move build-system for LiveCD isos into from separate repo into packaging/

.gitmodules

@@ -4,3 +4,6 @@
 [submodule "common"]
 	path = common
 	url = ../VILLAScommon.git
+[submodule "packaging/live-iso/fedora-kickstarts"]
+	path = packaging/live-iso/fedora-kickstarts
+	url = https://pagure.io/fedora-kickstarts.git

packaging/live-iso/.gitignore

@@ -0,0 +1 @@
+villas-live.iso

packaging/live-iso/.gitlab-ci.yml

@@ -0,0 +1,49 @@
+variables:
+  GIT_STRATEGY: fetch
+  GIT_SUBMODULE_STRATEGY: recursive
+  BUILDDIR: /var/tmp/lmc-build-${CI_JOB_ID}
+
+before_script:
+  - eval $(ssh-agent -s)
+  - ssh-add <(echo "${SSH_PRIVATE_KEY}")
+
+stages:
+  - prepare
+  - build
+
+# Stage: prepare
+##############################################################################
+
+# Build docker image which is used to build & test VILLASnode
+docker:
+  stage: prepare
+  script:
+    - docker build -t villas/live-image-creator .
+  tags:
+    - shell
+    - linux
+  only:
+    - tags
+    - trigger
+
+# Stage: build
+##############################################################################
+
+iso:
+  stage: build
+  script:
+    - make
+    - make deploy
+  artifacts:
+    name: "${CI_PROJECT_NAME}-${CI_BUILD_REF}-logs"
+    paths:
+      - "*.log"
+      - "anaconda/*.log"
+      - "/tmp/ks-script-*"
+    when: always
+  image: villas/live-image-creator
+  tags:
+    - docker
+  only:
+    - tags
+    - trigger

packaging/live-iso/ChangeLog

@@ -0,0 +1,21 @@
+# ChangeLog
+
+# 0.9.0
+ - Upgrade Fedora 25 to 29
+ - Use new repo location for FEIN e.V. packages
+
+# 0.8.2
+ - Upgrade Fedora 24 to 25
+
+# 0.8.1
+ - Upgrade villas-node to villas-node-0.3
+ - Fix villas repository URL
+
+# 0.8
+ - Add live image and installable support
+ - Add villas-node-0.2
+ - Upgrade to fedora 24
+
+# Prior versions
+Prior version 0.8 the villas ISO was not made with anaconda/kickstart/livemedia-creator, but manually and not versioned, thus no older versions provided.
+

packaging/live-iso/Dockerfile

@@ -0,0 +1,37 @@
+# Dockerfile for creating VILLAS live images
+#
+# @author Steffen Vogel <stvogel@eonerc.rwth-aachen.de>
+# @copyright 2017, Institute for Automation of Complex Power Systems, EONERC
+# @license GNU General Public License (version 3)
+#
+# VILLASnode
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+###################################################################################
+
+FROM fedora:29
+MAINTAINER Steffen Vogel <stvogel@eonerc.rwth-aachen.de>
+
+RUN dnf -y install \
+	git \
+	lorax \
+	lorax-lmc-novirt \
+	lorax-lmc-virt \
+	livecd-tools \
+	openssh-clients
+
+RUN dnf -y install make wget
+
+RUN mkdir -p ~/.ssh
+RUN echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config

