Commits on Dec 1, 2017
  1. ssh service: set RuntimeDirectory=sshd to work with recent openssh ve…

    mika committed Dec 1, 2017
    We need to set RuntimeDirectory=sshd, otherwise /run/sshd doesn't
    exist and service startup fails with:
    | grml sshd[1845]: Missing privilege separation directory: /run/sshd
    While at it sync our ssh service file with Debian's openssh
    package 1:7.6p1-2 and drop the unused ssh-bootoption.service
    file (we currently start ssh service via grml-autoconfig).
    Also see
    Closes grml/grml#80
    Thanks: sl0n for bugreport
    Thanks: Darshaka Pathirana <> for feedback
Commits on Nov 22, 2017
  1. GRMLBASE/93-update-usbids: test for new update-usbids location in /us…

    mika committed Nov 22, 2017
    "Recent" versions of usbutils ship the update-usbids
    binary in /usr/sbin and no longer in /usr/bin.
  2. GRMLBASE/91-update-pciids: test for new update-pciids location in /us…

    mika committed Nov 22, 2017
    Since pciutils v1:3.2.0-1 the update-pciids binary lives in
    /usr/sbin and no longer in /usr/bin.
Commits on Nov 16, 2017
  1. GRMLBASE/52-mdadm: fix path for 64-md-raid-assembly.rules

    mika committed Nov 16, 2017
    This should be /lib/udev/rules.d/64-md-raid-assembly.rules
    and not /usr/lib/udev/rules.d/64-md-raid-assembly.rules
    While at it use the same approach as for GRMLBASE/50-lvm
    in the previous commit, by creating an empty file
    instead of just removing it.
  2. Generate empty /lib/udev/rules.d/69-lvm-metad.rules instead of removi…

    mika committed Nov 16, 2017
    …ng the file
    Since lvm2 2.02.176-4 initramfs generation fails if
    neither /etc/udev/rules.d/69-lvm-metad.rules nor
    /lib/udev/rules.d/69-lvm-metad.rules exists.
    So instead of removing the file just create an empty one.
Commits on Oct 6, 2017
  1. SW: add ldnsutils to GRML_SMALL

    mika committed Oct 6, 2017
    dig would be nice to have, though pulls in ~41MB of disk space.
    drill from ldnsutils is a nice alternative.
    See grml/grml/#56
  2. SW: add x11vnc to GRML_FULL to properly support vnc boot option

    mika committed Oct 6, 2017
    Closes grml/grml#62
    Thanks: luke2261git for the bugreport
Commits on Sep 23, 2017
  1. Fix a bunch of typos

    mika committed Sep 23, 2017
    s/and and/and/
    s/to to/to/
Commits on Sep 7, 2017
  1. Release new version 0.31.0

    mika committed Sep 7, 2017
  2. scripts/ use net.ifnames=0 as default boo…

    mika committed Sep 7, 2017
    …t option
    Otherwise we end up with arbitrary network device names which
    aren't properly supported (yet).
    See grml/grml#65
Commits on Sep 6, 2017
  1. Secure Boot GRUB template: be more dynamic + don't overwrite with emp…

    mika committed Sep 6, 2017
    …ty variable
    By searching for grmlenv.cfg we can make it more dynamic
    instead of having to hardcode (hd0) which might be wrong
    in the grml2usb situation.
    There's also no need to set root/prefix multiple times, especially
    since we depend on 'root=(hd0)' for the default ISO boot anyway.
    Don't overwrite prefix if the grml_orig_prefix variable is empty.
    Secure Boot enabled ISOs generated with grml-live >=0.31.0 are supported
    with grml2usb >=0.16.0.
Commits on Sep 1, 2017
  1. SW: add btrfs-progs to GRML_SMALL

    mika committed Sep 1, 2017
Commits on Aug 31, 2017
  1. Secure Boot support

    mika committed Aug 31, 2017
    Thanks to the way the signed GRUB by Ubuntu works we seem to be
    able to keep our common EFI GRUB configs working next to the new
    Secure Boot related EFI GRUB configs. If Secure Boot is enabled
    we get the same look and feel like with common EFI boot, though
    with a Secure Boot specific boot menu (since e.g. the linux16
    command isn't available under Secure Boot). If EFI is running
    with Secure Boot *disabled* it continues to look like it used to
    do so far. If this is working out as planned there's no visible
    change from a user point of view on systems with Secure Boot
    With this change we also get rid of some magic with grml-live
    relying on behavior of
    /etc/grml/fai/config/scripts/GRMLBASE/45-grub-images, including
    moving files around.
    We also no longer skip the boot stage during rebuilds. This has
    been a source of frustration and annoying debugging sessions when
    files inside grml_cd/boot/ didn't receive changes during rebuilds
    and the user in front of the system is ignoring the according
    "skip" notice or forgot to remove grml_cd/boot.
    While at it rewrite debian/copyright in
    Thanks: Michael Schierl <> for help regarding the Secure Boot setup
Commits on Aug 30, 2017
  1. SW: add whois to GRML_SMALL

