| index : archiso32 | |
| Archlinux32 iso tools | gitolite user |
| summaryrefslogtreecommitdiff |
diff --git a/.editorconfig b/.editorconfig index 74ed4eb..cbb5538 100644 --- a/.editorconfig +++ b/.editorconfig @@ -16,6 +16,10 @@ charset = utf-8 indent_style = space indent_size = 4 max_line_length = 120 +# for shfmt +switch_case_indent = true +binary_next_line = true + [*.{yml,yaml}] end_of_line = lf @@ -32,3 +36,6 @@ trim_trailing_whitespace = true charset = utf-8 indent_style = space indent_size = 2 + +[Makefile] +indent_style = tab @@ -1,7 +1,10 @@ *~ -archiso-*.tar.gz* +archiso32-*.tar.gz* +*.tar +*.tar.* work/ out/ +codesigning* *.iso *.img *.cer @@ -10,3 +13,5 @@ out/ *.pem user-data meta-data +network-config +man/version.rst diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 17ac5ff..0e7f709 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -25,7 +25,7 @@ check: metrics: output/metrics.txt before_script: - pacman -Sy --needed --noconfirm archlinux-keyring - - pacman -Syu --needed --noconfirm arch-install-scripts bash dosfstools e2fsprogs erofs-utils gnupg grub jq libarchive libisoburn mtools openssl qemu-headless squashfs-tools zsync + - pacman -Syu --needed --noconfirm arch-install-scripts bash dosfstools e2fsprogs erofs-utils gnupg grub jq libarchive libisoburn mtools openssl python-docutils squashfs-tools zsync script: - ./.gitlab/ci/build_archiso.sh ${BUILD_SCRIPT_ARGS} stage: build diff --git a/.gitlab/ci/build_archiso.sh b/.gitlab/ci/build_archiso.sh index 104792a..24112b6 100755 --- a/.gitlab/ci/build_archiso.sh +++ b/.gitlab/ci/build_archiso.sh @@ -35,141 +35,142 @@ ca_key="" pgp_key_id="" print_section_start() { - # gitlab collapsible sections start: https://docs.gitlab.com/ee/ci/jobs/#custom-collapsible-sections - local _section _title - _section="${1}" - _title="${2}" + # gitlab collapsible sections start: https://docs.gitlab.com/ee/ci/jobs/#custom-collapsible-sections + local _section _title + _section="${1}" + _title="${2}" - printf "\e[0Ksection_start:%(%s)T:%s\r\e[0K%s\n" '-1' "${_section}" "${_title}" + printf "\e[0Ksection_start:%(%s)T:%s\r\e[0K%s\n" '-1' "${_section}" "${_title}" } print_section_end() { - # gitlab collapsible sections end: https://docs.gitlab.com/ee/ci/jobs/#custom-collapsible-sections - local _section - _section="${1}" + # gitlab collapsible sections end: https://docs.gitlab.com/ee/ci/jobs/#custom-collapsible-sections + local _section + _section="${1}" - printf "\e[0Ksection_end:%(%s)T:%s\r\e[0K\n" '-1' "${_section}" + printf "\e[0Ksection_end:%(%s)T:%s\r\e[0K\n" '-1' "${_section}" } cleanup() { - # clean up temporary directories - print_section_start "cleanup" "Cleaning up temporary directory" + # clean up temporary directories + print_section_start "cleanup" "Cleaning up temporary directory" - if [ -n "${tmpdir_base:-}" ]; then - rm -fr "${tmpdir_base}" - fi + if [[ -n "${tmpdir_base:-}" ]]; then + rm -fr "${tmpdir_base}" + fi - print_section_end "cleanup" + print_section_end "cleanup" } create_checksums() { - # create checksums for files - # $@: files - local _file_path _file_name _current_pwd - _current_pwd="${PWD}" - - print_section_start "checksums" "Creating checksums" - - for _file_path in "$@"; do - cd "$(dirname "${_file_path}")" - _file_name="$(basename "${_file_path}")" - b2sum "${_file_name}" > "${_file_name}.b2" - md5sum "${_file_name}" > "${_file_name}.md5" - sha1sum "${_file_name}" > "${_file_name}.sha1" - sha256sum "${_file_name}" > "${_file_name}.sha256" - sha512sum "${_file_name}" > "${_file_name}.sha512" - ls -lah "${_file_name}."{b2,md5,sha{1,256,512}} - cat "${_file_name}."{b2,md5,sha{1,256,512}} - done - cd "${_current_pwd}" - - print_section_end "checksums" + # create checksums for files + # $@: files + local _file_path _file_name _current_pwd + _current_pwd="${PWD}" + + print_section_start "checksums" "Creating checksums" + + for _file_path in "$@"; do + cd "$(dirname "${_file_path}")" + _file_name="$(basename "${_file_path}")" + b2sum "${_file_name}" >"${_file_name}.b2" + md5sum "${_file_name}" >"${_file_name}.md5" + sha1sum "${_file_name}" >"${_file_name}.sha1" + sha256sum "${_file_name}" >"${_file_name}.sha256" + sha512sum "${_file_name}" >"${_file_name}.sha512" + ls -lah "${_file_name}."{b2,md5,sha{1,256,512}} + cat "${_file_name}."{b2,md5,sha{1,256,512}} + done + cd "${_current_pwd}" + + print_section_end "checksums" } create_zsync_delta() { - # create zsync control files for files - # $@: files - local _file - - print_section_start "zsync_delta" "Creating zsync delta" - - for _file in "$@"; do - if [[ "${buildmode}" == "bootstrap" ]]; then - # zsyncmake fails on 'too long between blocks' with default block size on bootstrap image - zsyncmake -v -b 512 -C -u "${_file##*/}" -o "${_file}".zsync "${_file}" - else - zsyncmake -v -C -u "${_file##*/}" -o "${_file}".zsync "${_file}" - fi - done + # create zsync control files for files + # $@: files + local _file + + print_section_start "zsync_delta" "Creating zsync delta" + + for _file in "$@"; do + if [[ "${buildmode}" == "bootstrap" ]]; then + # zsyncmake fails on 'too long between blocks' with default block size on bootstrap image + zsyncmake -v -b 512 -C -u "${_file##*/}" -o "${_file}".zsync "${_file}" + else + zsyncmake -v -C -u "${_file##*/}" -o "${_file}".zsync "${_file}" + fi + done - print_section_end "zsync_delta" + print_section_end "zsync_delta" } create_metrics() { - local _metrics="${output}/metrics.txt" - # create metrics - print_section_start "metrics" "Creating metrics" - - { - # create metrics based on buildmode - case "${buildmode}" in - iso) - printf 'image_size_mebibytes{image="%s"} %s\n' \ - "${profile}" \ - "$(du -m -- "${output}/"*.iso | cut -f1)" - printf 'package_count{image="%s"} %s\n' \ - "${profile}" \ - "$(sort -u -- "${tmpdir}/iso/"*/pkglist.*.txt | wc -l)" - if [[ -e "${tmpdir}/efiboot.img" ]]; then - printf 'eltorito_efi_image_size_mebibytes{image="%s"} %s\n' \ - "${profile}" \ - "$(du -m -- "${tmpdir}/efiboot.img" | cut -f1)" - fi - # shellcheck disable=SC2046 - # shellcheck disable=SC2183 - printf 'initramfs_size_mebibytes{image="%s",initramfs="%s"} %s\n' \ - $(du -m -- "${tmpdir}/iso/"*/boot/**/initramfs*.img | \ - awk -v profile="${profile}" \ - 'function basename(file) { - sub(".*/", "", file) - return file - } - { print profile, basename($2), $1 }' - ) - ;; - netboot) - printf 'netboot_size_mebibytes{image="%s"} %s\n' \ - "${profile}" \ - "$(du -m -- "${output}/${install_dir}/" | tail -n1 | cut -f1)" - printf 'netboot_package_count{image="%s"} %s\n' \ - "${profile}" \ - "$(sort -u -- "${tmpdir}/iso/"*/pkglist.*.txt | wc -l)" - ;; - bootstrap) - printf 'bootstrap_size_mebibytes{image="%s"} %s\n' \ - "${profile}" \ - "$(du -m -- "${output}/"*.tar*(.gz|.xz|.zst) | cut -f1)" - printf 'bootstrap_package_count{image="%s"} %s\n' \ - "${profile}" \ - "$(sort -u -- "${tmpdir}/"*/bootstrap/root.*/pkglist.*.txt | wc -l)" - ;; - esac - } > "${_metrics}" - ls -lah "${_metrics}" - cat "${_metrics}" - - print_section_end "metrics" + local _metrics="${output}/metrics.txt" + # create metrics + print_section_start "metrics" "Creating metrics" + + { + # create metrics based on buildmode + case "${buildmode}" in + iso) + printf 'image_size_mebibytes{image="%s"} %s\n' \ + "${profile}" \ + "$(du -m -- "${output}/"*.iso | cut -f1)" + printf 'package_count{image="%s"} %s\n' \ + "${profile}" \ + "$(sort -u -- "${tmpdir}/iso/"*/pkglist.*.txt | wc -l)" + if [[ -e "${tmpdir}/efiboot.img" ]]; then + printf 'eltorito_efi_image_size_mebibytes{image="%s"} %s\n' \ + "${profile}" \ + "$(du -m -- "${tmpdir}/efiboot.img" | cut -f1)" + fi + # shellcheck disable=SC2046 + # shellcheck disable=SC2183 + printf 'initramfs_size_mebibytes{image="%s",initramfs="%s"} %s\n' \ + $( + du -m -- "${tmpdir}/iso/"*/boot/**/initramfs*.img \ + | awk -v profile="${profile}" \ + 'function basename(file) { + sub(".*/", "", file) + return file + } + { print profile, basename($2), $1 }' + ) + ;; + netboot) + printf 'netboot_size_mebibytes{image="%s"} %s\n' \ + "${profile}" \ + "$(du -m -- "${output}/${install_dir}/" | tail -n1 | cut -f1)" + printf 'netboot_package_count{image="%s"} %s\n' \ + "${profile}" \ + "$(sort -u -- "${tmpdir}/iso/"*/pkglist.*.txt | wc -l)" + ;; + bootstrap) + printf 'bootstrap_size_mebibytes{image="%s"} %s\n' \ + "${profile}" \ + "$(du -m -- "${output}/"*.tar*(.gz|.xz|.zst) | cut -f1)" + printf 'bootstrap_package_count{image="%s"} %s\n' \ + "${profile}" \ + "$(sort -u -- "${tmpdir}/"*/bootstrap/pkglist.*.txt | wc -l)" + ;; + esac + } >"${_metrics}" + ls -lah "${_metrics}" + cat "${_metrics}" + + print_section_end "metrics" } create_ephemeral_pgp_key() { - # create an ephemeral PGP key for signing the rootfs image - print_section_start "ephemeral_pgp_key" "Creating ephemeral PGP key" + # create an ephemeral PGP key for signing the rootfs image + print_section_start "ephemeral_pgp_key" "Creating ephemeral PGP key" - gnupg_homedir="$tmpdir/.gnupg" - mkdir -p "${gnupg_homedir}" - chmod 700 "${gnupg_homedir}" + gnupg_homedir="$tmpdir/.gnupg" + mkdir -p "${gnupg_homedir}" + chmod 700 "${gnupg_homedir}" - cat << __EOF__ > "${gnupg_homedir}"/gpg.conf + cat <<__EOF__ >"${gnupg_homedir}"/gpg.conf quiet batch no-tty @@ -180,10 +181,10 @@ armor no-emit-version __EOF__ - gpg --homedir "${gnupg_homedir}" --gen-key <<EOF + gpg --homedir "${gnupg_homedir}" --gen-key <<EOF %echo Generating ephemeral Arch Linux release engineering key pair... -Key-Type: default -Key-Length: 3072 +Key-Type: eddsa +Key-Curve: ed25519 Key-Usage: sign Name-Real: Arch Linux Release Engineering Name-Comment: Ephemeral Signing Key @@ -194,140 +195,133 @@ Expire-Date: 0 %echo Done EOF - pgp_key_id="$( - gpg --homedir "${gnupg_homedir}" \ - --list-secret-keys \ - --with-colons \ - | awk -F':' '{if($1 ~ /sec/){ print $5 }}' - )" + pgp_key_id="$( + gpg --homedir "${gnupg_homedir}" \ + --list-secret-keys \ + --with-colons \ + | awk -F':' '{if($1 ~ /sec/){ print $5 }}' + )" - pgp_sender="Arch Linux Release Engineering (Ephemeral Signing Key) <arch-releng@lists.archlinux.org>" + pgp_sender="Arch Linux Release Engineering (Ephemeral Signing Key) <arch-releng@lists.archlinux.org>" - print_section_end "ephemeral_pgp_key" + print_section_end "ephemeral_pgp_key" } create_ephemeral_codesigning_keys() { - # create ephemeral certificates used for codesigning - print_section_start "ephemeral_codesigning_key" "Creating ephemeral codesigning keys" - - # The exact steps in creating a CA with Codesigning being signed was taken from - # https://jamielinux.com/docs/openssl-certificate-authority/introduction.html - # (slight modifications to the process to not disturb default values of /etc/ssl/openssl.cnf) - - codesigning_dir="${tmpdir}/.codesigning/" - local ca_dir="${codesigning_dir}/ca/" - - local ca_conf="${ca_dir}/certificate_authority.cnf" - local ca_subj="/C=DE/ST=Berlin/L=Berlin/O=Arch Linux/OU=Release Engineering/CN=archlinux.org" - ca_cert="${ca_dir}/cacert.pem" - ca_key="${ca_dir}/private/cakey.pem" - - local codesigning_conf="${codesigning_dir}/code_signing.cnf" - local codesigning_subj="/C=DE/ST=Berlin/L=Berlin/O=Arch Linux/OU=Release Engineering/CN=archlinux.org" - codesigning_cert="${codesigning_dir}/codesign.crt" - codesigning_key="${codesigning_dir}/codesign.key" - - mkdir -p "${ca_dir}/"{private,newcerts,crl} - mkdir -p "${codesigning_dir}" - cp -- /etc/ssl/openssl.cnf "${codesigning_conf}" - cp -- /etc/ssl/openssl.cnf "${ca_conf}" - touch "${ca_dir}/index.txt" - echo "1000" > "${ca_dir}/serial" - - # Prepare the ca configuration for the change in directory - sed -i "s#/etc/ssl#${ca_dir}#g" "${ca_conf}" - - # Create the Certificate Authority - openssl req \ - -newkey rsa:4096 \ - -sha256 \ - -nodes \ - -x509 \ - -new \ - -sha256 \ - -keyout "${ca_key}" \ - -config "${ca_conf}" \ - -subj "${ca_subj}" \ - -out "${ca_cert}" - - cat << EOF >> "${ca_conf}" - -[ v3_intermediate_ca ] -# Extensions for a typical intermediate CA ('man x509v3_config'). -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid:always,issuer -basicConstraints = critical, CA:true, pathlen:0 -keyUsage = critical, digitalSignature, cRLSign, keyCertSign - -EOF - - cat << EOF >> "${codesigning_conf}" - + # create ephemeral certificates used for codesigning + print_section_start "ephemeral_codesigning_key" "Creating ephemeral codesigning keys" + + # The exact steps in creating a CA with Codesigning being signed was taken from + # https://jamielinux.com/docs/openssl-certificate-authority/introduction.html + # (slight modifications to the process to not disturb default values of /etc/ssl/openssl.cnf) + + codesigning_dir="${tmpdir}/.codesigning/" + local ca_dir="${codesigning_dir}/ca/" + + local ca_conf="${ca_dir}/certificate_authority.cnf" + local ca_subj='/C=DE/ST=Berlin/L=Berlin/O=Arch Linux/OU=Release Engineering/emailAddress=arch-releng@lists.archlinux.org/CN=Arch Linux Release Engineering (Ephemeral Certificate Authority)' + ca_cert="${ca_dir}/cacert.pem" + ca_key="${ca_dir}/private/cakey.pem" + + local codesigning_conf="${codesigning_dir}/code_signing.cnf" + local codesigning_subj='/C=DE/ST=Berlin/L=Berlin/O=Arch Linux/OU=Release Engineering/emailAddress=arch-releng@lists.archlinux.org/CN=Arch Linux Release Engineering (Ephemeral Signing