From 35deff93b3f0e99d171e8d5d12e5d86b74d97e2b Mon Sep 17 00:00:00 2001 From: Lukas Greve Date: Tue, 9 Dec 2025 22:20:47 +0100 Subject: [PATCH 1/4] tweak the security settings, to allow root login for debuging purposes (i.e. when initial-setup does not work) --- ingredients/core-security-off.cfg | 4 ++-- ingredients/core-security-on.cfg | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ingredients/core-security-off.cfg b/ingredients/core-security-off.cfg index dd56139..91966da 100644 --- a/ingredients/core-security-off.cfg +++ b/ingredients/core-security-off.cfg @@ -1,3 +1,3 @@ -rootpw --lock --iscrypted locked # Lock the root account. Can still be undone by end-user during initial setup -selinux --disabled # Disable SELinux ; other option: --enable +rootpw --plaintext 1234 # Root account is enabled with weak password +selinux --disabled # Disable SELinux firewall --disabled # Disable firewall \ No newline at end of file diff --git a/ingredients/core-security-on.cfg b/ingredients/core-security-on.cfg index 5b5c6e6..64e28a6 100644 --- a/ingredients/core-security-on.cfg +++ b/ingredients/core-security-on.cfg @@ -1,3 +1,3 @@ -rootpw --lock --iscrypted locked # Lock the root account. Can still be undone by end-user during initial setup -selinux --enabled # Enable SELinux ; other option: --disabled +rootpw --lock # No root login from the console +selinux --enabled # Enable SELinux firewall --enabled # Enable firewall \ No newline at end of file From ae4ffdc64d63ad8687dadca4888b6ab778cd3062 Mon Sep 17 00:00:00 2001 From: Lukas Greve Date: Tue, 9 Dec 2025 22:32:40 +0100 Subject: [PATCH 2/4] updated gitignore. Let's not track changes to complete kickstart files. It goes in the way --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index b0ac3ed..abac490 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,3 @@ .aider* +dishes/ +!dishes/ From 1fbe496b6af2a4ce7883f29f04350aa25f0ab092 Mon Sep 17 00:00:00 2001 From: Lukas Greve Date: Tue, 9 Dec 2025 22:33:15 +0100 Subject: [PATCH 3/4] the proper syntax for firstboot enabling --- ingredients/core-initial-setup-desktop.cfg | 2 +- ingredients/core-initial-setup-server.cfg | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ingredients/core-initial-setup-desktop.cfg b/ingredients/core-initial-setup-desktop.cfg index c034853..a1ce0c8 100644 --- a/ingredients/core-initial-setup-desktop.cfg +++ b/ingredients/core-initial-setup-desktop.cfg @@ -1,4 +1,4 @@ -firstboot --reconfig # Initial Setup will start after the first reboot +firstboot --enable --reconfig # Initial Setup will start after the first reboot %packages --exclude-weakdeps # Beginning of the packages section. Do not include weak dependencies. diff --git a/ingredients/core-initial-setup-server.cfg b/ingredients/core-initial-setup-server.cfg index 4d9705b..ce2ffd2 100644 --- a/ingredients/core-initial-setup-server.cfg +++ b/ingredients/core-initial-setup-server.cfg @@ -1,4 +1,4 @@ -firstboot --reconfig # Enable the Setup Agent to start at boot time in reconfiguration mode. This mode enables the language, mouse, keyboard, root password, security level, time zone, and networking configuration options in addition to the default ones +firstboot --enable --reconfig # Enable the Setup Agent to start at boot time in reconfiguration mode. This mode enables the language, mouse, keyboard, root password, security level, time zone, and networking configuration options in addition to the default ones %packages --exclude-weakdeps # Beginning of the packages section. Do not include weak dependencies From b0282600900c32be3b46351436ec660096702f86 Mon Sep 17 00:00:00 2001 From: Lukas Greve Date: Tue, 9 Dec 2025 22:33:51 +0100 Subject: [PATCH 4/4] weak security to enable easier debugging --- dishes/desktop-hypervisor-amdcpu.cfg | 2 +- dishes/desktop-hypervisor-intelcpu-intelgpu.cfg | 2 +- dishes/desktop-hypervisor-intelcpu.cfg | 2 +- dishes/desktop-hypervisor.cfg | 2 +- dishes/desktop.cfg | 2 +- dishes/live-desktop-hypervisor.cfg | 2 +- dishes/live-desktop.cfg | 2 +- dishes/live-server-hypervisor.cfg | 2 +- dishes/live-server.cfg | 2 +- dishes/virtual-desktop-hypervisor.cfg | 2 +- dishes/virtual-desktop.cfg | 2 +- dishes/virtual-server-hypervisor.cfg | 2 +- dishes/virtual-server.cfg | 2 +- 13 files changed, 13 insertions(+), 13 deletions(-) diff --git a/dishes/desktop-hypervisor-amdcpu.cfg b/dishes/desktop-hypervisor-amdcpu.cfg index fe1ca67..7740f9e 100644 --- a/dishes/desktop-hypervisor-amdcpu.cfg +++ b/dishes/desktop-hypervisor-amdcpu.cfg @@ -17,7 +17,7 @@ shutdown repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64 # Root password -rootpw --iscrypted --lock locked +rootpw --plaintext 1234 # SELinux configuration selinux --disabled # System services diff --git a/dishes/desktop-hypervisor-intelcpu-intelgpu.cfg