diff options
Diffstat (limited to 'make_slackware_live.sh')
-rwxr-xr-x | make_slackware_live.sh | 706 |
1 files changed, 562 insertions, 144 deletions
diff --git a/make_slackware_live.sh b/make_slackware_live.sh index 87838d5..e91f1a4 100755 --- a/make_slackware_live.sh +++ b/make_slackware_live.sh @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Eric Hameleers, Eindhoven, NL +# Copyright 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023 Eric Hameleers, Eindhoven, NL # All rights reserved. # # Permission to use, copy, modify, and distribute this software for @@ -35,7 +35,7 @@ # ----------------------------------------------------------------------------- # Version of the Live OS generator: -VERSION="1.3.9.4" +VERSION="1.8.1.1" # Timestamp: THEDATE=$(date +%Y%m%d) @@ -67,7 +67,27 @@ BOOTLOADSIZE=${BOOTLOADSIZE:-4} # Therefore we disable 32bit EFI by default. Enable at your own peril: EFI32=${EFI32:-"NO"} -# Set to YES if you want to use the SMP kernel on 32bit Slackware: +# Set to '1' using the "-S" parameter to the script, +# if the liveslak ISO should support SecureBoot-enabled computers: +SECUREBOOT=0 + +# Which shim to download and install? +# Supported are 'debian' 'fedora' 'opensuse'. +SHIM_3RDP=${SHIM_3RDP:-"fedora"} + +# When enabling SecureBoot support, we need a MOK certificate plus private key, +# which we use to sign grub and kernel. +# MOKCERT contains the location of the certificate, +# to be defined through the '-S' parameter: +MOKCERT="" +# MOKPRIVKEY points to the location of the private key, +# to be defined through the '-S' parameter: +MOKPRIVKEY="" + +# Set to YES if you want to use a SMP-tagged kernel package +# on 32bit Slackware 15.0 or earlier. +# In 32bit Slackware > 15.0 all kernels support preemption and the '-smp' +# tag has been removed. SMP32=${SMP32:-"NO"} # Include support for NFS root (PXE boot), will increase size of the initrd: @@ -161,8 +181,9 @@ ONLY_ISO="NO" # The name of the directory used for storing persistence data: PERSISTENCE=${PERSISTENCE:-"persistence"} -# Add a Core OS to load into RAM (currently supported for XFCE, LEAN, DAW): +# Add a Core OS to load into RAM (value can be 'NO', 'YES' or 'NATIVE'): CORE2RAM=${CORE2RAM:-"NO"} +# The MINLIST module must always be the first in CORE2RAMMODS: CORE2RAMMODS="${MINLIST} noxbase" # Slackware version to use (note: this won't work for Slackware <= 14.1): @@ -182,14 +203,20 @@ SL_REPO_URL=${SL_REPO_URL:-"rsync.osuosl.org::slackware"} DEF_SL_REPO_URL=${SL_REPO_URL} # List of Slackware package series - each will become a squashfs module: -SEQ_SLACKWARE="tagfile:a,ap,d,e,f,k,kde,l,n,t,tcl,x,xap,xfce,y pkglist:slackextra" +if [ "$(echo ${SL_VERSION}|cut -d. -f1)" == "14" ]; then + # Slackware up and until 14.2 has KDE4 which includes the 'kdei' package set: + SEQ_SLACKWARE="tagfile:a,ap,d,e,f,k,kde,kdei,l,n,t,tcl,x,xap,xfce,y pkglist:slackextra" +else + # Exclude Emacs to keep the ISO size below DVD size: + SEQ_SLACKWARE="tagfile:a,ap,d,f,k,kde,l,n,t,tcl,x,xap,xfce,y pkglist:slackextra" +fi # Stripped-down Slackware with XFCE as the Desktop Environment: # - each series will become a squashfs module: -SEQ_XFCEBASE="${MINLIST},noxbase,x_base,xapbase,xfcebase local:mcpp" +SEQ_XFCEBASE="pkglist:${MINLIST},noxbase,x_base,xapbase,xfcebase local:mcpp" # Stripped-down Base Slackware: -SEQ_LEAN="pkglist:${MINLIST},noxbase,x_base,xapbase,xfcebase,slackpkgplus,z00_plasma5supp,z01_plasma5base" +SEQ_LEAN="pkglist:${MINLIST},noxbase,x_base,xapbase,xfcebase,slackpkgplus,z00_plasma5supp,z01_plasma5base,z01_swdev" # Stripped-down Slackware DAW with Plasma5 as the Desktop Environment: # - each series will become a squashfs module. @@ -198,7 +225,7 @@ SEQ_DAW="pkglist:${MINLIST},noxbase,x_base,xapbase,slackpkgplus,z00_plasma5supp, # Slackware with 'ktown' Plasma5 instead of its own KDE (full install): # - each will become a squashfs module: -SEQ_KTOWN="tagfile:a,ap,d,e,f,k,l,n,t,tcl,x,xap,xfce,y pkglist:ktown,ktownalien,slackextra,slackpkgplus" +SEQ_KTOWN="tagfile:a,ap,d,f,k,l,n,t,tcl,x,xap,xfce,y pkglist:ktownslack,ktown,ktownalien,slackextra,slackpkgplus" # List of Slackware package series with MSB instead of KDE (full install): # - each will become a squashfs module: @@ -217,12 +244,20 @@ SEQ_DLACK="tagfile:a,ap,d,e,f,k,l,n,t,tcl,x,xap pkglist:dlackware,slackextra,sys SEQ_STUDW="tagfile:a,ap,d,e,f,k,kde,l,n,t,tcl,x,xap,xfce,y pkglist:slackextra,slackpkgplus,studioware" # Package blacklists for variants: -BLACKLIST_XFCE="lynx mc" +#BLACKLIST_DAW="seamonkey" +#BLACKLIST_LEAN="seamonkey" +BLACKLIST_SLACKWARE="calligra calligraplan gcc-gdc gcc-gfortran gcc-gnat gcc-objc krita kstars seamonkey" +#BLACKLIST_XFCE="gst-plugins-bad-free lynx mc motif mozilla-firefox pidgin xlockmore" + +# Potentially we will use package(s) from 'testing' instead of regular repo: +#TESTINGLIST_DAW="kernel-generic kernel-modules kernel-headers kernel-source" +TESTINGLIST_DAW="" # -- START: Used verbatim in upslak.sh -- # # List of kernel modules required for a live medium to boot properly; -# Lots of HID modules added to support keyboard input for LUKS password entry: -KMODS=${KMODS:-"squashfs:overlay:loop:xhci-pci:ohci-pci:ehci-pci:xhci-hcd:uhci-hcd:ehci-hcd:mmc-core:mmc-block:sdhci:sdhci-pci:sdhci-acpi:usb-storage:hid:usbhid:i2c-hid:hid-generic:hid-apple:hid-cherry:hid-logitech:hid-logitech-dj:hid-logitech-hidpp:hid-lenovo:hid-microsoft:hid_multitouch:jbd:mbcache:ext3:ext4:isofs:fat:nls_cp437:nls_iso8859-1:msdos:vfat:ntfs"} +# Lots of HID modules added to support keyboard input for LUKS password entry; +# Virtio modules added to experiment with liveslak in a VM. +KMODS=${KMODS:-"squashfs:overlay:loop:efivarfs:xhci-pci:ohci-pci:ehci-pci:xhci-hcd:uhci-hcd:ehci-hcd:mmc-core:mmc-block:sdhci:sdhci-pci:sdhci-acpi:rtsx_pci:rtsx_pci_sdmmc:usb-storage:uas:hid:usbhid:i2c-hid:hid-generic:hid-apple:hid-cherry:hid-logitech:hid-logitech-dj:hid-logitech-hidpp:hid-lenovo:hid-microsoft:hid_multitouch:jbd:mbcache:ext3:ext4:zstd_compress:lz4hc_compress:lz4_compress:btrfs:f2fs:jfs:xfs:isofs:fat:nls_cp437:nls_iso8859-1:msdos:vfat:exfat:ntfs:virtio_ring:virtio:virtio_blk:virtio_balloon:virtio_pci:virtio_pci_modern_dev:virtio_net"} # Network kernel modules to include for NFS root support: NETMODS="kernel/drivers/net kernel/drivers/virtio" @@ -237,9 +272,10 @@ NETFIRMWARE="3com acenic adaptec bnx tigon e100 sun kaweth tr_smctr cxgb3 rtl_ni # If any Live variant needs additional 'append' parameters, define them here, # either using a variable name 'KAPPEND_<LIVEDE>', or by defining 'KAPPEND' in the .conf file: KAPPEND_SLACKWARE="" -KAPPEND_KTOWN="threadirqs" -KAPPEND_DAW="threadirqs" -KAPPEND_STUDIOWARE="threadirqs" +KAPPEND_KTOWN="threadirqs loglevel=3 audit=0" +KAPPEND_DAW="threadirqs preempt=full loglevel=3 audit=0" +KAPPEND_LEAN="threadirqs preempt=full loglevel=3 audit=0" +KAPPEND_STUDIOWARE="threadirqs preempt=full loglevel=3 audit=0" # Add CACert root certificates