From 8535d695ff6dadb1fd47973c083c9af4698b56fc Mon Sep 17 00:00:00 2001 From: David Runge Date: Mon, 27 Feb 2023 19:31:45 +0100 Subject: Use console as grub's terminal_output configs/{baseline,releng}/grub/grub.cfg: Use `console` as grub's `terminal_output`, as with `gfxterm` only a blank screen is shown on some hardware. Fixes #212 --- configs/baseline/grub/grub.cfg | 3 +-- configs/releng/grub/grub.cfg | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) (limited to 'configs') diff --git a/configs/baseline/grub/grub.cfg b/configs/baseline/grub/grub.cfg index ed56578..40248eb 100644 --- a/configs/baseline/grub/grub.cfg +++ b/configs/baseline/grub/grub.cfg @@ -12,10 +12,9 @@ insmod udf insmod all_video insmod font if loadfont "${prefix}/fonts/unicode.pf2" ; then - insmod gfxterm set gfxmode="auto" terminal_input console - terminal_output gfxterm + terminal_output console fi # Enable serial console diff --git a/configs/releng/grub/grub.cfg b/configs/releng/grub/grub.cfg index 1882e49..5ea764d 100644 --- a/configs/releng/grub/grub.cfg +++ b/configs/releng/grub/grub.cfg @@ -12,10 +12,9 @@ insmod udf insmod all_video insmod font if loadfont "${prefix}/fonts/unicode.pf2" ; then - insmod gfxterm set gfxmode="auto" terminal_input console - terminal_output gfxterm + terminal_output console fi # Enable serial console -- cgit v1.2.3-70-g09d2 From f60525103d152923e1321490936cf17fd033bf4d Mon Sep 17 00:00:00 2001 From: Zig Globulin Date: Wed, 9 Feb 2022 14:28:16 +0100 Subject: wait for networkd online before curl invocation 1) wait for network-online.target before invoking curl as there's no synchronization with network setup for this script 2) don't hide curl errors - it may be easier to debug the issues 3) add log and comments --- CHANGELOG.rst | 3 +++ configs/releng/airootfs/root/.automated_script.sh | 11 ++++++++++- 2 files changed, 13 insertions(+), 1 deletion(-) (limited to 'configs') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 4fb2063..cef568a 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -17,6 +17,9 @@ Deprecated Fixed ----- +- Wait for ``network-online.target`` to become active before trying to download the script passed via the ``script=`` + boot parameter. + Removed ------- diff --git a/configs/releng/airootfs/root/.automated_script.sh b/configs/releng/airootfs/root/.automated_script.sh index 52c47e6..f257537 100755 --- a/configs/releng/airootfs/root/.automated_script.sh +++ b/configs/releng/airootfs/root/.automated_script.sh @@ -16,7 +16,13 @@ automated_script () script="$(script_cmdline)" if [[ -n "${script}" && ! -x /tmp/startup_script ]]; then if [[ "${script}" =~ ^((http|https|ftp)://) ]]; then - curl "${script}" --location --retry-connrefused --retry 10 -s -o /tmp/startup_script >/dev/null + # there's no synchronization for network availability before executing this script + printf '%s: waiting for network-online.target\n' "$0" + until systemctl --quiet is-active network-online.target; do + sleep 1 + done + printf '%s: downloading %s\n' "$0" "${script}" + curl "${script}" --location --retry-connrefused --retry 10 -s -o /tmp/startup_script rt=$? else cp "${script}" /tmp/startup_script @@ -24,6 +30,9 @@ automated_script () fi if [[ ${rt} -eq 0 ]]; then chmod +x /tmp/startup_script + printf '%s: executing automated script\n' "$0" + # note that script is executed when other services (like pacman-init) may be still in progress, please + # synchronize to "systemctl is-system-running --wait" when your script depends on other services /tmp/startup_script fi fi -- cgit v1.2.3-70-g09d2 From 20fc8030a38d7c71c341fd267c12eb6bee3c4549 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Fri, 17 Mar 2023 19:00:25 +0200 Subject: configs/baseline/profiledef.sh: compress more * Use LZMA extreme compression level, * enable experimental compressed fragments feature to create a smaller image, * enable experimental data deduplication. This decreases the baseline profile's `airootfs.erofs` size by about ~16 MiB. --- CHANGELOG.rst | 3 +++ configs/baseline/profiledef.sh | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) (limited to 'configs') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 4fb2063..19ff603 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -11,6 +11,9 @@ Added Changed ------- +- Increase EROFS compression for the baseline profile by using an extreme LZMA compression level and enabling the + experimental compressed fragments and data deduplication features. + Deprecated ---------- diff --git a/configs/baseline/profiledef.sh b/configs/baseline/profiledef.sh index 63acce1..913ff8a 100644 --- a/configs/baseline/profiledef.sh +++ b/configs/baseline/profiledef.sh @@ -14,7 +14,7 @@ bootmodes=('bios.syslinux.mbr' 'bios.syslinux.eltorito' arch="x86_64" pacman_conf="pacman.conf" airootfs_image_type="erofs" -airootfs_image_tool_options=('-zlzma,9' -E ztailpacking) +airootfs_image_tool_options=('-zlzma,109' -E 'ztailpacking,fragments,dedupe') file_permissions=( ["/etc/shadow"]="0:0:400" ) -- cgit v1.2.3-70-g09d2 From 751f6ed9baa787765fb10f1a23279d57c3ac0d23 Mon Sep 17 00:00:00 2001 From: Antonio V Date: Sun, 14 May 2023 15:10:02 +0000 Subject: Added classes for Memtest86+ and UEFI Shell menuentries --- configs/releng/grub/grub.cfg | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'configs') diff --git a/configs/releng/grub/grub.cfg b/configs/releng/grub/grub.cfg index 5ea764d..034bdb4 100644 --- a/configs/releng/grub/grub.cfg +++ b/configs/releng/grub/grub.cfg @@ -56,16 +56,16 @@ menuentry "Arch Linux install medium with speakup screen reader (x86_64, UEFI)" if [ "${grub_platform}" == "efi" ]; then if [ "${grub_cpu}" == "x86_64" ]; then - menuentry "Run Memtest86+ (RAM test)" --class memtest86 --class gnu --class tool { + menuentry "Run Memtest86+ (RAM test)" --class memtest86 --class memtest --class gnu --class tool { set gfxpayload=800x600,1024x768 linux /boot/memtest86+/memtest.efi } - menuentry "UEFI Shell" { + menuentry "UEFI Shell" --class efi { insmod chain chainloader /shellx64.efi } elif [ "${grub_cpu}" == "i386" ]; then - menuentry "UEFI Shell" { + menuentry "UEFI Shell" --class efi { insmod chain chainloader /shellia32.efi } -- cgit v1.2.3-70-g09d2 From ce8fdedbf7af54544983f87472f8854b7b850603 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Thu, 16 Mar 2023 09:30:03 +0200 Subject: Use UUIDs in all boot loader configuration files Relying on the volume UUID instead of its LABEL avoids collisions of multiple ISOs created in the same month. Fixes #202 --- CHANGELOG.rst | 1 + configs/baseline/efiboot/loader/entries/01-archiso-x86_64-linux.conf | 2 +- configs/baseline/syslinux/syslinux-linux.cfg | 2 +- configs/releng/efiboot/loader/entries/01-archiso-x86_64-linux.conf | 2 +- .../releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf | 2 +- configs/releng/syslinux/archiso_pxe-linux.cfg | 2 +- configs/releng/syslinux/archiso_sys-linux.cfg | 4 ++-- 7 files changed, 8 insertions(+), 7 deletions(-) (limited to 'configs') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index a4cd42f..c8630bd 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -15,6 +15,7 @@ Changed - Increase EROFS compression for the baseline profile by using an extreme LZMA compression level and enabling the experimental compressed fragments and data deduplication features. +- Identify the ISO volume via a UUID instead of a file system label in all boot loader configuration files. Deprecated ---------- diff --git a/configs/baseline/efiboot/loader/entries/01-archiso-x86_64-linux.conf b/configs/baseline/efiboot/loader/entries/01-archiso-x86_64-linux.conf index 11624b6..68c1d2c 100644 --- a/configs/baseline/efiboot/loader/entries/01-archiso-x86_64-linux.conf +++ b/configs/baseline/efiboot/loader/entries/01-archiso-x86_64-linux.conf @@ -1,4 +1,4 @@ title Arch Linux (x86_64, UEFI) linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% +options archisobasedir=%INSTALL_DIR% archisodevice=UUID=%ARCHISO_UUID% diff --git a/configs/baseline/syslinux/syslinux-linux.cfg b/configs/baseline/syslinux/syslinux-linux.cfg index 0311f29..3fd9da5 100644 --- a/configs/baseline/syslinux/syslinux-linux.cfg +++ b/configs/baseline/syslinux/syslinux-linux.cfg @@ -2,4 +2,4 @@ LABEL arch MENU LABEL Arch Linux (x86_64, BIOS) LINUX /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux INITRD /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% +APPEND archisobasedir=%INSTALL_DIR% archisodevice=UUID=%ARCHISO_UUID% diff --git a/configs/releng/efiboot/loader/entries/01-archiso-x86_64-linux.conf b/configs/releng/efiboot/loader/entries/01-archiso-x86_64-linux.conf index 1c2a7a8..2506f07 100644 --- a/configs/releng/efiboot/loader/entries/01-archiso-x86_64-linux.conf +++ b/configs/releng/efiboot/loader/entries/01-archiso-x86_64-linux.conf @@ -4,4 +4,4 @@ linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux initrd /%INSTALL_DIR%/boot/intel-ucode.img initrd /%INSTALL_DIR%/boot/amd-ucode.img initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% +options archisobasedir=%INSTALL_DIR% archisodevice=UUID=%ARCHISO_UUID% diff --git a/configs/releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf b/configs/releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf index 64253d3..6928a10 100644 --- a/configs/releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf +++ b/configs/releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf @@ -4,4 +4,4 @@ linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux initrd /%INSTALL_DIR%/boot/intel-ucode.img initrd /%INSTALL_DIR%/boot/amd-ucode.img initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% accessibility=on +options archisobasedir=%INSTALL_DIR% archisodevice=UUID=%ARCHISO_UUID% accessibility=on diff --git a/configs/releng/syslinux/archiso_pxe-linux.cfg b/configs/releng/syslinux/archiso_pxe-linux.cfg index 0eb1705..305b8fd 100644 --- a/configs/releng/syslinux/archiso_pxe-linux.cfg +++ b/configs/releng/syslinux/archiso_pxe-linux.cfg @@ -6,7 +6,7 @@ ENDTEXT MENU LABEL Arch Linux install medium (x86_64, NBD) LINUX ::/%INSTALL_DIR%/boot/x86_64/vmlinuz-linux INITRD ::/%INSTALL_DIR%/boot/intel-ucode.img,::/%INSTALL_DIR%/boot/amd-ucode.img,::/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% archiso_nbd_srv=${pxeserver} cms_verify=y +APPEND archisobasedir=%INSTALL_DIR% archisodevice=UUID=%ARCHISO_UUID% archiso_nbd_srv=${pxeserver} cms_verify=y SYSAPPEND 3 LABEL arch64_nfs diff --git a/configs/releng/syslinux/archiso_sys-linux.cfg b/configs/releng/syslinux/archiso_sys-linux.cfg index f9d3b0d..950dc48 100644 --- a/configs/releng/syslinux/archiso_sys-linux.cfg +++ b/configs/releng/syslinux/archiso_sys-linux.cfg @@ -6,7 +6,7 @@ ENDTEXT MENU LABEL Arch Linux install medium (x86_64, BIOS) LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% +APPEND archisobasedir=%INSTALL_DIR% archisodevice=UUID=%ARCHISO_UUID% # Accessibility boot option LABEL arch64speech @@ -17,4 +17,4 @@ ENDTEXT MENU LABEL Arch Linux install medium (x86_64, BIOS) with ^speech LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% accessibility=on +APPEND archisobasedir=%INSTALL_DIR% archisodevice=UUID=%ARCHISO_UUID% accessibility=on -- cgit v1.2.3-70-g09d2 From 493aa90fd2250ebfe37598eb933550e635adbc4b Mon Sep 17 00:00:00 2001 From: nl6720 Date: Sat, 13 May 2023 15:58:06 +0300 Subject: configs/releng/packages.x86_64: add more terminfo packages Add foot-terminfo and wezterm-terminfo packages to allow using their terminfo entries for installations via SSH. --- CHANGELOG.rst | 2 ++ configs/releng/packages.x86_64 | 2 ++ 2 files changed, 4 insertions(+) (limited to 'configs') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 36d173d..7295875 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -9,6 +9,8 @@ Added ----- - Added classes for Memtest86+ and UEFI Shell menuentries. +- Add foot-terminfo and wezterm-terminfo packages to releng to support terminal emulators using them. E.g. when + installing via SSH. Changed ------- diff --git a/configs/releng/packages.x86_64 b/configs/releng/packages.x86_64 index 5771920..43678b2 100644 --- a/configs/releng/packages.x86_64 +++ b/configs/releng/packages.x86_64 @@ -28,6 +28,7 @@ ethtool exfatprogs f2fs-tools fatresize +foot-terminfo fsarchiver gnu-netcat gpart @@ -114,6 +115,7 @@ usbutils vim virtualbox-guest-utils-nox vpnc +wezterm-terminfo wireless-regdb wireless_tools wpa_supplicant -- cgit v1.2.3-70-g09d2 From 32b32bd61549ef44c585a5c8176981f255f3c532 Mon Sep 17 00:00:00 2001 From: Sorin Pânca Date: Mon, 22 May 2023 15:58:50 +0300 Subject: Add support for mDNS. --- CHANGELOG.rst | 1 + configs/baseline/airootfs/etc/systemd/network/20-ethernet.network | 1 + configs/baseline/airootfs/etc/systemd/resolved.conf.d/archiso.conf | 4 ++++ configs/releng/airootfs/etc/systemd/network/20-ethernet.network | 1 + configs/releng/airootfs/etc/systemd/network/20-wlan.network | 1 + configs/releng/airootfs/etc/systemd/resolved.conf.d/archiso.conf | 4 ++++ 6 files changed, 12 insertions(+) create mode 100644 configs/baseline/airootfs/etc/systemd/resolved.conf.d/archiso.conf create mode 100644 configs/releng/airootfs/etc/systemd/resolved.conf.d/archiso.conf (limited to 'configs') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 6906305..23c5bb4 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -12,6 +12,7 @@ Added - Add foot-terminfo and wezterm-terminfo packages to releng to support terminal emulators using them. E.g. when installing via SSH. - Add a new ``-r`` option to ``mkarchiso`` that deletes the working directly after the build. +- Add support for mDNS announce and resolve. Changed ------- diff --git a/configs/baseline/airootfs/etc/systemd/network/20-ethernet.network b/configs/baseline/airootfs/etc/systemd/network/20-ethernet.network index 4b6a2ab..64bb07e 100644 --- a/configs/baseline/airootfs/etc/systemd/network/20-ethernet.network +++ b/configs/baseline/airootfs/etc/systemd/network/20-ethernet.network @@ -7,4 +7,5 @@ Name=eth* [Network] DHCP=yes +MulticastDNS=yes IPv6PrivacyExtensions=yes diff --git a/configs/baseline/airootfs/etc/systemd/resolved.conf.d/archiso.conf b/configs/baseline/airootfs/etc/systemd/resolved.conf.d/archiso.conf new file mode 100644 index 0000000..636f3bd --- /dev/null +++ b/configs/baseline/airootfs/etc/systemd/resolved.conf.d/archiso.conf @@ -0,0 +1,4 @@ +# Default systemd-resolved configuration for archiso + +[Resolve] +MulticastDNS=yes diff --git a/configs/releng/airootfs/etc/systemd/network/20-ethernet.network b/configs/releng/airootfs/etc/systemd/network/20-ethernet.network index 9ada778..ce8de1f 100644 --- a/configs/releng/airootfs/etc/systemd/network/20-ethernet.network +++ b/configs/releng/airootfs/etc/systemd/network/20-ethernet.network @@ -7,6 +7,7 @@ Name=eth* [Network] DHCP=yes +MulticastDNS=yes IPv6PrivacyExtensions=yes # systemd-networkd does not set per-interface-type default route metrics diff --git a/configs/releng/airootfs/etc/systemd/network/20-wlan.network b/configs/releng/airootfs/etc/systemd/network/20-wlan.network index 601d5b8..e5990bf 100644 --- a/configs/releng/airootfs/etc/systemd/network/20-wlan.network +++ b/configs/releng/airootfs/etc/systemd/network/20-wlan.network @@ -3,6 +3,7 @@ Name=wl* [Network] DHCP=yes +MulticastDNS=yes IPv6PrivacyExtensions=yes # systemd-networkd does not set per-interface-type default route metrics diff --git a/configs/releng/airootfs/etc/systemd/resolved.conf.d/archiso.conf b/configs/releng/airootfs/etc/systemd/resolved.conf.d/archiso.conf new file mode 100644 index 0000000..636f3bd --- /dev/null +++ b/configs/releng/airootfs/etc/systemd/resolved.conf.d/archiso.conf @@ -0,0 +1,4 @@ +# Default systemd-resolved configuration for archiso + +[Resolve] +MulticastDNS=yes -- cgit v1.2.3-70-g09d2 From 1637dc3590ca6b15657bb850ee75000975d189ab Mon Sep 17 00:00:00 2001 From: nl6720 Date: Mon, 22 May 2023 15:14:11 +0300 Subject: Update configs/{baseline,releng}/pacman.conf Update pacman.conf to match the one shipped with pacman 6.0.2-7. The community repository is gone. See https://archlinux.org/news/git-migration-completed/ --- CHANGELOG.rst | 1 + configs/baseline/pacman.conf | 9 +++------ configs/releng/pacman.conf | 9 +++------ 3 files changed, 7 insertions(+), 12 deletions(-) (limited to 'configs') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 23c5bb4..6e34d6a 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -20,6 +20,7 @@ Changed - Increase EROFS compression for the baseline profile by using an extreme LZMA compression level and enabling the experimental compressed fragments and data deduplication features. - Identify the ISO volume via a UUID instead of a file system label in all boot loader configuration files. +- Update ``pacman.conf`` to match the one shipped with pacman 6.0.2-7 which removes the community repository. Deprecated ---------- diff --git a/configs/baseline/pacman.conf b/configs/baseline/pacman.conf index 5ee6c1e..f382fab 100644 --- a/configs/baseline/pacman.conf +++ b/configs/baseline/pacman.conf @@ -70,19 +70,16 @@ LocalFileSigLevel = Optional # repo name header and Include lines. You can add preferred servers immediately # after the header, and they will be used before the default mirrors. -#[testing] +#[core-testing] #Include = /etc/pacman.d/mirrorlist [core] Include = /etc/pacman.d/mirrorlist -[extra] -Include = /etc/pacman.d/mirrorlist - -#[community-testing] +#[extra-testing] #Include = /etc/pacman.d/mirrorlist -[community] +[extra] Include = /etc/pacman.d/mirrorlist # If you want to run 32 bit applications on your x86_64 system, diff --git a/configs/releng/pacman.conf b/configs/releng/pacman.conf index 5ee6c1e..f382fab 100644 --- a/configs/releng/pacman.conf +++ b/configs/releng/pacman.conf @@ -70,19 +70,16 @@ LocalFileSigLevel = Optional # repo name header and Include lines. You can add preferred servers immediately # after the header, and they will be used before the default mirrors. -#[testing] +#[core-testing] #Include = /etc/pacman.d/mirrorlist [core] Include = /etc/pacman.d/mirrorlist -[extra] -Include = /etc/pacman.d/mirrorlist - -#[community-testing] +#[extra-testing] #Include = /etc/pacman.d/mirrorlist -[community] +[extra] Include = /etc/pacman.d/mirrorlist # If you want to run 32 bit applications on your x86_64 system, -- cgit v1.2.3-70-g09d2 From 28a3a54c5f28e40a935609de9b092fe0c1cfee24 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Tue, 6 Dec 2022 14:20:30 +0200 Subject: Fix optional shellcheck warnings Additionally fix a few code style issues found with shfmt. --- .editorconfig | 7 + .gitlab/ci/build_archiso.sh | 441 +++++++++++---------- archiso/mkarchiso | 169 ++++---- configs/releng/airootfs/root/.automated_script.sh | 13 +- .../releng/airootfs/usr/local/bin/choose-mirror | 17 +- configs/releng/airootfs/usr/local/bin/livecd-sound | 97 ++--- scripts/run_archiso.sh | 1 - 7 files changed, 373 insertions(+), 372 deletions(-) (limited to 'configs') diff --git a/.editorconfig b/.editorconfig index 74ed4eb..cbb5538 100644 --- a/.editorconfig +++ b/.editorconfig @@ -16,6 +16,10 @@ charset = utf-8 indent_style = space indent_size = 4 max_line_length = 120 +# for shfmt +switch_case_indent = true +binary_next_line = true + [*.{yml,yaml}] end_of_line = lf @@ -32,3 +36,6 @@ trim_trailing_whitespace = true charset = utf-8 indent_style = space indent_size = 2 + +[Makefile] +indent_style = tab diff --git a/.gitlab/ci/build_archiso.sh b/.gitlab/ci/build_archiso.sh index 104792a..3e1211b 100755 --- a/.gitlab/ci/build_archiso.sh +++ b/.gitlab/ci/build_archiso.sh @@ -35,141 +35,142 @@ ca_key="" pgp_key_id="" print_section_start() { - # gitlab collapsible sections start: https://docs.gitlab.com/ee/ci/jobs/#custom-collapsible-sections - local _section _title - _section="${1}" - _title="${2}" + # gitlab collapsible sections start: https://docs.gitlab.com/ee/ci/jobs/#custom-collapsible-sections + local _section _title + _section="${1}" + _title="${2}" - printf "\e[0Ksection_start:%(%s)T:%s\r\e[0K%s\n" '-1' "${_section}" "${_title}" + printf "\e[0Ksection_start:%(%s)T:%s\r\e[0K%s\n" '-1' "${_section}" "${_title}" } print_section_end() { - # gitlab collapsible sections end: https://docs.gitlab.com/ee/ci/jobs/#custom-collapsible-sections - local _section - _section="${1}" + # gitlab collapsible sections end: https://docs.gitlab.com/ee/ci/jobs/#custom-collapsible-sections + local _section + _section="${1}" - printf "\e[0Ksection_end:%(%s)T:%s\r\e[0K\n" '-1' "${_section}" + printf "\e[0Ksection_end:%(%s)T:%s\r\e[0K\n" '-1' "${_section}" } cleanup() { - # clean up temporary directories - print_section_start "cleanup" "Cleaning up temporary directory" + # clean up temporary directories + print_section_start "cleanup" "Cleaning up temporary directory" - if [ -n "${tmpdir_base:-}" ]; then - rm -fr "${tmpdir_base}" - fi + if [[ -n "${tmpdir_base:-}" ]]; then + rm -fr "${tmpdir_base}" + fi - print_section_end "cleanup" + print_section_end "cleanup" } create_checksums() { - # create checksums for files - # $@: files - local _file_path _file_name _current_pwd - _current_pwd="${PWD}" - - print_section_start "checksums" "Creating checksums" - - for _file_path in "$@"; do - cd "$(dirname "${_file_path}")" - _file_name="$(basename "${_file_path}")" - b2sum "${_file_name}" > "${_file_name}.b2" - md5sum "${_file_name}" > "${_file_name}.md5" - sha1sum "${_file_name}" > "${_file_name}.sha1" - sha256sum "${_file_name}" > "${_file_name}.sha256" - sha512sum "${_file_name}" > "${_file_name}.sha512" - ls -lah "${_file_name}."