b/dishes/desktop-hypervisor-intelcpu-intelgpu.cfg index 06ed827..1d54db5 100644 --- a/dishes/desktop-hypervisor-intelcpu-intelgpu.cfg +++ b/dishes/desktop-hypervisor-intelcpu-intelgpu.cfg @@ -17,7 +17,7 @@ shutdown repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64 # Root password -rootpw --iscrypted --lock locked +rootpw --plaintext 1234 # SELinux configuration selinux --disabled # System services diff --git a/dishes/desktop-hypervisor-intelcpu.cfg b/dishes/desktop-hypervisor-intelcpu.cfg index d6b9ee7..9e02ecb 100644 --- a/dishes/desktop-hypervisor-intelcpu.cfg +++ b/dishes/desktop-hypervisor-intelcpu.cfg @@ -17,7 +17,7 @@ shutdown repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64 # Root password -rootpw --iscrypted --lock locked +rootpw --plaintext 1234 # SELinux configuration selinux --disabled # System services diff --git a/dishes/desktop-hypervisor.cfg b/dishes/desktop-hypervisor.cfg index b6cacdd..c9b5fa8 100644 --- a/dishes/desktop-hypervisor.cfg +++ b/dishes/desktop-hypervisor.cfg @@ -17,7 +17,7 @@ shutdown repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64 # Root password -rootpw --iscrypted --lock locked +rootpw --plaintext 1234 # SELinux configuration selinux --disabled # System services diff --git a/dishes/desktop.cfg b/dishes/desktop.cfg index 88c7b59..46bfe13 100644 --- a/dishes/desktop.cfg +++ b/dishes/desktop.cfg @@ -17,7 +17,7 @@ shutdown repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64 # Root password -rootpw --iscrypted --lock locked +rootpw --plaintext 1234 # SELinux configuration selinux --disabled # System services diff --git a/dishes/live-desktop-hypervisor.cfg b/dishes/live-desktop-hypervisor.cfg index 12c06ed..bd13b42 100644 --- a/dishes/live-desktop-hypervisor.cfg +++ b/dishes/live-desktop-hypervisor.cfg @@ -15,7 +15,7 @@ shutdown repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64 # Root password -rootpw --iscrypted --lock locked +rootpw --plaintext 1234 # SELinux configuration selinux --disabled # System services diff --git a/dishes/live-desktop.cfg b/dishes/live-desktop.cfg index 9d5f66e..a106d8e 100644 --- a/dishes/live-desktop.cfg +++ b/dishes/live-desktop.cfg @@ -15,7 +15,7 @@ shutdown repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64 # Root password -rootpw --iscrypted --lock locked +rootpw --plaintext 1234 # SELinux configuration selinux --disabled # System services diff --git a/dishes/live-server-hypervisor.cfg b/dishes/live-server-hypervisor.cfg index 26ddb00..686887e 100644 --- a/dishes/live-server-hypervisor.cfg +++ b/dishes/live-server-hypervisor.cfg @@ -15,7 +15,7 @@ shutdown repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64 # Root password -rootpw --iscrypted --lock locked +rootpw --plaintext 1234 # SELinux configuration selinux --disabled # System services diff --git a/dishes/live-server.cfg b/dishes/live-server.cfg index 450a28f..443d499 100644 --- a/dishes/live-server.cfg +++ b/dishes/live-server.cfg @@ -15,7 +15,7 @@ shutdown repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64 # Root password -rootpw --iscrypted --lock locked +rootpw --plaintext 1234 # SELinux configuration selinux --disabled # System services diff --git a/dishes/virtual-desktop-hypervisor.cfg b/dishes/virtual-desktop-hypervisor.cfg index 48691a3..fa481f6 100644 --- a/dishes/virtual-desktop-hypervisor.cfg +++ b/dishes/virtual-desktop-hypervisor.cfg @@ -17,7 +17,7 @@ shutdown repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64 # Root password -rootpw --iscrypted --lock locked +rootpw --plaintext 1234 # SELinux configuration selinux --disabled # System services diff --git a/dishes/virtual-desktop.cfg b/dishes/virtual-desktop.cfg index 12a57db..23b29c8 100644 --- a/dishes/virtual-desktop.cfg +++ b/dishes/virtual-desktop.cfg @@ -17,7 +17,7 @@ shutdown repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64 # Root password -rootpw --iscrypted --lock locked +rootpw --plaintext 1234 # SELinux configuration selinux --disabled # System services diff --git a/dishes/virtual-server-hypervisor.cfg b/dishes/virtual-server-hypervisor.cfg index da401f8..b915f15 100644 --- a/dishes/virtual-server-hypervisor.cfg +++ b/dishes/virtual-server-hypervisor.cfg @@ -17,7 +17,7 @@ shutdown repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64 # Root password -rootpw --iscrypted --lock locked +rootpw --plaintext 1234 # SELinux configuration selinux --disabled # System services diff --git a/dishes/virtual-server.cfg b/dishes/virtual-server.cfg index 2c9fc56..3bfa4a5 100644 --- a/dishes/virtual-server.cfg +++ b/dishes/virtual-server.cfg @@ -17,7 +17,7 @@ shutdown repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64 # Root password -rootpw --iscrypted --lock locked +rootpw --plaintext 1234 # SELinux configuration selinux --disabled # System services