yes/no? ADD_CACERT=${ADD_CACERT:-"NO"} @@ -322,9 +358,9 @@ function cleanup() { umount ${LIVE_ROOTDIR}/sys 2>${DBGOUT} || true umount ${LIVE_ROOTDIR}/proc 2>${DBGOUT} || true umount ${LIVE_ROOTDIR}/dev 2>${DBGOUT} || true - umount ${LIVE_ROOTDIR} 2>${DBGOUT} || true + umount -R ${LIVE_ROOTDIR} 2>${DBGOUT} || true # Need to umount the squashfs modules too: - umount ${LIVE_WORK}/*_$$ 2>${DBGOUT} || true + umount -R ${LIVE_WORK}/*_$$ 2>${DBGOUT} || true rmdir ${LIVE_ROOTDIR} 2>${DBGOUT} rmdir ${LIVE_WORK}/*_$$ 2>${DBGOUT} @@ -412,7 +448,9 @@ function install_pkgs() { fi if [ "${SL_REPO}" = "${DEF_SL_REPO}" ]; then - # We need only one release from the Slackware package mirror; + # SL_REPO was not re-defined in ${PKGCONF}, + # so we are dealing with an actual Slackware repository rootdir. + # We select only the requested release in the Slackware package mirror; # This must *not* end with a '/' : SELECTION="${DISTRO}${DIRSUFFIX}-${SL_VERSION}" else @@ -454,6 +492,16 @@ function install_pkgs() { # REP equal to PKG. # - If PKG is empty then this is a request to remove the package. REP=$(echo $PKGPAT |cut -d% -f1) + if [ "$CORE2RAM" != "NO" ] && [ -z "$(echo $CORE2RAMMODS |grep -w $(basename $PKGFILE .lst))" ]; then + # If we are adding core2ram modules, + # prevent re-installing their packages in another module: + PKGC2R="$(for MYLST in ${CORE2RAMMODS}; do grep "^${PKG}$" ${LIVE_TOOLDIR}/pkglists/${MYLST}.lst ; done)" + unset MYLST + if [ -n "${PKGC2R}" ]; then + # Found a package that is listed as a core2ram module: + continue + fi + fi # Skip installation on detecting a blacklisted package: for BLST in ${BLACKLIST} BLNONE; do if [ "$PKG" == "$BLST" ]; then @@ -461,6 +509,19 @@ function install_pkgs() { break fi done + # Sometimes we want to use a package in 'testing' instead: + for PTST in ${TESTINGLIST} TSTNONE; do + if [ "$PKG" == "$PTST" ]; then + # Found a package to install from 'testing'. + break + fi + done + # Install a SMP kernel/modules if requested: + if [ "${PKG}" = "kernel-generic" ] && [ "$SL_ARCH" != "x86_64" -a "$SMP32" = "YES" ]; then + PKG="kernel-generic-smp" + elif [ "${PKG}" = "kernel-modules" ] && [ "$SL_ARCH" != "x86_64" -a "$SMP32" = "YES" ]; then + PKG="kernel-modules-smp" + fi # Now decide what to do: if [ -z "${PKG}" ]; then # Package removal: @@ -468,17 +529,25 @@ function install_pkgs() { elif [ "${PKG}" == "${BLST}" ]; then echo "-- Not installing blacklisted package '$PKG'." else + if [ "${PKG}" == "${PTST}" ]; then + echo "-- Installing package '$PKG' from 'testing'." + FULLPKG=$(full_pkgname ${PKG} $(dirname ${SL_PKGROOT})/testing) + else + FULLPKG="" + fi # Package install/upgrade: # Look in ./patches ; then ./${DISTRO}$DIRSUFFIX ; then ./extra # Need to escape any '+' in package names such a 'gtk+2'. - if [ ! -z "${SL_PATCHROOT}" ]; then - FULLPKG=$(full_pkgname ${PKG} ${SL_PATCHROOT}) - else - FULLPKG="" + if [ "x${FULLPKG}" = "x" ]; then + if [ ! -z "${SL_PATCHROOT}" ]; then + FULLPKG=$(full_pkgname ${PKG} ${SL_PATCHROOT}) + else + FULLPKG="" + fi fi if [ "x${FULLPKG}" = "x" ]; then FULLPKG=$(full_pkgname ${PKG} ${SL_PKGROOT}) - else + elif [ "${PKG}" != "${PTST}" ]; then echo "-- $PKG found in patches" fi if [ "x${FULLPKG}" = "x" ]; then @@ -510,7 +579,7 @@ function install_pkgs() { done fi - if [ "$TRIM" = "doc" -o "$TRIM" = "mandoc" -o "$TRIM" = "bloat" ]; then + if [ "$TRIM" = "doc" -o "$TRIM" = "mandoc" -o "$TRIM" = "waste" -o "$TRIM" = "bloat" ]; then # Remove undesired (too big for a live OS) document subdirectories, # but leave cups alone because it contains the CUPS service's web page: (cd "${2}/usr/doc" && find . -type d -mindepth 2 -maxdepth 2 |grep -v /cups- |xargs rm -rf) @@ -525,13 +594,14 @@ function install_pkgs() { # Remove info pages: rm -rf "$2"/usr/info fi - if [ "$TRIM" = "mandoc" -o "$TRIM" = "bloat" ]; then + if [ "$TRIM" = "mandoc" -o "$TRIM" = "waste" -o "$TRIM" = "bloat" ]; then # Also remove man pages: rm -rf "$2"/usr/man fi if [ "$TRIM" = "bloat" ]; then # By pruning stuff that no one likely needs anyway, # we make room for packages we would otherwise not be able to add. + # We do this only if your ISO needs to be the smallest possible: # MySQL embedded is only used by Amarok: rm -f "$2"/usr/bin/mysql*embedded* # Also remove the big unused/esoteric static libraries: @@ -565,7 +635,9 @@ function install_pkgs() { rm -rf "$2"/usr/lib${DIRSUFFIX}/d3d rm -rf "$2"/usr/lib${DIRSUFFIX}/guile rm -rf "$2"/usr/share/icons/HighContrast - # Nor these datacenter NIC firmwares and drivers: + fi + if [ "$TRIM" = "waste" -o "$TRIM" = "bloat" ]; then + # Get rid of these datacenter NIC firmwares and drivers: rm -rf "$2"/lib/firmware/{bnx*,cxgb4,libertas,liquidio,mellanox,netronome,qed} rm -rf "$2"/lib/modules/*/kernel/drivers/infiniband rm -rf "$2"/lib/modules/*/kernel/drivers/net/ethernet/{broadcom/bnx*,chelsio,mellanox,netronome,qlogic} @@ -675,6 +747,7 @@ function gen_bootmenu() { -e "s/@VERSION@/$VERSION/g" \ -e "s/@KAPPEND@/$KAPPEND/g" \ -e "s/@C2RMH@/$C2RMH/g" \ + -e "s/@C2RSH@/$C2RMS/g" \ > ${MENUROOTDIR}/vesamenu.cfg for LANCOD in $(cat ${LIVE_TOOLDIR}/languages |grep -Ev "(^ *#|^$)" |cut -d: -f1) @@ -720,6 +793,7 @@ EOL -e "s/@VERSION@/$VERSION/g" \ -e "s/@KAPPEND@/$KAPPEND/g" \ -e "s/@C2RMH@/$C2RMH/g" \ + -e "s/@C2RMS@/$C2RMS/g" \ > ${MENUROOTDIR}/menu_${LANCOD}.cfg # Generate custom language selection submenu for selected keyboard: @@ -750,7 +824,7 @@ function gen_uefimenu() { GRUBDIR="$1" - # Generate the grub menu structure - many files because of the selection tree. + # Generate the grub menu structure. # I expect the directory to exist... but you never know. mkdir -p ${GRUBDIR} @@ -780,12 +854,13 @@ function gen_uefimenu() { -e "s/@VERSION@/$VERSION/g" \ -e "s/@KAPPEND@/$KAPPEND/g" \ -e "s/@C2RMH@/$C2RMH/g" \ + -e "s/@C2RMS@/$C2RMS/g" \ > ${GRUBDIR}/grub.cfg # Set a default keyboard selection: cat <<EOL > ${GRUBDIR}/kbd.cfg # Keyboard selection: -set default = $sl_lang +set default = $sl_kbd EOL @@ -831,6 +906,9 @@ EOL done # Create the timezone selection menu: + # Code used from Slackware script: + # source/a/glibc-zoneinfo/timezone-scripts/output-updated-timeconfig.sh + # Author: Patrick Volkerding <volkerdi@slackware.com> TZDIR="/usr/share/zoneinfo" TZLIST=$(mktemp -t alientz.XXXXXX) if [ ! -f $TZLIST ]; then @@ -838,38 +916,173 @@ EOL cleanup exit 1 fi - # First, create a list of timezones: - # This code taken from Slackware script: - # source/a/glibc-zoneinfo/timezone-scripts/output-updated-timeconfig.sh - # Author: Patrick Volkerding <volkerdi@slackware.com> - # US/ first: - ( cd $TZDIR - find . -type f | xargs file | grep "timezone data" | cut -f 1 -d : | cut -f 2- -d / | sort | grep "^US/" | while read zone ; do - echo "${zone}" >> $TZLIST - done - ) - # Don't list right/ and posix/ zones: - ( cd $TZDIR - find . -type f | xargs file | grep "timezone data" | cut -f 1 -d : | cut -f 2- -d / | sort | grep -v "^US/" | grep -v "^posix/" | grep -v "^right/" | while read zone ; do - echo "${zone}" >> $TZLIST - done - ) - for TZ in $(cat $TZLIST); do - # Add this entry to the keyboard selection menu: + + # Structured tz select instead of dumping them all in one menu: + for TZ in US Africa America Asia Atlantic Australia Etc Europe Pacific; do + # First the submenu for this zone: cat <<EOL >> ${GRUBDIR}/tz.cfg -menuentry "${TZ}" { - set sl_tz="$TZ" +submenu "${TZ} >" { + configfile \$prefix/${TZ}/tz.cfg +} + +EOL + # Then the locations for this zone: + mkdir ${GRUBDIR}/${TZ} + ( cd $TZDIR/$TZ + find . -type f | xargs file | grep "timezone data" | cut -f 1 -d : | cut -f2- -d / | sort | while read LOCN ; do + # Add this entry to the keyboard selection menu: + cat <<EOL >> ${GRUBDIR}/${TZ}/tz.cfg +menuentry "${TZ}/${LOCN}" { + set sl_tz="${TZ}/${LOCN}" export sl_tz configfile \$prefix/grub.cfg } EOL - rm -f $TZLIST - + done + ) done + # Timezone data in rootdirectory follows: + ( cd $TZDIR + find . -type f -mindepth 1 -maxdepth 1 | xargs file | grep "timezone data" | cut -f 1 -d : | cut -f 2- -d / | sort | while read ZONE ; do + # Add this entry to the keyboard selection menu: + cat <<EOL >> ${GRUBDIR}/tz.cfg +menuentry "${ZONE}" { + set sl_tz="$ZONE" + export sl_tz + configfile \$prefix/grub.cfg +} + +EOL + done + ) } # End of gen_uefimenu() + +# +# Add UEFI SecureBoot support: +# +function secureboot() { + # Liveslak uses Fedora's shim (for now), which is signed by + # 'Microsoft UEFI CA' and contains Fedora's CA certificate. + # We sign liveslak's grub and kernel with our own key/certificate pair. + # This means that the user of liveslak will have to enroll liveslak's + # public certificate via MokManager. This needs to be done only once. + + # Note that we use the generic fallback directory /EFI/BOOT/ for the Live ISO + # instead of a custom distro entry for UEFI such as /EFI/BOOT/Slackware/ + # When shim is booted with path /EFI/BOOT/bootx64.efi, and there is a + # Fallback binary (fbx64.efi) , shim will load that one instead of grub, + # so Fallback can create a NVRAM boot entry for a custom distro directory + # (which we do not have) causing a reset boot loop. + # This is why liveslak does not install fbx64.efi. A regular distro should + # install that file in its distro subdirectory! + + SHIM_VENDOR="$1" + [ -z "${SHIM_VENDOR}" ] && SHIM_VENDOR="fedora" + + case $SHIM_VENDOR in + opensuse) GRUB_SIGNED="grub.efi" + ;; + *) GRUB_SIGNED="grubx64.efi" + ;; + esac + mkdir -p ${LIVE_WORK}/shim + cd ${LIVE_WORK}/shim + + echo "-- Signing grub+kernel with '${LIVE_STAGING}/EFI/BOOT/liveslak.pem'." + # Sign grub: + # The Grub EFI image must be renamed appropriately for shim to find it, + # since some distros change the default 'grubx64.efi' filename: + mv -i ${LIVE_STAGING}/EFI/BOOT/bootx64.efi \ + ${LIVE_WORK}/shim/grubx64.efi.unsigned + sbsign --key ${MOKPRIVKEY} --cert ${MOKCERT} \ + --output ${LIVE_STAGING}/EFI/BOOT/${GRUB_SIGNED} \ + ${LIVE_WORK}/shim/grubx64.efi.unsigned + # Sign the kernel: + mv ${LIVE_STAGING}/boot/generic ${LIVE_WORK}/shim/generic.unsigned + sbsign --key ${MOKPRIVKEY} --cert ${MOKCERT} \ + --output ${LIVE_STAGING}/boot/generic \ + ${LIVE_WORK}/shim/generic.unsigned + + if [ "${SHIM_VENDOR}" = "fedora" ]; then + # The version of Fedora's shim package - always use the latest! + SHIM_MAJVER=15.6 + SHIM_MINVER=2 + SHIMSRC="https://kojipkgs.fedoraproject.org/packages/shim/${SHIM_MAJVER}/${SHIM_MINVER}/x86_64/shim-x64-${SHIM_MAJVER}-${SHIM_MINVER}.x86_64.rpm" + echo "-- Downloading/installing the SecureBoot signed shim from Fedora." + wget -q --progress=dot:mega --show-progress ${SHIMSRC} -O - \ + | rpm2cpio - | cpio -dim + echo "" + # Install signed efi files into UEFI BOOT directory of the esp partition: + # The name of the shim in the ISO, *must* be 'bootx64.efi': + install -D -m0644 boot/efi/EFI/fedora/shimx64.efi \ + ${LIVE_STAGING}/EFI/BOOT/bootx64.efi + install -D -m0644 boot/efi/EFI/fedora/mmx64.efi \ + ${LIVE_STAGING}/EFI/BOOT/mmx64.efi + #install -D -m0644 boot/efi/EFI/BOOT/fbx64.efi \ + # ${LIVE_STAGING}/EFI/BOOT/fbx64.efi + elif [ "${SHIM_VENDOR}" = "opensuse" ]; then + SHIM_MAJVER=15.4 + SHIM_MINVER=6.1 + SHIMSRC="https://download.opensuse.org/repositories/openSUSE:/Factory/standard/x86_64/shim-${SHIM_MAJVER}-${SHIM_MINVER}.x86_64.rpm" + echo "-- Downloading/installing the SecureBoot signed shim from openSUSE." + wget -q --progress=dot:mega --show-progress ${SHIMSRC} -O - \ + | rpm2cpio - | cpio -dim + echo "" + # Install signed efi files into UEFI BOOT directory of the esp partition: + # The name of the shim in the ISO, *must* be 'bootx64.efi': + install -D -m0644 usr/share/efi/x86_64/shim-opensuse.efi \ + ${LIVE_STAGING}/EFI/BOOT/bootx64.efi + install -D -m0644 usr/share/efi/x86_64/MokManager.efi \ + ${LIVE_STAGING}/EFI/BOOT/MokManager.efi + #install -D -m0644 usr/share/efi/x86_64/fallback.efi \ + # ${LIVE_STAGING}/EFI/BOOT/fallback.efi + elif [ "${SHIM_VENDOR}" = "debian" ]; then + DEBSHIM_VER=1.40 + DEBMOKM_VER=1 + SHIM_MAJVER=15.7 + SHIM_MINVER=1 + SHIMSRC="http://ftp.de.debian.org/debian/pool/main/s/shim-signed/shim-signed_${DEBSHIM_VER}+${SHIM_MAJVER}-${SHIM_MINVER}_amd64.deb" + MOKMSRC="http://ftp.de.debian.org/debian/pool/main/s/shim-helpers-amd64-signed/shim-helpers-amd64-signed_${DEBMOKM_VER}+${SHIM_MAJVER}+${SHIM_MINVER}_amd64.deb" + echo "-- Downloading the SecureBoot signed shim from Debian." + wget -q --progress=dot:mega --show-progress ${SHIMSRC} + echo "" + echo "-- Installing the SecureBoot signed shim to the ESP." + # Extract discarding any directory structure: + ar p $(basename ${SHIMSRC}) data.tar.xz | tar --xform='s#^.+/##x' -Jxf - \ + ./usr/lib/shim/shimx64.efi.signed + echo "-- Downloading the SecureBoot signed mokmanager from Debian." + wget -q --progress=dot:mega --show-progress ${MOKMSRC} + echo "" + echo "-- Installing the SecureBoot signed mokmanager to the ESP." + # Extract discarding any directory structure: + ar p $(basename ${MOKMSRC}) data.tar.xz | tar --xform='s#^.