# Generated by pykickstart v3.32
#version=RHEL9
# System authorization information
authselect select sssd
# License agreement
eula --agreed
firstboot --disable
ignoredisk --drives=sd*|nvme*|vd*|sr*
# Keyboard layouts
keyboard --vckeymap=fr --xlayouts='fr'
# System language
lang en_US.UTF-8
# Network information
network  --bootproto=dhcp --device=link --activate
# Shutdown after installation
shutdown
repo --name="redpesk-redpesk-bsp-renesas-gen3--redpesk-lts-batz-2.0-update-build-69391" --baseurl=http://distro-hub-prod02.redpesk.onprem/kojifiles//repos/redpesk-bsp-renesas-gen3--redpesk-lts-batz-2.0-update-build/69391/$basearch --noverifyssl --priority=1 --module_hotfixes=true
repo --name="redpesk-redpesk-lts-batz-2.0-update-build-74171" --baseurl=http://distro-hub-prod02.redpesk.onprem/kojifiles//repos/redpesk-lts-batz-2.0-update-build/74171/$basearch --noverifyssl --priority=2 --module_hotfixes=true
repo --name="redpesk-import-redpesk-lts-batz-2.0-update-build-75304" --baseurl=http://distro-hub-prod02.redpesk.onprem/kojifiles//repos/import-redpesk-lts-batz-2.0-update-build/75304/$basearch --noverifyssl --priority=3 --module_hotfixes=true
repo --name="redpesk-redpesk-config-build-60680" --baseurl=http://distro-hub-prod02.redpesk.onprem/kojifiles//repos/redpesk-config-build/60680/$basearch --noverifyssl --priority=52 --module_hotfixes=true
# Root password
rootpw --iscrypted $6$/0r4m3q/3.Nd4LUq$IJof8jdAwstBb1W5Q0fiQHEUouD5yYrmfU27wORmfJarXRfMclZNWORdCHwDTAYrhImZquhJp6xAB1L5EeZir0
# SELinux configuration
selinux --disabled
# Do not configure the X Window System
skipx
# System timezone
timezone Europe/Paris --utc
# Use network installation
url --url="https://download.redpesk.bzh/redpesk-lts/batz-2.0-update/imager-os/aarch64/"
# System bootloader configuration
bootloader --disabled --location=none
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all --disklabel=gpt
# Disk partitioning information
part /boot --asprimary --fstype="ext4" --size=200 --label=boot
part /config --asprimary --fstype="ext4" --size=50 --fsoptions="noatime,rw" --label=config
part /recovery --asprimary --fstype="ext4" --size=500 --fsoptions="noatime,rw" --label=recovery
part / --fstype="ext4" --size=2700 --fsoptions="noatime,rw" --label=rootfs
part /data --fstype="ext4" --grow --size=500 --fsoptions="noatime,rw" --label=data

%post --nochroot --logfile=/mnt/sysroot/tmp/post-fstab.log --erroronfail

echo "Setting UUID into /etc/fstab..."
grep "^/dev.*Redpesk*" /mnt/sysroot/etc/fstab | while read part ; do
	dev=$(echo $part | cut -d' ' -f1)
	label=$(echo $part | cut -d' ' -f2)
	label="${label##*/}"
	if [[ "$label" == "" ]]; then
		label="rootfs"
	elif [[ "$label" == "efi" ]]; then
		label="EFI"
	fi
	UUID=$(blkid -s UUID -o value `blkid -L $label`)
	echo "dev=$dev UUID=$UUID label=$label"
	sed -i "s|${dev}|UUID=\"${UUID}\"|g" /mnt/sysroot/etc/fstab
done
%end

%post --logfile=/mnt/sysroot/tmp/post-tmp.log --erroronfail
echo "Enabling tmpfs for /tmp..."
systemctl enable tmp.mount
%end

%post --logfile=/tmp/post-distro.log --erroronfail
# Note that /etc/dnf/dnf.conf is not replace at dnf upgrade
echo "do not install weak deps"
echo "install_weak_deps=0" >> /etc/dnf/dnf.conf
echo "disable rngd.service"
systemctl disable rngd.service
echo "import gpg keys"
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY*
echo "Packages within this disk image :"
rpm -qa | sort -h
echo ""
# Note that running rpm recreates the rpm db files which aren't needed or wanted
rm -f /var/lib/rpm/__db*