packaging/live-iso/Makefile

@@ -0,0 +1,86 @@
+NAME ?= VILLASlive
+RELEASEVER ?= 29
+RELEASEARCH ?= x86_64
+DATE = $(shell date +%Y-%m-%d)
+
+DEPLOY_HOST ?= villas.fein-aachen.org
+DEPLOY_USER ?= acs
+DEPLOY_PATH ?= /var/www/villas/iso/beta/
+
+ifneq ($(CI),)
+	VERSION = $(CI_COMMIT_REF_NAME)
+else
+	VERSION = $(shell git describe --tags)
+endif
+
+BASE =       $(NAME)-$(RELEASEARCH)-$(RELEASEVER)
+IMG =        $(BASE)-$(VERSION:v%=%).img
+ISO =        $(BASE)-$(VERSION:v%=%).iso
+IMG_LATEST = $(BASE)-latest.iso
+ISO_LATEST = $(BASE)-latest.iso
+
+SRCDIR := $(dir $(realpath $(firstword $(MAKEFILE_LIST))))
+BUILDDIR ?= $(SRCDIR)/build
+
+RSYNCOPTS ?= --recursive --ignore-missing-args --copy-links --chown $(DEPLOY_USER):$(DEPLOY_USER)
+
+export BUILDDIR
+
+FILES = $(shell find $(SRCDIR)/files -type f)
+PATCHED_FILES = $(FILES:$(SRCDIR)/files/%=$(BUILDDIR)/patched_files/%)
+
+# Tools
+LMC = livemedia-creator --releasever=$(RELEASEVER) --project=$(NAME) --title=$(NAME)
+
+# Targets
+all: $(BUILDDIR)/$(IMG)
+
+clean:
+	rm -rf $(BUILDDIR)
+
+deploy: $(BUILDDIR)/$(IMG)
+	rsync $(RSYNCOPTS) $(BUILDDIR)/$(IMG) ChangeLog $(DEPLOY_USER}@$(DEPLOY_HOST):$(DEPLOY_PATH)
+	ssh $(DEPLOY_USER)@$(DEPLOY_HOST) ln -s $(DEPLOY_PATH)/$(ISO) $(DEPLOY_PATH)/$(IMG_LATEST)
+
+$(BUILDDIR)/$(IMG): $(BUILDDIR)/img/villas-live.img
+	ln -s $< $@
+
+$(BUILDDIR)/$(ISO): $(BUILDDIR)/iso/villas-live.iso
+	ln -s $< $@
+
+$(BUILDDIR)/iso/%.iso: $(SRCDIR)/%.ks $(PATCHED_FILES)
+	# livemedia-creator requires that the resultdir is not present
+	rm -rf $(dir $@)
+
+	# livemedia-creator uses losetup to mount the image
+	# When used in a Docker container, we must make sure
+	# that there are some usable /dev/loopX devices.
+	./ensure_loop.sh
+
+	$(LMC) --make-iso --iso-only --iso-name=$(notdir $@) --resultdir=$(dir $@) --ks $<
+
+$(BUILDDIR)/img/%.img: $(SRCDIR)/%.ks $(PATCHED_FILES) Fedora-Server-netinst-x86_64-29_Beta-1.5.iso
+	# livemedia-creator requires that the resultdir is not present
+	rm -rf $(dir $@)
+
+	# livemedia-creator uses losetup to mount the image
+	# When used in a Docker container, we must make sure
+	# that there are some usable /dev/loopX devices.
+	./ensure_loop.sh
+
+	$(LMC) --make-disk --resultdir=$(dir $@) --ks $< --iso Fedora-Server-netinst-x86_64-29_Beta-1.5.iso
+
+Fedora-Server-netinst-x86_64-29_Beta-1.5.iso:
+	wget -nv https://download.fedoraproject.org/pub/fedora/linux/releases/test/29_Beta/Server/x86_64/iso/Fedora-Server-netinst-x86_64-29_Beta-1.5.iso
+
+
+$(BUILDDIR)/patched_files/%: $(SRCDIR)/files/%
+	@mkdir -p $(dir $@)
+	sed -e "s/§VERSION§/$(VERSION)/g" \
+	    -e "s/§RELEASEVER§/$(RELEASEVER)/g" \
+	    -e "s/§RELEASEARCH§/$(RELEASEARCH)/g" \
+	    -e "s/§DATE§/$(DATE)/g" < $< > $@
+
+.PHONY: all deploy clean deploy
+
+.PRECIOUS: %