{b2,md5,sha{1,256,512}} - cat "${_file_name}."{b2,md5,sha{1,256,512}} - done - cd "${_current_pwd}" - - print_section_end "checksums" + # create checksums for files + # $@: files + local _file_path _file_name _current_pwd + _current_pwd="${PWD}" + + print_section_start "checksums" "Creating checksums" + + for _file_path in "$@"; do + cd "$(dirname "${_file_path}")" + _file_name="$(basename "${_file_path}")" + b2sum "${_file_name}" >"${_file_name}.b2" + md5sum "${_file_name}" >"${_file_name}.md5" + sha1sum "${_file_name}" >"${_file_name}.sha1" + sha256sum "${_file_name}" >"${_file_name}.sha256" + sha512sum "${_file_name}" >"${_file_name}.sha512" + ls -lah "${_file_name}."{b2,md5,sha{1,256,512}} + cat "${_file_name}."{b2,md5,sha{1,256,512}} + done + cd "${_current_pwd}" + + print_section_end "checksums" } create_zsync_delta() { - # create zsync control files for files - # $@: files - local _file - - print_section_start "zsync_delta" "Creating zsync delta" - - for _file in "$@"; do - if [[ "${buildmode}" == "bootstrap" ]]; then - # zsyncmake fails on 'too long between blocks' with default block size on bootstrap image - zsyncmake -v -b 512 -C -u "${_file##*/}" -o "${_file}".zsync "${_file}" - else - zsyncmake -v -C -u "${_file##*/}" -o "${_file}".zsync "${_file}" - fi - done + # create zsync control files for files + # $@: files + local _file + + print_section_start "zsync_delta" "Creating zsync delta" + + for _file in "$@"; do + if [[ "${buildmode}" == "bootstrap" ]]; then + # zsyncmake fails on 'too long between blocks' with default block size on bootstrap image + zsyncmake -v -b 512 -C -u "${_file##*/}" -o "${_file}".zsync "${_file}" + else + zsyncmake -v -C -u "${_file##*/}" -o "${_file}".zsync "${_file}" + fi + done - print_section_end "zsync_delta" + print_section_end "zsync_delta" } create_metrics() { - local _metrics="${output}/metrics.txt" - # create metrics - print_section_start "metrics" "Creating metrics" - - { - # create metrics based on buildmode - case "${buildmode}" in - iso) - printf 'image_size_mebibytes{image="%s"} %s\n' \ - "${profile}" \ - "$(du -m -- "${output}/"*.iso | cut -f1)" - printf 'package_count{image="%s"} %s\n' \ - "${profile}" \ - "$(sort -u -- "${tmpdir}/iso/"*/pkglist.*.txt | wc -l)" - if [[ -e "${tmpdir}/efiboot.img" ]]; then - printf 'eltorito_efi_image_size_mebibytes{image="%s"} %s\n' \ - "${profile}" \ - "$(du -m -- "${tmpdir}/efiboot.img" | cut -f1)" - fi - # shellcheck disable=SC2046 - # shellcheck disable=SC2183 - printf 'initramfs_size_mebibytes{image="%s",initramfs="%s"} %s\n' \ - $(du -m -- "${tmpdir}/iso/"*/boot/**/initramfs*.img | \ - awk -v profile="${profile}" \ - 'function basename(file) { - sub(".*/", "", file) - return file - } - { print profile, basename($2), $1 }' - ) - ;; - netboot) - printf 'netboot_size_mebibytes{image="%s"} %s\n' \ - "${profile}" \ - "$(du -m -- "${output}/${install_dir}/" | tail -n1 | cut -f1)" - printf 'netboot_package_count{image="%s"} %s\n' \ - "${profile}" \ - "$(sort -u -- "${tmpdir}/iso/"*/pkglist.*.txt | wc -l)" - ;; - bootstrap) - printf 'bootstrap_size_mebibytes{image="%s"} %s\n' \ - "${profile}" \ - "$(du -m -- "${output}/"*.tar*(.gz|.xz|.zst) | cut -f1)" - printf 'bootstrap_package_count{image="%s"} %s\n' \ - "${profile}" \ - "$(sort -u -- "${tmpdir}/"*/bootstrap/root.*/pkglist.*.txt | wc -l)" - ;; - esac - } > "${_metrics}" - ls -lah "${_metrics}" - cat "${_metrics}" - - print_section_end "metrics" + local _metrics="${output}/metrics.txt" + # create metrics + print_section_start "metrics" "Creating metrics" + + { + # create metrics based on buildmode + case "${buildmode}" in + iso) + printf 'image_size_mebibytes{image="%s"} %s\n' \ + "${profile}" \ + "$(du -m -- "${output}/"*.iso | cut -f1)" + printf 'package_count{image="%s"} %s\n' \ + "${profile}" \ + "$(sort -u -- "${tmpdir}/iso/"*/pkglist.*.txt | wc -l)" + if [[ -e "${tmpdir}/efiboot.img" ]]; then + printf 'eltorito_efi_image_size_mebibytes{image="%s"} %s\n' \ + "${profile}" \ + "$(du -m -- "${tmpdir}/efiboot.img" | cut -f1)" + fi + # shellcheck disable=SC2046 + # shellcheck disable=SC2183 + printf 'initramfs_size_mebibytes{image="%s",initramfs="%s"} %s\n' \ + $( + du -m -- "${tmpdir}/iso/"*/boot/**/initramfs*.img \ + | awk -v profile="${profile}" \ + 'function basename(file) { + sub(".*/", "", file) + return file + } + { print profile, basename($2), $1 }' + ) + ;; + netboot) + printf 'netboot_size_mebibytes{image="%s"} %s\n' \ + "${profile}" \ + "$(du -m -- "${output}/${install_dir}/" | tail -n1 | cut -f1)" + printf 'netboot_package_count{image="%s"} %s\n' \ + "${profile}" \ + "$(sort -u -- "${tmpdir}/iso/"*/pkglist.*.txt | wc -l)" + ;; + bootstrap) + printf 'bootstrap_size_mebibytes{image="%s"} %s\n' \ + "${profile}" \ + "$(du -m -- "${output}/"*.tar*(.gz|.xz|.zst) | cut -f1)" + printf 'bootstrap_package_count{image="%s"} %s\n' \ + "${profile}" \ + "$(sort -u -- "${tmpdir}/"*/bootstrap/root.*/pkglist.*.txt | wc -l)" + ;; + esac + } >"${_metrics}" + ls -lah "${_metrics}" + cat "${_metrics}" + + print_section_end "metrics" } create_ephemeral_pgp_key() { - # create an ephemeral PGP key for signing the rootfs image - print_section_start "ephemeral_pgp_key" "Creating ephemeral PGP key" + # create an ephemeral PGP key for signing the rootfs image + print_section_start "ephemeral_pgp_key" "Creating ephemeral PGP key" - gnupg_homedir="$tmpdir/.gnupg" - mkdir -p "${gnupg_homedir}" - chmod 700 "${gnupg_homedir}" + gnupg_homedir="$tmpdir/.gnupg" + mkdir -p "${gnupg_homedir}" + chmod 700 "${gnupg_homedir}" - cat << __EOF__ > "${gnupg_homedir}"/gpg.conf + cat <<__EOF__ >"${gnupg_homedir}"/gpg.conf quiet batch no-tty @@ -180,7 +181,7 @@ armor no-emit-version __EOF__ - gpg --homedir "${gnupg_homedir}" --gen-key < "${ca_dir}/serial" - - # Prepare the ca configuration for the change in directory - sed -i "s#/etc/ssl#${ca_dir}#g" "${ca_conf}" - - # Create the Certificate Authority - openssl req \ - -newkey rsa:4096 \ - -sha256 \ - -nodes \ - -x509 \ - -new \ - -sha256 \ - -keyout "${ca_key}" \ - -config "${ca_conf}" \ - -subj "${ca_subj}" \ - -out "${ca_cert}" - - cat << EOF >> "${ca_conf}" + # create ephemeral certificates used for codesigning + print_section_start "ephemeral_codesigning_key" "Creating ephemeral codesigning keys" + + # The exact steps in creating a CA with Codesigning being signed was taken from + # https://jamielinux.com/docs/openssl-certificate-authority/introduction.html + # (slight modifications to the process to not disturb default values of /etc/ssl/openssl.cnf) + + codesigning_dir="${tmpdir}/.codesigning/" + local ca_dir="${codesigning_dir}/ca/" + + local ca_conf="${ca_dir}/certificate_authority.cnf" + local ca_subj="/C=DE/ST=Berlin/L=Berlin/O=Arch Linux/OU=Release Engineering/CN=archlinux.org" + ca_cert="${ca_dir}/cacert.pem" + ca_key="${ca_dir}/private/cakey.pem" + + local codesigning_conf="${codesigning_dir}/code_signing.cnf" + local codesigning_subj="/C=DE/ST=Berlin/L=Berlin/O=Arch Linux/OU=Release Engineering/CN=archlinux.org" + codesigning_cert="${codesigning_dir}/codesign.crt" + codesigning_key="${codesigning_dir}/codesign.key" + + mkdir -p "${ca_dir}/"{private,newcerts,crl} + mkdir -p "${codesigning_dir}" + cp -- /etc/ssl/openssl.cnf "${codesigning_conf}" + cp -- /etc/ssl/openssl.cnf "${ca_conf}" + touch "${ca_dir}/index.txt" + echo "1000" >"${ca_dir}/serial" + + # Prepare the ca configuration for the change in directory + sed -i "s#/etc/ssl#${ca_dir}#g" "${ca_conf}" + + # Create the Certificate Authority + openssl req \ + -newkey rsa:4096 \ + -sha256 \ + -nodes \ + -x509 \ + -new \ + -sha256 \ + -keyout "${ca_key}" \ + -config "${ca_conf}" \ + -subj "${ca_subj}" \ + -out "${ca_cert}" + + cat <>"${ca_conf}" [ v3_intermediate_ca ] # Extensions for a typical intermediate CA ('man x509v3_config'). @@ -261,7 +262,7 @@ keyUsage = critical, digitalSignature, cRLSign, keyCertSign EOF - cat << EOF >> "${codesigning_conf}" + cat <>"${codesigning_conf}" [codesigning] keyUsage=digitalSignature @@ -269,65 +270,65 @@ extendedKeyUsage=codeSigning, clientAuth, emailProtection EOF - openssl req \ - -newkey rsa:4096 \ - -keyout "${codesigning_key}" \ - -nodes \ - -sha256 \ - -out "${codesigning_cert}.csr" \ - -config "${codesigning_conf}" \ - -subj "${codesigning_subj}" \ - -extensions codesigning - - # Sign the code signing certificate with the CA - openssl ca \ - -batch \ - -config "${ca_conf}" \ - -extensions v3_intermediate_ca \ - -days 3650 \ - -notext \ - -md sha256 \ - -in "${codesigning_cert}.csr" \ - -out "${codesigning_cert}" - - print_section_end "ephemeral_codesigning_key" + openssl req \ + -newkey rsa:4096 \ + -keyout "${codesigning_key}" \ + -nodes \ + -sha256 \ + -out "${codesigning_cert}.csr" \ + -config "${codesigning_conf}" \ + -subj "${codesigning_subj}" \ + -extensions codesigning + + # Sign the code signing certificate with the CA + openssl ca \ + -batch \ + -config "${ca_conf}" \ + -extensions v3_intermediate_ca \ + -days 3650 \ + -notext \ + -md sha256 \ + -in "${codesigning_cert}.csr" \ + -out "${codesigning_cert}" + + print_section_end "ephemeral_codesigning_key" } run_mkarchiso() { - # run mkarchiso - create_ephemeral_pgp_key - create_ephemeral_codesigning_keys - - print_section_start "mkarchiso" "Running mkarchiso" - mkdir -p "${output}/" "${tmpdir}/" - GNUPGHOME="${gnupg_homedir}" ./archiso/mkarchiso \ - -D "${install_dir}" \ - -c "${codesigning_cert} ${codesigning_key} ${ca_cert}" \ - -g "${pgp_key_id}" \ - -G "${pgp_sender}" \ - -o "${output}/" \ - -w "${tmpdir}/" \ - -m "${buildmode}" \ - -v "configs/${profile}" - - print_section_end "mkarchiso" - - if [[ "${buildmode}" =~ "iso" ]]; then - create_zsync_delta "${output}/"*.iso - create_checksums "${output}/"*.iso - fi - if [[ "${buildmode}" == "bootstrap" ]]; then - create_zsync_delta "${output}/"*.tar*(.gz|.xz|.zst) - create_checksums "${output}/"*.tar*(.gz|.xz|.zst) - fi - create_metrics - - print_section_start "ownership" "Setting ownership on output" - - if [[ -n "${SUDO_UID:-}" ]] && [[ -n "${SUDO_GID:-}" ]]; then - chown -Rv "${SUDO_UID}:${SUDO_GID}" -- "${output}" - fi - print_section_end "ownership" + # run mkarchiso + create_ephemeral_pgp_key + create_ephemeral_codesigning_keys + + print_section_start "mkarchiso" "Running mkarchiso" + mkdir -p "${output}/" "${tmpdir}/" + GNUPGHOME="${gnupg_homedir}" ./archiso/mkarchiso \ + -D "${install_dir}" \ + -c "${codesigning_cert} ${codesigning_key} ${ca_cert}" \ + -g "${pgp_key_id}" \ + -G "${pgp_sender}" \ + -o "${output}/" \ + -w "${tmpdir}/" \ + -m "${buildmode}" \ + -v "configs/${profile}" + + print_section_end "mkarchiso" + + if [[ "${buildmode}" =~ "iso" ]]; then + create_zsync_delta "${output}/"*.iso + create_checksums "${output}/"*.iso + fi + if [[ "${buildmode}" == "bootstrap" ]]; then + create_zsync_delta "${output}/"*.tar*(.gz|.xz|.zst) + create_checksums "${output}/"*.tar*(.gz|.xz|.zst) + fi + create_metrics + + print_section_start "ownership" "Setting ownership on output" + + if [[ -n "${SUDO_UID:-}" ]] && [[ -n "${SUDO_GID:-}" ]]; then + chown -Rv "${SUDO_UID}:${SUDO_GID}" -- "${output}" + fi + print_section_end "ownership" } trap cleanup EXIT diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 470a960..15534bf 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -169,7 +169,7 @@ _cleanup_pacstrap_dir() { # Create /etc/machine-id with special value 'uninitialized': the final id is # generated on first boot, systemd's first-boot mechanism applies (see machine-id(5)) rm -f -- "${pacstrap_dir}/etc/machine-id" - printf 'uninitialized\n' > "${pacstrap_dir}/etc/machine-id" + printf 'uninitialized\n' >"${pacstrap_dir}/etc/machine-id" _msg_info "Done!" } @@ -204,7 +204,7 @@ _mkairootfs_ext4+squashfs() { [[ ! "${quiet}" == "y" ]] || mkfs_ext4_options+=('-q') rm -f -- "${pacstrap_dir}.img" E2FSPROGS_FAKE_TIME="${SOURCE_DATE_EPOCH}" mkfs.ext4 "${mkfs_ext4_options[@]}" -- "${pacstrap_dir}.img" 32G - tune2fs -c 0 -i 0 -- "${pacstrap_dir}.img" > /dev/null + tune2fs -c 0 -i 0 -- "${pacstrap_dir}.img" >/dev/null _msg_info "Done!" install -d -m 0755 -- "${isofs_dir}/${install_dir}/${arch}" @@ -245,9 +245,9 @@ _mkchecksum() { _msg_info "Creating checksum file for self-test..." cd -- "${isofs_dir}/${install_dir}/${arch}" if [[ -e "${isofs_dir}/${install_dir}/${arch}/airootfs.sfs" ]]; then - sha512sum airootfs.sfs > airootfs.sha512 + sha512sum airootfs.sfs >airootfs.sha512 elif [[ -e "${isofs_dir}/${install_dir}/${arch}/airootfs.erofs" ]]; then - sha512sum airootfs.erofs > airootfs.sha512 + sha512sum airootfs.erofs >airootfs.sha512 fi cd -- "${OLDPWD}" _msg_info "Done!" @@ -280,12 +280,12 @@ _run_once() { # Set up custom pacman.conf with custom cache and pacman hook directories. _make_pacman_conf() { local _cache_dirs _system_cache_dirs _profile_cache_dirs - _system_cache_dirs="$(pacman-conf CacheDir| tr '\n' ' ')" - _profile_cache_dirs="$(pacman-conf --config "${pacman_conf}" CacheDir| tr '\n' ' ')" + _system_cache_dirs="$(pacman-conf CacheDir | tr '\n' ' ')" + _profile_cache_dirs="$(pacman-conf --config "${pacman_conf}" CacheDir | tr '\n' ' ')" # Only use the profile's CacheDir, if it is not the default and not the same as the system cache dir. - if [[ "${_profile_cache_dirs}" != "/var/cache/pacman/pkg" ]] && \ - [[ "${_system_cache_dirs}" != "${_profile_cache_dirs}" ]]; then + if [[ "${_profile_cache_dirs}" != "/var/cache/pacman/pkg" ]] \ + && [[ "${_system_cache_dirs}" != "${_profile_cache_dirs}" ]]; then _cache_dirs="${_profile_cache_dirs}" else _cache_dirs="${_system_cache_dirs}" @@ -297,9 +297,9 @@ _make_pacman_conf() { # append CacheDir and HookDir to [options] section # HookDir is *always* set to the airootfs' override directory # see `man 8 pacman` for further info - pacman-conf --config "${pacman_conf}" | \ - sed "/CacheDir/d;/DBPath/d;/HookDir/d;/LogFile/d;/RootDir/d;/\[options\]/a CacheDir = ${_cache_dirs} - /\[options\]/a HookDir = ${pacstrap_dir}/etc/pacman.d/hooks/" > "${work_dir}/${buildmode}.pacman.conf" + pacman-conf --config "${pacman_conf}" \ + | sed "/CacheDir/d;/DBPath/d;/HookDir/d;/LogFile/d;/RootDir/d;/\[options\]/a CacheDir = ${_cache_dirs} + /\[options\]/a HookDir = ${pacstrap_dir}/etc/pacman.d/hooks/" >"${work_dir}/${buildmode}.pacman.conf" } # Prepare working directory and copy custom root file system files. @@ -314,7 +314,7 @@ _make_custom_airootfs() { cp -af --no-preserve=ownership,mode -- "${profile}/airootfs/." "${pacstrap_dir}" # Set ownership and mode for files and directories for filename in "${!file_permissions[@]}"; do - IFS=':' read -ra permissions <<< "${file_permissions["${filename}"]}" + IFS=':' read -ra permissions <<<"${file_permissions["${filename}"]}" # Prevent file path traversal outside of $pacstrap_dir if [[ "$(realpath -q -- "${pacstrap_dir}${filename}")" != "${pacstrap_dir}"* ]]; then _msg_error "Failed to set permissions on '${pacstrap_dir}${filename}'. Outside of valid path." 1 @@ -355,7 +355,7 @@ _make_packages() { # Unset TMPDIR to work around https://bugs.archlinux.org/task/70580 if [[ "${quiet}" = "y" ]]; then - env -u TMPDIR pacstrap -C "${work_dir}/${buildmode}.pacman.conf" -c -G -M -- "${pacstrap_dir}" "${buildmode_pkg_list[@]}" &> /dev/null + env -u TMPDIR pacstrap -C "${work_dir}/${buildmode}.pacman.conf" -c -G -M -- "${pacstrap_dir}" "${buildmode_pkg_list[@]}" &>/dev/null else env -u TMPDIR pacstrap -C "${work_dir}/${buildmode}.pacman.conf" -c -G -M -- "${pacstrap_dir}" "${buildmode_pkg_list[@]}" fi @@ -399,7 +399,7 @@ _make_customize_airootfs() { else _msg_error "Failed to set permissions on '${pacstrap_dir}${passwd[5]}'. Outside of valid path." 1 fi - done < "${profile}/airootfs/etc/passwd" + done <"${profile}/airootfs/etc/passwd" _msg_info "Done!" fi @@ -452,7 +452,7 @@ _make_bootmode_bios.syslinux.mbr() { s|%ARCHISO_UUID%|${iso_uuid}|g; s|%INSTALL_DIR%|${install_dir}|g; s|%ARCH%|${arch}|g" \ - "${_cfg}" > "${isofs_dir}/boot/syslinux/${_cfg##*/}" + "${_cfg}" >"${isofs_dir}/boot/syslinux/${_cfg##*/}" done if [[ -e "${profile}/syslinux/splash.png" ]]; then install -m 0644 -- "${profile}/syslinux/splash.png" "${isofs_dir}/boot/syslinux/" @@ -527,10 +527,11 @@ _make_efibootimg() { fi # Convert from bytes to KiB and round up to the next full MiB with an additional MiB for reserved sectors. - imgsize_kib="$(awk 'function ceil(x){return int(x)+(x>int(x))} + imgsize_kib="$( + awk 'function ceil(x){return int(x)+(x>int(x))} function byte_to_kib(x){return x/1024} function mib_to_kib(x){return x*1024} - END {print mib_to_kib(ceil((byte_to_kib($1)+1024)/1024))}' <<< "${imgsize_bytes}" + END {print mib_to_kib(ceil((byte_to_kib($1)+1024)/1024))}' <<<"${imgsize_bytes}" )" # The FAT image must be created with mkfs.fat not mformat, as some systems have issues with mformat made images: # https://lists.gnu.org/archive/html/grub-devel/2019-04/msg00099.html @@ -539,7 +540,7 @@ _make_efibootimg() { if [[ "${quiet}" == "y" ]]; then # mkfs.fat does not have a -q/--quiet option, so redirect stdout to /dev/null instead # https://github.com/dosfstools/dosfstools/issues/103 - mkfs.fat -C -n ARCHISO_EFI "${efibootimg}" "${imgsize_kib}" > /dev/null + mkfs.fat -C -n ARCHISO_EFI "${efibootimg}" "${imgsize_kib}" >/dev/null else mkfs.fat -C -n ARCHISO_EFI "${efibootimg}" "${imgsize_kib}" fi @@ -553,7 +554,7 @@ _make_common_bootmode_grub_copy_to_isofs() { local files_to_copy=() files_to_copy+=("${work_dir}/grub/"*) - if compgen -G "${profile}/grub/!(*.cfg)" &> /dev/null; then + if compgen -G "${profile}/grub/!(*.cfg)" &>/dev/null; then files_to_copy+=("${profile}/grub/"!