From 658759498941fe6b714790087db75ea29050ddee Mon Sep 17 00:00:00 2001
From: =?utf8?q?Rapha=C3=ABl=20Gertz?= <git@rapsys.eu>
Date: Tue, 21 Jun 2016 09:52:04 +0200
Subject: [PATCH 1/1] Import cooking scripts

---
 .gitignore          |   2 +
 config/boot.conf    |   2 +
 config/data.conf    |   6 +
 config/flavour.conf |   4 +
 config/ihttpd.conf  |   2 +
 config/locale.conf  |   8 ++
 config/mail.conf    |   2 +
 config/network.conf |  18 +++
 config/root.conf    |   2 +
 config/slash.conf   |   6 +
 config/swap.conf    |   4 +
 config/user.conf    |   4 +
 cook                |  26 +++++
 lib/config.sh       |  30 +++++
 lib/export.sh       |   9 ++
 lib/install.sh      | 114 +++++++++++++++++++
 lib/pattern.sh      | 260 ++++++++++++++++++++++++++++++++++++++++++++
 lib/setup.sh        |  38 +++++++
 lib/urpmi.sh        |   6 +
 19 files changed, 543 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 config/boot.conf
 create mode 100644 config/data.conf
 create mode 100644 config/flavour.conf
 create mode 100644 config/ihttpd.conf
 create mode 100644 config/locale.conf
 create mode 100644 config/mail.conf
 create mode 100644 config/network.conf
 create mode 100644 config/root.conf
 create mode 100644 config/slash.conf
 create mode 100644 config/swap.conf
 create mode 100644 config/user.conf
 create mode 100755 cook
 create mode 100644 lib/config.sh
 create mode 100644 lib/export.sh
 create mode 100755 lib/install.sh
 create mode 100755 lib/pattern.sh
 create mode 100755 lib/setup.sh
 create mode 100755 lib/urpmi.sh

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..7ff6441
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+root
+root.config
diff --git a/config/boot.conf b/config/boot.conf
new file mode 100644
index 0000000..9315741
--- /dev/null
+++ b/config/boot.conf
@@ -0,0 +1,2 @@
+# Boot uuid (uuidgen)
+BOOTUUID=`uuidgen`
diff --git a/config/data.conf b/config/data.conf
new file mode 100644
index 0000000..228834f
--- /dev/null
+++ b/config/data.conf
@@ -0,0 +1,6 @@
+# Data luks name
+DATANAME='data'
+# Data uuid (uuidgen)
+DATAUUID=`uuidgen`
+# Luks data uuid (uuidgen)
+LUKSDATAUUID=`uuidgen`
diff --git a/config/flavour.conf b/config/flavour.conf
new file mode 100644
index 0000000..12400b0
--- /dev/null
+++ b/config/flavour.conf
@@ -0,0 +1,4 @@
+# Mageia arch (i586|x86_64)
+ARCH='x86_64'
+# Mageia release (1|2|3|4|5|6|cauldron)
+MGARELEASE='cauldron'
diff --git a/config/ihttpd.conf b/config/ihttpd.conf
new file mode 100644
index 0000000..39e86c8
--- /dev/null
+++ b/config/ihttpd.conf
@@ -0,0 +1,2 @@
+# Ihttpd rpm path
+IHTTPD_RPM=`dirname ihttpd-*.${ARCH}.rpm`/`basename ihttpd-*.${ARCH}.rpm`
diff --git a/config/locale.conf b/config/locale.conf
new file mode 100644
index 0000000..1cb2aa7