packaging/live-iso/README.md

@@ -0,0 +1,11 @@
+# VILLAS LiveUSB Image
+
+This project builds a real-time optimized Fedora version with anaconda/kickstart including some VILLAS software components.
+
+## Documentation
+
+http://villas.fein-aachen.org/doc/liveusb.html
+
+## Contact
+
+- Steffen Vogel <stvogel@eonerc-rwth-aachen.de>

packaging/live-iso/ensure_loop.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+# Ensure that we have at least two usable loop devices inside our Docker container
+#
+# Source: https://github.com/jpetazzo/dind/issues/19#issuecomment-48859883
+
+ensure_loop(){
+	num="$1"
+	dev="/dev/loop$num"
+	if test -b "$dev"; then
+		echo "$dev is a usable loop device."
+		return 0
+	fi
+
+	echo "Attempting to create $dev for docker ..."
+	if ! mknod -m660 $dev b 7 $num; then
+		echo "Failed to create $dev!" 1>&2
+		return 3
+	fi
+
+	return 0
+}
+
+LOOP_A=$(losetup -f)
+LOOP_A=${LOOP_A#/dev/loop}
+LOOP_B=$(expr $LOOP_A + 1)
+LOOP_C=$(expr $LOOP_A + 2)
+
+ensure_loop $LOOP_A
+ensure_loop $LOOP_B
+ensure_loop $LOOP_C
+
+losetup -la

packaging/live-iso/fedora-kickstarts

@@ -0,0 +1 @@
+Subproject commit 9e89057b4a370c54ef88af4402938ce59216250e

packaging/live-iso/files/etc/hostname

@@ -0,0 +1 @@
+villas-live

packaging/live-iso/files/etc/image-release

@@ -0,0 +1 @@
+§VERSION§

packaging/live-iso/files/etc/issue

@@ -0,0 +1,3 @@
+
+  >>>> Login with user "root" with an empty passwort. <<<<
+

packaging/live-iso/files/etc/motd

@@ -0,0 +1,22 @@
+               __     _____ _     _        _    ____
+               \ \   / /_ _| |   | |      / \  / ___|
+                \ \ / / | || |   | |     / _ \ \___ \
+                 \ V /  | || |___| |___ / ___ \ ___) )
+                  \_/  |___|_____|_____/_/   \_\____/
+
+---------------------------------------------------------------------
+          VILLASframework Live Image §VERSION§ (§DATE§)
+---------------------------------------------------------------------
+
+    Institute for Automation of Complex Power Systems (ACS)
+    EON Energy Research Center (EONERC)
+    RWTH University, Aachen, Germany
+    
+    Steffen Vogel <StVogel@eonerc.rwth-aachen.de>
+    Markus Grigull <MGrigull@eonerc.rwth-aachen.de>
+
+---------------------------------------------------------------------
+      For further instructions, please consult the documentation:
+
+     >>>>  https://villas.fein-aachen.org/doc/liveusb.html  <<<<
+---------------------------------------------------------------------

packaging/live-iso/files/root/.ssh/config

@@ -0,0 +1,3 @@
+Host villas.fein-aachen.prg
+	User remote-admin
+	IdentityFile ~/.ssh/id_rsa_villas-public

