Age | Commit message (Collapse) | Author |
|
The only changes we make to the default are to enable root login via a
password.
While `PasswordAuthentication yes` is the default, let's set it
explicitly to avoid potential issues in the future.
|
|
openssh 9.4p1-2 changed /etc/ssh/sshd_config to add support for
drop-in files in /etc/ssh/sshd_config.d/.
Using drop-in files avoids needing to keep up with changes to the
default /etc/ssh/sshd_config.
|
|
Since systemd 245, IPv6PrivacyExtensions can be set not just per
connection, but also globally for all connection with a configuration
file in /etc/systemd/network.conf.d/.
|
|
tmpfs with noswap option
Since tmpfs has a `noswap` option, use it instead of ramfs. Unlike
ramfs, tmpfs has a limit to its size.
This reverts commit 09b0428128700f37bd465eb54c6e45f69c17617d ("configs/releng/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount: use ramfs").
|
|
unused options
Set only the custom values for HOOKS and COMPRESSION.
|
|
This allows to retain a pristine /etc/mkinitcpio.conf in the rootfs.
|
|
Additionally fix a few code style issues found with shfmt.
|
|
|
|
1) wait for network-online.target before invoking curl
as there's no synchronization with network setup for this script
2) don't hide curl errors - it may be easier to debug the issues
3) add log and comments
|
|
Update /etc/ssh/sshd_config to match changes made in
https://github.com/archlinux/svntogit-packages/commit/42aa04744e96c5805b7aa3904636f8cbd781f682
and https://github.com/archlinux/svntogit-packages/commit/7166713c55002dac3c2b306fdc63e89a412083a6
The only modification remains `PermitRootLogin yes`.
|
|
treated as text
This protects against the case where /proc/cmdline contains garbage triggering grep to think it is a binary.
See e.g. https://bugs.archlinux.org/task/76468 for an example.
|
|
archiso_kms hook with kms
The archiso_kms hook was moved from mkinitcpio-archiso to the mkinitcpio project.
See https://github.com/archlinux/mkinitcpio/commit/7bfe4861eacb3bf6cb70d9a17a0262542733a8ed and https://gitlab.archlinux.org/mkinitcpio/mkinitcpio-archiso/-/commit/dec17db5324285118e2faee296cc990ff1281bd8
|
|
qemu-guest-agent.service will be started by the /usr/lib/udev/rules.d/99-qemu-guest-agent.rules udev rule.
Fixes #199
|
|
configs/releng/airootfs/etc/systemd/system/pacman-init.service:
Order pacman-init.service after time-sync.target, so that time on the host is synchronized before initializing pacman.
|
|
configs/releng/airootfs/etc/systemd/system/{dbus-org.freedesktop.timesync1},sysinit.target.wants/systemd-timesyncd}.service:
Enable systemd-timesyncd which aliases to dbus-org.freedesktop.timesync1 to ensure time gets synced on the host.
configs/releng/airootfs/etc/systemd/system/sysinit.target.wants/systemd-time-wait-sync.service:
Enable systemd-time-wait-sync to ensure time is finished syncing when time-sync.target is finished.
|
|
archlinux-keyring-wkd-sync.service needs an initialized pacman keyring to work.
Add BindsTo=etc-pacman.d-gnupg.mount to stop pacman-init.service if the mount unit suddenly enters inactive state.
|
|
The glibc 2.35-6 package ships with the C.UTF-8 locale included.
This means there is now a UTF-8 locale available by default and en_US.UTF-8, which requires editing /etc/locale.gen and running locale-gen, is not needed anymore.
Implements #175.
|
|
* open-vm-tools package, vmtoolsd.service and vmware-vmblock-fuse.service for VMware.
* hyperv package, hv_fcopy_daemon.service, hv_kvp_daemon.service and hv_vss_daemon.service for Hyper-V.
Related to #118.
|
|
support both IPv4 & IPv6
This ensures that IPv6-only systems get working mirrors.
|
|
When using tmpfs, it is possible that parts of it end up getting put in swap space (only if there is one).
This may not be desired, so use ramfs instead.
|
|
People get scared by it. See https://gitlab.archlinux.org/archlinux/archiso/-/merge_requests/239#note_61954.
This reverts commit b5011af3f4ac63214fdecef442550cce5ae4a971, reversing
changes made to 07d8035624cff64e28f1148ddec9e970e26173da.
|
|
* origin/merge-requests/239:
add needed files
See merge request !239
|
|
Fix #167
|
|
this fixes #167
|
|
When booting the ISO, you can observe a message that systemd-gpt-auto-generator has failed:
systemd-gpt-auto-generator[197]: Reading EFI variable /sys/firmware/efi/efivars/LoaderDevicePartUUID-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f.
systemd-gpt-auto-generator[197]: open("/sys/firmware/efi/efivars/LoaderDevicePartUUID-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f") failed: No such file or directory
systemd-gpt-auto-generator[197]: EFI loader partition unknown, exiting.
systemd-gpt-auto-generator[197]: (The boot loader did not set EFI variable LoaderDevicePartUUID.)
systemd-gpt-auto-generator[197]: Failed to open device: No such device
Seeing as it started to appear relatively recently, it may be a systemd bug.
Since we do not want any GPT partition automounting in the live environment anyway, systemd-gpt-auto-generator can simply be disabled.
Fixes #164.
|
|
nf: update ExecStart
Update the drop-in to more closely match getty@.service of systemd 250.
