Livecd

Makefile

@@ -82,6 +82,7 @@ export REPO_LINES := repo --name=clip-repo --baseurl=file://$(CLIP_REPO_DIR)\n
 
 export SRPM_OUTPUT_DIR := $(CLIP_SRPM_REPO_DIR)
 
+export LIVECD_CREATOR := /usr/bin/livecd-creator
 export MAYFLOWER := $(SUPPORT_DIR)/mayflower
 
 SED := /bin/sed
@@ -125,6 +126,7 @@ CHECK_REPO = $(VERBOSE)test -d $(1)/repodata || $(REPO_CREATE) $(1)
 
 SYSTEMS := $(shell ls $(KICKSTART_DIR))
 
+LIVECDS := $(foreach SYSTEM,$(SYSTEMS),$(addsuffix -live-iso,$(SYSTEM)))
 # These are targets supported by the kickstart/Makefile that will be used to generate installation ISOs.
 INSTISOS := $(foreach SYSTEM,$(SYSTEMS),$(addsuffix -iso,$(SYSTEM)))
 
@@ -148,6 +150,18 @@ define CHECK_MOCK
 	@if ps -eo comm= | grep -q mock; then echo "ERROR: Another instance of mock is running.  Please hangup and try your build again later." && exit 1; fi
 endef
 
+define CHECK_LIVE_TOOLS
+	if [ x"`rpm -q livecd-tools --queryformat '%{version}-%{release}\n'`" \
+		!= x"$$( rpm --eval `sed -n -e 's/Release: \(.*\)/\1/p' -e 's/Version: \(.*\)/\1/p' \
+		 packages/livecd-tools/livecd-tools.spec| sed 'N;s/\n/-/'` )" ]; then \
+		echo "Error: you have to use our version of livecd-tools."; \
+		echo "We will attempt to install them now.  Press ctrl-c to cancel."; \
+		sudo yum remove livecd-tools python-imgcreate -y 2>&1 >/dev/null || true ; \
+		$(MAKE) livecd-tools-rpm; \
+		cd $(CLIP_REPO_DIR); \
+		sudo yum localinstall livecd-tools*.$(ARCH).rpm python-imgcreate* -y; \
+	fi
+endef
 
 ######################################################
 # BEGIN RPM GENERATION RULES (BEWARE OF DRAGONS)
@@ -247,6 +261,18 @@ help:
 	@echo "	all (roll all packages and generate all installation ISOs)"
 	@for cd in $(INSTISOS); do echo "	$$cd"; done
 	@echo
+	@echo "The following make targets are available for generating Live CDs:"
+	@echo "	all (generate all installation ISOs and Live CDs)"
+	@for cd in $(LIVECDS); do echo "	$$cd"; done
+	@echo
+	@echo "	NOTE: if you need to debug a kickstart post script for Live CDs,"
+	@echo "	      add LIVECD_ARGS='--shell' to the make command-line."
+	@echo
+	@echo "To burn a livecd image to a thumbdrive:"
+	@echo "	iso-to-disk ISO_FILE=<isofilename> USB_DEV=<devname>"
+	@echo "	iso-to-disk ISO_FILE=<isofilename> USB_DEV=<devname> OVERLAY_SIZE=<size in MB>"
+	@echo "	iso-to-disk ISO_FILE=<isofilename> USB_DEV=<devname> OVERLAY_SIZE=<size in MB> OVERLAY_HOME_SIZE=<size in MB>"
+	@echo
 	@echo "To do a release of CLIP:"
 	@echo "	release"
 	@echo
@@ -274,7 +300,7 @@ help:
 	@echo "	clean-mock (deletes the yum and mock configuration we generate)"
 	@echo "	bare (deletes everything except ISOs)"
 
-all: create-repos $(INSTISOS)
+all: create-repos $(INSTISOS) $(LIVECDS)
 