packaging/live-iso/files/root/.ssh/id_rsa_villas-public

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEA4v5RJYmox+y5EZtSgO5q8CoLfGer4+RdfRcH2BJ2x568LIEb
+J7fktYuxqHx7iz1n+3H67h2Y2k5CmlrSIMLf4d8Kg18jlf/7p+7BkaNONR9/6h/T
+e3G+Om4tMIl5RN7G3UwCvVLbFOqEde1X/vTvAxV3cia7toTANsA0zIlKmxTztt4j
+n0SJxkKqVRpo5mcSROUEROPO7WouDtC88OPBPPosTACx1zOe4gX2LG9CTRrnShwz
+xHrt/XhdawSkIVFGU8EY4oSruJMI49OuQd3Py6t8J5a1oVatrZZ50n8Iu87cq9TA
+CckyoogcC2WPI69ZcI8o26Kq1Bob1D0gcM3n7wIDAQABAoIBAENt4JUSC304KNG+
+HggGyuWE19ygv0L3N35NNRtOgNJTqPpfb72gtuPnF2NBd0GpgBYFidDqIdnXnZlU
+mU76FJ94LhtQS7XnUM5V8lJc/IJzVQArbBsjcqrQx8O/UrLOqqxaRAYRctsHv0l4
+s8cc41M7MTxLnT9et+qLtiN8NRlT1LbnSWqbG6udV2aQPfnijECVJL7uV9qnDN6w
+Fjm903NiMtuG7uhuSLHCymlDX7L6NDXX+Of24gWBDjb1hnndLqBNQG7LWnQ1YgCo
+9/Nk5SrBLUm85IvAK1TIEeNPgl4ML+8mfbqefL09SDEnfcJuoL98+ZXYyGiaIWnD
+NyDvKKECgYEA+PnSGjeHe/9vSNlapxeW+Ip/f0tuWlJpMZ7f9YRm43N7j1oFCBFy
+beQmBmNF4+tpwV1/pr5mYb9Cf4uZeNN2e/6FYofPHBC5H+CMBlFeRH+JyNZ0A2Lf
+AV3xhm3Z+tj8bojFqVc3IbbF4aX4qXBrBfAnfI7ipkC438mHr0W3gq0CgYEA6WW7
+gNU+NRXDgkEAIZ2SvebFmcAIVAiVDxZMjW98ODBozrvjOaO1FCqyLFOhs+3y6GH1
+MmVx/YlViPo/Y0cS6D4J5CrmQGT/9oEBYCMI7PqFAc8iZzqrwiCTc+amxJhO2o1v
+YtizvOx38HZd0MsJX5JRkToL1g9SleHvqFfERIsCgYEA0hbUEGVNAPfw6rLmCNsh
+/IW5witfaf3iYAmlB+J6g3FeEP+wATffrBT5dShtwD5UleMUpRpDADZIoaGllkwx
+zb1exl69B/ygieKLpYUhm4FXPc6gRH84mEmyVXH6nu5cS9VDnXpHvj4hSiAn7Ko8
+1NzqJPPZEtrIZaYDxYV5rV0CgYEAgPkFlxi/SmhfZD/1CZ5gc23trZuPPpiLfg3N
+ea6sjwQ5NlxfIP/U1XMOiC4iwiHwQ/e1ngau6fKVAJ+AnaStzwZRQvNtzxHA2//H
+uc9CZGm/TBOhKDgkp56GvNotN6AOmvjjH1UuZWyqjodqKjG4WUaqqjzQQ5auBUMX
+wwfU3icCgYEAqG8ZKulCV57d2McC+KzrtlAGMIgSJD0ddoBVrBrB9ICqnVfC2wPP
+TUjoDkuwiyxUuDb97qszsohTBU0jF6v+3w6a+mjAjGnOZy9ApJWjnQlyR8surQpd
+00d8zgdJ5FfUORpoIKZV2oJsjK37LNipu26yV5egOnzZbIoud2aNphg=
+-----END RSA PRIVATE KEY-----

packaging/live-iso/files/root/.ssh/id_rsa_villas-public.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDi/lEliajH7LkRm1KA7mrwKgt8Z6vj5F19FwfYEnbHnrwsgRsnt+S1i7GofHuLPWf7cfruHZjaTkKaWtIgwt/h3wqDXyOV//un7sGRo041H3/qH9N7cb46bi0wiXlE3sbdTAK9UtsU6oR17Vf+9O8DFXdyJru2hMA2wDTMiUqbFPO23iOfRInGQqpVGmjmZxJE5QRE487tai4O0Lzw48E8+ixMALHXM57iBfYsb0JNGudKHDPEeu39eF1rBKQhUUZTwRjihKu4kwjj065B3c/Lq3wnlrWhVq2tlnnSfwi7ztyr1MAJyTKiiBwLZY8jr1lwjyjboqrUGhvUPSBwzefv stv0g@cam.wg.0l.dn42

