From 15adaba9eaa6a98c8b55bc5c5f73c3a9e0e55e7a Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Fri, 2 Sep 2022 09:06:48 +0200 Subject: moved i486-iso stuff into iso subdir --- README | 8 ---- TODOS | 50 -------------------- autologin.conf | 3 -- iso/README | 8 ++++ iso/TODOS | 50 ++++++++++++++++++++ iso/autologin.conf | 3 ++ iso/isolinux-i486.cfg | 12 +++++ iso/mkarchiso486 | 99 +++++++++++++++++++++++++++++++++++++++ iso/mkinitcpio-i486.conf | 68 +++++++++++++++++++++++++++ iso/motd | 22 +++++++++ iso/resolv.conf | 4 ++ iso/sshd_config | 117 +++++++++++++++++++++++++++++++++++++++++++++++ iso/system-login | 19 ++++++++ isolinux-i486.cfg | 12 ----- mkarchiso486 | 99 --------------------------------------- mkinitcpio-i486.conf | 68 --------------------------- motd | 22 --------- resolv.conf | 4 -- sshd_config | 117 ----------------------------------------------- system-login | 19 -------- 20 files changed, 402 insertions(+), 402 deletions(-) delete mode 100644 README delete mode 100644 TODOS delete mode 100644 autologin.conf create mode 100644 iso/README create mode 100644 iso/TODOS create mode 100644 iso/autologin.conf create mode 100644 iso/isolinux-i486.cfg create mode 100755 iso/mkarchiso486 create mode 100644 iso/mkinitcpio-i486.conf create mode 100644 iso/motd create mode 100644 iso/resolv.conf create mode 100644 iso/sshd_config create mode 100644 iso/system-login delete mode 100644 isolinux-i486.cfg delete mode 100755 mkarchiso486 delete mode 100644 mkinitcpio-i486.conf delete mode 100644 motd delete mode 100644 resolv.conf delete mode 100644 sshd_config delete mode 100644 system-login diff --git a/README b/README deleted file mode 100644 index 4a20899..0000000 --- a/README +++ /dev/null @@ -1,8 +0,0 @@ -Archlinux32 i486 specific stuff -------------------------------- - -* mkarchiso486 deviating quite a lot from the upstream archiso32/archiso way coping - with low memory situations better - - - diff --git a/TODOS b/TODOS deleted file mode 100644 index e2ece4e..0000000 --- a/TODOS +++ /dev/null @@ -1,50 +0,0 @@ -- mount /dev/sr0 fails, missing drivers on eurobuild12, more MODULES in mkinitcpio.conf -- keyboard basically never works in early ramdisk shell -- get below 64MB memory -- install.txt specific to Archlinux32, i486 - - mkfs -O^64bit -- still low memory issues (pinentry croaks about missing signatures on low memory) -- multiple VTs -- 128MB RAM - (109/109) checking package integrity - error: GPGME error: System error w/o errno (libgpg-error, definition) - GPG_ERR_MISSING_ERRNO (gpgme, only in layer hasSystemError) - errno is not set but a system call failed - swap, no difference - adding /tmp on /mnt/tmp - error: GPGME error: System error w/o errno under normal operation - GPGME error: Inappropriate ioctl under strace - => suspecting OOM issues because PGP verification keeps things in memory - for all packages, it fails after package N, before it verifies fine.. -- 96MB, same pgp error -- 80MB, /tmp/mkinitcpio on /tmp in chroot fails with out of disk, KASLR fails -- 64MB RAM, kernel panic, doesn't start at all, kernel panic, System is deadlocked on memory - normal boot works, but not from CDROM? - no poweroff in intalled system (shutdown ramdisk?) - syslinux has a different kernel layout than grub maybe? - live hangs on shutdown for a long time (deactivating swap presures the RAM of the processes - runing on the ramdisk heavily, after minut we get "Reached target Reboot", then finally hangs) -- 52MB, kernel panic, System is deadlocked on memory -- kernel 5.12.10 -- reserve_initrd_mem -- smaller ramdisk - - replace udev with eudev or mdev - - fsck, kmod, etc. - - https://wiki.archlinux.org/title/Mkinitcpio/Minimal_initramfs (falconindy) - - go back to busybox version (for instance mount) -- qxl: [TTM] Out of kernel memory, we should simply