    mika committed Aug 30, 2017
    It adds only 346kb of additional disk space.
    Debian's mkpasswd is part of the whois package.
    It's the mkpassword that can generate salted hashes suitable for /etc/shadow.
    Thanks: Marc Haber for the suggestion
    Closes grml/grml#66
  2. Drop support for Debian wheezy

    mika committed Aug 30, 2017
    It's oldoldstable nowadays and we no longer use it anywhere,
    so let's drop related zsh completion and config files.
  3. Provide jessie support for systemd + recent kernel packages

    mika committed Aug 30, 2017
    To be able to use systemd-container we need the systemd
    version from jessie-backports.
    We also need recent versions of linux-base, firmware-misc-nonfree,
    firmware-linux-nonfree + firmware-linux from jessie-backports
    for the related kernel packages.
  4. Provide workaround for systemd's systemctl failures on jessie

    mika committed Aug 30, 2017
    For unknown reasons `systemctl preset-all` and
    `systemctl set-default` return with exit code 1
    even though it seems to be working fine.
  5. SW: add ndisc6 + rdnssd to GRML_SMALL and GRML_FULL

    mika committed Aug 30, 2017
    It adds only 381kB of additional disk space.
    Quoting from the feature request:
    | rdnssd is a tool that will listen to DNS server being offered in
    | an IPv6 router anouncement and configure the local system to use
    | the DNS servers included in there. The daemon just needs to be
    | installed and enabled. Without this, an IPv6 only grml system
    | will be with network, but without DNS.
    | While we're at it, IPv6 is much more easily debugged if ndisc6, a
    | user space tool to send out IPv6 router solicitations and to
    | display the contents of router advertisements received, is
    | included.
    Thanks: Marc Haber for the suggestion
    Closes grml/grml#67
  6. SW: add fsarchiver to GRML_SMALL

    mika committed Aug 30, 2017
    It adds only 443kB of additional disk space.
    Thanks: Marcos Mello for the suggestion
    Closes grml/grml#69
Commits on Aug 24, 2017
  1. No longer ship mkdebmirror example script

    mika committed Aug 24, 2017
    License and current state (is it working at all) are unclear.
Commits on Aug 17, 2017
  1. Release new version 0.30.1

    mika committed Aug 17, 2017
  2. Bump Standards-Version to 4.0.1

    mika committed Aug 17, 2017
  3. SW: add stressant package to GRML_FULL

    anarcat authored and mika committed Mar 19, 2017
    to quote from the control file:
    > Stressant is a simple stress testing and burn-in tool
    > It is designed to run on new machines to make sure they will work
    > reliably by testing various parts of the system (CPU, RAM, disk,
    > network) by putting them under heavy load and try to detect failures.
    > As much as possible, stressant tries to reuse existing tools to
    > perform the various tasks and aims to be run automatically.
    it has just entered Debian sid and will pull at least 3 new
    dependencies in (python-humanize, python-colorlog and stress-ng)
    adding this is essential for the Stressant project to continue
    collaborating with Grml.
Commits on Jun 9, 2017
  1. Release new version 0.30.0

    mika committed Jun 9, 2017
  2. SW: add ed to GRML_FULL since it's also shipped on GRML_SMALL

    mika committed Jun 9, 2017
    Thanks: Darshaka Pathirana <>
    for bringing this up in #43
  3. SW: drop tcpd from GRML_SMALL, not shipped on GRML_FULL

    mika committed Jun 9, 2017
    Thanks: Darshaka Pathirana <>
    for bringing this up in #43
  4. SW: no longer ship grml2hd* packages via GRMLBASE

    mika committed Jun 9, 2017
    Usage of grml2hd is unrecommended and we don't test nor
    support it anymore, so there's no reason why it should
    be shipped.
  5. SW: drop packages from GRML_FULL that are already part of GRMLBASE