+/##x' -Jxf - \ + ./usr/lib/shim/fbx64.efi.signed ./usr/lib/shim/mmx64.efi.signed + # Install signed efi files into UEFI BOOT directory of the esp partition: + # The name of the shim in the ISO, *must* be 'bootx64.efi': + install -D -m0644 ./shimx64.efi.signed \ + ${LIVE_STAGING}/EFI/BOOT/bootx64.efi + install -D -m0644 ./mmx64.efi.signed \ + ${LIVE_STAGING}/EFI/BOOT/mmx64.efi + #install -D -m0644 ./fbx64.efi.signed \ + # ${LIVE_STAGING}/EFI/BOOT/fbx64.efi + else + echo ">> A '${SHIM_VENDOR}' shim was requested, but only 'opensuse' 'fedora' or 'debian' shim/mokmanager are supported." + echo ">> Expect trouble ahead." + fi + cd - 1>/dev/null + + ## Write CSV file for the Fallback EFI program so that it knows what to boot: + #echo -n "bootx64.efi,SHIM,,SecureBoot UEFI entry for liveslak" \ + # | iconv -t UCS-2 > ${LIVE_STAGING}/EFI/BOOT/BOOT.CSV + + # Cleanup: + rm -rf ${LIVE_WORK}/shim + +} # End of secureboot() + # # Create an ISO file from a directory's content: # @@ -1026,7 +1239,14 @@ EOT # Now set our wallpaper to be the default. For this to work, we need to link # the name of the default theme to ours, so find out what the default is: - DEF_THEME="$(grep ^defaultWallpaperTheme ${LIVE_ROOTDIR}/usr/share/plasma/desktoptheme/default/metadata.desktop |cut -d= -f2-)" + if [ -f "${LIVE_ROOTDIR}/usr/share/plasma/desktoptheme/default/metadata.desktop" ]; then + # Frameworks before 5.94.0: + THEMEFIL=/usr/share/plasma/desktoptheme/default/metadata.desktop + else + # Frameworks 5.94.0 and newer: + THEMEFIL=/usr/share/plasma/desktoptheme/default/plasmarc + fi + DEF_THEME="$(grep ^defaultWallpaperTheme ${LIVE_ROOTDIR}/${THEMEFIL} |cut -d= -f2-)" mv ${LIVE_ROOTDIR}/usr/share/wallpapers/${DEF_THEME}{,.orig} ln -s ${LIVEDE,,} ${LIVE_ROOTDIR}/usr/share/wallpapers/${DEF_THEME} @@ -1051,19 +1271,31 @@ FillMode=2 Image=file:///usr/share/${LIVEMAIN}/${LIVEDE,,}/background.jpg EOT +# Is a dark theme requested to match the background atmosphere? +if [ -f ${LIVE_TOOLDIR}/media/${LIVEDE,,}/bg/theme ]; then + if [ "$(grep -v '^#' ${LIVE_TOOLDIR}/media/${LIVEDE,,}/bg/theme)" == "dark" ] + then + mkdir -p ${LIVE_ROOTDIR}/home/${LIVEUID}/.config + cat <<EOT > ${LIVE_ROOTDIR}/home/${LIVEUID}/.config/plasmarc +[Theme] +name=breeze-dark +EOT + fi +fi + } # End of plasma5_custom_bg() # --------------------------------------------------------------------------- # Action! # --------------------------------------------------------------------------- -while getopts "a:c:d:efhl:m:r:s:t:vz:CGH:MO:R:X" Option +while getopts "a:c:d:efhl:m:r:s:t:vz:CGH:MO:R:S:X" Option do case $Option in h ) - echo "----------------------------------------------------------------" - echo "make_slackware_live.sh $VERSION" - echo "----------------------------------------------------------------" + echo "----------------------------------------------------------------" + echo "make_slackware_live.sh $VERSION" + echo "----------------------------------------------------------------" echo "Usage:" echo " $0 [OPTION] ..." echo "or:" @@ -1083,6 +1315,7 @@ do echo " KTOWN, MATE, CINNAMON, DLACK, STUDIOWARE." echo " -e Use ISO boot-load-size of 32 for computers." echo " where the ISO won't boot otherwise." + echo " Default value is ${BOOTLOADSIZE}." echo " -f Forced re-generation of all squashfs modules," echo " custom configurations and new initrd.img." echo " -l <localization> Enable a different default localization" @@ -1090,16 +1323,19 @@ do echo " -m pkglst[,pkglst] Add modules defined by pkglists/<pkglst>,..." echo " -r series[,series] Refresh only one or a few package series." echo " -s slackrepo_dir Directory containing ${DISTRO^} repository." - echo " -t <none|doc|mandoc|bloat>" + echo " -t <none|doc|mandoc|waste|bloat>" echo " Trim the ISO (remove man and/or doc and/or bloat)." echo " -v Show debug/error output." echo " -z version Define your ${DISTRO^} version (default: $SL_VERSION)." echo " -C Add RAM-based Console OS to boot menu." - echo " -G Generate ISO file from existing directory tree" + echo " -G Generate ISO file from existing directory tree." echo " -H hostname Hostname of the Live OS (default: $LIVE_HOSTNAME)." echo " -M Add multilib (x86_64 only)." echo " -O outfile Custom filename for the ISO." echo " -R runlevel Runlevel to boot into (default: $RUNLEVEL)." + echo " -S privkey:cert Enable SecureBoot support and sign binaries" + echo " using the full path to colon-separated" + echo " private key and certificate files" echo " -X Use xorriso instead of mkisofs/isohybrid." exit ;; @@ -1120,6 +1356,7 @@ do r ) REFRESH="${OPTARG}" ;; s ) SL_REPO="${OPTARG}" + DEF_SL_REPO="${SL_REPO}" ;; t ) TRIM="${OPTARG}" ;; @@ -1140,6 +1377,12 @@ do ;; R ) RUNLEVEL=${OPTARG} ;; + S ) MOKPRIVKEY=$(readlink -f $(echo ${OPTARG} |cut -d: -f1)) + MOKCERT=$(readlink -f $(echo ${OPTARG} |cut -d: -f2)) + TEMP_3RDP=$(echo ${OPTARG} |cut -d: -f3) + [ -n "${TEMP_3RDP}" ] && SHIM_3RDP=${TEMP_3RDP} + unset TEMP_3RDP + ;; X ) USEXORR="YES" ;; * ) echo "You passed an illegal switch to the program!" @@ -1184,6 +1427,16 @@ if [ "$SL_ARCH" != "x86_64" -a "$MULTILIB" = "YES" ]; then exit 1 fi +if [ -n "${MOKPRIVKEY}" ] && [ -n "${MOKCERT}" ]; then + if [ -f ${MOKPRIVKEY} ] && [ -f ${MOKCERT} ]; then + echo "-- Enabling SecureBoot support (${SHIM_3RDP} shim)." + SECUREBOOT=1 + else + echo ">> SecureBoot can not be enabled; MOK key and/or cert not found." + exit 1 + fi +fi + # Determine which module sequence we have to build: case "$LIVEDE" in SLACKWARE) MSEQ="${SEQ_SLACKWARE}" ;; @@ -1204,20 +1457,18 @@ case "$LIVEDE" in ;; esac -if [ "${CORE2RAM}" == "YES" ] || [ "${LIVEDE}" == "XFCE" ] || [ "${LIVEDE}" == "LEAN" ] || [ "${LIVEDE}" == "DAW" ] ; then - # For now, allow CORE2RAM only for the variants that actually - # have the required modules in their system list. - # TODO: create these modules separately in the 'core2ram' subdirectory. - for MY_MOD in ${CORE2RAMMODS} ; do - if ! echo ${MSEQ} | grep -wq ${MY_MOD} ; then - echo ">> Modules required for Core RAM-based OS (${CORE2RAMMODS}) not available." - exit 1 - fi - done - # Whether to hide the Core OS menu on boot yes or no: - C2RMH="#" +if [ "${MSEQ#pkglist:${CORE2RAMMODS/ /,}}" != "${MSEQ}" ]; then + # This live ISO contains core2ram modules out of the box: + echo "-- Native core2ram." + CORE2RAM="NATIVE" +fi +if [ "${CORE2RAM}" != "NO" ]; then + # Whether to show the Core OS menu in syslinux/grub on boot yes/no: + C2RMH="#" # syslinux + C2RMS="" # grub else - C2RMH="" + C2RMH="" # syslinux + C2RMS="#" # grub fi if ! cat ${LIVE_TOOLDIR}/languages |grep -Ev '(^ *#|^$)' |grep -q ^${DEF_LANG}: @@ -1260,7 +1511,11 @@ DEF_SL_PATCHROOT=${SL_PATCHROOT} # Are all the required add-on tools present? [ "$USEXORR" = "NO" ] && ISOGEN="mkisofs isohybrid" || ISOGEN="xorriso" PROG_MISSING="" -for PROGN in mksquashfs unsquashfs grub-mkfont grub-mkimage syslinux $ISOGEN installpkg upgradepkg keytab-lilo rsync mkdosfs ; do +REQTOOLS="mksquashfs unsquashfs grub-mkfont grub-mkimage syslinux $ISOGEN installpkg upgradepkg keytab-lilo rsync wget mkdosfs" +if [ $SECUREBOOT -eq 1 ]; then + REQTOOLS="${REQTOOLS} openssl sbsign" +fi +for PROGN in ${REQTOOLS} ; do if ! which $PROGN 1>/dev/null 2>/dev/null ; then PROG_MISSING="${PROG_MISSING}-- $PROGN\n" fi @@ -1304,20 +1559,30 @@ else RSYNCREP=" " fi -# What to trim from the ISO file (none, doc, mandoc, bloat): +# What to trim from the ISO file (none, doc, mandoc, waste, bloat): if [ "${LIVEDE}" == "XFCE" ] ; then - TRIM=${TRIM:-"bloat"} + TRIM=${TRIM:-"waste"} elif [ "${LIVEDE}" == "LEAN" ] ; then TRIM=${TRIM:-"doc"} else TRIM=${TRIM:-"none"} fi +# Determine additional boot parameters to be added: +if [ -z "${KAPPEND}" ]; then + eval KAPPEND=\$KAPPEND_${LIVEDE} +fi + # Determine possible blacklist to use: if [ -z "${BLACKLIST}" ]; then eval BLACKLIST=\$BLACKLIST_${LIVEDE} fi +# Determine