index : archiso32 | |
Archlinux32 iso tools | gitolite user |
summaryrefslogtreecommitdiff |
diff --git a/configs/releng/airootfs/etc/fstab b/configs/releng/airootfs/etc/fstab deleted file mode 100644 index e69de29..0000000 --- a/configs/releng/airootfs/etc/fstab +++ /dev/null diff --git a/configs/releng/airootfs/etc/machine-id b/configs/releng/airootfs/etc/machine-id deleted file mode 100644 index e69de29..0000000 --- a/configs/releng/airootfs/etc/machine-id +++ /dev/null diff --git a/configs/releng/airootfs/etc/mkinitcpio.conf b/configs/releng/airootfs/etc/mkinitcpio.conf new file mode 100644 index 0000000..f57dbdd --- /dev/null +++ b/configs/releng/airootfs/etc/mkinitcpio.conf @@ -0,0 +1,67 @@ +# vim:set ft=sh +# MODULES +# The following modules are loaded before any boot hooks are +# run. Advanced users may wish to specify all system modules +# in this array. For instance: +# MODULES=(piix ide_disk reiserfs) +MODULES=() + +# BINARIES +# This setting includes any additional binaries a given user may +# wish into the CPIO image. This is run last, so it may be used to +# override the actual binaries included by a given hook +# BINARIES are dependency parsed, so you may safely ignore libraries +BINARIES=() + +# FILES +# This setting is similar to BINARIES above, however, files are added +# as-is and are not parsed in any way. This is useful for config files. +FILES=() + +# HOOKS +# This is the most important setting in this file. The HOOKS control the +# modules and scripts added to the image, and what happens at boot time. +# Order is important, and it is recommended that you do not change the +# order in which HOOKS are added. Run 'mkinitcpio -H <hook name>' for +# help on a given hook. +# 'base' is _required_ unless you know precisely what you are doing. +# 'udev' is _required_ in order to automatically load modules +# 'filesystems' is _required_ unless you specify your fs modules in MODULES +# Examples: +## This setup specifies all modules in the MODULES setting above. +## No raid, lvm2, or encrypted root is needed. +# HOOKS=(base) +# +## This setup will autodetect all modules for your system and should +## work as a sane default +# HOOKS=(base udev autodetect block filesystems) +# +## This setup will generate a 'full' image which supports most systems. +## No autodetection is done. +# HOOKS=(base udev block filesystems) +# +## This setup assembles a pata mdadm array with an encrypted root FS. +## Note: See 'mkinitcpio -H mdadm' for more information on raid devices. +# HOOKS=(base udev block mdadm encrypt filesystems) +# +## This setup loads an lvm2 volume group on a usb device. +# HOOKS=(base udev block lvm2 filesystems) +# +## NOTE: If you have /usr on a separate partition, you MUST include the +# usr, fsck and shutdown hooks. +HOOKS=(base udev modconf memdisk archiso archiso_loop_mnt archiso_pxe_common archiso_pxe_nbd archiso_pxe_http archiso_pxe_nfs archiso_kms block filesystems keyboard) + +# COMPRESSION +# Use this to compress the initramfs image. By default, gzip compression +# is used. Use 'cat' to create an uncompressed image. +#COMPRESSION="gzip" +#COMPRESSION="bzip2" +#COMPRESSION="lzma" +COMPRESSION="xz" +#COMPRESSION="lzop" +#COMPRESSION="lz4" +#COMPRESSION="zstd" + +# COMPRESSION_OPTIONS +# Additional options for the compressor +#COMPRESSION_OPTIONS=() diff --git a/configs/releng/airootfs/etc/mkinitcpio.d/linux.preset b/configs/releng/airootfs/etc/mkinitcpio.d/linux.preset new file mode 100644 index 0000000..9f67184 --- /dev/null +++ b/configs/releng/airootfs/etc/mkinitcpio.d/linux.preset @@ -0,0 +1,8 @@ +# mkinitcpio preset file for the 'linux' package on archiso + +PRESETS=('archiso') + +ALL_kver='/boot/vmlinuz-linux' +ALL_config='/etc/mkinitcpio.conf' + +archiso_image="/boot/initramfs-linux.img" diff --git a/configs/releng/airootfs/etc/motd b/configs/releng/airootfs/etc/motd index 417b050..1ddc9c3 100644 --- a/configs/releng/airootfs/etc/motd +++ b/configs/releng/airootfs/etc/motd @@ -1,8 +1,9 @@ To install [38;2;23;147;209mArch Linux[0m follow the installation guide: -https://wiki.archlinux.org/index.php/Installation_guide +https://wiki.archlinux.org/title/Installation_guide For Wi-Fi, authenticate to the wireless network using the [35miwctl[0m utility. -Ethernet and Wi-Fi connections using DHCP should work automatically. +For mobile broadband (WWAN) modems, connect with the [35mmmcli[0m utility. +Ethernet, WLAN and WWAN interfaces using DHCP should work automatically. After connecting to the internet, the installation guide can be accessed via the convenience script [35mInstallation_guide[0m. diff --git a/configs/releng/airootfs/etc/pacman.d/hooks/40-locale-gen.hook b/configs/releng/airootfs/etc/pacman.d/hooks/40-locale-gen.hook new file mode 100644 index 0000000..82dd199 --- /dev/null +++ b/configs/releng/airootfs/etc/pacman.d/hooks/40-locale-gen.hook @@ -0,0 +1,13 @@ +# remove from airootfs! +[Trigger] +Operation = Install +Type = Package +Target = glibc + +[Action] +Description = Uncommenting en_US.UTF-8 locale and running locale-gen... +When = PostTransaction +Depends = glibc +Depends = sed +Depends = sh +Exec = /bin/sh -c "sed -i 's/#\(en_US\.UTF-8\)/\1/' /etc/locale.gen && locale-gen" diff --git a/configs/releng/airootfs/etc/pacman.d/hooks/uncomment-mirrors.hook b/configs/releng/airootfs/etc/pacman.d/hooks/uncomment-mirrors.hook new file mode 100644 index 0000000..342aa95 --- /dev/null +++ b/configs/releng/airootfs/etc/pacman.d/hooks/uncomment-mirrors.hook @@ -0,0 +1,13 @@ +# remove from airootfs! +[Trigger] +Operation = Install +Operation = Upgrade +Type = Package +Target = pacman-mirrorlist + +[Action] +Description = Uncommenting all mirrors in /etc/pacman.d/mirrorlist... +When = PostTransaction +Depends = pacman-mirrorlist +Depends = sed +Exec = /usr/bin/sed -i "s/#Server/Server/g" /etc/pacman.d/mirrorlist diff --git a/configs/releng/airootfs/etc/pacman.d/hooks/zzzz99-remove-custom-hooks-from-airootfs.hook b/configs/releng/airootfs/etc/pacman.d/hooks/zzzz99-remove-custom-hooks-from-airootfs.hook new file mode 100644 index 0000000..8dfb943 --- /dev/null +++ b/configs/releng/airootfs/etc/pacman.d/hooks/zzzz99-remove-custom-hooks-from-airootfs.hook @@ -0,0 +1,18 @@ +# remove from airootfs! +# As a workaround for https://bugs.archlinux.org/task/49347 , remove pacman hooks specific to the ISO build process. +# If not, they would be used when pacstrap is run in the live environment. + +[Trigger] +Operation = Install +Operation = Upgrade +Operation = Remove +Type = Package +Target = * + +[Action] +Description = Work around FS#49347 by removing custom pacman hooks that are only required during ISO build... +When = PostTransaction +Depends = sh +Depends = coreutils +Depends = grep +Exec = /bin/sh -c "rm -- $(grep -Frl 'remove from airootfs' /etc/pacman.d/hooks/)" diff --git a/configs/releng/airootfs/etc/ssh/sshd_config b/configs/releng/airootfs/etc/ssh/sshd_config new file mode 100644 index 0000000..93f7d63 --- /dev/null +++ b/configs/releng/airootfs/etc/ssh/sshd_config @@ -0,0 +1,116 @@ +# $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/bin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options override the +# default value. + +#Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key +#HostKey /etc/ssh/ssh_host_ed25519_key + +# Ciphers and keying +#RekeyLimit default none + +# Logging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +PermitRootLogin yes +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#PubkeyAuthentication yes + +# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 +# but this is overridden so installations will only check .ssh/authorized_keys +AuthorizedKeysFile .ssh/authorized_keys + +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +#PermitEmptyPasswords no + +# Change to no to disable s/key passwords +#KbdInteractiveAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the KbdInteractiveAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via KbdInteractiveAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and