packaging/live-iso/files/root/.ssh/known_hosts

@@ -0,0 +1 @@
+vpn.fein-aachen.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEeCQWXxvvaeQWDoNbP4GfSIin9vqjt6nui0cp4D22LjB7/XcQQ4qnDZ0DjZ/O7HXbaATds9kW3QEqZe7F1F8Go=

packaging/live-iso/files/usr/local/bin/install-tinc

@@ -0,0 +1,94 @@
+#!/bin/bash
+
+# Usage:  install-tinc ip-address network-name invitation-token
+# Example install-tinc 10.10.12.111 villas 134.130.169.31:12010/Pgm3usgu7X65akq_0oudfas0htjdgaHnbavWTVQ0Nq6M0JkiW3
+#
+# One-liner:
+#
+#  curl -s https://git.rwth-aachen.de/acs/public/villas/Images/raw/master/files/usr/local/bin/install-tinc | bash /dev/stdin 10.10.12.111 villas 134.130.169.31:12010/Pgm3usgu7X65akq_0oudfas0htjdgaHnbavWTVQ0Nq6M0JkiW3
+
+DEFAULT_IP=10.10.12.$((128 + RANDOM % 127))/24
+DEFAULT_NET=villas
+
+IP=${1:-${DEFAULT_IP}}
+NET=${2:-${DEFAULT_NET}}
+INVITATION=$3
+
+# Abort on error
+set -e
+
+# Add /usr/local to path if not present
+if ! echo "${PATH}" | grep -q /usr/local/bin; then
+	cat <<-'EOF' >> /etc/profile.d/local_path.sh
+		# Set our default path
+		PATH="/usr/local/bin:${PATH}"
+		export PATH
+	EOF
+
+	source /etc/profile
+
+	echo "Added /usr/local/bin to PATH"
+fi
+
+if ! command tinc --version > /dev/null; then
+	echo "Tinc is not yet installed. Starting installation"
+
+	source /etc/os-release
+
+	case $ID in
+		debian|ubuntu)
+			apt-get -y install git autoconf automake build-essential libssl-dev zlib1g-dev liblzo2-dev libreadline-dev libncurses-dev libsystemd-dev texinfo
+			;;
+
+		fedora|centos|redhat)
+			dnf -y install git autoconf automake make gcc openssl-devel zlib-devel lzo-devel readline-devel ncurses-devel systemd-devel texinfo
+			;;
+	esac
+
+	mkdir -p /root/build
+	pushd /root/build
+
+	git clone https://github.com/gsliepen/tinc.git
+
+	pushd /root/build/tinc
+
+	git checkout 1.1
+
+	autoreconf
+	automake --add-missing
+
+	./configure --sysconfdir=/etc --localstatedir=/var --with-systemd=/etc/systemd/system
+	make install
+	
+	systemctl daemon-reload
+
+	popd
+	popd
+fi
+
+if [ -n "${NET}" ]; then
+
+	if [ -n "${INVITATION}" ]; then
+		tinc -n ${NET} join ${INVITATION}
+	fi
+
+	if [ -n "${IP}" ]; then
+		cat <<- EOF > /etc/tinc/${NET}/tinc-up
+			#!/bin/bash
+			ip link set dev \$INTERFACE up
+			ip addr add ${IP} dev \$INTERFACE
+		EOF
+
+		# Get the name of this node from the config file
+		NAME=$(sed -n 's/^Name = //p' /etc/tinc/${NET}/tinc.conf)
+
+		cat <<- EOF >> /etc/tinc/${NET}/hosts/${NAME}
+			Subnet = ${IP}
+		EOF
+
+		chmod +x /etc/tinc/${NET}/tinc-up
+	fi
+
+	systemctl enable tinc@${NET}
+	systemctl restart tinc@${NET}
+fi