blacklist most of modern - stuff (happens on qemu/libvirtd) => use VGA -- with 64MB RAM: sudden freezes of shell and/or kernel -- have a special i486 kernel: - - without zstd modules and ramdisk (zstd is just not behaving nicely on - low-memory systems) - - have default modules compiled in statically for vintage hardware - (at least disk, hdi and network) -- mkinitcpio on 64MB never finishes (thrashing), using gzip works, xz and zstd not -- CDROM image is too big, must fit on an actual CD - - - - - - diff --git a/autologin.conf b/autologin.conf deleted file mode 100644 index d1d8474..0000000 --- a/autologin.conf +++ /dev/null @@ -1,3 +0,0 @@ -[Service] -ExecStart= -ExecStart=-/sbin/agetty --autologin root --noclear %I 38400 linux diff --git a/iso/README b/iso/README new file mode 100644 index 0000000..4a20899 --- /dev/null +++ b/iso/README @@ -0,0 +1,8 @@ +Archlinux32 i486 specific stuff +------------------------------- + +* mkarchiso486 deviating quite a lot from the upstream archiso32/archiso way coping + with low memory situations better + + + diff --git a/iso/TODOS b/iso/TODOS new file mode 100644 index 0000000..e2ece4e --- /dev/null +++ b/iso/TODOS @@ -0,0 +1,50 @@ +- mount /dev/sr0 fails, missing drivers on eurobuild12, more MODULES in mkinitcpio.conf +- keyboard basically never works in early ramdisk shell +- get below 64MB memory +- install.txt specific to Archlinux32, i486 + - mkfs -O^64bit +- still low memory issues (pinentry croaks about missing signatures on low memory) +- multiple VTs +- 128MB RAM + (109/109) checking package integrity + error: GPGME error: System error w/o errno (libgpg-error, definition) + GPG_ERR_MISSING_ERRNO (gpgme, only in layer hasSystemError) + errno is not set but a system call failed + swap, no difference + adding /tmp on /mnt/tmp + error: GPGME error: System error w/o errno under normal operation + GPGME error: Inappropriate ioctl under strace + => suspecting OOM issues because PGP verification keeps things in memory + for all packages, it fails after package N, before it verifies fine.. +- 96MB, same pgp error +- 80MB, /tmp/mkinitcpio on /tmp in chroot fails with out of disk, KASLR fails +- 64MB RAM, kernel panic, doesn't start at all, kernel panic, System is deadlocked on memory + normal boot works, but not from CDROM? + no poweroff in intalled system (shutdown ramdisk?) + syslinux has a different kernel layout than grub maybe? + live hangs on shutdown for a long time (deactivating swap presures the RAM of the processes + runing on the ramdisk heavily, after minut we get "Reached target Reboot", then finally hangs) +- 52MB, kernel panic, System is deadlocked on memory +- kernel 5.12.10 +- reserve_initrd_mem +- smaller ramdisk + - replace udev with eudev or mdev + - fsck, kmod, etc. + - https://wiki.archlinux.org/title/Mkinitcpio/Minimal_initramfs (falconindy) + - go back to busybox version (for instance mount) +- qxl: [TTM] Out of kernel memory, we should simply blacklist most of modern + stuff (happens on qemu/libvirtd) => use VGA +- with 64MB RAM: sudden freezes of shell and/or kernel +- have a special i486 kernel: + - without zstd modules and ramdisk (zstd is just not behaving nicely on + low-memory systems) + - have default modules compiled in statically for vintage hardware + (at least disk, hdi and network) +- mkinitcpio on 64MB never finishes (thrashing), using gzip works, xz and zstd not +- CDROM image is too big, must fit on an actual CD + + + + + + diff --git a/iso/autologin.conf b/iso/autologin.conf new file mode 100644 index 0000000..d1d8474 --- /dev/null +++ b/iso/autologin.conf @@ -0,0 +1,3 @@ +[Service] +ExecStart= +ExecStart=-/sbin/agetty --autologin root --noclear %I 38400 linux diff --git a/iso/isolinux-i486.cfg b/iso/isolinux-i486.cfg new file mode 100644 index 0000000..eaa48de --- /dev/null +++ b/iso/isolinux-i486.cfg @@ -0,0 +1,12 @@ +DEFAULT arch32 + +LABEL arch32 +TEXT HELP +Boot the Arch Linux (i486) live medium. +It allows you to install Arch Linux or perform system maintenance. +ENDTEXT +MENU LABEL Boot Arch Linux (i486) +LINUX /boot/vmlinuz-linux +INITRD /boot/initramfs-linux.img +APPEND root=/dev/sr0 iommu=off + diff --git a/iso/mkarchiso486 b/iso/mkarchiso486 new file mode 100755 index 0000000..1d12302 --- /dev/null +++ b/iso/mkarchiso486 @@ -0,0 +1,99 @@ +#!