KbdInteractiveAuthentication to 'no'. +UsePAM yes + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +#X11Forwarding no +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PermitTTY yes +PrintMotd no # pam does that +#PrintLastLog yes +#TCPKeepAlive yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS no +#PidFile /run/sshd.pid +#MaxStartups 10:30:100 +#PermitTunnel no +#ChrootDirectory none +#VersionAddendum none + +# no default banner path +#Banner none + +# override default of no subsystems +Subsystem sftp /usr/lib/ssh/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# PermitTTY no +# ForceCommand cvs server diff --git a/configs/releng/airootfs/etc/systemd/network/20-ethernet.network b/configs/releng/airootfs/etc/systemd/network/20-ethernet.network index 37878b0..f2a7d60 100644 --- a/configs/releng/airootfs/etc/systemd/network/20-ethernet.network +++ b/configs/releng/airootfs/etc/systemd/network/20-ethernet.network @@ -6,5 +6,13 @@ Name=eth* DHCP=yes IPv6PrivacyExtensions=yes -[DHCP] -RouteMetric=512 +# systemd-networkd does not set per-interface-type default route metrics +# https://github.com/systemd/systemd/issues/17698 +# Explicitly set route metric, so that Ethernet is preferred over Wi-Fi and Wi-Fi is preferred over mobile broadband. +# Use values from NetworkManager. From nm_device_get_route_metric_default in +# https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/main/src/core/devices/nm-device.c +[DHCPv4] +RouteMetric=100 + +[IPv6AcceptRA] +RouteMetric=100 diff --git a/configs/releng/airootfs/etc/systemd/network/20-wireless.network b/configs/releng/airootfs/etc/systemd/network/20-wireless.network deleted file mode 100644 index e1d624c..0000000 --- a/configs/releng/airootfs/etc/systemd/network/20-wireless.network +++ /dev/null @@ -1,10 +0,0 @@ -[Match] -Name=wlp* -Name=wlan* - -[Network] -DHCP=yes -IPv6PrivacyExtensions=yes - -[DHCP] -RouteMetric=1024 diff --git a/configs/releng/airootfs/etc/systemd/network/20-wlan.network b/configs/releng/airootfs/etc/systemd/network/20-wlan.network new file mode 100644 index 0000000..601d5b8 --- /dev/null +++ b/configs/releng/airootfs/etc/systemd/network/20-wlan.network @@ -0,0 +1,17 @@ +[Match] +Name=wl* + +[Network] +DHCP=yes +IPv6PrivacyExtensions=yes + +# systemd-networkd does not set per-interface-type default route metrics +# https://github.com/systemd/systemd/issues/17698 +# Explicitly set route metric, so that Ethernet is preferred over Wi-Fi and Wi-Fi is preferred over mobile broadband. +# Use values from NetworkManager. From nm_device_get_route_metric_default in +# https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/main/src/core/devices/nm-device.c +[DHCPv4] +RouteMetric=600 + +[IPv6AcceptRA] +RouteMetric=600 diff --git a/configs/releng/airootfs/etc/systemd/network/20-wwan.network b/configs/releng/airootfs/etc/systemd/network/20-wwan.network new file mode 100644 index 0000000..9104c24 --- /dev/null +++ b/configs/releng/airootfs/etc/systemd/network/20-wwan.network @@ -0,0 +1,17 @@ +[Match] +Name=ww* + +[Network] +DHCP=yes +IPv6PrivacyExtensions=yes + +# systemd-networkd does not set per-interface-type default route metrics +# https://github.com/systemd/systemd/issues/17698 +# Explicitly set route metric, so that Ethernet is preferred over Wi-Fi and Wi-Fi is preferred over mobile broadband. +# Use values from NetworkManager. From nm_device_get_route_metric_default in +# https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/main/src/core/devices/nm-device.c +[DHCPv4] +RouteMetric=700 + +[IPv6AcceptRA] +RouteMetric=700 diff --git a/configs/releng/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-config.service b/configs/releng/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-config.service new file mode 120000 index 0000000..ebc50f0 --- /dev/null +++ b/configs/releng/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-config.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/cloud-config.service