packaging/live-iso/files/usr/local/bin/remote-admin

@@ -0,0 +1,71 @@
+#!/bin/bash
+
+set -e
+
+SERVER=vpn.fein-aachen.org
+USER=remote-admin
+
+# This is the Tinc internal IP of villas.fein-aachen.org
+BIND_TO=10.10.12.7
+
+PORT=15000
+PORT_MAX=150010
+
+SSH_OPTS="-f -N -o ExitOnForwardFailure=yes -o BatchMode=yes -o ConnectTimeout=5"
+
+# setup SSH reverse tunnel for remote administration
+echo "Starting to establish SSH tunnel"
+
+while ! ssh $SSH_OPTS -R $BIND_TO:$PORT:localhost:22 $USER@$SERVER &>/dev/null; do
+	PID=$!
+	PORT=$(($PORT+1))
+	if (( $PORT > $PORT_MAX )); then
+		echo "Failed to find available port"
+		exit -1;
+	fi
+done
+
+echo "Listening via SSH reverse tunnel at: $SERVER:$PORT with pid: $PID"
+
+# get internet IP
+IP=$(curl -s http://canihazip.com/s)
+
+# get reverse DNS hostname
+HOSTNAME=$(dig +short -x $IP)
+if [ -z "$HOSTNAME" ]; then
+	HOSTNAME=$(hostname)
+fi
+
+MAIL_CONTENTS=$(mktemp)
+
+# send mail with notification about new node
+cat << EOF > $MAIL_CONTENTS
+There's a new host with the VILLASlive Image running:
+
+Image version: $(cat /etc/image-release)
+Reverse SSH tunnel port: $PORT
+Internet IP: $IP
+Hostname: $HOSTNAME
+
+Latency:
+$(ping -qc 5 $SERVER)
+
+Traceroute:
+$(traceroute $SERVER)
+
+Interfaces:
+$(ip addr)
+
+Kernel:
+$(uname -a)
+
+Hardware:
+$(lshw)
+
+EOF
+
+ssh $USER@$SERVER < $MAIL_CONTENTS > /dev/null
+
+rm $MAIL_CONTENTS
+
+echo "Notified admins about new VILLASlive instance."

packaging/live-iso/files/usr/local/bin/tune-realtime

@@ -0,0 +1,19 @@
+#!/bin/bash
+
+ARCH=$(rpm -q --qf "%{arch}\n" glibc)
+RELEASE=$(rpm -q --qf "%{version}\n" fedora-release)
+
+# Install Planet CCRMA repository which includes RT_PREEMPT patched kernels
+rpm -Uvh http://ccrma.stanford.edu/planetccrma/mirror/fedora/linux/planetccrma/${RELEASE}/${ARCH}/planetccrma-repo-1.1-3.fc${RELEASE}.ccrma.noarch.rpm
+
+
+dnf -y --refresh install \
+	tuned-utils \
+	tuned-profiles-realtime
+	kernel-rt \
+	kernel-rt-modules \
+	kernel-rt-modules-extra
+
+echo "isolated_cores=3-7" >> /etc/tuned/realtime-variables.conf
+
+tuned-adm profile realtime

