Age | Commit message (Collapse) | Author |
|
* bootstrap will use .tar.zst with `zstd -c -T0 --long -19`,
* releng will retain .tar.gz with `gzip -cn9` for now.
This will later be changed as part of https://gitlab.archlinux.org/archlinux/archiso/-/issues/130.
|
|
Starting with kernel 6.7, the releng ISO exceeds 900 MiB which is the
maximum size of a CD.
Adjust the description to say "DVD" instead.
Closes https://gitlab.archlinux.org/archlinux/archiso/-/issues/144
|
|
Currently the ldns package is pulled in as a dependency of openssh, but
that dependency may be gone in the future.
See https://gitlab.archlinux.org/archlinux/packaging/packages/openssh/-/issues/2
Explicitly include ldns to ensure the live environment will continue to
have `drill`.
|
|
By default systemd-networkd-wait-online.service considers a network
connection to be "online" when it has reached the "degraded" state
(see networkctl(1) for the definitions).
Since "degraded" does not ensure there's a routable address, let's
change the connection's requirement to "routable" instead.
This gives a better chance that the network really is online when
network-online.target is reached.
|
|
|
|
|
|
See https://www.supergrubdisk.org/wiki/Loopback.cfg for details.
Only `${iso_path}` is guaranteed, so we need to search for the volume,
on which the ISO file resides, ourselves.
Implements https://gitlab.archlinux.org/archlinux/archiso/-/issues/165
|
|
Construct a human readable platform identifier from GRUB's built-in
variables and use it in menu item descriptions.
Only add the menu entries for the additional tools (UEFI shell,
Memtest86+) if the files exist.
Modify baseline's `grub.cfg` to closer match releng.
|
|
Move the `play` command to the end of the file so it plays after the
menu entries are shown and ready.
|
|
* Do not manually load modules that will get loaded by invoking a command.
* Explicitly load serial modules.
* Move `insmod all_video` after the font is loaded.
|
|
bolt can be used to list and authorize Thunderbolt and USB4 devices.
Inspired by https://bbs.archlinux.org/viewtopic.php?id=288731 where a
user needed to install the package in the live environment.
|
|
As opgpcard uses pcsclite and gnupg is able to use it as well, switch
away from using gnupg's internal ccid driver.
|
|
|
|
The only changes we make to the default are to enable root login via a
password.
While `PasswordAuthentication yes` is the default, let's set it
explicitly to avoid potential issues in the future.
|
|
openssh 9.4p1-2 changed /etc/ssh/sshd_config to add support for
drop-in files in /etc/ssh/sshd_config.d/.
Using drop-in files avoids needing to keep up with changes to the
default /etc/ssh/sshd_config.
|
|
The tools are useful for clearing, creating and reading keys and etc.
on the TPM.
|
|
Since systemd 245, IPv6PrivacyExtensions can be set not just per
connection, but also globally for all connection with a configuration
file in /etc/systemd/network.conf.d/.
|
|
tmpfs with noswap option
Since tmpfs has a `noswap` option, use it instead of ramfs. Unlike
ramfs, tmpfs has a limit to its size.
This reverts commit 09b0428128700f37bd465eb54c6e45f69c17617d ("configs/releng/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount: use ramfs").
|
|
unused options
Set only the custom values for HOOKS and COMPRESSION.
|
|
This allows to retain a pristine /etc/mkinitcpio.conf in the rootfs.
|
|
Additionally fix a few code style issues found with shfmt.
|
|
Update pacman.conf to match the one shipped with pacman 6.0.2-7.
The community repository is gone. See
https://archlinux.org/news/git-migration-completed/
|
|
|
|
Add foot-terminfo and wezterm-terminfo packages to allow using their
terminfo entries for installations via SSH.
|
|
Relying on the volume UUID instead of its LABEL avoids collisions of
multiple ISOs created in the same month.
Fixes #202
|
|
|
|
1) wait for network-online.target before invoking curl
as there's no synchronization with network setup for this script
2) don't hide curl errors - it may be easier to debug the issues
3) add log and comments
|
|
configs/{baseline,releng}/grub/grub.cfg:
Use `console` as grub's `terminal_output`, as with `gfxterm` only a blank screen is shown on some hardware.
Fixes #212
|
|
Use the shorter and more nicer looking `UUID=` *tags* instead of the
`/dev/disk/by-uuid/` paths.
This requires mkinitcpio-archiso v68.
Related to #202
|
|
To prevent the file from being accidentally missed when someone copies
the ISO's contents, let's not place it in a directory that starts with a
dot. Since all GRUB related files are in /boot/grub/, put it there too.