\ No newline at end of file diff --git a/configs/releng/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-final.service b/configs/releng/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-final.service new file mode 120000 index 0000000..80fa3c8 --- /dev/null +++ b/configs/releng/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-final.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/cloud-final.service
\ No newline at end of file diff --git a/configs/releng/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-init-local.service b/configs/releng/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-init-local.service new file mode 120000 index 0000000..dd8e9f1 --- /dev/null +++ b/configs/releng/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-init-local.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/cloud-init-local.service
\ No newline at end of file diff --git a/configs/releng/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-init.service b/configs/releng/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-init.service new file mode 120000 index 0000000..24c7a26 --- /dev/null +++ b/configs/releng/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-init.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/cloud-init.service
\ No newline at end of file diff --git a/configs/releng/airootfs/etc/systemd/system/dbus-org.freedesktop.ModemManager1.service b/configs/releng/airootfs/etc/systemd/system/dbus-org.freedesktop.ModemManager1.service new file mode 120000 index 0000000..dcf7c8e --- /dev/null +++ b/configs/releng/airootfs/etc/systemd/system/dbus-org.freedesktop.ModemManager1.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/ModemManager.service
\ No newline at end of file diff --git a/configs/releng/airootfs/etc/systemd/system/default.target b/configs/releng/airootfs/etc/systemd/system/default.target deleted file mode 120000 index d321622..0000000 --- a/configs/releng/airootfs/etc/systemd/system/default.target +++ /dev/null @@ -1 +0,0 @@ -/usr/lib/systemd/system/multi-user.target
\ No newline at end of file diff --git a/configs/releng/airootfs/etc/systemd/system/livecd-alsa-unmuter.service b/configs/releng/airootfs/etc/systemd/system/livecd-alsa-unmuter.service new file mode 100644 index 0000000..03db4b9 --- /dev/null +++ b/configs/releng/airootfs/etc/systemd/system/livecd-alsa-unmuter.service @@ -0,0 +1,13 @@ +[Unit] +Description=Unmute All Sound Card Controls For Use With The Live Arch Environment +# This needs to run after the audio device becomes available. +Wants=systemd-udev-settle.service +After=systemd-udev-settle.service sound.target +ConditionKernelCommandLine=accessibility=on + +[Service] +Type=oneshot +ExecStart=/usr/local/bin/livecd-sound -u + +[Install] +WantedBy=sound.target diff --git a/configs/releng/airootfs/etc/systemd/system/livecd-talk.service b/configs/releng/airootfs/etc/systemd/system/livecd-talk.service new file mode 100644 index 0000000..b38df22 --- /dev/null +++ b/configs/releng/airootfs/etc/systemd/system/livecd-talk.service @@ -0,0 +1,20 @@ +[Unit] +Description=Screen reader service +After=livecd-alsa-unmuter.service +Before=getty@tty1.service +ConditionKernelCommandLine=accessibility=on + +[Service] +Type=oneshot +TTYPath=/dev/tty13 +ExecStartPre=/usr/bin/chvt 13 +ExecStart=/usr/local/bin/livecd-sound -p +ExecStartPost=/usr/bin/chvt 1 +ExecStartPost=systemctl start espeakup.service +StandardInput=tty +TTYVHangup=yes +TTYVTDisallocate=yes +RemainAfterExit=true + +[Install] +WantedBy=multi-user.target diff --git a/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/ModemManager.service b/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/ModemManager.service new file mode 120000 index 0000000..dcf7c8e --- /dev/null +++ b/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/ModemManager.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/ModemManager.service