--- /dev/null
+++ b/config/locale.conf
@@ -0,0 +1,8 @@
+# Zone info (valid /usr/share/zoneinfo/$ZONE)
+ZONE='Europe/Paris'
+# Keymap
+KEYMAP='fr-latin9'
+# Locale
+LOCALE='fr_FR.UTF-8'
+# Alternative locale
+LOCALE_ALT='fr'
diff --git a/config/mail.conf b/config/mail.conf
new file mode 100644
index 0000000..7831b92
--- /dev/null
+++ b/config/mail.conf
@@ -0,0 +1,2 @@
+# Root email
+MAIL='user@example.com'
diff --git a/config/network.conf b/config/network.conf
new file mode 100644
index 0000000..bdd3cf9
--- /dev/null
+++ b/config/network.conf
@@ -0,0 +1,18 @@
+# Server name
+NETHOSTNAME='host.example.com'
+# Server name alias
+NETALIAS='host'
+# Net configuration (static|dhcp)
+NETCONFIG=static
+# IP v4 address with mask
+NETADDRESS4=`printf '192.168.2.%d/24' $[RANDOM%253+2]`
+# IP v4 gateway
+NETGATEWAY4='192.168.2.1'
+# IP v6 address with mask
+NETADDRESS6=`printf 'fd4b:842b:7f35:f1ba::%x/64' $[RANDOM%65534+2]`
+# IP v6 gateway
+NETGATEWAY6='fd4b:842b:7f35:f1ba::1'
+# DNS
+NETDNS='8.8.8.8 8.8.4.4'
+# MAC address ('42:de:ad:00:be:ef')
+NETMAC=`printf '%02x:%02x:%02x:%02x:%02x:%02x' $[RANDOM%256] $[RANDOM%256] $[RANDOM%256] $[RANDOM%256] $[RANDOM%256] $[RANDOM%256]`
diff --git a/config/root.conf b/config/root.conf
new file mode 100644
index 0000000..37f9260
--- /dev/null
+++ b/config/root.conf
@@ -0,0 +1,2 @@
+# Root password (apg -m 32 -x 32 -a 0 -d -n 1)
+ROOTPASS=`apg -m 32 -x 32 -a 0 -d -n 1`
diff --git a/config/slash.conf b/config/slash.conf
new file mode 100644
index 0000000..10b8f83
--- /dev/null
+++ b/config/slash.conf
@@ -0,0 +1,6 @@
+# Slash luks name
+SLASHNAME='slash'
+# Slash uuid (uuidgen)
+SLASHUUID=`uuidgen`
+# Luks slash uuid (uuidgen)
+LUKSSLASHUUID=`uuidgen`
diff --git a/config/swap.conf b/config/swap.conf
new file mode 100644
index 0000000..d3d00d3
--- /dev/null
+++ b/config/swap.conf
@@ -0,0 +1,4 @@
+# First swap (uuidgen)
+SWAPAUUID=`uuidgen`
+# Second swap (uuidgen)
+SWAPBUUID=`uuidgen`
diff --git a/config/user.conf b/config/user.conf
new file mode 100644
index 0000000..c35d523
--- /dev/null
+++ b/config/user.conf
@@ -0,0 +1,4 @@
+# User login (apg -M L -a 0 -m 8 -x 8 -d -n 1)
+USERLOGIN=`apg -M L -a 0 -m 8 -x 8 -d -n 1`
+# User password (apg -m 32 -x 32 -a 0 -d -n 1)
+USERPASS=`apg -m 32 -x 32 -a 0 -d -n 1`
diff --git a/cook b/cook
new file mode 100755
index 0000000..e501fe2
--- /dev/null
+++ b/cook
@@ -0,0 +1,26 @@
+#! /bin/sh -xe
+
+# Export safe locale
+export LC_ALL=C
+
+# Extract configuration
+echo '#! /bin/sh -e' > lib/config.sh
+cat config/*.conf | perl -pne 'undef $_ if /^#/; s/^/export /' >> lib/config.sh
+
+# Source config
+. lib/config.sh
+
+# Configure urpmi
+#. lib/urpmi.sh
+
+# Install rpm
+. lib/install.sh
+
+# Setup urpmi
+. lib/setup.sh
+
+# Fix various patterns