/bin/sh + +BASE=/root/archi486 +ROOTFS="$BASE/airootfs" +ROOTMNT="$BASE/mnt" + +umount "$ROOTMNT" +rm -rf "$ROOTFS" +rm -f "$BASE/pacman-i486.conf" +rm -f "$BASE/mirrorlist32" + +if test ! -d "$ROOTMNT"; then + mkdir "$ROOTMNT" +fi + +# get and patch mirrorlist for Archlinux32 +if test ! -d "$ROOTFS"; then + mkdir "$ROOTFS" +fi + +if test ! -f "$BASE/mirrorlist32"; then + wget -O "$BASE/mirrorlist32" "https://www.archlinux32.org/mirrorlist/?country=all&protocol=http&protocol=https&ip_version=4&ip_version=6" + sed -i '/https.*mirror.archlinux32.org/s/#Server/Server/' "$BASE/mirrorlist32" +fi + +echo "Patch host pacman.conf for installation of i486 chroot.." +cp /etc/pacman.conf "$BASE/pacman-i486.conf" +sed -i 's/^Architecture.*=.*/Architecture = i486/' "$BASE/pacman-i486.conf" +sed -i "s|/etc/pacman.d/mirrorlist|$BASE/mirrorlist32|" "$BASE/pacman-i486.conf" +sed -i 's|.*ParallelDownloads.*|ParallelDownloads = 1|' "$BASE/pacman-i486.conf" + +pacstrap -C "$BASE/pacman-i486.conf" -G -M "$ROOTFS" base linux + +echo "Cleaning up root filesystem to fit to an ISO.." +rm -rf "$ROOTFS/var/cache/pacman/pkg/"* + +echo "Patching pacman.conf and mirrorlist on the ISO.." +sed -i 's/^Architecture.*=.*/Architecture = i486/' "$ROOTFS/etc/pacman.conf" +sed -i 's/^#\(Server.*=.*https:\/\/.*mirror\.archlinux32.org.*\)/\1/' "$ROOTFS/etc/pacman.d/mirrorlist" +sed -i 's|.*ParallelDownloads.*|ParallelDownloads = 1|' "$ROOTFS/etc/pacman.conf" + +mount --bind "$ROOTFS" "$ROOTMNT" + +echo "Preparing keyring inside chroot.." +linux32 arch-chroot "$ROOTMNT" /bin/bash -c 'pacman-key --init' +linux32 arch-chroot "$ROOTMNT" /bin/bash -c 'pacman-key --populate archlinux' +linux32 arch-chroot "$ROOTMNT" /bin/bash -c 'pacman-key --populate archlinux32' +linux32 arch-chroot "$ROOTMNT" /bin/bash -c 'pacman -Syyu --noconfirm syslinux dhclient dhcpcd pciutils nano joe vi arch-install-scripts openssh' + +echo "Install configuration.." +for i in 1 2 3 4; do + mkdir -p "$ROOTFS"/etc/systemd/system/getty@tty$i.service.d + cp $BASE/autologin.conf "$ROOTFS"/etc/systemd/system/getty@tty$i.service.d/. +done +cp $BASE/resolv.conf "$ROOTFS"/etc/resolv.conf +cp $BASE/sshd_config "$ROOTFS"/etc/ssh/sshd_config +linux32 arch-chroot "$ROOTMNT" /bin/bash -c 'ssh-keygen -b 2048 -t rsa -f etc/ssh/ssh_host_rsa_key -N ""' +linux32 arch-chroot "$ROOTMNT" /bin/bash -c 'ssh-keygen -b 1024 -t dsa -f etc/ssh/ssh_host_dsa_key -N ""' +linux32 arch-chroot "$ROOTMNT" /bin/bash -c 'ssh-keygen -b 521 -t ecdsa -f etc/ssh/ssh_host_ecdsa_key -N ""' +linux32 arch-chroot "$ROOTMNT" /bin/bash -c 'ssh-keygen -b 2048 -t ed25519 -f etc/ssh/ssh_host_ed25519_key -N ""' +chmod 0400 "$ROOTFS"/etc/ssh/ssh_host_*_key +cp $BASE/motd "$ROOTFS"/etc/motd +linux32 arch-chroot "$ROOTMNT" /bin/bash -c 'echo "root:arch" | /usr/bin/chpasswd' +cp $BASE/system-login "$ROOTMNT"/etc/pam.d/system-login + +echo "Installining syslinux (isolinux).." +if test ! -d "$ROOTFS/isolinux"; then + mkdir "$ROOTFS/isolinux" +fi +for file in isolinux.bin ldlinux.c32; do + cp "$ROOTFS"/usr/lib/syslinux/bios/"$file" "$ROOTFS/isolinux" +done +cp "$BASE"/isolinux-i486.cfg "$ROOTFS/isolinux/isolinux.cfg" + +echo "Creating ramdisk for ISO.." +cp "$BASE"/mkinitcpio-i486.conf "$ROOTFS/etc/mkinitcpio.conf" +linux32 arch-chroot "$ROOTMNT" /bin/bash -c 'mkinitcpio -P' + +umount "$ROOTMNT" + +echo "Creating ISO.." +TODAY=`date +'%Y.