\ No newline at end of file diff --git a/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/livecd-talk.service b/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/livecd-talk.service new file mode 120000 index 0000000..b917481 --- /dev/null +++ b/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/livecd-talk.service @@ -0,0 +1 @@ +/etc/systemd/system/livecd-talk.service
\ No newline at end of file diff --git a/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/qemu-guest-agent.service b/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/qemu-guest-agent.service new file mode 120000 index 0000000..8e3ff80 --- /dev/null +++ b/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/qemu-guest-agent.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/qemu-guest-agent.service
\ No newline at end of file diff --git a/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/reflector.service b/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/reflector.service index f5071ce..d372729 120000 --- a/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/reflector.service +++ b/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/reflector.service @@ -1 +1 @@ -../reflector.service
\ No newline at end of file +/usr/lib/systemd/system/reflector.service
\ No newline at end of file diff --git a/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/sshd.service b/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/sshd.service new file mode 120000 index 0000000..d21ebd9 --- /dev/null +++ b/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/sshd.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/sshd.service
\ No newline at end of file diff --git a/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/vboxservice.service b/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/vboxservice.service new file mode 120000 index 0000000..cb2d560 --- /dev/null +++ b/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/vboxservice.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/vboxservice.service
\ No newline at end of file diff --git a/configs/releng/airootfs/etc/systemd/system/pacman-init.service b/configs/releng/airootfs/etc/systemd/system/pacman-init.service index 6bc9aa0..77704e4 100644 --- a/configs/releng/airootfs/etc/systemd/system/pacman-init.service +++ b/configs/releng/airootfs/etc/systemd/system/pacman-init.service @@ -1,7 +1,5 @@ [Unit] Description=Initializes Pacman keyring -Wants=haveged.service -After=haveged.service Requires=etc-pacman.d-gnupg.mount After=etc-pacman.d-gnupg.mount diff --git a/configs/releng/airootfs/etc/systemd/system/reflector.service b/configs/releng/airootfs/etc/systemd/system/reflector.service deleted file mode 100644 index f7a88f2..0000000 --- a/configs/releng/airootfs/etc/systemd/system/reflector.service +++ /dev/null @@ -1,41 +0,0 @@ -[Unit] -Description=pacman mirrorlist update -Wants=network-online.target -After=network-online.target nss-lookup.target -ConditionKernelCommandLine=!mirror - -[Service] -Type=oneshot -ExecStart=/usr/bin/reflector --protocol https --age 1 --sort rate --save /etc/pacman.d/mirrorlist -Restart=on-failure -RestartSec=10 -CacheDirectory=reflector -CapabilityBoundingSet=~CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_CHOWN CAP_FSETID CAP_SETFCAP CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_FOWNER CAP_IPC_OWNER CAP_NET_ADMIN CAP_SYS_TIME CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE CAP_KILL CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYS_RESOURCE CAP_MAC_ADMIN CAP_MAC_OVERRIDE CAP_SYS_BOOT CAP_LINUX_IMMUTABLE CAP_IPC_LOCK CAP_SYS_CHROOT CAP_BLOCK_SUSPEND CAP_LEASE CAP_SYS_PACCT CAP_SYS_TTY_CONFIG CAP_WAKE_ALARM -Environment=XDG_CACHE_HOME=/var/cache/reflector -LockPersonality=true -MemoryDenyWriteExecute=true -NoNewPrivileges=true -PrivateDevices=true -PrivateTmp=true -PrivateUsers=true -ProtectClock=true -ProtectControlGroups=true -ProtectHome=true -ProtectHostname=true -ProtectKernelTunables=true -ProtectKernelLogs=true -ProtectKernelModules=true -ProtectSystem=strict -ReadWritePaths=/etc/pacman.d/mirrorlist -RemoveIPC=true -RestrictAddressFamilies=~AF_AX25 AF_IPX AF_APPLETALK AF_X25 AF_DECnet AF_KEY AF_NETLINK AF_PACKET AF_RDS AF_PPPOX AF_LLC AF_IB AF_MPLS AF_CAN AF_TIPC AF_BLUETOOTH AF_ALG AF_VSOCK AF_KCM AF_UNIX AF_XDP -RestrictNamespaces=true -RestrictRealtime=true -RestrictSUIDSGID=true -SystemCallArchitectures=native -SystemCallFilter=@system-service -SystemCallFilter=~@resources @privileged -UMask=177 - -[Install] -WantedBy=multi-user.target diff --git a/configs/releng/airootfs/etc/systemd/system/reflector.service.d/archiso.conf b/configs/releng/airootfs/etc/systemd/system/reflector.service.d/archiso.conf new file mode 100644 index 0000000..de6664d --- /dev/null +++ b/configs/releng/airootfs/etc/systemd/system/reflector.service.d/archiso.conf @@ -0,0 +1,6 @@ +[Unit] +ConditionKernelCommandLine=!mirror + +[Service] +Restart=on-failure +RestartSec=10 diff --git a/configs/releng/airootfs/etc/systemd/system/sound.target.wants/livecd-alsa-unmuter.service b/configs/releng/airootfs/etc/systemd/system/sound.target.wants/livecd-alsa-unmuter.service new file mode 120000 index 0000000..98c0fc8 --- /dev/null +++ b/configs/releng/airootfs/etc/systemd/system/sound.target.wants/livecd-alsa-unmuter.service @@ -0,0 +1 @@ +../livecd-alsa-unmuter.service
\ No newline at end of file diff --git a/configs/releng/airootfs/etc/systemd/system/systemd-networkd-wait-online.service.d/wait-for-only-one-interface.conf b/configs/releng/airootfs/etc/systemd/system/systemd-networkd-wait-online.service.d/wait-for-only-one-interface.conf index c875311..c9f9bce 100644 --- a/configs/releng/airootfs/etc/systemd/system/systemd-networkd-wait-online.service.d/wait-for-only-one-interface.conf +++ b/configs/releng/airootfs/etc/systemd/system/systemd-networkd-wait-online.service.d/wait-for-only-one-interface.conf @@ -1,3 +1,6 @@ +# Allow systemd-networkd-wait-online to succeed with one interface, otherwise, if multiple network interfaces exist, +# network-online.target gets needlessly delayed. +# See https://wiki.archlinux.org/title/systemd-networkd#systemd-networkd-wait-online [Service] ExecStart= ExecStart=/usr/lib/systemd/systemd-networkd-wait-online --any diff --git a/configs/releng/airootfs/etc/xdg/reflector/reflector.conf b/configs/releng/airootfs/etc/xdg/reflector/reflector.conf new file mode 100644 index 0000000..9a72b0d --- /dev/null +++ b/configs/releng/airootfs/etc/xdg/reflector/reflector.conf @@ -0,0 +1,6 @@ +# Reflector configuration file for the systemd service. + +--save /etc/pacman.d/mirrorlist +--protocol https +--latest 20 +--sort rate diff --git a/configs/releng/airootfs/root/.automated_script.sh b/configs/releng/airootfs/root/.automated_script.sh index ed3a924..52c47e6 100755 --- a/configs/releng/airootfs/root/.automated_script.sh +++ b/configs/releng/airootfs/root/.automated_script.sh @@ -16,7 +16,7 @@ automated_script () script="$(script_cmdline)" if [[ -n "${script}" && ! -x /tmp/startup_script ]]; then if [[ "${script}" =~ ^((http|https|ftp)://) ]]; then - curl "${script}" --retry-connrefused -s -o /tmp/startup_script >/dev/null + curl "${script}" --location --retry-connrefused --retry 10 -s -o /tmp/startup_script >/dev/null rt=$? else cp "${script}" /tmp/startup_script diff --git a/configs/releng/airootfs/root/.zlogin b/configs/releng/airootfs/root/.zlogin index f598e43..0fb119d 100644 --- a/configs/releng/airootfs/root/.zlogin +++ b/configs/releng/airootfs/root/.zlogin @@ -1 +1,6 @@ +# fix for screen readers +if grep -Fq 'accessibility=' /proc/cmdline &> /dev/null; then + setopt SINGLE_LINE_ZLE +fi + ~/.automated_script.sh diff --git a/configs/releng/airootfs/root/customize_airootfs.sh b/configs/releng/airootfs/root/customize_airootfs.sh deleted file mode 100755 index 5c98fd6..0000000 --- a/configs/releng/airootfs/root/customize_airootfs.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/usr/bin/env bash - -set -e -u - -sed -i 's/#\(en_US\.UTF-8\)/\1/' /etc/locale.gen -locale-gen - -cp -aT /etc/skel/ /root/ - -sed -i 's/#\(PermitRootLogin \).