From 1854e6dc11b0a74223a947dc9ae7f8c3c79202b1 Mon Sep 17 00:00:00 2001
From: Andreas Baumann <mail@andreasbaumann.cc>
Date: Sun, 20 Jun 2021 17:17:51 +0200
Subject: added initial version of mkarchiso486

---
 TODOS                |  40 ++++++++++++++++++
 autologin.conf       |   3 ++
 isolinux-i486.cfg    |  12 ++++++
 mkarchiso486         |  92 ++++++++++++++++++++++++++++++++++++++++
 mkinitcpio-i486.conf |  67 +++++++++++++++++++++++++++++
 motd                 |  21 +++++++++
 resolv.conf          |   4 ++
 sshd_config          | 117 +++++++++++++++++++++++++++++++++++++++++++++++++++
 system-login         |  19 +++++++++
 9 files changed, 375 insertions(+)
 create mode 100644 TODOS
 create mode 100644 autologin.conf
 create mode 100644 isolinux-i486.cfg
 create mode 100755 mkarchiso486
 create mode 100644 mkinitcpio-i486.conf
 create mode 100644 motd
 create mode 100644 resolv.conf
 create mode 100644 sshd_config
 create mode 100644 system-login

diff --git a/TODOS b/TODOS
new file mode 100644
index 0000000..5fb6b29
--- /dev/null
+++ b/TODOS
@@ -0,0 +1,40 @@
+- no parallel download
+- get below 96MB memory
+- install.txt specific to Archlinux32, i486
+  - mkfs -O^64bit
+- still low memory issues (pinentry croaks about missing signatures on low memory)
+- multiple VTs
+- 128MB RAM
+  (109/109) checking package integrity
+  error: GPGME error: System error w/o errno (libgpg-error, definition)
+  GPG_ERR_MISSING_ERRNO (gpgme, only in layer hasSystemError)
+  errno is not set but a system call failed
+  swap, no difference
+  adding /tmp on /mnt/tmp
+  error: GPGME error: System error w/o errno under normal operation
+  GPGME error: Inappropriate ioctl under strace
+  => suspecting OOM issues because PGP verification keeps things in memory
+  for all packages, it fails after package N, before it verifies fine..
+- 96MB, same pgp error
+- 80MB, /tmp/mkinitcpio on /tmp in chroot fails with out of disk, KASLR fails
+- 64MB RAM, kernel panic, doesn't start at all, kernel panic, System is deadlocked on memory
+  normal boot works, but not from CDROM?
+  no poweroff in intalled system (shutdown ramdisk?)
+  syslinux has a different kernel layout than grub maybe?
+  live hangs on shutdown for a long time (deactivating swap presures the RAM of the processes
+  runing on the ramdisk heavily, after minut we get "Reached target Reboot", then finally hangs)
+- 52MB, kernel panic, System is deadlocked on memory
+- kernel 5.12.10
+- reserve_initrd_mem
+- smaller ramdisk
+  - remove udev with eudev or mdev
+  - fsck, kmod, etc. 
+  - https://wiki.archlinux.org/title/Mkinitcpio/Minimal_initramfs (falconingy)
+  - go back to busybox version (for instance mount)
+
+
+
+
+
+
+
diff --git a/autologin.conf b/autologin.conf
new file mode 100644
index 0000000..d1d8474
--- /dev/null
+++ b/autologin.conf
@@ -0,0 +1,3 @@
+[Service]
+ExecStart=
+ExecStart=-/sbin/agetty --autologin root --noclear %I 38400 linux
diff --git a/isolinux-i486.cfg b/isolinux-i486.cfg
new file mode 100644
index 0000000..eaa48de
--- /dev/null
+++ b/isolinux-i486.cfg
@@ -0,0 +1,12 @@
+DEFAULT arch32
+
+LABEL arch32
+TEXT HELP
+Boot the Arch Linux (i486) live medium.
+It allows you to install Arch Linux or perform system maintenance.