+. lib/pattern.sh
+
+# Export config
+. lib/export.sh
diff --git a/lib/config.sh b/lib/config.sh
new file mode 100644
index 0000000..68229e3
--- /dev/null
+++ b/lib/config.sh
@@ -0,0 +1,30 @@
+#! /bin/sh -e
+export export BOOTUUID=`uuidgen`
+export export DATANAME='data'
+export export DATAUUID=`uuidgen`
+export export LUKSDATAUUID=`uuidgen`
+export export ARCH='x86_64'
+export export MGARELEASE='cauldron'
+export export IHTTPD_RPM=`dirname ihttpd-*.${ARCH}.rpm`/`basename ihttpd-*.${ARCH}.rpm`
+export export ZONE='Europe/Paris'
+export export KEYMAP='fr-latin9'
+export export LOCALE='fr_FR.UTF-8'
+export export LOCALE_ALT='fr'
+export export MAIL='user@example.com'
+export export NETHOSTNAME='host.example.com'
+export export NETALIAS='host'
+export export NETCONFIG=static
+export export NETADDRESS4=`printf '192.168.2.%d/24' $[RANDOM%253+2]`
+export export NETGATEWAY4='192.168.2.1'
+export export NETADDRESS6=`printf 'fd4b:842b:7f35:f1ba::%x/64' $[RANDOM%65534+2]`
+export export NETGATEWAY6='fd4b:842b:7f35:f1ba::1'
+export export NETDNS='8.8.8.8 8.8.4.4'
+export export NETMAC=`printf '%02x:%02x:%02x:%02x:%02x:%02x' $[RANDOM%256] $[RANDOM%256] $[RANDOM%256] $[RANDOM%256] $[RANDOM%256] $[RANDOM%256]`
+export export ROOTPASS=`apg -m 32 -x 32 -a 0 -d -n 1`
+export export SLASHNAME='slash'
+export export SLASHUUID=`uuidgen`
+export export LUKSSLASHUUID=`uuidgen`
+export export SWAPAUUID=`uuidgen`
+export export SWAPBUUID=`uuidgen`
+export export USERLOGIN=`apg -M L -a 0 -m 8 -x 8 -d -n 1`
+export export USERPASS=`apg -m 32 -x 32 -a 0 -d -n 1`
diff --git a/lib/export.sh b/lib/export.sh
new file mode 100644
index 0000000..b3d6716
--- /dev/null
+++ b/lib/export.sh
@@ -0,0 +1,9 @@
+#! /bin/sh -e
+
+# Clear config
+cat /dev/null > root.config
+
+# Append every config parameters
+for i in `cat config/*.conf | perl -pne 'undef $_ if /^#/; s/=.*$//'`; do
+	eval echo ${i}=\$$i | tee -a root.config
+done
diff --git a/lib/install.sh b/lib/install.sh
new file mode 100755
index 0000000..b945901
--- /dev/null
+++ b/lib/install.sh
@@ -0,0 +1,114 @@
+#! /bin/sh -e
+
+# Failsafe check
+if [ -z "$PWD" -o "$PWD" = "/" ]; then
+	echo "Don't run it from slash moron"
+	exit 1;
+fi
+
+# Check for trashed %_tmppath by ~/.rpmmacros or else
+if [ "$(rpm --eval '%_tmppath')" != "/var/tmp" ]; then
+	echo "Run with a clean %_tmppath rpm macro moron (start me from sudo su -)"
+	exit 1;
+fi
+
+# Check if we have a root directory
+if [ -d "$PWD/root" ]; then
+	read -p 'Confirm root directory destruction (yes/NO): ' confirm
+	if [ "$confirm" = "yes" -o "$confirm" = "YES" ]; then
+		rm -fr "$PWD/root"
+	elif [ ! "$confirm" = "no" -a ! "$confirm" = "NO" ]; then
+		echo "I need a clean directory"
+		exit 1;
+	else
+		read -p "I re-install over existing directory, press a key to continue"
