There are three prebuilt files that we can update when we need to make changes
to the installer:
- vmlinuz - The kernel
- initrd.img - Initial initrd loaded when the installer boots. Has kernel
modules, etc, and loads the squashfs.img
- squashfs.img - Provides the rootfs for the installer, which includes
components like anaconda
The original stock CentOS files are found:
/import/mirrors/CentOS/7.4.1708/os/x86_64/isolinux/initrd.img
/import/mirrors/CentOS/7.4.1708/os/x86_64/LiveOS/squashfs.img
# NOTE: before updating these files, assure that you've had a successful build
for the necessary files used in "kernel-rpms" and "rootfs-rpms".
# here are build procedures:
# kernel, kernel modules will be generated by this step
build-pkgs
# anaconda-*.tis.*.rpm rpm-*.tis*.rpm will be generated by this step
build-srpms --installer && build-rpms --installer
# systemd-*.tis.*.rpm and bind-utils-9.9.4-61.el7.x86_64.rpm, ima-evm-utils-1.0-1.el7.x86_64.rpm
# will be available after this step done
build-iso
===========
vmlinuz:
We're using the runtime kernel for this, so when we update the installer, we
just grab the kernel from build server or your own build environment.
Note -- The kernel to be used should be signed. The Jenkins builds will
produce signed kernels, but if you are concerned about the signature (for
example, if you are concerned that a developer kernel is being used or if
the signing server is behaving odd) then you can verify the integrity of
the kernel by going onto yow-cgts3-lx and using the command:
sbverify --cert [CERT] vmlinuz
The certificate specfied as the argument can be found in
$MY_REPO/addons/wr-cgcs/layers/cgcs/recipes-extended/shim-unsigned/files/tis-shim.crt
===========
initrd.img:
When we update the kernel and kernel modules for the installer, we need to
update the initrd.img. This is a manual procedure currently, and must be done
as **root**.
# First, extract the initrd.img:
ORIG_INITRD=$PWD/initrd.img
mkdir initrd.work
cd initrd.work
xzcat $ORIG_INITRD | cpio -i
# Make the necessary changes, and rebuild the initrd
# We want to include our kernel and required modules in the initrd. Copy their RPMs from
# the Jenkins build or local build folders (~/export/dist/isolinux/Packages/ and ~/std/rpmbuild/RPMS/)
# to ../kernel-rpms, to be extracted with rpm2cpio:
# kernel
# kmod-i40e
# kmod-ixgbe
# kmod-e1000e
# kmod-tpm
# mlnx-ofa_kernel-modules
#
# Also adding in dmidecode for debug purposes
# Delete the old kernel files:
rm -rf boot/ etc/modules-load.d/ etc/ld.so.conf.d/kernel-3.10.0-693.2.2.el7.tis.29.x86_64.conf lib/modules/3.10.0-693.2.2.el7.tis.29.x86_64/
# Extract the RPMs from the build system
# FYI, here are RPMs in "kernel-rpms":
# ls kernel-rpms/
kernel-3.10.0-693.2.2.el7.33.tis.x86_64.rpm kmod-i40e-rt-2.4.3-0.tis.6.x86_64.rpm mlnx-ofa_kernel-4.3-OFED.4.3.1.0.1.1.g8509e41.tis.1.x86_64.rpm
kernel-rt-3.10.0-693.2.2.rt56.623.el7.tis.39.x86_64.rpm kmod-ixgbe-5.2.3-0.tis.2.x86_64.rpm mlnx-ofa_kernel-devel-4.3-OFED.4.3.1.0.1.1.g8509e41.tis.1.x86_64.rpm
kmod-e1000e-3.3.6-0.tis.1.x86_64.rpm kmod-ixgbe-rt-5.2.3-0.tis.2.x86_64.rpm mlnx-ofa_kernel-modules-4.3-OFED.4.3.1.0.1.1.g8509e41.tis.1.x86_64.rpm
kmod-e1000e-rt-3.3.6-0.tis.1.x86_64.rpm kmod-tpm-4.12-0.tis.5.x86_64.rpm
kmod-i40e-2.4.3-0.tis.6.x86_64.rpm kmod-tpm-rt-4.12-0.tis.5.x86_64.rpm
for f in ../kernel-rpms/*.rpm ; do rpm2cpio $f | cpio -idu; done
# In a chroot, run depmods. The command is available from the kmod-i40e for syntax/args:
# [root@yow-cgts4-lx initrd.work]# rpm -qp --scripts ../kernel-rpms/kmod-i40e-* |grep depmod
# /usr/sbin/depmod -aeF "/boot/System.map-3.10.0-327.36.2.el7.9.tis.x86_64" "3.10.0-327.36.2.el7.9.tis.x86_64" > /dev/null || :
# /usr/sbin/depmod -aeF "/boot/System.map-3.10.0-327.36.2.el7.9.tis.x86_64" "3.10.0-327.36.2.el7.9.tis.x86_64" > /dev/null || :
chroot .
