Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 28 Oct 2011 15:00:02 +0400
From: Solar Designer <solar@...nwall.com>
To: owl-dev@...ts.openwall.com
Subject: Re: syslinux

Vasiliy,

On Thu, Oct 27, 2011 at 03:26:07PM +0400, Vasiliy Kulikov wrote:
> The rough patch for isolinux based ISOs (the patch obviously needs a
> cleanup):

It definitely needs a heavy cleanup.  Also, we'll need to make changes
to the owl-cdrom package, which currently provides floppy-update.sh and
lilo.conf for our ISOs.

> -log "Installing sources"
...
> +if [ "$COPY_SOURCES" != "NO" ]; then

These extra changes should be committed separately from (before or
after) the move from LILO to ISOLINUX.  Also, how about we use more
consistent shell variable names - e.g., ISO_COMPRESS instead of
COMPRESS_ISO, and then also ISO_COPY_SOURCES?

> -if [ -z "$COMPRESS_ISO" ]; then
> -	mkisofs -quiet -lRJ -b boot/floppy.image -c boot/boot.catalog \
> -		-o "$ISO" "$ROOT"
> -else
> -	mkisofs -quiet -lRJ -b boot/floppy.image -c boot/boot.catalog "$ROOT" |
> -		gzip -9 >"$ISO.gz"
> +mkisofs -quiet -lRJ \
> +    -no-emul-boot -boot-load-size 4 -boot-info-table \
> +    -hide-rr-moved \
> +    -b boot/isolinux/isolinux.bin \
> +    -c boot/isolinux/isolinux.cat \
> +    -o "$ISO" "$ROOT"
> +
> +if [ -n "$COMPRESS_ISO" ]; then
> +    gzip -9 "$ISO" > "$ISO.gz"
>  fi

I understand that you did not want to duplicate the lengthy list of
options to mkisofs, but creating an uncompressed .iso file on disk
unnecessarily is not good.  I suggest that you do something like:

MKISOFS_OPTS='...'
if [ -z "$COMPRESS_ISO" ]; then
	mkisofs $MKISOFS_OPTS "$ROOT" | gzip -9 > "$ISO.gz"
else
	mkisofs $MKISOFS_OPTS -o "$ISO" "$ROOT"
fi

Also, it'd be nice to start including the arch name in default ISO and
vztemplate filenames (should be a separate commit, though).  I already
do such renames of files that we release - manually.

> The isolinux.cfg:
> 
>     timeout 50
>     display /boot/message
>     default normal
>     prompt 1

Does our current message (explaining "safe" and "rescue") display OK?

>     label normal
>     kernel /boot/vmlinuz
>     append single rootfstype=iso9660 root=/dev/cdrom rootdelay=30
> 
>     label safe
>     kernel /boot/vmlinuz
>     append single rootfstype=iso9660 root=/dev/cdrom rootdelay=30 acpi=ht
> 
>     label rescue
>     kernel /boot/vmlinuz

With "safe" and "rescue", do the existing instructions apply? -

---
To continue booting this CD's live + installable system, press Enter or just
wait a few seconds.  If this fails, try selecting "safe" (limits use of ACPI).

To boot an arbitrary Linux userland along with this CD's kernel (such as to
rescue an installed system), select "rescue" AND TYPE " root=/dev/..."
without the quotes and replacing the dots with your root filesystem device.
For example, your boot line (below) might be "rescue root=/dev/sda2".
---

Is there possibly a feature in ISOLINUX to prevent the rescue label from
being booted without a root device specified?  Right now, with LILO, a
common user error is to just try booting "rescue", which then fails with
a kernel panic.

> The image boots OK in QEMU.

Great!

Thanks,

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