When the rootfs partition is read-only, mount points for the other
partitions cannot be created, therefore they need to be created in a
tmpfs, already mounted somewhere in `/`.
However, the extra mounts are only mounted at the end, which causes an
error as no tmpfs is currently mounted.
This patch makes sure all extra mounts are mounted right after the `/`
partition, allowing the use of a read-only rootfs.
Signed-off-by: Arnaud Ferraris <arnaud.ferraris@collabora.com>
This variable is declared in `if m:`. Of course if this codepath doesn't
run, the variable is not declared an Python doesn't like this kind of
surprise...
Signed-off-by: Arnaud Rebillout <arnaud.rebillout@collabora.com>
- If KPMcore is found -- it requires some other KDE Frameworks but
at least in pre-4.0 versions doesn't check very well for them --
then missing its dependencies is no cause for CMake failure.
Instead, log it nicely and suppress the module.
- calamares_automoc() sets AUTOMOC, but also adds some flags
to avoid compilation warnings from the generated MOC code.
- drop weird hard-coded include paths
- KDE and GNOME selection images were drawn by me for the bogus
package model, and should not be used.
- Keep Calamares logo though, even if it doesn't make much sense
to use it in package selection.
- Keep the no-selection image since it might be used more often,
but it's not very good.
- The ID and Screenshot entries might be weird in AppData (in particular,
a remove URL) so put those back under the control of Calamares even
when using AppData as the source of descriptions.
- Document all the static inline methods that do the work
- Fill up a QVariantMap from <name>, <summary> and <description><p>
elements, and use that to initialize the PackageItem.
- Doing a manual read of the XML, since existing appdata libraries
don't seem to have a convenient entry for what I need.
- Expand tests to loading AppData (currently, they fail).
- Add a FALLTHRU macro to annotate fallthrough situations in both
Clang and GCC,
- Annotate intentional fallthroughs.
- Add missing break which meant that the selection mode was
always multiple-selection.
- Using id's as keys in a map orders them indeterminately -- in
practice, alphabetically by key. Switch to a list form so that
the products stick to the order they have in the config file
(which means distro's can list "preferred" versions at top).
Package chooser is a **low density** package selector -- unlike
netinstall which offers a high density tree view -- for picking
zero, one, or more items from a small collection of packages.
This can be used, e.g., for "pick exactly one desktop environment",
"pick zero or more text editors" which can then be installed
by another module. The UI is big and shiny (rather than netinstall's
text-based tree view) and isn't suitable for more than a dozen or
so items.
- preservefiles generally needs to have the target filesystems
mounted, so that it can preserve to them; but you can also
configure it such that there is no need for mounted filesystems
(e.g. in OEM setup).
- Add an example line in CMakeLists.txt to show how that would be done.
- The mount module must happen before unpackfs because that (mount)
module sets up the root mount point (in /tmp) and some other
variables needed later.
Added new configuration "efiMountOptions" to fstab.conf
When generating the fstab entry for the ESP, take the mount options from
the new configuration or fall back to "mountOptions".
- The mitigations are slightly intrusive, and may clash
with other, similar mitigations (especially for initramfs,
the recommended solution is to configure the system with
the snippet outside of Calamares).
- These tests exercise the createTargetFile() logic,
which is essential for creating a safe initramfs
configuration snippet.
- Could be moved into libcalamares instead, since the tests
are not really initramfs specific.
- This is a simple variation on the theme of things-that-call-a-
initramfs-updater, so the code is mostly a copy of initramfs/
module. I didn't even bother to strip out the configuration-
handling (I figure it might be good for *something*) so now
"" and "$uname" are valid kernel names as well.
- Fixes security issue where the initramfs ends up readable
by all, and that includes the cryptfile for LUKS.
SEE #1190
- Rename classes and functions to be more descriptive
(a LuksDevice is .. information for a LUKS device, for instance).
- Move the smarts of unpacking a QVariantMap to LuksDevice.
- Apply code formatting
- Use 120 seconds for update-initramfs, instead of 10. Previous
Python code had no timeout at all, which wasn't so hot either.
10 seconds, though, is too short for slow CPU & slow disk.
- new implementation handles blank (maps to "all") configuration,
- allows specifying "$uname" as kernel name, to use `uname -r`,
- allows specifying a specific kernel.
- after model resets, restore what was previously selected.
- This avoids having an **empty** combobox, SEE #1141 but does
not actually set it back to the value the user had previously
picked (e.g. changing swap settings **still** breaks the
selection).
- The sub-directories under libcalamares (e.g. Utils, ..)
all live in namespace CalamaresUtils (well, except for Logger).
The services (e.g. subdirs other than utils/) live in their
own nested namespace, so partitioning should go into
CalamaresUtils::Partition for consistency.
src/modules/bootloader/main.py (install_secureboot): Run the configured
grubMkconfig command (should be `grub-mkconfig` or `grub2-mkconfig`) to
create `/boot/efi/EFI/$efi_bootloader_id/grub.cfg`. The sb-shim is just
a chainloader to GRUB 2, which expects a grub.cfg in that location, so
something has to create it or the installed system will not boot beyond
the GRUB rescue shell.
