Merge 9f8c7b2 into 4be45d2

live/README.md

@@ -0,0 +1,14 @@
+# Directory contents
+
+This directory contains the changes that are required to make Agama Live to
+work with the HTTP-based version of Agama. In the future, it should contains all
+the files.
+
+## Skipping the authentication
+
+In order to skip the authentication, we decided to inject a valid authentication
+token in the browser. This token is autogenerated by the `agama-web-server serve`
+command (using the `--generate-token` option).
+
+Then, the Firefox start-up script (`startup`) takes care of injecting such a token
+in the cookies database (`/root/.mozilla/firefox/profile/cookies.sqlite`).

live/agama-live.kiwi

@@ -0,0 +1,195 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- OBS-ExclusiveArch: aarch64 ppc64le x86_64 s390x -->
+<!-- OBS-Profiles: @BUILD_FLAVOR@ -->
+
+<image schemaversion="7.5" name="agama-live">
+    <description type="system">
+        <author>YaST Team</author>
+        <contact>yast2-maintainers@suse.de</contact>
+        <specification>Agama Live ISO</specification>
+    </description>
+    <profiles>
+        <profile name="openSUSE" description="openSUSE multiproduct image" import="true" />
+        <profile name="ALP" description="ALP-only image" />
+        <profile name="openSUSE-Playwright" description="openSUSE image with Playwright integration tests" arch="aarch64,x86_64" />
+        <profile name="ALP-Playwright" description="ALP image with Playwright integration tests" arch="aarch64,x86_64" />
+        <profile name="ALP-PXE" description="ALP OEM image for remote installation" />
+    </profiles>
+    <preferences>
+        <version>7.0.0</version>
+        <packagemanager>zypper</packagemanager>
+        <locale>en_US</locale>
+        <keytable>us</keytable>
+        <timezone>Europe/Berlin</timezone>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <rpm-check-signatures>false</rpm-check-signatures>
+        <bootsplash-theme>bgrt</bootsplash-theme>
+        <bootloader-theme>openSUSE</bootloader-theme>
+    </preferences>
+    <preferences arch="ppc64le" profiles="openSUSE,ALP">
+        <type image="iso" flags="dmsquash"  firmware="ofw" mediacheck="true" volid="agama" editbootconfig="fix_bootconfig">
+            <bootloader name="grub2" console="serial" timeout="10"/>
+        </type>
+    </preferences>
+    <preferences arch="aarch64,x86_64" profiles="openSUSE,ALP,openSUSE-Playwright,ALP-Playwright">
+        <type image="iso" flags="dmsquash" firmware="uefi" mediacheck="true" volid="agama" editbootconfig="fix_bootconfig">
+            <bootloader name="grub2" timeout="10"/>
+        </type>
+    </preferences>
+    <preferences arch="s390x" profiles="openSUSE,ALP">
+        <type image="iso" flags="dmsquash" volid="agama" editbootconfig="fix_bootconfig">
+            <bootloader name="custom" />
+        </type>
+    </preferences>
+    <preferences arch="ppc64le" profiles="ALP-PXE">
+        <!-- For some reason the compression results on ppc64le are not as good as on the other archs -->
+        <type image="oem" filesystem="btrfs" fsmountoptions="compress=zstd:15" firmware="ofw" installpxe="true" installboot="install" kernelcmdline="rd.kiwi.ramdisk ramdisk_size=3174400" volid="agama">
+            <bootloader name="grub2" console="serial" timeout="1"/>
+            <oemconfig>
+                <oem-skip-verify>true</oem-skip-verify>
+                <oem-unattended>true</oem-unattended>
+                <oem-unattended-id>/dev/ram1</oem-unattended-id>
+                <oem-swap>false</oem-swap>
+                <oem-multipath-scan>false</oem-multipath-scan>
+            </oemconfig>
+            <size unit="M">3000</size>
+        </type>
+    </preferences>
+    <preferences arch="s390x" profiles="ALP-PXE">
+        <type image="oem" filesystem="btrfs" fsmountoptions="compress=zstd:15" installpxe="true" installboot="install" kernelcmdline="rd.kiwi.ramdisk ramdisk_size=2097152" volid="agama">
+            <bootloader name="custom"/>
+            <oemconfig>
+                <oem-skip-verify>true</oem-skip-verify>
+                <oem-unattended>true</oem-unattended>
+                <oem-unattended-id>/dev/ram1</oem-unattended-id>
+                <oem-swap>false</oem-swap>
+                <oem-multipath-scan>false</oem-multipath-scan>
+            </oemconfig>
+            <size unit="M">1900</size>
+        </type>
+    </preferences>
+    <preferences arch="aarch64,x86_64" profiles="ALP-PXE">
+        <type image="oem" filesystem="btrfs" fsmountoptions="compress=zstd:15" firmware="uefi" installiso="true" installpxe="true" installboot="install" kernelcmdline="rd.kiwi.ramdisk ramdisk_size=2097152" volid="agama">
+            <bootloader name="grub2" timeout="1"/>
+            <oemconfig>
+                <oem-skip-verify>true</oem-skip-verify>
+                <oem-unattended>true</oem-unattended>
+                <oem-unattended-id>/dev/ram1</oem-unattended-id>
+                <oem-swap>false</oem-swap>
+                <oem-multipath-scan>false</oem-multipath-scan>