+ENDTEXT
+MENU LABEL Boot Arch Linux (i486)
+LINUX /boot/vmlinuz-linux
+INITRD /boot/initramfs-linux.img
+APPEND root=/dev/sr0 iommu=off
+
diff --git a/mkarchiso486 b/mkarchiso486
new file mode 100755
index 0000000..7168795
--- /dev/null
+++ b/mkarchiso486
@@ -0,0 +1,92 @@
+#!/bin/sh
+
+BASE=/data/arch32/i486iso
+ROOTFS="$BASE/airootfs"
+ROOTMNT="$BASE/mnt"
+
+umount "$ROOTMNT"
+rm -rf "$ROOTFS"
+rm -f "$BASE/pacman-i486.conf"
+rm -f "$BASE/mirrorlist32"
+
+# get and patch mirrorlist for Archlinux32
+if test ! -d "$ROOTFS"; then
+	mkdir "$ROOTFS"
+fi
+
+if test ! -f "$BASE/mirrorlist32"; then
+	wget -O "$BASE/mirrorlist32" "https://www.archlinux32.org/mirrorlist/?country=all&protocol=http&protocol=https&ip_version=4&ip_version=6"
+	sed -i '/https.*mirror.archlinux32.org/s/#Server/Server/' "$BASE/mirrorlist32"
+fi
+
+echo "Patch host pacman.conf for installation of i486 chroot.."
+cp /etc/pacman.conf "$BASE/pacman-i486.conf"
+sed -i 's/^Architecture.*=.*/Architecture = i486/' "$BASE/pacman-i486.conf"
+sed -i "s|/etc/pacman.d/mirrorlist|$BASE/mirrorlist32|" "$BASE/pacman-i486.conf"
+
+pacstrap -C "$BASE/pacman-i486.conf" -G -M "$ROOTFS" base linux
+
+echo "Cleaning up root filesystem to fit to an ISO.."
+rm -rf "$ROOTFS/var/cache/pacman/pkg/"*
+
+echo "Patching pacman.conf and mirrorlist on the ISO.."
+sed -i 's/^Architecture.*=.*/Architecture = i486/' "$ROOTFS/etc/pacman.conf"
+sed -i 's/^#\(Server.*=.*https:\/\/.*mirror\.archlinux32.org.*\)/\1/' "$ROOTFS/etc/pacman.d/mirrorlist"
+
+mount --bind "$ROOTFS" "$ROOTMNT"
+
+echo "Preparing keyring inside chroot.."
+linux32 arch-chroot "$ROOTMNT" /bin/bash -c 'pacman-key --init'
+linux32 arch-chroot "$ROOTMNT" /bin/bash -c 'pacman-key --populate archlinux'
+linux32 arch-chroot "$ROOTMNT" /bin/bash -c 'pacman-key --populate archlinux32'
+linux32 arch-chroot "$ROOTMNT" /bin/bash -c 'pacman -Syyu --noconfirm syslinux dhclient dhcpcd pciutils nano joe vi arch-install-scripts openssh'
+
+echo "Install configuration.."
+for i in 1 2 3 4; do
+	mkdir -p "$ROOTFS"/etc/systemd/system/getty@tty$i.service.d
+	cp $BASE/autologin.conf "$ROOTFS"/etc/systemd/system/getty@tty$i.service.d/.
+done
+cp $BASE/resolv.conf "$ROOTFS"/etc/resolv.conf
+cp $BASE/sshd_config "$ROOTFS"/etc/ssh/sshd_config
+linux32 arch-chroot "$ROOTMNT" /bin/bash -c 'ssh-keygen -b 2048 -t rsa -f etc/ssh/ssh_host_rsa_key -N ""'
+linux32 arch-chroot "$ROOTMNT" /bin/bash -c 'ssh-keygen -b 1024 -t dsa -f etc/ssh/ssh_host_dsa_key -N ""'
+linux32 arch-chroot "$ROOTMNT" /bin/bash -c 'ssh-keygen -b 521 -t ecdsa -f etc/ssh/ssh_host_ecdsa_key -N ""'
+linux32 arch-chroot "$ROOTMNT" /bin/bash -c 'ssh-keygen -b 2048 -t ed25519 -f etc/ssh/ssh_host_ed25519_key -N ""'
+chmod 0400 "$ROOTFS"/etc/ssh/ssh_host_*_key
+cp $BASE/motd "$ROOTFS"/etc/motd
+linux32 arch-chroot "$ROOTMNT" /bin/bash -c 'echo "root:arch" | /usr/bin/chpasswd'
+cp $BASE/system-login "$ROOTMNT"/etc/pam.d/system-login
+
+echo "Installining syslinux (isolinux).."