packaging/live-iso/villas-live.ks

@@ -0,0 +1,167 @@
+################################################################################
+# VILLASlive image
+################################################################################
+
+# Configuration
+lang en_US.UTF-8
+keyboard us
+timezone Europe/Berlin
+auth --useshadow --passalgo=sha512
+selinux --disabled
+firewall --disabled
+services --enabled=sshd,NetworkManager,chronyd,sshd,tuned,initial-setup
+network --bootproto=dhcp --device=link --activate
+rootpw --plaintext villas-admin
+shutdown
+
+# make sure that initial-setup runs and lets us do all the configuration bits
+firstboot --reconfig
+
+bootloader --timeout=1
+zerombr
+clearpart --all --initlabel --disklabel=msdos
+part / --size=8192 --fstype ext4
+
+# make sure that initial-setup runs and lets us do all the configuration bits
+firstboot --reconfig
+
+# Add repositories
+repo --name=planet-ccrma --install --baseurl=http://ccrma.stanford.edu/planetccrma/mirror/fedora/linux/planetcore/28/$basearch/
+repo --name=fein --install --baseurl=https://packages.fein-aachen.org/fedora/$releasever/$basearch/
+
+repo --name=fedora --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-$releasever&arch=$basearch
+repo --name=updates --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f$releasever&arch=$basearch
+url --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-$releasever&arch=$basearch
+
+################################################################################
+# Install packages
+%packages
+@core
+@hardware-support
+
+-@dial-up
+-@input-methods
+-@standard
+
+rng-tools
+initial-setup
+glibc-langpack-en
+
+# remove this in %post
+dracut-config-generic
+-dracut-config-rescue
+# install tools needed to manage and boot arm systems
+-uboot-images-armv7
+-initial-setup-gui
+-glibc-all-langpacks
+-trousers
+-gfs2-utils
+-reiserfs-utils
+
+# Intel wireless firmware assumed never of use for disk images
+-iwl*
+-ipw*
+-usb_modeswitch
+-generic-release*
+
+kernel
+kernel-modules
+kernel-modules-extra
+
+kernel-rt
+kernel-rt-modules
+kernel-rt-modules-extra
+
+# Some custom packages
+tuned
+tuned-profiles-realtime
+
+# Tools
+jq
+iproute
+nano
+ntp
+lshw
+traceroute
+bind-utils
+curl
+tar
+openssh-clients
+python-pip
+psmisc
+procps-ng
+tmux
+wget
+gcc
+bash-completion
+
+# For building Tinc-VPN
+readline-devel
+zlib-devel
+openssl-devel
+lzo-devel
+systemd-devel
+
+# VILLASnode
+villas-node
+villas-node-doc
+villas-node-tools
+villas-node-plugins
+
+%end
+
+################################################################################
+# Custom post installer
+%post
+
+# Select tuned profile
+tuned-adm profile realtime
+
+%end
+
+################################################################################
+# Copy all files to ISO and fix permissions
+%post --nochroot
+
+export
+mount
+
+#set -x
+#
+#rsync --ignore-errors --archive --verbose $BUILDDIR/patched_files/ /mnt/sysimage/
+#
+#chmod 600 /mnt/sysimage/root/.ssh/id_rsa*
+#chmod 755 /mnt/sysimage/usr/local/bin/remote-admin
+#chmod 755 /mnt/sysimage/usr/local/bin/install-tinc
+#chmod 755 /mnt/sysimage/usr/local/bin/tune-realtime
+
+%end
+
+
+# From fedora-disk-base
+%post
+
+releasever=$(rpm -q --qf '%{version}\n' fedora-release)
+rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-primary
+echo "Packages within this disk image"
+rpm -qa
+# Note that running rpm recreates the rpm db files which aren't needed or wanted
+rm -f /var/lib/rpm/__db*
+
+# remove random seed, the newly installed instance should make it's own
+rm -f /var/lib/systemd/random-seed
+
+# The enp1s0 interface is a left over from the imagefactory install, clean this up
+rm -f /etc/sysconfig/network-scripts/ifcfg-enp1s0
+
+dnf -y remove dracut-config-generic
+
+# Disable network service here, as doing it in the services line
+# fails due to RHBZ #1369794
+/sbin/chkconfig network off
+
+# Remove machine-id on pre generated images
+rm -f /etc/machine-id
+touch /etc/machine-id
+
+%end