+	fi
+fi
+
+# Make root directory
+mkdir -p "$PWD/root"
+
+# Install base config
+LC_ALL=C urpmi --downloader=wget --no-verify-rpm --no-recommends --noclean --auto --root=$PWD/root filesystem basesystem-minimal rpm urpmi grub kernel-server-latest vim-enhanced wget
+
+# Reinstall lockdev to fix missing lock group on binary
+LC_ALL=C urpmi --downloader=wget --no-verify-rpm --no-recommends --noclean --auto --replacepkgs --replacefiles --root=$PWD/root lockdev
+
+# Install remaining
+LC_ALL=C urpmi --downloader=wget --no-verify-rpm --no-recommends --noclean --auto --root=$PWD/root \
+	acl \
+	acpi \
+	acpid \
+	bash-completion \
+	bind \
+	bind-utils \
+	binutils \
+	btrfs-progs \
+	cronie-anacron \
+	cryptmount \
+	cryptsetup \
+	deltarpm \
+	dhcp-client \
+	dosfstools \
+	gdb \
+	gdisk \
+	mageia-gfxboot-theme \
+	git \
+	git-prompt \
+	git-svn \
+	gnupg \
+	gnupg2 \
+	hdparm \
+	info \
+	kernel-firmware \
+	kernel-firmware-nonfree \
+	lftp \
+	lm_sensors \
+	locales \
+	locales-en \
+	lshw \
+	lsof \
+	luit \
+	lynx \
+	man \
+	man-pages \
+	mdadm \
+	microcode \
+	mirrordir \
+	mlocate \
+	msec \
+	nail \
+	ntfs-3g \
+	openssh-server \
+	openvpn \
+	p7zip \
+	parted \
+	patch \
+	pax \
+	pciutils \
+	postfix \
+	rsnapshot \
+	rsync \
+	sectool \
+	shorewall \
+	shorewall-ipv6 \
+	smartmontools \
+	strace \
+	sudo \
+	traceroute \
+	tree \
+	unzip \
+	whois \
+	xauth \
+	xfsprogs \
+	zip
+
+# Install locale
+if [ ! -z "$LOCALE_ALT" -a "$LOCALE_ALT" != 'en' ]; then
+	LC_ALL=C urpmi --downloader=wget --no-verify-rpm --no-recommends --noclean --auto --root=$PWD/root \
+		locales-${LOCALE_ALT} \
+		man-pages-${LOCALE_ALT}
+fi
+
+# Install ihttpd
+LC_ALL=C urpmi --no-verify-rpm --no-recommends --noclean --auto --root=$PWD/root ${IHTTPD_RPM}
diff --git a/lib/pattern.sh b/lib/pattern.sh
new file mode 100755
index 0000000..a0d0f6a
--- /dev/null
+++ b/lib/pattern.sh
@@ -0,0 +1,260 @@
+#! /bin/sh -e
+
+#Fix bash completion
+perl -pne 's%(?:(COMP_CONFIGURE_HINTS|COMP_TAR_INTERNAL_PATHS)=1?)%${1}=1%' -i "$PWD/root/etc/sysconfig/bash-completion"
+
+#Disable gpg agent
+perl -pne 's%(?:(START_GPGAGENT|START_GPGAGENT_SH)=(?:"?(no|yes)"?)?)%${1}="no"%' -i "$PWD/root/etc/sysconfig/gnupg2"
+
+#Locale config
+cat << EOF > "$PWD/root/etc/vconsole.conf"
+KEYMAP=$KEYMAP
+FONT=lat0-16
+EOF
+cat << EOF > "$PWD/root/etc/locale.conf"
+LANGUAGE=$LOCALE:${LOCALE_ALT}
+LANG=$LOCALE
+EOF
+
+#Setup networking
+cat << EOF > "$PWD/root/etc/sysconfig/network"
+NETWORKING=yes
+AUTOMATIC_IFCFG=no
+EOF
+
+#Setup network
+cat << EOF > "$PWD/root/etc/hostname"
+${NETHOSTNAME}
+EOF
+
+#Setup machine-info
+cat << EOF > "$PWD/root/etc/machine-info"
+CHASSIS=server
+EOF
+
+#Setup hosts
+#XXX: we remove mask from address