 # Generate custom targets for managing the yum repos.  We have to generate the rules since the user provides the set of repos.
 $(foreach REPO,$(strip $(shell cat CONFIG_REPOS|$(GREP) -E '^[a-zA-Z].*=.*'|$(SED) -e 's/ \?= \?/=/')),$(eval $(call REPO_RULE_template,$(REPO))))
@@ -312,6 +338,11 @@ srpms: $(SRPMS)
 	$(call MKDIR,$(SRPM_OUTPUT_DIR))
 	$(MAKE) -C $(PKG_DIR)/$(call PKG_NAME_FROM_RPM,$(notdir $@)) srpm
 
+$(LIVECDS):  $(BUILD_CONF_DEPS) create-repos $(RPMS)
+	$(call CHECK_DEPS)
+	$(call CHECK_LIVE_TOOLS)
+	$(MAKE) -C $(KICKSTART_DIR)/"`echo '$(@)'|$(SED) -e 's/\(.*\)-live-iso/\1/'`" live-iso
+
 $(INSTISOS):  $(BUILD_CONF_DEPS) create-repos $(RPMS)
 	$(call CHECK_DEPS)
 	$(MAKE) -C $(KICKSTART_DIR)/"`echo '$(@)'|$(SED) -e 's/\(.*\)-iso/\1/'`" iso
@@ -330,6 +361,24 @@ ifneq ($(OVERLAY_SIZE),)
 OVERLAYS += --overlay-size-mb $(OVERLAY_SIZE)
 endif
 
+iso-to-disk:
+	@if [ x"$(ISO_FILE)" = "x" -o x"$(USB_DEV)" = "x" ]; then echo "Error: set ISO_FILE=<filename> and USB_DEV=<dev> on command line to generate a bootable thumbdrive." && exit 1; fi
+	@if echo "$(USB_DEV)" | $(GREP) -q "^.*[0-9]$$"; then echo "Error: it looks like you gave me a partition.  Set USB_DEV to a device root, eg /dev/sdb." && exit 1; fi
+	@if [ ! -b $(USB_DEV) ]; then echo "Error: $(USB_DEV) doesn't exist or isn't a block device." && exit 1; fi
+	@if `sudo mount | $(GREP) -q $(USB_DEV)`; then echo "Warning - device is currently mounted!  I will unmount it for you.  Press Ctrl-C to cancel or any other key to continue."; read; sudo umount $(USB_DEV)1 2>&1 > /dev/null; fi
+	@if `sudo pvdisplay 2>/dev/null | $(GREP) -q $(USB_DEV)`; then echo "Warning - device is currently a a physical volume in an LVM configuration!  This usually means you're pointing me at your root filesystem instead of a thumbdrive. Try again or kill the LVM label with pvremove"; exit 1; fi
+	@echo -e "WARNING: This will destroy the contents of $(USB_DEV)!\nPress Ctrl-C to cancel or any other key to continue." && read
+	@echo "Destroying MBR and partition table."
+	$(VERBOSE)sudo dd if=/dev/zero of=$(USB_DEV) bs=512 count=1
+	@echo "Creating partition..."
+	$(VERBOSE)sudo sh -c "echo -e 'n\np\n1\n\n\n\nt\nb\na\n1\nw\n' | /sbin/fdisk $(USB_DEV)" || true
+	@sleep 5
+	$(VERBOSE)sudo umount $(USB_DEV)1 2>&1 > /dev/null || true
+	@echo "Creating filesystem..."
+	$(VERBOSE)sudo /sbin/mkdosfs -n CLIP $(USB_DEV)1
+	$(VERBOSE)sudo umount $(USB_DEV)1 2>&1 > /dev/null || true
+	@echo "Writing image..."
+	$(VERBOSE)sudo /usr/bin/livecd-iso-to-disk $(OVERLAYS) --resetmbr $(ISO_FILE) $(USB_DEV)1
 clean-mock: $(ROOT_DIR)/CONFIG_REPOS $(ROOT_DIR)/Makefile $(CONF_DIR)/pkglist.blacklist
 	$(VERBOSE)$(RM) $(YUM_CONF_FILE)
 	$(VERBOSE)$(RM) $(MOCK_CONF_DIR)/$(MOCK_REL).cfg

bootstrap.sh

@@ -240,7 +240,28 @@ check_and_build_rpm "lorax" "lorax-19.6.66-2.el7"
 # Roll pungi
 check_and_build_rpm "pungi" "pungi-2.13-4.el7"
 