(install_grub): Fix misleading comment above the grubMkconfig call: it
is not the file specified in grubCfg that should be already filled out
by the grubcfg job module, that file is written by `grub*-mkconfig`
using `/etc/default/grub` as the input file. It is that input file
`/etc/default/grub` that should already be filled out by the grubcfg job
module. (The same input file is used in install_secureboot.)
- The output of subprocess is a bytes object, which needs to
be decoded so we can use it like a regular string (alternatively,
we could have changed more code to manipulate bytes, but eventually
we need a string to pass to a subsequent command anyway).
- Centralize the sanitizer so that it's consistent in different
environments.
- While here, add () to the sanitizer to avoid some distro's with
parenthesized names from creating weird EFI dirs.
- FIXES#934
- Whether this is really wanted depends on the distro, and I'm not
100% convinced the likely tags from Unicode are correct (or it'd
take a lot more data). In any case, starting Calamares in "NL"
gets me "nl_NL" as translation; presumably starting it in "BE"
will get me that as well (what about Les Wallons?)
- This also shows off that it's a real hack to have so much program
logic in the *widget* parts of each ViewStep. Longer-term,
a lot of functionality should go to the ViewStep itself, which
will then control the UI.
- Which translations are available is a global property
of Calamares itself, not of the plugins, so getting
the model of available translations should live there.
Move the relevant code (which is simple) from the
Welcome module.
- Use namespace CalamaresUtils::Locale consistently for this service.
- Move locale-related non-GUI support code from the Welcome module
to libcalamares; these are generally useful. Both Label (naming a locale)
and LabelModel (managing a bunch of those Labels) have been moved.
On systems with SELinux enabled, we have to create the directories on
top of which we mount another partition or virtual file system (e.g.,
/dev) with the correct SELinux context, BEFORE we mount the other
partition. Otherwise, SELinux will get really confused when systemd
tries to recreate the mount tree for a private file system namespace for
a service. And unfortunately, even an autorelabel does not fix it
because it runs when /dev etc. are already mounted.
Without this fix, on Fedora >= 30, the system installed with Calamares
would fail to start the dbus-broker system bus, leading to several
important pieces of functionality not working (e.g., shutdown as
non-root).
On systems without SELinux enabled, chcon (which is part of coreutils)
will just print a warning and do nothing, so this should always be safe.
Instead of relying on a module-specific implementation, use the new
PartitionSize class for storing partition sizes.
Signed-off-by: Arnaud Ferraris <arnaud.ferraris@collabora.com>
Instead of relying on a module-specific implementation, use the new
PartitionSize class for storing partition sizes.
Signed-off-by: Arnaud Ferraris <arnaud.ferraris@collabora.com>
In order to prepare for future refactoring of the PartSize class, move
the bytesToSectors() function to libcalamares in the CalamaresUtils
namespace.
Signed-off-by: Arnaud Ferraris <arnaud.ferraris@collabora.com>
- This small header file contained a few unrelated typedefs.
Move those typedefs to the classes they relate to. This
**does** mean that some consumers need to #include something
else instead.
- Use type names more consistently.
Editorial: why are **pages** responsible for creating the jobs?
- Remove (heavy-handed) top-level include_directories, in favor
of more focused ones; this helps to make sure that the dependencies
ordering is correct.
src/modules/partition/jobs/ClearMountsJob.cpp
(ClearMountsJob::getCryptoDevices): Skip not only `/dev/mapper/control`,
but also `/dev/mapper/live-*`. Fedora live images use
`/dev/mapper/live-*` internally. We must not unmount those devices,
because they are used by the live image and because we need
`/dev/mapper/live-base` in the `unpackfs` module.
src/modules/unpackfs/main.py (UnpackOperation.mount_image): Check
whether entry.source is a regular file or a device and only use
`-o loop` on regular files, not devices.
At least on Fedora >= 29, `-o loop` fails on the read-only device
`/dev/mapper/live-base` (though `-o loop,ro` would be accepted).
- Use a named enum instead of a collection of booleans
- Support old-style configuration but complain about it
- Update AppImage config as well
The new setup allows four different restart modes: never,
always, user-unchecked and user-checked. The user-modes
are interactive and give the user a choice (defaulting to
unchecked-don't-restart and checked-do-restart respectively).
The non-interactive versions vary in how they are
displayed.
- deprecate the old entries
- use a geoip sub-map for GeoIP configuration
- polish up documentation
- drop mention of blank and "legacy" styles for GeoIP config,
just update your URLs already.
- If KPMCore is not found, don't require the KF5 components
that it would depend on.
- If ECM is found, use KDEInstallDirs always, not just when
the partitioning module is used.