+cat << EOF > "$PWD/root/etc/hosts"
+127.0.0.1				localhost
+::1					localhost
+${NETADDRESS4%/*}				${NETHOSTNAME}	${NETALIAS}
+${NETADDRESS6%/*}	${NETHOSTNAME}	${NETALIAS}
+EOF
+
+#Fix named config
+perl -pne 's%listen-on port 53 \{ .+; \};%listen-on port 53 { 127.0.0.1; };%' -i "$PWD/root/etc/named.conf"
+perl -pne 's%listen-on-v6 port 53 \{ .+; \};%listen-on-v6 port 53 { ::1; };%' -i "$PWD/root/etc/named.conf"
+
+#Network
+mkdir -p "$PWD/root/etc/systemd/network"
+if [ ! -z "${NETCONFIG}" -a "${NETCONFIG}" = 'static' ]; then
+	cat << EOF > "$PWD/root/etc/systemd/network/${NETMAC}.network"
+[Match]
+MACAddress=${NETMAC}
+
+[Network]
+DHCP=no
+Address=${NETADDRESS4}
+Address=${NETADDRESS6}
+DNS=${NETDNS}
+
+[Route]
+Destination=${NETGATEWAY4}
+
+[Route]
+Destination=0.0.0.0/0
+Gateway=${NETGATEWAY4}
+
+[Route]
+Destination=${NETGATEWAY6}
+
+[Route]
+Destination=::/0
+Gateway=${NETGATEWAY6}
+EOF
+else
+	cat << EOF > "$PWD/root/etc/systemd/network/${NETMAC}.network"
+[Match]
+MACAddress=${NETMAC}
+
+[Network]
+DHCP=yes
+EOF
+fi
+
+#Fstab
+#XXX: grub-legacy don't support ext4 and xfs V5 file format for /boot
+cat << EOF > "$PWD/root/etc/fstab"
+UUID=${BOOTUUID}	/boot	ext3	defaults,noatime 1 2
+UUID=${SLASHUUID}	/	btrfs	defaults,relatime 1 1
+UUID=${SWAPAUUID}	none	swap	sw 0 0
+UUID=${SWAPBUUID}	none	swap	sw 0 0
+UUID=${DATAUUID}	/media	btrfs	defaults,relatime,nofail 1 2
+proc						/proc	proc	defaults 0 0
+EOF
+
+# Copy grub files
+cp -f $PWD/root/lib/grub/${ARCH}-mageia/{e2fs_stage1_5,stage{1,2}} $PWD/root/boot/grub/
+
+#Crypttab
+cat << EOF > "$PWD/root/etc/crypttab"
+${SLASHNAME}	UUID=${LUKSSLASHUUID}
+${DATANAME}	UUID=${LUKSDATAUUID}	-	nofail,noauto
+EOF
+
+#Set resolv.conf
+ln -fs "/run/systemd/resolve/resolv.conf" "$PWD/root/etc/resolv.conf"
+#Disable LLMNR, enable localhost
+perl -pne 's/^#LLMNR=yes$/LLMNR=no/;s/^#DNS=/DNS=127.0.0.1/' -i "$PWD/root/etc/systemd/resolved.conf"
+
+#Disable resolvconf
+rm -f "$PWD/root/etc/resolvconf/run/enable-updates"
+
+#Mail
+cat << EOF >> "$PWD/root/etc/mdadm.conf"
+MAILADDR ${MAIL}
+EOF
+
+#Password
+echo -n "$ROOTPASS" | chroot $PWD/root passwd root --stdin
+chroot $PWD/root adduser -m "$USERLOGIN"
+echo -n "$USERPASS" | chroot $PWD/root passwd "$USERLOGIN" --stdin
+
+#Grub file
+cat << EOF > $PWD/root/boot/grub/menu.lst
+timeout 5
+color black/cyan yellow/cyan
+gfxmenu (hd0,0)/gfxmenu
+default 0
+
+title linux
+root (hd0,0)
+kernel /vmlinuz-server BOOT_IMAGE=linux root=UUID=$SLASHUUID PROFILE=default splash=verbose vga=793
+initrd /initrd-server.img
+
+title failsafe
+root (hd0,0)
+kernel /vmlinuz-server BOOT_IMAGE=failsafe root=UUID=$SLASHUUID rd.luks.uuid=$LUKSSLASHUUID failsafe
+initrd /initrd-server.img
+EOF
+#Update grub fx menu