+if test ! -d "$ROOTFS/isolinux"; then
+	mkdir "$ROOTFS/isolinux"
+fi
+cp "$ROOTFS"/usr/lib/syslinux/bios/isolinux.bin "$ROOTFS/isolinux"
+cp "$ROOTFS"/usr/lib/syslinux/bios/ldlinux.c32 "$ROOTFS/isolinux"
+cp "$BASE"/isolinux-i486.cfg "$ROOTFS/isolinux/isolinux.cfg"
+
+echo "Creating ramdisk for ISO.."
+cp "$BASE"/mkinitcpio-i486.conf "$ROOTFS/etc/mkinitcpio.conf"
+linux32 arch-chroot "$ROOTMNT" /bin/bash -c 'mkinitcpio -P'
+
+umount "$ROOTMNT"
+
+echo "Creating ISO.."
+TODAY=`date +'%Y.%m.%d'`
+cd "$ROOTFS"
+iso_label="ARCH_$(date +%Y%m)"
+iso_publisher="Arch Linux <http://www.archlinux32.org>"
+iso_application="ArchLinux32 i486 Live/Rescue CD"
+mkisofs -o "$BASE/archlinux32-$TODAY-i486.iso" \
+	-b "isolinux/isolinux.bin" \
+	-c "isolinux/boot.cat" \
+        -volid "${iso_label}" \
+        -appid "${iso_application}" \
+        -publisher "${iso_publisher}" \
+        -preparer "prepared by mkarchiso" \
+	-no-emul-boot -boot-load-size 4 -boot-info-table \
+	-R -full-iso9660-filenames -iso-level 3 \
+	"."
+cd ..
+
+echo "Done."
diff --git a/mkinitcpio-i486.conf b/mkinitcpio-i486.conf
new file mode 100644
index 0000000..85c466f
--- /dev/null
+++ b/mkinitcpio-i486.conf
@@ -0,0 +1,67 @@
+# vim:set ft=sh
+# MODULES
+# The following modules are loaded before any boot hooks are
+# run.  Advanced users may wish to specify all system modules
+# in this array.  For instance:
+#     MODULES=(piix ide_disk reiserfs)
+MODULES=(ata_piix atkbd hid_generic uhci_hcd ohci_pci usbhid sd_mod cdrom isofs)
+
+# BINARIES
+# This setting includes any additional binaries a given user may
+# wish into the CPIO image.  This is run last, so it may be used to
+# override the actual binaries included by a given hook
+# BINARIES are dependency parsed, so you may safely ignore libraries
+BINARIES=()
+
+# FILES
+# This setting is similar to BINARIES above, however, files are added
+# as-is and are not parsed in any way.  This is useful for config files.
+FILES=()
+
+# HOOKS
+# This is the most important setting in this file.  The HOOKS control the
+# modules and scripts added to the image, and what happens at boot time.
+# Order is important, and it is recommended that you do not change the
+# order in which HOOKS are added.  Run 'mkinitcpio -H <hook name>' for
+# help on a given hook.
+# 'base' is _required_ unless you know precisely what you are doing.
+# 'udev' is _required_ in order to automatically load modules
+# 'filesystems' is _required_ unless you specify your fs modules in MODULES
+# Examples:
+##   This setup specifies all modules in the MODULES setting above.
+##   No raid, lvm2, or encrypted root is needed.
+#    HOOKS=(base)
+#
+##   This setup will autodetect all modules for your system and should
+##   work as a sane default
+#    HOOKS=(base udev autodetect block filesystems)
+#
+##   This setup will generate a 'full' image which supports most systems.
+##   No autodetection is done.
+#    HOOKS=(base udev block filesystems)
+#
+##   This setup assembles a pata mdadm array with an encrypted root FS.
+##   Note: See 'mkinitcpio -H mdadm' for more information on raid devices.
+#    HOOKS=(base udev block mdadm encrypt filesystems)
+#
+##   This setup loads an lvm2 volume group on a usb device.