possible package list from 'testing' to use: +if [ -z "${TESTINGLIST}" ]; then + eval TESTINGLIST=\$TESTINGLIST_${LIVEDE} +fi + # Create output directory for image file: mkdir -p "${OUTPUT}" if [ $? -ne 0 ]; then @@ -1339,7 +1604,7 @@ fi if [ "$FORCE" = "YES" ]; then echo "-- Removing old files and directories!" umount ${LIVE_ROOTDIR}/{proc,sys,dev} 2>${DBGOUT} || true - umount ${LIVE_ROOTDIR} 2>${DBGOUT} || true + umount -R ${LIVE_ROOTDIR} 2>${DBGOUT} || true rm -rf ${LIVE_STAGING}/${LIVEMAIN} ${LIVE_WORK} ${LIVE_ROOTDIR} fi @@ -1377,6 +1642,18 @@ RODIRS="${LIVE_BOOT}" # Create the verification file for the install_pkgs function: echo "${THEDATE} (${BUILDER})" > ${LIVE_BOOT}/${MARKER} +# Do we need to add core2ram modules: +if [ "$CORE2RAM" == "YES" ]; then + echo "-- Adding core2ram." + MSEQ="pkglist:${CORE2RAMMODS/ /,} ${MSEQ}" +fi + +# Do we need to include secureboot module? +if [ $SECUREBOOT -eq 1 ]; then + echo "-- Adding secureboot module." + MSEQ="${MSEQ} pkglist:secureboot" +fi + # Do we need to create/include additional module(s) defined by a pkglist: if [ -n "$SEQ_ADDMOD" ]; then echo "-- Adding ${SEQ_ADDMOD}." @@ -1410,6 +1687,10 @@ for MSUBSEQ in ${MSEQ} ; do local) MNUM="0030" ;; *) echo "** Unknown package source '$MTYPE'"; exit 1 ;; esac + # For an explicitly added core2ram module, re-assign a lower prefix: + if [ "$CORE2RAM" == "YES" ] && [ "${SL_SERIES}" == "${CORE2RAMMODS}" ]; then + MNUM="0005" + fi for SPS in ${SL_SERIES} ; do @@ -1427,14 +1708,14 @@ for SPS in ${SL_SERIES} ; do echo "${THEDATE} (${BUILDER})" > ${INSTDIR}/${MARKER} echo "-- Installing the '${SPS}' series." - umount ${LIVE_ROOTDIR} 2>${DBGOUT} || true + umount -R ${LIVE_ROOTDIR} 2>${DBGOUT} || true mount -t overlay -o lowerdir=${RODIRS},upperdir=${INSTDIR},workdir=${LIVE_OVLDIR} overlay ${LIVE_ROOTDIR} # Install the package series: install_pkgs ${SPS} ${LIVE_ROOTDIR} ${MTYPE} - umount ${LIVE_ROOTDIR} || true + umount -R ${LIVE_ROOTDIR} || true - if [ "$SPS" = "a" -o "$SPS" = "${MINLIST}" ]; then + if [ "$SPS" = "a" -a "$CORE2RAM" = "NO" ] || [ "$SPS" = "${MINLIST}" ]; then # We need to take care of a few things first: if [ "$SL_ARCH" = "x86_64" -o "$SMP32" = "NO" ]; then @@ -1501,7 +1782,7 @@ mkdir -p ${INSTDIR} echo "-- Configuring the base system." # -------------------------------------------------------------------------- # -umount ${LIVE_ROOTDIR} 2>${DBGOUT} || true +umount -R ${LIVE_ROOTDIR} 2>${DBGOUT} || true mount -t overlay -o lowerdir=${RODIRS},upperdir=${INSTDIR},workdir=${LIVE_OVLDIR} overlay ${LIVE_ROOTDIR} # Determine the kernel version in the Live OS: @@ -1526,6 +1807,7 @@ sed -e "s/^\(127.0.0.1\t*\)darkstar.*/\1${LIVE_HOSTNAME}.home.arpa ${LIVE_HOSTNA cat <<EOT >> ${LIVE_ROOTDIR}/etc/resolv.conf nameserver 8.8.4.4 nameserver 8.8.8.8 +nameserver 1.1.1.1 EOT @@ -1543,7 +1825,7 @@ echo "LANG=${DEF_LOCALE}" > ${LIVE_ROOTDIR}/etc/locale.conf echo "KEYMAP=${DEF_KBD}" > ${LIVE_ROOTDIR}/etc/vconsole.conf # Set timezone to UTC, mimicking the 'timeconfig' script in Slackware: -ln -s /usr/share/zoneinfo/UTC ${LIVE_ROOTDIR}/etc/localtime +ln -sf /usr/share/zoneinfo/UTC ${LIVE_ROOTDIR}/etc/localtime # Could be absent so 'rm -f' to avoid script aborts: rm -f ${LIVE_ROOTDIR}/etc/localtime-copied-from @@ -1618,6 +1900,16 @@ none / tmpfs defaults 1 1 EOT +# Pipewire 1.0.0 is capable of replacing pulseaudio and jack2: +if chroot ${LIVE_ROOTDIR} /usr/bin/pkg-config libpipewire-0.3 --atleast-version=1 +then + # Make pipewire the default, kill pulseaudio: + if [ -x ${LIVE_ROOTDIR}/usr/sbin/pipewire-enable.sh ]; then + echo "-- Enabling pipewire" + chroot ${LIVE_ROOTDIR} /usr/sbin/pipewire-enable.sh + fi +fi + # Prevent loop devices (sxz modules) from appearing in filemanagers: mkdir -p ${LIVE_ROOTDIR}/etc/udev/rules.d cat <<EOL > ${LIVE_ROOTDIR}/etc/udev/rules.d/11-local.rules @@ -1671,9 +1963,20 @@ fi # Configure sudoers: chmod 640 ${LIVE_ROOTDIR}/etc/sudoers +# Slackware 14.2: sed -i ${LIVE_ROOTDIR}/etc/sudoers -e 's/# *\(%wheel\sALL=(ALL)\sALL\)/\1/' +# Slackware 15.0: +sed -i ${LIVE_ROOTDIR}/etc/sudoers -e 's/# *\(%wheel\sALL=(ALL:ALL)\sALL\)/\1/' chmod 440 ${LIVE_ROOTDIR}/etc/sudoers +# Also treat members of the 'wheel' group as admins next to root: +mkdir -p ${LIVE_ROOTDIR}/etc/polkit-1/rules.d +cat <<EOT > ${LIVE_ROOTDIR}/etc/polkit-1/rules.d/10-wheel-admin.rules +polkit.addAdminRule(function(action, subject) { + return ["unix-group:wheel"]; +}); +EOT + # Add some convenience to the bash shell: mkdir -p ${LIVE_ROOTDIR}/etc/skel/ cat << "EOT" > ${LIVE_ROOTDIR}/etc/skel/.bashrc @@ -1778,7 +2081,7 @@ EOT -i ${LIVE_ROOTDIR}/etc/NetworkManager/conf.d/00-dhcp-client.conf else - # Use Slackware's own network configurion routing for eth0 in the base image: + # Use Slackware's own network configuration routing for eth0 in base image: cat <<EOT > ${LIVE_ROOTDIR}/etc/rc.d/rc.inet1.conf IFNAME[0]="eth0" IPADDR[0]="" @@ -1813,6 +2116,10 @@ EOT echo "-- Creating slackpkg cache, takes a few seconds..." chroot "${LIVE_ROOTDIR}" /bin/bash <<EOSL 2>${DBGOUT} +# Rebuild SSL certificate database to prevent GPG verification errors +# which are in fact triggered by SSL certificate errors: +/usr/sbin/update-ca-certificates --fresh 1>/dev/null + if [ -f var/log/packages/slackpkg+-* ] ; then cat <<EOPL > etc/slackpkg/slackpkgplus.conf SLACKPKGPLUS=on @@ -1823,7 +2130,7 @@ WGETOPTS="--timeout=20 --tries=2" GREYLIST=on PKGS_PRIORITY=( restricted alienbob ktown mate ) REPOPLUS=( slackpkgplus restricted alienbob ktown mate ) -MIRRORPLUS['slackpkgplus']=http://slakfinder.org/slackpkg+/ +MIRRORPLUS['slackpkgplus']=https://slackware.nl/slackpkgplus/ MIRRORPLUS['restricted']=http://slackware.nl/people/alien/restricted_sbrepos/${SL_VERSION}/${SL_ARCH}/ MIRRORPLUS['alienbob']=http://slackware.nl/people/alien/sbrepos/${SL_VERSION}/${SL_ARCH}/ MIRRORPLUS['mate']=http://slackware.uk/msb/${SL_VERSION}/latest/${SL_ARCH}/ @@ -1850,8 +2157,8 @@ if [ "${SL_VERSION}" = "current" ]; then touch /var/lib/slackpkg/current fi -ARCH=${SL_ARCH} /usr/sbin/slackpkg -batch=on update gpg -ARCH=${SL_ARCH} /usr/sbin/slackpkg -batch=on update +ARCH=${SL_ARCH} /usr/sbin/slackpkg -batch=on -default_answer=y update gpg +ARCH=${SL_ARCH} /usr/sbin/slackpkg -batch=on -default_answer=y update # Let any lingering .new files replace their originals: yes o | ARCH=${SL_ARCH} /usr/sbin/slackpkg new-config @@ -1859,7 +2166,7 @@ EOSL # Add our scripts to the Live OS: mkdir -p ${LIVE_ROOTDIR}/usr/local/sbin -install -m0755 ${LIVE_TOOLDIR}/makemod ${LIVE_TOOLDIR}/iso2usb.sh ${LIVE_TOOLDIR}/upslak.sh ${LIVE_ROOTDIR}/usr/local/sbin/ +install -m0755 ${LIVE_TOOLDIR}/makemod ${LIVE_TOOLDIR}/iso2usb.sh ${LIVE_TOOLDIR}/isocomp.sh ${LIVE_TOOLDIR}/upslak.sh ${LIVE_ROOTDIR}/usr/local/sbin/ # Add PXE Server infrastructure: mkdir -p ${LIVE_ROOTDIR}/var/lib/tftpboot/pxelinux.cfg @@ -1878,6 +2185,7 @@ cat ${LIVE_TOOLDIR}/pxeserver.tpl | sed \ -e "s/@LIVEDE@/$LIVEDE/g" \ -e "s/@LIVEMAIN@/$LIVEMAIN/g" \ -e "s/@MARKER@/$MARKER/g" \ + -e "s/@KAPPEND@/$KAPPEND/g" \ -e "s/@SL_VERSION@/$SL_VERSION/g" \ -e "s/@VERSION@/$VERSION/g" \ > ${LIVE_ROOTDIR}/usr/local/sbin/pxeserver @@ -1953,7 +2261,7 @@ if [ -f ${DEF_SL_PKGROOT}/../isolinux/initrd.img ]; then -e '/.