From a7225d68a573ef7ca3e50d78dda7a7893b3f7b50 Mon Sep 17 00:00:00 2001 From: oddlama Date: Mon, 19 Apr 2021 20:33:47 +0200 Subject: [PATCH] Update readme wording --- README.md | 42 ++++++++----------- .../{main_chroot.sh => dispatch_chroot.sh} | 2 +- scripts/functions.sh | 2 +- 3 files changed, 20 insertions(+), 26 deletions(-) rename scripts/{main_chroot.sh => dispatch_chroot.sh} (86%) diff --git a/README.md b/README.md index 469c08f..9ee03a9 100644 --- a/README.md +++ b/README.md @@ -5,14 +5,14 @@ recommended, but legacy BIOS boot is also supported. The script supports both sy and OpenRC as the init system. The main performed steps are: 1. Partitioning -1. Download & verify stage3 tarball +1. Download & cryptographically verify stage3 tarball 1. Extract stage3 1. Initialize portage 1. Install kernel 1. Install additional software The system will use `sys-kernel/gentoo-kernel-bin`, which should be suitable -to boot most systems out of the box. I strongly recommend you to replace this kernel +to boot most systems out of the box. It is strongly recommend to replace this kernel with a custom built one, when the system is functional. If you are looking for a way to detect and manage your kernel configuration, have a look at [autokernel](https://github.com/oddlama/autokernel). @@ -21,9 +21,9 @@ to detect and manage your kernel configuration, have a look at [autokernel](http Edit `scripts/config.sh` and execute `./install` in any live system. You can review the partitioning that will be applied before anything critical is done. Afterwards, this will apply the partitioning scheme and properly -install the selected stage3 gentoo system. The new system will by default use -`gentoo-kernel-bin` as the kernel, and an initramfs generated by dracut to provide -a bootable environment. The script can optionally install `sshd` and `ansible` to +install the selected stage3 gentoo system. By default, the new system will use +`sys-kernel/gentoo-kernel-bin` as the kernel, and an initramfs generated by gentoo's genkernel to provide +a bootable environment. The script can optionally install `sshd` to allow for a convenient setup of the new system afterwards. ## Overview @@ -47,7 +47,6 @@ Also, optionally the following will be done: * Install sshd with secure config * Install dhcpcd (only for OpenRC) -* Install ansible, create ansible user and add authorized ssh key * Install additional packages provided in config Anything else is probably out of scope for this script, @@ -81,33 +80,28 @@ to install. By default you will get the hardened nomultilib profile without syst ### (Optional) sshd The script can provide a fully configured ssh daemon with reasonably good security settings. -It will by default only allow ed25519 keys, restrict the key exchange -algorithms, disable any password based authentication, and only allow specifically mentioned -users to use ssh service (none by default). +It will by default only allow ed25519 keys, restrict key exchange +algorithms to a reasonable subset, disable any password based authentication, +and only allow root to login. -The script will create a group named `sshusers`, and only users in that group will be -allowed to log in via ssh. If you have added a user for yourself, you might want -to add the user to that group. Be aware that root login is always denied. - -### (Optional) Ansible - -This script can install ansible, create a system user for ansible and add an ssh key of -your choice to the `.authorized_keys` file. This allows you to directly use ansible when -the new system is up to configure the rest of the system. The ansible user will be added to -the sshusers group. +You can provide keys that will be written to root's `.ssh/authorized_keys` file. This will allow +you to directly continue your setup with infrastructure management software such as ansible or [simple_automation](https://github.com/oddlama/simple_automation). ### (Optional) Additional packages -You can enter any amount of additional packages to be installed on the target system. -These will simply be passed to a final `emerge` call before the script is done. -Autounmasking will be done automatically. +You can add any amount of additional packages to be installed on the target system. +These will simply be passed to a final `emerge` call before the script is done, and autounmasking will also be done automatically. +It is recommended to keep this to a minimum, because of the heavily "interactive" nature of gentoo package management ;) ### Troubleshooting +In theory, after the initial sanity check, the script should be able to finish unattendedly. +But given the unpredictability of future gentoo versions, you might still run into an issue. + The script checks every command for success, so if anything fails during installation, you will be given a proper message of what went wrong. Inside the chroot, -most commands will be executed in some kind of try loop, and allow you to -fix problems interactively with a shell, to retry, or to skip the command. +most commands will be executed in a checked loop, and allow you to interactively +fix problems with a shell, to retry, or to skip the command. ## Recommendations diff --git a/scripts/main_chroot.sh b/scripts/dispatch_chroot.sh similarity index 86% rename from scripts/main_chroot.sh rename to scripts/dispatch_chroot.sh index 6549765..3348e4e 100755 --- a/scripts/main_chroot.sh +++ b/scripts/dispatch_chroot.sh @@ -10,7 +10,7 @@ source /etc/profile # Set safe umask umask 0077 -# Export nproc variables +# Export variables (used to determine processor count by some applications) export NPROC="$(nproc || echo 2)" export NPROC_ONE="$((NPROC + 1))" diff --git a/scripts/functions.sh b/scripts/functions.sh index fc097a7..a1572c4 100644 --- a/scripts/functions.sh +++ b/scripts/functions.sh @@ -749,7 +749,7 @@ gentoo_chroot() { EXECUTED_IN_CHROOT=true \ TMP_DIR="$TMP_DIR" \ CACHED_LSBLK_OUTPUT="$CACHED_LSBLK_OUTPUT" \ - exec chroot -- "$ROOT_MOUNTPOINT" "$GENTOO_INSTALL_REPO_DIR/scripts/main_chroot.sh" "$@" \ + exec chroot -- "$ROOT_MOUNTPOINT" "$GENTOO_INSTALL_REPO_DIR/scripts/dispatch_chroot.sh" "$@" \ || die "Failed to chroot into '$ROOT_MOUNTPOINT'" }