%m.%d'` +cd "$ROOTFS" +iso_label="ARCH_$(date +%Y%m)" +iso_publisher="Arch Linux " +iso_application="ArchLinux32 i486 Live/Rescue CD" +mkisofs -o "$BASE/archlinux32-$TODAY-i486.iso" \ + -b "isolinux/isolinux.bin" \ + -c "isolinux/boot.cat" \ + -volid "${iso_label}" \ + -appid "${iso_application}" \ + -publisher "${iso_publisher}" \ + -preparer "prepared by mkarchiso" \ + -no-emul-boot -boot-load-size 4 -boot-info-table \ + -R -full-iso9660-filenames -iso-level 3 \ + "." +cd .. + +echo "Done." diff --git a/iso/mkinitcpio-i486.conf b/iso/mkinitcpio-i486.conf new file mode 100644 index 0000000..fb16499 --- /dev/null +++ b/iso/mkinitcpio-i486.conf @@ -0,0 +1,68 @@ +# vim:set ft=sh +# MODULES +# The following modules are loaded before any boot hooks are +# run. Advanced users may wish to specify all system modules +# in this array. For instance: +# MODULES=(piix ide_disk reiserfs) +MODULES=(ata_piix pata_amd ata_generic atkbd hid_generic uhci_hcd ohci_pci usbhid sd_mod sr_mod cdrom isofs) + +# BINARIES +# This setting includes any additional binaries a given user may +# wish into the CPIO image. This is run last, so it may be used to +# override the actual binaries included by a given hook +# BINARIES are dependency parsed, so you may safely ignore libraries +BINARIES=() + +# FILES +# This setting is similar to BINARIES above, however, files are added +# as-is and are not parsed in any way. This is useful for config files. +FILES=() + +# HOOKS +# This is the most important setting in this file. The HOOKS control the +# modules and scripts added to the image, and what happens at boot time. +# Order is important, and it is recommended that you do not change the +# order in which HOOKS are added. Run 'mkinitcpio -H ' for +# help on a given hook. +# 'base' is _required_ unless you know precisely what you are doing. +# 'udev' is _required_ in order to automatically load modules +# 'filesystems' is _required_ unless you specify your fs modules in MODULES +# Examples: +## This setup specifies all modules in the MODULES setting above. +## No raid, lvm2, or encrypted root is needed. +# HOOKS=(base) +# +## This setup will autodetect all modules for your system and should +## work as a sane default +# HOOKS=(base udev autodetect block filesystems) +# +## This setup will generate a 'full' image which supports most systems. +## No autodetection is done. +# HOOKS=(base udev block filesystems) +# +## This setup assembles a pata mdadm array with an encrypted root FS. +## Note: See 'mkinitcpio -H mdadm' for more information on raid devices. +# HOOKS=(base udev block mdadm encrypt filesystems) +# +## This setup loads an lvm2 volume group on a usb device. +# HOOKS=(base udev block lvm2 filesystems) +# +## NOTE: If you have /usr on a separate partition, you MUST include the +# usr, fsck and shutdown hooks. +#HOOKS=(base udev autodetect modconf block filesystems keyboard fsck) +HOOKS=(base keyboard) + +# COMPRESSION +# Use this to compress the initramfs image. By default, zstd compression +# is used. Use 'cat' to create an uncompressed image. +#COMPRESSION="zstd" +#COMPRESSION="gzip" +#COMPRESSION="bzip2" +#COMPRESSION="lzma" +COMPRESSION="xz" +#COMPRESSION="lzop" +#COMPRESSION="lz4" + +# COMPRESSION_OPTIONS +# Additional options for the compressor +#COMPRESSION_OPTIONS=() diff --git a/iso/motd b/iso/motd new file mode 100644 index 0000000..bfb91c1 --- /dev/null +++ b/iso/motd @@ -0,0 +1,22 @@ +Archlinux32, i486 ISO for low-memory systems + +Set 'iommu=off' to regain some memory. + +Create und mount a swap partition and mount a /tmp to +/mnt/tmp as bind mountpoint as very first action before +trying to install something with pacstrap/pacman.. + +With less than 196MB RAM pacman/gpg fails to verify +signatures, create a local /mnt/pacman.conf where you +set 