Key)' + codesigning_cert="${codesigning_dir}/codesign.crt" + codesigning_key="${codesigning_dir}/codesign.key" + + mkdir -p "${ca_dir}/"{private,newcerts,crl} + mkdir -p "${codesigning_dir}" + cp -- /etc/ssl/openssl.cnf "${codesigning_conf}" + cp -- /etc/ssl/openssl.cnf "${ca_conf}" + touch "${ca_dir}/index.txt" + echo "1000" >"${ca_dir}/serial" + + # Prepare the ca configuration for the change in directory + sed -i "s#/etc/ssl#${ca_dir}#g" "${ca_conf}" + + # Create the Certificate Authority + openssl req \ + -newkey rsa:4096 \ + -nodes \ + -x509 \ + -new \ + -sha256 \ + -keyout "${ca_key}" \ + -config "${ca_conf}" \ + -subj "${ca_subj}" \ + -days 2 \ + -out "${ca_cert}" + + local extension_text + IFS='' read -r -d '' extension_text <<EOF || true [codesigning] keyUsage=digitalSignature extendedKeyUsage=codeSigning, clientAuth, emailProtection - EOF - openssl req \ - -newkey rsa:4096 \ - -keyout "${codesigning_key}" \ - -nodes \ - -sha256 \ - -out "${codesigning_cert}.csr" \ - -config "${codesigning_conf}" \ - -subj "${codesigning_subj}" \ - -extensions codesigning - - # Sign the code signing certificate with the CA - openssl ca \ - -batch \ - -config "${ca_conf}" \ - -extensions v3_intermediate_ca \ - -days 3650 \ - -notext \ - -md sha256 \ - -in "${codesigning_cert}.csr" \ - -out "${codesigning_cert}" - - print_section_end "ephemeral_codesigning_key" + printf '%s' "${extension_text}" >> "${ca_conf}" + printf '%s' "${extension_text}" >> "${codesigning_conf}" + + openssl req \ + -newkey rsa:4096 \ + -keyout "${codesigning_key}" \ + -nodes \ + -sha256 \ + -out "${codesigning_cert}.csr" \ + -config "${codesigning_conf}" \ + -subj "${codesigning_subj}" \ + -extensions codesigning + + # Sign the code signing certificate with the CA + openssl ca \ + -batch \ + -config "${ca_conf}" \ + -extensions codesigning \ + -days 2 \ + -notext \ + -md sha256 \ + -keyfile "${ca_key}" \ + -cert "${ca_cert}" \ + -in "${codesigning_cert}.csr" \ + -out "${codesigning_cert}" + + print_section_end "ephemeral_codesigning_key" } run_mkarchiso() { - # run mkarchiso - create_ephemeral_pgp_key - create_ephemeral_codesigning_keys - - print_section_start "mkarchiso" "Running mkarchiso" - mkdir -p "${output}/" "${tmpdir}/" - GNUPGHOME="${gnupg_homedir}" ./archiso/mkarchiso \ - -D "${install_dir}" \ - -c "${codesigning_cert} ${codesigning_key} ${ca_cert}" \ - -g "${pgp_key_id}" \ - -G "${pgp_sender}" \ - -o "${output}/" \ - -w "${tmpdir}/" \ - -m "${buildmode}" \ - -v "configs/${profile}" - - print_section_end "mkarchiso" - - if [[ "${buildmode}" =~ "iso" ]]; then - create_zsync_delta "${output}/"*.iso - create_checksums "${output}/"*.iso - fi - if [[ "${buildmode}" == "bootstrap" ]]; then - create_zsync_delta "${output}/"*.tar*(.gz|.xz|.zst) - create_checksums "${output}/"*.tar*(.gz|.xz|.zst) - fi - create_metrics - - print_section_start "ownership" "Setting ownership on output" - - if [[ -n "${SUDO_UID:-}" ]] && [[ -n "${SUDO_GID:-}" ]]; then - chown -Rv "${SUDO_UID}:${SUDO_GID}" -- "${output}" - fi - print_section_end "ownership" + # run mkarchiso + create_ephemeral_pgp_key + create_ephemeral_codesigning_keys + + print_section_start "mkarchiso" "Running mkarchiso" + mkdir -p "${output}/" "${tmpdir}/" + GNUPGHOME="${gnupg_homedir}" ./archiso/mkarchiso \ + -D "${install_dir}" \ + -c "${codesigning_cert} ${codesigning_key} ${ca_cert}" \ + -g "${pgp_key_id}" \ + -G "${pgp_sender}" \ + -o "${output}/" \ + -w "${tmpdir}/" \ + -m "${buildmode}" \ + -v "configs/${profile}" + + print_section_end "mkarchiso" + + if [[ "${buildmode}" =~ "iso" ]]; then + create_zsync_delta "${output}/"*.iso + create_checksums "${output}/"*.iso + fi + if [[ "${buildmode}" == "bootstrap" ]]; then + create_zsync_delta "${output}/"*.tar*(.gz|.xz|.zst) + create_checksums "${output}/"*.tar*(.gz|.xz|.zst) + fi + create_metrics + + print_section_start "ownership" "Setting ownership on output" + + if [[ -n "${SUDO_UID:-}" ]] && [[ -n "${SUDO_GID:-}" ]]; then + chown -Rv "${SUDO_UID}:${SUDO_GID}" -- "${output}" + fi + print_section_end "ownership" } trap cleanup EXIT diff --git a/.shellcheckrc b/.shellcheckrc new file mode 100644 index 0000000..75aca74 --- /dev/null +++ b/.shellcheckrc @@ -0,0 +1,11 @@ +# Suggest explicitly using -n in `[ $var ]` +enable=avoid-nullary-conditions + +# Suggest 'command -v' instead of 'which' +enable=deprecate-which + +# Suggest quoting variables without metacharacters +enable=quote-safe-variables + +# Require [[ and warn about [ in Bash/Ksh +enable=require-double-brackets diff --git a/AUTHORS.rst b/AUTHORS.rst index 18207eb..428b35f 100644 --- a/AUTHORS.rst +++ b/AUTHORS.rst @@ -2,38 +2,60 @@ Archiso Authors =============== +* 2hexed <2hexed@protonmail.com> * Aaron Griffin <aaron@archlinux.org> * Adam Purkrt <adam@purkrt.net> * Alexander Epaneshnikov <aarnaarn2@gmail.com> +* Alexander Speshilov <speshuric@gmail.com> +* Anton Hvornum <anton@hvornum.se> +* Antonio V <crazysnob@live.it> * Chandan Singh <cks071g2@gmail.com> * Charles Vejnar <ce@vejnar.org> * Christian Hesse <mail@eworm.de> * Christopher Brannon <cmbrannon79@gmail.com> * Dan McGee <dan@archlinux.org> +* Darren Ng <un1gfn@gmail.com> * David Runge <dvzrv@archlinux.org> * David Thurstenson <thurstylark@gmail.com> * Dieter Plaetinck <dieter@plaetinck.be> * Eli Schwartz <eschwartz@archlinux.org> +* Eric Toombs <567-ewtoombs@users.noreply.gitlab.archlinux.org> * Florian Pritz <bluewind@xinu.at> * Francois Dupoux <fdupoux@users.sourceforge.net> * Gerardo Exequiel Pozzi <vmlinuz386@gmail.com> * Gerhard Brauer <gerbra@archlinux.de> +* Giancarlo Razzolini <grazzolini@archlinux.org> +* Howard Hicks <deimosian@gmail.com> * James Sitegen <jamesm.sitegen@gmail.com> +* John Lane <archlinux@jelmail.com> +* Jonathan Liu <net147@gmail.com> +* Jonathon Fernyhough <jonathon@m2x.dev> * Justin Kromlinger <hashworks@archlinux.org> * Keshav Amburay <the.ridikulus.rat@gmail.com> +* Kristian Klausen <kristian@klausen.dk> * Loui Chang <louipc.ist@gmail.com> * Lukas Fleischer <archlinux@cryptocrack.de> * Martin Damian Fernandez <martin.damian.fernandez@gmail.com> +* Michael Gilchrist <michaelgilch@gmail.com> * Michael Vorburger <mike@vorburger.ch> +* Pellegrino Prevete <pellegrinoprevete@gmail.com> * Pierre Schmitz <pierre@archlinux.de> * Sean Enck <enckse@voidedtech.com> * Simo Leone <simo@archlinux.org> +* Simon Wilper <sxw@chronowerks.de> +* Sorin Pânca <sorin.panca@gmail.com> * Steffen Bönigk <boenki@gmx.de> * Sven-Hendrik Haase <svenstaro@gmail.com> * Thomas Bächler <thomas@archlinux.org> +* Tobias Powalowski <tpowa@archlinux.org> +* Tom Yan <tom.ty89@gmail.com> * Yu Li-Yu <afg984@gmail.com> +* Zig Globulin <zig@zigsystem.com> +* hayao <hayao@fascode.net> +* kojq su <3145-kojqsu@users.noreply.gitlab.archlinux.org> +* mono wock <aaronleemorrison@protonmail.com> * nl6720 <nl6720@gmail.com> -* Øyvind Heggstad <heggstad@gmail.com> * plain linen <bcdedit@hotmail.com> -* Pellegrino Prevete <pellegrinoprevete@gmail.com> -* Anton Hvornum <anton@hvornum.se> +* shivanandvp <shivanandvp.oss@gmail.com> +* weltio weltio <weltio@web.de> +* Øyvind Heggstad <heggstad@gmail.com> diff --git a/CHANGELOG.rst b/CHANGELOG.rst index d6bca3a..8bb001f 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -8,6 +8,197 @@ Changelog Added ----- +Changed +------- + +- Moved the ``pkglist.x86_64.txt`` file outside the bootstrap tarball's ``root.x86_64`` directly to avoid polluting the + root file system. + +Deprecated +---------- + +Fixed +----- + +- Look for microcode update files in the initramfs images when checking if external microcode images are needed. The + existence of a ``early_cpio`` file is not enough since mkinitcpio can and will place other files in the early + uncompressed CPIO even when the ``microcode`` hook is not used. + +Removed +------- + +[77] - 2024-04-21 +================= + +Added +----- + +- Copy Memtest86+ EFI binary to the EFI system partition and ISO 9660 for ``uefi-x86.systemd-boot`` boot modes. + Additionally, create a boot entry with it for the releng profile. + +Changed +------- + +- Change releng profile's bootstrap tarball compression from gzip to zstd. zstd provides higher and faster compression. +- Use mkinitcpio's ``microcode`` hook instead of external microcode images to simplify boot loader configuration. + Custom PXE setups will need to update their boot loader configuration. +- Replace ``archisodevice`` boot parameter with ``archisosearchuuid`` in all boot loader configuration. This allows to + have "file system transposition" without relaying on GRUB-specific features. +- Replace GRUB with systemd-boot as the UEFI boot loader for the releng profile. While this increases the ISO size, it + avoids all GRUB-specific annoyances and oddities. + +Fixed +----- + +- Fix requirement validation logic for the ``uefi-ia32.systemd-boot.eltorito`` boot mode. It incorrectly applied the + same requirements as ``uefi-x64.systemd-boot.esp``. + +[76] - 2024-03-30 +================= + +Added +----- + +- Add a man page for ``mkarchiso``. +- Implement configurable bootstrap tarball compression. It is configured in ``profiledef.sh`` using a bash array called + ``bootstrap_tarball_compression``. baseline tarball now uses zstd compression while releng remains with gzip for now. + +Changed +------- + +- Move ``/boot/grub/YYYY-mm-dd-HH-MM-SS-00.uuid`` to ``/boot/YYYY-mm-dd-HH-MM-SS-00.uuid`` and always create the file. + Once mkinitcpio-archiso implements searching for the file in early userspace, this file's use will not be limited to + just GRUB. +- Skip including external microcode images in build artifacts if the initramfs file contains ``early_cpio`` (indicating + an early uncompressed CPIO archive which should have the microcode update files). + +Removed +------- + +- Remove workaround for glibc < 2.39. ``LC_ALL=C.UTF-8`` now overrides ``LANGUAGE``, just like ``LC_ALL=C``. + +[75] - 2024-01-24 +================= + +Added +----- + +- Explicitly add ldns to releng (as opposed to it only being pulled in as a dependency of another package) to ensure + ``drill`` remains available. + +Changed +------- + +- Update the releng ISO description to "Arch Linux Live/Rescue DVD" since the ISO size now exceeds the maximum size of + a CD (900 MiB). + +Fixed +----- + +- Update the location where ``mkarchiso`` looks for the memtest86+ license file. + +[74] - 2023-12-21 +================= + +Added +----- + +- Add bcachefs-tools to releng for access to bcachefs userspace tools. +- Add tftp as a valid protocol for downloading automated boot script. + +Changed +------- + +- Set ``RequiredForOnline=routable`` in systemd-networkd configuration files to improve the chances that the network + really is *online* when ``network-online.target`` is reached. + +Fixed +----- + +- Add missing replacement for the UUID variable in systemd-boot configuration files on ISO 9660. + +[73] - 2023-09-29 +================= + +Added +----- + +- Add bolt to releng for authorizing and otherwise managing Thunderbolt and USB4 devices. +- Add ``uefi-ia32.systemd-boot.esp`` and ``uefi-ia32.systemd-boot.eltorito`` boot modes that use systemd-boot for IA32 + UEFI. The boot modes of baseline and releng are not changed. +- Add GRUB configuration file ``/boot/grub/loopback.cfg`` to the releng and baseline profiles. It sets the necessary + boot parameters required for booting the ISO image as a file on a file system. + +Fixed +----- + +- Add ``/etc/localtime`` to the baseline profile to ensure the ISO can be booted successfully without triggering + questions from systemd-firstboot. + +[72] - 2023-08-29 +================= + +Added +----- + +- Add tpm2-tools to releng to allow clearing, creating and reading keys on the TPM. +- Add sequoia-sq and openpgp-card-tools as additional tooling for working with OpenPGP certificates and smartcards. + +Changed +------- + +- Moved custom ``mkinitcpio.conf`` files to ``/etc/mkinitcpio.conf.d/archiso.conf``. +- Mount ``/etc/pacman.d/gnupg`` on tmpfs with option ``noswap`` instead of using ramfs. This ensures there is a limit to + the file system size. +- Enable systemd-networkd's support for IPv6 Privacy Extensions globally instead of per-connection. +- Moved custom ``sshd_config`` files to ``/ssh/sshd_config.d/10-archiso.conf`` +- Use pcsclite for interfacing with smartcards, since both gnupg and opgpcard support it. + +Fixed +----- + +- Sign the root file system image only once. +- Make sure xorriso does not read its configuration files to prevent interference and unintended behavior. + +[71] - 2023-05-28 +================= + +Added +----- + +- Added classes for Memtest86+ and UEFI Shell menuentries. +- Add foot-terminfo and wezterm-terminfo packages to releng to support terminal emulators using them. E.g. when + installing via SSH. +- Add a new ``-r`` option to ``mkarchiso`` that deletes the working directly after the build. +- Add support for mDNS announce and resolve. + +Changed +------- + +- Increase EROFS compression for the baseline profile by using an extreme LZMA compression level and enabling the + experimental compressed fragments and data deduplication features. +- Identify the ISO volume via a UUID instead of a file system label in all boot loader configuration files. +- Update ``pacman.conf`` to match the one shipped with pacman 6.0.2-7 which removes the community repository. + +Fixed +----- + +- Wait for ``network-online.target`` to become active before trying to download the script passed via the ``script=`` + boot parameter. +- Subdirectories from ``grub/`` are copied to the ISO. +- Modify the commandline options to a ``cp`` command in ``mkarchiso`` so that the entire script does not exit with + failure when a custom ``.bashrc`` file is supplied with the archiso configuration. This fix was needed after + **GNU Coreutils** recently changed the behaviour of the ``-n`` (or ``--no-clobber``) commandline option to the ``cp`` + command. +- Ensure ``SOURCE_DATE_EPOCH`` is read from the ``build_date`` file before ``profiledef.sh`` is sourced to ensure the + variable has a correct value when used inside ``profiledef.sh``. + +[70] - 2023-02-27 +================= + +Added +----- + - Support *file system transposition* to simplify boot medium preparation for UEFI boot via extracting the ISO image contents to a drive. ``grub.cfg`` does not hardcode the ISO volume label anymore, instead GRUB will search for volume with a ``/boot/grub/YYYY-mm-dd-HH-MM-SS-00.uuid`` file on it. @@ -29,6 +220,7 @@ Changed is deprecated and a future archiso release will not create this file anymore. - Moved syslinux directory from ``/syslinux/`` to ``/boot/syslinux/`` to keep most boot loader files in ``/boot/``. - Update ``README.transfer`` documentation and convert it to reStructuredText. +- Use ``console`` as grub's ``terminal_output``, as ``gfxterm`` leads to a blank screen on some hardware. Removed ------- @@ -4,11 +4,13 @@ PREFIX ?