+            </oemconfig>
+            <size unit="M">1900</size>
+        </type>
+    </preferences>
+    <users>
+        <user password="$1$wYJUgpM5$RXMMeASDc035eX.NbYWFl0" home="/root" name="root" groups="root"/>
+    </users>
+    <repository type="rpm-md">
+        <source path="obsrepositories:/"/>
+    </repository>
+    <packages type="image" profiles="ALP-PXE">
+        <package name="dracut-kiwi-oem-repart"/>
+        <package name="dracut-kiwi-oem-dump"/>
+        <archive name="brd.tar.gz"/>
+    </packages>
+    <packages type="image">
+        <package name="avahi"/>
+        <package name="bind-utils"/>
+        <package name="patterns-openSUSE-base"/>
+        <package name="systemd"/>
+        <package name="grub2-branding-openSUSE" arch="aarch64,x86_64"/>
+        <package name="iputils"/>
+        <package name="vim"/>
+        <package name="grub2"/>
+        <package name="grub2-arm64-efi" arch="aarch64"/>
+        <package name="grub2-x86_64-efi" arch="x86_64"/>
+        <package name="grub2-i386-pc" arch="x86_64"/>
+        <package name="grub2-s390x-emu" arch="s390x" />
+        <package name="grub2-powerpc-ieee1275" arch="ppc64le"/>
+        <package name="syslinux" arch="x86_64"/>
+        <package name="fontconfig"/>
+        <package name="fonts-config"/>
+        <package name="adobe-sourcecodepro-fonts"/>
+        <package name="adobe-sourcehansans-jp-fonts"/>
+        <package name="openssh"/>
+        <package name="iproute2"/>
+        <package name="less"/>
+        <package name="bash-completion"/>
+        <package name="dhcp-client"/>
+        <package name="which"/>
+        <package name="kernel-default"/>
+        <!-- the firmware files not referenced by any kernel driver are removed from the image -->
+        <package name="kernel-firmware"/>
+        <package name="adaptec-firmware"/>
+        <package name="atmel-firmware"/>
+        <package name="bluez-firmware"/>
+        <package name="ipw-firmware"/>
+        <package name="mpt-firmware"/>
+        <package name="zd1211-firmware"/>
+        <package name="systemd-zram-service"/> <!--- needed for zram -->
+        <package name="shim" arch="aarch64,x86_64"/>
+        <package name="timezone"/>
+        <package name="dracut-kiwi-live"/>
+        <package name="blog" arch="s390x" />
+        <package name="libblogger2" arch="s390x" />
+        <package name="xauth"/>
+        <package name="patterns-base-x11"/>
+        <namedCollection name="x11"/>
+        <package name="patterns-yast-yast2_basis"/>
+        <package name="MozillaFirefox" arch="aarch64,x86_64"/>
+        <package name="MozillaFirefox-branding-openSUSE" arch="aarch64,x86_64"/>
+        <package name="libpwquality-tools"/>
+        <package name="NetworkManager"/>
+        <package name="ruby3.3-rubygem-byebug"/>
+        <package name="ruby3.3-rubygem-agama-yast"/>
+        <package name="agama"/>
+        <package name="agama-cli"/>
+        <package name="agama-web-ui"/>
+        <package name="microos-tools"/>
+        <package name="staging-build-key"/>
+        <package name="icewm-lite"/>
+        <package name="xinit"/>
+        <package name="psmisc"/>
+        <package name="joe"/>
+        <package name="checkmedia"/>
+        <package name="spice-vdagent"/>
+        <package name="libtss2-tcti-device0"/>
+        <archive name="root.tar"/>
+        <archive name="etc.tar"/>
+        <archive name="dracut-cmdline-menu.tar.xz"/>
+        <!-- just a helper script for firmware cleanup, removed from the image -->
+        <archive name="fw_cleanup.tar.xz"/>
+    </packages>
+    <!-- additional packages for the openSUSE flavors -->
+    <packages type="image" profiles="openSUSE,openSUSE-Playwright">
+      <package name="agama-products-opensuse"/>
+      <package name="openSUSE-build-key"/>
+    </packages>
+    <!-- additional packages for the ALP flavors -->
+    <packages type="image" profiles="ALP,ALP-Playwright">
+      <package name="agama-products-ALP-Dolomite"/>
+      <package name="suse-build-key"/>
+    </packages>
+    <!-- additional packages for the Playwright flavors -->
+    <packages type="image" profiles="openSUSE-Playwright,ALP-Playwright">
+        <package name="playwright"/>
+        <!-- <package name="cockpit-agama-playwright"/> -->
+        <!-- Playwright does not work with the openSUSE Firefox, -->
+        <!-- install the chromium browser for running the tests -->
+        <!-- unfortunately it is not available for s390x -->
+        <package name="chromium"/>
+    </packages>
+    <packages type="image">
+        <archive name="autoinstallation.tar.xz"/>
+    </packages>
+    <packages type="bootstrap">
+        <package name="udev"/>
+        <package name="filesystem"/>
+        <package name="glibc-locale"/>
+        <package name="cracklib-dict-full"/>
+        <package name="ca-certificates"/>
+        <package name="ca-certificates-mozilla"/>
+        <package name="openSUSE-release"/>
+        <package name="openSUSE-release-ftp"/>
+    </packages>
+</image>