'SigLevel=Never' and specify '-C /mnt/pacman.conf'. + +With less than 96MB RAM mkinitio on tmpfs fails with +out of disk space, use 'TMPDIR=/var/tmp mkinitcpio -P' +inside the chroot to create it. With 64MB RAM use +'gzip' and not 'xz' or 'zstd' as COMPRESSION method. + +Consider disabling tmpfs for /tmp on the installed +system too 'systemctl mask tmp.mount'. + +Remember to compile your own static kernel or create +a stripped-down ramdisk if you have little memory. diff --git a/iso/resolv.conf b/iso/resolv.conf new file mode 100644 index 0000000..6065c0d --- /dev/null +++ b/iso/resolv.conf @@ -0,0 +1,4 @@ +# Resolver configuration file. +# See resolv.conf(5) for details. +nameserver 8.8.8.8 + diff --git a/iso/sshd_config b/iso/sshd_config new file mode 100644 index 0000000..20608bf --- /dev/null +++ b/iso/sshd_config @@ -0,0 +1,117 @@ +# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/bin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options override the +# default value. + +#Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key +#HostKey /etc/ssh/ssh_host_ed25519_key + +# Ciphers and keying +#RekeyLimit default none + +# Logging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +#PermitRootLogin prohibit-password +PermitRootLogin yes +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#PubkeyAuthentication yes + +# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 +# but this is overridden so installations will only check .ssh/authorized_keys +AuthorizedKeysFile .ssh/authorized_keys + +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +#PermitEmptyPasswords no + +# Change to no to disable s/key passwords +ChallengeResponseAuthentication no + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +UsePAM yes + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +#X11Forwarding no +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PermitTTY yes +PrintMotd no # pam does that +#PrintLastLog yes +#TCPKeepAlive yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS no +#PidFile /run/sshd.pid +#MaxStartups 10:30:100 +#PermitTunnel no +#ChrootDirectory none +#VersionAddendum none + +# no default banner path +#Banner none + +# override default of no subsystems +Subsystem sftp /usr/lib/ssh/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# PermitTTY no +# ForceCommand cvs server diff --git a/iso/system-login b/iso/system-login new file mode 100644 index 0000000..35c1897 --- /dev/null +++ b/iso/system-login @@ -0,0 +1,19 @@ +#%PAM-1.0 + +auth required pam_shells.so +auth requisite pam_nologin.so +auth include system-auth + +account required pam_access.so +account required pam_nologin.so +account include system-auth + +password include system-auth + +session optional pam_loginuid.so +session optional pam_keyinit.so force revoke +session include system-auth +session optional pam_motd.so motd=/etc/motd +session optional pam_mail.so dir=/var/spool/mail standard quiet +#-session optional pam_systemd.so +session required pam_env.so user_readenv=1 diff --git a/isolinux-i486.cfg b/isolinux-i486.cfg deleted file mode 100644 index eaa48de..0000000 --- a/isolinux-i486.cfg +++ /dev/null @@ -1,12 +0,0 @@ -DEFAULT arch32 - -LABEL arch32 -TEXT HELP -Boot the Arch Linux (i486) live medium. -It allows you to install Arch Linux or perform system maintenance. -ENDTEXT -MENU LABEL Boot Arch Linux (i486) -LINUX /boot/vmlinuz-linux -INITRD /boot/initramfs-linux.img -APPEND root=/dev/sr0 iommu=off - diff --git a/mkarchiso486 b/mkarchiso486 deleted file mode 100755 index 1d12302..0000000 --- a/mkarchiso486 +++ /dev/null @@ -1,99 +0,0 @@ -#!