From 2adc2bd0b5cca01e1a0883a956fe607fc8d4d675 Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Sun, 13 Aug 2023 09:53:58 +0300 Subject: fix(v-i, std.yml): always set the Ansible variable debian_release Also enable the non-free components on bullseye, for wifi firmware. Sponsored-by: author --- std.yml | 11 +++++++++-- v-i | 2 +- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/std.yml b/std.yml index 08724a9..a69b6bb 100644 --- a/std.yml +++ b/std.yml @@ -116,10 +116,17 @@ name: ifupdown state: absent - - name: "enable the non-free-firmware component on bookworm" + - name: "enable the non-free-firmware component" when: debian_release != "bullseye" apt_repository: - repo: "deb http://deb.debian.org/debian {{ debian_release}} non-free-firmware" + repo: "deb http://deb.debian.org/debian {{ debian_release }} non-free-firmware" + state: present + update_cache: yes + + - name: "enable the non-free component" + when: debian_release == "bullseye" + apt_repository: + repo: "deb http://deb.debian.org/debian {{ debian_release }} non-free" state: present update_cache: yes diff --git a/v-i b/v-i index 96b76e6..4430918 100755 --- a/v-i +++ b/v-i @@ -549,8 +549,8 @@ def main(): log(f"reading Ansible vars from {filename}") with open(filename) as f: vars_dict = yaml.safe_load(f) - vars_dict["debian_release"] = system.debian_release ansible_vars.update(vars_dict) + ansible_vars["debian_release"] = system.debian_release ansible_vars_json = json.dumps(ansible_vars, indent=4) log(f"ansible_vars:\n{ansible_vars_json}") timings.reached("read configuration") -- cgit v1.2.1 From b62fca3ec660907d2c5517a06b1be4e5067261b8 Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Sun, 13 Aug 2023 10:23:03 +0300 Subject: chore: add helper script to publish release artifacts Sponsored-by: author --- publish-release.sh | 17 +++++++++++++++++ tutorial.md | 17 ++++++++--------- 2 files changed, 25 insertions(+), 9 deletions(-) create mode 100755 publish-release.sh diff --git a/publish-release.sh b/publish-release.sh new file mode 100755 index 0000000..741b17b --- /dev/null +++ b/publish-release.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +set -euo pipefail + +img="$1" +dir="$2" + +version="$(basename "$dir")" + +mkdir "$dir" +xz -0vT0 <"$img" >"$dir/v-i.img.xz" +cp configure-installer write-and-config.sh "$dir/" +for file in NEWS.md README.md tutorial.md; do + sed "s/VERSION/$version/" "$file" >tmp.md + pandoc tmp.md -o "$dir/$(basename "$file" .md).html" + rm tmp.md +done diff --git a/tutorial.md b/tutorial.md index c8e48e0..5ba8ce4 100644 --- a/tutorial.md +++ b/tutorial.md @@ -8,14 +8,13 @@ You need: The steps: -1. Download the installer image from - . You can use `curl` or `wget` - or your web browser. Use **one of** the following commands: - - ~~~sh - curl https://files.liw.fi/v-i/v-i.img.xz > v-i.img.xz - wget -c https://files.liw.fi/v-i/v-i.img.xz - ~~~ +1. Download the installer image (`v-i.img.xz`) and related scripts + (`configure-installer` and `write-and-config.sh`) from a + subdirectory or . + + * + * + * 2. Unpack the downloaded image. @@ -49,7 +48,7 @@ The steps: 5. Write the installer image to the USB drive, and configure it. ~~~sh - sudo ./write-and-config.sh config.yaml /dev/sdx v-i.img + sudo bash write-and-config.sh config.yaml /dev/sdx v-i.img ~~~ This will take a few minutes. -- cgit v1.2.1 From 265daf6c6f263a0d29ff05edd894fea1a9035618 Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Sun, 13 Aug 2023 11:19:45 +0300 Subject: fix(configure-installer): handle host id or user ca not configured Sponsored-by: author --- configure-installer | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/configure-installer b/configure-installer index 2e97354..269816b 100755 --- a/configure-installer +++ b/configure-installer @@ -50,7 +50,8 @@ class Config: log(f"reading configuration from {filename}") with open(filename) as f: obj = yaml.safe_load(f) - self.config.update(obj) + if obj is not None: + self.config.update(obj) for key in self.exandable: if self.config[key] is not None: self.config[key] = os.path.expanduser(self.config[key]) @@ -77,6 +78,8 @@ class Config: return cat(filename) cmd = self.config.get(f"{prefix}_cmd") + if cmd is None: + return None if hostname is not None: cmd = hostname.join(cmd.split("$HOST")) if cmd is not None: @@ -138,8 +141,8 @@ def dir_exists(mp, path): def host_id(config, mp, installer_hostname): key = config.host_key(installer_hostname) cert = config.host_cert(installer_hostname) - if key is None: - sys.exit("could not find host key for installer") + if key is None or cert is None: + return config_d = "/etc/ssh/sshd_config.d" host_key = "/etc/ssh/ssh_host_key" @@ -176,6 +179,8 @@ def authorized_keys(config, mp): def user_ca(config, mp): ca_key = config.user_ca_pub() + if ca_key is None: + return include = f"{mp}/etc/ssh/sshd_config.d/user_ca.conf" write(include, "TrustedUserCAKeys /etc/ssh/user_ca_pubs\n", 0, 0, 0o644) -- cgit v1.2.1 From 25ee42219476595521107bb395beaf32e141d5f5 Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Sun, 13 Aug 2023 10:51:23 +0300 Subject: docs(tutorial.md): tidy up and make things smoother for user We now tell user to run write-and-config.sh using bash, to avoid having to tell user to make the scripts executable. Fix the command to "eject" (power down) installer drive. Fix sample target spec by adding hostname. Also, show how install an SSH key to root's authorized_keys. Show how to pre-configure installer for wifi.a Link to target spec spec from installer. Sponsored-by: author --- publish-release.sh | 2 +- tutorial.md | 23 ++++++++++++++++++----- write-and-config.sh | 2 +- 3 files changed, 20 insertions(+), 7 deletions(-) diff --git a/publish-release.sh b/publish-release.sh index 741b17b..76c21d3 100755 --- a/publish-release.sh +++ b/publish-release.sh @@ -10,7 +10,7 @@ version="$(basename "$dir")" mkdir "$dir" xz -0vT0 <"$img" >"$dir/v-i.img.xz" cp configure-installer write-and-config.sh "$dir/" -for file in NEWS.md README.md tutorial.md; do +for file in NEWS.md README.md tutorial.md spec.md; do sed "s/VERSION/$version/" "$file" >tmp.md pandoc tmp.md -o "$dir/$(basename "$file" .md).html" rm tmp.md diff --git a/tutorial.md b/tutorial.md index 5ba8ce4..53171f1 100644 --- a/tutorial.md +++ b/tutorial.md @@ -39,6 +39,14 @@ The steps: to log in as `root` using SSH. Password logins are not allowed for SSH. You can also log in via the console, as `root`, without a password. + + The installer configuration file can specify a wifi access point to + connect to, if you need that. + + ~~~yaml + wifi_name: DadItIsThisOne + wifi_password: hunter2 + ~~~ 4. Insert USB drive and find out the device allocated it. I prefer GNOME Disks for this, but you can also look up the device of the USB @@ -57,8 +65,7 @@ The steps: prefer GNOME Disks for this, but from the command line: ~~~sh - sync - eject /dev/sdx + udisksctl power-off -b /dev/sdx ~~~ 7. Move the USB drive to the target machine and boot off the drive. @@ -74,7 +81,7 @@ The steps: ~~~sh iwctl station wlan0 get-networks - iwctl stations wlan0 connect DadItIsThisOne + iwctl station wlan0 connect DadItIsThisOne ~~~ Substitute the name of the network as needed. Enter wifi password @@ -86,11 +93,17 @@ The steps: will be encrypted using LUKS, with the password "hunter2". ~~~yaml + hostname: x220 drive: /dev/nvme0n1 luks: hunter2 + ansible_vars: + user_pub: | + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPQe6lsTapAxiwhhEeE/ixuK+5N8esCsMWoekQqjtxjP ~~~ - See [spec.md][] for a full description of the specification file. + The SSH public key will be added to the root user's + `authorized_keys` file. See [spec.md][] for a full description of + the target specification file. 10. Install. Add the `--verbose` option to `./v-i` if you want to know what's happening. The first time you run this on a given v-i USB @@ -114,5 +127,5 @@ The steps: 13. Optional: Let me know how it went. -[spec.md]: spec.md +[spec.md]: spec.html diff --git a/write-and-config.sh b/write-and-config.sh index 1d293d3..a758100 100755 --- a/write-and-config.sh +++ b/write-and-config.sh @@ -25,4 +25,4 @@ done echo echo "Configure installer" -./configure-installer "$config" "$dev" +python3 ./configure-installer "$config" "$dev" -- cgit v1.2.1 From e951ade481b6deffec7c458ecc5d18d45987a937 Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Sun, 13 Aug 2023 12:45:07 +0300 Subject: docs(NEWS.md): prepare for upcoming release Sponsored-by: author --- NEWS.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/NEWS.md b/NEWS.md index d844266..a8b70c7 100644 --- a/NEWS.md +++ b/NEWS.md @@ -4,6 +4,22 @@ This file summarizes user-visible changes between releases of v-i, the vmdb2-based installer of Debian onto bare metal systems. +# Version 0.4, released 2023-08-13 + +Brown paper bag release. + +* Fix tutorial to actually work. Some examples were wrong or obsolete. + Some details were missing. Also, simplify things a little by + reducing unnecessary friction: for example, the download links now + work to the release version. + +* Fix `configure-installer` to deal with no host key or user CA key + being set. + +* Fix published files to be HTML, not Markdown, so they are easier to + read. + + # Version 0.3, released 2023-08-12 ## Major changes -- cgit v1.2.1