#!/usr/bin/perl # use lib qw(/usr/lib/libDrakX); ##################### Remove installUpdates step from install package install::install2; undef *installUpdates; *installUpdates = sub { log::l("Patch XOS: Remove installUpdates step from install"); 1 }; ##################### Force la selection du kernel-server par defaut use detect_devices; package detect_devices; sub isServer() { my $Chassis = dmidecode_category('Chassis')->{Type} =~ /(\S+)/ && $1; member($Chassis, 'Pizza Box', 'Main Server Chassis', 'Blade') || (any { $_->{Type} =~ /ECC/ } dmidecode_category('Memory Module')) || dmidecode_category('System Information')->{Manufacturer} =~ /Supermicro/i || dmidecode_category('System Information')->{'Product Name'} =~ /NetServer|Proliant|PowerEdge|eServer|IBM System x/i || matching_desc__regexp('LSI Logic.*SCSI') || matching_desc__regexp('MegaRAID') || matching_desc__regexp('NetServer') || (any { $_->{'model name'} =~ /(Xeon|Opteron)/i } getCPUs()); }; undef *dmi_detect_memory; *dmi_detect_memory = sub { my @l1 = map { $_->{'Enabled Size'} =~ /(\d+) MB/ && $1 } dmidecode_category('Memory Module'); my @l2 = map { $_->{'Form Factor'} =~ /^(SIMM|SIP|DIP|DIMM|RIMM|SODIMM|SRIMM|FB-DIMM)$/ && ($_->{Size} =~ /(\d+) MB/ && $1 || $_->{Size} =~ /(\d+) kB/ && $1 * 1024); } dmidecode_category('Memory Device'); max(sum(@l1), sum(@l2)); }; undef *_bestKernel_extensions; *_bestKernel_extension = sub { my ($o_match_all_hardware) = @_; $o_match_all_hardware = '-xos-smp'; }; ##################### Remove mandi-ifw from install use install::steps; package install::steps; undef *configure_firewall; *configure_firewall = sub { my ($o) = @_; log::l("Patch XOS: Remove mandi-ifw from install"); #- set up a firewall if ports have been specified or if the security level is high enough $o->{firewall_ports} ||= '' if $o->{security} >= 1 && !exists $o->{firewall_ports}; if (defined $o->{firewall_ports}) { require network::drakfirewall; $o->{firewall_ports} ||= ''; #- don't open any port by default network::drakfirewall::set_ports($o->do_pkgs, 0, $o->{firewall_ports}, 'log_net_drop'); ## Remove mandi-ifw for installation ##network::drakfirewall::set_ifw($o->do_pkgs, 1, [ 'psd' ], ''); } }; ##################### Add Acl for ext3 use fs::mount_options; package fs::mount_options; undef *set_default; *set_default = sub { log::l("Patch XOS: Add Acl for ext3 "); my ($part, %opts) = @_; #- opts are: security iocharset codepage ignore_is_removable my ($options, $unknown) = &unpack($part); if (!$opts{ignore_is_removable} && $part->{is_removable} && !member($part->{mntpoint}, fs::type::directories_needed_to_boot()) && (!$part->{fs_type} || $part->{fs_type} eq 'auto' || $part->{fs_type} =~ /:/)) { $options->{supermount} = 0; #- always disable supermount $part->{fs_type} = 'auto'; $options->{flush} = 1 if $part->{media_type} ne 'cdrom'; } if ($part->{media_type} eq 'cdrom') { $options->{ro} = 1; } if ($part->{media_type} eq 'fd') { # slow device so do not loose time, write now! $options->{flush} = 1; } if (isTrueLocalFS($part)) { #- noatime on laptops (do not wake up the hd) #- otherwise relatime (wake up the hd less often / better performances) #- Do not update inode access times on this #- file system (e.g, for faster access on the #- news spool to speed up news servers). $options->{relatime} = $options->{noatime} = 0; $options->{detect_devices::isLaptop() ? 'noatime': 'relatime'} = 1 if !$opts{force_atime}; } if ($part->{fs_type} eq 'nfs') { put_in_hash($options, { nosuid => 1, 'rsize=8192,wsize=8192' => 1, soft => 1, }); } if ($part->{fs_type} eq 'cifs') { add2hash($options, { 'username=' => '%' }) if !$options->{'credentials='}; } if (fs::type::can_be_this_fs_type($part, 'vfat')) { put_in_hash($options, { users => 1, noexec => 0, }) if $part->{is_removable}; put_in_hash($options, { 'umask=0' => $opts{security} <= 3, 'iocharset=' => $opts{iocharset}, 'codepage=' => $opts{codepage}, }); } if ($part->{fs_type} eq 'ntfs') { put_in_hash($options, { ro => 1, 'nls=' => $opts{iocharset}, 'umask=0' => $opts{security} < 3, 'umask=0022' => $opts{security} < 4, }); } if (fs::type::can_be_this_fs_type($part, 'iso9660')) { put_in_hash($options, { users => 1, noexec => 0, 'iocharset=' => $opts{iocharset} }); } if ($part->{fs_type} eq 'reiserfs') { $options->{notail} = 1; $options->{user_xattr} = 1; } if ($part->{fs_type} eq 'ext3') { $options->{user_xattr} = 1; put_in_hash($options, { acl => 1 }) ; } if (isLoopback($part) && !isSwap($part)) { #- no need for loop option for swap files $options->{loop} = 1; } # rationalize: no need for user if ($options->{autofs}) { $options->{users} = $options->{user} = 0; } if ($options->{user} || $options->{users}) { # have noauto when we have user $options->{noauto} = 1; # ensure security (user_implies - noexec as noexec is not a security matter) $options->{$_} = 1 foreach 'nodev', 'nosuid'; } &pack($part, $options, $unknown); rationalize($part); }; undef *configureNetwork; *configureNetwork = sub { log::l("Patch XOS: Remove UDEV Rules "); my ($o) = @_; #- don't overwrite configuration in a network install #if (!install::any::is_network_install($o)) { # require network::network; # network::network::easy_dhcp($o->{net}, $o->{modules_conf}); #} require network::netconnect; network::netconnect::real_main($o->{net}, $o, $o->{modules_conf}); $o->SUPER::configureNetwork; addVarsInSh("$::prefix/etc/sysconfig/network", { AUTOMATIC_IFCFG => "no", }); }; use network::drakfirewall; package network::drakfirewall; undef *set_ifw; *set_ifw = sub { };