/bin/sh - -BASE=/root/archi486 -ROOTFS="$BASE/airootfs" -ROOTMNT="$BASE/mnt" - -umount "$ROOTMNT" -rm -rf "$ROOTFS" -rm -f "$BASE/pacman-i486.conf" -rm -f "$BASE/mirrorlist32" - -if test ! -d "$ROOTMNT"; then - mkdir "$ROOTMNT" -fi - -# get and patch mirrorlist for Archlinux32 -if test ! -d "$ROOTFS"; then - mkdir "$ROOTFS" -fi - -if test ! -f "$BASE/mirrorlist32"; then - wget -O "$BASE/mirrorlist32" "https://www.archlinux32.org/mirrorlist/?country=all&protocol=http&protocol=https&ip_version=4&ip_version=6" - sed -i '/https.*mirror.archlinux32.org/s/#Server/Server/' "$BASE/mirrorlist32" -fi - -echo "Patch host pacman.conf for installation of i486 chroot.." -cp /etc/pacman.conf "$BASE/pacman-i486.conf" -sed -i 's/^Architecture.*=.*/Architecture = i486/' "$BASE/pacman-i486.conf" -sed -i "s|/etc/pacman.d/mirrorlist|$BASE/mirrorlist32|" "$BASE/pacman-i486.conf" -sed -i 's|.*ParallelDownloads.*|ParallelDownloads = 1|' "$BASE/pacman-i486.conf" - -pacstrap -C "$BASE/pacman-i486.conf" -G -M "$ROOTFS" base linux - -echo "Cleaning up root filesystem to fit to an ISO.." -rm -rf "$ROOTFS/var/cache/pacman/pkg/"* - -echo "Patching pacman.conf and mirrorlist on the ISO.." -sed -i 's/^Architecture.*=.*/Architecture = i486/' "$ROOTFS/etc/pacman.conf" -sed -i 's/^#\(Server.*=.*https:\/\/.*mirror\.archlinux32.org.*\)/\1/' "$ROOTFS/etc/pacman.d/mirrorlist" -sed -i 's|.*ParallelDownloads.*|ParallelDownloads = 1|' "$ROOTFS/etc/pacman.conf" - -mount --bind "$ROOTFS" "$ROOTMNT" - -echo "Preparing keyring inside chroot.." -linux32 arch-chroot "$ROOTMNT" /bin/bash -c 'pacman-key --init' -linux32 arch-chroot "$ROOTMNT" /bin/bash -c 'pacman-key --populate archlinux' -linux32 arch-chroot "$ROOTMNT" /bin/bash -c 'pacman-key --populate archlinux32' -linux32 arch-chroot "$ROOTMNT" /bin/bash -c 'pacman -Syyu --noconfirm syslinux dhclient dhcpcd pciutils nano joe vi arch-install-scripts openssh' - -echo "Install configuration.." -for i in 1 2 3 4; do - mkdir -p "$ROOTFS"/etc/systemd/system/getty@tty$i.service.d - cp $BASE/autologin.conf "$ROOTFS"/etc/systemd/system/getty@tty$i.service.d/. -done -cp $BASE/resolv.conf "$ROOTFS"/etc/resolv.conf -cp $BASE/sshd_config "$ROOTFS"/etc/ssh/sshd_config -linux32 arch-chroot "$ROOTMNT" /bin/bash -c 'ssh-keygen -b 2048 -t rsa -f etc/ssh/ssh_host_rsa_key -N ""' -linux32 arch-chroot "$ROOTMNT" /bin/bash -c 'ssh-keygen -b 1024 -t dsa -f etc/ssh/ssh_host_dsa_key -N ""' -linux32 arch-chroot "$ROOTMNT" /bin/bash -c 'ssh-keygen -b 521 -t ecdsa -f etc/ssh/ssh_host_ecdsa_key -N ""' -linux32 arch-chroot "$ROOTMNT" /bin/bash -c 'ssh-keygen -b 2048 -t ed25519 -f etc/ssh/ssh_host_ed25519_key -N ""' -chmod 0400 "$ROOTFS"/etc/ssh/ssh_host_*_key -cp $BASE/motd "$ROOTFS"/etc/motd -linux32 arch-chroot "$ROOTMNT" /bin/bash -c 'echo "root:arch" | /usr/bin/chpasswd' -cp $BASE/system-login "$ROOTMNT"/etc/pam.d/system-login - -echo "Installining syslinux (isolinux).." -if test ! -d "$ROOTFS/isolinux"; then - mkdir "$ROOTFS/isolinux" -fi -for file in isolinux.bin ldlinux.c32; do - cp "$ROOTFS"/usr/lib/syslinux/bios/"$file" "$ROOTFS/isolinux" -done -cp "$BASE"/isolinux-i486.cfg "$ROOTFS/isolinux/isolinux.cfg" - -echo "Creating ramdisk for ISO.." -cp "$BASE"/mkinitcpio-i486.conf "$ROOTFS/etc/mkinitcpio.conf" -linux32 arch-chroot "$ROOTMNT" /bin/bash -c 'mkinitcpio -P' - -umount "$ROOTMNT" - -echo "Creating ISO.." -TODAY=`date +'%Y.%m.%d'` -cd "$ROOTFS" -iso_label="ARCH_$(date +%Y%m)" -iso_publisher="Arch Linux " -iso_application="ArchLinux32 i486 Live/Rescue CD" -mkisofs -o "$BASE/archlinux32-$TODAY-i486.iso" \ - -b "isolinux/isolinux.bin" \ - -c "isolinux/boot.cat" \ - -volid "${iso_label}" \ - -appid "${iso_application}" \ - -publisher "${iso_publisher}" \ - -preparer "prepared by mkarchiso" \ - -no-emul-boot -boot-load-size 4 -boot-info-table \ - -R -full-iso9660-filenames -iso-level 3 \ - "." -cd .. - -echo "Done." diff --git a/mkinitcpio-i486.conf b/mkinitcpio-i486.conf deleted file mode 100644 index fb16499..0000000 --- a/mkinitcpio-i486.conf +++ /dev/null @@ -1,68 +0,0 @@ -# vim:set ft=sh -# MODULES -# The following modules are loaded before any boot hooks are -# run. Advanced users may wish to specify all system modules -# in this array. For instance: -# MODULES=(piix ide_disk reiserfs) -MODULES=(ata_piix pata_amd ata_generic atkbd hid_generic uhci_hcd ohci_pci usbhid sd_mod sr_mod cdrom isofs) - -# BINARIES -# This setting includes any additional binaries a given user may -# wish into the CPIO image. This is run last, so it may be used to -# override the actual binaries included by a given hook -# BINARIES are dependency parsed, so you may safely ignore libraries -BINARIES=() - -# FILES -# This setting is similar to BINARIES above, however, files are added -# as-is and are not parsed in any way. This is useful for config files. -FILES=() - -# HOOKS -# This is the most important setting in this file. The HOOKS control the -# modules and scripts added to the image, and what happens at boot time. -# Order is important, and it is recommended that you do not change the -# order in which HOOKS are added. Run 'mkinitcpio -H ' for -# help on a given hook. -# 'base' is _required_ unless you know precisely what you are doing. -# 'udev' is _required_ in order to automatically load modules -# 'filesystems' is _required_ unless you specify your fs modules in MODULES -# Examples: -## This setup specifies all modules in the MODULES setting above. -## No raid, lvm2, or encrypted root is needed. -# HOOKS=(base) -# -## This setup will autodetect all modules for your system and should -## work as a sane default -# HOOKS=(base udev autodetect block filesystems) -# -## This setup will generate a 'full' image which supports most systems. -## No autodetection is done. -# HOOKS=(base udev block filesystems) -# -## This setup assembles a pata mdadm array with an encrypted root FS. -## Note: See 'mkinitcpio -H mdadm' for more information on raid devices. -# HOOKS=(base udev block mdadm encrypt filesystems) -# -## This setup loads an lvm2 volume group on a usb device. -# HOOKS=(base udev block lvm2 filesystems) -# -## NOTE: If you have /usr on a separate partition, you MUST include the -# usr, fsck and shutdown hooks. -#HOOKS=(base udev autodetect modconf block filesystems keyboard fsck) -HOOKS=(base keyboard) - -# COMPRESSION -# Use this to compress the initramfs image. By default, zstd compression -# is used. Use 'cat' to create an uncompressed image. -#COMPRESSION="zstd" -#COMPRESSION="gzip" -#COMPRESSION="bzip2" -#COMPRESSION="lzma" -COMPRESSION="xz" -#COMPRESSION="lzop" -#COMPRESSION="lz4" - -# COMPRESSION_OPTIONS -# Additional options for the compressor -#COMPRESSION_OPTIONS=() diff --git a/motd b/motd deleted file mode 100644 index bfb91c1..0000000 --- a/motd +++ /dev/null @@ -1,22 +0,0 @@ -Archlinux32, i486 ISO for low-memory systems - -Set 'iommu=off' to regain some memory. - -Create und mount a swap partition and mount a /tmp to -/mnt/tmp as bind mountpoint as very first action before -trying to install something with pacstrap/pacman.. - -With less than 196MB RAM pacman/gpg fails to verify -signatures, create a local /mnt/pacman.conf where you -set 'SigLevel=Never' and specify '-C /mnt/pacman.conf'. - -With less than 96MB RAM mkinitio on tmpfs fails with -out of disk space, use 'TMPDIR=/var/tmp mkinitcpio -P' -inside the chroot to create it. With 64MB RAM use -'gzip' and not 'xz' or 'zstd' as COMPRESSION method. - -Consider disabling tmpfs for /tmp on the installed -system too 'systemctl mask tmp.mount'. - -Remember to compile your own static kernel or create -a stripped-down ramdisk if you have little memory. diff --git a/resolv.conf b/resolv.conf deleted file mode 100644 index 6065c0d..0000000 --- a/resolv.conf +++ /dev/null @@ -1,4 +0,0 @@ -# Resolver configuration file. -# See resolv.conf(5) for details. -nameserver 8.8.8.8 - diff --git a/sshd_config