+check_and_build_rpm "livecd-tools" "livecd-tools-20.7.1.el7"
+
 /usr/bin/sudo /usr/bin/yum install -y openscap*
 
+if ! rpm -q "livecd-tools-20.7-1.el7.x86_64" > /dev/null; then
+	if rpm -q "livecd-tools" > /dev/null; then
+		/bin/echo "You have livecd-tools installed, but not our version. Our version contains 
+fixes for generating live media.  We will compile our version and replace your 
+version free of charge.
+Press the any key to continue or ctrl-c to exit.
+"
+		read user_input
+		/usr/bin/sudo /usr/bin/yum remove livecd-tools 2>/dev/null || true
+		/usr/bin/sudo /usr/bin/yum remove python-imgcreate 2>/dev/null || true
+	fi
+	/usr/bin/sudo /usr/bin/yum install -y syslinux-extlinux dumpet 2>/dev/null || true
+	/usr/bin/make livecd-tools-rpm
+	pushd . > /dev/null
+	cd repos/clip-repo
+	/usr/bin/sudo /usr/bin/yum localinstall -y livecd-tools* and python-imgcreate*
+	popd > /dev/null
+fi
+
 /bin/echo -e "Basic bootstrapping of build host is complete.\nRunning 'make clip-rhel7-iso'"
 /usr/bin/make clip-rhel7-iso

packages/clip-selinux-policy/clip-selinux-policy/policy/modules/kernel/kernel.te

@@ -439,3 +439,5 @@ allow kern_unconfined unlabeled_t:filesystem *;
 allow kern_unconfined unlabeled_t:association *;
 allow kern_unconfined unlabeled_t:packet *;
 allow kern_unconfined unlabeled_t:process ~{ transition dyntransition execmem execstack execheap };
+auth_read_cache(kernel_t)
+fs_read_tmpfs_files(kernel_t)