+chroot $PWD/root grub-gfxmenu --lang fr --update-theme --update-gfxmenu
+
+#Grub device.map
+cat << EOF > $PWD/root/boot/grub/device.map
+(hd0)	/dev/sda
+EOF
+
+#Shorewall
+cat << EOF >> $PWD/root/etc/shorewall/zones
+net		ipv4
+EOF
+cat << EOF >> $PWD/root/etc/shorewall/policy
+fw	net	ACCEPT
+net	all	DROP	info
+all	all	REJECT	info
+EOF
+cat << EOF >> $PWD/root/etc/shorewall/rules
+INCLUDE	rules.drakx
+EOF
+cat << EOF > $PWD/root/etc/shorewall/rules.drakx
+ACCEPT	net	fw	udp	68,6700:7000	-
+ACCEPT	net	fw	icmp	8	-
+ACCEPT	net	fw	tcp	20,21,22,80,443,6700:7000	-
+EOF
+
+#Shorewall6
+cat << EOF >> $PWD/root/etc/shorewall6/zones
+net		ipv6
+EOF
+cat << EOF >> $PWD/root/etc/shorewall6/policy
+fw	net	ACCEPT
+net	all	DROP	info
+all	all	REJECT	info
+EOF
+cat << EOF >> $PWD/root/etc/shorewall6/rules
+INCLUDE	rules.drakx
+EOF
+cat << EOF > $PWD/root/etc/shorewall6/rules.drakx
+ACCEPT	net	fw	udp	546,6700:7000	-
+ACCEPT	net	fw	icmp	128	-
+ACCEPT	net	fw	tcp	20,21,22,80,443,546,6700:7000	-
+EOF
+
+# Disable old services
+# Strip WantedBy=multi-user.target in [Install] section of lm_sensors.service ?
+for s in lm_sensors network network-auth network-up resolvconf smartd; do
+	if [ -f "$PWD/root/etc/rc.d/init.d/$s" -a -x "$PWD/root/etc/rc.d/init.d/$s" ]; then
+		chroot $PWD/root /usr/lib/systemd/systemd-sysv-install disable $s
+	fi
+	if [ -f "$PWD/root/etc/systemd/system/multi-user.target.wants/${s}.service" ]; then
+		rm -f "$PWD/root/etc/systemd/system/multi-user.target.wants/${s}.service"
+	fi
+done
+
+# Extract last kernel version
+KVER=`chroot $PWD/root rpm -qa | perl -pne '/kernel-server-latest/||undef $_;s%^kernel-(server)-latest-([^-]+)-(.+)$%\2-\1-\3%'`
+#XXX: we do not regenerate initrd here, it will be generated at image build step
+rm -f "$PWD/root/boot/initrd-${KVER}.img"
+
+# Check rc.local state
+if [ -f "$PWD/root/etc/rc.d/rc.local" ]; then
+	echo "$PWD/root/etc/rc.d/rc.local not empty"
+	exit 1
+fi
+
+# First boot startup script
+#XXX: regenerate initrd after first successfull boot to strip from useless modules
+touch "$PWD/root/etc/rc.d/rc.local"
+chmod a+x "$PWD/root/etc/rc.d/rc.local"
+cat << EOF > "$PWD/root/etc/rc.d/rc.local"
+#! /bin/sh
+. /etc/init.d/functions
+case "\$1" in
+	start)
+		gprintf "Disabling lm_sensors.service: "
+		/usr/bin/systemctl disable lm_sensors.service
+		[ \$? -eq 0 ] && success || failure
+		echo
+		gprintf "Stopping lm_sensors.service: "
+		/usr/bin/systemctl stop lm_sensors.service
+		[ \$? -eq 0 ] && success || failure
+		echo
+		gprintf "Generating initrd: "
+		/usr/sbin/mkinitrd -f -v /boot/initrd-${KVER}.img ${KVER}
+		[ \$? -eq 0 ] && success || failure
+		echo
+		rm -f "\$0"
+		exit 0
+		;;
+	*)
+		echo "Usage: \$0 start" >&2
+		exit 3
+		;;
+esac
+EOF
+
+# Fix msec
+chroot "$PWD/root" msec -f webserver
