diff options
author | Lars Wirzenius <liw@liw.fi> | 2023-08-13 09:51:28 +0000 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2023-08-13 09:51:28 +0000 |
commit | 0f224073900e0c36772d0b7fc52bf5110e1cfcfb (patch) | |
tree | 34e0c836c3560effc89c8f5222202928dc40df8f | |
parent | a9d2cea28f829c54bd941235efbf8e6558baf8dc (diff) | |
parent | e951ade481b6deffec7c458ecc5d18d45987a937 (diff) | |
download | v-i-0f224073900e0c36772d0b7fc52bf5110e1cfcfb.tar.gz |
Merge branch 'fixes' into 'main'v0.4
prepare 0.4 release
See merge request larswirzenius/v-i!57
-rw-r--r-- | NEWS.md | 16 | ||||
-rwxr-xr-x | configure-installer | 11 | ||||
-rwxr-xr-x | publish-release.sh | 17 | ||||
-rw-r--r-- | std.yml | 11 | ||||
-rw-r--r-- | tutorial.md | 40 | ||||
-rwxr-xr-x | v-i | 2 | ||||
-rwxr-xr-x | write-and-config.sh | 2 |
7 files changed, 78 insertions, 21 deletions
@@ -4,6 +4,22 @@ This file summarizes user-visible changes between releases of v-i, the vmdb2-based installer of Debian onto bare metal systems. +# Version 0.4, released 2023-08-13 + +Brown paper bag release. + +* Fix tutorial to actually work. Some examples were wrong or obsolete. + Some details were missing. Also, simplify things a little by + reducing unnecessary friction: for example, the download links now + work to the release version. + +* Fix `configure-installer` to deal with no host key or user CA key + being set. + +* Fix published files to be HTML, not Markdown, so they are easier to + read. + + # Version 0.3, released 2023-08-12 ## Major changes diff --git a/configure-installer b/configure-installer index 2e97354..269816b 100755 --- a/configure-installer +++ b/configure-installer @@ -50,7 +50,8 @@ class Config: log(f"reading configuration from {filename}") with open(filename) as f: obj = yaml.safe_load(f) - self.config.update(obj) + if obj is not None: + self.config.update(obj) for key in self.exandable: if self.config[key] is not None: self.config[key] = os.path.expanduser(self.config[key]) @@ -77,6 +78,8 @@ class Config: return cat(filename) cmd = self.config.get(f"{prefix}_cmd") + if cmd is None: + return None if hostname is not None: cmd = hostname.join(cmd.split("$HOST")) if cmd is not None: @@ -138,8 +141,8 @@ def dir_exists(mp, path): def host_id(config, mp, installer_hostname): key = config.host_key(installer_hostname) cert = config.host_cert(installer_hostname) - if key is None: - sys.exit("could not find host key for installer") + if key is None or cert is None: + return config_d = "/etc/ssh/sshd_config.d" host_key = "/etc/ssh/ssh_host_key" @@ -176,6 +179,8 @@ def authorized_keys(config, mp): def user_ca(config, mp): ca_key = config.user_ca_pub() + if ca_key is None: + return include = f"{mp}/etc/ssh/sshd_config.d/user_ca.conf" write(include, "TrustedUserCAKeys /etc/ssh/user_ca_pubs\n", 0, 0, 0o644) diff --git a/publish-release.sh b/publish-release.sh new file mode 100755 index 0000000..76c21d3 --- /dev/null +++ b/publish-release.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +set -euo pipefail + +img="$1" +dir="$2" + +version="$(basename "$dir")" + +mkdir "$dir" +xz -0vT0 <"$img" >"$dir/v-i.img.xz" +cp configure-installer write-and-config.sh "$dir/" +for file in NEWS.md README.md tutorial.md spec.md; do + sed "s/VERSION/$version/" "$file" >tmp.md + pandoc tmp.md -o "$dir/$(basename "$file" .md).html" + rm tmp.md +done @@ -116,10 +116,17 @@ name: ifupdown state: absent - - name: "enable the non-free-firmware component on bookworm" + - name: "enable the non-free-firmware component" when: debian_release != "bullseye" apt_repository: - repo: "deb http://deb.debian.org/debian {{ debian_release}} non-free-firmware" + repo: "deb http://deb.debian.org/debian {{ debian_release }} non-free-firmware" + state: present + update_cache: yes + + - name: "enable the non-free component" + when: debian_release == "bullseye" + apt_repository: + repo: "deb http://deb.debian.org/debian {{ debian_release }} non-free" state: present update_cache: yes diff --git a/tutorial.md b/tutorial.md index c8e48e0..53171f1 100644 --- a/tutorial.md +++ b/tutorial.md @@ -8,14 +8,13 @@ You need: The steps: -1. Download the installer image from - <https://files.liw.fi/v-i/v-i.img.xz>. You can use `curl` or `wget` - or your web browser. Use **one of** the following commands: - - ~~~sh - curl https://files.liw.fi/v-i/v-i.img.xz > v-i.img.xz - wget -c https://files.liw.fi/v-i/v-i.img.xz - ~~~ +1. Download the installer image (`v-i.img.xz`) and related scripts + (`configure-installer` and `write-and-config.sh`) from a + subdirectory or <https://files.liw.fi/v-i/>. + + * <https://files.liw.fi/v-i/VERSION/v-i.img.xz> + * <https://files.liw.fi/v-i/VERSION/configure-installer> + * <https://files.liw.fi/v-i/VERSION/write-and-config.sh> 2. Unpack the downloaded image. @@ -40,6 +39,14 @@ The steps: to log in as `root` using SSH. Password logins are not allowed for SSH. You can also log in via the console, as `root`, without a password. + + The installer configuration file can specify a wifi access point to + connect to, if you need that. + + ~~~yaml + wifi_name: DadItIsThisOne + wifi_password: hunter2 + ~~~ 4. Insert USB drive and find out the device allocated it. I prefer GNOME Disks for this, but you can also look up the device of the USB @@ -49,7 +56,7 @@ The steps: 5. Write the installer image to the USB drive, and configure it. ~~~sh - sudo ./write-and-config.sh config.yaml /dev/sdx v-i.img + sudo bash write-and-config.sh config.yaml /dev/sdx v-i.img ~~~ This will take a few minutes. @@ -58,8 +65,7 @@ The steps: prefer GNOME Disks for this, but from the command line: ~~~sh - sync - eject /dev/sdx + udisksctl power-off -b /dev/sdx ~~~ 7. Move the USB drive to the target machine and boot off the drive. @@ -75,7 +81,7 @@ The steps: ~~~sh iwctl station wlan0 get-networks - iwctl stations wlan0 connect DadItIsThisOne + iwctl station wlan0 connect DadItIsThisOne ~~~ Substitute the name of the network as needed. Enter wifi password @@ -87,11 +93,17 @@ The steps: will be encrypted using LUKS, with the password "hunter2". ~~~yaml + hostname: x220 drive: /dev/nvme0n1 luks: hunter2 + ansible_vars: + user_pub: | + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPQe6lsTapAxiwhhEeE/ixuK+5N8esCsMWoekQqjtxjP ~~~ - See [spec.md][] for a full description of the specification file. + The SSH public key will be added to the root user's + `authorized_keys` file. See [spec.md][] for a full description of + the target specification file. 10. Install. Add the `--verbose` option to `./v-i` if you want to know what's happening. The first time you run this on a given v-i USB @@ -115,5 +127,5 @@ The steps: 13. Optional: Let me know how it went. -[spec.md]: spec.md +[spec.md]: spec.html @@ -549,8 +549,8 @@ def main(): log(f"reading Ansible vars from {filename}") with open(filename) as f: vars_dict = yaml.safe_load(f) - vars_dict["debian_release"] = system.debian_release ansible_vars.update(vars_dict) + ansible_vars["debian_release"] = system.debian_release ansible_vars_json = json.dumps(ansible_vars, indent=4) log(f"ansible_vars:\n{ansible_vars_json}") timings.reached("read configuration") diff --git a/write-and-config.sh b/write-and-config.sh index 1d293d3..a758100 100755 --- a/write-and-config.sh +++ b/write-and-config.sh @@ -25,4 +25,4 @@ done echo echo "Configure installer" -./configure-installer "$config" "$dev" +python3 ./configure-installer "$config" "$dev" |