\+/\1yes/' /etc/ssh/sshd_config -sed -i "s/#Server/Server/g" /etc/pacman.d/mirrorlist diff --git a/configs/releng/airootfs/usr/local/bin/Installation_guide b/configs/releng/airootfs/usr/local/bin/Installation_guide index cd38645..4266754 100755 --- a/configs/releng/airootfs/usr/local/bin/Installation_guide +++ b/configs/releng/airootfs/usr/local/bin/Installation_guide @@ -1,3 +1,5 @@ #!/bin/sh +# +# SPDX-License-Identifier: GPL-3.0-or-later -exec lynx 'https://wiki.archlinux.org/index.php/Installation_guide' +exec lynx 'https://wiki.archlinux.org/title/Installation_guide' diff --git a/configs/releng/airootfs/usr/local/bin/choose-mirror b/configs/releng/airootfs/usr/local/bin/choose-mirror index 0ae0806..b021945 100755 --- a/configs/releng/airootfs/usr/local/bin/choose-mirror +++ b/configs/releng/airootfs/usr/local/bin/choose-mirror @@ -1,4 +1,6 @@ #!/bin/bash +# +# SPDX-License-Identifier: GPL-3.0-or-later get_cmdline() { local param diff --git a/configs/releng/airootfs/usr/local/bin/livecd-sound b/configs/releng/airootfs/usr/local/bin/livecd-sound new file mode 100755 index 0000000..baae0d2 --- /dev/null +++ b/configs/releng/airootfs/usr/local/bin/livecd-sound @@ -0,0 +1,248 @@ +#!/usr/bin/env bash +# +# SPDX-License-Identifier: GPL-3.0-or-later + +usage() { + cat <<- _EOF_ + live cd sound helper script. + Usage: livecdsound [OPTION] + OPTIONS + -u, --unmute unmute all sound cards + -p, --pick select a card for speetch output + -h, --help Show this usage message + +_EOF_ +} + +bugout () { + printf "/usr/local/bin/livecdsound: programming error" + stat_fail +} + +echo_card_indices() +{ + if [ -f /proc/asound/cards ] ; then + sed -n -e's/^[[:space:]]*\([0-7]\)[[:space:]].*/\1/p' /proc/asound/cards + fi +} + +# The following functions try to set many controls. +# No card has all the controls and so some of the attempts are bound to fail. +# Because of this, the functions can't return useful status values. + +# $1 <card id> +# $2 <control> +# $3 <level> +unmute_and_set_level(){ + { [ "$3" ] &&[ "$2" ] && [ "$1" ] ; } || bugout + systemd-cat -t "livecdsound" printf "Setting: %s on card: %s to %s\n" "$2" "$1" "$3" + systemd-cat -t "livecdsound" amixer -c "$1" set "$2" "$3" unmute + return 0 +} + +# $1 <card id> +# $2 <control> +mute_and_zero_level() +{ + { [ "$1" ] && [ "$2" ] ; } || bugout + systemd-cat -t "livecdsound" printf "Muting control: %s on card: %s\n" "$2" "$1" + systemd-cat -t "livecdsound" amixer -c "$1" set "$2" "0%" mute + return 0 +} + +# $1 <card ID> +# $2 <control> +# $3 "on" | "off" +switch_control() +{ + { [ "$3" ] && [ "$1" ] ; } || bugout + systemd-cat -t "livecdsound" printf "Switching control: %s on card: %s to %s\n" "$2" "$1" "$3" + systemd-cat -t "livecdsound" amixer -c "$1" set "$2" "$3" + return 0 +} + +# $1 <card ID> +sanify_levels_on_card() +{ + unmute_and_set_level "$1" "Front" "80%" + unmute_and_set_level "$1" "Master" "80%" + unmute_and_set_level "$1" "Master Mono" "80%" + unmute_and_set_level "$1" "Master Digital" "80%" # E.g., cs4237B + unmute_and_set_level "$1" "Playback" "80%" + unmute_and_set_level "$1" "Headphone" "100%" + unmute_and_set_level "$1" "PCM" "80%" + unmute_and_set_level "$1" "PCM,1" "80%" # E.g., ess1969 + unmute_and_set_level "$1" "DAC" "80%" # E.g., envy24, cs46xx + unmute_and_set_level "$1" "DAC,0" "80%" # E.g., envy24 + unmute_and_set_level "$1" "DAC,1" "80%" # E.g., envy24 + unmute_and_set_level "$1" "Synth" "80%" + unmute_and_set_level "$1" "CD" "80%" + unmute_and_set_level "$1" "PC Speaker" "100%" + + mute_and_zero_level "$1" "Mic" + mute_and_zero_level "$1" "IEC958" # Ubuntu #19648 + + # Intel P4P800-MX + switch_control "$1" "Master Playback Switch" on + switch_control "$1" "Master Surround" on + + # Trident/YMFPCI/emu10k1: + unmute_and_set_level "$1" "Wave" "80%" + unmute_and_set_level "$1" "Music" "80%" + unmute_and_set_level "$1" "AC97" "80%" + + # DRC: + unmute_and_set_level "$1" "Dynamic Range Compression" "80%" + + # Required for HDA Intel (hda-intel): + unmute_and_set_level "$1" "Front" "80%" + + # Required