Use example from https://wiki.archlinux.org/title/getty#Virtual_console
|
|
document why an interface name glob is used
This documents the changes made in !177 inside the .network files themselves.
Related to #142.
|
|
The archiso_shutdown hook has been obsolete since mkinitcpio 16.
https://lists.archlinux.org/pipermail/arch-dev-public/2013-December/025742.html
Related to mkinitcpio/mkinitcpio-archiso#8.
|
|
resolved.
The curl --retry-connrefused option is used with not instead of the --retry <num> option to add an extra type of failure to retry on, without --retry <num> it does not retry at all even on a connection refused.
https://man.archlinux.org/man/curl.1.en
|
|
Update /etc/ssh/sshd_config to match upstream changes.
The only modification remains "PermitRootLogin yes".
|
|
configs/releng/*:
Remove the SPDX license identifier comment from the configuration files in the profile, as they are not eligible for
copyright.
|
|
/wait-for-only-one-interface.conf: document why the drop-in file exists
Related to #142.
Add missing `ExecStart=` to baseline's /etc/systemd/system/systemd-networkd-wait-online.service.d/wait-for-only-one-interface.conf.
|
|
[DHCPv6] to [IPv6AcceptRA]
systemd moved the option. See https://github.com/systemd/systemd/commit/8ebafba9f987c21aa5787c8767f2e390b4ec0bc5 .
Implements #123.
Document in comments why the route metrics need to be set (because of https://github.com/systemd/systemd/issues/17698 ) and use the same metric values as NetworkManager. https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/main/src/core/devices/nm-device.c
Additionally remove RouteMetric from configs/baseline/airootfs/etc/systemd/network/20-ethernet.network.
There is only one networkd configuration file in baseline, meaning, there are no other routes.
|
|
Use the new, prettier short URLs.
|
|
interface name instead of matching the type
Type=ether matches virtual Ethernet interfaces (veth*) which may break networking inside containers.
Fixes https://bugs.archlinux.org/task/70892 .
Partially reverts 8a521d0bfaedf16b95c09b4837981c4b567b5118 .
|
|
hardcode the keyrings
If the keyring is not specified, pacman-key will simply use all keyrings from /usr/share/pacman/keyrings/.
Fixes #133.
|
|
* virtualbox-guest-utils-nox package and vboxservice.service for VirtualBox.
* qemu-guest-agent package and qemu-guest-agent.service for QEMU & libvirt.
Implements #118.
|
|
This reverts commit 8b6f3545e348caf16a2ff30d948ff93b4d9a4b89.
|
|
Implements #90
|
|
configs/releng/airootfs/etc/xdg/reflector/reflector.conf:
Reduce the amount mirrors that reflector checks from 70 to 20.
This significantly reduces the time it takes to end up with an up-to-date mirrorlist during boot with the releng
profile.
Fixes #92
|
|
configs/releng/airootfs/root/.automated_script.sh:
Add the `--location` curl parameter (see `man 1 curl`) to allow for curl to retrieve a remote script even if the source
is being redirected (e.g. moved permanently) when using the `script=` kernel commandline parameter.
Fixes #113
|
|
ModemManager's mmcli is the simplest way to connect with WWAN modems.
Mention mmcli in MOTD.
Implements #110.
|
|
Add /etc/systemd/network/20-wwan.network
Related to #110.
|
|
The file is limited to Wi-Fi (Type=wlan in networkd configuration).
|
|
configs/releng/airootfs/etc/systemd/network/20-{ethernet,wireless}.network
* Match the device type instead of the interface name.
* Replace DHCP section with DHCPv4/DHCPv6. systemd split the sections.
|
|
haveged was added 8 years ago[1] to increase entropy and presumably to
prevent entropy starvation.
A few things has changed since, most notable:
* the kernel actively tries to add entropy (jitter entropy)[2][3][4][5]
* /dev/random no longer blocks after CRNG initialization[6][7]
[1] d7e790d ("Initialize pacman keyring on bootup")
[2] https://github.com/torvalds/linux/commit/3f2dc2798b81531fd93a3b9b7c39da47ec689e55
[3] https://github.com/torvalds/linux/commit/50ee7529ec4500c88f8664560770a7a1b65db72b
[4] https://lore.kernel.org/lkml/alpine.DEB.2.21.1909290010500.2636@nanos.tec.linutronix.de/T/
[5] https://lwn.net/Articles/800509/
[6] https://github.com/torvalds/linux/commit/30c08efec8884fb106b8e57094baa51bb4c44e32
[7] https://lwn.net/Articles/808575/
Fix #98
|
|
This finally removes customize_airootfs.sh from releng.
Fixes https://gitlab.archlinux.org/archlinux/archiso/-/issues/21 .
|
|
airootfs after they run
This works around https://bugs.archlinux.org/task/49347 .
Leaving the hooks in the airootfs image will result in it being run when pacstrap is run in the live environment. This should not happen as they are intended for the ISO build process only.
Fixes https://gitlab.archlinux.org/archlinux/archiso/-/issues/91 .
|
|
customize_airootfs.sh to a pacman hook
After pacman-mirrorlist is installed, /etc/pacman.d/hooks/uncomment-mirrors.hook will run a sed command which uncomments all Server lines in /etc/pacman.d/mirrorlist.
This brings us another step closer to the complete removal of customize_airootfs.sh.
Related to https://gitlab.archlinux.org/archlinux/archiso/-/issues/21 .
|
|
|