+
+# Fix postfix
+perl -pne "my \$m='${MAIL}'; s%^(root:[\\t\\s]+)postfix\$%\\1\$m%" -i "$PWD/root/etc/postfix/aliases"
+
+# Generate ssh keys
+chroot "$PWD/root" /usr/sbin/sshd-keygen
+
+# Allow root access
+#XXX: forced because msec decides otherwise
+perl -pne 's%^PermitRootLogin .*%PermitRootLogin yes%' -i "$PWD/root/etc/ssh/sshd_config"
+
+# Add rsa key if available
+#XXX: dsa is unsupported anymore
+if [ -e "$HOME/.ssh/id_rsa.pub" ]; then
+	[ ! -d "$PWD/root/root/.ssh" ] && mkdir -m 0700 "$PWD/root/root/.ssh"
+	cp -f "$HOME/.ssh/id_rsa.pub" "$PWD/root/root/.ssh/authorized_keys"
+fi
+
+#TODO ntp /etc/systemd/timesyncd.conf
+
+# Cleanup tmp and run
+rm -fr $PWD/root/tmp/* $PWD/root/run/*
diff --git a/lib/setup.sh b/lib/setup.sh
new file mode 100755
index 0000000..d368dbc
--- /dev/null
+++ b/lib/setup.sh
@@ -0,0 +1,38 @@
+#! /bin/sh -e
+
+#Remove cache
+if [ -f "$PWD/root/var/cache/urpmi/mirrors.cache" ]; then
+	rm -f "$PWD/root/var/cache/urpmi/mirrors.cache"
+fi
+if [ -f "$PWD/root/var/cache/urpmi/.metalink" ]; then
+	rm -f "$PWD/root/var/cache/urpmi/.metalink"
+fi
+
+#Bind mount
+#XXX: umount many time just in case
+umount "$PWD/root/proc" "$PWD/root/sys" || true
+mount --bind /proc "$PWD/root/proc"
+mount --bind /sys "$PWD/root/sys"
+
+#Setup clock
+cat << EOF > "$PWD/root/etc/sysconfig/clock"
+ZONE=$ZONE
+ARC=false
+UTC=true
+EOF
+
+#Fix timezone for urpmi
+if [ -f "$PWD/root/usr/share/zoneinfo/$ZONE" ]; then
+	ln -fs "../usr/share/zoneinfo/$ZONE" "$PWD/root/etc/localtime"
+fi
+
+#Add urpmi ressources
+LC_ALL=C chroot "$PWD/root" urpmi.removemedia -a
+#--all-media
+LC_ALL=C chroot "$PWD/root" urpmi.addmedia --distrib --mirrorlist http://mirrors.mageia.org/api/mageia.$MGARELEASE.$ARCH.list
+
+umount "$PWD/root/proc" "$PWD/root/sys"
+
+#perl -pne 's%(.*testing.*) {\n%\1 {\n  ignore\n%i' -i "$PWD/root/etc/urpmi/urpmi.cfg"
+#perl -pne 'undef $/; s% +{(?:\n +.(?:country|proximity|longitude|arch|version|zone|latitude).[^,]+,){7}\n +.url.[^,]+distrib-coffee[^,]+,(?:\n +.(?:type|proximity_corrected).[^,]+,){2}\n%%' -i "$PWD/root/var/cache/urpmi/mirrors.cache"
+
diff --git a/lib/urpmi.sh b/lib/urpmi.sh
new file mode 100755
index 0000000..5d72d1c
--- /dev/null
+++ b/lib/urpmi.sh
@@ -0,0 +1,6 @@
+#! /bin/sh -e
+urpmi.removemedia -a
+urpmi.addmedia --distrib --all-media --mirrorlist http://mirrors.mageia.org/api/mageia.$MGARELEASE.$ARCH.list
+perl -pne 's%(.*testing.*) {\n%\1 {\n  ignore\n%i' -i /etc/urpmi/urpmi.cfg
+#remove distrib-coffee line from mirrors cache
+#perl -pne 'undef $/; s% +{(?:\n +.(?:country|proximity|longitude|arch|version|zone|latitude).[^,]+,){7}\n +.url.[^,]+distrib-coffee[^,]+,(?:\n +.(?:type|proximity_corrected).[^,]+,){2}\n%%' -i /var/cache/urpmi/mirrors.cache
-- 
2.41.3