroot @@ -0,0 +1,4 @@ +#!/bin/sh + +sed -i 's/#user_allow_other/user_allow_other/g' /etc/fuse.conf +chmod a+r /etc/fuse.conf diff --git a/data/live-build-config/hooks/17-gen_initramfs.chroot b/data/live-build-config/hooks/17-gen_initramfs.chroot new file mode 100755 index 00000000..aced728a --- /dev/null +++ b/data/live-build-config/hooks/17-gen_initramfs.chroot @@ -0,0 +1,4 @@ +#!/bin/sh + +echo I: Create initramfs if it does not exist. +update-initramfs -c -k `ls /boot | grep vmlinuz- | sed 's/vmlinuz-//g'` diff --git a/data/live-build-config/hooks/18-enable-disable_services.chroot b/data/live-build-config/hooks/18-enable-disable_services.chroot new file mode 100755 index 00000000..fe30c95f --- /dev/null +++ b/data/live-build-config/hooks/18-enable-disable_services.chroot @@ -0,0 +1,34 @@ +#!/bin/sh + +echo I: Enabling/Disabling services. +systemctl disable exim4 +/usr/sbin/update-rc.d -f exim4 remove +systemctl disable isc-dhcp-server +/usr/sbin/update-rc.d -f isc-dhcp-server remove +systemctl disable isc-dhcp-relay +/usr/sbin/update-rc.d -f isc-dhcp-relay remove +systemctl disable nfacctd +/usr/sbin/update-rc.d -f nfacctd remove +systemctl disable pmacctd +/usr/sbin/update-rc.d -f pmacctd remove +systemctl disable sfacctd +/usr/sbin/update-rc.d -f sfacctd remove +systemctl disable uacctd +/usr/sbin/update-rc.d -f uacctd remove +systemctl disable lighttpd +/usr/sbin/update-rc.d -f lighttpd remove +systemctl disable ssh +/usr/sbin/update-rc.d -f ssh remove +systemctl disable openvpn +/usr/sbin/update-rc.d -f openvpn remove +systemctl disable lldpd +/usr/sbin/update-rc.d -f lldpd remove +systemctl enable ssh-session-cleanup +systemctl disable conntrackd +/usr/sbin/update-rc.d -f conntrackd remove +systemctl disable mdns-repeater +/usr/sbin/update-rc.d -f mdns-repeater remove +systemctl disable udp-broadcast-relay{1.99} +/usr/sbin/update-rc.d -f udp-broadcast-relay remove +systemctl disable pdns-recursor +/usr/sbin/update-rc.d -f pdns-recursor remove diff --git a/data/live-build-config/hooks/19-kernel_symlinks.chroot b/data/live-build-config/hooks/19-kernel_symlinks.chroot new file mode 100755 index 00000000..e63ca263 --- /dev/null +++ b/data/live-build-config/hooks/19-kernel_symlinks.chroot @@ -0,0 +1,6 @@ +#!/bin/sh + +echo I: Creating kernel symlinks. +cd /boot +ln -s initrd.img-* initrd.img +ln -s vmlinuz-* vmlinuz diff --git a/data/live-build-config/hooks/20-rm_ddclient_hook.chroot b/data/live-build-config/hooks/20-rm_ddclient_hook.chroot new file mode 100755 index 00000000..173b4e5c --- /dev/null +++ b/data/live-build-config/hooks/20-rm_ddclient_hook.chroot @@ -0,0 +1,3 @@ +#!/bin/sh + +rm -f /etc/dhcp/dhclient-exit-hooks.d/ddclient diff --git a/data/live-build-config/hooks/21-pam_mkhomedir.chroot b/data/live-build-config/hooks/21-pam_mkhomedir.chroot new file mode 100755 index 00000000..af155ba4 --- /dev/null +++ b/data/live-build-config/hooks/21-pam_mkhomedir.chroot @@ -0,0 +1,16 @@ +#!/bin/sh + +echo I: Create home directory on login. + +cat > /usr/share/pam-configs/mkhomedir <<EOF +Name: Create home directory during login +Default: yes +Priority: 900 +Session-Type: Additional +Session: + required pam_mkhomedir.so umask=0022 skel=/etc/skel +EOF +sync +sed -i '/mkhomedir/d' /var/lib/pam/seen +pam-auth-update --package + diff --git a/data/live-build-config/hooks/99-cleanup-packages.chroot b/data/live-build-config/hooks/99-cleanup-packages.chroot new file mode 100755 index 00000000..63be7df6 --- /dev/null +++ b/data/live-build-config/hooks/99-cleanup-packages.chroot @@ -0,0 +1,14 @@ +#!