+#    HOOKS=(base udev block lvm2 filesystems)
+#
+##   NOTE: If you have /usr on a separate partition, you MUST include the
+#    usr, fsck and shutdown hooks.
+HOOKS=(base udev autodetect modconf block filesystems keyboard fsck)
+
+# COMPRESSION
+# Use this to compress the initramfs image. By default, zstd compression
+# is used. Use 'cat' to create an uncompressed image.
+#COMPRESSION="zstd"
+#COMPRESSION="gzip"
+#COMPRESSION="bzip2"
+#COMPRESSION="lzma"
+COMPRESSION="xz"
+#COMPRESSION="lzop"
+#COMPRESSION="lz4"
+
+# COMPRESSION_OPTIONS
+# Additional options for the compressor
+#COMPRESSION_OPTIONS=()
diff --git a/motd b/motd
new file mode 100644
index 0000000..b5539c3
--- /dev/null
+++ b/motd
@@ -0,0 +1,21 @@
+Archlinux32, i486 ISO for low-memory systems
+
+Set 'iommu=off' to regain some memory.
+
+Create und mount a swap partition and mount a /tmp to 
+/mnt/tmp as bind mountpoint as very first action before
+trying to install something with pacstrap/pacman..
+
+With less than 196MB RAM pacman/gpg fail to verify
+signatures, create a local /mnt/pacman.conf where you
+set 'SigLevel=Never' and specify '-C /mnt/pacstrap.conf'.
+
+With less than 96MB RAM mkinitio on tmpfs fails with
+out of disk space, use 'TMPDIR=/mytmp mkinitcpio -P'
+inside the chroot to create it.
+
+Consider disabling tmpfs for /tmp on the installed
+system too 'systemctl mask tmp.mount'.
+
+Remember to compile your own static kernel or create
+a stripped-down ramdisk if you have little memory.
diff --git a/resolv.conf b/resolv.conf
new file mode 100644
index 0000000..6065c0d
--- /dev/null
+++ b/resolv.conf
@@ -0,0 +1,4 @@
+# Resolver configuration file.
+# See resolv.conf(5) for details.
+nameserver 8.8.8.8
+
diff --git a/sshd_config b/sshd_config
new file mode 100644
index 0000000..20608bf
--- /dev/null
+++ b/sshd_config
@@ -0,0 +1,117 @@
+#	$OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
+
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options override the
+# default value.
+
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_ecdsa_key
+#HostKey /etc/ssh/ssh_host_ed25519_key
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+#PermitRootLogin prohibit-password
+PermitRootLogin yes
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#PubkeyAuthentication yes
+
+# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
+# but this is overridden so installations will only check .ssh/authorized_keys
+AuthorizedKeysFile	.ssh/authorized_keys
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+#PasswordAuthentication yes
+#PermitEmptyPasswords no
+
+# Change to no to disable s/key passwords
+ChallengeResponseAuthentication no
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+UsePAM yes
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+#X11Forwarding no
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+PrintMotd no # pam does that
+#PrintLastLog yes
+#TCPKeepAlive yes
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS no
+#PidFile /run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#VersionAddendum none
+
+# no default banner path
+#Banner none
+
+# override default of no subsystems
+Subsystem	sftp	/usr/lib/ssh/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#	X11Forwarding no
+#	AllowTcpForwarding no
+#	PermitTTY no
+#	ForceCommand cvs server
diff --git a/system-login b/system-login
new file mode 100644
index 0000000..35c1897
--- /dev/null
+++ b/system-login
@@ -0,0 +1,19 @@
+#%PAM-1.0
+
+auth       required   pam_shells.so
+auth       requisite  pam_nologin.so
+auth       include    system-auth
+
+account    required   pam_access.so
+account    required   pam_nologin.so
+account    include    system-auth
+
+password   include    system-auth
+
+session    optional   pam_loginuid.so
+session    optional   pam_keyinit.so       force revoke
+session    include    system-auth
+session    optional   pam_motd.so          motd=/etc/motd
+session    optional   pam_mail.so          dir=/var/spool/mail standard quiet
+#-session   optional   pam_systemd.so
+session    required   pam_env.so           user_readenv=1
-- 
cgit v1.2.3-54-g00ecf