Added new configuration "efiMountOptions" to fstab.conf
When generating the fstab entry for the ESP, take the mount options from
the new configuration or fall back to "mountOptions".
- The mitigations are slightly intrusive, and may clash
with other, similar mitigations (especially for initramfs,
the recommended solution is to configure the system with
the snippet outside of Calamares).
- These tests exercise the createTargetFile() logic,
which is essential for creating a safe initramfs
configuration snippet.
- Could be moved into libcalamares instead, since the tests
are not really initramfs specific.
- This is a simple variation on the theme of things-that-call-a-
initramfs-updater, so the code is mostly a copy of initramfs/
module. I didn't even bother to strip out the configuration-
handling (I figure it might be good for *something*) so now
"" and "$uname" are valid kernel names as well.
- Fixes security issue where the initramfs ends up readable
by all, and that includes the cryptfile for LUKS.
SEE #1190
- Rename classes and functions to be more descriptive
(a LuksDevice is .. information for a LUKS device, for instance).
- Move the smarts of unpacking a QVariantMap to LuksDevice.
- Apply code formatting
- Use 120 seconds for update-initramfs, instead of 10. Previous
Python code had no timeout at all, which wasn't so hot either.
10 seconds, though, is too short for slow CPU & slow disk.
- new implementation handles blank (maps to "all") configuration,
- allows specifying "$uname" as kernel name, to use `uname -r`,
- allows specifying a specific kernel.
- after model resets, restore what was previously selected.
- This avoids having an **empty** combobox, SEE #1141 but does
not actually set it back to the value the user had previously
picked (e.g. changing swap settings **still** breaks the
selection).
- The sub-directories under libcalamares (e.g. Utils, ..)
all live in namespace CalamaresUtils (well, except for Logger).
The services (e.g. subdirs other than utils/) live in their
own nested namespace, so partitioning should go into
CalamaresUtils::Partition for consistency.
src/modules/bootloader/main.py (install_secureboot): Run the configured
grubMkconfig command (should be `grub-mkconfig` or `grub2-mkconfig`) to
create `/boot/efi/EFI/$efi_bootloader_id/grub.cfg`. The sb-shim is just
a chainloader to GRUB 2, which expects a grub.cfg in that location, so
something has to create it or the installed system will not boot beyond
the GRUB rescue shell.
(install_grub): Fix misleading comment above the grubMkconfig call: it
is not the file specified in grubCfg that should be already filled out
by the grubcfg job module, that file is written by `grub*-mkconfig`
using `/etc/default/grub` as the input file. It is that input file
`/etc/default/grub` that should already be filled out by the grubcfg job
module. (The same input file is used in install_secureboot.)
- The output of subprocess is a bytes object, which needs to
be decoded so we can use it like a regular string (alternatively,
we could have changed more code to manipulate bytes, but eventually
we need a string to pass to a subsequent command anyway).
- Centralize the sanitizer so that it's consistent in different
environments.
- While here, add () to the sanitizer to avoid some distro's with
parenthesized names from creating weird EFI dirs.
- FIXES#934
- Whether this is really wanted depends on the distro, and I'm not
100% convinced the likely tags from Unicode are correct (or it'd
take a lot more data). In any case, starting Calamares in "NL"
gets me "nl_NL" as translation; presumably starting it in "BE"
will get me that as well (what about Les Wallons?)
- This also shows off that it's a real hack to have so much program
logic in the *widget* parts of each ViewStep. Longer-term,
a lot of functionality should go to the ViewStep itself, which
will then control the UI.
- Which translations are available is a global property
of Calamares itself, not of the plugins, so getting
the model of available translations should live there.
Move the relevant code (which is simple) from the
Welcome module.
- Use namespace CalamaresUtils::Locale consistently for this service.
- Move locale-related non-GUI support code from the Welcome module
to libcalamares; these are generally useful. Both Label (naming a locale)
and LabelModel (managing a bunch of those Labels) have been moved.
On systems with SELinux enabled, we have to create the directories on
top of which we mount another partition or virtual file system (e.g.,
/dev) with the correct SELinux context, BEFORE we mount the other
partition. Otherwise, SELinux will get really confused when systemd
tries to recreate the mount tree for a private file system namespace for
a service. And unfortunately, even an autorelabel does not fix it
because it runs when /dev etc. are already mounted.
Without this fix, on Fedora >= 30, the system installed with Calamares
would fail to start the dbus-broker system bus, leading to several
important pieces of functionality not working (e.g., shutdown as
non-root).