# <actual-kernel-version> need be replaced, for example, 3.10.0-693.2.2.el7.33.tis.x86_64
/usr/sbin/depmod -aeF "/boot/System.map-<actual-kernel-version>" "<actual-kernel-version>"
exit
# Remove the bisodevname package from initrd and squashfs
rm -f ./usr/lib/udev/rules.d/71-biosdevname.rules ./usr/sbin/biosdevname
# Rebuild the initrd
find . \
| cpio -o -H newc \
| xz --check=crc32 --x86 --lzma2=dict=512KiB \
> ../new-initrd.img
===========
squashfs.img:
If we want to make changes to the rootfs of the installer (ie. update anaconda),
we need to update the squashfs.img file. This file can be mounted, and contains
a rootfs image: LiveOS/rootfs.img
# Build the TIS-modified installer RPMs first (see anaconda jiggery-pokery at end of this file):
build-srpms --installer && build-rpms --installer
# We also need TIS-built systemd for NVME support, so copy the following from Jenkins build:
systemd-219-42.el7_4.1.tis.10.x86_64.rpm
systemd-libs-219-42.el7_4.1.tis.10.x86_64.rpm
systemd-sysv-219-42.el7_4.1.tis.10.x86_64.rpm
# We need to update the following RPMs in the rootfs
ima-evm-utils-1.0-1.el7.x86_64.rpm
rpm-4.14.0-1.tis.1.x86_64.rpm
rpm-build-4.14.0-1.tis.1.x86_64.rpm
rpm-build-libs-4.14.0-1.tis.1.x86_64.rpm
rpm-libs-4.14.0-1.tis.1.x86_64.rpm
rpm-plugin-systemd-inhibit-4.14.0-1.tis.1.x86_64.rpm
rpm-python-4.14.0-1.tis.1.x86_64.rpm
# We also now need bind-utils in the squashfs, due to the anaconda-preexec we've added.
bind-utils-9.9.4-51.el7.x86_64.rpm
# Add ntpd to the rootfs
ntp-4.2.6p5-25.el7.centos.2.tis.3.x86_64.rpm
# Mount the squashfs.img and copy the rootfs out:
ORIG_SQUASHFS=$PWD/squashfs.img
mkdir squashfs.mnt
mount -o loop -t squashfs $ORIG_SQUASHFS squashfs.mnt
mkdir LiveOS
cp squashfs.mnt/LiveOS/rootfs.img LiveOS/
umount squashfs.mnt
# Now mount the rootfs.img file:
mkdir squashfs.work
mount -o loop LiveOS/rootfs.img squashfs.work
cd squashfs.work
# You can now make changes as needed, and they're reflected in the rootfs.img
# For anaconda, ignore these RPMs that are built:
# anaconda-debuginfo
# anaconda-dracut
# anaconda-widgets-devel
# anaconda-gui
#
# FYI, here are RPMs from "rootfs-rpms":
ls rootfs-rpms/
anaconda-21.48.22.121-1.el7.centos.tis.5.x86_64.rpm rpm-4.14.0-1.tis.1.x86_64.rpm
anaconda-core-21.48.22.121-1.el7.centos.tis.5.x86_64.rpm rpm-build-4.14.0-1.tis.1.x86_64.rpm
anaconda-debuginfo-21.48.22.121-1.el7.centos.tis.5.x86_64.rpm rpm-build-libs-4.14.0-1.tis.1.x86_64.rpm
anaconda-dracut-21.48.22.121-1.el7.centos.tis.5.x86_64.rpm rpm-libs-4.14.0-1.tis.1.x86_64.rpm
anaconda-gui-21.48.22.121-1.el7.centos.tis.5.x86_64.rpm rpm-plugin-systemd-inhibit-4.14.0-1.tis.1.x86_64.rpm
anaconda-tui-21.48.22.121-1.el7.centos.tis.5.x86_64.rpm rpm-python-4.14.0-1.tis.1.x86_64.rpm
anaconda-widgets-21.48.22.121-1.el7.centos.tis.5.x86_64.rpm systemd-219-42.el7_4.1.tis.10.x86_64.rpm
anaconda-widgets-devel-21.48.22.121-1.el7.centos.tis.5.x86_64.rpm systemd-libs-219-42.el7_4.1.tis.10.x86_64.rpm