b/sshd_config deleted file mode 100644 index 20608bf..0000000 --- a/sshd_config +++ /dev/null @@ -1,117 +0,0 @@ -# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $ - -# This is the sshd server system-wide configuration file. See -# sshd_config(5) for more information. - -# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/bin - -# The strategy used for options in the default sshd_config shipped with -# OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options override the -# default value. - -#Port 22 -#AddressFamily any -#ListenAddress 0.0.0.0 -#ListenAddress :: - -#HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_ecdsa_key -#HostKey /etc/ssh/ssh_host_ed25519_key - -# Ciphers and keying -#RekeyLimit default none - -# Logging -#SyslogFacility AUTH -#LogLevel INFO - -# Authentication: - -#LoginGraceTime 2m -#PermitRootLogin prohibit-password -PermitRootLogin yes -#StrictModes yes -#MaxAuthTries 6 -#MaxSessions 10 - -#PubkeyAuthentication yes - -# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 -# but this is overridden so installations will only check .ssh/authorized_keys -AuthorizedKeysFile .ssh/authorized_keys - -#AuthorizedPrincipalsFile none - -#AuthorizedKeysCommand none -#AuthorizedKeysCommandUser nobody - -# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#HostbasedAuthentication no -# Change to yes if you don't trust ~/.ssh/known_hosts for -# HostbasedAuthentication -#IgnoreUserKnownHosts no -# Don't read the user's ~/.rhosts and ~/.shosts files -#IgnoreRhosts yes - -# To disable tunneled clear text passwords, change to no here! -#PasswordAuthentication yes -#PermitEmptyPasswords no - -# Change to no to disable s/key passwords -ChallengeResponseAuthentication no - -# Kerberos options -#KerberosAuthentication no -#KerberosOrLocalPasswd yes -#KerberosTicketCleanup yes -#KerberosGetAFSToken no - -# GSSAPI options -#GSSAPIAuthentication no -#GSSAPICleanupCredentials yes - -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will -# be allowed through the ChallengeResponseAuthentication and -# PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via ChallengeResponseAuthentication may bypass -# the setting of "PermitRootLogin without-password". -# If you just want the PAM account and session checks to run without -# PAM authentication, then enable this but set PasswordAuthentication -# and ChallengeResponseAuthentication to 'no'. -UsePAM yes - -#AllowAgentForwarding yes -#AllowTcpForwarding yes -#GatewayPorts no -#X11Forwarding no -#X11DisplayOffset 10 -#X11UseLocalhost yes -#PermitTTY yes -PrintMotd no # pam does that -#PrintLastLog yes -#TCPKeepAlive yes -#PermitUserEnvironment no -#Compression delayed -#ClientAliveInterval 0 -#ClientAliveCountMax 3 -#UseDNS no -#PidFile /run/sshd.pid -#MaxStartups 10:30:100 -#PermitTunnel no -#ChrootDirectory none -#VersionAddendum none - -# no default banner path -#Banner none - -# override default of no subsystems -Subsystem sftp /usr/lib/ssh/sftp-server - -# Example of overriding settings on a per-user basis -#Match User anoncvs -# X11Forwarding no -# AllowTcpForwarding no -# PermitTTY no -# ForceCommand cvs server diff --git a/system-login b/system-login deleted file mode 100644 index 35c1897..0000000 --- a/system-login +++ /dev/null @@ -1,19 +0,0 @@ -#%PAM-1.0 - -auth required pam_shells.so -auth requisite pam_nologin.so -auth include system-auth - -account required pam_access.so -account required pam_nologin.so -account include system-auth - -password include system-auth - -session optional pam_loginuid.so -session optional pam_keyinit.so force revoke -session include system-auth -session optional pam_motd.so motd=/etc/motd -session optional pam_mail.so dir=/var/spool/mail standard quiet -#-session optional pam_systemd.so -session required pam_env.so user_readenv=1 -- cgit v1.2.3-54-g00ecf