metal/bsp-files/kickstarts/pre_common_head.cfg

%pre --erroronfail

# Source common functions
. /tmp/ks-functions.sh

# First, parse /proc/cmdline to find the boot args
set -- `cat /proc/cmdline`
for I in $*; do case "$I" in *=*) eval $I 2>/dev/null;; esac; done

append=
if [ -n "$console" ] ; then
    append="console=$console"
fi

if [ -n "$security_profile" ]; then
    append="$append security_profile=$security_profile"
fi

#### SECURITY PROFILE HANDLING (Pre Installation) ####
if [ -n "$security_profile" ] && [ "$security_profile" == "extended" ]; then
    # IMA specific boot options:
    # Enable Kernel auditing
    append="$append audit=1"
else
    # we need to blacklist the IMA and Integrity Modules
    # on standard security profile
    append="$append module_blacklist=integrity,ima"
    
    # Disable Kernel auditing in Standard Security Profile mode
    append="$append audit=0"
fi

if [ -n "$tboot" ]; then
    append="$append tboot=$tboot"
else
    append="$append tboot=false"
fi

boot_device_arg=
if [ -n "$boot_device" ] ; then
    boot_device_arg="--boot-drive=$(get_by_path $boot_device)"
fi

echo "bootloader --location=mbr $boot_device_arg --timeout=5 --append=\"$append\"" > /tmp/bootloader-include

echo "timezone --nontp --utc UTC" >/tmp/timezone-include
%end

#version=DEVEL
install
lang en_US.UTF-8
keyboard us
%include /tmp/timezone-include
# set to 'x' so we can use shadow password
rootpw  --iscrypted x
selinux --disabled
authconfig --enableshadow --passalgo=sha512
firewall --service=ssh

# The following is the partition information you requested
# Note that any partitions you deleted are not expressed
# here so unless you clear all partitions first, this is
# not guaranteed to work
zerombr

# Disk layout from %pre
%include /tmp/part-include
# Bootloader parms from %pre
%include /tmp/bootloader-include

reboot --eject