bind-utils-9.9.4-61.el7.x86_64.rpm systemd-sysv-219-42.el7_4.1.tis.10.x86_64.rpm
ima-evm-utils-1.0-1.el7.x86_64.rpm
# IMPORTANT Note: when copying “systemd-219-42.el7_4.1.tis.10.x86_64.rpm” from build target folders to “rootfs-rpms”,
# we need to get it from “../export/dist/isolinux/Packages/systemd-219-42.el7_4.1.tis.10.x86_64.rpm”, instead of other
# folders (for example, ../std/rpmbuild/RPMS/systemd-219-42.el7_4.1.tis.10.x86_64.rpm), they are actually having
# different sizes and delta in contents.
# Extract the rest into the squashfs
rm -rf usr/lib64/python2.7/site-packages/pyanaconda/
rm -rf usr/lib64/python2.7/site-packages/rpm/
# get files from RPMs and copy them into corresponding folders
for f in ../rootfs-rpms/*.rpm ; do rpm2cpio $f | cpio -idu; done
#find old .pyo files and delete them
find usr/lib64/python2.7/site-packages/pyanaconda/ usr/lib64/python2.7/site-packages/rpm/ -name *.pyo | xargs rm
rm -rf usr/lib/.build-id
# IMPORTANT Note, please do NOT forget the following step:
# MUST HAVE!!! Update the kernel and related kernel modules, same as what was done for "initrd.img" updating
for f in ../kernel-rpms/*.rpm ; do rpm2cpio $f | cpio -idu; done
# Remove the bisodevname package from initrd and squashfs
rm -f ./usr/lib/udev/rules.d/71-biosdevname.rules ./usr/sbin/biosdevname
cd ..
umount squashfs.work
# Build/rebuild a new squashfs.img (output file is test.squashfs.img in this
# example)
# Note: You may need to install "squashfs-tools" in advance
#remove the old version named test.squashfs.img
rm -f test.squashfs.img
#make the new squashfs image named "test.squashfs.img" or another name
mksquashfs LiveOS test.squashfs.img -keep-as-directory -comp xz -b 1M
===========
To test with design build, update the following files with paths to your test
files and filenames:
recipes-installer/pxe-network-installer/centos/build_srpm.data
recipes-installer/pxe-network-installer/centos/pxe-network-installer.spec
===========
Delivering changes:
Copy the updated vmlinuz (from kernel rpm), initrd.img, and squashfs.img files,
with appropriate version suffixes, to mirror folder where you placethese files.
Update the pxe-network-installer files to point to the new versions.
===========
NOTE: The following jiggery-pokery is no longer required after recent mirror updates.
I'm keeping the text here, though, for future reference. Just in case.
Jiggery-pokery required to build anaconda after rebase to 7.3:
The anaconda build reports a dependency error:
12:45:41 Error: Package: libgudev1-219-19.el7_2.13.x86_64 (TisCentos7Distro)
12:45:41 Requires: systemd-libs = 219-19.el7_2.13
12:45:41 Installed: systemd-libs-219-30.el7_3.6.x86_64 (@TisCentos7Distro)
12:45:41 systemd-libs = 219-30.el7_3.6
12:45:41 Available: systemd-libs-219-19.el7_2.13.x86_64 (TisCentos7Distro)
12:45:41 systemd-libs = 219-19.el7_2.13
12:45:41 You could try using --skip-broken to work around the problem
12:45:41 You could try running: rpm -Va --nofiles --nodigest
Our build system is setup to install the highest versions of packages, but there's a dependency
that has a version-specific dependency to an older version of the RPM, so it requires a little
massaging to get the anaconda RPM to build.
Step 1: Add a symlink into the cgcs-centos-repo dir:
ln -s /import/mirrors/CentOS/tis-r4-CentOS/mitaka/Binary/x86_64/systemd-libs-219-19.el7_2.13.x86_64.rpm \
$MY_REPO/cgcs-centos-repo/Binary/x86_64/
Step 2: Try to build, so the repodata is updated (this will still fail)
build-srpms --installer && build-rpms --installer
Step 3: Short-circuit the update_cgcs_repo function in build-rpms to avoid repodata update and mock env clearout
Step 4: Manually install RPM in mock env
mock -r installer/${MY_BUILD_ENVIRONMENT}-installer.cfg --copyin systemd-libs-219-19.el7_2.13.x86_64.rpm systemd-libs-219-19.el7_2.13.x86_64.rpm
mock -r installer/${MY_BUILD_ENVIRONMENT}-installer.cfg --shell
rpm -i --force systemd-libs-219-19.el7_2.13.x86_64.rpm
Step 5: Build with success!
build-srpms --installer && build-rpms --installer
8267e3ce99