/bin/sh + +# Clean up packages that were installed for dependencies but are no longer needed +# and packages installed by metapackages that we'll never need + +UNWANTED_PKGS="dahdi-firmware-nonfree \ + firmware-crystalhd firmware-ivtv \ + firmware-samsung" + +for p in $UNWANTED_PKGS; do + apt-get -y remove $p +done + +#apt-get -y autoremove diff --git a/data/live-build-config/includes.binary/isolinux/isolinux.cfg b/data/live-build-config/includes.binary/isolinux/isolinux.cfg new file mode 100644 index 00000000..ede2b6e1 --- /dev/null +++ b/data/live-build-config/includes.binary/isolinux/isolinux.cfg @@ -0,0 +1,11 @@ +include menu.cfg +default vesamenu.c32 +prompt 0 + +# Ignore the Shift/Alt/Caps Lock/Scroll Lock escape +noescape 1 + +# Wait 10 seconds unless the user types something, but +# always boot after 5 minutes. +timeout 100 +totaltimeout 3000 diff --git a/data/live-build-config/includes.binary/isolinux/menu.cfg b/data/live-build-config/includes.binary/isolinux/menu.cfg new file mode 100644 index 00000000..135b2e96 --- /dev/null +++ b/data/live-build-config/includes.binary/isolinux/menu.cfg @@ -0,0 +1,8 @@ +menu hshift 0 +menu width 82 + +menu title VyOS - Boot Menu +include stdmenu.cfg +include live.cfg + +menu clear diff --git a/data/live-build-config/includes.binary/isolinux/splash.png b/data/live-build-config/includes.binary/isolinux/splash.png Binary files differnew file mode 100644 index 00000000..e2c9bfa4 --- /dev/null +++ b/data/live-build-config/includes.binary/isolinux/splash.png diff --git a/data/live-build-config/includes.chroot/etc/systemd/journald.conf b/data/live-build-config/includes.chroot/etc/systemd/journald.conf new file mode 100644 index 00000000..5aecf4f8 --- /dev/null +++ b/data/live-build-config/includes.chroot/etc/systemd/journald.conf @@ -0,0 +1,43 @@ +# This file is managed in vyos-build +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. +# +# Entries in this file show the compile time defaults. +# You can change settings by editing this file. +# Defaults can be restored by simply deleting this file. +# +# See journald.conf(5) for details. + +[Journal] +#Storage=persistent +#Compress=yes +#Seal=yes +#SplitMode=uid +#SyncIntervalSec=5m +#RateLimitIntervalSec=30s +#RateLimitBurst=1000 +#SystemMaxUse= +#SystemKeepFree= +#SystemMaxFileSize= +#SystemMaxFiles=100 +#RuntimeMaxUse= +#RuntimeKeepFree= +#RuntimeMaxFileSize= +#RuntimeMaxFiles=100 +#MaxRetentionSec= +#MaxFileSec=1month +ForwardToSyslog=yes +#ForwardToKMsg=no +#ForwardToConsole=no +#ForwardToWall=yes +#TTYPath=/dev/console +#MaxLevelStore=debug +MaxLevelSyslog=debug +#MaxLevelKMsg=notice +#MaxLevelConsole=info +#MaxLevelWall=emerg diff --git a/data/live-build-config/includes.chroot/etc/systemd/system.conf b/data/live-build-config/includes.chroot/etc/systemd/system.conf new file mode 100644 index 00000000..91af4090 --- /dev/null +++ b/data/live-build-config/includes.chroot/etc/systemd/system.conf @@ -0,0 +1,55 @@ +# This file is managed in vyos-build +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. +# +# See systemd-system.conf(5) for details + +[Manager] +#LogLevel=info +#LogTarget=journal-or-kmsg +#LogColor=yes +#LogLocation=no +#DumpCore=yes +#CrashShell=no +ShowStatus=yes +#CrashChVT=1 +#CPUAffinity=1 2 +#JoinControllers=cpu,cpuacct net_cls,net_prio +#RuntimeWatchdogSec=0 +#ShutdownWatchdogSec=10min +#CapabilityBoundingSet= +#SystemCallArchitectures= +#TimerSlackNSec= +#DefaultTimerAccuracySec=1min +#DefaultStandardOutput=journal +#DefaultStandardError=inherit +#DefaultTimeoutStartSec=90s +#DefaultTimeoutStopSec=90s +#DefaultRestartSec=100ms +#DefaultStartLimitInterval=10s +#DefaultStartLimitBurst=5 +#DefaultEnvironment= +#DefaultCPUAccounting=no +#DefaultBlockIOAccounting=no +#DefaultMemoryAccounting=no +#DefaultLimitCPU= +#DefaultLimitFSIZE= +#DefaultLimitDATA= +#DefaultLimitSTACK= +#DefaultLimitCORE= +#DefaultLimitRSS= +#DefaultLimitNOFILE= +#DefaultLimitAS= +#DefaultLimitNPROC= +#DefaultLimitMEMLOCK= +#DefaultLimitLOCKS= +#DefaultLimitSIGPENDING= +#DefaultLimitMSGQUEUE= +#DefaultLimitNICE= +#DefaultLimitRTPRIO= +#DefaultLimitRTTIME= diff --git a/data/live-build-config/includes.chroot/etc/systemd/system/getty@.service.d/aftervyos.conf b/data/live-build-config/includes.chroot/etc/systemd/system/getty@.service.d/aftervyos.conf new file mode 100644 index 00000000..7eee7bd3 --- /dev/null +++ b/data/live-build-config/includes.chroot/etc/systemd/system/getty@.service.d/aftervyos.conf @@ -0,0 +1,2 @@ +[Unit] +After=vyatta-router.service diff --git a/data/live-build-config/includes.chroot/etc/systemd/system/getty@tty1.service.d/noclear.conf b/data/live-build-config/includes.chroot/etc/systemd/system/getty@tty1.service.d/noclear.conf new file mode 100644 index 00000000..52671c75 --- /dev/null +++ b/data/live-build-config/includes.chroot/etc/systemd/system/getty@tty1.service.d/noclear.conf @@ -0,0 +1,2 @@ +[Service] +TTYVTDisallocate=no diff --git a/data/live-build-config/includes.chroot/lib/systemd/system/ssh-session-cleanup.service b/data/live-build-config/includes.chroot/lib/systemd/system/ssh-session-cleanup.service new file mode 100644 index 00000000..b8672722 --- /dev/null +++ b/data/live-build-config/includes.chroot/lib/systemd/system/ssh-session-cleanup.service @@ -0,0 +1,13 @@ +[Unit] +Description=OpenBSD Secure Shell session cleanup +Wants=network.target +After=network.target + +[Service] +ExecStart=/bin/true +ExecStop=/usr/lib/openssh/ssh-session-cleanup +RemainAfterExit=yes +Type=oneshot + +[Install] +WantedBy=multi-user.target diff --git a/data/live-build-config/includes.chroot/opt/vyatta/etc/config.boot.default b/data/live-build-config/includes.chroot/opt/vyatta/etc/config.boot.default new file mode 100644 index 00000000..0a75716b --- /dev/null +++ b/data/live-build-config/includes.chroot/opt/vyatta/etc/config.boot.default @@ -0,0 +1,40 @@ +system { + host-name vyos + login { + user vyos { + authentication { + encrypted-password $6$QxPS.uk6mfo$9QBSo8u1FkH16gMyAVhus6fU3LOzvLR9Z9.82m3tiHFAxTtIkhaZSWssSgzt4v4dGAL8rhVQxTg0oAG9/q11h/ + plaintext-password "" + } + level admin + } + } + syslog { + global { + facility all { + level notice + } + facility protocols { + level debug + } + } + } + ntp { + server "0.pool.ntp.org" + server "1.pool.ntp.org" + server "2.pool.ntp.org" + } + console { + device ttyS0 { + speed 9600 + } + } + config-management { + commit-revisions 100 + } +} + +interfaces { + loopback