[redhat-lspp] Re: kickstart changes to select capp or lspp configuration

Wed Feb 7 06:19:02 UTC 2007

On Thu, Feb 01, 2007 at 07:13:22PM -0500, Linda Knippers wrote:
> The changes I made included adding a question into the post part of the
> kickstart script and renaming/restructuring so some of the files aren't
> specific to LSPP.  I also made the files vendor neutral.  This involved
> patching some files and moving some things around so its hard to generate
> just one patch file.  Attached are the patch files for the individual files
> that I modified and below you'll see notes on the things I renamed.

Thank you Linda, I'm integrating your patches with changes as noted
below.

> I've applied these patches to your latest 0.18 ks sources and they seem
> to work with the rc1 kit.  Let me know if you have any questions or don't agree
> with some of the changes.  If IBM doesn't want to go vendor-neutral as far
> as my change go then maybe we can make it easier to include the vendor name
> without alot of changes.

It was already parametrized (with some omissions) - the git repository
contains the "make-rpm" shell script which builds a source RPM. You can
set environment variables before calling "make-rpm" to change names, for
example:

 ECG=ACME-EAL7-Guide NAME=mlospp-eal7-config-acme ./make-rpm 0.19 1

which will result in creating the
mlospp-eal7-config-acme-0.19-1.noarch.rpm file.

If you put the $ECG.{man,txt,pdf,...} files into the lspp-config/doc/
dir, it'll automatically be added to the RPM in the right place.

> The ftp location is still vendor-specific, but it probably will need to
> be.

This could also be a build time parameter, I haven't done that yet.

> BTW, this is not in the attached patches but I took the --tries=1 argument
> out of the wget line in the common-post.cfg file.  It seems a recent addition
> but here it causes wget to not be able to get the certification rpm.  I had to
> escape from the script and manually wget it.  Why was it added?

The problem was that without that argument, it retries 20 times to
download the file, and pressing Ctrl-C aborts the entire process and
forces an immediate reboot. That's really annoying if it failed due to a
network or DNS problem since you don't have a chance to fix that.

I'll use "--tries=2" this time, is that better? Or is it calling busybox
"wget" for some reason which doesn't have that option? (It shouldn't,
it's chrooted to the installed system.) What's the error output?

> Changed the name of the spec file to remove company and protection profile
> specifics.  Likewise, renamed files and directories.  For example:
> 
> mv lspp-eal4-config-ibm-0.18/bin/lspp-eal4-config.in
> eal4-config-0.16/bin/eal4-config.in
> Updated the script to take the profile as an argument.

I've changed that to use "capp-lspp" instead of "eal4" consistently, so
the script name is now "capp-lspp-config". The assurance level is IMHO
not particularily descriptive for what the script is doing.

> mv lspp-eal4-config-ibm-0.18/doc/RHEL-LSPP-EAL4-IBM-Configuration-Guide.man
> eal4-config-0.16/doc/RHEL-EAL4-Configuration-Guide.man
> (this will probably need to go back to being vendor-specific but shouldn't
> be protection profile specific)

You can choose whichever name you like for the ECG and set that in the
$ECG variable at build time :-)

> mv lspp-eal4-config-ibm-0.18/lspp eal4-config-0.16/eal4

I haven't made that change since it's applicable only to the source RPM,
it's not visible in the final install (see Makefile and $SHAREDIR).

> And within that directory:
> mv lspp-perms.conf eal4-perms.conf
> mv lspp-root-only.conf eal4-root-only.conf

I've deleted the "eal4-" prefix from those.

> Updated kickstart/src/common-head.cfg with different tmp filenames.  Perhaps
> not necessary.  (Would like to make default timezone configurable.)

The time zone is changeable after the install. The script could call
"tzselect" but I'm not sure if it's worth the effort.

Thank you again for the patches!

-Klaus