live/config.sh

@@ -0,0 +1,133 @@
+#! /bin/bash
+
+set -x
+
+# KIWI functions
+test -f /.kconfig && . /.kconfig
+test -f /.profile && . /.profile
+
+# greeting
+echo "Configure image: [$kiwi_iname]..."
+
+# setup baseproduct link
+suseSetupProduct
+
+# activate services
+systemctl enable sshd.service
+systemctl enable NetworkManager.service
+systemctl enable avahi-daemon.service
+systemctl enable agama.service
+systemctl enable agama-auto.service
+systemctl enable agama-hostname.service
+systemctl enable agama-proxy-setup.service
+systemctl enable setup-systemd-proxy-env.path
+systemctl enable x11-autologin.service
+systemctl enable spice-vdagent.service
+systemctl enable zramswap
+
+# default target
+systemctl set-default graphical.target
+
+# adjust owner of extracted files
+chown -R root:root /root
+find /etc -user 1000 | xargs chown root:root
+
+### setup dracut for live system
+
+label=${kiwi_install_volid:-$kiwi_iname}
+arch=$(uname -m)
+
+echo "Setting default live root: live:LABEL=$label"
+mkdir /etc/cmdline.d
+echo "root=live:LABEL=$label" >/etc/cmdline.d/10-liveroot.conf
+echo "root_disk=live:LABEL=$label" >>/etc/cmdline.d/10-liveroot.conf
+# if there's a default network location, add it here
+# echo "root_net=" >> /etc/cmdline.d/10-liveroot.conf
+echo 'install_items+=" /etc/cmdline.d/10-liveroot.conf "' >/etc/dracut.conf.d/10-liveroot-file.conf
+echo 'add_dracutmodules+=" dracut-menu "' >>/etc/dracut.conf.d/10-liveroot-file.conf
+
+if [ "${arch}" = "s390x" ];then
+    # workaround for custom bootloader setting
+    touch /config.bootoptions
+fi
+
+################################################################################
+# Reducing the used space
+
+# Clean-up logs
+rm /var/log/zypper.log /var/log/zypp/history
+
+du -h -s /usr/{share,lib}/locale/
+# delete translations and unusupported languages (makes ISO about 22MiB smaller)
+# build list of ignore options for "ls" with supported languages like "-I cs* -I de* -I es* ..."
+readarray -t IGNORE_OPTS < <(ls /usr/share/cockpit/agama/po.*.js.gz | sed -e "s#/usr/share/cockpit/agama/po\.\(.*\)\.js\.gz#-I\n\\1*#")
+# additionally keep the en_US translations
+ls -1 "${IGNORE_OPTS[@]}" -I en_US /usr/share/locale/ | xargs -I% sh -c "echo 'Removing translations %...' && rm -rf /usr/share/locale/%"
+
+# delete locale definitions for unsupported languages (explicitly keep the C and en_US locales)
+ls -1 "${IGNORE_OPTS[@]}" -I "en_US*" -I "C.*" /usr/lib/locale/ | xargs -I% sh -c "echo 'Removing locale %...' && rm -rf /usr/lib/locale/%"
+
+# delete unused translations (MO files)
+for t in zypper gettext-runtime p11-kit polkit-1 xkeyboard-config; do