(*.cfg)) fi install -d -m 0755 -- "${isofs_dir}/boot/grub" @@ -561,7 +562,7 @@ _make_common_bootmode_grub_copy_to_isofs() { } # Prepare GRUB configuration files -_make_common_bootmode_grub_cfg(){ +_make_common_bootmode_grub_cfg() { local _cfg search_filename install -d -- "${work_dir}/grub" @@ -569,7 +570,7 @@ _make_common_bootmode_grub_cfg(){ # Create a /boot/grub/YYYY-mm-dd-HH-MM-SS-00.uuid file on ISO 9660. GRUB will search for it to find the ISO # volume. This is similar to what grub-mkrescue does, except it places the file in /.disk/, but we opt to use a # directory that does not start with a dot to avoid it being accidentally missed when copying the ISO's contents. - : > "${work_dir}/grub/${iso_uuid}.uuid" + : >"${work_dir}/grub/${iso_uuid}.uuid" search_filename="/boot/grub/${iso_uuid}.uuid" # Fill GRUB configuration files @@ -579,7 +580,7 @@ _make_common_bootmode_grub_cfg(){ s|%INSTALL_DIR%|${install_dir}|g; s|%ARCH%|${arch}|g; s|%ARCHISO_SEARCH_FILENAME%|${search_filename}|g" \ - "${_cfg}" > "${work_dir}/grub/${_cfg##*/}" + "${_cfg}" >"${work_dir}/grub/${_cfg##*/}" done # Prepare grub.cfg that will be embedded inside the GRUB binaries @@ -622,7 +623,7 @@ else fi EOF grubembedcfg="${grubembedcfg//'%ARCHISO_SEARCH_FILENAME%'/"${search_filename}"}" - printf '%s\n' "$grubembedcfg" > "${work_dir}/grub-embed.cfg" + printf '%s\n' "$grubembedcfg" >"${work_dir}/grub-embed.cfg" # Write grubenv printf '%.1024s' \ @@ -634,7 +635,7 @@ EOF "${arch}" \ "${search_filename}" \ "$(printf '%0.1s' "#"{1..1024})")" \ - > "${work_dir}/grub/grubenv" + >"${work_dir}/grub/grubenv" } _make_bootmode_uefi-ia32.grub.esp() { @@ -651,12 +652,12 @@ _make_bootmode_uefi-ia32.grub.esp() { search_fs_file search_fs_uuid search_label serial sleep tpm udf usb usbserial_common usbserial_ftdi \ usbserial_pl2303 usbserial_usbdebug video xfs zstd) grub-mkstandalone -O i386-efi \ - --modules="${grubmodules[*]}" \ - --locales="en@quot" \ - --themes="" \ - --sbat=/usr/share/grub/sbat.csv \ - --disable-shim-lock \ - -o "${work_dir}/BOOTIA32.EFI" "boot/grub/grub.cfg=${work_dir}/grub-embed.cfg" + --modules="${grubmodules[*]}" \ + --locales="en@quot" \ + --themes="" \ + --sbat=/usr/share/grub/sbat.csv \ + --disable-shim-lock \ + -o "${work_dir}/BOOTIA32.EFI" "boot/grub/grub.cfg=${work_dir}/grub-embed.cfg" # Add GRUB to the list of files used to calculate the required FAT image size. efiboot_files+=("${work_dir}/BOOTIA32.EFI" "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi") @@ -728,12 +729,12 @@ _make_bootmode_uefi-x64.grub.esp() { search_fs_file search_fs_uuid search_label serial sleep tpm udf usb usbserial_common usbserial_ftdi \ usbserial_pl2303 usbserial_usbdebug video xfs zstd) grub-mkstandalone -O x86_64-efi \ - --modules="${grubmodules[*]}" \ - --locales="en@quot" \ - --themes="" \ - --sbat=/usr/share/grub/sbat.csv \ - --disable-shim-lock \ - -o "${work_dir}/BOOTx64.EFI" "boot/grub/grub.cfg=${work_dir}/grub-embed.cfg" + --modules="${grubmodules[*]}" \ + --locales="en@quot" \ + --themes="" \ + --sbat=/usr/share/grub/sbat.csv \ + --disable-shim-lock \ + -o "${work_dir}/BOOTx64.EFI" "boot/grub/grub.cfg=${work_dir}/grub-embed.cfg" # Add GRUB to the list of files used to calculate the required FAT image size. efiboot_files+=("${work_dir}/BOOTx64.EFI" "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi") @@ -866,7 +867,7 @@ _make_bootmode_uefi-x64.systemd-boot.eltorito() { sed "s|%ARCHISO_LABEL%|${iso_label}|g; s|%INSTALL_DIR%|${install_dir}|g; s|%ARCH%|${arch}|g" \ - "${_conf}" > "${isofs_dir}/loader/entries/${_conf##*/}" + "${_conf}" >"${isofs_dir}/loader/entries/${_conf##*/}" done # edk2-shell based UEFI shell @@ -928,13 +929,13 @@ _validate_requirements_bootmode_uefi-x64.systemd-boot.esp() { fi # Check if mkfs.fat is available - if ! command -v mkfs.fat &> /dev/null; then + if ! command -v mkfs.fat &>/dev/null; then (( validation_error=validation_error+1 )) _msg_error "Validating '${bootmode}': mkfs.fat is not available on this host. Install 'dosfstools'!" 0 fi # Check if mmd and mcopy are available - if ! { command -v mmd &> /dev/null && command -v mcopy &> /dev/null; }; then + if ! { command -v mmd &>/dev/null && command -v mcopy &>/dev/null; }; then (( validation_error=validation_error+1 )) _msg_error "Validating '${bootmode}': mmd and/or mcopy are not available on this host. Install 'mtools'!" 0 fi @@ -978,7 +979,7 @@ _validate_requirements_bootmode_uefi-x64.systemd-boot.eltorito() { _validate_requirements_bootmode_uefi-ia32.grub.esp() { # Check if GRUB is available - if ! command -v grub-mkstandalone &> /dev/null; then + if ! command -v grub-mkstandalone &>/dev/null; then (( validation_error=validation_error+1 )) _msg_error "Validating '${bootmode}': grub-install is not available on this host. Install 'grub'!" 0 fi @@ -1005,19 +1006,19 @@ _validate_requirements_bootmode_uefi-x64.grub.esp() { fi # Check if GRUB is available - if ! command -v grub-mkstandalone &> /dev/null; then + if ! command -v grub-mkstandalone &>/dev/null; then (( validation_error=validation_error+1 )) _msg_error "Validating '${bootmode}': grub-install is not available on this host. Install 'grub'!" 0 fi # Check if mkfs.fat is available - if ! command -v mkfs.fat &> /dev/null; then + if ! command -v mkfs.fat &>/dev/null; then (( validation_error=validation_error+1 )) _msg_error "Validating '${bootmode}': mkfs.fat is not available on this host. Install 'dosfstools'!" 0 fi # Check if mmd and mcopy are available - if ! { command -v mmd &> /dev/null && command -v mcopy &> /dev/null; }; then + if ! { command -v mmd &>/dev/null && command -v mcopy &>/dev/null; }; then _msg_error "Validating '${bootmode}': mmd and/or mcopy are not available on this host. Install 'mtools'!" 0 fi @@ -1146,14 +1147,14 @@ _sign_netboot_artifacts() { } _validate_requirements_airootfs_image_type_squashfs() { - if ! command -v mksquashfs &> /dev/null; then + if ! command -v mksquashfs &>/dev/null; then (( validation_error=validation_error+1 )) _msg_error "Validating '${airootfs_image_type}': mksquashfs is not available on this host. Install 'squashfs-tools'!" 0 fi } _validate_requirements_airootfs_image_type_ext4+squashfs() { - if ! { command -v mkfs.ext4 &> /dev/null && command -v tune2fs &> /dev/null; }; then + if ! { command -v mkfs.ext4 &>/dev/null && command -v tune2fs &>/dev/null; }; then (( validation_error=validation_error+1 )) _msg_error "Validating '${airootfs_image_type}': mkfs.ext4 and/or tune2fs is not available on this host. Install 'e2fsprogs'!" 0 fi @@ -1161,22 +1162,22 @@ _validate_requirements_airootfs_image_type_ext4+squashfs() { } _validate_requirements_airootfs_image_type_erofs() { - if ! command -v mkfs.erofs &> /dev/null; then + if ! command -v mkfs.erofs &>/dev/null; then (( validation_error=validation_error+1 )) _msg_error "Validating '${airootfs_image_type}': mkfs.erofs is not available on this host. Install 'erofs-utils'!" 0 fi } _validate_common_requirements_buildmode_all() { - if ! command -v pacman &> /dev/null; then + if ! command -v pacman &>/dev/null; then (( validation_error=validation_error+1 )) _msg_error "Validating build mode '${_buildmode}': pacman is not available on this host. Install 'pacman'!" 0 fi - if ! command -v find &> /dev/null; then + if ! command -v find &>/dev/null; then (( validation_error=validation_error+1 )) _msg_error "Validating build mode '${_buildmode}': find is not available on this host. Install 'findutils'!" 0 fi - if ! command -v gzip &> /dev/null; then + if ! command -v gzip &>/dev/null; then (( validation_error=validation_error+1 )) _msg_error "Validating build mode '${_buildmode}': gzip is not available on this host. Install 'gzip'!" 0 fi @@ -1200,7 +1201,7 @@ _validate_requirements_buildmode_bootstrap() { fi _validate_common_requirements_buildmode_all - if ! command -v bsdtar &> /dev/null; then + if ! command -v bsdtar &>/dev/null; then (( validation_error=validation_error+1 )) _msg_error "Validating build mode '${_buildmode}': bsdtar is not available on this host. Install 'libarchive'!" 0 fi @@ -1237,15 +1238,15 @@ _validate_common_requirements_buildmode_iso_netboot() { _msg_error "Two certificates are required for codesigning netboot artifacts, but '${cert_list[*]}' is provided." 0 fi - if ! command -v openssl &> /dev/null; then + if ! command -v openssl &>/dev/null; then (( validation_error=validation_error+1 )) _msg_error "Validating build mode '${_buildmode}': openssl is not available on this host. Install 'openssl'!" 0 fi fi # Check if the specified airootfs_image_type is supported - if typeset -f "_mkairootfs_${airootfs_image_type}" &> /dev/null; then - if typeset -f "_validate_requirements_airootfs_image_type_${airootfs_image_type}" &> /dev/null; then + if typeset -f "_mkairootfs_${airootfs_image_type}" &>/dev/null; then + if typeset -f "_validate_requirements_airootfs_image_type_${airootfs_image_type}" &>/dev/null; then "_validate_requirements_airootfs_image_type_${airootfs_image_type}" else _msg_warning "Function '_validate_requirements_airootfs_image_type_${airootfs_image_type}' does not exist. Validating the requirements of '${airootfs_image_type}' airootfs image type will not be possible." @@ -1265,8 +1266,8 @@ _validate_requirements_buildmode_iso() { _msg_error "No boot modes specified in '${profile}/profiledef.sh'." 0 fi for bootmode in "${bootmodes[@]}"; do - if typeset -f "_make_bootmode_${bootmode}" &> /dev/null; then - if typeset -f "_validate_requirements_bootmode_${bootmode}" &> /dev/null; then + if typeset -f "_make_bootmode_${bootmode}" &>/dev/null; then + if typeset -f "_validate_requirements_bootmode_${bootmode}" &>/dev/null; then "_validate_requirements_bootmode_${bootmode}" else _msg_warning "Function '_validate_requirements_bootmode_${bootmode}' does not exist. Validating the requirements of '${bootmode}' boot mode will not be possible." @@ -1277,7 +1278,7 @@ _validate_requirements_buildmode_iso() { fi done - if ! command -v awk &> /dev/null; then + if ! command -v awk &>/dev/null; then (( validation_error=validation_error+1 )) _msg_error "Validating build mode '${_buildmode}': awk is not available on this host. Install 'awk'!" 0 fi @@ -1350,7 +1351,7 @@ _add_xorrisofs_options_uefi-x64.systemd-boot.esp() { # A valid GPT prevents BIOS booting on some systems, instead use an invalid GPT (without a protective MBR). # The attached partition will have the EFI system partition type code in MBR, but in the invalid GPT it will # have a Microsoft basic partition type code. - if [[ ! " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.eltorito ' && ! " ${bootmodes[*]} " =~ ' uefi-ia32.grub.eltorito ' ]]; then + if [[ ! " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.eltorito ' && ! " ${bootmodes[*]} " =~ ' uefi-ia32.grub.eltorito ' ]]; then # If '-isohybrid-gpt-basdat' is specified before '-e', then the appended EFI system partition will have the # EFI system partition type ID/GUID in both MBR and GPT. If '-isohybrid-gpt-basdat' is specified after '-e', # the appended EFI system partition will have the Microsoft basic data type GUID in GPT. @@ -1421,7 +1422,7 @@ _add_xorrisofs_options_uefi-x64.grub.esp() { # A valid GPT prevents BIOS booting on some systems, instead use an invalid GPT (without a protective MBR). # The attached partition will have the EFI system partition type code in MBR, but in the invalid GPT it will # have a Microsoft basic partition type code. - if [[ ! " ${bootmodes[*]} " =~ ' uefi-x64.grub.eltorito ' && ! " ${bootmodes[*]} " =~ ' uefi-ia32.grub.eltorito ' ]]; then + if [[ ! " ${bootmodes[*]} " =~ ' uefi-x64.grub.eltorito ' && ! " ${bootmodes[*]} " =~ ' uefi-ia32.grub.eltorito ' ]]; then # If '-isohybrid-gpt-basdat' is specified before '-e', then the appended EFI system partition will have the # EFI system partition type ID/GUID in both MBR and GPT. If '-isohybrid-gpt-basdat' is specified after '-e', # the appended EFI system partition will have the Microsoft basic data type GUID in GPT. @@ -1488,7 +1489,7 @@ _build_bootstrap_image() { cd -- "${_bootstrap_parent}" _msg_info "Creating bootstrap image..." - bsdtar -cf - "root.${arch}" | gzip -cn9 > "${out_dir}/${image_name}" + bsdtar -cf - "root.${arch}" | gzip -cn9 >"${out_dir}/${image_name}" _msg_info "Done!" du -h -- "${out_dir}/${image_name}" cd -- "${OLDPWD}" @@ -1515,24 +1516,24 @@ _build_iso_image() { # Add required xorrisofs options for each boot mode for bootmode in "${bootmodes[@]}"; do - typeset -f "_add_xorrisofs_options_${bootmode}" &> /dev/null && "_add_xorrisofs_options_${bootmode}" + typeset -f "_add_xorrisofs_options_${bootmode}" &>/dev/null && "_add_xorrisofs_options_${bootmode}" done rm -f -- "${out_dir}/${image_name}" _msg_info "Creating ISO image..." xorriso "${xorriso_options[@]}" -as mkisofs \ - -iso-level 3 \ - -full-iso9660-filenames \ - -joliet \ - -joliet-long \ - -rational-rock \ - -volid "${iso_label}" \ - -appid "${iso_application}" \ - -publisher "${iso_publisher}" \ - -preparer "prepared by ${app_name}" \ - "${xorrisofs_options[@]}" \ - -output "${out_dir}/${image_name}" \ - "${isofs_dir}/" + -iso-level 3 \ + -full-iso9660-filenames \ + -joliet \ + -joliet-long \ + -rational-rock \ + -volid "${iso_label}" \ + -appid "${iso_application}" \ + -publisher "${iso_publisher}" \ + -preparer "prepared by ${app_name}" \ + "${xorrisofs_options[@]}" \ + -output "${out_dir}/${image_name}" \ + "${isofs_dir}/" _msg_info "Done!" du -h -- "${out_dir}/${image_name}" } @@ -1592,8 +1593,8 @@ _validate_options() { # Check if the specified buildmodes are supported for _buildmode in "${buildmodes[@]}"; do - if typeset -f "_build_buildmode_${_buildmode}" &> /dev/null; then - if typeset -f "_validate_requirements_buildmode_${_buildmode}" &> /dev/null; then + if typeset -f "_build_buildmode_${_buildmode}" &>/dev/null; then + if typeset -f "_validate_requirements_buildmode_${_buildmode}" &>/dev/null; then "_validate_requirements_buildmode_${_buildmode}" else _msg_warning "Function '_validate_requirements_buildmode_${_buildmode}' does not exist. Validating the requirements of '${_buildmode}' build mode will not be possible." @@ -1689,12 +1690,12 @@ _make_version() { _msg_info "Creating version files..." # Write version file to system installation dir rm -f -- "${pacstrap_dir}/version" - printf '%s\n' "${iso_version}" > "${pacstrap_dir}/version" + printf '%s\n' "${iso_version}" >"${pacstrap_dir}/version" if [[ "${buildmode}" == @("iso"|"netboot") ]]; then install -d -m 0755 -- "${isofs_dir}/${install_dir}" # Write version file to ISO 9660 - printf '%s\n' "${iso_version}" > "${isofs_dir}/${install_dir}/version" + printf '%s\n' "${iso_version}" >"${isofs_dir}/${install_dir}/version" fi if [[ "${buildmode}" == "iso" ]]; then @@ -1704,7 +1705,7 @@ _make_version() { rm -f -- "${isofs_dir}/${install_dir}/grubenv" printf '%.1024s' "$(printf '# GRUB Environment Block\nNAME=%s\nVERSION=%s\n%s' \ "${iso_name}" "${iso_version}" "$(printf '%0.1s' "#"{1..1024})")" \ - > "${isofs_dir}/${install_dir}/grubenv" + >"${isofs_dir}/${install_dir}/grubenv" fi # Append IMAGE_ID & IMAGE_VERSION to os-release @@ -1716,7 +1717,7 @@ _make_version() { _msg_warning "os-release file '${_os_release}' is outside of valid path." else [[ ! -e "${_os_release}" ]] || sed -i '/^IMAGE_ID=/d;/^IMAGE_VERSION=/d' "${_os_release}" - printf 'IMAGE_ID=%s\nIMAGE_VERSION=%s\n' "${iso_name}" "${iso_version}" >> "${_os_release}" + printf 'IMAGE_ID=%s\nIMAGE_VERSION=%s\n' "${iso_name}" "${iso_version}" >>"${_os_release}" fi # Touch /usr/lib/clock-epoch to give another hint on date and time @@ -1730,11 +1731,11 @@ _make_pkglist() { _msg_info "Creating a list of installed packages on live-enviroment..." case "${buildmode}" in "bootstrap") - pacman -Q --sysroot "${pacstrap_dir}" > "${pacstrap_dir}/pkglist.${arch}.txt" + pacman -Q --sysroot "${pacstrap_dir}" >"${pacstrap_dir}/pkglist.${arch}.txt" ;; "iso"|"netboot") install -d -m 0755 -- "${isofs_dir}/${install_dir}" - pacman -Q --sysroot "${pacstrap_dir}" > "${isofs_dir}/${install_dir}/pkglist.${arch}.txt" + pacman -Q --sysroot "${pacstrap_dir}" >"${isofs_dir}/${install_dir}/pkglist.${arch}.txt" ;; esac _msg_info "Done!" @@ -1763,7 +1764,7 @@ _build_iso_base() { # Create working directory _run_once _make_work_dir # Write build date to file if it does not exist already - [[ -e "${work_dir}/build_date" ]] || printf '%s\n' "$SOURCE_DATE_EPOCH" > "${work_dir}/build_date" + [[ -e "${work_dir}/build_date" ]] || printf '%s\n' "$SOURCE_DATE_EPOCH" >"${work_dir}/build_date" [[ "${quiet}" == "y" ]] || _show_config _run_once _make_pacman_conf @@ -1848,15 +1849,15 @@ _build() { while getopts 'c:p:C:L:P:A:D:w:m:o:g:G:vrh?' arg; do case "${arg}" in - p) read -r -a override_pkg_list <<< "${OPTARG}" ;; + p) read -r -a override_pkg_list <<<"${OPTARG}" ;; C) override_pacman_conf="${OPTARG}" ;; L) override_iso_label="${OPTARG}" ;; P) override_iso_publisher="${OPTARG}" ;; A) override_iso_application="${OPTARG}" ;; D) override_install_dir="${OPTARG}" ;; - c) read -r -a override_cert_list <<< "${OPTARG}" ;; + c) read -r -a override_cert_list <<<"${OPTARG}" ;; w) override_work_dir="${OPTARG}" ;; - m) read -r -a override_buildmodes <<< "${OPTARG}" ;; + m) read -r -a override_buildmodes <<<"${OPTARG}" ;; o) override_out_dir="${OPTARG}" ;; g) override_gpg_key="${OPTARG}" ;; G) override_gpg_sender="${OPTARG}" ;; diff --git a/configs/releng/airootfs/root/.automated_script.sh b/configs/releng/airootfs/root/.automated_script.sh index f257537..8e72bf7 100755 --- a/configs/releng/airootfs/root/.automated_script.sh +++ b/configs/releng/airootfs/root/.automated_script.sh @@ -1,17 +1,18 @@ #!/usr/bin/env bash -script_cmdline () -{ +script_cmdline() { local param - for param in $(< /proc/cmdline); do + for param in $(/etc/pacman.d/mirrorlist << EOF +cat >/etc/pacman.d/mirrorlist < # $2 # $3 -unmute_and_set_level(){ - { [ "$3" ] &&[ "$2" ] && [ "$1" ] ; } || bugout +unmute_and_set_level() { + [[ -n "$3" && -n "$2" && -n "$1" ]] || bugout systemd-cat -t "livecdsound" printf "Setting: %s on card: %s to %s\n" "$2" "$1" "$3" systemd-cat -t "livecdsound" amixer -c "$1" set "$2" "$3" unmute return 0 @@ -42,9 +41,8 @@ unmute_and_set_level(){ # $1 # $2 -mute_and_zero_level() -{ - { [ "$1" ] && [ "$2" ] ; } || bugout +mute_and_zero_level() { + [[ -n "$1" && -n "$2" ]] || bugout systemd-cat -t "livecdsound" printf "Muting control: %s on card: %s\n" "$2" "$1" systemd-cat -t "livecdsound" amixer -c "$1" set "$2" "0%" mute return 0 @@ -53,17 +51,15 @@ mute_and_zero_level() # $1 # $2 # $3 "on" | "off" -switch_control() -{ - { [ "$3" ] && [ "$1" ] ; } || bugout +switch_control() { + [[ -n "$3" && -n "$1" ]] || bugout systemd-cat -t "livecdsound" printf "Switching control: %s on card: %s to %s\n" "$2" "$1" "$3" systemd-cat -t "livecdsound" amixer -c "$1" set "$2" "$3" return 0 } # $1 -sanify_levels_on_card() -{ +sanify_levels_on_card() { unmute_and_set_level "$1" "Front" "80%" unmute_and_set_level "$1" "Master" "80%" unmute_and_set_level "$1" "Master Mono" "80%" @@ -134,94 +130,89 @@ sanify_levels_on_card() } # $1 | "all" -sanify_levels() -{ +sanify_levels() { local ttsdml_returnstatus=0 local card case "$1" in - all) - for card in $(echo_card_indices) ; do - sanify_levels_on_card "$card" || ttsdml_returnstatus=1 - done - ;; - *) - sanify_levels_on_card "$1" || ttsdml_returnstatus=1 - ;; + all) + for card in $(echo_card_indices); do + sanify_levels_on_card "$card" || ttsdml_returnstatus=1 + done + ;; + *) + sanify_levels_on_card "$1" || ttsdml_returnstatus=1 + ;; esac - return $ttsdml_returnstatus + return "$ttsdml_returnstatus" } # List all cards that *should* be usable for PCM audio. In my experience, # the console speaker (handled by the pcsp driver) isn't a suitable playback # device, so we'll exclude it. -list_non_pcsp_cards() -{ +list_non_pcsp_cards() { for card in $(echo_card_indices); do local cardfile="/proc/asound/card${card}/id" - if [ -r "$cardfile" ] && [ -f "$cardfile" ] && \ - [ "$(cat "$cardfile")" != pcsp ]; then + if [[ -r "$cardfile" && -f "$cardfile" && "$(cat "$cardfile")" != pcsp ]]; then echo "$card" fi done } # Properly initialize the sound card so that we have audio at boot. -unmute_all_cards() -{ +unmute_all_cards() { sanify_levels all } is_numeric() { - local str=$1 + local str="$1" [[ "$str" =~ ^[0-9]+$ ]] } set_default_card() { - local card=$1 - sed -e "s/%card%/$card/g" < /usr/local/share/livecd-sound/asound.conf.in \ - > /etc/asound.conf + local card="$1" + sed -e "s/%card%/$card/g" /etc/asound.conf } play_on_card() { - local card=$1 file=$2 + local card="$1" file="$2" aplay -q "-Dplughw:$card,0" "$file" } # If there are multiple usable sound cards, prompt the user to choose one, # using auditory feedback. -pick_a_card() -{ +pick_a_card() { set -f usable_cards="$(list_non_pcsp_cards)" - num_usable_cards="$(wc -w <<< "$usable_cards")" + num_usable_cards="$(wc -w <<<"$usable_cards")" - if [ "$num_usable_cards" -eq 1 ]; then + if (( num_usable_cards == 1 )); then systemd-cat -t "livecdsound" printf "Only one sound card is detected\n" exit 0 fi systemd-cat -t "livecdsound" printf "multiple sound cards detected\n" - for card in $usable_cards; do + for card in "${usable_cards[@]}"; do if ! is_numeric "$card"; then continue fi - play_on_card "$card" /usr/share/livecd-sounds/pick-a-card.wav& + play_on_card "$card" /usr/share/livecd-sounds/pick-a-card.wav & done wait sleep 1 - for card in $usable_cards; do + for card in "${usable_cards[@]}"; do if ! is_numeric "$card"; then continue - fi - play_on_card "$card" /usr/share/livecd-sounds/beep.wav - if read -r -t 10; then - systemd-cat -t "livecdsound" printf "Selecting %s sound card as default\n" "$card" - set_default_card "$card" - break - fi -done + fi + play_on_card "$card" /usr/share/livecd-sounds/beep.wav + if read -r -t 10; then + systemd-cat -t "livecdsound" printf "Selecting %s sound card as default\n" "$card" + set_default_card "$card" + break + fi + done } -if [[ $# -eq 0 ]]; then +if (( $# == 0 )); then echo "error: No argument passed." exit 1 fi diff --git a/scripts/run_archiso.sh b/scripts/run_archiso.sh index 6ddce15..87e5e25 100755 --- a/scripts/run_archiso.sh +++ b/scripts/run_archiso.sh @@ -11,7 +11,6 @@ # - qemu # - edk2-ovmf (when UEFI booting) - set -eu print_help() { -- cgit v1.2.3-70-g09d2 From eb5720331bf72ae9ac97d77b0f7c48c3a3fb7980 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Thu, 1 Jun 2023 10:06:07 +0300 Subject: configs/: move custom mkinitcpio.conf files to /etc/mkinitcpio.conf.d/ This allows to retain a pristine /etc/mkinitcpio.conf in the rootfs. --- CHANGELOG.rst | 2 + configs/baseline/airootfs/etc/mkinitcpio.conf | 67 ---------------------- .../airootfs/etc/mkinitcpio.conf.d/archiso.conf | 67 ++++++++++++++++++++++ .../airootfs/etc/mkinitcpio.d/linux.preset | 2 +- configs/releng/airootfs/etc/mkinitcpio.conf | 67 ---------------------- .../airootfs/etc/mkinitcpio.conf.d/archiso.conf | 67 ++++++++++++++++++++++ .../releng/airootfs/etc/mkinitcpio.d/linux.preset | 2 +- 7 files changed, 138 insertions(+), 136 deletions(-) delete mode 100644 configs/baseline/airootfs/etc/mkinitcpio.conf create mode 100644 configs/baseline/airootfs/etc/mkinitcpio.conf.d/archiso.conf delete mode 100644 configs/releng/airootfs/etc/mkinitcpio.conf create mode 100644 configs/releng/airootfs/etc/mkinitcpio.conf.d/archiso.conf (limited to 'configs') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index cab4633..18051a6 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -11,6 +11,8 @@ Added Changed ------- +- Moved custom ``mkinitcpio.conf`` files to ``/etc/mkinitcpio.conf.d/archiso.conf``. + Deprecated ---------- diff --git a/configs/baseline/airootfs/etc/mkinitcpio.conf b/configs/baseline/airootfs/etc/mkinitcpio.conf deleted file mode 100644 index 34b1a06..0000000 --- a/configs/baseline/airootfs/etc/mkinitcpio.conf +++ /dev/null @@ -1,67 +0,0 @@ -# vim:set ft=sh -# MODULES -# The following modules are loaded before any boot hooks are -# run. Advanced users may wish to specify all system modules -# in this array. For instance: -# MODULES=(piix ide_disk reiserfs) -MODULES=() - -# BINARIES -# This setting includes any additional binaries a given user may -# wish into the CPIO image. This is run last, so it may be used to -# override the actual binaries included by a given hook -# BINARIES are dependency parsed, so you may safely ignore libraries -BINARIES=() - -# FILES -# This setting is similar to BINARIES above, however, files are added -# as-is and are not parsed in any way. This is useful for config files. -FILES=() - -# HOOKS -# This is the most important setting in this file. The HOOKS control the -# modules and scripts added to the image, and what happens at boot time. -# Order is important, and it is recommended that you do not change the -# order in which HOOKS are added. Run 'mkinitcpio -H ' for -# help on a given hook. -# 'base' is _required_ unless you know precisely what you are doing. -# 'udev' is _required_ in order to automatically load modules -# 'filesystems' is _required_ unless you specify your fs modules in MODULES -# Examples: -## This setup specifies all modules in the MODULES setting above. -## No raid, lvm2, or encrypted root is needed. -# HOOKS=(base) -# -## This setup will autodetect all modules for your system and should -## work as a sane default -# HOOKS=(base udev autodetect block filesystems) -# -## This setup will generate a 'full' image which supports most systems. -## No autodetection is done. -# HOOKS=(base udev block filesystems) -# -## This setup assembles a pata mdadm array with an encrypted root FS. -## Note: See 'mkinitcpio -H mdadm' for more information on raid devices. -# HOOKS=(base udev block mdadm encrypt filesystems) -# -## This setup loads an lvm2 volume group on a usb device. -# HOOKS=(base udev block lvm2 filesystems) -# -## NOTE: If you have /usr on a separate partition, you MUST include the -# usr, fsck and shutdown hooks. -HOOKS=(base udev modconf archiso block filesystems) - -# COMPRESSION -# Use this to compress the initramfs image. By default, gzip compression -# is used. Use 'cat' to create an uncompressed image. -#COMPRESSION="gzip" -#COMPRESSION="bzip2" -#COMPRESSION="lzma" -#COMPRESSION="xz" -#COMPRESSION="lzop" -#COMPRESSION="lz4" -#COMPRESSION="zstd" - -# COMPRESSION_OPTIONS -# Additional options for the compressor -#COMPRESSION_OPTIONS=() diff --git a/configs/baseline/airootfs/etc/mkinitcpio.conf.d/archiso.conf b/configs/baseline/airootfs/etc/mkinitcpio.conf.d/archiso.conf new file mode 100644 index 0000000..34b1a06 --- /dev/null +++ b/configs/baseline/airootfs/etc/mkinitcpio.conf.d/archiso.conf @@ -0,0 +1,67 @@ +# vim:set ft=sh +# MODULES +# The following modules are loaded before any boot hooks are +# run. Advanced users may wish to specify all system modules +# in this array. For instance: +# MODULES=(piix ide_disk reiserfs) +MODULES=() + +# BINARIES +# This setting includes any additional binaries a given user may +# wish into the CPIO image. This is run last, so it may be used to +# override the actual binaries included by a given hook +# BINARIES are dependency parsed, so you may safely ignore libraries +BINARIES=() + +# FILES +# This setting is similar to BINARIES above, however, files are added +# as-is and are not parsed in any way. This is useful for config files. +FILES=() + +# HOOKS +# This is the most important setting in this file. The HOOKS control the +# modules and scripts added to the image, and what happens at boot time. +# Order is important, and it is recommended that you do not change the +# order in which HOOKS are added. Run 'mkinitcpio -H ' for +# help on a given hook. +# 'base' is _required_ unless you know precisely what you are doing. +# 'udev' is _required_ in order to automatically load modules +# 'filesystems' is _required_ unless you specify your fs modules in MODULES +# Examples: +## This setup specifies all modules in the MODULES setting above. +## No raid, lvm2, or encrypted root is needed. +# HOOKS=(base) +# +## This setup will autodetect all modules for your system and should +## work as a sane default +# HOOKS=(base udev autodetect block filesystems) +# +## This setup will generate a 'full' image which supports most systems. +## No autodetection is done. +# HOOKS=(base udev block filesystems) +# +## This setup assembles a pata mdadm array with an encrypted root FS. +## Note: See 'mkinitcpio -H mdadm' for more information on raid devices. +# HOOKS=(base udev block mdadm encrypt filesystems) +# +## This setup loads an lvm2 volume group on a usb device. +# HOOKS=(base udev block lvm2 filesystems) +# +## NOTE: If you have /usr on a separate partition, you MUST include the +# usr, fsck and shutdown hooks. +HOOKS=(base udev modconf archiso block filesystems) + +# COMPRESSION +# Use this to compress the initramfs image. By default, gzip compression +# is used. Use 'cat' to create an uncompressed image. +#COMPRESSION="gzip" +#COMPRESSION="bzip2" +#COMPRESSION="lzma" +#COMPRESSION="xz" +#COMPRESSION="lzop" +#COMPRESSION="lz4" +#COMPRESSION="zstd" + +# COMPRESSION_OPTIONS +# Additional options for the compressor +#COMPRESSION_OPTIONS=() diff --git a/configs/baseline/airootfs/etc/mkinitcpio.d/linux.preset b/configs/baseline/airootfs/etc/mkinitcpio.d/linux.preset index 9f67184..8e85205 100644 --- a/configs/baseline/airootfs/etc/mkinitcpio.d/linux.preset +++ b/configs/baseline/airootfs/etc/mkinitcpio.d/linux.preset @@ -3,6 +3,6 @@ PRESETS=('archiso') ALL_kver='/boot/vmlinuz-linux' -ALL_config='/etc/mkinitcpio.conf' +archiso_config='/etc/mkinitcpio.conf.d/archiso.conf' archiso_image="/boot/initramfs-linux.img" diff --git a/configs/releng/airootfs/etc/mkinitcpio.conf b/configs/releng/airootfs/etc/mkinitcpio.conf deleted file mode 100644 index 96a8752..0000000 --- a/configs/releng/airootfs/etc/mkinitcpio.conf +++ /dev/null @@ -1,67 +0,0 @@ -# vim:set ft=sh -# MODULES -# The following modules are loaded before any boot hooks are -# run. Advanced users may wish to specify all system modules -# in this array. For instance: -# MODULES=(piix ide_disk reiserfs) -MODULES=() - -# BINARIES -# This setting includes any additional binaries a given user may -# wish into the CPIO image. This is run last, so it may be used to -# override the actual binaries included by a given hook -# BINARIES are dependency parsed, so you may safely ignore libraries -BINARIES=() - -# FILES -# This setting is similar to BINARIES above, however, files are added -# as-is and are not parsed in any way. This is useful for config files. -FILES=() - -# HOOKS -# This is the most important setting in this file. The HOOKS control the -# modules and scripts added to the image, and what happens at boot time. -# Order is important, and it is recommended that you do not change the -# order in which HOOKS are added. Run 'mkinitcpio -H ' for -# help on a given hook. -# 'base' is _required_ unless you know precisely what you are doing. -# 'udev' is _required_ in order to automatically load modules -# 'filesystems' is _required_ unless you specify your fs modules in MODULES -# Examples: -## This setup specifies all modules in the MODULES setting above. -## No raid, lvm2, or encrypted root is needed. -# HOOKS=(base) -# -## This setup will autodetect all modules for your system and should -## work as a sane default -# HOOKS=(base udev autodetect block filesystems) -# -## This setup will generate a 'full' image which supports most systems. -## No autodetection is done. -# HOOKS=(base udev block filesystems) -# -## This setup assembles a pata mdadm array with an encrypted root FS. -## Note: See 'mkinitcpio -H mdadm' for more information on raid devices. -# HOOKS=(base udev block mdadm encrypt filesystems) -# -## This setup loads an lvm2 volume group on a usb device. -# HOOKS=(base udev block lvm2 filesystems) -# -## NOTE: If you have /usr on a separate partition, you MUST include the -# usr, fsck and shutdown hooks. -HOOKS=(base udev modconf kms memdisk archiso archiso_loop_mnt archiso_pxe_common archiso_pxe_nbd archiso_pxe_http archiso_pxe_nfs block filesystems keyboard) - -# COMPRESSION -# Use this to compress the initramfs image. By default, gzip compression -# is used. Use 'cat' to create an uncompressed image. -#COMPRESSION="gzip" -#COMPRESSION="bzip2" -#COMPRESSION="lzma" -COMPRESSION="xz" -#COMPRESSION="lzop" -#COMPRESSION="lz4" -#COMPRESSION="zstd" - -# COMPRESSION_OPTIONS -# Additional options for the compressor -#COMPRESSION_OPTIONS=() diff --git a/configs/releng/airootfs/etc/mkinitcpio.conf.d/archiso.conf b/configs/releng/airootfs/etc/mkinitcpio.conf.d/archiso.conf new file mode 100644 index 0000000..96a8752 --- /dev/null +++ b/configs/releng/airootfs/etc/mkinitcpio.conf.d/archiso.conf @@ -0,0 +1,67 @@ +# vim:set ft=sh +# MODULES +# The following modules are loaded before any boot hooks are +# run. Advanced users may wish to specify all system modules +# in this array. For instance: +# MODULES=(piix ide_disk reiserfs) +MODULES=() + +# BINARIES +# This setting includes any additional binaries a given user may +# wish into the CPIO image. This is run last, so it may be used to +# override the actual binaries included by a given hook +# BINARIES are dependency parsed, so you may safely ignore libraries +BINARIES=() + +# FILES +# This setting is similar to BINARIES above, however, files are added +# as-is and are not parsed in any way. This is useful for config files. +FILES=() + +# HOOKS +# This is the most important setting in this file. The HOOKS control the +# modules and scripts added to the image, and what happens at boot time. +# Order is important, and it is recommended that you do not change the +# order in which HOOKS are added. Run 'mkinitcpio -H ' for +# help on a given hook. +# 'base' is _required_ unless you know precisely what you are doing. +# 'udev' is _required_ in order to automatically load modules +# 'filesystems' is _required_ unless you specify your fs modules in MODULES +# Examples: +## This setup specifies all modules in the MODULES setting above. +## No raid, lvm2, or encrypted root is needed. +# HOOKS=(base) +# +## This setup will autodetect all modules for your system and should +## work as a sane default +# HOOKS=(base udev autodetect block filesystems) +# +## This setup will generate a 'full' image which supports most systems. +## No autodetection is done. +# HOOKS=(base udev block filesystems) +# +## This setup assembles a pata mdadm array with an encrypted root FS. +## Note: See 'mkinitcpio -H mdadm' for more information on raid devices. +# HOOKS=(base udev block mdadm encrypt filesystems) +# +## This setup loads an lvm2 volume group on a usb device. +# HOOKS=(base udev block lvm2 filesystems) +# +## NOTE: If you have /usr on a separate partition, you MUST include the +# usr, fsck and shutdown hooks. +HOOKS=(base udev modconf kms memdisk archiso archiso_loop_mnt archiso_pxe_common archiso_pxe_nbd archiso_pxe_http archiso_pxe_nfs block filesystems keyboard) + +# COMPRESSION +# Use this to compress the initramfs image. By default, gzip compression +# is used. Use 'cat' to create an uncompressed image. +#COMPRESSION="gzip" +#COMPRESSION="bzip2" +#COMPRESSION="lzma" +COMPRESSION="xz" +#COMPRESSION="lzop" +#COMPRESSION="lz4" +#COMPRESSION="zstd" + +# COMPRESSION_OPTIONS +# Additional options for the compressor +#COMPRESSION_OPTIONS=() diff --git a/configs/releng/airootfs/etc/mkinitcpio.d/linux.preset b/configs/releng/airootfs/etc/mkinitcpio.d/linux.preset index 9f67184..8e85205 100644 --- a/configs/releng/airootfs/etc/mkinitcpio.d/linux.preset +++ b/configs/releng/airootfs/etc/mkinitcpio.d/linux.preset @@ -3,6 +3,6 @@ PRESETS=('archiso') ALL_kver='/boot/vmlinuz-linux' -ALL_config='/etc/mkinitcpio.conf' +archiso_config='/etc/mkinitcpio.conf.d/archiso.conf' archiso_image="/boot/initramfs-linux.img" -- cgit v1.2.3-70-g09d2 From 17a71ade2ee2fb6c5774bef43e7b8121d00b4bcf Mon Sep 17 00:00:00 2001 From: nl6720 Date: Thu, 1 Jun 2023 10:11:29 +0300 Subject: configs/*/airootfs/etc/mkinitcpio.conf.d/archiso.conf: remove comments and unused options Set only the custom values for HOOKS and COMPRESSION. --- .../airootfs/etc/mkinitcpio.conf.d/archiso.conf | 66 ---------------------- .../airootfs/etc/mkinitcpio.conf.d/archiso.conf | 65 --------------------- 2 files changed, 131 deletions(-) (limited to 'configs') diff --git a/configs/baseline/airootfs/etc/mkinitcpio.conf.d/archiso.conf b/configs/baseline/airootfs/etc/mkinitcpio.conf.d/archiso.conf index 34b1a06..fd9cd48 100644 --- a/configs/baseline/airootfs/etc/mkinitcpio.conf.d/archiso.conf +++ b/configs/baseline/airootfs/etc/mkinitcpio.conf.d/archiso.conf @@ -1,67 +1 @@ -# vim:set ft=sh -# MODULES -# The following modules are loaded before any boot hooks are -# run. Advanced users may wish to specify all system modules -# in this array. For instance: -# MODULES=(piix ide_disk reiserfs) -MODULES=() - -# BINARIES -# This setting includes any additional binaries a given user may -# wish into the CPIO image. This is run last, so it may be used to -# override the actual binaries included by a given hook -# BINARIES are dependency parsed, so you may safely ignore libraries -BINARIES=() - -# FILES -# This setting is similar to BINARIES above, however, files are added -# as-is and are not parsed in any way. This is useful for config files. -FILES=() - -# HOOKS -# This is the most important setting in this file. The HOOKS control the -# modules and scripts added to the image, and what happens at boot time. -# Order is important, and it is recommended that you do not change the -# order in which HOOKS are added. Run 'mkinitcpio -H ' for -# help on a given hook. -# 'base' is _required_ unless you know precisely what you are doing. -# 'udev' is _required_ in order to automatically load modules -# 'filesystems' is _required_ unless you specify your fs modules in MODULES -# Examples: -## This setup specifies all modules in the MODULES setting above. -## No raid, lvm2, or encrypted root is needed. -# HOOKS=(base) -# -## This setup will autodetect all modules for your system and should -## work as a sane default -# HOOKS=(base udev autodetect block filesystems) -# -## This setup will generate a 'full' image which supports most systems. -## No autodetection is done. -# HOOKS=(base udev block filesystems) -# -## This setup assembles a pata mdadm array with an encrypted root FS. -## Note: See 'mkinitcpio -H mdadm' for more information on raid devices. -# HOOKS=(base udev block mdadm encrypt filesystems) -# -## This setup loads an lvm2 volume group on a usb device. -# HOOKS=(base udev block lvm2 filesystems) -# -## NOTE: If you have /usr on a separate partition, you MUST include the -# usr, fsck and shutdown hooks. HOOKS=(base udev modconf archiso block filesystems) - -# COMPRESSION -# Use this to compress the initramfs image. By default, gzip compression -# is used. Use 'cat' to create an uncompressed image. -#COMPRESSION="gzip" -#COMPRESSION="bzip2" -#COMPRESSION="lzma" -#COMPRESSION="xz" -#COMPRESSION="lzop" -#COMPRESSION="lz4" -#COMPRESSION="zstd" - -# COMPRESSION_OPTIONS -# Additional options for the compressor -#COMPRESSION_OPTIONS=() diff --git a/configs/releng/airootfs/etc/mkinitcpio.conf.d/archiso.conf b/configs/releng/airootfs/etc/mkinitcpio.conf.d/archiso.conf index 96a8752..b4b3095 100644 --- a/configs/releng/airootfs/etc/mkinitcpio.conf.d/archiso.conf +++ b/configs/releng/airootfs/etc/mkinitcpio.conf.d/archiso.conf @@ -1,67 +1,2 @@ -# vim:set ft=sh -# MODULES -# The following modules are loaded before any boot hooks are -# run. Advanced users may wish to specify all system modules -# in this array. For instance: -# MODULES=(piix ide_disk reiserfs) -MODULES=() - -# BINARIES -# This setting includes any additional binaries a given user may -# wish into the CPIO image. This is run last, so it may be used to -# override the actual binaries included by a given hook -# BINARIES are dependency parsed, so you may safely ignore libraries -BINARIES=() - -# FILES -# This setting is similar to BINARIES above, however, files are added -# as-is and are not parsed in any way. This is useful for config files. -FILES=() - -# HOOKS -# This is the most important setting in this file. The HOOKS control the -# modules and scripts added to the image, and what happens at boot time. -# Order is important, and it is recommended that you do not change the -# order in which HOOKS are added. Run 'mkinitcpio -H ' for -# help on a given hook. -# 'base' is _required_ unless you know precisely what you are doing. -# 'udev' is _required_ in order to automatically load modules -# 'filesystems' is _required_ unless you specify your fs modules in MODULES -# Examples: -## This setup specifies all modules in the MODULES setting above. -## No raid, lvm2, or encrypted root is needed. -# HOOKS=(base) -# -## This setup will autodetect all modules for your system and should -## work as a sane default -# HOOKS=(base udev autodetect block filesystems) -# -## This setup will generate a 'full' image which supports most systems. -## No autodetection is done. -# HOOKS=(base udev block filesystems) -# -## This setup assembles a pata mdadm array with an encrypted root FS. -## Note: See 'mkinitcpio -H mdadm' for more information on raid devices. -# HOOKS=(base udev block mdadm encrypt filesystems) -# -## This setup loads an lvm2 volume group on a usb device. -# HOOKS=(base udev block lvm2 filesystems) -# -## NOTE: If you have /usr on a separate partition, you MUST include the -# usr, fsck and shutdown hooks. HOOKS=(base udev modconf kms memdisk archiso archiso_loop_mnt archiso_pxe_common archiso_pxe_nbd archiso_pxe_http archiso_pxe_nfs block filesystems keyboard) - -# COMPRESSION -# Use this to compress the initramfs image. By default, gzip compression -# is used. Use 'cat' to create an uncompressed image. -#COMPRESSION="gzip" -#COMPRESSION="bzip2" -#COMPRESSION="lzma" COMPRESSION="xz" -#COMPRESSION="lzop" -#COMPRESSION="lz4" -#COMPRESSION="zstd" - -# COMPRESSION_OPTIONS -# Additional options for the compressor -#COMPRESSION_OPTIONS=() -- cgit v1.2.3-70-g09d2 From 0b8704fe4bda6b9208b5bb9e4060a0aeeea2a669 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Sun, 30 Jul 2023 15:52:51 +0300 Subject: configs/releng/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount: use tmpfs with noswap option Since tmpfs has a `noswap` option, use it instead of ramfs. Unlike ramfs, tmpfs has a limit to its size. This reverts commit 09b0428128700f37bd465eb54c6e45f69c17617d ("configs/releng/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount: use ramfs"). --- CHANGELOG.rst | 2 ++ configs/releng/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount | 6 +++--- 2 files changed, 5 insertions(+), 3 deletions(-) (limited to 'configs') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 18051a6..cdfd7f5 