fedora-qiot.ks

# This is the kickstart for Fedora IoT disk images.

text # don't use cmdline -- https://github.com/rhinstaller/anaconda/issues/931
lang en_US.UTF-8
keyboard us
timezone --utc Etc/UTC

selinux --enforcing
rootpw --lock --iscrypted locked

bootloader --timeout=1 --append="net.ifnames=0 modprobe.blacklist=vc4 iomem=relaxed strict-devmem=0"

network --bootproto=dhcp --device=link --activate --onboot=on
services --enabled=NetworkManager,sshd,rngd

zerombr
clearpart --all --initlabel --disklabel=msdos
autopart --nohome --noswap --type=plain

# Equivalent of %include fedora-repo.ks
# Pull from the ostree repo that was created during the compose
ostreesetup --nogpg --osname=fedora-iot --remote=fedora-iot --url=https://kojipkgs.fedoraproject.org/compose/iot/repo/ --ref=fedora/stable/${basearch}/iot

reboot

%post --erroronfail --log=/root/ks-post.log
# Find the architecture we are on
arch=$(uname -m)
if [[ $arch == "armv7l" ]]; then
    arch="armhfp"
fi

# Setup Raspberry Pi firmware
if [[ $arch == "aarch64" ]] || [[ $arch == "armhfp" ]]; then
if [[ $arch == "aarch64" ]]; then
cp -P /usr/share/uboot/rpi_3/u-boot.bin /boot/efi/rpi3-u-boot.bin
cp -P /usr/share/uboot/rpi_4/u-boot.bin /boot/efi/rpi4-u-boot.bin
else
cp -P /usr/share/uboot/rpi_2/u-boot.bin /boot/efi/rpi2-u-boot.bin
cp -P /usr/share/uboot/rpi_3_32b/u-boot.bin /boot/efi/rpi3-u-boot.bin
cp -P /usr/share/uboot/rpi_4_32b/u-boot.bin /boot/efi/rpi4-u-boot.bin
fi
fi

########## QIoT custom U-Boot ##########
# Write custom config.txt
cat <<EOT > /etc/fw_env.config
# VFAT
/boot/efi/uboot.env     0x0000          0x4000
EOT

# disable boot delay in U-Boot 
fw_setenv bootdelay -- -2
########## QIoT custom U-Boot ##########

########## QIoT custom CONFIG.TXT ##########
# Write custom config.txt
cat <<EOT > /boot/efi/config.txt
[pi3]
kernel=rpi3-u-boot.bin
[all]
arm_64bit=1
dtparam=i2c_arm=on
dtparam=spi=on
enable_uart=1
bootcode_delay=1
gpu_mem=32
start_x=1
upstream_kernel=1
dtoverlay=miniuart-bt
dtoverlay=adau7002-simple
dtoverlay=upstream
mask_gpu_interrupt1=0x100
audio_pwm_mode=0
EOT
########## QIoT custom CONFIG.TXT ##########

# Set the origin to the "main ref", distinct from /updates/ which is where bodhi writes.
# We want consumers of this image to track the two week releases.
ostree admin set-origin --index 0 fedora-iot https://dl.fedoraproject.org/iot/repo/ "fedora/stable/${arch}/iot"

# Make sure the ref we're supposedly sitting on (according
# to the updated origin) exists.
ostree refs "fedora-iot:fedora/stable/${arch}/iot" --create "fedora-iot:fedora/stable/${arch}/iot"

# Remove the old ref so that the commit eventually gets cleaned up.
ostree refs "fedora-iot:fedora/stable/${arch}/iot" --delete

# delete/add the remote with new options to enable gpg verification
# and to point them at the cdn url
ostree remote delete fedora-iot
ostree remote add --set=gpg-verify=true --set=gpgkeypath=/etc/pki/rpm-gpg/ --set=contenturl=mirrorlist=https://ostree.fedoraproject.org/iot/mirrorlist  fedora-iot 'https://ostree.fedoraproject.org/iot'

# We're getting a stray console= from somewhere, work around it
rpm-ostree kargs --delete=console=tty0

# older versions of livecd-tools do not follow "rootpw --lock" line above
# https://bugzilla.redhat.com/show_bug.cgi?id=964299
passwd -l root

# Work around https://bugzilla.redhat.com/show_bug.cgi?id=1193590
cp /etc/skel/.bash* /var/roothome

########## Adding customization QIoT project ##########
# firewall
systemctl disable firewalld

# 'edge' user
useradd edge
echo "edge" | passwd --stdin edge
usermod edge -a -G wheel

# folder struct
mkdir -p /var/home/edge/qiot/driver
mkdir -p /var/home/edge/qiot/containers/sensor/base/test
mkdir -p /var/home/edge/qiot/containers/sensor/service
mkdir -p /var/home/edge/qiot/containers/edge/volume/https
curl -LJ https://github.com/qiot-project/qiot-covid19-datahub-registration/raw/main/src/main/resources/certs/https/client.ks -o /var/home/edge/qiot/containers/edge/volume/https/client.ks
curl -LJ https://github.com/qiot-project/qiot-covid19-datahub-registration/raw/main/src/main/resources/certs/https/client.ts -o /var/home/edge/qiot/containers/edge/volume/https/client.ts
chown edge:edge -R /var/home/edge
chmod 777 /var/home/edge/qiot/containers/edge/volume

# i2c drivers
sudo groupadd i2cuser
sudo usermod edge -G i2cuser -a
echo "SUBSYSTEM==\"i2c-dev\", GROUP=\"i2cuser\", MODE=\"0660\"" | tee /etc/udev/rules.d/50-i2c.rules
rpm-ostree install i2c-tools

# container engine
podman network create qiot
########## Adding customization QIoT project ##########


# Remove any persistent NIC rules generated by udev
rm -vf /etc/udev/rules.d/*persistent-net*.rules
# And ensure that we will do DHCP on eth0 on startup
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
DEVICE="eth0"
BOOTPROTO="dhcp"
ONBOOT="yes"
TYPE="Ethernet"
PERSISTENT_DHCLIENT="yes"
EOF

echo "Removing random-seed so it's not the same in every image."
rm -f /var/lib/systemd/random-seed

echo "Packages within this iot image:"
echo "-----------------------------------------------------------------------"
rpm -qa --qf '%{size}\t%{name}-%{version}-%{release}.%{arch}\n' |sort -rn
echo "-----------------------------------------------------------------------"
# Note that running rpm recreates the rpm db files which aren't needed/wanted
rm -f /var/lib/rpm/__db*

echo "Zeroing out empty space."
# This forces the filesystem to reclaim space from deleted files
dd bs=1M if=/dev/zero of=/var/tmp/zeros || :
rm -f /var/tmp/zeros
echo "(Don't worry -- that out-of-space error was expected.)"

# For trac ticket https://pagure.io/atomic-wg/issue/128
rm -f /etc/sysconfig/network-scripts/ifcfg-ens3

# Anaconda is writing an /etc/resolv.conf from the install environment.
# The system should start out with an empty file, otherwise cloud-init
# will try to use this information and may error:
# https://bugs.launchpad.net/cloud-init/+bug/1670052
truncate -s 0 /etc/resolv.conf

%end