+    rm /usr/share/locale/*/LC_MESSAGES/$t.mo
+done
+du -h -s /usr/{share,lib}/locale/
+
+# remove documentation
+du -h -s /usr/share/doc/packages/
+rm -rf /usr/share/doc/packages/*
+# remove man pages
+du -h -s /usr/share/man
+rm -rf /usr/share/man/*
+
+## removing drivers and firmware makes the Live ISO about 370MiB smaller
+# sound related, Agama does not use sound, added by icewm dependencies
+rpm -e --nodeps alsa alsa-utils alsa-ucm-conf
+
+# driver and firmware cleanup
+# Note: openSUSE Tumbleweed Live completely removes firmware for some server
+# network cars, because you very likely won't run TW KDE Live on a server.
+# But for Agama installer it makes more sense to run on server. So we keep it
+# and remove the drivers for sound cards and TV cards instead. Those do not
+# make sense on a server.
+du -h -s /lib/modules /lib/firmware
+# delete sound drivers
+rm -rfv /lib/modules/*/kernel/sound
+# delete TV cards and radio cards
+rm -rfv /lib/modules/*/kernel/drivers/media/
+
+# remove the unused firmware (not referenced by kernel drivers)
+/fw_cleanup.rb --delete
+# remove the script, not needed anymore
+rm /fw_cleanup.rb
+du -h -s /lib/modules /lib/firmware
+
+################################################################################
+# The rest of the file was copied from the openSUSE Tumbleweed Live ISO
+# https://build.opensuse.org/package/view_file/openSUSE:Factory:Live/livecd-tumbleweed-kde/config.sh?expand=1
+#
+
+# disable the services included by dependencies
+for s in purge-kernels; do
+	systemctl -f disable $s || true
+done
+
+# Only used for OpenCL and X11 acceleration on vmwgfx (?), saves ~50MiB
+rpm -e --nodeps Mesa-gallium
+# Too big and will have to be dropped anyway (unmaintained, known security issues)
+rm -rf /usr/lib*/libmfxhw*.so.* /usr/lib*/mfx/
+
+# the new, optional nvidia gsp firmware blobs are huge - ~ 70MB
+du -h -s /lib/firmware/nvidia
+find /lib/firmware/nvidia -name gsp | xargs -r rm -rf
+du -h -s /lib/firmware/nvidia
+# The gems are unpackaged already, no need to store them twice
+du -h -s /usr/lib*/ruby/gems/*/cache/
+rm -rf /usr/lib*/ruby/gems/*/cache/
+
+# Not needed, boo#1166406
+rm -f /boot/vmlinux*.[gx]z
+rm -f /lib/modules/*/vmlinux*.[gx]z
+
+# Remove generated files (boo#1098535)
+rm -rf /var/cache/zypp/* /var/lib/zypp/AnonymousUniqueId /var/lib/systemd/random-seed

live/startup

@@ -0,0 +1,7 @@
+#!/usr/bin/env sh
+# Start a browser to connect to Agama's web user interface skipping the authentication.
+
+TOKEN_FILE=/run/agama/token
+TOKEN=$(cat $TOKEN_FILE)
+
+firefox --kiosk --profile $HOME/.mozilla/firefox/profile "http://localhost/login?token=$TOKEN"