packages/livecd-tools/Makefile

@@ -0,0 +1,109 @@
+# Copyright (C) 2011,2014-2015 Tresys Technology, LLC
+# Copyright (C) 2014 QuarkSecurity, Inc
+#
+# Authors: Spencer Shimko <sshimko@tresys.com>
+# Authors: Spencer Shimko <spencer@quarksecurity.com>
+# Authors: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
+#
+
+# The name of the package
+PKGNAME := livecd-tools
+
+# This is the version number of the RPM that will be
+# generated.  Typically you bump this for delivery.
+VERSION := 20.7
+
+# bump this if creating multiple releases from the same
+# version (think about this... why are you doing this?)
+RELEASE := 1.el7
+
+# The name of the Packager
+PACKAGER ?= Tresys Technology
+
+VENDOR := Red Hat
+
+# snag the architecture, hard code an arch if cross-compiling or going noarch
+ARCH ?= $(shell uname -i)
+
+# the filename of the tarball
+TARBALL = $(SRPM_OUTPUT_DIR)/$(PKGNAME)-$(VERSION).tar.bz2
+
+# spec file name
+RPM_SPEC = $(CURDIR)/$(PKGNAME).spec
+
+####################################################
+## things below this line should rarely change
+ROOT_DIR ?= $(CURDIR)
+OUTPUT_DIR ?= $(ROOT_DIR)
+SRPM_OUTPUT_DIR ?= $(OUTPUT_DIR)
+
+# exhaustive list of deps for the RPM, used to determine if RPM needs to be rebuilt
+TAR_DEPS := $(shell find $(PKGNAME)-$(VERSION) -type f -name '*.*')
+RPM_DEPS := $(TARBALL) $(RPM_SPEC) $(CURDIR)/Makefile
+
+RPM_TMPDIR ?= $(ROOT_DIR)/tmp
+RPM_TOPDIR ?= $(RPM_TMPDIR)/src/redhat
+RPM_BUILDROOT ?= $(RPM_TMPDIR)/rpm-buildroot
+
+RPM_SPEC := $(CURDIR)/$(PKGNAME).spec
+
+MKDIR = test -d $(1) || mkdir -p $(1)
+
+RPMBUILD_ARGS := --define '_topdir $(RPM_TOPDIR)'  \
+	--define '_tmppath $(RPM_TMPDIR)' \
+	--define 'pkgname $(PKGNAME)' \
+	--define '_sysconfdir /etc' \
+	--define 'version $(VERSION)' \
+	--define 'release $(RELEASE)' \
+	--define 'packager $(PACKAGER)\n'
+
+define rpm-prep
+	$(call MKDIR,$(RPM_TOPDIR)/SOURCES)
+	$(call MKDIR,$(RPM_TOPDIR)/SPECS)
+	$(call MKDIR,$(RPM_TOPDIR)/BUILD)
+	$(call MKDIR,$(RPM_TOPDIR)/RPMS/$(ARCH))
+	$(call MKDIR,$(RPM_TOPDIR)/SRPMS)
+	cp $(TARBALL) $(RPM_TOPDIR)/SOURCES/
+endef
+
+all: $(PKGNAME)-rpm $(PKGNAME)-srpm
+
+tarball: $(TARBALL)
+
+rpm: $(PKGNAME)-rpm
+
+srpm: $(PKGNAME)-srpm
+
+$(PKGNAME)-rpm: $(OUTPUT_DIR)/$(PKGNAME)-$(VERSION)-$(RELEASE).$(ARCH).rpm
+
+$(PKGNAME)-srpm: $(SRPM_OUTPUT_DIR)/$(PKGNAME)-$(VERSION)-$(RELEASE).src.rpm
+
+# Note: if you're carrying a tarball already (e.g., you are using an officially released tarball), just copy it from here to $(TARBALL)
+# Something like this should work: "cp $@ $(RPM_TOPDIR)/SOURCES/"
+$(TARBALL): $(TAR_DEPS)
+	@echo "Building $(PKGNAME) source tarball..."
+	tar -cjf $@ $(PKGNAME)-$(VERSION)/
+
+$(OUTPUT_DIR)/$(PKGNAME)-$(VERSION)-$(RELEASE).$(ARCH).rpm: $(SRPM_OUTPUT_DIR)/$(PKGNAME)-$(VERSION)-$(RELEASE).src.rpm
+	@echo "Building $(PKGNAME) RPM..."
+	$(call rpm-prep)
+	cd $(RPM_TOPDIR)/SRPMS && rpmbuild --rebuild $(RPMBUILD_ARGS) -bb $<
+	cp  $(RPM_TOPDIR)/RPMS/$(ARCH)/*.rpm $(OUTPUT_DIR)
+
+$(SRPM_OUTPUT_DIR)/$(PKGNAME)-$(VERSION)-$(RELEASE).src.rpm: $(RPM_DEPS)
+	@echo "Building $(PKGNAME) SRPM..."
+	$(call rpm-prep)
+	echo -e "%define pkgname $(PKGNAME)\n%define _sysconfdir /etc\n%define version $(VERSION)\n%define release $(RELEASE)\n\
+%define vendor $(VENDOR)\n%define packager $(PACKAGER)\nBuildArch: $(ARCH)\n"> $(RPM_TOPDIR)/SPECS/$(notdir $(RPM_SPEC))
+	cat $(RPM_SPEC) >> $(RPM_TOPDIR)/SPECS/$(notdir $(RPM_SPEC))
+	cd $(RPM_TOPDIR) && rpmbuild $(RPMBUILD_ARGS) -bs SPECS/$(notdir $(RPM_SPEC)) --nodeps
+	cp  $(RPM_TOPDIR)/SRPMS/$(PKGNAME)-$(VERSION)-$(RELEASE).src.rpm $(SRPM_OUTPUT_DIR)
+
+clean:
+	$(RM) -r $(RPM_TMPDIR)
+
+bare: clean
+	$(RM) $(OUTPUT_DIR)/*.rpm
+	$(RM) $(TARBALL)
+
+.PHONY: all rpm srpm tarball $(PKGNAME)-rpm $(PKGNAME)-srpm clean bare