= /usr/local BIN_DIR=$(DESTDIR)$(PREFIX)/bin DOC_DIR=$(DESTDIR)$(PREFIX)/share/doc/archiso +MAN_DIR?=$(DESTDIR)$(PREFIX)/share/man PROFILE_DIR=$(DESTDIR)$(PREFIX)/share/archiso DOC_FILES=$(wildcard docs/*) $(wildcard *.rst) SCRIPT_FILES=$(wildcard archiso/*) $(wildcard scripts/*.sh) $(wildcard .gitlab/ci/*.sh) \ $(wildcard configs/*/profiledef.sh) $(wildcard configs/*/airootfs/usr/local/bin/*) +VERSION?=$(shell git describe --long --abbrev=7 | sed 's/^v//;s/\([^-]*-g\)/r\1/;s/-/./g;s/\.r0\.g.*//') all: @@ -17,7 +19,7 @@ check: shellcheck shellcheck: shellcheck -s bash $(SCRIPT_FILES) -install: install-scripts install-profiles install-doc +install: install-scripts install-profiles install-doc install-man install-scripts: install -vDm 755 archiso/mkarchiso -t "$(BIN_DIR)/" @@ -30,4 +32,33 @@ install-profiles: install-doc: install -vDm 644 $(DOC_FILES) -t $(DOC_DIR) -.PHONY: check install install-doc install-profiles install-scripts shellcheck +install-man: + @printf '.. |version| replace:: %s\n' '$(VERSION)' > man/version.rst + install -d -m 755 $(MAN_DIR)/man1 + rst2man man/mkarchiso.1.rst $(MAN_DIR)/man1/mkarchiso.1 + +uninstall: uninstall-scripts uninstall-profiles uninstall-doc uninstall-man + +uninstall-scripts: + -rm -rf "${BIN_DIR}/mkarchiso" + -rm -rf "${BIN_DIR}/run_archiso" + +uninstall-profiles: + -rm -rf "${PROFILE_DIR}" + +uninstall-doc: + -rm -rf "${DOC_DIR}" + +uninstall-man: + -rm -rf "${MAN_DIR}/man1/mkarchiso.1" + +V=$(shell git describe --exact-match) + +dist: + git archive --format=tar --prefix=archiso32-$(V)/ $(V) | gzip -9 > archiso32-$(V).tar.gz + gpg --detach-sign --use-agent archiso32-$(V).tar.gz + +upload: + scp archiso32-$(V).tar.gz archiso32-$(V).tar.gz.sig sources.archlinux32.org:sources/ + +.PHONY: check install install-doc install-man install-profiles install-scripts shellcheck uninstall uninstall-doc uninstall-man uninstall-profiles uninstall-scripts dist upload @@ -3,7 +3,7 @@ archiso ======= The archiso project features scripts and configuration templates to build installation media (*.iso* images and -*.tar.gz* bootstrap images) as well as netboot artifacts for BIOS and UEFI based systems on the x86_64 architecture. +*.tar bootstrap images) as well as netboot artifacts for BIOS and UEFI based systems on the x86_64 architecture. Currently creating the images is only supported on Arch Linux but may work on other operating systems as well. Requirements @@ -36,6 +36,10 @@ For linting the shell scripts the following package is required: * shellcheck +For generating the man pages: + +* python-docutils + Profiles ======== diff --git a/archiso/mkarchiso b/archiso/mkarchiso index e0806bd..d641c67 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -8,11 +8,6 @@ shopt -s extglob # Control the environment umask 0022 export LC_ALL="C.UTF-8" -if [[ -v LANGUAGE ]]; then - # LC_ALL=C.UTF-8, unlike LC_ALL=C, does not override LANGUAGE. - # See https://sourceware.org/bugzilla/show_bug.cgi?id=16621 and https://savannah.gnu.org/bugs/?62815 - unset LANGUAGE -fi [[ -v SOURCE_DATE_EPOCH ]] || printf -v SOURCE_DATE_EPOCH '%(%s)T' -1 export SOURCE_DATE_EPOCH @@ -29,25 +24,33 @@ gpg_key="" gpg_sender="" iso_name="" iso_label="" +iso_uuid="" iso_publisher="" iso_application="" iso_version="" install_dir="" -arch="" +# pass architecture via environment from build-all +arch=${arch:-$(uname -m)} +#arch="" pacman_conf="" packages="" bootstrap_packages="" +bootstrap_parent="" pacstrap_dir="" +search_filename="" +declare -i rm_work_dir=0 buildmodes=() bootmodes=() airootfs_image_type="" airootfs_image_tool_options=() +bootstrap_tarball_compression="" cert_list=() declare -A file_permissions=() efibootimg="" efiboot_files=() # adapted from GRUB_EARLY_INITRD_LINUX_STOCK in https://git.savannah.gnu.org/cgit/grub.git/tree/util/grub-mkconfig.in readonly ucodes=('intel-uc.img' 'intel-ucode.img' 'amd-uc.img' 'amd-ucode.img' 'early_ucode.cpio' 'microcode.cpio') +declare -i need_external_ucodes=0 # Show an INFO message @@ -86,7 +89,7 @@ usage: ${app_name} [options] <profile_dir> Default: '${iso_application}' -C <file> pacman configuration file. Default: '${pacman_conf}' - -D <install_dir> Set an install_dir. All files will by located here. + -D <install_dir> Set an install_dir. All files will be located here. Default: '${install_dir}' NOTE: Max 8 characters, use only [a-z0-9] -L <label> Set the ISO volume label @@ -109,6 +112,7 @@ usage: ${app_name} [options] <profile_dir> Default: '${out_dir}' -p [package ..] Package(s) to install. Multiple packages are provided as quoted, space delimited list. + -r Delete the working directory at the end. -v Enable verbose output -w <work_dir> Set the working directory Default: '${work_dir}' @@ -166,7 +170,7 @@ _cleanup_pacstrap_dir() { # Create /etc/machine-id with special value 'uninitialized': the final id is # generated on first boot, systemd's first-boot mechanism applies (see machine-id(5)) rm -f -- "${pacstrap_dir}/etc/machine-id" - printf 'uninitialized\n' > "${pacstrap_dir}/etc/machine-id" + printf 'uninitialized\n' >"${pacstrap_dir}/etc/machine-id" _msg_info "Done!" } @@ -201,7 +205,7 @@ _mkairootfs_ext4+squashfs() { [[ ! "${quiet}" == "y" ]] || mkfs_ext4_options+=('-q') rm -f -- "${pacstrap_dir}.img" E2FSPROGS_FAKE_TIME="${SOURCE_DATE_EPOCH}" mkfs.ext4 "${mkfs_ext4_options[@]}" -- "${pacstrap_dir}.img" 32G - tune2fs -c 0 -i 0 -- "${pacstrap_dir}.img" > /dev/null + tune2fs -c 0 -i 0 -- "${pacstrap_dir}.img" >/dev/null _msg_info "Done!" install -d -m 0755 -- "${isofs_dir}/${install_dir}/${arch}" @@ -242,9 +246,9 @@ _mkchecksum() { _msg_info "Creating checksum file for self-test..." cd -- "${isofs_dir}/${install_dir}/${arch}" if [[ -e "${isofs_dir}/${install_dir}/${arch}/airootfs.sfs" ]]; then - sha512sum airootfs.sfs > airootfs.sha512 + sha512sum airootfs.sfs >airootfs.sha512 elif [[ -e "${isofs_dir}/${install_dir}/${arch}/airootfs.erofs" ]]; then - sha512sum airootfs.erofs > airootfs.sha512 + sha512sum airootfs.erofs >airootfs.sha512 fi cd -- "${OLDPWD}" _msg_info "Done!" @@ -277,12 +281,12 @@ _run_once() { # Set up custom pacman.conf with custom cache and pacman hook directories. _make_pacman_conf() { local _cache_dirs _system_cache_dirs _profile_cache_dirs - _system_cache_dirs="$(pacman-conf CacheDir| tr '\n' ' ')" - _profile_cache_dirs="$(pacman-conf --config "${pacman_conf}" CacheDir| tr '\n' ' ')" + _system_cache_dirs="$(pacman-conf CacheDir | tr '\n' ' ')" + _profile_cache_dirs="$(pacman-conf --config "${pacman_conf}" CacheDir | tr '\n' ' ')" # Only use the profile's CacheDir, if it is not the default and not the same as the system cache dir. - if [[ "${_profile_cache_dirs}" != "/var/cache/pacman/pkg" ]] && \ - [[ "${_system_cache_dirs}" != "${_profile_cache_dirs}" ]]; then + if [[ "${_profile_cache_dirs}" != "/var/cache/pacman/pkg" ]] \ + && [[ "${_system_cache_dirs}" != "${_profile_cache_dirs}" ]]; then _cache_dirs="${_profile_cache_dirs}" else _cache_dirs="${_system_cache_dirs}" @@ -294,9 +298,9 @@ _make_pacman_conf() { # append CacheDir and HookDir to [options] section # HookDir is *always* set to the airootfs' override directory # see `man 8 pacman` for further info - pacman-conf --config "${pacman_conf}" | \ - sed "/CacheDir/d;/DBPath/d;/HookDir/d;/LogFile/d;/RootDir/d;/\[options\]/a CacheDir = ${_cache_dirs} - /\[options\]/a HookDir = ${pacstrap_dir}/etc/pacman.d/hooks/" > "${work_dir}/${buildmode}.pacman.conf" + pacman-conf --config "${pacman_conf}" \ + | sed "/CacheDir/d;/DBPath/d;/HookDir/d;/LogFile/d;/RootDir/d;/\[options\]/a CacheDir = ${_cache_dirs} + /\[options\]/a HookDir = ${pacstrap_dir}/etc/pacman.d/hooks/" >"${work_dir}/${buildmode}.pacman.conf" } # Prepare working directory and copy custom root file system files. @@ -311,7 +315,7 @@ _make_custom_airootfs() { cp -af --no-preserve=ownership,mode -- "${profile}/airootfs/." "${pacstrap_dir}" # Set ownership and mode for files and directories for filename in "${!file_permissions[@]}"; do - IFS=':' read -ra permissions <<< "${file_permissions["${filename}"]}" + IFS=':' read -ra permissions <<<"${file_permissions["${filename}"]}" # Prevent file path traversal outside of $pacstrap_dir if [[ "$(realpath -q -- "${pacstrap_dir}${filename}")" != "${pacstrap_dir}"* ]]; then _msg_error "Failed to set permissions on '${pacstrap_dir}${filename}'. Outside of valid path." 1 @@ -352,7 +356,7 @@ _make_packages() { # Unset TMPDIR to work around https://bugs.archlinux.org/task/70580 if [[ "${quiet}" = "y" ]]; then - env -u TMPDIR pacstrap -C "${work_dir}/${buildmode}.pacman.conf" -c -G -M -- "${pacstrap_dir}" "${buildmode_pkg_list[@]}" &> /dev/null + env -u TMPDIR pacstrap -C "${work_dir}/${buildmode}.pacman.conf" -c -G -M -- "${pacstrap_dir}" "${buildmode_pkg_list[@]}" &>/dev/null else env -u TMPDIR pacstrap -C "${work_dir}/${buildmode}.pacman.conf" -c -G -M -- "${pacstrap_dir}" "${buildmode_pkg_list[@]}" fi @@ -390,13 +394,13 @@ _make_customize_airootfs() { if [[ ! -d "${pacstrap_dir}${passwd[5]}" ]]; then install -d -m 0750 -o "${passwd[2]}" -g "${passwd[3]}" -- "${pacstrap_dir}${passwd[5]}" fi - cp -dnRT --preserve=mode,timestamps,links -- "${pacstrap_dir}/etc/skel/." "${pacstrap_dir}${passwd[5]}" + cp -dRT --update=none --preserve=mode,timestamps,links -- "${pacstrap_dir}/etc/skel/." "${pacstrap_dir}${passwd[5]}" chmod -f 0750 -- "${pacstrap_dir}${passwd[5]}" chown -hR -- "${passwd[2]}:${passwd[3]}" "${pacstrap_dir}${passwd[5]}" else _msg_error "Failed to set permissions on '${pacstrap_dir}${passwd[5]}'. Outside of valid path." 1 fi - done < "${profile}/airootfs/etc/passwd" + done <"${profile}/airootfs/etc/passwd" _msg_info "Done!" fi @@ -417,6 +421,10 @@ _make_bootmodes() { for bootmode in "${bootmodes[@]}"; do _run_once "_make_bootmode_${bootmode}" done + + if [[ "${bootmodes[*]}" != *grub* ]]; then + _run_once _make_common_grubenv_and_loopbackcfg + fi } # Copy kernel and initramfs to ISO 9660 @@ -427,16 +435,18 @@ _make_boot_on_iso9660() { install -m 0644 -- "${pacstrap_dir}/boot/initramfs-"*".img" "${isofs_dir}/${install_dir}/boot/${arch}/" install -m 0644 -- "${pacstrap_dir}/boot/vmlinuz-"* "${isofs_dir}/${install_dir}/boot/${arch}/" - for ucode_image in "${ucodes[@]}"; do - if [[ -e "${pacstrap_dir}/boot/${ucode_image}" ]]; then - install -m 0644 -- "${pacstrap_dir}/boot/${ucode_image}" "${isofs_dir}/${install_dir}/boot/" - if [[ -e "${pacstrap_dir}/usr/share/licenses/${ucode_image%.*}/" ]]; then - install -d -m 0755 -- "${isofs_dir}/${install_dir}/boot/licenses/${ucode_image%.*}/" - install -m 0644 -- "${pacstrap_dir}/usr/share/licenses/${ucode_image%.*}/"* \ - "${isofs_dir}/${install_dir}/boot/licenses/${ucode_image%.*}/" + if (( need_external_ucodes )); then + for ucode_image in "${ucodes[@]}"; do + if [[ -e "${pacstrap_dir}/boot/${ucode_image}" ]]; then + install -m 0644 -- "${pacstrap_dir}/boot/${ucode_image}" "${isofs_dir}/${install_dir}/boot/" + if [[ -e "${pacstrap_dir}/usr/share/licenses/${ucode_image%.*}/" ]]; then + install -d -m 0755 -- "${isofs_dir}/${install_dir}/boot/licenses/${ucode_image%.*}/" + install -m 0644 -- "${pacstrap_dir}/usr/share/licenses/${ucode_image%.*}/"* \ + "${isofs_dir}/${install_dir}/boot/licenses/${ucode_image%.