# remove random seed, the newly installed instance should make it's own
rm -f /var/lib/systemd/random-seed

dnf -y remove dracut-config-generic

# Remove machine-id on pre generated images
rm -f /etc/machine-id
touch /etc/machine-id

# Fix "/etc/rc.d/rc.local is not marked executable"
mkdir -p /etc/systemd/system-generators
touch /etc/systemd/system-generators/systemd-rc-local-generator

# setup systemd to boot to the right runlevel
echo -n "Setting default runlevel to multiuser text mode"
rm -f /etc/systemd/system/default.target
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
#Permit root login in ssh
[ -f /etc/ssh/sshd_config ] && sed -ri "s/^\#?(PermitRootLogin).*$/\1 yes/" /etc/ssh/sshd_config
echo .

echo "ARCH=\"`rpm --eval %{_arch}`\"" >> /etc/os-release
echo "BUILD_DATE=\"`date '+%Y-%m-%d %H:%M:%S'`\"" >> /etc/os-release
%end

%post --logfile=/tmp/post-initramfs.log --erroronfail
dracut -f --no-kernel --confdir="/etc/dracut.conf.d/redpesk/" /tmp/initramfs.img

if [[ `rpm -E %{_arch}` == "aarch64" ]]; then
	mkimage -A arm64 -O linux -T ramdisk -C gzip -d /tmp/initramfs.img /recovery/initramfs.img
	rm -f /tmp/initramfs.img
else
	mv /tmp/initramfs.img /recovery/initramfs.img
	#Re-generate grub2 entries with recovery initramfs
	grub2-mkconfig -o /boot/efi/EFI/redpesk/grub.cfg
fi

#Remove pkg only installed for initramfs generating
dnf remove -y dracut-redpesk-recovery

%end

%post --logfile=/tmp/post-recovery.log --erroronfail
if [[ `rpm -E %{_arch}` == "aarch64" ]]; then
	cp /boot/Image /recovery/recovery.img
	cp /boot/*.dtb /recovery/
elif [[ `rpm -E %{_arch}` == "x86_64" ]]; then
	cp /boot/vmlinuz*x86_64 /recovery/recovery.img
else
	echo "WARN: recovery not supported for this arch."
fi
sed -i '/recovery/d' /etc/fstab
%end

%post --logfile=/tmp/post-clean.log --erroronfail

#Delete all manuals
rm -rf /usr/share/man
rm -rf /usr/share/doc

#Clean DNF Cache
dnf clean all

#Clean journal
journalctl --rotate
journalctl --vacuum-time=1s

#Clean local according filesystem rpm request
for list in `rpm -ql filesystem | grep "/usr/share/locale/"`; do [[ $list != *"LC_MESSAGES" ]] && basename $list >> /tmp/filter ;done
for folder in `ls /usr/share/locale`; do
    if [[ -d /usr/share/locale/$folder ]]; then
        grep -q $folder /tmp/filter && echo "Keeping $folder"
        grep -q $folder /tmp/filter || (echo "Deleting $folder" && rm -rf /usr/share/locale/$folder)
    else
        echo "$folder is a file"
    fi
done

%end

%post
BINDING="\
	helloworld-binding \
"
echo "BINDING=\"\$BINDING ${BINDING}\"" >> /tmp/binding-list
%end

%post --nochroot --logfile=/mnt/sysroot/tmp/post-binding_install.log --erroronfail
# Exit script on first error as this step is mandatory for package installation
set -e