\/var\/log\/setup\/$SCRIPT $T_PX $ROOT_DEVICE/i # Skip stuff that was taken care of by liveslak\nif [ -f $TMP/SeTlive ] && echo $SCRIPT |grep -qE "(make-bootdisk|mouse|setconsolefont|xwmconfig)"; then true; else' \ -e '/.\/var\/log\/setup\/$SCRIPT $T_PX $ROOT_DEVICE/a fi' # Add the Slackware Live HD installer scripts: - for USCRIPT in SeTuacct SeTudiskpart SeTumedia SeTupass SeTpasswd setup.liveslak setup.slackware ; do + for USCRIPT in SeTuacct SeTudiskpart SeTumedia SeTupass SeTpasswd SeTfirewall rc.firewall setup.liveslak setup.slackware ; do cat ${LIVE_TOOLDIR}/setup2hd/${USCRIPT}.tpl | sed \ -e "s/@DIRSUFFIX@/$DIRSUFFIX/g" \ -e "s/@DISTRO@/$DISTRO/g" \ @@ -2018,7 +2326,7 @@ mkdir -p ${LIVE_ROOTDIR}/usr/doc/liveslak-${VERSION} install -m0644 ${LIVE_TOOLDIR}/README* ${LIVE_ROOTDIR}/usr/doc/liveslak-${VERSION}/ mkdir -p ${LIVE_ROOTDIR}/usr/doc/${DISTRO}${DIRSUFFIX}-${SL_VERSION} install -m0644 \ - ${DEF_SL_PKGROOT}/../{CHANGES_AND_HINTS,COPY,README,RELEASE_NOTES,*HOWTO}* \ + ${DEF_SL_PKGROOT}/../{ANNOUNCE,CHANGES_AND_HINTS,COPY,CRYPTO,README,RELEASE_NOTES,SPEAK,*HOWTO,UPGRADE}* \ ${DEF_SL_PKGROOT}/../usb-and-pxe-installers/README* \ ${LIVE_ROOTDIR}/usr/doc/${DISTRO}${DIRSUFFIX}-${SL_VERSION}/ @@ -2029,14 +2337,6 @@ echo "-- Configuring the X base system." # Reduce the number of local consoles, two should be enough: sed -i -e '/^c3\|^c4\|^c5\|^c6/s/^/# /' ${LIVE_ROOTDIR}/etc/inittab -# Also treat members of the 'wheel' group as admins next to root: -mkdir -p ${LIVE_ROOTDIR}/etc/polkit-1/rules.d -cat <<EOT > ${LIVE_ROOTDIR}/etc/polkit-1/rules.d/10-wheel-admin.rules -polkit.addAdminRule(function(action, subject) { - return ["unix-group:wheel"]; -}); -EOT - # Give the 'live' user a face: if [ -f "${LIVE_TOOLDIR}/media/${LIVEDE,,}/icons/default.png" ]; then # Use custom face icon if available for the Live variant: @@ -2071,9 +2371,10 @@ fi # missing modules: echo "mode: blank" > ${LIVE_ROOTDIR}/home/${LIVEUID}/.xscreensaver -# Make the EmojiOne TTF font universally available: -mkdir -p ${LIVE_ROOTDIR}/etc/fonts -cat << EOT > ${LIVE_ROOTDIR}/etc/fonts/local.conf +if [ -x ${LIVE_ROOTDIR}/usr/bin/fc-cache ]; then + # Make the EmojiOne TTF font universally available: + mkdir -p ${LIVE_ROOTDIR}/etc/fonts + cat << EOT > ${LIVE_ROOTDIR}/etc/fonts/local.conf <?xml version="1.0"?> <!DOCTYPE fontconfig SYSTEM "fonts.dtd"> <!-- /etc/fonts/local.conf file to customize system font access --> @@ -2082,7 +2383,8 @@ cat << EOT > ${LIVE_ROOTDIR}/etc/fonts/local.conf <dir>/usr/lib${DIRSUFFIX}/firefox/fonts</dir> </fontconfig> EOT -chroot ${LIVE_ROOTDIR} fc-cache -f + chroot ${LIVE_ROOTDIR} fc-cache -f +fi # Allow direct scanning via xsane (no temporary intermediate files) in Gimp: if [ ! -L ${LIVE_ROOTDIR}/usr/lib${DIRSUFFIX}/gimp/2.0/plug-ins/xsane ]; then @@ -2152,12 +2454,36 @@ for SKEL in ${LIVE_TOOLDIR}/skel/skel*.txz ; do done if [ "$LIVEDE" = "XFCE" ]; then - # Since the XFCE ISO no longer has xpdf, use Firefox as the PDF viewer: + # Since the XFCE ISO no longer has xpdf, use Firefox as the PDF viewer + # if that is present: mkdir -p ${LIVE_ROOTDIR}/etc/skel/.config - cat << EOF > ${LIVE_ROOTDIR}/etc/skel/.config/mimeapps.list + if [ -f ${LIVE_ROOTDIR}/usr/bin/firefox ]; then + cat << EOF > ${LIVE_ROOTDIR}/etc/skel/.config/mimeapps.list [Default Applications] application/pdf=mozilla-firefox.desktop EOF + else + # If firefox is not present, we hope that seamonkey is there; + # you won't have a PDF viewer in that case unfortunately, but you could + # download https://github.com/IsaacSchemm/pdf.js-seamonkey : + cat << EOF > ${LIVE_ROOTDIR}/etc/skel/.config/mimeapps.list +[Default Applications] +x-scheme-handler/http=seamonkey.desktop +x-scheme-handler/https=seamonkey.desktop +x-scheme-handler/ftp=seamonkey.desktop +x-scheme-handler/chrome=seamonkey.desktop +x-scheme-handler/mailto=seamonkey-mail.desktop +text/html=seamonkey.desktop + +[Added Associations] +x-scheme-handler/http=xfce4-web-browser.desktop;seamonkey.desktop; +x-scheme-handler/https=xfce4-web-browser.desktop;seamonkey.desktop; +x-scheme-handler/ftp=seamonkey.desktop; +x-scheme-handler/chrome=seamonkey.desktop; +x-scheme-handler/mailto=seamonkey.desktop; +text/html=seamonkey.desktop; +EOF + fi fi @@ -2271,14 +2597,14 @@ EOT fi # End KDE4 -# Only configure for Plasma5 if it is actually installed: -if [ -d ${LIVE_ROOTDIR}/usr/lib${DIRSUFFIX}/kf5 ]; then +# Only configure for KDE Plasma if it is actually installed: +if [ -d ${LIVE_ROOTDIR}/usr/lib${DIRSUFFIX}/libexec/kf5 ] || [ -d ${LIVE_ROOTDIR}/usr/lib${DIRSUFFIX}/libexec/kf6 ] ; then # -------------------------------------------------------------------------- # - echo "-- Configuring Plasma5." + echo "-- Configuring Plasma Desktop." # -------------------------------------------------------------------------- # - # This section is for any Plasma5 based variant. + # This section is for any Plasma based variant. # Install a custom login/desktop/lock background if an image is present: plasma5_custom_bg @@ -2287,7 +2613,7 @@ if [ -d ${LIVE_ROOTDIR}/usr/lib${DIRSUFFIX}/kf5 ]; then rm -f ${LIVE_ROOTDIR}/usr/share/xsessions/openbox-session.desktop || true # Remove the buggy mediacenter session: rm -f ${LIVE_ROOTDIR}/usr/share/xsessions/plasma-mediacenter.desktop || true - # Remove non-functional wayland session: + # Remove non-functional Qt5 wayland session: if [ ! -f ${LIVE_ROOTDIR}/usr/lib${DIRSUFFIX}/qt5/bin/qtwaylandscanner ]; then rm -f ${LIVE_ROOTDIR}/usr/share/wayland-sessions/plasmawayland.desktop || true @@ -2300,6 +2626,12 @@ if [ -d ${LIVE_ROOTDIR}/usr/lib${DIRSUFFIX}/kf5 ]; then # Set the OS name to "Slackware Live" in "System Information": echo "Name=${DISTRO^} Live" >> ${LIVE_ROOTDIR}/etc/kde/xdg/kcm-about-distrorc + # Use os-release's VERSION (default=false means: use VERSION_ID) + echo "UseOSReleaseVersion=true" >> ${LIVE_ROOTDIR}/etc/kde/xdg/kcm-about-distrorc + if [ "${SL_VERSION}" = "current" ]; then + # Some more detail on development release: + echo "Variant=Post-stable development (-current)" >> ${LIVE_ROOTDIR}/etc/kde/xdg/kcm-about-distrorc + fi # Set sane SDDM defaults on first boot (root-owned file): mkdir -p ${LIVE_ROOTDIR}/var/lib/sddm @@ -2327,6 +2659,18 @@ EOT super-user-command=sudo KDESU_EOF + # For the above to work in Plasma with newer versions of sudo (since 2022), + # we need the following also. KDE fixed this in git on 04-aug-2023, see + # https://bugs.kde.org/show_bug.cgi?id=452532 but it does not hurt to have + # it here, and it helps to support older KDE releases: + if [ -x ${LIVE_ROOTDIR}/usr/lib*/libexec/kf5/kdesu_stub ]; then + mkdir -p ${LIVE_ROOTDIR}/etc/sudoers.d + chmod 750 ${LIVE_ROOTDIR}/etc/sudoers.d + cat <<KDESU_EOF2 >${LIVE_ROOTDIR}/etc/sudoers.d/kdesu +Defaults!