    mika committed Jun 9, 2017
    The following packages are part of GRMLBASE already and
    shouldn't be listed in GRML_FULL therefore:
    * dbus
    * dmidecode
    * grml-debootstrap
    * grml-etc-core
    * hdparm
    * lvm2
    * mdadm
    * strace
    Thanks to Darshaka Pathirana for triggering this via
  6. SW: add lm-sensors to GRML_FULL

    mika committed Jun 9, 2017
    Thanks: Grégoire Sutre for suggestion
    Closes grml/grml#48
  7. Support EFI on 32-bit systems, increase EFI image size + switch from …

    mika committed Jun 7, 2017
    …isohybrid to xorriso/isohybrid combination
    EFI on 32-bit systems is a requested feature for Grml-Forensic,
    since cheap tablets and notebooks (e.g. Intel Atom-based tablets)
    are out there with only 32-bit EFI support (and UEFI only, so no
    legacy BIOS support), quoting clairelyclaire from
    | As of now, Ubuntu and other major Linux distributions do not
    | support the use of a 32-bit EFI bootloader on UEFI machines. This
    | has become extremely problematic due to the popularity of Intel
    | Atom-based tablets and compact laptops. Atom-based devices are
    | generally limited in storage space (32GB or 64GB eMMC is common),
    | and as a result these devices almost universally ship with
    | Windows 8.1 32-bit installed (winsxs consumes a significant
    | amount of storage space in order to support 32-bit binaries in a
    | 64-bit environment). By design, UEFI must use the same
    | architecture used by the bootloader.
    | While most modern computers indeed use a 64-bit UEFI
    | implementation due to the fact that new computers generally ship
    | with a 64-bit operating system (be it OS X or Windows 8.1),
    | Atom-based devices do *not* use a 64-bit operating system or UEFI
    | implementation. This is by design.
    | Intel released a new Atom iteration (Bay Trail) in late 2013 and
    | has indicated that they will continue to develop and release Atom
    | CPUs due to consumer market demand. At the time of this filing
    | there are a number of Atom-based tablets and compact
    | laptops/netbooks being actively sold and marketed by major OEMs
    | including Dell, HP, ASUS, and Acer. None of these devices have
    | 64-bit UEFI firmware. It is also important to note that these
    | Atom CPUs are 64-bit, but explicitly require a 32-bit UEFI
    | bootloader.
    | The current Linux kernel in Ubuntu 14.04 does support booting the
    | 64-bit signed kernel from a 32-bit Grub EFI bootloader. I can
    | confirm this on at least two 32-bit UEFI devices, the ASUS
    | Transformer T100TA and the Acer Aspire Switch 10.
    Increase EFI image size (previously automatically
    calculated on-demand, resulting in ~285KB) to 4MB,
    giving us more flexibility with what we're installing
    into the image (esp. useful with usage on USB drives).
    The isohybrid binary doesn't support 32-bit FI systems
    and fails hard when using `--uefi` on a 32-bit ISO.
    But xorriso with appropriate options for EFI usage
    (see $EFI_ARGS) and /usr/lib/ISOLINUX/isohdpfx.bin
    from the isolinux package seems to provide everything
    we need.
    Useful resources for further information:
    For testing the resulting 32-bit ISO with EFI the
    OVMF.fd file from available from works via e.g.:
    | qemu-system-i386 -m 1024 -bios ./OVMF.fd -cdrom grml.iso
Commits on Jun 8, 2017
  1. templates: fix isolinux boot option label for grub

    jkirk authored and mika committed Jun 2, 2017
    A long time ago (rev# 7d0f02a) grub2 was introduced and the boot option
    label grub was changed to grub1 (aside with grub2). Later grub1 support
    was removed (rev# bfbf9fb). So it makes sense to change the grub2 label
    to grub as we do not have anything else anymore.
  2. Update cheatcodes documentation to clarify isolinux vs GRUB situation

    jkirk authored and mika committed May 31, 2017
    The listed boot options / cheatcodes only work with the isolinux bootprompt.
    Updated the documentation to make that clear.
    Relates to grml/grml#9
  3. templates: remove bootoption nostats

    jkirk authored and mika committed May 31, 2017
    The stats feature was removed, therefore we also do not need the nostats
    option anymore.
    The stats feature was removed in grml-autconfig-commit# 7138a24fb
    Relates to grml/grml#9