packages/livecd-tools/livecd-tools-20.7/API

@@ -0,0 +1,78 @@
+In addition to livecd-creator itself, the livecd-creator package
+provides a python API for building your own, other types of images.
+This API could also be used to build on top of the live image
+functionality.
+
+== Image Creation Frontends ==
+
+livecd-creator and image-creator are both frontends for creating
+images.  But really, it's straight-forward to build your own which
+deals with your own specific needs.  To do so, you'll want to do
+the following:
+
+* Create a pykickstart handler object.  All of the image creators are
+driven by data stored in pykickstart handlers.
+* Then, instantiate a creator
+    creator = ImageCreator(ks, name)
+  where ks is your pykickstart object and name is the label/name you
+  want for the image.
+* With the image, you can either do everything in one-shot with
+    creator.create()
+  or call the steps of creator.create() itself.  The latter lets you add
+  an interactive shell step if you want as well as a few other
+  options.  The order, though, is
+    creator.mount()
+    creator.install()
+    creator.configure()
+    creator.unmount()
+    creator.package()
+
+  Other available methods are
+    * creator.launch_shell(): This launches a root shell within the
+      install root
+    * creator.cleanup(): Tear down the image.  Note that this also
+      occurs when the image object is deleted
+
+
+== Image Creator Backends ==
+
+The basic idea is that there are (presently) 3 main classes used to
+implement different types of images.  No matter which you use, the
+interface should be largely the same.  This means that, eg,
+livecd-creator _could_ generate other types of outputs just by
+switching from the LiveImageCreator to another ImageCreator object.
+
+* ImageCreator: This is the guts of what most image creators will
+  need to use.  It provides all of the bits to handle a kickstart
+  config, install packages into an install root, etc.  It leaves
+  a number of hook methods which maybe be implemented by more specific
+  creators:
+   i) _mount_instroot(self): This method is where your filesystems
+   should get mounted.  The root of your filesystem tree should be
+   located at self._instroot
+   ii) _unmount_instroot(self): This method is called to undo
+   _mount_instroot() basically.
+   iii) _create_bootconfig(self): Set up anything needed for your
+   image to boot.  This could involve creating an initramfs, writing a
+   bootloader configuration, etc.  The filesystem is still mounted at
+   self._instroot at this point.  Note that this could be a no-op.
+   iv) _stage_final_image(self): Do whatever is needed to make your
+   image "consumable" and copy it to self._outdir.  eg, for live CDs,
+   this is where we generate the iso images.  Note that this could be
+   a no-op.
+
+  Other hooks are available to subclasses, as well as a number of
+  helper methods which can be used in implementing the hooks. See
+  the inline docstrings for more details.
+
+  Overriding other methods is not supported or guaranteed to continue
+  to give consistent results over time.
+
+* LoopImageCreator: This generates ext3 images in a loopback file
+  which could then later be booted in a virtual machine environment.
+  NOTE: this does nothing to set up booting
+
+* LiveImageCreator: This builds on top of the LoopImageCreator to
+  build live images which use dm-snapshot, etc.  This is what is used
+  by livecd-creator.
+

packages/livecd-tools/livecd-tools-20.7/AUTHORS

@@ -0,0 +1,3 @@
+David Zeuthen <david@fubar.dk>
+Jeremy Katz <katzj@redhat.com>
+Douglas McClendon