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -12,6 +12,8 @@ Changed ------- - Moved custom ``mkinitcpio.conf`` files to ``/etc/mkinitcpio.conf.d/archiso.conf``. +- Mount ``/etc/pacman.d/gnupg`` on tmpfs with option ``noswap`` instead of using ramfs. This ensures there is a limit to + the file system size. Deprecated ---------- diff --git a/configs/releng/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount b/configs/releng/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount index 0ba0e67..038961e 100644 --- a/configs/releng/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount +++ b/configs/releng/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount @@ -2,7 +2,7 @@ Description=Temporary /etc/pacman.d/gnupg directory [Mount] -What=ramfs +What=tmpfs Where=/etc/pacman.d/gnupg -Type=ramfs -Options=mode=0755 +Type=tmpfs +Options=mode=0755,noswap -- cgit v1.2.3-70-g09d2 From 2e6db24f23abe37e0aefbe8950ecc6c15e3bd50f Mon Sep 17 00:00:00 2001 From: nl6720 Date: Wed, 2 Aug 2023 11:10:37 +0300 Subject: Set IPv6PrivacyExtensions=yes in global systemd-netorkd configuration Since systemd 245, IPv6PrivacyExtensions can be set not just per connection, but also globally for all connection with a configuration file in /etc/systemd/network.conf.d/. --- CHANGELOG.rst | 1 + .../airootfs/etc/systemd/network.conf.d/ipv6-privacy-extensions.conf | 2 ++ configs/baseline/airootfs/etc/systemd/network/20-ethernet.network | 1 - .../airootfs/etc/systemd/network.conf.d/ipv6-privacy-extensions.conf | 2 ++ configs/releng/airootfs/etc/systemd/network/20-ethernet.network | 1 - configs/releng/airootfs/etc/systemd/network/20-wlan.network | 1 - configs/releng/airootfs/etc/systemd/network/20-wwan.network | 1 - 7 files changed, 5 insertions(+), 4 deletions(-) create mode 100644 configs/baseline/airootfs/etc/systemd/network.conf.d/ipv6-privacy-extensions.conf create mode 100644 configs/releng/airootfs/etc/systemd/network.conf.d/ipv6-privacy-extensions.conf (limited to 'configs') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index cdfd7f5..1323333 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -14,6 +14,7 @@ Changed - Moved custom ``mkinitcpio.conf`` files to ``/etc/mkinitcpio.conf.d/archiso.conf``. - Mount ``/etc/pacman.d/gnupg`` on tmpfs with option ``noswap`` instead of using ramfs. This ensures there is a limit to the file system size. +- Enable systemd-networkd's support for IPv6 Privacy Extensions globally instead of per-connection. Deprecated ---------- diff --git a/configs/baseline/airootfs/etc/systemd/network.conf.d/ipv6-privacy-extensions.conf b/configs/baseline/airootfs/etc/systemd/network.conf.d/ipv6-privacy-extensions.conf new file mode 100644 index 0000000..0e9ceb4 --- /dev/null +++ b/configs/baseline/airootfs/etc/systemd/network.conf.d/ipv6-privacy-extensions.conf @@ -0,0 +1,2 @@ +[Network] +IPv6PrivacyExtensions=yes diff --git a/configs/baseline/airootfs/etc/systemd/network/20-ethernet.network b/configs/baseline/airootfs/etc/systemd/network/20-ethernet.network index 64bb07e..177e0aa 100644 --- a/configs/baseline/airootfs/etc/systemd/network/20-ethernet.network +++ b/configs/baseline/airootfs/etc/systemd/network/20-ethernet.network @@ -8,4 +8,3 @@ Name=eth* [Network] DHCP=yes MulticastDNS=yes -IPv6PrivacyExtensions=yes diff --git a/configs/releng/airootfs/etc/systemd/network.conf.d/ipv6-privacy-extensions.conf b/configs/releng/airootfs/etc/systemd/network.conf.d/ipv6-privacy-extensions.conf new file mode 100644 index 0000000..0e9ceb4 --- /dev/null +++ b/configs/releng/airootfs/etc/systemd/network.conf.d/ipv6-privacy-extensions.conf @@ -0,0 +1,2 @@ +[Network] +IPv6PrivacyExtensions=yes diff --git a/configs/releng/airootfs/etc/systemd/network/20-ethernet.network b/configs/releng/airootfs/etc/systemd/network/20-ethernet.network index ce8de1f..4b0f9b3 100644 --- a/configs/releng/airootfs/etc/systemd/network/20-ethernet.network +++ b/configs/releng/airootfs/etc/systemd/network/20-ethernet.network @@ -8,7 +8,6 @@ Name=eth* [Network] DHCP=yes MulticastDNS=yes -IPv6PrivacyExtensions=yes # systemd-networkd does not set per-interface-type default route metrics # https://github.com/systemd/systemd/issues/17698 diff --git a/configs/releng/airootfs/etc/systemd/network/20-wlan.network b/configs/releng/airootfs/etc/systemd/network/20-wlan.network index e5990bf..970eb70 100644 --- a/configs/releng/airootfs/etc/systemd/network/20-wlan.network +++ b/configs/releng/airootfs/etc/systemd/network/20-wlan.network @@ -4,7 +4,6 @@ Name=wl* [Network] DHCP=yes MulticastDNS=yes -IPv6PrivacyExtensions=yes # systemd-networkd does not set per-interface-type default route metrics # https://github.com/systemd/systemd/issues/17698 diff --git a/configs/releng/airootfs/etc/systemd/network/20-wwan.network b/configs/releng/airootfs/etc/systemd/network/20-wwan.network index 9104c24..625abbe 100644 --- a/configs/releng/airootfs/etc/systemd/network/20-wwan.network +++ b/configs/releng/airootfs/etc/systemd/network/20-wwan.network @@ -3,7 +3,6 @@ Name=ww* [Network] DHCP=yes -IPv6PrivacyExtensions=yes # systemd-networkd does not set per-interface-type default route metrics # https://github.com/systemd/systemd/issues/17698 -- cgit v1.2.3-70-g09d2 From 9bb29f39805f38b1fecd6c6b5660ed124202f930 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Fri, 11 Aug 2023 11:51:31 +0300 Subject: configs/releng/packages.x86_64: add tpm2-tools The tools are useful for clearing, creating and reading keys and etc. on the TPM. --- CHANGELOG.rst | 2 ++ configs/releng/packages.x86_64 | 1 + 2 files changed, 3 insertions(+) (limited to 'configs') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 1323333..6d9546f 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -8,6 +8,8 @@ Changelog Added ----- +- Add tpm2-tools to releng to allow clearing, creating and reading keys on the TPM. + Changed ------- diff --git a/configs/releng/packages.x86_64 b/configs/releng/packages.x86_64 index 43678b2..98b86cf 100644 --- a/configs/releng/packages.x86_64 +++ b/configs/releng/packages.x86_64 @@ -107,6 +107,7 @@ tcpdump terminus-font testdisk tmux +tpm2-tools tpm2-tss udftools usb_modeswitch -- cgit v1.2.3-70-g09d2 From d501e235bb784885b3bd59843d701b1e546ad492 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Sat, 12 Aug 2023 09:07:03 +0300 Subject: Move custom sshd_config to /etc/ssh/sshd_config.d/ openssh 9.4p1-2 changed /etc/ssh/sshd_config to add support for drop-in files in /etc/ssh/sshd_config.d/. Using drop-in files avoids needing to keep up with changes to the default /etc/ssh/sshd_config. --- CHANGELOG.rst | 1 + configs/baseline/airootfs/etc/ssh/sshd_config | 116 --------------------- .../airootfs/etc/ssh/sshd_config.d/10-archiso.conf | 116 +++++++++++++++++++++ configs/releng/airootfs/etc/ssh/sshd_config | 116 --------------------- .../airootfs/etc/ssh/sshd_config.d/10-archiso.conf | 116 +++++++++++++++++++++ 5 files changed, 233 insertions(+), 232 deletions(-) delete mode 100644 configs/baseline/airootfs/etc/ssh/sshd_config create mode 100644 configs/baseline/airootfs/etc/ssh/sshd_config.d/10-archiso.conf delete mode 100644 configs/releng/airootfs/etc/ssh/sshd_config create mode 100644 configs/releng/airootfs/etc/ssh/sshd_config.d/10-archiso.conf (limited to 'configs') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 6d9546f..c6f6296 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -17,6 +17,7 @@ Changed - Mount ``/etc/pacman.d/gnupg`` on tmpfs with option ``noswap`` instead of using ramfs. This ensures there is a limit to the file system size. - Enable systemd-networkd's support for IPv6 Privacy Extensions globally instead of per-connection. +- Moved custom ``sshd_config`` files to ``/ssh/sshd_config.d/10-archiso.conf`` Deprecated ---------- diff --git a/configs/baseline/airootfs/etc/ssh/sshd_config b/configs/baseline/airootfs/etc/ssh/sshd_config deleted file mode 100644 index dc22c11..0000000 --- a/configs/baseline/airootfs/etc/ssh/sshd_config +++ /dev/null @@ -1,116 +0,0 @@ -# $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $ - -# This is the sshd server system-wide configuration file. See -# sshd_config(5) for more information. - -# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/bin - -# The strategy used for options in the default sshd_config shipped with -# OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options override the -# default value. - -#Port 22 -#AddressFamily any -#ListenAddress 0.0.0.0 -#ListenAddress :: - -#HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_ecdsa_key -#HostKey /etc/ssh/ssh_host_ed25519_key - -# Ciphers and keying -#RekeyLimit default none - -# Logging -#SyslogFacility AUTH -#LogLevel INFO - -# Authentication: - -#LoginGraceTime 2m -PermitRootLogin yes -#StrictModes yes -#MaxAuthTries 6 -#MaxSessions 10 - -#PubkeyAuthentication yes - -# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 -# but this is overridden so installations will only check .ssh/authorized_keys -AuthorizedKeysFile .ssh/authorized_keys - -#AuthorizedPrincipalsFile none - -#AuthorizedKeysCommand none -#AuthorizedKeysCommandUser nobody - -# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#HostbasedAuthentication no -# Change to yes if you don't trust ~/.ssh/known_hosts for -# HostbasedAuthentication -#IgnoreUserKnownHosts no -# Don't read the user's ~/.rhosts and ~/.shosts files -#IgnoreRhosts yes - -# To disable tunneled clear text passwords, change to no here! -#PasswordAuthentication yes -#PermitEmptyPasswords no - -# Change to no to disable s/key passwords -KbdInteractiveAuthentication no - -# Kerberos options -#KerberosAuthentication no -#KerberosOrLocalPasswd yes -#KerberosTicketCleanup yes -#KerberosGetAFSToken no - -# GSSAPI options -#GSSAPIAuthentication no -#GSSAPICleanupCredentials yes - -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will -# be allowed through the KbdInteractiveAuthentication and -# PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via KbdInteractiveAuthentication may bypass -# the setting of "PermitRootLogin prohibit-password". -# If you just want the PAM account and session checks to run without -# PAM authentication, then enable this but set PasswordAuthentication -# and KbdInteractiveAuthentication to 'no'. -UsePAM yes - -#AllowAgentForwarding yes -#AllowTcpForwarding yes -#GatewayPorts no -#X11Forwarding no -#X11DisplayOffset 10 -#X11UseLocalhost yes -#PermitTTY yes -PrintMotd no -#PrintLastLog yes -#TCPKeepAlive yes -#PermitUserEnvironment no -#Compression delayed -#ClientAliveInterval 0 -#ClientAliveCountMax 3 -#UseDNS no -#PidFile /run/sshd.pid -#MaxStartups 10:30:100 -#PermitTunnel no -#ChrootDirectory none -#VersionAddendum none - -# no default banner path -#Banner none - -# override default of no subsystems -Subsystem sftp /usr/lib/ssh/sftp-server - -# Example of overriding settings on a per-user basis -#Match User anoncvs -# X11Forwarding no -# AllowTcpForwarding no -# PermitTTY no -# ForceCommand cvs server diff --git a/configs/baseline/airootfs/etc/ssh/sshd_config.d/10-archiso.conf b/configs/baseline/airootfs/etc/ssh/sshd_config.d/10-archiso.conf new file mode 100644 index 0000000..dc22c11 --- /dev/null +++ b/configs/baseline/airootfs/etc/ssh/sshd_config.d/10-archiso.conf @@ -0,0 +1,116 @@ +# $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/bin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options override the +# default value. + +#Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key +#HostKey /etc/ssh/ssh_host_ed25519_key + +# Ciphers and keying +#RekeyLimit default none + +# Logging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +PermitRootLogin yes +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#PubkeyAuthentication yes + +# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 +# but this is overridden so installations will only check .ssh/authorized_keys +AuthorizedKeysFile .ssh/authorized_keys + +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +#PermitEmptyPasswords no + +# Change to no to disable s/key passwords +KbdInteractiveAuthentication no + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the KbdInteractiveAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via KbdInteractiveAuthentication may bypass +# the setting of "PermitRootLogin prohibit-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and KbdInteractiveAuthentication to 'no'. +UsePAM yes + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +#X11Forwarding no +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PermitTTY yes +PrintMotd no +#PrintLastLog yes +#TCPKeepAlive yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS no +#PidFile /run/sshd.pid +#MaxStartups 10:30:100 +#PermitTunnel no +#ChrootDirectory none +#VersionAddendum none + +# no default banner path +#Banner none + +# override default of no subsystems +Subsystem sftp /usr/lib/ssh/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# PermitTTY no +# ForceCommand cvs server diff --git a/configs/releng/airootfs/etc/ssh/sshd_config b/configs/releng/airootfs/etc/ssh/sshd_config deleted file mode 100644 index dc22c11..0000000 --- a/configs/releng/airootfs/etc/ssh/sshd_config +++ /dev/null @@ -1,116 +0,0 @@ -# $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $ - -# This is the sshd server system-wide configuration file. See -# sshd_config(5) for more information. - -# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/bin - -# The strategy used for options in the default sshd_config shipped with -# OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options override the -# default value. - -#Port 22 -#AddressFamily any -#ListenAddress 0.0.0.0 -#ListenAddress :: - -#HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_ecdsa_key -#HostKey /etc/ssh/ssh_host_ed25519_key - -# Ciphers and keying -#RekeyLimit default none - -# Logging -#SyslogFacility AUTH -#LogLevel INFO - -# Authentication: - -#LoginGraceTime 2m -PermitRootLogin yes -#StrictModes yes -#MaxAuthTries 6 -#MaxSessions 10 - -#PubkeyAuthentication yes - -# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 -# but this is overridden so installations will only check .ssh/authorized_keys -AuthorizedKeysFile .ssh/authorized_keys - -#AuthorizedPrincipalsFile none - -#AuthorizedKeysCommand none -#AuthorizedKeysCommandUser nobody - -# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#HostbasedAuthentication no -# Change to yes if you don't trust ~/.ssh/known_hosts for -# HostbasedAuthentication -#IgnoreUserKnownHosts no -# Don't read the user's ~/.rhosts and ~/.shosts files -#IgnoreRhosts yes - -# To disable tunneled clear text passwords, change to no here! -#PasswordAuthentication yes -#PermitEmptyPasswords no - -# Change to no to disable s/key passwords -KbdInteractiveAuthentication no - -# Kerberos options -#KerberosAuthentication no -#KerberosOrLocalPasswd yes -#KerberosTicketCleanup yes -#KerberosGetAFSToken no - -# GSSAPI options -#GSSAPIAuthentication no -#GSSAPICleanupCredentials yes - -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will -# be allowed through the KbdInteractiveAuthentication and -# PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via KbdInteractiveAuthentication may bypass -# the setting of "PermitRootLogin prohibit-password". -# If you just want the PAM account and session checks to run without -# PAM authentication, then enable this but set PasswordAuthentication -# and KbdInteractiveAuthentication to 'no'. -UsePAM yes - -#AllowAgentForwarding yes -#AllowTcpForwarding yes -#GatewayPorts no -#X11Forwarding no -#X11DisplayOffset 10 -#X11UseLocalhost yes -#PermitTTY yes -PrintMotd no -#PrintLastLog yes -#TCPKeepAlive yes -#PermitUserEnvironment no -#Compression delayed -#ClientAliveInterval 0 -#ClientAliveCountMax 3 -#UseDNS no -#PidFile /run/sshd.pid -#MaxStartups 10:30:100 -#PermitTunnel no -#ChrootDirectory none -#VersionAddendum none - -# no default banner path -#Banner none - -# override default of no subsystems -Subsystem sftp /usr/lib/ssh/sftp-server - -# Example of overriding settings on a per-user basis -#Match User anoncvs -# X11Forwarding no -# AllowTcpForwarding no -# PermitTTY no -# ForceCommand cvs server diff --git a/configs/releng/airootfs/etc/ssh/sshd_config.d/10-archiso.conf b/configs/releng/airootfs/etc/ssh/sshd_config.d/10-archiso.conf new file mode 100644 index 0000000..dc22c11 --- /dev/null +++ b/configs/releng/airootfs/etc/ssh/sshd_config.d/10-archiso.conf @@ -0,0 +1,116 @@ +# $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/bin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options override the +# default value. + +#Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key +#HostKey /etc/ssh/ssh_host_ed25519_key + +# Ciphers and keying +#RekeyLimit default none + +# Logging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +PermitRootLogin yes +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#PubkeyAuthentication yes + +# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 +# but this is overridden so installations will only check .ssh/authorized_keys +AuthorizedKeysFile .ssh/authorized_keys + +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +#PermitEmptyPasswords no + +# Change to no to disable s/key passwords +KbdInteractiveAuthentication no + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the KbdInteractiveAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via KbdInteractiveAuthentication may bypass +# the setting of "PermitRootLogin prohibit-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and KbdInteractiveAuthentication to 'no'. +UsePAM yes + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +#X11Forwarding no +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PermitTTY yes +PrintMotd no +#PrintLastLog yes +#TCPKeepAlive yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS no +#PidFile /run/sshd.pid +#MaxStartups 10:30:100 +#PermitTunnel no +#ChrootDirectory none +#VersionAddendum none + +# no default banner path +#Banner none + +# override default of no subsystems +Subsystem sftp /usr/lib/ssh/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# PermitTTY no +# ForceCommand cvs server -- cgit v1.2.3-70-g09d2 From 174f8185813aa9b26dde20be41b5215f33d2139e Mon Sep 17 00:00:00 2001 From: nl6720 Date: Sat, 12 Aug 2023 09:13:42 +0300 Subject: /etc/ssh/sshd_config.d/10-archiso.conf: keep only the modified options The only changes we make to the default are to enable root login via a password. While `PasswordAuthentication yes` is the default, let's set it explicitly to avoid potential issues in the future. --- .../airootfs/etc/ssh/sshd_config.d/10-archiso.conf | 117 +-------------------- .../airootfs/etc/ssh/sshd_config.d/10-archiso.conf | 117 +-------------------- 2 files changed, 4 insertions(+), 230 deletions(-) (limited to 'configs') diff --git a/configs/baseline/airootfs/etc/ssh/sshd_config.d/10-archiso.conf b/configs/baseline/airootfs/etc/ssh/sshd_config.d/10-archiso.conf index dc22c11..6ea7b41 100644 --- a/configs/baseline/airootfs/etc/ssh/sshd_config.d/10-archiso.conf +++ b/configs/baseline/airootfs/etc/ssh/sshd_config.d/10-archiso.conf @@ -1,116 +1,3 @@ -# $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $ - -# This is the sshd server system-wide configuration file. See -# sshd_config(5) for more information. - -# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/bin - -# The strategy used for options in the default sshd_config shipped with -# OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options override the -# default value. - -#Port 22 -#AddressFamily any -#ListenAddress 0.0.0.0 -#ListenAddress :: - -#HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_ecdsa_key -#HostKey /etc/ssh/ssh_host_ed25519_key - -# Ciphers and keying -#RekeyLimit default none - -# Logging -#SyslogFacility AUTH -#LogLevel INFO - -# Authentication: - -#LoginGraceTime 2m +# Allow root login using password authentication +PasswordAuthentication yes PermitRootLogin yes -#StrictModes yes -#MaxAuthTries 6 -#MaxSessions 10 - -#PubkeyAuthentication yes - -# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 -# but this is overridden so installations will only check .ssh/authorized_keys -AuthorizedKeysFile .ssh/authorized_keys - -#AuthorizedPrincipalsFile none - -#AuthorizedKeysCommand none -#AuthorizedKeysCommandUser nobody - -# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#HostbasedAuthentication no -# Change to yes if you don't trust ~/.ssh/known_hosts for -# HostbasedAuthentication -#IgnoreUserKnownHosts no -# Don't read the user's ~/.rhosts and ~/.shosts files -#IgnoreRhosts yes - -# To disable tunneled clear text passwords, change to no here! -#PasswordAuthentication yes -#PermitEmptyPasswords no - -# Change to no to disable s/key passwords -KbdInteractiveAuthentication no - -# Kerberos options -#KerberosAuthentication no -#KerberosOrLocalPasswd yes -#KerberosTicketCleanup yes -#KerberosGetAFSToken no - -# GSSAPI options -#GSSAPIAuthentication no -#GSSAPICleanupCredentials yes - -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will -# be allowed through the KbdInteractiveAuthentication and -# PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via KbdInteractiveAuthentication may bypass -# the setting of "PermitRootLogin prohibit-password". -# If you just want the PAM account and session checks to run without -# PAM authentication, then enable this but set PasswordAuthentication -# and KbdInteractiveAuthentication to 'no'. -UsePAM yes - -#AllowAgentForwarding yes -#AllowTcpForwarding yes -#GatewayPorts no -#X11Forwarding no -#X11DisplayOffset 10 -#X11UseLocalhost yes -#PermitTTY yes -PrintMotd no -#PrintLastLog yes -#TCPKeepAlive yes -#PermitUserEnvironment no -#Compression delayed -#ClientAliveInterval 0 -#ClientAliveCountMax 3 -#UseDNS no -#PidFile /run/sshd.pid -#MaxStartups 10:30:100 -#PermitTunnel no -#ChrootDirectory none -#VersionAddendum none - -# no default banner path -#Banner none - -# override default of no subsystems -Subsystem sftp /usr/lib/ssh/sftp-server - -# Example of overriding settings on a per-user basis -#Match User anoncvs -# X11Forwarding no -# AllowTcpForwarding no -# PermitTTY no -# ForceCommand cvs server diff --git a/configs/releng/airootfs/etc/ssh/sshd_config.d/10-archiso.conf b/configs/releng/airootfs/etc/ssh/sshd_config.d/10-archiso.conf index dc22c11..6ea7b41 100644 --- a/configs/releng/airootfs/etc/ssh/sshd_config.d/10-archiso.conf +++ b/configs/releng/airootfs/etc/ssh/sshd_config.d/10-archiso.conf @@ -1,116 +1,3 @@ -# $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $ - -# This is the sshd server system-wide configuration file. See -# sshd_config(5) for more information. - -# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/bin - -# The strategy used for options in the default sshd_config shipped with -# OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options override the -# default value. - -#Port 22 -#AddressFamily any -#ListenAddress 0.0.0.0 -#ListenAddress :: - -#HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_ecdsa_key -#HostKey /etc/ssh/ssh_host_ed25519_key - -# Ciphers and keying -#RekeyLimit default none - -# Logging -#SyslogFacility AUTH -#LogLevel INFO - -# Authentication: - -#LoginGraceTime 2m +# Allow root login using password authentication +PasswordAuthentication yes PermitRootLogin yes -#StrictModes yes -#MaxAuthTries 6 -#MaxSessions 10 - -#PubkeyAuthentication yes - -# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 -# but this is overridden so installations will only check .ssh/authorized_keys -AuthorizedKeysFile .ssh/authorized_keys - -#AuthorizedPrincipalsFile none - -#AuthorizedKeysCommand none -#AuthorizedKeysCommandUser nobody - -# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#HostbasedAuthentication no -# Change to yes if you don't trust ~/.ssh/known_hosts for -# HostbasedAuthentication -#IgnoreUserKnownHosts no -# Don't read the user's ~/.rhosts and ~/.shosts files -#IgnoreRhosts yes - -# To disable tunneled clear text passwords, change to no here! -#PasswordAuthentication yes -#PermitEmptyPasswords no - -# Change to no to disable s/key passwords -KbdInteractiveAuthentication no - -# Kerberos options -#KerberosAuthentication no -#KerberosOrLocalPasswd yes -#KerberosTicketCleanup yes -#KerberosGetAFSToken no - -# GSSAPI options -#GSSAPIAuthentication no -#GSSAPICleanupCredentials yes - -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will -# be allowed through the KbdInteractiveAuthentication and -# PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via KbdInteractiveAuthentication may bypass -# the setting of "PermitRootLogin prohibit-password". -# If you just want the PAM account and session checks to run without -# PAM authentication, then enable this but set PasswordAuthentication -# and KbdInteractiveAuthentication to 'no'. -UsePAM yes - -#AllowAgentForwarding yes -#AllowTcpForwarding yes -#GatewayPorts no -#X11Forwarding no -#X11DisplayOffset 10 -#X11UseLocalhost yes -#PermitTTY yes -PrintMotd no -#PrintLastLog yes -#TCPKeepAlive yes -#PermitUserEnvironment no -#Compression delayed -#ClientAliveInterval 0 -#ClientAliveCountMax 3 -#UseDNS no -#PidFile /run/sshd.pid -#MaxStartups 10:30:100 -#PermitTunnel no -#ChrootDirectory none -#VersionAddendum none - -# no default banner path -#Banner none - -# override default of no subsystems -Subsystem sftp /usr/lib/ssh/sftp-server - -# Example of overriding settings on a per-user basis -#Match User anoncvs -# X11Forwarding no -# AllowTcpForwarding no -# PermitTTY no -# ForceCommand cvs server -- cgit v1.2.3-70-g09d2 From 81d62d4c5d0319906f9b18707a21029b0efdd896 Mon Sep 17 00:00:00 2001 From: David Runge Date: Tue, 29 Aug 2023 15:04:25 +0200 Subject: Add sequoia-sq and openpgp-card-tools to releng profile --- CHANGELOG.rst | 1 + configs/releng/packages.x86_64 | 2 ++ 2 files changed, 3 insertions(+) (limited to 'configs') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index c6f6296..d941d1a 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -9,6 +9,7 @@ Added ----- - Add tpm2-tools to releng to allow clearing, creating and reading keys on the TPM. +- Add sequoia-sq and openpgp-card-tools as additional tooling for working with OpenPGP certificates and smartcards. Changed ------- diff --git a/configs/releng/packages.x86_64 b/configs/releng/packages.x86_64 index 98b86cf..6b6cf0c 100644 --- a/configs/releng/packages.x86_64 +++ b/configs/releng/packages.x86_64 @@ -78,6 +78,7 @@ nvme-cli open-iscsi open-vm-tools openconnect +openpgp-card-tools openssh openvpn partclone @@ -96,6 +97,7 @@ rsync rxvt-unicode-terminfo screen sdparm +sequoia-sq sg3_utils smartmontools sof-firmware -- cgit v1.2.3-70-g09d2 From 6c5ab3d3885024bc7a8feb724b721d4b481f13a9 Mon Sep 17 00:00:00 2001 From: David Runge Date: Tue, 29 Aug 2023 20:09:46 +0200 Subject: Use pcsclite for communicating with OpenPGP smartcards As opgpcard uses pcsclite and gnupg is able to use it as well, switch away from using gnupg's internal ccid driver. --- CHANGELOG.rst | 1 + .../airootfs/etc/systemd/system/sockets.target.wants/pcscd.socket | 1 + configs/releng/airootfs/root/.gnupg/scdaemon.conf | 4 ++++ configs/releng/profiledef.sh | 1 + 4 files changed, 7 insertions(+) create mode 120000 configs/releng/airootfs/etc/systemd/system/sockets.target.wants/pcscd.socket create mode 100644 configs/releng/airootfs/root/.gnupg/scdaemon.conf (limited to 'configs') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index d941d1a..0cf973a 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -19,6 +19,7 @@ Changed the file system size. - Enable systemd-networkd's support for IPv6 Privacy Extensions globally instead of per-connection. - Moved custom ``sshd_config`` files to ``/ssh/sshd_config.d/10-archiso.conf`` +- Use pcsclite for interfacing with smartcards, since both gnupg and opgpcard support it. Deprecated ---------- diff --git a/configs/releng/airootfs/etc/systemd/system/sockets.target.wants/pcscd.socket b/configs/releng/airootfs/etc/systemd/system/sockets.target.wants/pcscd.socket new file mode 120000 index 0000000..3897c63 --- /dev/null +++ b/configs/releng/airootfs/etc/systemd/system/sockets.target.wants/pcscd.socket @@ -0,0 +1 @@ +/usr/lib/systemd/system/pcscd.socket \ No newline at end of file diff --git a/configs/releng/airootfs/root/.gnupg/scdaemon.conf b/configs/releng/airootfs/root/.gnupg/scdaemon.conf new file mode 100644 index 0000000..e1f3d1f --- /dev/null +++ b/configs/releng/airootfs/root/.gnupg/scdaemon.conf @@ -0,0 +1,4 @@ +disable-ccid +disable-pinpad +pcsc-driver /usr/lib/libpcsclite.so +pcsc-shared diff --git a/configs/releng/profiledef.sh b/configs/releng/profiledef.sh index 4154816..5cba1b5 100644 --- a/configs/releng/profiledef.sh +++ b/configs/releng/profiledef.sh @@ -19,6 +19,7 @@ file_permissions=( ["/etc/shadow"]="0:0:400" ["/root"]="0:0:750" ["/root/.automated_script.sh"]="0:0:755" + ["/root/.gnupg"]="0:0:700" ["/usr/local/bin/choose-mirror"]="0:0:755" ["/usr/local/bin/Installation_guide"]="0:0:755" ["/usr/local/bin/livecd-sound"]="0:0:755" -- cgit v1.2.3-70-g09d2 From 519a5c004d6a8d3f4d75c95890641cc5e31a39be Mon Sep 17 00:00:00 2001 From: nl6720 Date: Sun, 24 Sep 2023 11:23:33 +0300 Subject: configs/releng/packages.x86_64: add bolt bolt can be used to list and authorize Thunderbolt and USB4 devices. Inspired by https://bbs.archlinux.org/viewtopic.php?id=288731 where a user needed to install the package in the live environment. --- CHANGELOG.rst | 2 ++ configs/releng/packages.x86_64 | 1 + 2 files changed, 3 insertions(+) (limited to 'configs') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index be2a91f..edd9895 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -8,6 +8,8 @@ Changelog Added ----- +- Add bolt to releng for authorizing and otherwise managing Thunderbolt and USB4 devices. + Changed ------- diff --git a/configs/releng/packages.x86_64 b/configs/releng/packages.x86_64 index 6b6cf0c..feefa24 100644 --- a/configs/releng/packages.x86_64 +++ b/configs/releng/packages.x86_64 @@ -5,6 +5,7 @@ archinstall b43-fwcutter base bind +bolt brltty broadcom-wl btrfs-progs -- cgit v1.2.3-70-g09d2 From 0a3a57a88bd55ce2396e685ab2cf0bde8359be9c Mon Sep 17 00:00:00 2001 From: nl6720 Date: Fri, 24 Feb 2023 17:50:13 +0200 Subject: configs/*/grub/grub.cfg: rearrange module loading * Do not manually load modules that will get loaded by invoking a command. * Explicitly load serial modules. * Move `insmod all_video` after the font is loaded. --- configs/baseline/grub/grub.cfg | 8 ++++++-- configs/releng/grub/grub.cfg | 10 ++++++---- 2 files changed, 12 insertions(+), 6 deletions(-) (limited to 'configs') diff --git a/configs/baseline/grub/grub.cfg b/configs/baseline/grub/grub.cfg index 40248eb..371e6ee 100644 --- a/configs/baseline/grub/grub.cfg +++ b/configs/baseline/grub/grub.cfg @@ -9,15 +9,19 @@ insmod exfat insmod udf # Use graphics-mode output -insmod all_video -insmod font if loadfont "${prefix}/fonts/unicode.pf2" ; then + insmod all_video set gfxmode="auto" terminal_input console terminal_output console fi # Enable serial console +insmod serial +insmod usbserial_common +insmod usbserial_ftdi +insmod usbserial_pl2303 +insmod usbserial_usbdebug if serial --unit=0 --speed=115200; then terminal_input --append serial terminal_output --append serial diff --git a/configs/releng/grub/grub.cfg b/configs/releng/grub/grub.cfg index 034bdb4..fa6a774 100644 --- a/configs/releng/grub/grub.cfg +++ b/configs/releng/grub/grub.cfg @@ -9,15 +9,19 @@ insmod exfat insmod udf # Use graphics-mode output -insmod all_video -insmod font if loadfont "${prefix}/fonts/unicode.pf2" ; then + insmod all_video set gfxmode="auto" terminal_input console terminal_output console fi # Enable serial console +insmod serial +insmod usbserial_common +insmod usbserial_ftdi +insmod usbserial_pl2303 +insmod usbserial_usbdebug if serial --unit=0 --speed=115200; then terminal_input --append serial terminal_output --append serial @@ -61,12 +65,10 @@ if [ "${grub_platform}" == "efi" ]; then linux /boot/memtest86+/memtest.efi } menuentry "UEFI Shell" --class efi { - insmod chain chainloader /shellx64.efi } elif [ "${grub_cpu}" == "i386" ]; then menuentry "UEFI Shell" --class efi { - insmod chain chainloader /shellia32.efi } fi -- cgit v1.2.3-70-g09d2 From 8fb5246de6e72d94008006066328d39f67649ad5 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Fri, 24 Feb 2023 17:52:11 +0200 Subject: configs/releng/grub/grub.cfg: play init tune at the end Move the `play` command to the end of the file so it plays after the menu entries are shown and ready. --- configs/releng/grub/grub.cfg | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'configs') diff --git a/configs/releng/grub/grub.cfg b/configs/releng/grub/grub.cfg index fa6a774..a7ef124 100644 --- a/configs/releng/grub/grub.cfg +++ b/configs/releng/grub/grub.cfg @@ -41,8 +41,6 @@ default=archlinux timeout=15 timeout_style=menu -# GRUB init tune for accessibility -play 600 988 1 1319 4 # Menu entries @@ -87,3 +85,7 @@ menuentry "System restart" --class reboot --class restart { echo "System rebooting..." reboot } + + +# GRUB init tune for accessibility +play 600 988 1 1319 4 -- cgit v1.2.3-70-g09d2 From 0cd0cc0c3b93e159451bca5cd880c7ca458cfb49 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Fri, 24 Feb 2023 17:56:19 +0200 Subject: configs/*/grub/grub.cfg: do not hardcode the architecture and platform Construct a human readable platform identifier from GRUB's built-in variables and use it in menu item descriptions. Only add the menu entries for the additional tools (UEFI shell, Memtest86+) if the files exist. Modify baseline's `grub.cfg` to closer match releng. --- configs/baseline/grub/grub.cfg | 60 ++++++++++++++++++++++++++++++++++++++-- configs/releng/grub/grub.cfg | 63 +++++++++++++++++++++++++++++------------- 2 files changed, 101 insertions(+), 22 deletions(-) (limited to 'configs') diff --git a/configs/baseline/grub/grub.cfg b/configs/baseline/grub/grub.cfg index 371e6ee..c76657b 100644 --- a/configs/baseline/grub/grub.cfg +++ b/configs/baseline/grub/grub.cfg @@ -36,6 +36,22 @@ if [ -z "${ARCHISO_UUID}" ]; then probe --set ARCHISO_UUID --fs-uuid "${root}" fi +# Get a human readable platform identifier +if [ "${grub_platform}" == 'efi' ]; then + archiso_platform='UEFI' + if [ "${grub_cpu}" == 'x86_64' ]; then + archiso_platform="x64 ${archiso_platform}" + elif [ "${grub_cpu}" == 'i386' ]; then + archiso_platform="IA32 ${archiso_platform}" + else + archiso_platform="${grub_cpu} ${archiso_platform}" + fi +elif [ "${grub_platform}" == 'pc' ]; then + archiso_platform='BIOS' +else + archiso_platform="${grub_cpu} ${grub_platform}" +fi + # Set default menu entry default=archlinux timeout=15 @@ -44,8 +60,46 @@ timeout_style=menu # Menu entries -menuentry "Arch Linux (x86_64, UEFI)" --class arch --class gnu-linux --class gnu --class os --id 'archlinux' { +menuentry "Arch Linux (%ARCH%, ${archiso_platform})" --class arch --class gnu-linux --class gnu --class os --id 'archlinux' { set gfxpayload=keep - linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisodevice=UUID=${ARCHISO_UUID} - initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img + linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisodevice=UUID=${ARCHISO_UUID} + initrd /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img +} + +if [ "${grub_platform}" == 'efi' -a "${grub_cpu}" == 'x86_64' -a -f '/boot/memtest86+/memtest.efi' ]; then + menuentry 'Run Memtest86+ (RAM test)' --class memtest86 --class gnu --class tool { + set gfxpayload=800x600,1024x768 + linux /boot/memtest86+/memtest.efi + } +fi +if [ "${grub_platform}" == 'pc' -a -f '/boot/memtest86+/memtest' ]; then + menuentry 'Run Memtest86+ (RAM test)' --class memtest86 --class gnu --class tool { + set gfxpayload=800x600,1024x768 + linux /boot/memtest86+/memtest + } +fi +if [ "${grub_platform}" == 'efi' ]; then + if [ "${grub_cpu}" == 'x86_64' -a -f '/shellx64.efi' ]; then + menuentry 'UEFI Shell' { + chainloader /shellx64.efi + } + elif [ "${grub_cpu}" == "i386" -a -f '/shellia32.efi' ]; then + menuentry 'UEFI Shell' { + chainloader /shellia32.efi + } + fi + + menuentry 'UEFI Firmware Settings' --id 'uefi-firmware' { + fwsetup + } +fi + +menuentry 'System shutdown' --class shutdown --class poweroff { + echo 'System shutting down...' + halt +} + +menuentry 'System restart' --class reboot --class restart { + echo 'System rebooting...' + reboot } diff --git a/configs/releng/grub/grub.cfg b/configs/releng/grub/grub.cfg index a7ef124..3486753 100644 --- a/configs/releng/grub/grub.cfg +++ b/configs/releng/grub/grub.cfg @@ -36,6 +36,22 @@ if [ -z "${ARCHISO_UUID}" ]; then probe --set ARCHISO_UUID --fs-uuid "${root}" fi +# Get a human readable platform identifier +if [ "${grub_platform}" == 'efi' ]; then + archiso_platform='UEFI' + if [ "${grub_cpu}" == 'x86_64' ]; then + archiso_platform="x64 ${archiso_platform}" + elif [ "${grub_cpu}" == 'i386' ]; then + archiso_platform="IA32 ${archiso_platform}" + else + archiso_platform="${grub_cpu} ${archiso_platform}" + fi +elif [ "${grub_platform}" == 'pc' ]; then + archiso_platform='BIOS' +else + archiso_platform="${grub_cpu} ${grub_platform}" +fi + # Set default menu entry default=archlinux timeout=15 @@ -44,29 +60,38 @@ timeout_style=menu # Menu entries -menuentry "Arch Linux install medium (x86_64, UEFI)" --class arch --class gnu-linux --class gnu --class os --id 'archlinux' { +menuentry "Arch Linux install medium (%ARCH%, ${archiso_platform})" --class arch --class gnu-linux --class gnu --class os --id 'archlinux' { set gfxpayload=keep - linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisodevice=UUID=${ARCHISO_UUID} - initrd /%INSTALL_DIR%/boot/intel-ucode.img /%INSTALL_DIR%/boot/amd-ucode.img /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img + linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisodevice=UUID=${ARCHISO_UUID} + initrd /%INSTALL_DIR%/boot/intel-ucode.img /%INSTALL_DIR%/boot/amd-ucode.img /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img } -menuentry "Arch Linux install medium with speakup screen reader (x86_64, UEFI)" --hotkey s --class arch --class gnu-linux --class gnu --class os --id 'archlinux-accessibility' { +menuentry "Arch Linux install medium with speakup screen reader (%ARCH%, ${archiso_platform})" --hotkey s --class arch --class gnu-linux --class gnu --class os --id 'archlinux-accessibility' { set gfxpayload=keep - linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisodevice=UUID=${ARCHISO_UUID} accessibility=on - initrd /%INSTALL_DIR%/boot/intel-ucode.img /%INSTALL_DIR%/boot/amd-ucode.img /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img + linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisodevice=UUID=${ARCHISO_UUID} accessibility=on + initrd /%INSTALL_DIR%/boot/intel-ucode.img /%INSTALL_DIR%/boot/amd-ucode.img /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img } -if [ "${grub_platform}" == "efi" ]; then - if [ "${grub_cpu}" == "x86_64" ]; then - menuentry "Run Memtest86+ (RAM test)" --class memtest86 --class memtest --class gnu --class tool { - set gfxpayload=800x600,1024x768 - linux /boot/memtest86+/memtest.efi - } - menuentry "UEFI Shell" --class efi { + +if [ "${grub_platform}" == 'efi' -a "${grub_cpu}" == 'x86_64' -a -f '/boot/memtest86+/memtest.efi' ]; then + menuentry 'Run Memtest86+ (RAM test)' --class memtest86 --class memtest --class gnu --class tool { + set gfxpayload=800x600,1024x768 + linux /boot/memtest86+/memtest.efi + } +fi +if [ "${grub_platform}" == 'pc' -a -f '/boot/memtest86+/memtest' ]; then + menuentry 'Run Memtest86+ (RAM test)' --class memtest86 --class memtest --class gnu --class tool { + set gfxpayload=800x600,1024x768 + linux /boot/memtest86+/memtest + } +fi +if [ "${grub_platform}" == 'efi' ]; then + if [ "${grub_cpu}" == 'x86_64' -a -f '/shellx64.efi' ]; then + menuentry 'UEFI Shell' --class efi { chainloader /shellx64.efi } - elif [ "${grub_cpu}" == "i386" ]; then - menuentry "UEFI Shell" --class efi { + elif [ "${grub_cpu}" == "i386" -a -f '/shellia32.efi' ]; then + menuentry 'UEFI Shell' --class efi { chainloader /shellia32.efi } fi @@ -76,13 +101,13 @@ if [ "${grub_platform}" == "efi" ]; then } fi -menuentry "System shutdown" --class shutdown --class poweroff { - echo "System shutting down..." +menuentry 'System shutdown' --class shutdown --class poweroff { + echo 'System shutting down...' halt } -menuentry "System restart" --class reboot --class restart { - echo "System rebooting..." +menuentry 'System restart' --class reboot --class restart { + echo 'System rebooting...' reboot } -- cgit v1.2.3-70-g09d2 From 4280af747466c4a7d37eabc6502c1ed697210db9 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Thu, 26 Jan 2023 15:51:23 +0200 Subject: Add configs/*/grub/loopback.cfg See https://www.supergrubdisk.org/wiki/Loopback.cfg for details. Only `${iso_path}` is guaranteed, so we need to search for the volume, on which the ISO file