# Use mock dnf config file to be able to access repository
CONFIG_FILE="/etc/dnf/dnf.conf"
CHROOT_DIR="/mnt/sysimage"
RPMS_DIR=${CHROOT_DIR}"/var/lib/rp-firstboot/rpms"

alias dnf_ks='dnf -c ${CONFIG_FILE} --installroot=${CHROOT_DIR}'
# For debug purpose
dnf_ks repolist -v

if [ -f ${CHROOT_DIR}/tmp/binding-list ]; then
	source ${CHROOT_DIR}/tmp/binding-list
	mkdir -p ${RPMS_DIR}
	LIST=$(rpm --root=${CHROOT_DIR} -qa --qf "%{NAME}\n" | grep binding | tr "\n" " ")
	[ -n "${LIST}" ] && dnf_ks reinstall -y \
		--downloadonly --downloaddir=${RPMS_DIR} \
		${LIST}
	[ -n "${BINDING}" ] && dnf_ks install -y \
		--downloadonly --downloaddir=${RPMS_DIR} \
		${BINDING}
	rm ${CHROOT_DIR}/tmp/binding-list
fi

# Since first boot RPMs are not installed in the image, they are not listed in manifest.log
rpm -qp ${RPMS_DIR}/* >> /tmp/manifest-firstboot.log

#Clean DNF Cache
dnf_ks clean all
%end

%post --logfile=/tmp/post-project-features.log --erroronfail
#CUSTOM FEATURE WILL COME HERE
%end

%post
echo "SECURITY_MODEL=\"smack\"" >> /etc/os-release
%end

%post --nochroot
# Save pre and post action logs for extraction into koji
cp /mnt/sysroot/tmp/pre-*.log /chroot_tmpdir/lmc-logs
cp /mnt/sysroot/tmp/post-*.log /chroot_tmpdir/lmc-logs
%end

%pre-install
# disable systemd-networkd
mkdir -p /mnt/sysimage/etc/systemd/system-preset
cat <<EOF > /mnt/sysimage/etc/systemd/system-preset/10-disable-networkd.preset
disable systemd-networkd.service
disable systemd-networkd-wait-online.service
EOF
%end

%post
## Firewall configuration
firewall --enabled --service=mdns,ssh

# Fix NetworkManager DNS resolving
rm -f /etc/resolv.conf
ln -sf /run/NetworkManager/resolv.conf /etc/resolv.conf

%end

%addon com_redhat_kdump --disable
%end
%packages --nocore --ignoremissing --exclude-weakdeps
NetworkManager
NetworkManager-wifi
afb-app-manager
afb-app-manager-rpm
afb-binder
audit
basesystem
bash
can-tests
can-utils
chkconfig
chrony
coreutils
cronie
curl
dnf
dnf-utils
dracut-config-generic
dracut-live
dracut-redpesk-common
dracut-redpesk-recovery
e2fsprogs
filesystem
firewalld
glibc
glibc-langpack-en
grubby
hostname
i2c-tools
initscripts
iproute
iputils
irqbalance
iw
kbd
kexec-tools
less
libgomp
linux-firmware-ti-connectivity
man-db
ncurses
openssh-clients
openssh-server
parted
passwd
picocom
platform-firstboot
platform-runtime-tools
policycoreutils
procps-ng
redhat-rpm-config
redpesk-bsp-repos
redpesk-repos
rng-tools
rootfiles
rpm
sec-lsm-manager-smack
sec-smack-rules
setup
shadow-utils
sssd-client
sudo
systemd
systemd-udev
tar
tree
tuned
uboot-tools
usbutils
util-linux
vim
vim-minimal
wget
xfsprogs
yum
-*grubby
-alsa-sof-firmware
-atheros-firmware
-brcmfmac-firmware
-dracut-config-rescue
-extlinux-bootloader
-fedora-arm-installer
-fedora-repos
-fedora-repos-modular
-gawk-all-langpacks
-generic-release*
-geolite2-city
-geolite2-country
-glibc-all-langpacks
-grub2-common
-grub2-tools
-grub2-tools-minimal
-grubby-deprecated
-initial-setup
-initial-setup-gui
-iproute-tc
-ipw*
-iwl*
-langpacks-en
-lvm2
-mozjs78
-plymouth
-selinux-policy
-selinux-policy-targeted
-shim*
-sssd-common
-sssd-kcm
-trousers
-uboot-images-armv7
-usb_modeswitch
-zram-generator
-zram-generator-defaults

%end