On systems without SELinux enabled, chcon (which is part of coreutils)
will just print a warning and do nothing, so this should always be safe.
Instead of relying on a module-specific implementation, use the new
PartitionSize class for storing partition sizes.
Signed-off-by: Arnaud Ferraris <arnaud.ferraris@collabora.com>
Instead of relying on a module-specific implementation, use the new
PartitionSize class for storing partition sizes.
Signed-off-by: Arnaud Ferraris <arnaud.ferraris@collabora.com>
In order to prepare for future refactoring of the PartSize class, move
the bytesToSectors() function to libcalamares in the CalamaresUtils
namespace.
Signed-off-by: Arnaud Ferraris <arnaud.ferraris@collabora.com>
- This small header file contained a few unrelated typedefs.
Move those typedefs to the classes they relate to. This
**does** mean that some consumers need to #include something
else instead.
- Use type names more consistently.
Editorial: why are **pages** responsible for creating the jobs?
- Remove (heavy-handed) top-level include_directories, in favor
of more focused ones; this helps to make sure that the dependencies
ordering is correct.
src/modules/partition/jobs/ClearMountsJob.cpp
(ClearMountsJob::getCryptoDevices): Skip not only `/dev/mapper/control`,
but also `/dev/mapper/live-*`. Fedora live images use
`/dev/mapper/live-*` internally. We must not unmount those devices,
because they are used by the live image and because we need
`/dev/mapper/live-base` in the `unpackfs` module.
src/modules/unpackfs/main.py (UnpackOperation.mount_image): Check
whether entry.source is a regular file or a device and only use
`-o loop` on regular files, not devices.
At least on Fedora >= 29, `-o loop` fails on the read-only device
`/dev/mapper/live-base` (though `-o loop,ro` would be accepted).
- Use a named enum instead of a collection of booleans
- Support old-style configuration but complain about it
- Update AppImage config as well
The new setup allows four different restart modes: never,
always, user-unchecked and user-checked. The user-modes
are interactive and give the user a choice (defaulting to
unchecked-don't-restart and checked-do-restart respectively).
The non-interactive versions vary in how they are
displayed.
- deprecate the old entries
- use a geoip sub-map for GeoIP configuration
- polish up documentation
- drop mention of blank and "legacy" styles for GeoIP config,
just update your URLs already.
- If KPMCore is not found, don't require the KF5 components
that it would depend on.
- If ECM is found, use KDEInstallDirs always, not just when
the partitioning module is used.
- OEMID is a module for configuring phase-0 things for an OEM,
like batch-ID. This is just a stub.
- Currently planned functionality is limited to just batch-ID.
- The only remaining functions in the file are string-related, so
rename to match their purpose.
- Drop this include file from most places, since they don't actually
use the string functionality at all.
- Remaining modules [networkcfg] [openrcdmcryptcfg] [rawfs] with
code that throws on bad configuration. Replace with meaningful
error messages, to better check cases of SyntaxError &c.
- One might argue whether an empty list of partitions to mount is
a bad thing. It suggests that the partition module wasn't used,
and so we're in an OEM situation -- but then everything should
already be mounted anyway. That's why I choose empty -> bail.
- [initcpio] remove superfluous inner function
- [initcpio] catch errors from mkinitcpio itself and report them in a nice
readable format.
- Save translators the effort of doing a dozen messages
with just the name of the module changed. All of these modules
bail out on bad configurations with a meaningful message.
- [initcpiocfg]
- [fstab]
- [initramfscfg]
- [localecfg]
- [luksbootkeyfile]
- [luksopenswaphookcfg]
- [machineid] Warn on bad config. It's conceivable that this is run
with an empty rootMountPoint (i.e. "") to modify the running system,
so only bail on None.
- Load full text, toggle display
- Swap Up and Down arrow semantics on button, to match usual
text-editor display (down means it's expanded, displayed)
- If all of the licenses are optional, you should be able to
continue without accepting. Refactor to a single visible
slot to check the conditions.
- Always set the globalsettings value; to "false" on entry
to make sure it's there.
- When setting the list of entries, check the conditions
(because if the list is empty, or all of them are optional,
then it's ok to continue).
FIXES#1124FIXES#1125
- QVector is a better match with passing in QStringList, otherwise
you end up dealing with Qt's int indexes vs. std::vector's uint
indexes everywhere.
- Introduce find()