resides, ourselves. Implements https://gitlab.archlinux.org/archlinux/archiso/-/issues/165 --- CHANGELOG.rst | 2 + configs/baseline/grub/loopback.cfg | 73 ++++++++++++++++++++++++++++++++++ configs/releng/grub/loopback.cfg | 80 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 155 insertions(+) create mode 100644 configs/baseline/grub/loopback.cfg create mode 100644 configs/releng/grub/loopback.cfg (limited to 'configs') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index a41b474..53baf85 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -11,6 +11,8 @@ Added - Add bolt to releng for authorizing and otherwise managing Thunderbolt and USB4 devices. - Add ``uefi-ia32.systemd-boot.esp`` and ``uefi-ia32.systemd-boot.eltorito`` boot modes that use systemd-boot for IA32 UEFI. The boot modes of baseline and releng are not changed. +- Add GRUB configuration file ``/boot/grub/loopback.cfg`` to the releng and baseline profiles. It sets the necessary + boot parameters required for booting the ISO image as a file on a file system. Changed ------- diff --git a/configs/baseline/grub/loopback.cfg b/configs/baseline/grub/loopback.cfg new file mode 100644 index 0000000..dc38fdf --- /dev/null +++ b/configs/baseline/grub/loopback.cfg @@ -0,0 +1,73 @@ +# https://www.supergrubdisk.org/wiki/Loopback.cfg + +# Search for the ISO volume +search --no-floppy --set=archiso_img_dev --file "${iso_path}" +probe --set archiso_img_dev_uuid --fs-uuid "${archiso_img_dev}" + +# Get a human readable platform identifier +if [ "${grub_platform}" == 'efi' ]; then + archiso_platform='UEFI' + if [ "${grub_cpu}" == 'x86_64' ]; then + archiso_platform="x64 ${archiso_platform}" + elif [ "${grub_cpu}" == 'i386' ]; then + archiso_platform="IA32 ${archiso_platform}" + else + archiso_platform="${grub_cpu} ${archiso_platform}" + fi +elif [ "${grub_platform}" == 'pc' ]; then + archiso_platform='BIOS' +else + archiso_platform="${grub_cpu} ${grub_platform}" +fi + +# Set default menu entry +default=archlinux +timeout=15 +timeout_style=menu + + +# Menu entries + +menuentry "Arch Linux (%ARCH%, ${archiso_platform})" --class arch --class gnu-linux --class gnu --class os --id 'archlinux' { + set gfxpayload=keep + linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux archisobasedir=%INSTALL_DIR% img_dev=UUID=${archiso_img_dev_uuid} img_loop="${iso_path}" + initrd /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img +} + +if [ "${grub_platform}" == 'efi' -a "${grub_cpu}" == 'x86_64' -a -f '/boot/memtest86+/memtest.efi' ]; then + menuentry 'Run Memtest86+ (RAM test)' --class memtest86 --class gnu --class tool { + set gfxpayload=800x600,1024x768 + linux /boot/memtest86+/memtest.efi + } +fi +if [ "${grub_platform}" == 'pc' -a -f '/boot/memtest86+/memtest' ]; then + menuentry 'Run Memtest86+ (RAM test)' --class memtest86 --class gnu --class tool { + set gfxpayload=800x600,1024x768 + linux /boot/memtest86+/memtest + } +fi +if [ "${grub_platform}" == 'efi' ]; then + if [ "${grub_cpu}" == 'x86_64' -a -f '/shellx64.efi' ]; then + menuentry 'UEFI Shell' { + chainloader /shellx64.efi + } + elif [ "${grub_cpu}" == "i386" -a -f '/shellia32.efi' ]; then + menuentry 'UEFI Shell' { + chainloader /shellia32.efi + } + fi + + menuentry 'UEFI Firmware Settings' --id 'uefi-firmware' { + fwsetup + } +fi + +menuentry 'System shutdown' --class shutdown --class poweroff { + echo 'System shutting down...' + halt +} + +menuentry 'System restart' --class reboot --class restart { + echo 'System rebooting...' + reboot +} diff --git a/configs/releng/grub/loopback.cfg b/configs/releng/grub/loopback.cfg new file mode 100644 index 0000000..3ee0d33 --- /dev/null +++ b/configs/releng/grub/loopback.cfg @@ -0,0 +1,80 @@ +# https://www.supergrubdisk.org/wiki/Loopback.cfg + +# Search for the ISO volume +search --no-floppy --set=archiso_img_dev --file "${iso_path}" +probe --set archiso_img_dev_uuid --fs-uuid "${archiso_img_dev}" + +# Get a human readable platform identifier +if [ "${grub_platform}" == 'efi' ]; then + archiso_platform='UEFI' + if [ "${grub_cpu}" == 'x86_64' ]; then + archiso_platform="x64 ${archiso_platform}" + elif [ "${grub_cpu}" == 'i386' ]; then + archiso_platform="IA32 ${archiso_platform}" + else + archiso_platform="${grub_cpu} ${archiso_platform}" + fi +elif [ "${grub_platform}" == 'pc' ]; then + archiso_platform='BIOS' +else + archiso_platform="${grub_cpu} ${grub_platform}" +fi + +# Set default menu entry +default=archlinux +timeout=15 +timeout_style=menu + + +# Menu entries + +menuentry "Arch Linux install medium (%ARCH%, ${archiso_platform})" --class arch --class gnu-linux --class gnu --class os --id 'archlinux' { + set gfxpayload=keep + linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux archisobasedir=%INSTALL_DIR% img_dev=UUID=${archiso_img_dev_uuid} img_loop="${iso_path}" + initrd /%INSTALL_DIR%/boot/intel-ucode.img /%INSTALL_DIR%/boot/amd-ucode.img /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img +} + +menuentry "Arch Linux install medium with speakup screen reader (%ARCH%, ${archiso_platform})" --hotkey s --class arch --class gnu-linux --class gnu --class os --id 'archlinux-accessibility' { + set gfxpayload=keep + linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux archisobasedir=%INSTALL_DIR% img_dev=UUID=${archiso_img_dev_uuid} img_loop="${iso_path}" accessibility=on + initrd /%INSTALL_DIR%/boot/intel-ucode.img /%INSTALL_DIR%/boot/amd-ucode.img /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img +} + + +if [ "${grub_platform}" == 'efi' -a "${grub_cpu}" == 'x86_64' -a -f '/boot/memtest86+/memtest.efi' ]; then + menuentry 'Run Memtest86+ (RAM test)' --class memtest86 --class memtest --class gnu --class tool { + set gfxpayload=800x600,1024x768 + linux /boot/memtest86+/memtest.efi + } +fi +if [ "${grub_platform}" == 'pc' -a -f '/boot/memtest86+/memtest' ]; then + menuentry 'Run Memtest86+ (RAM test)' --class memtest86 --class memtest --class gnu --class tool { + set gfxpayload=800x600,1024x768 + linux /boot/memtest86+/memtest + } +fi +if [ "${grub_platform}" == 'efi' ]; then + if [ "${grub_cpu}" == 'x86_64' -a -f '/shellx64.efi' ]; then + menuentry 'UEFI Shell' --class efi { + chainloader /shellx64.efi + } + elif [ "${grub_cpu}" == "i386" -a -f '/shellia32.efi' ]; then + menuentry 'UEFI Shell' --class efi { + chainloader /shellia32.efi + } + fi + + menuentry 'UEFI Firmware Settings' --id 'uefi-firmware' { + fwsetup + } +fi + +menuentry 'System shutdown' --class shutdown --class poweroff { + echo 'System shutting down...' + halt +} + +menuentry 'System restart' --class reboot --class restart { + echo 'System rebooting...' + reboot +} -- cgit v1.2.3-70-g09d2 From 4b489cd8bc7a042770f457058c543cd0d339617f Mon Sep 17 00:00:00 2001 From: nl6720 Date: Thu, 28 Sep 2023 11:40:19 +0300 Subject: Add configs/baseline/airootfs/etc/localtime Make sure the ISO can be booted successfully without triggering questions from systemd-firstboot. Fixes https://gitlab.archlinux.org/archlinux/archiso/-/issues/205 Fixes: 6e1be91961967a6485901ac431f6f6b06675b750 ("archiso/mkarchiso: write "uninitialized" to /etc/machine-id") --- CHANGELOG.rst | 3 +++ configs/baseline/airootfs/etc/localtime | 1 + 2 files changed, 4 insertions(+) create mode 120000 configs/baseline/airootfs/etc/localtime (limited to 'configs') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 53baf85..a0879f1 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -23,6 +23,9 @@ Deprecated Fixed ----- +- Add ``/etc/localtime`` to the baseline profile to ensure the ISO can be booted successfully without triggering + questions from systemd-firstboot. + Removed ------- diff --git a/configs/baseline/airootfs/etc/localtime b/configs/baseline/airootfs/etc/localtime new file mode 120000 index 0000000..0e35b57 --- /dev/null +++ b/configs/baseline/airootfs/etc/localtime @@ -0,0 +1 @@ +/usr/share/zoneinfo/UTC \ No newline at end of file -- cgit v1.2.3-70-g09d2 From 7b843d6f27f7ce525cf4f0bf0baddcc7122fc029 Mon Sep 17 00:00:00 2001 From: kojq su <3145-kojqsu@users.noreply.gitlab.archlinux.org> Date: Mon, 27 Nov 2023 18:04:20 +0000 Subject: add bcachefs-tools --- CHANGELOG.rst | 2 ++ configs/releng/packages.x86_64 | 1 + 2 files changed, 3 insertions(+) (limited to 'configs') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 141988e..0888737 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -8,6 +8,8 @@ Changelog Added ----- +- Add bcachefs-tools to releng for access to bcachefs userspace tools. + Changed ------- diff --git a/configs/releng/packages.x86_64 b/configs/releng/packages.x86_64 index feefa24..e2a3e64 100644 --- a/configs/releng/packages.x86_64 +++ b/configs/releng/packages.x86_64 @@ -4,6 +4,7 @@ arch-install-scripts archinstall b43-fwcutter base +bcachefs-tools bind bolt brltty -- cgit v1.2.3-70-g09d2 From 72c274924a0a96d5122b1dcd05f9e893c0aa33e4 Mon Sep 17 00:00:00 2001 From: John Lane Date: Thu, 7 Dec 2023 19:45:58 +0000 Subject: Allow download automated script using TFTP --- configs/releng/airootfs/root/.automated_script.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'configs') diff --git a/configs/releng/airootfs/root/.automated_script.sh b/configs/releng/airootfs/root/.automated_script.sh index 8e72bf7..0d95012 100755 --- a/configs/releng/airootfs/root/.automated_script.sh +++ b/configs/releng/airootfs/root/.automated_script.sh @@ -16,7 +16,7 @@ automated_script() { local script rt script="$(script_cmdline)" if [[ -n "${script}" && ! -x /tmp/startup_script ]]; then - if [[ "${script}" =~ ^((http|https|ftp)://) ]]; then + if [[ "${script}" =~ ^((http|https|ftp|tftp)://) ]]; then # there's no synchronization for network availability before executing this script printf '%s: waiting for network-online.target\n' "$0" until systemctl --quiet is-active network-online.target; do -- cgit v1.2.3-70-g09d2 From cb61daf8eaffb5e831e51f50aa44080fffac27e8 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Sat, 9 Dec 2023 12:31:58 +0200 Subject: configs/*/airootfs/etc/systemd/network/: add RequiredForOnline=routable By default systemd-networkd-wait-online.service considers a network connection to be "online" when it has reached the "degraded" state (see networkctl(1) for the definitions). Since "degraded" does not ensure there's a routable address, let's change the connection's requirement to "routable" instead. This gives a better chance that the network really is online when network-online.target is reached. --- CHANGELOG.rst | 3 +++ configs/baseline/airootfs/etc/systemd/network/20-ethernet.network | 3 +++ configs/releng/airootfs/etc/systemd/network/20-ethernet.network | 3 +++ configs/releng/airootfs/etc/systemd/network/20-wlan.network | 3 +++ configs/releng/airootfs/etc/systemd/network/20-wwan.network | 3 +++ 5 files changed, 15 insertions(+) (limited to 'configs') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 93b044e..fcc57c2 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -14,6 +14,9 @@ Added Changed ------- +- Set ``RequiredForOnline=routable`` in systemd-networkd configuration files to improve the chances that the network + really is *online* when ``network-online.target`` is reached. + Deprecated ---------- diff --git a/configs/baseline/airootfs/etc/systemd/network/20-ethernet.network b/configs/baseline/airootfs/etc/systemd/network/20-ethernet.network index 177e0aa..0e4287b 100644 --- a/configs/baseline/airootfs/etc/systemd/network/20-ethernet.network +++ b/configs/baseline/airootfs/etc/systemd/network/20-ethernet.network @@ -5,6 +5,9 @@ Name=en* Name=eth* +[Link] +RequiredForOnline=routable + [Network] DHCP=yes MulticastDNS=yes diff --git a/configs/releng/airootfs/etc/systemd/network/20-ethernet.network b/configs/releng/airootfs/etc/systemd/network/20-ethernet.network index 4b0f9b3..d3a3271 100644 --- a/configs/releng/airootfs/etc/systemd/network/20-ethernet.network +++ b/configs/releng/airootfs/etc/systemd/network/20-ethernet.network @@ -5,6 +5,9 @@ Name=en* Name=eth* +[Link] +RequiredForOnline=routable + [Network] DHCP=yes MulticastDNS=yes diff --git a/configs/releng/airootfs/etc/systemd/network/20-wlan.network b/configs/releng/airootfs/etc/systemd/network/20-wlan.network index 970eb70..8b70a95 100644 --- a/configs/releng/airootfs/etc/systemd/network/20-wlan.network +++ b/configs/releng/airootfs/etc/systemd/network/20-wlan.network @@ -1,6 +1,9 @@ [Match] Name=wl* +[Link] +RequiredForOnline=routable + [Network] DHCP=yes MulticastDNS=yes diff --git a/configs/releng/airootfs/etc/systemd/network/20-wwan.network b/configs/releng/airootfs/etc/systemd/network/20-wwan.network index 625abbe..6e1c8dd 100644 --- a/configs/releng/airootfs/etc/systemd/network/20-wwan.network +++ b/configs/releng/airootfs/etc/systemd/network/20-wwan.network @@ -1,6 +1,9 @@ [Match] Name=ww* +[Link] +RequiredForOnline=routable + [Network] DHCP=yes -- cgit v1.2.3-70-g09d2 From e04a40d04bd97569008bc72f93faa28029913d82 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Fri, 5 Jan 2024 17:33:11 +0200 Subject: configs/releng/packages.x86_64: explicitly add ldns Currently the ldns package is pulled in as a dependency of openssh, but that dependency may be gone in the future. See https://gitlab.archlinux.org/archlinux/packaging/packages/openssh/-/issues/2 Explicitly include ldns to ensure the live environment will continue to have `drill`. --- CHANGELOG.rst | 3 +++ configs/releng/packages.x86_64 | 1 + 2 files changed, 4 insertions(+) (limited to 'configs') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 27b0488..4c7a050 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -11,6 +11,9 @@ Added Changed ------- +- Explicitly add ldns to releng (as opposed to it only being pulled in as a dependency of another package) to ensure + ``drill`` remains available. + Deprecated ---------- diff --git a/configs/releng/packages.x86_64 b/configs/releng/packages.x86_64 index e2a3e64..36c929d 100644 --- a/configs/releng/packages.x86_64 +++ b/configs/releng/packages.x86_64 @@ -46,6 +46,7 @@ iw iwd jfsutils kitty-terminfo +ldns less lftp libfido2 -- cgit v1.2.3-70-g09d2 From 5d8fe01fe15c77231880798cd93f99c8c08bb5c0 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Mon, 15 Jan 2024 10:00:00 +0200 Subject: configs/releng/profiledef.sh: replace "CD" with "DVD" in iso_application Starting with kernel 6.7, the releng ISO exceeds 900 MiB which is the maximum size of a CD. Adjust the description to say "DVD" instead. Closes https://gitlab.archlinux.org/archlinux/archiso/-/issues/144 --- CHANGELOG.rst | 2 ++ configs/releng/profiledef.sh | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'configs') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 75cf2d2..58a7c8b 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -13,6 +13,8 @@ Changed - Explicitly add ldns to releng (as opposed to it only being pulled in as a dependency of another package) to ensure ``drill`` remains available. +- Update the releng ISO description to "Arch Linux Live/Rescue DVD" since the ISO size now exceeds the maximum size of + a CD (900 MiB). Deprecated ---------- diff --git a/configs/releng/profiledef.sh b/configs/releng/profiledef.sh index 5cba1b5..12d70c6 100644 --- a/configs/releng/profiledef.sh +++ b/configs/releng/profiledef.sh @@ -4,7 +4,7 @@ iso_name="archlinux" iso_label="ARCH_$(date --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +%Y%m)" iso_publisher="Arch Linux " -iso_application="Arch Linux Live/Rescue CD" +iso_application="Arch Linux Live/Rescue DVD" iso_version="$(date --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +%Y.%m.%d)" install_dir="arch" buildmodes=('iso') -- cgit v1.2.3-70-g09d2 From 4df73069248708d716cef4773ebb3f80dad66a4b Mon Sep 17 00:00:00 2001 From: nl6720 Date: Wed, 27 Mar 2024 11:02:30 +0200 Subject: configs/*/profiledef.sh: set bootstrap_tarball_compression * bootstrap will use .tar.zst with `zstd -c -T0 --long -19`, * releng will retain .tar.gz with `gzip -cn9` for now. This will later be changed as part of https://gitlab.archlinux.org/archlinux/archiso/-/issues/130. --- CHANGELOG.rst | 2 +- configs/baseline/profiledef.sh | 1 + configs/releng/profiledef.sh | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) (limited to 'configs') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 2f234fe..ceff6d1 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -10,7 +10,7 @@ Added - Add a man page for ``mkarchiso``. - Implement configurable bootstrap tarball compression. It is configured in ``profiledef.sh`` using a bash array called - ``bootstrap_tarball_compression``. + ``bootstrap_tarball_compression``. baseline tarball now uses zstd compression while releng remains with gzip for now. Changed ------- diff --git a/configs/baseline/profiledef.sh b/configs/baseline/profiledef.sh index 913ff8a..618235a 100644 --- a/configs/baseline/profiledef.sh +++ b/configs/baseline/profiledef.sh @@ -15,6 +15,7 @@ arch="x86_64" pacman_conf="pacman.conf" airootfs_image_type="erofs" airootfs_image_tool_options=('-zlzma,109' -E 'ztailpacking,fragments,dedupe') +bootstrap_tarball_compression=(zstd -c -T0 --long -19) file_permissions=( ["/etc/shadow"]="0:0:400" ) diff --git a/configs/releng/profiledef.sh b/configs/releng/profiledef.sh index 12d70c6..4603210 100644 --- a/configs/releng/profiledef.sh +++ b/configs/releng/profiledef.sh @@ -15,6 +15,7 @@ arch="x86_64" pacman_conf="pacman.conf" airootfs_image_type="squashfs" airootfs_image_tool_options=('-comp' 'xz' '-Xbcj' 'x86' '-b' '1M' '-Xdict-size' '1M') +bootstrap_tarball_compression=(gzip -cn9) file_permissions=( ["/etc/shadow"]="0:0:400" ["/root"]="0:0:750" -- cgit v1.2.3-70-g09d2 From d3c8f38eadd3b0ffc454733f6b1624f86d947d4b Mon Sep 17 00:00:00 2001 From: nl6720 Date: Mon, 1 Apr 2024 19:28:28 +0300 Subject: Add configs/releng/efiboot/loader/entries/03-archiso-x86_64-memtest86+.conf Create a boot entry for Memtest86+. Implements https://gitlab.archlinux.org/archlinux/archiso/-/issues/228 --- CHANGELOG.rst | 1 + .../releng/efiboot/loader/entries/03-archiso-x86_64-memtest86+.conf | 3 +++ 2 files changed, 4 insertions(+) create mode 100644 configs/releng/efiboot/loader/entries/03-archiso-x86_64-memtest86+.conf (limited to 'configs') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 16359f1..02bf408 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -9,6 +9,7 @@ Added ----- - Copy Memtest86+ EFI binary to the EFI system partition and ISO 9660 for ``uefi-x86.systemd-boot`` boot modes. + Additionally, create a boot entry with it for the releng profile. Changed ------- diff --git a/configs/releng/efiboot/loader/entries/03-archiso-x86_64-memtest86+.conf b/configs/releng/efiboot/loader/entries/03-archiso-x86_64-memtest86+.conf new file mode 100644 index 0000000..d0b305c --- /dev/null +++ b/configs/releng/efiboot/loader/entries/03-archiso-x86_64-memtest86+.conf @@ -0,0 +1,3 @@ +title Memtest86+ +sort-key 03 +efi /boot/memtest86+/memtest.efi -- cgit v1.2.3-70-g09d2 From 924a97aeb1a5ed03529aa766f579a145ae67261a Mon Sep 17 00:00:00 2001 From: nl6720 Date: Thu, 11 Apr 2024 16:13:30 +0300 Subject: configs/releng/profiledef.sh: use zstd compression for bootstrap image The zstd tool has now been around for a while, so the availability of it should not be a concern anymore. Unlike gzip which was used until now, zstd offers higher compression while still being faster (and multi-threaded). The `--auto-threads=logical` option is used just so that there is some difference between the releng and baseline profiles. Everyone using the official Arch Linux bootstrap tarball (previously `archlinux-bootstrap-YYYY.MM.DD-x86_64.tar.gz` or `archlinux-bootstrap-x86_64.tar.gz`) will need to update their scripts and etc. to use `archlinux-bootstrap-YYYY.MM.DD-x86_64.tar.zst` or `archlinux-bootstrap-x86_64.tar.zst` instead. Implements https://gitlab.archlinux.org/archlinux/archiso/-/issues/130 --- CHANGELOG.rst | 2 ++ configs/releng/profiledef.sh | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'configs') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 388cba3..0592b94 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -14,6 +14,8 @@ Added Changed ------- +- Change releng profile's bootstrap tarball compression from gzip to zstd. zstd provides higher and faster compression. + Deprecated ---------- diff --git a/configs/releng/profiledef.sh b/configs/releng/profiledef.sh index 4603210..06e488d 100644 --- a/configs/releng/profiledef.sh +++ b/configs/releng/profiledef.sh @@ -15,7 +15,7 @@ arch="x86_64" pacman_conf="pacman.conf" airootfs_image_type="squashfs" airootfs_image_tool_options=('-comp' 'xz' '-Xbcj' 'x86' '-b' '1M' '-Xdict-size' '1M') -bootstrap_tarball_compression=(gzip -cn9) +bootstrap_tarball_compression=('zstd' '-c' '-T0' '--auto-threads=logical' '--long' '-19') file_permissions=( ["/etc/shadow"]="0:0:400" ["/root"]="0:0:750" -- cgit v1.2.3-70-g09d2 From 2facc4630cd3677e5c61705a25d5d5594fd0cc80 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Mon, 1 Apr 2024 18:39:09 +0300 Subject: configs/releng/: use mkinitcpio's microcode hook instead of external microcode images This simplifies boot loader configuration, but custom PXE setups will be forced to update theirs. Implements https://gitlab.archlinux.org/archlinux/archiso/-/issues/226 --- CHANGELOG.rst | 2 ++ configs/releng/airootfs/etc/mkinitcpio.conf.d/archiso.conf | 2 +- configs/releng/efiboot/loader/entries/01-archiso-x86_64-linux.conf | 2 -- .../efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf | 2 -- configs/releng/grub/grub.cfg | 4 ++-- configs/releng/grub/loopback.cfg | 4 ++-- configs/releng/syslinux/archiso_pxe-linux.cfg | 6 +++--- configs/releng/syslinux/archiso_sys-linux.cfg | 4 ++-- 8 files changed, 12 insertions(+), 14 deletions(-) (limited to 'configs') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 0592b94..a41a43d 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -15,6 +15,8 @@ Changed ------- - Change releng profile's bootstrap tarball compression from gzip to zstd. zstd provides higher and faster compression. +- Use mkinitcpio's ``microcode`` hook instead of external microcode images to simplify boot loader configuration. + Custom PXE setups will need to update their boot loader configuration. Deprecated ---------- diff --git a/configs/releng/airootfs/etc/mkinitcpio.conf.d/archiso.conf b/configs/releng/airootfs/etc/mkinitcpio.conf.d/archiso.conf index b4b3095..98dd514 100644 --- a/configs/releng/airootfs/etc/mkinitcpio.conf.d/archiso.conf +++ b/configs/releng/airootfs/etc/mkinitcpio.conf.d/archiso.conf @@ -1,2 +1,2 @@ -HOOKS=(base udev modconf kms memdisk archiso archiso_loop_mnt archiso_pxe_common archiso_pxe_nbd archiso_pxe_http archiso_pxe_nfs block filesystems keyboard) +HOOKS=(base udev microcode modconf kms memdisk archiso archiso_loop_mnt archiso_pxe_common archiso_pxe_nbd archiso_pxe_http archiso_pxe_nfs block filesystems keyboard) COMPRESSION="xz" diff --git a/configs/releng/efiboot/loader/entries/01-archiso-x86_64-linux.conf b/configs/releng/efiboot/loader/entries/01-archiso-x86_64-linux.conf index 2506f07..9df6b0a 100644 --- a/configs/releng/efiboot/loader/entries/01-archiso-x86_64-linux.conf +++ b/configs/releng/efiboot/loader/entries/01-archiso-x86_64-linux.conf @@ -1,7 +1,5 @@ title Arch Linux install medium (x86_64, UEFI) sort-key 01 linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux -initrd /%INSTALL_DIR%/boot/intel-ucode.img -initrd /%INSTALL_DIR%/boot/amd-ucode.img initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img options archisobasedir=%INSTALL_DIR% archisodevice=UUID=%ARCHISO_UUID% diff --git a/configs/releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf b/configs/releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf index 6928a10..865b37f 100644 --- a/configs/releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf +++ b/configs/releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf @@ -1,7 +1,5 @@ title Arch Linux install medium (x86_64, UEFI) with speech sort-key 02 linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux -initrd /%INSTALL_DIR%/boot/intel-ucode.img -initrd /%INSTALL_DIR%/boot/amd-ucode.img initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img options archisobasedir=%INSTALL_DIR% archisodevice=UUID=%ARCHISO_UUID% accessibility=on diff --git a/configs/releng/grub/grub.cfg b/configs/releng/grub/grub.cfg index 3486753..6b64947 100644 --- a/configs/releng/grub/grub.cfg +++ b/configs/releng/grub/grub.cfg @@ -63,13 +63,13 @@ timeout_style=menu menuentry "Arch Linux install medium (%ARCH%, ${archiso_platform})" --class arch --class gnu-linux --class gnu --class os --id 'archlinux' { set gfxpayload=keep linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisodevice=UUID=${ARCHISO_UUID} - initrd /%INSTALL_DIR%/boot/intel-ucode.img /%INSTALL_DIR%/boot/amd-ucode.img /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img + initrd /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img } menuentry "Arch Linux install medium with speakup screen reader (%ARCH%, ${archiso_platform})" --hotkey s --class arch --class gnu-linux --class gnu --class os --id 'archlinux-accessibility' { set gfxpayload=keep linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisodevice=UUID=${ARCHISO_UUID} accessibility=on - initrd /%INSTALL_DIR%/boot/intel-ucode.img /%INSTALL_DIR%/boot/amd-ucode.img /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img + initrd /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img } diff --git a/configs/releng/grub/loopback.cfg b/configs/releng/grub/loopback.cfg index 3ee0d33..d7d5ece 100644 --- a/configs/releng/grub/loopback.cfg +++ b/configs/releng/grub/loopback.cfg @@ -31,13 +31,13 @@ timeout_style=menu menuentry "Arch Linux install medium (%ARCH%, ${archiso_platform})" --class arch --class gnu-linux --class gnu --class os --id 'archlinux' { set gfxpayload=keep linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux archisobasedir=%INSTALL_DIR% img_dev=UUID=${archiso_img_dev_uuid} img_loop="${iso_path}" - initrd /%INSTALL_DIR%/boot/intel-ucode.img /%INSTALL_DIR%/boot/amd-ucode.img /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img + initrd /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img } menuentry "Arch Linux install medium with speakup screen reader (%ARCH%, ${archiso_platform})" --hotkey s --class arch --class gnu-linux --class gnu --class os --id 'archlinux-accessibility' { set gfxpayload=keep linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux archisobasedir=%INSTALL_DIR% img_dev=UUID=${archiso_img_dev_uuid} img_loop="${iso_path}" accessibility=on - initrd /%INSTALL_DIR%/boot/intel-ucode.img /%INSTALL_DIR%/boot/amd-ucode.img /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img + initrd /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img } diff --git a/configs/releng/syslinux/archiso_pxe-linux.cfg b/configs/releng/syslinux/archiso_pxe-linux.cfg index 305b8fd..2d681d8 100644 --- a/configs/releng/syslinux/archiso_pxe-linux.cfg +++ b/configs/releng/syslinux/archiso_pxe-linux.cfg @@ -5,7 +5,7 @@ It allows you to install Arch Linux or perform system maintenance. ENDTEXT MENU LABEL Arch Linux install medium (x86_64, NBD) LINUX ::/%INSTALL_DIR%/boot/x86_64/vmlinuz-linux -INITRD ::/%INSTALL_DIR%/boot/intel-ucode.img,::/%INSTALL_DIR%/boot/amd-ucode.img,::/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img +INITRD ::/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img APPEND archisobasedir=%INSTALL_DIR% archisodevice=UUID=%ARCHISO_UUID% archiso_nbd_srv=${pxeserver} cms_verify=y SYSAPPEND 3 @@ -16,7 +16,7 @@ It allows you to install Arch Linux or perform system maintenance. ENDTEXT MENU LABEL Arch Linux install medium (x86_64, NFS) LINUX ::/%INSTALL_DIR%/boot/x86_64/vmlinuz-linux -INITRD ::/%INSTALL_DIR%/boot/intel-ucode.img,::/%INSTALL_DIR%/boot/amd-ucode.img,::/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img +INITRD ::/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img APPEND archisobasedir=%INSTALL_DIR% archiso_nfs_srv=${pxeserver}:/run/archiso/bootmnt cms_verify=y SYSAPPEND 3 @@ -27,6 +27,6 @@ It allows you to install Arch Linux or perform system maintenance. ENDTEXT MENU LABEL Arch Linux install medium (x86_64, HTTP) LINUX ::/%INSTALL_DIR%/boot/x86_64/vmlinuz-linux -INITRD ::/%INSTALL_DIR%/boot/intel-ucode.img,::/%INSTALL_DIR%/boot/amd-ucode.img,::/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img +INITRD ::/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img APPEND archisobasedir=%INSTALL_DIR% archiso_http_srv=http://${pxeserver}/ cms_verify=y SYSAPPEND 3 diff --git a/configs/releng/syslinux/archiso_sys-linux.cfg b/configs/releng/syslinux/archiso_sys-linux.cfg index 950dc48..d5898d1 100644 --- a/configs/releng/syslinux/archiso_sys-linux.cfg +++ b/configs/releng/syslinux/archiso_sys-linux.cfg @@ -5,7 +5,7 @@ It allows you to install Arch Linux or perform system maintenance. ENDTEXT MENU LABEL Arch Linux install medium (x86_64, BIOS) LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux -INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img +INITRD /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img APPEND archisobasedir=%INSTALL_DIR% archisodevice=UUID=%ARCHISO_UUID% # Accessibility boot option @@ -16,5 +16,5 @@ It allows you to install Arch Linux or perform system maintenance with speech fe ENDTEXT MENU LABEL Arch Linux install medium (x86_64, BIOS) with ^speech LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux -INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img +INITRD /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img APPEND archisobasedir=%INSTALL_DIR% archisodevice=UUID=%ARCHISO_UUID% accessibility=on -- cgit v1.2.3-70-g09d2 From 43e4d9ce364a4776f6f8873dcfb1e53e86211feb Mon Sep 17 00:00:00 2001 From: nl6720 Date: Fri, 5 Apr 2024 13:33:45 +0300 Subject: configs/: replace archisodevice boot parameter with archisosearchuuid `archisosearchuuid=` first searches for a matching UUID. If that fails, then it mounts and looks for a `/boot/${archisosearchuuid}.uuid` file in all detected block devices (in whatever order `blkid` lists them). This implements "file system transposition" without relaying on boot loader specific features and does not tie us to GRUB anymore. Related to https://gitlab.archlinux.org/archlinux/mkinitcpio/mkinitcpio-archiso/-/merge_requests/48 Fixes https://gitlab.archlinux.org/archlinux/archiso/-/issues/217 --- CHANGELOG.rst | 2 ++ .../efiboot/loader/entries/01-archiso-x86_64-linux.conf | 2 +- configs/baseline/grub/grub.cfg | 11 +---------- configs/baseline/syslinux/syslinux-linux.cfg | 2 +- .../efiboot/loader/entries/01-archiso-x86_64-linux.conf | 2 +- .../loader/entries/02-archiso-x86_64-speech-linux.conf | 2 +- configs/releng/grub/grub.cfg | 13 ++----------- configs/releng/syslinux/archiso_pxe-linux.cfg | 2 +- configs/releng/syslinux/archiso_sys-linux.cfg | 4 ++-- 9 files changed, 12 insertions(+), 28 deletions(-) (limited to 'configs') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index a41a43d..d706e9b 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -17,6 +17,8 @@ Changed - Change releng profile's bootstrap tarball compression from gzip to zstd. zstd provides higher and faster compression. - Use mkinitcpio's ``microcode`` hook instead of external microcode images to simplify boot loader configuration. Custom PXE setups will need to update their boot loader configuration. +- Replace ``archisodevice`` boot parameter with ``archisosearchuuid`` in all boot loader configuration. This allows to + have "file system transposition" without relaying on GRUB-specific features. Deprecated ---------- diff --git a/configs/baseline/efiboot/loader/entries/01-archiso-x86_64-linux.conf b/configs/baseline/efiboot/loader/entries/01-archiso-x86_64-linux.conf index 68c1d2c..3193768 100644 --- a/configs/baseline/efiboot/loader/entries/01-archiso-x86_64-linux.conf +++ b/configs/baseline/efiboot/loader/entries/01-archiso-x86_64-linux.conf @@ -1,4 +1,4 @@ title Arch Linux (x86_64, UEFI) linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -options archisobasedir=%INSTALL_DIR% archisodevice=UUID=%ARCHISO_UUID% +options archisobasedir=%INSTALL_DIR% archisosearchuuid=%ARCHISO_UUID% diff --git a/configs/baseline/grub/grub.cfg b/configs/baseline/grub/grub.cfg index c76657b..38164bd 100644 --- a/configs/baseline/grub/grub.cfg +++ b/configs/baseline/grub/grub.cfg @@ -27,15 +27,6 @@ if serial --unit=0 --speed=115200; then terminal_output --append serial fi -# Search for the ISO volume -if [ -z "${ARCHISO_UUID}" ]; then - if [ -z "${ARCHISO_HINT}" ]; then - regexp --set=1:ARCHISO_HINT '^\(([^)]+)\)' "${cmdpath}" - fi - search --no-floppy --set=root --file '%ARCHISO_SEARCH_FILENAME%' --hint "${ARCHISO_HINT}" - probe --set ARCHISO_UUID --fs-uuid "${root}" -fi - # Get a human readable platform identifier if [ "${grub_platform}" == 'efi' ]; then archiso_platform='UEFI' @@ -62,7 +53,7 @@ timeout_style=menu menuentry "Arch Linux (%ARCH%, ${archiso_platform})" --class arch --class gnu-linux --class gnu --class os --id 'archlinux' { set gfxpayload=keep - linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisodevice=UUID=${ARCHISO_UUID} + linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisosearchuuid=%ARCHISO_UUID% initrd /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img } diff --git a/configs/baseline/syslinux/syslinux-linux.cfg b/configs/baseline/syslinux/syslinux-linux.cfg index 3fd9da5..25b9d1b 100644 --- a/configs/baseline/syslinux/syslinux-linux.cfg +++ b/configs/baseline/syslinux/syslinux-linux.cfg @@ -2,4 +2,4 @@ LABEL arch MENU LABEL Arch Linux (x86_64, BIOS) LINUX /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux INITRD /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archisodevice=UUID=%ARCHISO_UUID% +APPEND archisobasedir=%INSTALL_DIR% archisosearchuuid=%ARCHISO_UUID% diff --git a/configs/releng/efiboot/loader/entries/01-archiso-x86_64-linux.conf b/configs/releng/efiboot/loader/entries/01-archiso-x86_64-linux.conf index 9df6b0a..bc8ab33 100644 --- a/configs/releng/efiboot/loader/entries/01-archiso-x86_64-linux.conf +++ b/configs/releng/efiboot/loader/entries/01-archiso-x86_64-linux.conf @@ -2,4 +2,4 @@ title Arch Linux install medium (x86_64, UEFI) sort-key 01 linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -options archisobasedir=%INSTALL_DIR% archisodevice=UUID=%ARCHISO_UUID% +options archisobasedir=%INSTALL_DIR% archisosearchuuid=%ARCHISO_UUID% diff --git a/configs/releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf b/configs/releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf index 865b37f..c0cb1c8 100644 --- a/configs/releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf +++ b/configs/releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf @@ -2,4 +2,4 @@ title Arch Linux install medium (x86_64, UEFI) with speech sort-key 02 linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -options archisobasedir=%INSTALL_DIR% archisodevice=UUID=%ARCHISO_UUID% accessibility=on +options archisobasedir=%INSTALL_DIR% archisosearchuuid=%ARCHISO_UUID% accessibility=on diff --git a/configs/releng/grub/grub.cfg b/configs/releng/grub/grub.cfg index 6b64947..25194a3 100644 --- a/configs/releng/grub/grub.cfg +++ b/configs/releng/grub/grub.cfg @@ -27,15 +27,6 @@ if serial --unit=0 --speed=115200; then terminal_output --append serial fi -# Search for the ISO volume -if [ -z "${ARCHISO_UUID}" ]; then - if [ -z "${ARCHISO_HINT}" ]; then - regexp --set=1:ARCHISO_HINT '^\(([^)]+)\)' "${cmdpath}" - fi - search --no-floppy --set=root --file '%ARCHISO_SEARCH_FILENAME%' --hint "${ARCHISO_HINT}" - probe --set ARCHISO_UUID --fs-uuid "${root}" -fi - # Get a human readable platform identifier if [ "${grub_platform}" == 'efi' ]; then archiso_platform='UEFI' @@ -62,13 +53,13 @@ timeout_style=menu menuentry "Arch Linux install medium (%ARCH%, ${archiso_platform})" --class arch --class gnu-linux --class gnu --class os --id 'archlinux' { set gfxpayload=keep - linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisodevice=UUID=${ARCHISO_UUID} + linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisosearchuuid=%ARCHISO_UUID% initrd /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img } menuentry "Arch Linux install medium with speakup screen reader (%ARCH%, ${archiso_platform})" --hotkey s --class arch --class gnu-linux --class gnu --class os --id 'archlinux-accessibility' { set gfxpayload=keep - linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisodevice=UUID=${ARCHISO_UUID} accessibility=on + linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisosearchuuid=%ARCHISO_UUID% accessibility=on initrd /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img } diff --git a/configs/releng/syslinux/archiso_pxe-linux.cfg b/configs/releng/syslinux/archiso_pxe-linux.cfg index 2d681d8..5d0f741 100644 --- a/configs/releng/syslinux/archiso_pxe-linux.cfg +++ b/configs/releng/syslinux/archiso_pxe-linux.cfg @@ -6,7 +6,7 @@ ENDTEXT MENU LABEL Arch Linux install medium (x86_64, NBD) LINUX ::/%INSTALL_DIR%/boot/x86_64/vmlinuz-linux INITRD ::/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archisodevice=UUID=%ARCHISO_UUID% archiso_nbd_srv=${pxeserver} cms_verify=y +APPEND archisobasedir=%INSTALL_DIR% archisosearchuuid=%ARCHISO_UUID% archiso_nbd_srv=${pxeserver} cms_verify=y SYSAPPEND 3 LABEL arch64_nfs diff --git a/configs/releng/syslinux/archiso_sys-linux.cfg b/configs/releng/syslinux/archiso_sys-linux.cfg index d5898d1..919e158 100644 --- a/configs/releng/syslinux/archiso_sys-linux.cfg +++ b/configs/releng/syslinux/archiso_sys-linux.cfg @@ -6,7 +6,7 @@ ENDTEXT MENU LABEL Arch Linux install medium (x86_64, BIOS) LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux INITRD /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archisodevice=UUID=%ARCHISO_UUID% +APPEND archisobasedir=%INSTALL_DIR% archisosearchuuid=%ARCHISO_UUID% # Accessibility boot option LABEL arch64speech @@ -17,4 +17,4 @@ ENDTEXT MENU LABEL Arch Linux install medium (x86_64, BIOS) with ^speech LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux INITRD /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archisodevice=UUID=%ARCHISO_UUID% accessibility=on +APPEND archisobasedir=%INSTALL_DIR% archisosearchuuid=%ARCHISO_UUID% accessibility=on -- cgit v1.2.3-70-g09d2 From 024cf1b7101fe778fc7c5d7ab61a045fb30d8056 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Fri, 19 Apr 2024 13:49:18 +0300 Subject: configs/releng/profiledef.sh: change UEFI boot loader from GRUB to systemd-boot While using GRUB as the UEFI boot loader has reduced the size of the ISO, it has brought nothing but pain otherwise: * We cannot use `gfxterm` since it is not visible on some hardware. * GRUB has a a strange and nonsensical limitation where the EFI binary can be built with either support for shim or custom Secure Boot key support, but not both. This means you cannot repack the ISO to use shim + MOK since we currently use `--disable-shim-lock` to provide support for setups with custom keys. * GRUB's EFI binary needs to be built with `grub-mkstandalone` instead of there being a ready made EFI binary in the package. This requires having grub installed on the host system which affects reproducibility. This increases the size of the ISO since systemd-boot cannot boot files from other volumes, i.e. the kernel and initramfs is duplicated in the EFI system partition (the second partition made from `efiboot.img`). Implements https://gitlab.archlinux.org/archlinux/archiso/-/issues/227 --- CHANGELOG.rst | 2 ++ configs/releng/profiledef.sh | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) (limited to 'configs') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index d706e9b..316fb90 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -19,6 +19,8 @@ Changed Custom PXE setups will need to update their boot loader configuration. - Replace ``archisodevice`` boot parameter with ``archisosearchuuid`` in all boot loader configuration. This allows to have "file system transposition" without relaying on GRUB-specific features. +- Replace GRUB with systemd-boot as the UEFI boot loader for the releng profile. While this increases the ISO size, it + avoids all GRUB-specific annoyances and oddities. Deprecated ---------- diff --git a/configs/releng/profiledef.sh b/configs/releng/profiledef.sh index 06e488d..ce26e79 100644 --- a/configs/releng/profiledef.sh +++ b/configs/releng/profiledef.sh @@ -9,8 +9,8 @@ iso_version="$(date --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +%Y.%m.%d)" install_dir="arch" buildmodes=('iso') bootmodes=('bios.syslinux.mbr' 'bios.syslinux.eltorito' - 'uefi-ia32.grub.esp' 'uefi-x64.grub.esp' - 'uefi-ia32.grub.eltorito' 'uefi-x64.grub.eltorito') + 'uefi-ia32.systemd-boot.esp' 'uefi-x64.systemd-boot.esp' + 'uefi-ia32.systemd-boot.eltorito' 'uefi-x64.systemd-boot.eltorito') arch="x86_64" pacman_conf="pacman.conf" airootfs_image_type="squashfs" -- cgit v1.2.3-70-g09d2