/usr/lib*/libexec/kf5/kdesu_stub !use_pty +KDESU_EOF2 + fi + # Set akonadi backend: cat <<AKONADI_EOF >${LIVE_ROOTDIR}/etc/skel/.config/akonadi/akonadiserverrc [%General] @@ -2389,8 +2733,9 @@ Zonetab=/usr/share/zoneinfo/zone.tab EOTZ # Make sure that Plasma and SDDM work on older GPUs, - # by forcing Qt5 to use software GL rendering: - cat <<"EOGL" >> ${LIVE_ROOTDIR}/usr/share/sddm/scripts/Xsetup + # by forcing Qt to use software GL rendering: + if ! grep -q QT_XCB_FORCE_SOFTWARE_OPENGL ${LIVE_ROOTDIR}/usr/share/sddm/scripts/Xsetup ; then + cat <<"EOGL" >> ${LIVE_ROOTDIR}/usr/share/sddm/scripts/Xsetup OPENGL_VERSION=$(LANG=C glxinfo |grep '^OpenGL version string: ' |head -n 1 |sed -e 's/^OpenGL version string: \([0-9]\).*$/\1/g') if [ "$OPENGL_VERSION" -lt 2 ]; then @@ -2399,11 +2744,24 @@ if [ "$OPENGL_VERSION" -lt 2 ]; then fi EOGL + fi + + # Make Wayland instead of X11 the default for SDDM; + # leave commented-out for now: + mkdir -p ${LIVE_ROOTDIR}/etc/sddm.conf.d + cat << EOW > ${LIVE_ROOTDIR}/etc/sddm.conf.d/plasma-wayland.conf +#[General] +#DisplayServer=wayland +#GreeterEnvironment=QT_WAYLAND_SHELL_INTEGRATION=layer-shell +# +#[Wayland] +#CompositorCommand=kwin_wayland --drm --inputmethod qtvirtualkeyboard --no-global-shortcuts --no-lockscreen --locale1 +EOW # Workaround a bug where SDDM does not always use the configured keymap: echo "setxkbmap" >> ${LIVE_ROOTDIR}/usr/share/sddm/scripts/Xsetup - # Do not show the blueman applet, Plasma5 has its own BlueTooth widget: + # Do not show the blueman applet, Plasma has its own BlueTooth widget: echo "NotShowIn=KDE;" >> ${LIVE_ROOTDIR}/etc/xdg/autostart/blueman.desktop # Set QtWebkit as the Konqueror rendering engine if available: @@ -2421,21 +2779,53 @@ EOT mkdir -p ${LIVE_ROOTDIR}/etc/profile.d cat <<EOT > ${LIVE_ROOTDIR}/etc/profile.d/kwayland.sh #!/bin/sh -# Force the usage of XCB platform on Qt5 applications: +# Force the usage of XCB platform on Qt applications: export QT_QPA_PLATFORM=xcb # Force the usage of X11 platform for GDK applications: export GDK_BACKEND=x11 EOT cat <<EOT > ${LIVE_ROOTDIR}/etc/profile.d/kwayland.csh #!/bin/csh -# Force the usage of XCB platform on Qt5 applications: +# Force the usage of XCB platform on Qt applications: setenv QT_QPA_PLATFORM xcb # Force the usage of X11 platform for GDK applications: setenv GDK_BACKEND x11 EOT chmod 755 ${LIVE_ROOTDIR}/etc/profile.d/kwayland.* -fi # End Plasma5 +# Ensure that color Emojis work in Qt applications: +mkdir -p ${LIVE_ROOTDIR}/usr/share/fontconfig/conf.avail +cat <<EOT >${LIVE_ROOTDIR}/usr/share/fontconfig/conf.avail/99-noto-mono-color-emoji.conf: +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE fontconfig SYSTEM "fonts.dtd"> +<fontconfig> + <alias> + <family>serif</family> + <prefer> + <family>Noto Color Emoji</family> + </prefer> + </alias> + <alias> + <family>sans-serif</family> + <prefer> + <family>Noto Color Emoji</family> + </prefer> + </alias> + <alias> + <family>monospace</family> + <prefer> + <family>Noto Color Emoji</family> + </prefer> + </alias> +</fontconfig> +EOT + + if [ "$LIVEDE" = "DAW" ] || [ "$LIVEDE" = "LEAN" ]; then + # These lean installations do not support Wayland graphical sessions: + rm -rf ${LIVE_ROOTDIR}/usr/share/wayland-sessions + fi + +fi # End Plasma if [ "$LIVEDE" = "DLACK" ]; then @@ -2531,8 +2921,13 @@ EOT # Autostart qjackctl: mkdir -p ${LIVE_ROOTDIR}/home/${LIVEUID}/.config/autostart - cp -a ${LIVE_ROOTDIR}/usr/share/applications/qjackctl.desktop \ - ${LIVE_ROOTDIR}/home/${LIVEUID}/.config/autostart + if [ -f ${LIVE_ROOTDIR}/usr/share/applications/org.rncbc.qjackctl.desktop ]; then + QJCDF=/usr/share/applications/org.rncbc.qjackctl.desktop + else + QJCDF=/usr/share/applications/qjackctl.desktop + fi + cp -a ${LIVE_ROOTDIR}/${QJCDF} \ + ${LIVE_ROOTDIR}/home/${LIVEUID}/.config/autostart/ # Add all our programs into their own submenu Applications>Multimedia>DAW # to avoid clutter in the Multimedia menu. We will use a custom category @@ -2574,6 +2969,12 @@ EOT ln -s /usr/share/vcvrack/$(basename ${PLUGIN}) ${LIVE_ROOTDIR}/home/${LIVEUID}/.Rack/plugins-v1/ done + # The new Kickoff application launcher that replaced the old Kickoff, + # does not adhere to the XDG Desktop standards. + # Therefore we will switch the DAW desktop to Kicker instead, to preserve + # our 'Slackware DAW' menu structure in the 'Multimedia' menu: + sed -e 's/kickoff/kicker/g' -i ${LIVE_ROOTDIR}/usr/share/plasma/layout-templates/org.kde.plasma.desktop.defaultPanel/contents/layout.js + fi # End LIVEDE = DAW if [ "$LIVEDE" = "STUDIOWARE" ]; then @@ -2844,12 +3245,14 @@ touch ${LIVE_ROOTDIR}/etc/fastboot # We will not write to the hardware clock: sed -i -e '/systohc/s/^/# /' ${LIVE_ROOTDIR}/etc/rc.d/rc.6 +# Don't try to re-mount our squashfs and overlay filesystems: +sed -e 's/^ *SKIPFS="no/&squashfs,nooverlay,no/' \ + -i ${LIVE_ROOTDIR}/etc/rc.d/rc.S + # Run some package setup scripts (usually run by the slackware installer), # as well as some of the delaying commands in rc.M and rc.modules: -chroot ${LIVE_ROOTDIR} /bin/bash <<EOCR -# Rebuild SSL certificate database: -/usr/sbin/update-ca-certificates --fresh 1>/dev/null 2>${DBGOUT} +chroot ${LIVE_ROOTDIR} /bin/bash <<EOCR # Run bits from rc.M so we won't need to run them again in the live system: /sbin/depmod $KVER /sbin/ldconfig @@ -2956,6 +3359,10 @@ if [ -x ${LIVE_ROOTDIR}/etc/cron.daily/mlocate ]; then else LOCATE_BIN=slocate fi +# Mlocate needs a mounted /proc in the chroot: +if ! mount | grep -q 'on ${LIVE_ROOTDIR}/proc' ; then + mount --bind /proc ${LIVE_ROOTDIR}/proc +fi chroot ${LIVE_ROOTDIR} /etc/cron.daily/${LOCATE_BIN} 2>${DBGOUT} # ----------------------------------------------------------------------------- @@ -2963,7 +3370,7 @@ chroot ${LIVE_ROOTDIR} /etc/cron.daily/${LOCATE_BIN} 2>${DBGOUT} # ----------------------------------------------------------------------------- # Squash the configuration into its own module: -umount ${LIVE_ROOTDIR} 2>${DBGOUT} || true +umount -R ${LIVE_ROOTDIR} 2>${DBGOUT} || true mksquashfs ${INSTDIR} ${LIVE_MOD_SYS}/0099-${DISTRO}_zzzconf-${SL_VERSION}-${SL_ARCH}.sxz -noappend -comp ${SQ_COMP} ${SQ_COMP_PARAMS} rm -rf ${INSTDIR}/* @@ -2983,7 +3390,7 @@ unset INSTDIR # ----------------------------------------------------------------------------- echo "-- Preparing the system for live booting." -umount ${LIVE_ROOTDIR} 2>${DBGOUT} || true +umount -R ${LIVE_ROOTDIR} 2>${DBGOUT} || true mount -t overlay -o lowerdir=${RODIRS%:*},upperdir=${LIVE_BOOT},workdir=${LIVE_OVLDIR} overlay ${LIVE_ROOTDIR} mount --bind /proc ${LIVE_ROOTDIR}/proc @@ -2999,6 +3406,10 @@ else KVER=$(ls --indicator-style=none ${LIVE_ROOTDIR}/lib/modules/ |grep smp |head -1) fi +# Determine Slackware's GRUB version and build (we will use this later): +GRUBVER=$(find ${DEF_SL_PKGROOT}/../ -name "grub-*.t?z" |rev |cut -d- -f3 |rev) +GRUBBLD=$(find ${DEF_SL_PKGROOT}/../ -name "grub-*.t?z" |rev |cut -d- -f1 |cut -d. -f2 |rev) + # Create an initrd for the generic kernel, using a modified init script: echo "-- Creating initrd for kernel-generic $KVER ..." chroot ${LIVE_ROOTDIR} /sbin/mkinitrd -c -w ${WAIT} -l us -o /boot/initrd_${KVER}.img -k ${KVER} -m ${KMODS} -L -C dummy 1>${DBGOUT} 2>${DBGOUT} @@ -3030,6 +3441,12 @@ tar -C ${LIVE_ROOTDIR}/boot/initrd-tree/ -xf ${DHCPD_PKG} \ var/lib/dhcpcd lib/dhcpcd sbin/dhcpcd usr/lib${DIRSUFFIX}/dhcpcd \ etc/dhcpcd.conf.new mv ${LIVE_ROOTDIR}/boot/initrd-tree/etc/dhcpcd.conf{.new,} +# Create the dhcpcd account because we added the package to the initrd: +if ! grep -q dhcpcd ${LIVE_ROOTDIR}/boot/initrd-tree/etc/passwd; then + echo "dhcpcd:x:68:68:User for dhcpcd:/var/lib/dhcpcd:/bin/false" >> ${LIVE_ROOTDIR}/boot/initrd-tree/etc/passwd + echo "dhcpcd:x:68:" >> ${LIVE_ROOTDIR}/boot/initrd-tree/etc/group +fi + # Add getfattr to read extended attributes (even if we won't need it): ATTR_PKG=$(find ${DEF_SL_PKGROOT}/../ -name "attr-*.t?z" |head -1) tar --wildcards -C ${LIVE_ROOTDIR}/boot/initrd-tree/ -xf ${ATTR_PKG} \ @@ -3042,22 +3459,10 @@ cp -a ${LIVE_ROOTDIR}/etc/slackware-version ${LIVE_ROOTDIR}/etc/os-release \ ${LIVE_ROOTDIR}/boot/initrd-tree/etc/ if [ "$NFSROOTSUP" = "YES" ]; then # Add just the right kernel network modules by pruning unneeded stuff: - if [ "$SL_ARCH" = "x86_64" -o "$SMP32" = "NO" ]; then - KMODS_PKG=$(find ${DEF_SL_PKGROOT}/../ -name "kernel-modules-*$(echo $KGEN |tr - _)*.t?z" |grep -v smp |head -1) - else - KMODS_PKG=$(find ${DEF_SL_PKGROOT}/../ -name "kernel-modules-*$(echo $KGEN |tr - _)*.t?z" |grep smp |head -1) - fi - KMODS_TEMP=$(mktemp -d -p /mnt -t liveslak.XXXXXX) - if [ ! -d $KMODS_TEMP ]; then - echo "*** Failed to create a temporary extraction directory for the initrd!" - cleanup - exit 1 - fi - # We need to extract the full kernel-modules package for deps resolving: - tar -C ${KMODS_TEMP} -xf ${KMODS_PKG} + # We need the full kernel-modules package for deps resolving: # Get the kernel modules: for NETMODPATH in ${NETMODS} ; do - cd ${KMODS_TEMP} + cd ${LIVE_ROOTDIR} cp -a --parents lib/modules/${KVER}/${NETMODPATH} \ ${LIVE_ROOTDIR}/boot/initrd-tree/ cd - 1>/dev/null @@ -3068,19 +3473,17 @@ if [ "$NFSROOTSUP" = "YES" ]; then done # Add any dependency modules: for MODULE in $(find ${LIVE_ROOTDIR}/boot/initrd-tree/lib/modules/${KVER}/${NETMODPATH} -type f -exec basename {} .ko \;) ; do - /sbin/modprobe --dirname ${KMODS_TEMP} --set-version $KVER --show-depends --ignore-install $MODULE 2>/dev/null |grep "^insmod " |cut -f 2 -d ' ' |while read SRCMOD; do + /sbin/modprobe --dirname ${LIVE_ROOTDIR} --set-version $KVER --show-depends --ignore-install $MODULE 2>/dev/null |grep "^insmod " |cut -f 2 -d ' ' |while read SRCMOD; do if [ "$(basename $SRCMOD .ko)" != "$MODULE" ]; then - cd ${KMODS_TEMP} - # Need to strip ${KMODS_TEMP} from the start of ${SRCMOD}: - cp -a --parents $(echo $SRCMOD |sed 's|'${KMODS_TEMP}'/|./|' ) \ + cd ${LIVE_ROOTDIR} + # Need to strip ${LIVE_ROOTDIR} from the start of ${SRCMOD}: + cp -a --parents $(echo $SRCMOD |sed 's|'${LIVE_ROOTDIR}'/|./|' ) \ ${LIVE_ROOTDIR}/boot/initrd-tree/ cd - 1>/dev/null fi done done done - # Remove the temporary tree: - rm -rf ${KMODS_TEMP} # We added extra modules to the initrd, so we run depmod again: chroot ${LIVE_ROOTDIR}/boot/initrd-tree /sbin/depmod $KVER # Add the firmware for network cards that need them: @@ -3097,7 +3500,7 @@ rm -rf ${LIVE_ROOTDIR}/boot/initrd-tree # ... and cleanup these mounts again: umount ${LIVE_ROOTDIR}/{proc,sys,dev} || true -umount ${LIVE_ROOTDIR} || true +umount -R ${LIVE_ROOTDIR} || true # Paranoia: [ ! -z "${LIVE_BOOT}" ] && rm -rf ${LIVE_BOOT}/{etc,tmp,usr,var} 1>${DBGOUT} 2>${DBGOUT} @@ -3111,11 +3514,6 @@ mv ${LIVE_BOOT}/boot/initrd_${KVER}.img ${LIVE_STAGING}/boot/initrd.img # Squash the boot directory into its own module: mksquashfs ${LIVE_BOOT} ${LIVE_MOD_SYS}/0000-${DISTRO}_boot-${SL_VERSION}-${SL_ARCH}.sxz -noappend -comp ${SQ_COMP} ${SQ_COMP_PARAMS} -# Determine additional boot parameters to be added: -if [ -z ${KAPPEND} ]; then - eval KAPPEND=\$KAPPEND_${LIVEDE} -fi - # Copy the syslinux configuration. # The next block checks here for a possible UEFI grub boot image: cp -a ${LIVE_TOOLDIR}/syslinux ${LIVE_STAGING}/boot/ @@ -3123,8 +3521,13 @@ cp -a ${LIVE_TOOLDIR}/syslinux ${LIVE_STAGING}/boot/ # EFI support always for 64bit architecture, but conditional for 32bit. if [ "$SL_ARCH" = "x86_64" -o "$EFI32" = "YES" ]; then # Copy the UEFI boot directory structure: + rm -rf ${LIVE_STAGING}/EFI/BOOT mkdir -p ${LIVE_STAGING}/EFI/BOOT cp -a ${LIVE_TOOLDIR}/EFI/BOOT/{grub-embedded.cfg,make-grub.sh,*.txt,theme} ${LIVE_STAGING}/EFI/BOOT/ + if [ ${SECUREBOOT} -eq 1 ]; then + # User needs a DER-encoded copy of the signing cert for MOK enrollment: + openssl x509 -outform der -in ${MOKCERT} -out ${LIVE_STAGING}/EFI/BOOT/liveslak.der + fi if [ "$LIVEDE" = "XFCE" ]; then # We do not use the unicode font, so it can be removed to save space: rm -f ${LIVE_STAGING}/EFI/BOOT/theme/unicode.pf2 @@ -3132,7 +3535,7 @@ if [ "$SL_ARCH" = "x86_64" -o "$EFI32" = "YES" ]; then # Create the grub fonts used in the theme. # Command outputs string like this: "Font name: DejaVu Sans Mono Regular 5". - for FSIZE in 5 10 12 20 ; do + for FSIZE in 5 10 12 20 24 ; do grub-mkfont -s ${FSIZE} -av \ -o ${LIVE_STAGING}/EFI/BOOT/theme/dejavusansmono${FSIZE}.pf2 \ /usr/share/fonts/TTF/DejaVuSansMono.ttf \ @@ -3145,6 +3548,12 @@ if [ "$SL_ARCH" = "x86_64" -o "$EFI32" = "YES" ]; then # Generate the UEFI grub boot image if needed: if [ ! -f ${LIVE_STAGING}/EFI/BOOT/boot${EFISUFF}.efi -o ! -f ${LIVE_STAGING}/boot/syslinux/efiboot.img ]; then ( cd ${LIVE_STAGING}/EFI/BOOT + # Create a SBAT file 'grub_sbat.csv' to be used by make-grub.sh : + cat <<HSBAT > ${LIVE_STAGING}/EFI/BOOT/grub_sbat.csv +sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md +grub,1,Free Software Foundation,grub,2.06,https://www.gnu.org/software/grub/ +grub.liveslak,1,The liveslak project,grub,${GRUBVER}-${GRUBBLD},https://download.liveslak.org/ +HSBAT sed -i -e "s/SLACKWARELIVE/${MARKER}/g" grub-embedded.cfg sh make-grub.sh EFIFORM=${EFIFORM} EFISUFF=${EFISUFF} ) @@ -3152,6 +3561,12 @@ if [ "$SL_ARCH" = "x86_64" -o "$EFI32" = "YES" ]; then # Generate the grub configuration for UEFI boot: gen_uefimenu ${LIVE_STAGING}/EFI/BOOT + + # Add SecureBoot support if requested: + if [ ${SECUREBOOT} -eq 1 ]; then + secureboot ${SHIM_3RDP} + fi + fi # End EFI support menu. if [ "$SYSMENU" = "NO" ]; then @@ -3230,6 +3645,9 @@ fi # verbatim into the overlay root): mkdir -p ${LIVE_STAGING}/${LIVEMAIN}/rootcopy +# Mark our ISO as 'ventoy-compatible': +echo "This ISO is compatible with Ventoy. See https://www.ventoy.net/en/compatible.html" >${LIVE_STAGING}/ventoy.dat + # Create an ISO file from the directories found below ${LIVE_STAGING}: create_iso ${LIVE_STAGING} |