*}/" + fi fi - fi - done + done + fi _msg_info "Done!" } @@ -446,9 +456,10 @@ _make_bootmode_bios.syslinux.mbr() { install -d -m 0755 -- "${isofs_dir}/boot/syslinux" for _cfg in "${profile}/syslinux/"*.cfg; do sed "s|%ARCHISO_LABEL%|${iso_label}|g; + s|%ARCHISO_UUID%|${iso_uuid}|g; s|%INSTALL_DIR%|${install_dir}|g; s|%ARCH%|${arch}|g" \ - "${_cfg}" > "${isofs_dir}/boot/syslinux/${_cfg##*/}" + "${_cfg}" >"${isofs_dir}/boot/syslinux/${_cfg##*/}" done if [[ -e "${profile}/syslinux/splash.png" ]]; then install -m 0644 -- "${profile}/syslinux/splash.png" "${isofs_dir}/boot/syslinux/" @@ -474,7 +485,7 @@ _make_bootmode_bios.syslinux.mbr() { install -d -m 0755 -- "${isofs_dir}/boot/memtest86+/" # rename for PXE: https://wiki.archlinux.org/title/Syslinux#Using_memtest install -m 0644 -- "${pacstrap_dir}/boot/memtest86+/memtest.bin" "${isofs_dir}/boot/memtest86+/memtest" - install -m 0644 -- "${pacstrap_dir}/usr/share/licenses/common/GPL2/license.txt" "${isofs_dir}/boot/memtest86+/" + install -m 0644 -- "${pacstrap_dir}/usr/share/licenses/spdx/GPL-2.0-only.txt" "${isofs_dir}/boot/memtest86+/LICENSE" fi _msg_info "Done! SYSLINUX set up for BIOS booting from a disk successfully." } @@ -500,13 +511,15 @@ _make_boot_on_fat() { "::/${install_dir}" "::/${install_dir}/boot" "::/${install_dir}/boot/${arch}" mcopy -i "${efibootimg}" "${pacstrap_dir}/boot/vmlinuz-"* \ "${pacstrap_dir}/boot/initramfs-"*".img" "::/${install_dir}/boot/${arch}/" - for ucode_image in "${ucodes[@]}"; do - if [[ -e "${pacstrap_dir}/boot/${ucode_image}" ]]; then - all_ucode_images+=("${pacstrap_dir}/boot/${ucode_image}") + if (( need_external_ucodes )); then + for ucode_image in "${ucodes[@]}"; do + if [[ -e "${pacstrap_dir}/boot/${ucode_image}" ]]; then + all_ucode_images+=("${pacstrap_dir}/boot/${ucode_image}") + fi + done + if (( ${#all_ucode_images[@]} )); then + mcopy -i "${efibootimg}" "${all_ucode_images[@]}" "::/${install_dir}/boot/" fi - done - if (( ${#all_ucode_images[@]} )); then - mcopy -i "${efibootimg}" "${all_ucode_images[@]}" "::/${install_dir}/boot/" fi _msg_info "Done!" } @@ -523,10 +536,11 @@ _make_efibootimg() { fi # Convert from bytes to KiB and round up to the next full MiB with an additional MiB for reserved sectors. - imgsize_kib="$(awk 'function ceil(x){return int(x)+(x>int(x))} + imgsize_kib="$( + awk 'function ceil(x){return int(x)+(x>int(x))} function byte_to_kib(x){return x/1024} function mib_to_kib(x){return x*1024} - END {print mib_to_kib(ceil((byte_to_kib($1)+1024)/1024))}' <<< "${imgsize_bytes}" + END {print mib_to_kib(ceil((byte_to_kib($1)+1024)/1024))}' <<<"${imgsize_bytes}" )" # The FAT image must be created with mkfs.fat not mformat, as some systems have issues with mformat made images: # https://lists.gnu.org/archive/html/grub-devel/2019-04/msg00099.html @@ -535,7 +549,7 @@ _make_efibootimg() { if [[ "${quiet}" == "y" ]]; then # mkfs.fat does not have a -q/--quiet option, so redirect stdout to /dev/null instead # https://github.com/dosfstools/dosfstools/issues/103 - mkfs.fat -C -n ARCHISO_EFI "${efibootimg}" "${imgsize_kib}" > /dev/null + mkfs.fat -C -n ARCHISO_EFI "${efibootimg}" "${imgsize_kib}" >/dev/null else mkfs.fat -C -n ARCHISO_EFI "${efibootimg}" "${imgsize_kib}" fi @@ -544,39 +558,45 @@ _make_efibootimg() { mmd -i "${efibootimg}" ::/EFI ::/EFI/BOOT } +# Check if initramfs files contain microcode update files +_check_if_initramfs_has_ucode() { + local initrd + + for initrd in $(compgen -G "${pacstrap_dir}"'/boot/initramfs-*.img'); do + if ! bsdtar -tf "$initrd" 'early_cpio' 'kernel/x86/microcode/*.bin' &>/dev/null; then + need_external_ucodes=1 + _msg_info "Initramfs file does not contain microcode update files. External microcode initramfs images will be copied." + return + fi + done +} + # Copy GRUB files to ISO 9660 which is used by both IA32 UEFI and x64 UEFI _make_common_bootmode_grub_copy_to_isofs() { local files_to_copy=() files_to_copy+=("${work_dir}/grub/"*) - if compgen -G "${profile}/grub/!(*.cfg)" &> /dev/null; then + if compgen -G "${profile}/grub/!(*.cfg)" &>/dev/null; then files_to_copy+=("${profile}/grub/"!(*.cfg)) fi install -d -m 0755 -- "${isofs_dir}/boot/grub" - install -m 0644 -- "${files_to_copy[@]}" "${isofs_dir}/boot/grub/" + cp -r --remove-destination -- "${files_to_copy[@]}" "${isofs_dir}/boot/grub/" } # Prepare GRUB configuration files -_make_common_bootmode_grub_cfg(){ - local _cfg archiso_uuid search_filename +_make_common_bootmode_grub_cfg() { + local _cfg install -d -- "${work_dir}/grub" - # Precalculate the ISO's modification date in UTC, i.e. its "UUID" - TZ=UTC printf -v archiso_uuid '%(%F-%H-%M-%S-00)T' "$SOURCE_DATE_EPOCH" - # Create a /boot/grub/YYYY-mm-dd-HH-MM-SS-00.uuid file on ISO 9660. GRUB will search for it to find the ISO - # volume. This is similar to what grub-mkrescue does, except it places the file in /.disk/, but we opt to use a - # directory that does not start with a dot to avoid it being accidentally missed when copying the ISO's contents. - : > "${work_dir}/grub/${archiso_uuid}.uuid" - search_filename="/boot/grub/${archiso_uuid}.uuid" - # Fill GRUB configuration files for _cfg in "${profile}/grub/"*'.cfg'; do sed "s|%ARCHISO_LABEL%|${iso_label}|g; + s|%ARCHISO_UUID%|${iso_uuid}|g; s|%INSTALL_DIR%|${install_dir}|g; s|%ARCH%|${arch}|g; s|%ARCHISO_SEARCH_FILENAME%|${search_filename}|g" \ - "${_cfg}" > "${work_dir}/grub/${_cfg##*/}" + "${_cfg}" >"${work_dir}/grub/${_cfg##*/}" done # Prepare grub.cfg that will be embedded inside the GRUB binaries @@ -619,8 +639,25 @@ else fi EOF grubembedcfg="${grubembedcfg//'%ARCHISO_SEARCH_FILENAME%'/"${search_filename}"}" - printf '%s\n' "$grubembedcfg" > "${work_dir}/grub-embed.cfg" + printf '%s\n' "$grubembedcfg" >"${work_dir}/grub-embed.cfg" + + # Write grubenv + printf '%.1024s' \ + "$(printf '# GRUB Environment Block\nNAME=%s\nVERSION=%s\nARCHISO_LABEL=%s\nINSTALL_DIR=%s\nARCH=%s\nARCHISO_SEARCH_FILENAME=%s\n%s' \ + "${iso_name}" \ + "${iso_version}" \ + "${iso_label}" \ + "${install_dir}" \ + "${arch}" \ + "${search_filename}" \ + "$(printf '%0.1s' "#"{1..1024})")" \ + >"${work_dir}/grub/grubenv" +} + +# Create GRUB specific configuration files when GRUB is not used as a boot loader +_make_common_grubenv_and_loopbackcfg() { + install -d -m 0755 -- "${isofs_dir}/boot/grub" # Write grubenv printf '%.1024s' \ "$(printf '# GRUB Environment Block\nNAME=%s\nVERSION=%s\nARCHISO_LABEL=%s\nINSTALL_DIR=%s\nARCH=%s\nARCHISO_SEARCH_FILENAME=%s\n%s' \ @@ -631,7 +668,17 @@ EOF "${arch}" \ "${search_filename}" \ "$(printf '%0.1s' "#"{1..1024})")" \ - > "${work_dir}/grub/grubenv" + >"${isofs_dir}/boot/grub/grubenv" + + # Copy loopback.cfg to /boot/grub/ on ISO 9660 + if [[ -e "${profile}/grub/loopback.cfg" ]]; then + sed "s|%ARCHISO_LABEL%|${iso_label}|g; + s|%ARCHISO_UUID%|${iso_uuid}|g; + s|%INSTALL_DIR%|${install_dir}|g; + s|%ARCH%|${arch}|g; + s|%ARCHISO_SEARCH_FILENAME%|${search_filename}|g" \ + "${profile}/grub/loopback.cfg" >"${isofs_dir}/boot/grub/loopback.cfg" + fi } _make_bootmode_uefi-ia32.grub.esp() { @@ -648,12 +695,12 @@ _make_bootmode_uefi-ia32.grub.esp() { search_fs_file search_fs_uuid search_label serial sleep tpm udf usb usbserial_common usbserial_ftdi \ usbserial_pl2303 usbserial_usbdebug video xfs zstd) grub-mkstandalone -O i386-efi \ - --modules="${grubmodules[*]}" \ - --locales="en@quot" \ - --themes="" \ - --sbat=/usr/share/grub/sbat.csv \ - --disable-shim-lock \ - -o "${work_dir}/BOOTIA32.EFI" "boot/grub/grub.cfg=${work_dir}/grub-embed.cfg" + --modules="${grubmodules[*]}" \ + --locales="en@quot" \ + --themes="" \ + --sbat=/usr/share/grub/sbat.csv \ + --disable-shim-lock \ + -o "${work_dir}/BOOTIA32.EFI" "boot/grub/grub.cfg=${work_dir}/grub-embed.cfg" # Add GRUB to the list of files used to calculate the required FAT image size. efiboot_files+=("${work_dir}/BOOTIA32.EFI" "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi") @@ -725,12 +772,12 @@ _make_bootmode_uefi-x64.grub.esp() { search_fs_file search_fs_uuid search_label serial sleep tpm udf usb usbserial_common usbserial_ftdi \ usbserial_pl2303 usbserial_usbdebug video xfs zstd) grub-mkstandalone -O x86_64-efi \ - --modules="${grubmodules[*]}" \ - --locales="en@quot" \ - --themes="" \ - --sbat=/usr/share/grub/sbat.csv \ - --disable-shim-lock \ - -o "${work_dir}/BOOTx64.EFI" "boot/grub/grub.cfg=${work_dir}/grub-embed.cfg" + --modules="${grubmodules[*]}" \ + --locales="en@quot" \ + --themes="" \ + --sbat=/usr/share/grub/sbat.csv \ + --disable-shim-lock \ + -o "${work_dir}/BOOTx64.EFI" "boot/grub/grub.cfg=${work_dir}/grub-embed.cfg" # Add GRUB to the list of files used to calculate the required FAT image size. efiboot_files+=("${work_dir}/BOOTx64.EFI" "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi") @@ -754,7 +801,7 @@ _make_bootmode_uefi-x64.grub.esp() { if [[ -e "${pacstrap_dir}/boot/memtest86+/memtest.efi" ]]; then install -d -m 0755 -- "${isofs_dir}/boot/memtest86+/" install -m 0644 -- "${pacstrap_dir}/boot/memtest86+/memtest.efi" "${isofs_dir}/boot/memtest86+/memtest.efi" - install -m 0644 -- "${pacstrap_dir}/usr/share/licenses/common/GPL2/license.txt" "${isofs_dir}/boot/memtest86+/" + install -m 0644 -- "${pacstrap_dir}/usr/share/licenses/spdx/GPL-2.0-only.txt" "${isofs_dir}/boot/memtest86+/LICENSE" fi _msg_info "Done! GRUB set up for UEFI booting successfully." @@ -789,42 +836,81 @@ _make_bootmode_uefi-x64.grub.eltorito() { _msg_info "Done!" } -# Prepare systemd-boot for booting when written to a disk (isohybrid) -_make_bootmode_uefi-x64.systemd-boot.esp() { +_make_common_bootmode_systemd-boot() { local _file efiboot_imgsize local _available_ucodes=() - _msg_info "Setting up systemd-boot for UEFI booting..." - for _file in "${ucodes[@]}"; do - if [[ -e "${pacstrap_dir}/boot/${_file}" ]]; then - _available_ucodes+=("${pacstrap_dir}/boot/${_file}") - fi - done + if (( need_external_ucodes )); then + for _file in "${ucodes[@]}"; do + if [[ -e "${pacstrap_dir}/boot/${_file}" ]]; then + _available_ucodes+=("${pacstrap_dir}/boot/${_file}") + fi + done + fi # Calculate the required FAT image size in bytes - efiboot_files+=("${pacstrap_dir}/usr/lib/systemd/boot/efi/systemd-bootx64.efi" - "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" - "${profile}/efiboot/" + # shellcheck disable=SC2076 + if [[ " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.esp ' || " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.eltorito ' ]]; then + efiboot_files+=("${pacstrap_dir}/usr/lib/systemd/boot/efi/systemd-bootx64.efi" + "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" + "${pacstrap_dir}/boot/memtest86+/memtest.efi" + "${pacstrap_dir}/usr/share/licenses/spdx/GPL-2.0-only.txt") + fi + # shellcheck disable=SC2076 + if [[ " ${bootmodes[*]} " =~ ' uefi-ia32.systemd-boot.esp ' || " ${bootmodes[*]} " =~ ' uefi-ia32.systemd-boot.eltorito ' ]]; then + efiboot_files+=("${pacstrap_dir}/usr/lib/systemd/boot/efi/systemd-bootia32.efi" + "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi") + fi + + efiboot_files+=("${work_dir}/loader/" "${pacstrap_dir}/boot/vmlinuz-"* "${pacstrap_dir}/boot/initramfs-"*".img" "${_available_ucodes[@]}") - efiboot_imgsize="$(du -bcs -- "${efiboot_files[@]}" \ - 2>/dev/null | awk 'END { print $1 }')" + efiboot_imgsize="$(du -bcs -- "${efiboot_files[@]}" 2>/dev/null | awk 'END { print $1 }')" # Create a FAT image for the EFI system partition _make_efibootimg "$efiboot_imgsize" +} - # Copy systemd-boot EFI binary to the default/fallback boot path - mcopy -i "${efibootimg}" \ - "${pacstrap_dir}/usr/lib/systemd/boot/efi/systemd-bootx64.efi" ::/EFI/BOOT/BOOTx64.EFI +_make_common_bootmode_systemd-boot_conf() { + local _conf - # Copy systemd-boot configuration files - mmd -i "${efibootimg}" ::/loader ::/loader/entries - mcopy -i "${efibootimg}" "${profile}/efiboot/loader/loader.conf" ::/loader/ + install -d -m 0755 -- "${work_dir}/loader" "${work_dir}/loader/entries" + + install -m 0644 -- "${profile}/efiboot/loader/loader.conf" "${work_dir}/loader" for _conf in "${profile}/efiboot/loader/entries/"*".conf"; do sed "s|%ARCHISO_LABEL%|${iso_label}|g; + s|%ARCHISO_UUID%|${iso_uuid}|g; s|%INSTALL_DIR%|${install_dir}|g; s|%ARCH%|${arch}|g" \ - "${_conf}" | mcopy -i "${efibootimg}" - "::/loader/entries/${_conf##*/}" + "${_conf}" >"${work_dir}/loader/entries/${_conf##*/}" done +} + +# Copy systemd-boot configuration files to ISO 9660 +_make_common_bootmode_systemd-boot_conf.isofs() { + cp -r --remove-destination -- "${work_dir}/loader" "${isofs_dir}/" +} + +# Copy systemd-boot configuration files to FAT image +_make_common_bootmode_systemd-boot_conf.esp() { + mcopy -i "${efibootimg}" -s "${work_dir}/loader" ::/ +} + +# Prepare systemd-boot for booting when written to a disk (isohybrid) +_make_bootmode_uefi-x64.systemd-boot.esp() { + _msg_info "Setting up systemd-boot for x64 UEFI booting..." + + # Prepare configuration files + _run_once _make_common_bootmode_systemd-boot_conf + + # Prepare a FAT image for the EFI system partition + _run_once _make_common_bootmode_systemd-boot + + # Copy systemd-boot EFI binary to the default/fallback boot path + mcopy -i "${efibootimg}" \ + "${pacstrap_dir}/usr/lib/systemd/boot/efi/systemd-bootx64.efi" ::/EFI/BOOT/BOOTx64.EFI + + # Copy systemd-boot configuration files + _run_once _make_common_bootmode_systemd-boot_conf.esp # shellx64.efi is picked up automatically when on / if [[ -e "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" ]]; then @@ -832,15 +918,27 @@ _make_bootmode_uefi-x64.systemd-boot.esp() { "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" ::/shellx64.efi fi + # Copy Memtest86+ + if [[ -e "${pacstrap_dir}/boot/memtest86+/memtest.efi" ]]; then + mmd -i "${efibootimg}" ::/boot ::/boot/memtest86+ + mcopy -i "${efibootimg}" \ + "${pacstrap_dir}/boot/memtest86+/memtest.efi" ::/boot/memtest86+/ + mcopy -i "${efibootimg}" \ + "${pacstrap_dir}/usr/share/licenses/spdx/GPL-2.0-only.txt" ::/boot/memtest86+/LICENSE + fi + # Copy kernel and initramfs to FAT image. # systemd-boot can only access files from the EFI system partition it was launched from. - _make_boot_on_fat + _run_once _make_boot_on_fat - _msg_info "Done! systemd-boot set up for UEFI booting successfully." + _msg_info "Done! systemd-boot set up for x64 UEFI booting successfully." } # Prepare systemd-boot for El Torito booting _make_bootmode_uefi-x64.systemd-boot.eltorito() { + # Prepare configuration files + _run_once _make_common_bootmode_systemd-boot_conf + # El Torito UEFI boot requires an image containing the EFI system partition. # uefi-x64.systemd-boot.eltorito has the same requirements as uefi-x64.systemd-boot.esp _run_once _make_bootmode_uefi-x64.systemd-boot.esp @@ -856,14 +954,7 @@ _make_bootmode_uefi-x64.systemd-boot.eltorito() { "${isofs_dir}/EFI/BOOT/BOOTx64.EFI" # Copy systemd-boot configuration files - install -d -m 0755 -- "${isofs_dir}/loader/entries" - install -m 0644 -- "${profile}/efiboot/loader/loader.conf" "${isofs_dir}/loader/" - for _conf in "${profile}/efiboot/loader/entries/"*".conf"; do - sed "s|%ARCHISO_LABEL%|${iso_label}|g; - s|%INSTALL_DIR%|${install_dir}|g; - s|%ARCH%|${arch}|g" \ - "${_conf}" > "${isofs_dir}/loader/entries/${_conf##*/}" - done + _run_once _make_common_bootmode_systemd-boot_conf.isofs # edk2-shell based UEFI shell # shellx64.efi is picked up automatically when on / @@ -871,6 +962,72 @@ _make_bootmode_uefi-x64.systemd-boot.eltorito() { install -m 0644 -- "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" "${isofs_dir}/shellx64.efi" fi + # Copy Memtest86+ + if [[ -e "${pacstrap_dir}/boot/memtest86+/memtest.efi" ]]; then + install -d -m 0755 -- "${isofs_dir}/boot/memtest86+/" + install -m 0644 -- "${pacstrap_dir}/boot/memtest86+/memtest.efi" "${isofs_dir}/boot/memtest86+/memtest.efi" + install -m 0644 -- "${pacstrap_dir}/usr/share/licenses/spdx/GPL-2.0-only.txt" "${isofs_dir}/boot/memtest86+/LICENSE" + fi + + _msg_info "Done!" +} + +_make_bootmode_uefi-ia32.systemd-boot.esp() { + _msg_info "Setting up systemd-boot for IA32 UEFI booting..." + + # Prepare configuration files + _run_once _make_common_bootmode_systemd-boot_conf + + # Prepare a FAT image for the EFI system partition + _run_once _make_common_bootmode_systemd-boot + + # Copy systemd-boot EFI binary to the default/fallback boot path + mcopy -i "${efibootimg}" \ + "${pacstrap_dir}/usr/lib/systemd/boot/efi/systemd-bootia32.efi" ::/EFI/BOOT/BOOTIA32.EFI + + # Copy systemd-boot configuration files + _run_once _make_common_bootmode_systemd-boot_conf.esp + + # shellia32.efi is picked up automatically when on / + if [[ -e "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi" ]]; then + mcopy -i "${efibootimg}" \ + "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi" ::/shellia32.efi + fi + + # Copy kernel and initramfs to FAT image. + # systemd-boot can only access files from the EFI system partition it was launched from. + _run_once _make_boot_on_fat + + _msg_info "Done! systemd-boot set up for IA32 UEFI booting successfully." +} + +_make_bootmode_uefi-ia32.systemd-boot.eltorito() { + # Prepare configuration files + _run_once _make_common_bootmode_systemd-boot_conf + + # El Torito UEFI boot requires an image containing the EFI system partition. + # uefi-ia32.systemd-boot.eltorito has the same requirements as uefi-ia32.systemd-boot.esp + _run_once _make_bootmode_uefi-ia32.systemd-boot.esp + + # Additionally set up systemd-boot in ISO 9660. This allows creating a medium for the live environment by using + # manual partitioning and simply copying the ISO 9660 file system contents. + # This is not related to El Torito booting and no firmware uses these files. + _msg_info "Preparing an /EFI directory for the ISO 9660 file system..." + install -d -m 0755 -- "${isofs_dir}/EFI/BOOT" + + # Copy systemd-boot EFI binary to the default/fallback boot path + install -m 0644 -- "${pacstrap_dir}/usr/lib/systemd/boot/efi/systemd-bootia32.efi" \ + "${isofs_dir}/EFI/BOOT/BOOTIA32.EFI" + + # Copy systemd-boot configuration files + _run_once _make_common_bootmode_systemd-boot_conf.isofs + + # edk2-shell based UEFI shell + # shellia32.efi is picked up automatically when on / + if [[ -e "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi" ]]; then + install -m 0644 -- "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi" "${isofs_dir}/shellia32.efi" + fi + _msg_info "Done!" } @@ -917,20 +1074,15 @@ _validate_requirements_bootmode_bios.syslinux.eltorito() { _validate_requirements_bootmode_bios.syslinux.mbr } -_validate_requirements_bootmode_uefi-x64.systemd-boot.esp() { - # shellcheck disable=SC2076 - if [[ " ${bootmodes[*]} " =~ ' uefi-x64.grub.esp ' ]]; then - _msg_error "Validating '${bootmode}': cannot be used with bootmode uefi-x64.grub.esp!" 0 - fi - +_validate_requirements_common_systemd-boot() { # Check if mkfs.fat is available - if ! command -v mkfs.fat &> /dev/null; then + if ! command -v mkfs.fat &>/dev/null; then (( validation_error=validation_error+1 )) _msg_error "Validating '${bootmode}': mkfs.fat is not available on this host. Install 'dosfstools'!" 0 fi # Check if mmd and mcopy are available - if ! { command -v mmd &> /dev/null && command -v mcopy &> /dev/null; }; then + if ! { command -v mmd &>/dev/null && command -v mcopy &>/dev/null; }; then (( validation_error=validation_error+1 )) _msg_error "Validating '${bootmode}': mmd and/or mcopy are not available on this host. Install 'mtools'!" 0 fi @@ -962,6 +1114,19 @@ _validate_requirements_bootmode_uefi-x64.systemd-boot.esp() { fi } +_validate_requirements_bootmode_uefi-x64.systemd-boot.esp() { + # shellcheck disable=SC2076 + if [[ " ${bootmodes[*]} " =~ ' uefi-x64.grub.esp ' ]]; then + _msg_error "Validating '${bootmode}': cannot be used with bootmode uefi-x64.grub.esp!" 0 + fi + _validate_requirements_common_systemd-boot + + # shellcheck disable=SC2076 + if [[ ! " ${pkg_list[*]} " =~ ' memtest86+-efi ' ]]; then + _msg_info "Validating '${bootmode}': 'memtest86+-efi' is not in the package list. Memory testing will not be available from systemd-boot." + fi +} + _validate_requirements_bootmode_uefi-x64.systemd-boot.eltorito() { # shellcheck disable=SC2076 if [[ " ${bootmodes[*]} " =~ ' uefi-x64.grub.eltorito ' ]]; then @@ -972,9 +1137,28 @@ _validate_requirements_bootmode_uefi-x64.systemd-boot.eltorito() { _validate_requirements_bootmode_uefi-x64.systemd-boot.esp } +_validate_requirements_bootmode_uefi-ia32.systemd-boot.esp() { + # shellcheck disable=SC2076 + if [[ " ${bootmodes[*]} " =~ ' uefi-ia32.grub.esp ' ]]; then + _msg_error "Validating '${bootmode}': cannot be used with bootmode uefi-ia32.grub.esp!" 0 + fi + + _validate_requirements_common_systemd-boot +} + +_validate_requirements_bootmode_uefi-ia32.systemd-boot.eltorito() { + # shellcheck disable=SC2076 + if [[ " ${bootmodes[*]} " =~ ' uefi-ia32.grub.eltorito ' ]]; then + _msg_error "Validating '${bootmode}': cannot be used with bootmode uefi-ia32.grub.eltorito!" 0 + fi + + # uefi-ia32.systemd-boot.eltorito has the exact same requirements as uefi-ia32.systemd-boot.esp + _validate_requirements_bootmode_uefi-ia32.systemd-boot.esp +} + _validate_requirements_bootmode_uefi-ia32.grub.esp() { # Check if GRUB is available - if ! command -v grub-mkstandalone &> /dev/null; then + if ! command -v grub-mkstandalone &>/dev/null; then (( validation_error=validation_error+1 )) _msg_error "Validating '${bootmode}': grub-install is not available on this host. Install 'grub'!" 0 fi @@ -1001,19 +1185,19 @@ _validate_requirements_bootmode_uefi-x64.grub.esp() { fi # Check if GRUB is available - if ! command -v grub-mkstandalone &> /dev/null; then + if ! command -v grub-mkstandalone &>/dev/null; then (( validation_error=validation_error+1 )) _msg_error "Validating '${bootmode}': grub-install is not available on this host. Install 'grub'!" 0 fi # Check if mkfs.fat is available - if ! command -v mkfs.fat &> /dev/null; then + if ! command -v mkfs.fat &>/dev/null; then (( validation_error=validation_error+1 )) _msg_error "Validating '${bootmode}': mkfs.fat is not available on this host. Install 'dosfstools'!" 0 fi # Check if mmd and mcopy are available - if ! { command -v mmd &> /dev/null && command -v mcopy &> /dev/null; }; then + if ! { command -v mmd &>/dev/null && command -v mcopy &>/dev/null; }; then _msg_error "Validating '${bootmode}': mmd and/or mcopy are not available on this host. Install 'mtools'!" 0 fi @@ -1142,14 +1326,14 @@ _sign_netboot_artifacts() { } _validate_requirements_airootfs_image_type_squashfs() { - if ! command -v mksquashfs &> /dev/null; then + if ! command -v mksquashfs &>/dev/null; then (( validation_error=validation_error+1 )) _msg_error "Validating '${airootfs_image_type}': mksquashfs is not available on this host. Install 'squashfs-tools'!" 0 fi } _validate_requirements_airootfs_image_type_ext4+squashfs() { - if ! { command -v mkfs.ext4 &> /dev/null && command -v tune2fs &> /dev/null; }; then + if ! { command -v mkfs.ext4 &>/dev/null && command -v tune2fs &>/dev/null; }; then (( validation_error=validation_error+1 )) _msg_error "Validating '${airootfs_image_type}': mkfs.ext4 and/or tune2fs is not available on this host. Install 'e2fsprogs'!" 0 fi @@ -1157,22 +1341,22 @@ _validate_requirements_airootfs_image_type_ext4+squashfs() { } _validate_requirements_airootfs_image_type_erofs() { - if ! command -v mkfs.erofs &> /dev/null; then + if ! command -v mkfs.erofs &>/dev/null; then (( validation_error=validation_error+1 )) _msg_error "Validating '${airootfs_image_type}': mkfs.erofs is not available on this host. Install 'erofs-utils'!" 0 fi } _validate_common_requirements_buildmode_all() { - if ! command -v pacman &> /dev/null; then + if ! command -v pacman &>/dev/null; then (( validation_error=validation_error+1 )) _msg_error "Validating build mode '${_buildmode}': pacman is not available on this host. Install 'pacman'!" 0 fi - if ! command -v find &> /dev/null; then + if ! command -v find &>/dev/null; then (( validation_error=validation_error+1 )) _msg_error "Validating build mode '${_buildmode}': find is not available on this host. Install 'findutils'!" 0 fi - if ! command -v gzip &> /dev/null; then + if ! command -v gzip &>/dev/null; then (( validation_error=validation_error+1 )) _msg_error "Validating build mode '${_buildmode}': gzip is not available on this host. Install 'gzip'!" 0 fi @@ -1196,10 +1380,36 @@ _validate_requirements_buildmode_bootstrap() { fi _validate_common_requirements_buildmode_all - if ! command -v bsdtar &> /dev/null; then + if ! command -v bsdtar &>/dev/null; then (( validation_error=validation_error+1 )) _msg_error "Validating build mode '${_buildmode}': bsdtar is not available on this host. Install 'libarchive'!" 0 fi + + # Check if the compressor is installed + if (( ${#bootstrap_tarball_compression[@]} )); then + case "${bootstrap_tarball_compression[0]}" in + 'bzip'|'gzip'|'lrzip'|'lzip'|'lzop'|'zstd'|'zstdmt') + if ! command -v "${bootstrap_tarball_compression[0]}" &>/dev/null; then + (( validation_error=validation_error+1 )) + _msg_error "Validating build mode '${_buildmode}': '${bootstrap_tarball_compression[0]}' is not available on this host. Install '${bootstrap_tarball_compression[0]/zstdmt/zstd}'!" 0 + fi + ;; + 'cat') + if ! command -v cat &>/dev/null; then + (( validation_error=validation_error+1 )) + _msg_error "Validating build mode '${_buildmode}': 'cat' is not available on this host. Install 'coreutils'!" 0 + fi + if (( ${#bootstrap_tarball_compression[@]} > 1 )); then + (( validation_error=validation_error+1 )) + _msg_error "Validating build mode '${_buildmode}': 'cat' compression does not accept arguments!" 0 + fi + ;; + *) + (( validation_error=validation_error+1 )) + _msg_error "Validating build mode '${_buildmode}': '${bootstrap_tarball_compression[0]}' is not a supported compression method!" 0 + ;; + esac + fi } _validate_common_requirements_buildmode_iso_netboot() { @@ -1233,15 +1443,15 @@ _validate_common_requirements_buildmode_iso_netboot() { _msg_error "Two certificates are required for codesigning netboot artifacts, but '${cert_list[*]}' is provided." 0 fi - if ! command -v openssl &> /dev/null; then + if ! command -v openssl &>/dev/null; then (( validation_error=validation_error+1 )) _msg_error "Validating build mode '${_buildmode}': openssl is not available on this host. Install 'openssl'!" 0 fi fi # Check if the specified airootfs_image_type is supported - if typeset -f "_mkairootfs_${airootfs_image_type}" &> /dev/null; then - if typeset -f "_validate_requirements_airootfs_image_type_${airootfs_image_type}" &> /dev/null; then + if typeset -f "_mkairootfs_${airootfs_image_type}" &>/dev/null; then + if typeset -f "_validate_requirements_airootfs_image_type_${airootfs_image_type}" &>/dev/null; then "_validate_requirements_airootfs_image_type_${airootfs_image_type}" else _msg_warning "Function '_validate_requirements_airootfs_image_type_${airootfs_image_type}' does not exist. Validating the requirements of '${airootfs_image_type}' airootfs image type will not be possible." @@ -1261,8 +1471,8 @@ _validate_requirements_buildmode_iso() { _msg_error "No boot modes specified in '${profile}/profiledef.sh'." 