for SB Live 7.1/24-bit (ca0106): + unmute_and_set_level "$1" "Analog Front" "80%" + + # Required at least for Via 823x hardware on DFI K8M800-MLVF Motherboard + switch_control "$1" "IEC958 Capture Monitor" off + + # Required for hardware allowing toggles for AC97 through IEC958, + # valid values are 0, 1, 2, 3. Needs to be set to 0 for PCM1. + unmute_and_set_level "$1" "IEC958 Playback AC97-SPSA" "0" + + # Required for newer Via hardware + unmute_and_set_level "$1" "VIA DXS,0" "80%" + unmute_and_set_level "$1" "VIA DXS,1" "80%" + unmute_and_set_level "$1" "VIA DXS,2" "80%" + unmute_and_set_level "$1" "VIA DXS,3" "80%" + + # Required on some notebooks with ICH4: + switch_control "$1" "Headphone Jack Sense" off + switch_control "$1" "Line Jack Sense" off + + # Some machines need one or more of these to be on; + # others need one or more of these to be off: + + switch_control "$1" "Audigy Analog/Digital Output Jack" on + switch_control "$1" "SB Live Analog/Digital Output Jack" on + + # D1984 -- Thinkpad T61/X61 + switch_control "$1" "Speaker" on + switch_control "$1" "Headphone" on + + # HDA-Intel w/ "Digital" capture mixer (See Ubuntu #193823) + unmute_and_set_level "$1" "Digital" "80%" + + return 0 +} + +# $1 <card ID> | "all" +sanify_levels() +{ + local ttsdml_returnstatus=0 + local card + case "$1" in + all) + for card in $(echo_card_indices) ; do + sanify_levels_on_card "$card" || ttsdml_returnstatus=1 + done + ;; + *) + sanify_levels_on_card "$1" || ttsdml_returnstatus=1 + ;; + esac + return $ttsdml_returnstatus +} + +# List all cards that *should* be usable for PCM audio. In my experience, +# the console speaker (handled by the pcsp driver) isn't a suitable playback +# device, so we'll exclude it. +list_non_pcsp_cards() +{ + for card in $(echo_card_indices); do + local cardfile="/proc/asound/card${card}/id" + if [ -r "$cardfile" ] && [ -f "$cardfile" ] && \ + [ "$(cat "$cardfile")" != pcsp ]; then + echo "$card" + fi + done +} + +# Properly initialize the sound card so that we have audio at boot. +unmute_all_cards() +{ + sanify_levels all +} + +is_numeric() { + local str=$1 + [[ "$str" =~ ^[0-9]+$ ]] +} + +set_default_card() { + local card=$1 + sed -e "s/%card%/$card/g" < /usr/local/share/livecd-sound/asound.conf.in \ + > /etc/asound.conf +} + +play_on_card() { + local card=$1 file=$2 + aplay -q "-Dplughw:$card,0" "$file" +} + +# If there are multiple usable sound cards, prompt the user to choose one, +# using auditory feedback. +pick_a_card() +{ + set -f + usable_cards="$(list_non_pcsp_cards)" + num_usable_cards="$(wc -w <<< "$usable_cards")" + + if [ "$num_usable_cards" -eq 1 ]; then + systemd-cat -t "livecdsound" printf "Only one sound card is detected\n" + exit 0 + fi + systemd-cat -t "livecdsound" printf "multiple sound cards detected\n" + for card in $usable_cards; do + if ! is_numeric "$card"; then + continue + fi + play_on_card "$card" /usr/share/livecd-sounds/pick-a-card.wav& + done + wait + sleep 1 + for card in $usable_cards; do + if ! is_numeric "$card"; then + continue + fi + play_on_card "$card" /usr/share/livecd-sounds/beep.wav + if read -r -t 10; then + systemd-cat -t "livecdsound" printf "Selecting %s sound card as default\n" "$card" + set_default_card "$card" + break + fi +done +} + +if [[ $# -eq 0 ]]; then + echo "error: No argument passed." + exit 1 +fi +while [[ "${1}" != "" ]]; do + case ${1} in + -h|--help) + usage + exit + ;; + -u|--unmute) + systemd-cat -t "livecdsound" printf "Unmuting all cards" + unmute_all_cards + ;; + -p|--pick) + pick_a_card + ;; + *) + echo "error: Unsupported argument" + usage + exit 1 + ;; + esac + shift +done diff --git a/configs/releng/airootfs/usr/local/share/livecd-sound/asound.conf.in b/configs/releng/airootfs/usr/local/share/livecd-sound/asound.conf.in new file mode 100644 index 0000000..3f9c7aa --- /dev/null +++ b/configs/releng/airootfs/usr/local/share/livecd-sound/asound.conf.in @@ -0,0 +1,3 @@ +Defaults node +defaults.ctl.card %card%; +defaults.pcm.card %card%; |