lo { + } +} diff --git a/data/live-build-config/includes.chroot/opt/vyatta/etc/grub/default-union-grub-entry b/data/live-build-config/includes.chroot/opt/vyatta/etc/grub/default-union-grub-entry new file mode 100644 index 00000000..4107e459 --- /dev/null +++ b/data/live-build-config/includes.chroot/opt/vyatta/etc/grub/default-union-grub-entry @@ -0,0 +1,20 @@ +menuentry "VyOS (KVM console)" { + linux /boot//vmlinuz boot=live quiet vyos-union=/boot/ console=ttyS0,9600 console=tty0 + initrd /boot//initrd.img +} + +menuentry "VyOS (Serial console)" { + linux /boot//vmlinuz boot=live quiet vyos-union=/boot/ console=tty0 console=ttyS0,9600 + initrd /boot//initrd.img +} + +menuentry "Lost password change (KVM console)" { + linux /boot//vmlinuz boot=live quiet vyos-union=/boot/ console=ttyS0,9600 console=tty0 init=/opt/vyatta/sbin/standalone_root_pw_reset + initrd /boot//initrd.img +} + +menuentry "Lost password change (Serial console)" { + linux /boot//vmlinuz boot=live quiet vyos-union=/boot/ console=tty0 console=ttyS0,9600 init=/opt/vyatta/sbin/standalone_root_pw_reset + initrd /boot//initrd.img +} + diff --git a/data/live-build-config/includes.chroot/opt/vyatta/etc/install-image/postinst b/data/live-build-config/includes.chroot/opt/vyatta/etc/install-image/postinst new file mode 100755 index 00000000..d807fa9b --- /dev/null +++ b/data/live-build-config/includes.chroot/opt/vyatta/etc/install-image/postinst @@ -0,0 +1,17 @@ +#!/bin/bash + +source /opt/vyatta/sbin/install-functions + +NEWVER=`mount | grep /mnt/inst_root` +NEWVER=${NEWVER#*upperdir=/live/image/boot/} +NEWVER=${NEWVER%/live-rw*} +DISK_LABEL=`mount | grep /live/image | awk '{print $1}' | grep dev` + +if [ -d "/live/image" ]; then + e2label "${DISK_LABEL}" persistence + if [ ! -f /live/image/persistence.conf ]; then + echo "/ union" > /live/image/persistence.conf + fi + rm -f /live/image/boot/"${NEWVER}"/live-rw/etc/fstab + mv /live/image/boot/"${NEWVER}"/live-rw /live/image/boot/"${NEWVER}"/rw +fi diff --git a/data/live-build-config/includes.chroot/usr/lib/openssh/ssh-session-cleanup b/data/live-build-config/includes.chroot/usr/lib/openssh/ssh-session-cleanup new file mode 100755 index 00000000..f283cc96 --- /dev/null +++ b/data/live-build-config/includes.chroot/usr/lib/openssh/ssh-session-cleanup @@ -0,0 +1,11 @@ +#! /bin/sh + +ssh_session_pattern='sshd: \S.*@pts/[0-9]+' + +IFS="$IFS@" +pgrep -a -f "$ssh_session_pattern" | while read pid daemon user pty; do + echo "Found ${daemon%:} session $pid on $pty; sending SIGTERM" + kill "$pid" || true +done + +exit 0 diff --git a/data/live-build-config/package-lists/vyos-base.list.chroot b/data/live-build-config/package-lists/vyos-base.list.chroot new file mode 100644 index 00000000..225af33a --- /dev/null +++ b/data/live-build-config/package-lists/vyos-base.list.chroot @@ -0,0 +1,4 @@ +debconf +gpgv +gnupg +vyos-world diff --git a/data/live-build-config/package-lists/vyos-utils.list.chroot b/data/live-build-config/package-lists/vyos-utils.list.chroot new file mode 100644 index 00000000..94a90cf6 --- /dev/null +++ b/data/live-build-config/package-lists/vyos-utils.list.chroot @@ -0,0 +1,21 @@ +nmap +dnsutils +ipcalc +sipcalc +mtr-tiny +whois +netcat +netcat6 +socat +telnet +nano +vim-tiny +screen +minicom +wakeonlan +iperf +iperf3 +iftop +lsof +openssh-client +nmap |