0 fi for bootmode in "${bootmodes[@]}"; do - if typeset -f "_make_bootmode_${bootmode}" &> /dev/null; then - if typeset -f "_validate_requirements_bootmode_${bootmode}" &> /dev/null; then + if typeset -f "_make_bootmode_${bootmode}" &>/dev/null; then + if typeset -f "_validate_requirements_bootmode_${bootmode}" &>/dev/null; then "_validate_requirements_bootmode_${bootmode}" else _msg_warning "Function '_validate_requirements_bootmode_${bootmode}' does not exist. Validating the requirements of '${bootmode}' boot mode will not be possible." @@ -1273,7 +1483,7 @@ _validate_requirements_buildmode_iso() { fi done - if ! command -v awk &> /dev/null; then + if ! command -v awk &>/dev/null; then (( validation_error=validation_error+1 )) _msg_error "Validating build mode '${_buildmode}': awk is not available on this host. Install 'awk'!" 0 fi @@ -1346,7 +1556,7 @@ _add_xorrisofs_options_uefi-x64.systemd-boot.esp() { # A valid GPT prevents BIOS booting on some systems, instead use an invalid GPT (without a protective MBR). # The attached partition will have the EFI system partition type code in MBR, but in the invalid GPT it will # have a Microsoft basic partition type code. - if [[ ! " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.eltorito ' && ! " ${bootmodes[*]} " =~ ' uefi-ia32.grub.eltorito ' ]]; then + if [[ ! " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.eltorito ' && ! " ${bootmodes[*]} " =~ ' uefi-ia32.grub.eltorito ' ]]; then # If '-isohybrid-gpt-basdat' is specified before '-e', then the appended EFI system partition will have the # EFI system partition type ID/GUID in both MBR and GPT. If '-isohybrid-gpt-basdat' is specified after '-e', # the appended EFI system partition will have the Microsoft basic data type GUID in GPT. @@ -1417,7 +1627,7 @@ _add_xorrisofs_options_uefi-x64.grub.esp() { # A valid GPT prevents BIOS booting on some systems, instead use an invalid GPT (without a protective MBR). # The attached partition will have the EFI system partition type code in MBR, but in the invalid GPT it will # have a Microsoft basic partition type code. - if [[ ! " ${bootmodes[*]} " =~ ' uefi-x64.grub.eltorito ' && ! " ${bootmodes[*]} " =~ ' uefi-ia32.grub.eltorito ' ]]; then + if [[ ! " ${bootmodes[*]} " =~ ' uefi-x64.grub.eltorito ' && ! " ${bootmodes[*]} " =~ ' uefi-ia32.grub.eltorito ' ]]; then # If '-isohybrid-gpt-basdat' is specified before '-e', then the appended EFI system partition will have the # EFI system partition type ID/GUID in both MBR and GPT. If '-isohybrid-gpt-basdat' is specified after '-e', # the appended EFI system partition will have the Microsoft basic data type GUID in GPT. @@ -1476,17 +1686,34 @@ _add_xorrisofs_options_uefi-x64.grub.eltorito() { # Build bootstrap image _build_bootstrap_image() { - local _bootstrap_parent - _bootstrap_parent="$(dirname -- "${pacstrap_dir}")" + local tarball_ext + + # Set default tarball compression to uncompressed + if (( ! "${#bootstrap_tarball_compression[@]}" )); then + bootstrap_tarball_compression=('cat') + fi + + # Set tarball extension + case "${bootstrap_tarball_compression[0]}" in + 'cat') tarball_ext='' ;; + 'bzip') tarball_ext='.b2z' ;; + 'gzip') tarball_ext='.gz' ;; + 'lrzip') tarball_ext='.lrz' ;; + 'lzip') tarball_ext='.lz' ;; + 'lzop') tarball_ext='.lzo' ;; + 'zstd'|'zstdmt') tarball_ext='.zst' ;; + *) _msg_error 'Unsupported compression!' 1 ;; + esac [[ -d "${out_dir}" ]] || install -d -- "${out_dir}" - cd -- "${_bootstrap_parent}" + cd -- "${bootstrap_parent}" _msg_info "Creating bootstrap image..." - bsdtar -cf - "root.${arch}" | gzip -cn9 > "${out_dir}/${image_name}" + rm -f -- "${out_dir:?}/${image_name:?}${tarball_ext}" + bsdtar -cf - "root.${arch}" "pkglist.${arch}.txt" | "${bootstrap_tarball_compression[@]}" >"${out_dir}/${image_name}${tarball_ext}" _msg_info "Done!" - du -h -- "${out_dir}/${image_name}" + du -h -- "${out_dir}/${image_name}${tarball_ext}" cd -- "${OLDPWD}" } @@ -1497,33 +1724,38 @@ _build_iso_image() { [[ -d "${out_dir}" ]] || install -d -- "${out_dir}" + # Do not read xorriso startup files to prevent interference and unintended behavior. + # For it to work, -no_rc must be the first argument passed to xorriso. + xorriso_options=('-no_rc') + + if [[ "${quiet}" == "y" ]]; then # The when xorriso is run in mkisofs compatibility mode (xorrisofs), the mkisofs option -quiet is interpreted # too late (e.g. messages about SOURCE_DATE_EPOCH still get shown). # Instead use native xorriso option to silence the output. - xorriso_options=('-report_about' 'SORRY' "${xorriso_options[@]}") + xorriso_options+=('-report_about' 'SORRY') fi # Add required xorrisofs options for each boot mode for bootmode in "${bootmodes[@]}"; do - typeset -f "_add_xorrisofs_options_${bootmode}" &> /dev/null && "_add_xorrisofs_options_${bootmode}" + typeset -f "_add_xorrisofs_options_${bootmode}" &>/dev/null && "_add_xorrisofs_options_${bootmode}" done rm -f -- "${out_dir}/${image_name}" _msg_info "Creating ISO image..." xorriso "${xorriso_options[@]}" -as mkisofs \ - -iso-level 3 \ - -full-iso9660-filenames \ - -joliet \ - -joliet-long \ - -rational-rock \ - -volid "${iso_label}" \ - -appid "${iso_application}" \ - -publisher "${iso_publisher}" \ - -preparer "prepared by ${app_name}" \ - "${xorrisofs_options[@]}" \ - -output "${out_dir}/${image_name}" \ - "${isofs_dir}/" + -iso-level 3 \ + -full-iso9660-filenames \ + -joliet \ + -joliet-long \ + -rational-rock \ + -volid "${iso_label}" \ + -appid "${iso_application}" \ + -publisher "${iso_publisher}" \ + -preparer "prepared by ${app_name}" \ + "${xorrisofs_options[@]}" \ + -output "${out_dir}/${image_name}" \ + "${isofs_dir}/" _msg_info "Done!" du -h -- "${out_dir}/${image_name}" } @@ -1583,8 +1815,8 @@ _validate_options() { # Check if the specified buildmodes are supported for _buildmode in "${buildmodes[@]}"; do - if typeset -f "_build_buildmode_${_buildmode}" &> /dev/null; then - if typeset -f "_validate_requirements_buildmode_${_buildmode}" &> /dev/null; then + if typeset -f "_build_buildmode_${_buildmode}" &>/dev/null; then + if typeset -f "_validate_requirements_buildmode_${_buildmode}" &>/dev/null; then "_validate_requirements_buildmode_${_buildmode}" else _msg_warning "Function '_validate_requirements_buildmode_${_buildmode}' does not exist. Validating the requirements of '${_buildmode}' build mode will not be possible." @@ -1656,10 +1888,15 @@ _set_overrides() { elif [[ -z "$quiet" ]]; then quiet="y" fi + if [[ -v override_rm_work_dir ]]; then + rm_work_dir="$override_rm_work_dir" + fi # Set variables that do not have overrides [[ -n "$airootfs_image_type" ]] || airootfs_image_type="squashfs" [[ -n "$iso_name" ]] || iso_name="${app_name}" + # Precalculate the ISO's modification date in UTC, i.e. its "UUID" + TZ=UTC printf -v iso_uuid '%(%F-%H-%M-%S-00)T' "$SOURCE_DATE_EPOCH" } _export_gpg_publickey() { @@ -1675,22 +1912,30 @@ _make_version() { _msg_info "Creating version files..." # Write version file to system installation dir rm -f -- "${pacstrap_dir}/version" - printf '%s\n' "${iso_version}" > "${pacstrap_dir}/version" + printf '%s\n' "${iso_version}" >"${pacstrap_dir}/version" if [[ "${buildmode}" == @("iso"|"netboot") ]]; then install -d -m 0755 -- "${isofs_dir}/${install_dir}" # Write version file to ISO 9660 - printf '%s\n' "${iso_version}" > "${isofs_dir}/${install_dir}/version" + printf '%s\n' "${iso_version}" >"${isofs_dir}/${install_dir}/version" fi if [[ "${buildmode}" == "iso" ]]; then # Write grubenv with version information to ISO 9660 - # TODO: after sufficient time has passed, do not create this file anymore when GRUB boot modes are used. - # _make_common_bootmode_grub_cfg already creates ${isofs_dir}/boot/grub/grubenv + # TODO: after sufficient time has passed, do not create this file anymore. + # _make_common_bootmode_grub_cfg and _make_common_grubenv_and_loopbackcfg already create a + # ${isofs_dir}/boot/grub/grubenv file rm -f -- "${isofs_dir}/${install_dir}/grubenv" printf '%.1024s' "$(printf '# GRUB Environment Block\nNAME=%s\nVERSION=%s\n%s' \ "${iso_name}" "${iso_version}" "$(printf '%0.1s' "#"{1..1024})")" \ - > "${isofs_dir}/${install_dir}/grubenv" + >"${isofs_dir}/${install_dir}/grubenv" + + # Create a /boot/YYYY-mm-dd-HH-MM-SS-00.uuid file on ISO 9660. GRUB will search for it to find the ISO + # volume. This is similar to what grub-mkrescue does, except it places the file in /.disk/, but we opt to use a + # directory that does not start with a dot to avoid it being accidentally missed when copying the ISO's contents. + search_filename="/boot/${iso_uuid}.uuid" + install -d -m 755 -- "${isofs_dir}/boot" + : >"${isofs_dir}${search_filename}" fi # Append IMAGE_ID & IMAGE_VERSION to os-release @@ -1702,7 +1947,7 @@ _make_version() { _msg_warning "os-release file '${_os_release}' is outside of valid path." else [[ ! -e "${_os_release}" ]] || sed -i '/^IMAGE_ID=/d;/^IMAGE_VERSION=/d' "${_os_release}" - printf 'IMAGE_ID=%s\nIMAGE_VERSION=%s\n' "${iso_name}" "${iso_version}" >> "${_os_release}" + printf 'IMAGE_ID=%s\nIMAGE_VERSION=%s\n' "${iso_name}" "${iso_version}" >>"${_os_release}" fi # Touch /usr/lib/clock-epoch to give another hint on date and time @@ -1716,16 +1961,26 @@ _make_pkglist() { _msg_info "Creating a list of installed packages on live-enviroment..." case "${buildmode}" in "bootstrap") - pacman -Q --sysroot "${pacstrap_dir}" > "${pacstrap_dir}/pkglist.${arch}.txt" + pacman -Q --sysroot "${pacstrap_dir}" >"${bootstrap_parent}/pkglist.${arch}.txt" ;; "iso"|"netboot") install -d -m 0755 -- "${isofs_dir}/${install_dir}" - pacman -Q --sysroot "${pacstrap_dir}" > "${isofs_dir}/${install_dir}/pkglist.${arch}.txt" + pacman -Q --sysroot "${pacstrap_dir}" >"${isofs_dir}/${install_dir}/pkglist.${arch}.txt" ;; esac _msg_info "Done!" } +# Create working directory +_make_work_dir() { + if [[ ! -d "${work_dir}" ]]; then + install -d -- "${work_dir}" + elif (( rm_work_dir )); then + rm_work_dir=0 + _msg_warning "Working directory removal requested, but '${work_dir}' already exists. It will not be removed!" 0 + fi +} + # build the base for an ISO and/or a netboot target _build_iso_base() { local run_once_mode="base" @@ -1737,13 +1992,9 @@ _build_iso_base() { isofs_dir="${work_dir}/iso" # Create working directory - [[ -d "${work_dir}" ]] || install -d -- "${work_dir}" - # Write build date to file or if the file exists, read it from there - if [[ -e "${work_dir}/build_date" ]]; then - SOURCE_DATE_EPOCH="$(<"${work_dir}/build_date")" - else - printf '%s\n' "$SOURCE_DATE_EPOCH" > "${work_dir}/build_date" - fi + _run_once _make_work_dir + # Write build date to file if it does not exist already + [[ -e "${work_dir}/build_date" ]] || printf '%s\n' "$SOURCE_DATE_EPOCH" >"${work_dir}/build_date" [[ "${quiet}" == "y" ]] || _show_config _run_once _make_pacman_conf @@ -1753,6 +2004,7 @@ _build_iso_base() { _run_once _make_version _run_once _make_customize_airootfs _run_once _make_pkglist + _run_once _check_if_initramfs_has_ucode if [[ "${buildmode}" == 'netboot' ]]; then _run_once _make_boot_on_iso9660 else @@ -1764,7 +2016,7 @@ _build_iso_base() { # Build the bootstrap buildmode _build_buildmode_bootstrap() { - local image_name="${iso_name}-bootstrap-${iso_version}-${arch}.tar.gz" + local image_name="${iso_name}-bootstrap-${iso_version}-${arch}.tar" local run_once_mode="${buildmode}" local buildmode_packages="${bootstrap_packages}" # Set the package list to use @@ -1772,6 +2024,7 @@ _build_buildmode_bootstrap() { # Set up essential directory paths pacstrap_dir="${work_dir}/${arch}/bootstrap/root.${arch}" + bootstrap_parent="$(dirname -- "${pacstrap_dir}")" [[ -d "${work_dir}" ]] || install -d -- "${work_dir}" install -d -m 0755 -o 0 -g 0 -- "${pacstrap_dir}" @@ -1798,7 +2051,6 @@ _build_buildmode_netboot() { if [[ -v cert_list ]]; then _run_once _sign_netboot_artifacts - _cms_sign_artifact "${airootfs_image_filename}" fi _run_once _export_netboot_artifacts } @@ -1820,23 +2072,29 @@ _build() { for buildmode in "${buildmodes[@]}"; do _run_once "_build_buildmode_${buildmode}" done + if (( rm_work_dir )); then + _msg_info 'Removing the working directory...' + rm -rf -- "${work_dir:?}/" + _msg_info 'Done!' + fi } -while getopts 'c:p:C:L:P:A:D:w:m:o:g:G:vh?' arg; do +while getopts 'c:p:C:L:P:A:D:w:m:o:g:G:vrh?' arg; do case "${arg}" in - p) read -r -a override_pkg_list <<< "${OPTARG}" ;; + p) read -r -a override_pkg_list <<<"${OPTARG}" ;; C) override_pacman_conf="${OPTARG}" ;; L) override_iso_label="${OPTARG}" ;; P) override_iso_publisher="${OPTARG}" ;; A) override_iso_application="${OPTARG}" ;; D) override_install_dir="${OPTARG}" ;; - c) read -r -a override_cert_list <<< "${OPTARG}" ;; + c) read -r -a override_cert_list <<<"${OPTARG}" ;; w) override_work_dir="${OPTARG}" ;; - m) read -r -a override_buildmodes <<< "${OPTARG}" ;; + m) read -r -a override_buildmodes <<<"${OPTARG}" ;; o) override_out_dir="${OPTARG}" ;; g) override_gpg_key="${OPTARG}" ;; G) override_gpg_sender="${OPTARG}" ;; v) override_quiet="n" ;; + r) declare -i override_rm_work_dir=1 ;; h|?) _usage 0 ;; *) _msg_error "Invalid argument '${arg}'" 0 @@ -1859,6 +2117,13 @@ fi # get the absolute path representation of the first non-option argument profile="$(realpath -- "${1}")" +# Read SOURCE_DATE_EPOCH from file early +build_date_file="$(realpath -q -- "${override_work_dir:-./work}/build_date")" || : +if [[ -f "$build_date_file" ]]; then + SOURCE_DATE_EPOCH="$(<"$build_date_file")" +fi +unset build_date_file + _read_profile _set_overrides _validate_options diff --git a/configs/baseline/airootfs/etc/localtime b/configs/baseline/airootfs/etc/localtime new file mode 120000 index 0000000..0e35b57 --- /dev/null +++ b/configs/baseline/airootfs/etc/localtime @@ -0,0 +1 @@ +/usr/share/zoneinfo/UTC