Instead of using a more unique UUID for the file name, use
`YYYY-mm-dd-HH-MM-SS-00.uuid` which matches the ISO's modification date
in UTC,i.e. its "UUID". If multiple ISOs would be generated in the exact
same second, the ISO 9660 modification date (i.e. its "UUID") would be
the same, so there would be not way to distinguish between the volumes
anyway. This also makes the file look less suspicious to the casual
glance.
|
|
embedded grub.cfg
The `grub.cfg` embedded in the GRUB binaries already sets `ARCHISO_HINT`
and `ARCHISO_UUID` in most cases. To avoid performing the same searches
multiple times, use the existing variables.
|
|
Ensure the **correct** date is used in `iso_label` and `iso_version`.
|
|
Move memtest86+ to `/boot/memtest86+/` on ISO 9660. That directory is
not copied to netboot artifact output.
Netboot boot menu https://ipxe.archlinux.org/releng/netboot/archlinux.ipxe
does not have entries for memtest and archiso-manager removes these files
(not the EFI one, though) before uploading the release files anyway.
|
|
Update /etc/ssh/sshd_config to match changes made in
https://github.com/archlinux/svntogit-packages/commit/42aa04744e96c5805b7aa3904636f8cbd781f682
and https://github.com/archlinux/svntogit-packages/commit/7166713c55002dac3c2b306fdc63e89a412083a6
The only modification remains `PermitRootLogin yes`.
|
|
There are claims that some UEFI allegedly natively support NTFS.
Preload the required GRUB modules to support booting from NTFS on such
systems.
Additionally preload the exFAT and UEF modules, because, why not?
|
|
volume it's on
Search for `/.disk/%UUID_SEARCH_FILENAME%.uuid` and pass the UUID of the
volume it's on as `archisodevice`. mkarchiso will replace
`%UUID_SEARCH_FILENAME%` with a hardcoded value generated using
`SOURCE_DATE_EPOCH` durring ISO build.
This allows to prepare an UEFI bootable installation medium by simply
copying the directory structure without having to touch `grub.cfg`.
Relying on the volume UUID instead of its LABEL also avoids collisions
of multiple ISOs created in the same month.
Fixes #202
|
|
* Update mkinitcpio-archiso project link,
* Update code of conduct link,
* Update arch-releng mailing list link,
* Use HTTPS where possible,
* Replace dead link.
|
|
with cms_verify=y
Specify `cms_verify=y` in SYSLINUX/PXELINUX configuration to use OpenSSL
CMS based method for verifying the root file system image against the
code signing certificates in the initramfs.
`checksum` and `verify` are removed since they essentially serve the same
purpose and performing all the checks just needlessly delays boot.
Additionally, the removal of `verify` allows to build the ISO without gpg,
i.e. without using `mkarchiso`'s `-g` and `-G` options.
Fixes #200
|
|
Implements #203.
|
|
treated as text
This protects against the case where /proc/cmdline contains garbage triggering grep to think it is a binary.
See e.g. https://bugs.archlinux.org/task/76468 for an example.
|
|
archiso_kms hook with kms
The archiso_kms hook was moved from mkinitcpio-archiso to the mkinitcpio project.
See https://github.com/archlinux/mkinitcpio/commit/7bfe4861eacb3bf6cb70d9a17a0262542733a8ed and https://gitlab.archlinux.org/mkinitcpio/mkinitcpio-archiso/-/commit/dec17db5324285118e2faee296cc990ff1281bd8
|
|
The default is now copytoram=auto which enables copying to RAM when the rootfs image size is less than 4 GiB and free RAM exceeds the rootfs image size + 2 GiB.
See https://gitlab.archlinux.org/mkinitcpio/mkinitcpio-archiso/-/issues/13 and https://gitlab.archlinux.org/mkinitcpio/mkinitcpio-archiso/-/merge_requests/26.
Implements #177.
|
|
qemu-guest-agent.service will be started by the /usr/lib/udev/rules.d/99-qemu-guest-agent.rules udev rule.
Fixes #199
|
|
configs/releng/airootfs/etc/systemd/system/pacman-init.service:
Order pacman-init.service after time-sync.target, so that time on the host is synchronized before initializing pacman.
|
|
configs/releng/airootfs/etc/systemd/system/{dbus-org.freedesktop.timesync1},sysinit.target.wants/systemd-timesyncd}.service:
Enable systemd-timesyncd which aliases to dbus-org.freedesktop.timesync1 to ensure time gets synced on the host.
configs/releng/airootfs/etc/systemd/system/sysinit.target.wants/systemd-time-wait-sync.service:
Enable systemd-time-wait-sync to ensure time is finished syncing when time-sync.target is finished.
|
|
|
|
archlinux-keyring-wkd-sync.service needs an initialized pacman keyring to work.
Add BindsTo=etc-pacman.d-gnupg.mount to stop pacman-init.service if the mount unit suddenly enters inactive state.
|
|
Try to initialize a serial device and use it for input and output.
Add more comments to grub.cfg to explain what is done.
Related to #75
|
|
* Set the default boot entry and its timeout.
* Add classes to menu entries to allow theming them.
Fixes #179
|
|
yes it was descriptive but too large. this fixes #180
|