\ No newline at end of file diff --git a/configs/baseline/airootfs/etc/mkinitcpio.conf b/configs/baseline/airootfs/etc/mkinitcpio.conf deleted file mode 100644 index 34b1a06..0000000 --- a/configs/baseline/airootfs/etc/mkinitcpio.conf +++ /dev/null @@ -1,67 +0,0 @@ -# vim:set ft=sh -# MODULES -# The following modules are loaded before any boot hooks are -# run. Advanced users may wish to specify all system modules -# in this array. For instance: -# MODULES=(piix ide_disk reiserfs) -MODULES=() - -# BINARIES -# This setting includes any additional binaries a given user may -# wish into the CPIO image. This is run last, so it may be used to -# override the actual binaries included by a given hook -# BINARIES are dependency parsed, so you may safely ignore libraries -BINARIES=() - -# FILES -# This setting is similar to BINARIES above, however, files are added -# as-is and are not parsed in any way. This is useful for config files. -FILES=() - -# HOOKS -# This is the most important setting in this file. The HOOKS control the -# modules and scripts added to the image, and what happens at boot time. -# Order is important, and it is recommended that you do not change the -# order in which HOOKS are added. Run 'mkinitcpio -H <hook name>' for -# help on a given hook. -# 'base' is _required_ unless you know precisely what you are doing. -# 'udev' is _required_ in order to automatically load modules -# 'filesystems' is _required_ unless you specify your fs modules in MODULES -# Examples: -## This setup specifies all modules in the MODULES setting above. -## No raid, lvm2, or encrypted root is needed. -# HOOKS=(base) -# -## This setup will autodetect all modules for your system and should -## work as a sane default -# HOOKS=(base udev autodetect block filesystems) -# -## This setup will generate a 'full' image which supports most systems. -## No autodetection is done. -# HOOKS=(base udev block filesystems) -# -## This setup assembles a pata mdadm array with an encrypted root FS. -## Note: See 'mkinitcpio -H mdadm' for more information on raid devices. -# HOOKS=(base udev block mdadm encrypt filesystems) -# -## This setup loads an lvm2 volume group on a usb device. -# HOOKS=(base udev block lvm2 filesystems) -# -## NOTE: If you have /usr on a separate partition, you MUST include the -# usr, fsck and shutdown hooks. -HOOKS=(base udev modconf archiso block filesystems) - -# COMPRESSION -# Use this to compress the initramfs image. By default, gzip compression -# is used. Use 'cat' to create an uncompressed image. -#COMPRESSION="gzip" -#COMPRESSION="bzip2" -#COMPRESSION="lzma" -#COMPRESSION="xz" -#COMPRESSION="lzop" -#COMPRESSION="lz4" -#COMPRESSION="zstd" - -# COMPRESSION_OPTIONS -# Additional options for the compressor -#COMPRESSION_OPTIONS=() diff --git a/configs/baseline/airootfs/etc/mkinitcpio.conf.d/archiso.conf b/configs/baseline/airootfs/etc/mkinitcpio.conf.d/archiso.conf new file mode 100644 index 0000000..fd9cd48 --- /dev/null +++ b/configs/baseline/airootfs/etc/mkinitcpio.conf.d/archiso.conf @@ -0,0 +1 @@ +HOOKS=(base udev modconf archiso block filesystems) diff --git a/configs/baseline/airootfs/etc/mkinitcpio.d/linux.preset b/configs/baseline/airootfs/etc/mkinitcpio.d/linux.preset index 9f67184..8e85205 100644 --- a/configs/baseline/airootfs/etc/mkinitcpio.d/linux.preset +++ b/configs/baseline/airootfs/etc/mkinitcpio.d/linux.preset @@ -3,6 +3,6 @@ PRESETS=('archiso') ALL_kver='/boot/vmlinuz-linux' -ALL_config='/etc/mkinitcpio.conf' +archiso_config='/etc/mkinitcpio.conf.d/archiso.conf' archiso_image="/boot/initramfs-linux.img" diff --git a/configs/baseline/airootfs/etc/ssh/sshd_config b/configs/baseline/airootfs/etc/ssh/sshd_config deleted file mode 100644 index dc22c11..0000000 --- a/configs/baseline/airootfs/etc/ssh/sshd_config +++ /dev/null @@ -1,116 +0,0 @@ -# $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $ - -# This is the sshd server system-wide configuration file. See -# sshd_config(5) for more information. - -# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/bin - -# The strategy used for options in the default sshd_config shipped with -# OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options override the -# default value. - -#Port 22 -#AddressFamily any -#ListenAddress 0.0.0.0 -#ListenAddress :: - -#HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_ecdsa_key -#HostKey /etc/ssh/ssh_host_ed25519_key - -# Ciphers and keying -#RekeyLimit default none - -# Logging -#SyslogFacility AUTH -#LogLevel INFO - -# Authentication: - -#LoginGraceTime 2m -PermitRootLogin yes -#StrictModes yes -#MaxAuthTries 6 -#MaxSessions 10 - -#PubkeyAuthentication yes - -# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 -# but this is overridden so installations will only check .ssh/authorized_keys -AuthorizedKeysFile .ssh/authorized_keys - -#AuthorizedPrincipalsFile none - -#AuthorizedKeysCommand none -#AuthorizedKeysCommandUser nobody - -# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#HostbasedAuthentication no -# Change to yes if you don't trust ~/.ssh/known_hosts for -# HostbasedAuthentication -#IgnoreUserKnownHosts no -# Don't read the user's ~/.rhosts and ~/.shosts files -#IgnoreRhosts yes - -# To disable tunneled clear text passwords, change to no here! -#PasswordAuthentication yes -#PermitEmptyPasswords no - -# Change to no to disable s/key passwords -KbdInteractiveAuthentication no - -# Kerberos options -#KerberosAuthentication no -#KerberosOrLocalPasswd yes -#KerberosTicketCleanup yes -#KerberosGetAFSToken no - -# GSSAPI options -#GSSAPIAuthentication no -#GSSAPICleanupCredentials yes - -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will -# be allowed through the KbdInteractiveAuthentication and -# PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via KbdInteractiveAuthentication may bypass -# the setting of "PermitRootLogin prohibit-password". -# If you just want the PAM account and session checks to run without -# PAM authentication, then enable this but set PasswordAuthentication -# and KbdInteractiveAuthentication to 'no'. -UsePAM yes - -#AllowAgentForwarding yes -#AllowTcpForwarding yes -#GatewayPorts no -#X11Forwarding no -#X11DisplayOffset 10 -#X11UseLocalhost yes -#PermitTTY yes -PrintMotd no -#PrintLastLog yes -#TCPKeepAlive yes -#PermitUserEnvironment no -#Compression delayed -#ClientAliveInterval 0 -#ClientAliveCountMax 3 -#UseDNS no -#PidFile /run/sshd.pid -#MaxStartups 10:30:100 -#PermitTunnel no -#ChrootDirectory none -#VersionAddendum none - -# no default banner path -#Banner none - -# override default of no subsystems -Subsystem sftp /usr/lib/ssh/sftp-server - -# Example of overriding settings on a per-user basis -#Match User anoncvs -# X11Forwarding no -# AllowTcpForwarding no -# PermitTTY no -# ForceCommand cvs server diff --git a/configs/baseline/airootfs/etc/ssh/sshd_config.d/10-archiso.conf b/configs/baseline/airootfs/etc/ssh/sshd_config.d/10-archiso.conf new file mode 100644 index 0000000..6ea7b41 --- /dev/null +++ b/configs/baseline/airootfs/etc/ssh/sshd_config.d/10-archiso.conf @@ -0,0 +1,3 @@ +# Allow root login using password authentication +PasswordAuthentication yes +PermitRootLogin yes diff --git a/configs/baseline/airootfs/etc/systemd/network.conf.d/ipv6-privacy-extensions.conf b/configs/baseline/airootfs/etc/systemd/network.conf.d/ipv6-privacy-extensions.conf new file mode 100644 index 0000000..0e9ceb4 --- /dev/null +++ b/configs/baseline/airootfs/etc/systemd/network.conf.d/ipv6-privacy-extensions.conf @@ -0,0 +1,2 @@ +[Network] +IPv6PrivacyExtensions=yes diff --git a/configs/baseline/airootfs/etc/systemd/network/20-ethernet.network b/configs/baseline/airootfs/etc/systemd/network/20-ethernet.network index 4b6a2ab..0e4287b 100644 --- a/configs/baseline/airootfs/etc/systemd/network/20-ethernet.network +++ b/configs/baseline/airootfs/etc/systemd/network/20-ethernet.network @@ -5,6 +5,9 @@ Name=en* Name=eth* +[Link] +RequiredForOnline=routable + [Network] DHCP=yes -IPv6PrivacyExtensions=yes +MulticastDNS=yes diff --git a/configs/baseline/airootfs/etc/systemd/resolved.conf.d/archiso.conf b/configs/baseline/airootfs/etc/systemd/resolved.conf.d/archiso.conf new file mode 100644 index 0000000..636f3bd --- /dev/null +++ b/configs/baseline/airootfs/etc/systemd/resolved.conf.d/archiso.conf @@ -0,0 +1,4 @@ +# Default systemd-resolved configuration for archiso + +[Resolve] +MulticastDNS=yes diff --git a/configs/baseline/efiboot/loader/entries/01-archiso-x86_64-linux.conf b/configs/baseline/efiboot/loader/entries/01-archiso-x86_64-linux.conf index 11624b6..3193768 100644 --- a/configs/baseline/efiboot/loader/entries/01-archiso-x86_64-linux.conf +++ b/configs/baseline/efiboot/loader/entries/01-archiso-x86_64-linux.conf @@ -1,4 +1,4 @@ title Arch Linux (x86_64, UEFI) linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% +options archisobasedir=%INSTALL_DIR% archisosearchuuid=%ARCHISO_UUID% diff --git a/configs/baseline/grub/grub.cfg b/configs/baseline/grub/grub.cfg index ed56578..38164bd 100644 --- a/configs/baseline/grub/grub.cfg +++ b/configs/baseline/grub/grub.cfg @@ -9,28 +9,38 @@ insmod exfat insmod udf # Use graphics-mode output -insmod all_video -insmod font if loadfont "${prefix}/fonts/unicode.pf2" ; then - insmod gfxterm + insmod all_video set gfxmode="auto" terminal_input console - terminal_output gfxterm + terminal_output console fi # Enable serial console +insmod serial +insmod usbserial_common +insmod usbserial_ftdi +insmod usbserial_pl2303 +insmod usbserial_usbdebug if serial --unit=0 --speed=115200; then terminal_input --append serial terminal_output --append serial fi -# Search for the ISO volume -if [ -z "${ARCHISO_UUID}" ]; then - if [ -z "${ARCHISO_HINT}" ]; then - regexp --set=1:ARCHISO_HINT '^\(([^)]+)\)' "${cmdpath}" +# Get a human readable platform identifier +if [ "${grub_platform}" == 'efi' ]; then + archiso_platform='UEFI' + if [ "${grub_cpu}" == 'x86_64' ]; then + archiso_platform="x64 ${archiso_platform}" + elif [ "${grub_cpu}" == 'i386' ]; then + archiso_platform="IA32 ${archiso_platform}" + else + archiso_platform="${grub_cpu} ${archiso_platform}" fi - search --no-floppy --set=root --file '%ARCHISO_SEARCH_FILENAME%' --hint "${ARCHISO_HINT}" - probe --set ARCHISO_UUID --fs-uuid "${root}" +elif [ "${grub_platform}" == 'pc' ]; then + archiso_platform='BIOS' +else + archiso_platform="${grub_cpu} ${grub_platform}" fi # Set default menu entry @@ -41,8 +51,46 @@ timeout_style=menu # Menu entries -menuentry "Arch Linux (x86_64, UEFI)" --class arch --class gnu-linux --class gnu --class os --id 'archlinux' { +menuentry "Arch Linux (%ARCH%, ${archiso_platform})" --class arch --class gnu-linux --class gnu --class os --id 'archlinux' { set gfxpayload=keep - linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisodevice=UUID=${ARCHISO_UUID} - initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img + linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisosearchuuid=%ARCHISO_UUID% + initrd /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img +} + +if [ "${grub_platform}" == 'efi' -a "${grub_cpu}" == 'x86_64' -a -f '/boot/memtest86+/memtest.efi' ]; then + menuentry 'Run Memtest86+ (RAM test)' --class memtest86 --class gnu --class tool { + set gfxpayload=800x600,1024x768 + linux /boot/memtest86+/memtest.efi + } +fi +if [ "${grub_platform}" == 'pc' -a -f '/boot/memtest86+/memtest' ]; then + menuentry 'Run Memtest86+ (RAM test)' --class memtest86 --class gnu --class tool { + set gfxpayload=800x600,1024x768 + linux /boot/memtest86+/memtest + } +fi +if [ "${grub_platform}" == 'efi' ]; then + if [ "${grub_cpu}" == 'x86_64' -a -f '/shellx64.efi' ]; then + menuentry 'UEFI Shell' { + chainloader /shellx64.efi + } + elif [ "${grub_cpu}" == "i386" -a -f '/shellia32.efi' ]; then + menuentry 'UEFI Shell' { + chainloader /shellia32.efi + } + fi + + menuentry 'UEFI Firmware Settings' --id 'uefi-firmware' { + fwsetup + } +fi + +menuentry 'System shutdown' --class shutdown --class poweroff { + echo 'System shutting down...' + halt +} + +menuentry 'System restart' --class reboot --class restart { + echo 'System rebooting...' + reboot } diff --git a/configs/baseline/grub/loopback.cfg b/configs/baseline/grub/loopback.cfg new file mode 100644 index 0000000..dc38fdf --- /dev/null +++ b/configs/baseline/grub/loopback.cfg @@ -0,0 +1,73 @@ +# https://www.supergrubdisk.org/wiki/Loopback.cfg + +# Search for the ISO volume +search --no-floppy --set=archiso_img_dev --file "${iso_path}" +probe --set archiso_img_dev_uuid --fs-uuid "${archiso_img_dev}" + +# Get a human readable platform identifier +if [ "${grub_platform}" == 'efi' ]; then + archiso_platform='UEFI' + if [ "${grub_cpu}" == 'x86_64' ]; then + archiso_platform="x64 ${archiso_platform}" + elif [ "${grub_cpu}" == 'i386' ]; then + archiso_platform="IA32 ${archiso_platform}" + else + archiso_platform="${grub_cpu} ${archiso_platform}" + fi +elif [ "${grub_platform}" == 'pc' ]; then + archiso_platform='BIOS' +else + archiso_platform="${grub_cpu} ${grub_platform}" +fi + +# Set default menu entry +default=archlinux +timeout=15 +timeout_style=menu + + +# Menu entries + +menuentry "Arch Linux (%ARCH%, ${archiso_platform})" --class arch --class gnu-linux --class gnu --class os --id 'archlinux' { + set gfxpayload=keep + linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux archisobasedir=%INSTALL_DIR% img_dev=UUID=${archiso_img_dev_uuid} img_loop="${iso_path}" + initrd /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img +} + +if [ "${grub_platform}" == 'efi' -a "${grub_cpu}" == 'x86_64' -a -f '/boot/memtest86+/memtest.efi' ]; then + menuentry 'Run Memtest86+ (RAM test)' --class memtest86 --class gnu --class tool { + set gfxpayload=800x600,1024x768 + linux /boot/memtest86+/memtest.efi + } +fi +if [ "${grub_platform}" == 'pc' -a -f '/boot/memtest86+/memtest' ]; then + menuentry 'Run Memtest86+ (RAM test)' --class memtest86 --class gnu --class tool { + set gfxpayload=800x600,1024x768 + linux /boot/memtest86+/memtest + } +fi +if [ "${grub_platform}" == 'efi' ]; then + if [ "${grub_cpu}" == 'x86_64' -a -f '/shellx64.efi' ]; then + menuentry 'UEFI Shell' { + chainloader /shellx64.efi + } + elif [ "${grub_cpu}" == "i386" -a -f '/shellia32.efi' ]; then + menuentry 'UEFI Shell' { + chainloader /shellia32.efi + } + fi + + menuentry 'UEFI Firmware Settings' --id 'uefi-firmware' { + fwsetup + } +fi + +menuentry 'System shutdown' --class shutdown --class poweroff { + echo 'System shutting down...' + halt +} + +menuentry 'System restart' --class reboot --class restart { + echo 'System rebooting...' + reboot +} diff --git a/configs/baseline/pacman.conf b/configs/baseline/pacman.conf index 5ee6c1e..f382fab 100644 --- a/configs/baseline/pacman.conf +++ b/configs/baseline/pacman.conf @@ -70,19 +70,16 @@ LocalFileSigLevel = Optional # repo name header and Include lines. You can add preferred servers immediately # after the header, and they will be used before the default mirrors. -#[testing] +#[core-testing] #Include = /etc/pacman.d/mirrorlist [core] Include = /etc/pacman.d/mirrorlist -[extra] -Include = /etc/pacman.d/mirrorlist - -#[community-testing] +#[extra-testing] #Include = /etc/pacman.d/mirrorlist -[community] +[extra] Include = /etc/pacman.d/mirrorlist # If you want to run 32 bit applications on your x86_64 system, diff --git a/configs/baseline/profiledef.sh b/configs/baseline/profiledef.sh index 63acce1..618235a 100644 --- a/configs/baseline/profiledef.sh +++ b/configs/baseline/profiledef.sh @@ -14,7 +14,8 @@ bootmodes=('bios.syslinux.mbr' 'bios.syslinux.eltorito' arch="x86_64" pacman_conf="pacman.conf" airootfs_image_type="erofs" -airootfs_image_tool_options=('-zlzma,9' -E ztailpacking) +airootfs_image_tool_options=('-zlzma,109' -E 'ztailpacking,fragments,dedupe') +bootstrap_tarball_compression=(zstd -c -T0 --long -19) file_permissions=( ["/etc/shadow"]="0:0:400" ) diff --git a/configs/baseline/syslinux/syslinux-linux.cfg b/configs/baseline/syslinux/syslinux-linux.cfg index 0311f29..25b9d1b 100644 --- a/configs/baseline/syslinux/syslinux-linux.cfg +++ b/configs/baseline/syslinux/syslinux-linux.cfg @@ -2,4 +2,4 @@ LABEL arch MENU LABEL Arch Linux (x86_64, BIOS) LINUX /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux INITRD /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% +APPEND archisobasedir=%INSTALL_DIR% archisosearchuuid=%ARCHISO_UUID% diff --git a/configs/releng/airootfs/etc/mkinitcpio.conf b/configs/releng/airootfs/etc/mkinitcpio.conf deleted file mode 100644 index 96a8752..0000000 --- a/configs/releng/airootfs/etc/mkinitcpio.conf +++ /dev/null @@ -1,67 +0,0 @@ -# vim:set ft=sh -# MODULES -# The following modules are loaded before any boot hooks are -# run. Advanced users may wish to specify all system modules -# in this array. For instance: -# MODULES=(piix ide_disk reiserfs) -MODULES=() - -# BINARIES -# This setting includes any additional binaries a given user may -# wish into the CPIO image. This is run last, so it may be used to -# override the actual binaries included by a given hook -# BINARIES are dependency parsed, so you may safely ignore libraries -BINARIES=() - -# FILES -# This setting is similar to BINARIES above, however, files are added -# as-is and are not parsed in any way. This is useful for config files. -FILES=() - -# HOOKS -# This is the most important setting in this file. The HOOKS control the -# modules and scripts added to the image, and what happens at boot time. -# Order is important, and it is recommended that you do not change the -# order in which HOOKS are added. Run 'mkinitcpio -H <hook name>' for -# help on a given hook. -# 'base' is _required_ unless you know precisely what you are doing. -# 'udev' is _required_ in order to automatically load modules -# 'filesystems' is _required_ unless you specify your fs modules in MODULES -# Examples: -## This setup specifies all modules in the MODULES setting above. -## No raid, lvm2, or encrypted root is needed. -# HOOKS=(base) -# -## This setup will autodetect all modules for your system and should -## work as a sane default -# HOOKS=(base udev autodetect block filesystems) -# -## This setup will generate a 'full' image which supports most systems. -## No autodetection is done. -# HOOKS=(base udev block filesystems) -# -## This setup assembles a pata mdadm array with an encrypted root FS. -## Note: See 'mkinitcpio -H mdadm' for more information on raid devices. -# HOOKS=(base udev block mdadm encrypt filesystems) -# -## This setup loads an lvm2 volume group on a usb device. -# HOOKS=(base udev block lvm2 filesystems) -# -## NOTE: If you have /usr on a separate partition, you MUST include the -# usr, fsck and shutdown hooks. -HOOKS=(base udev modconf kms memdisk archiso archiso_loop_mnt archiso_pxe_common archiso_pxe_nbd archiso_pxe_http archiso_pxe_nfs block filesystems keyboard) - -# COMPRESSION -# Use this to compress the initramfs image. By default, gzip compression -# is used. Use 'cat' to create an uncompressed image. -#COMPRESSION="gzip" -#COMPRESSION="bzip2" -#COMPRESSION="lzma" -COMPRESSION="xz" -#COMPRESSION="lzop" -#COMPRESSION="lz4" -#COMPRESSION="zstd" - -# COMPRESSION_OPTIONS -# Additional options for the compressor -#COMPRESSION_OPTIONS=() diff --git a/configs/releng/airootfs/etc/mkinitcpio.conf.d/archiso.conf b/configs/releng/airootfs/etc/mkinitcpio.conf.d/archiso.conf new file mode 100644 index 0000000..98dd514 --- /dev/null +++ b/configs/releng/airootfs/etc/mkinitcpio.conf.d/archiso.conf @@ -0,0 +1,2 @@ +HOOKS=(base udev microcode modconf kms memdisk archiso archiso_loop_mnt archiso_pxe_common archiso_pxe_nbd archiso_pxe_http archiso_pxe_nfs block filesystems keyboard) +COMPRESSION="xz" diff --git a/configs/releng/airootfs/etc/mkinitcpio.d/linux.preset b/configs/releng/airootfs/etc/mkinitcpio.d/linux.preset index 9f67184..8e85205 100644 --- a/configs/releng/airootfs/etc/mkinitcpio.d/linux.preset +++ b/configs/releng/airootfs/etc/mkinitcpio.d/linux.preset @@ -3,6 +3,6 @@ PRESETS=('archiso') ALL_kver='/boot/vmlinuz-linux' -ALL_config='/etc/mkinitcpio.conf' +archiso_config='/etc/mkinitcpio.conf.d/archiso.conf' archiso_image="/boot/initramfs-linux.img" diff --git a/configs/releng/airootfs/etc/ssh/sshd_config b/configs/releng/airootfs/etc/ssh/sshd_config deleted file mode 100644 index dc22c11..0000000 --- a/configs/releng/airootfs/etc/ssh/sshd_config +++ /dev/null @@ -1,116 +0,0 @@ -# $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $ - -# This is the sshd server system-wide configuration file. See -# sshd_config(5) for more information. - -# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/bin - -# The strategy used for options in the default sshd_config shipped with -# OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options override the -# default value. - -#Port 22 -#AddressFamily any -#ListenAddress 0.0.0.0 -#ListenAddress :: - -#HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_ecdsa_key -#HostKey /etc/ssh/ssh_host_ed25519_key - -# Ciphers and keying -#RekeyLimit default none - -# Logging -#SyslogFacility AUTH -#LogLevel INFO - -# Authentication: - -#LoginGraceTime 2m -PermitRootLogin yes -#StrictModes yes -#MaxAuthTries 6 -#MaxSessions 10 - -#PubkeyAuthentication yes - -# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 -# but this is overridden so installations will only check .ssh/authorized_keys -AuthorizedKeysFile .ssh/authorized_keys - -#AuthorizedPrincipalsFile none - -#AuthorizedKeysCommand none -#AuthorizedKeysCommandUser nobody - -# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#HostbasedAuthentication no -# Change to yes if you don't trust ~/.ssh/known_hosts for -# HostbasedAuthentication -#IgnoreUserKnownHosts no -# Don't read the user's ~/.rhosts and ~/.shosts files -#IgnoreRhosts yes - -# To disable tunneled clear text passwords, change to no here! -#PasswordAuthentication yes -#PermitEmptyPasswords no - -# Change to no to disable s/key passwords -KbdInteractiveAuthentication no - -# Kerberos options -#KerberosAuthentication no -#KerberosOrLocalPasswd yes -#KerberosTicketCleanup yes -#KerberosGetAFSToken no - -# GSSAPI options -#GSSAPIAuthentication no -#GSSAPICleanupCredentials yes - -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will -# be allowed through the KbdInteractiveAuthentication and -# PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via KbdInteractiveAuthentication may bypass -# the setting of "PermitRootLogin prohibit-password". -# If you just want the PAM account and session checks to run without -# PAM authentication, then enable this but set PasswordAuthentication -# and KbdInteractiveAuthentication to 'no'. -UsePAM yes - -#AllowAgentForwarding yes -#AllowTcpForwarding yes -#GatewayPorts no -#X11Forwarding no -#X11DisplayOffset 10 -#X11UseLocalhost yes -#PermitTTY yes -PrintMotd no -#PrintLastLog yes -#TCPKeepAlive yes -#PermitUserEnvironment no -#Compression delayed -#ClientAliveInterval 0 -#ClientAliveCountMax 3 -#UseDNS no -#PidFile /run/sshd.pid -#MaxStartups 10:30:100 -#PermitTunnel no -#ChrootDirectory none -#VersionAddendum none - -# no default banner path -#Banner none - -# override default of no subsystems -Subsystem sftp /usr/lib/ssh/sftp-server - -# Example of overriding settings on a per-user basis -#Match User anoncvs -# X11Forwarding no -# AllowTcpForwarding no -# PermitTTY no -# ForceCommand cvs server diff --git a/configs/releng/airootfs/etc/ssh/sshd_config.d/10-archiso.conf b/configs/releng/airootfs/etc/ssh/sshd_config.d/10-archiso.conf new file mode 100644 index 0000000..6ea7b41 --- /dev/null +++ b/configs/releng/airootfs/etc/ssh/sshd_config.d/10-archiso.conf @@ -0,0 +1,3 @@ +# Allow root login using password authentication +PasswordAuthentication yes +PermitRootLogin yes diff --git a/configs/releng/airootfs/etc/systemd/network.conf.d/ipv6-privacy-extensions.conf b/configs/releng/airootfs/etc/systemd/network.conf.d/ipv6-privacy-extensions.conf new file mode 100644 index 0000000..0e9ceb4 --- /dev/null +++ b/configs/releng/airootfs/etc/systemd/network.conf.d/ipv6-privacy-extensions.conf @@ -0,0 +1,2 @@ +[Network] +IPv6PrivacyExtensions=yes diff --git a/configs/releng/airootfs/etc/systemd/network/20-ethernet.network b/configs/releng/airootfs/etc/systemd/network/20-ethernet.network index 9ada778..d3a3271 100644 --- a/configs/releng/airootfs/etc/systemd/network/20-ethernet.network +++ b/configs/releng/airootfs/etc/systemd/network/20-ethernet.network @@ -5,9 +5,12 @@ Name=en* Name=eth* +[Link] +RequiredForOnline=routable + [Network] DHCP=yes -IPv6PrivacyExtensions=yes +MulticastDNS=yes # systemd-networkd does not set per-interface-type default route metrics # https://github.com/systemd/systemd/issues/17698 diff --git a/configs/releng/airootfs/etc/systemd/network/20-wlan.network b/configs/releng/airootfs/etc/systemd/network/20-wlan.network index 601d5b8..8b70a95 100644 --- a/configs/releng/airootfs/etc/systemd/network/20-wlan.network +++ b/configs/releng/airootfs/etc/systemd/network/20-wlan.network @@ -1,9 +1,12 @@ [Match] Name=wl* +[Link] +RequiredForOnline=routable + [Network] DHCP=yes -IPv6PrivacyExtensions=yes +MulticastDNS=yes # systemd-networkd does not set per-interface-type default route metrics # https://github.com/systemd/systemd/issues/17698 diff --git a/configs/releng/airootfs/etc/systemd/network/20-wwan.network b/configs/releng/airootfs/etc/systemd/network/20-wwan.network index 9104c24..6e1c8dd 100644 --- a/configs/releng/airootfs/etc/systemd/network/20-wwan.network +++ b/configs/releng/airootfs/etc/systemd/network/20-wwan.network @@ -1,9 +1,11 @@ [Match] Name=ww* +[Link] +RequiredForOnline=routable + [Network] DHCP=yes -IPv6PrivacyExtensions=yes # systemd-networkd does not set per-interface-type default route metrics # https://github.com/systemd/systemd/issues/17698 diff --git a/configs/releng/airootfs/etc/systemd/resolved.conf.d/archiso.conf b/configs/releng/airootfs/etc/systemd/resolved.conf.d/archiso.conf new file mode 100644 index 0000000..636f3bd --- /dev/null +++ b/configs/releng/airootfs/etc/systemd/resolved.conf.d/archiso.conf @@ -0,0 +1,4 @@ +# Default systemd-resolved configuration for archiso + +[Resolve] +MulticastDNS=yes diff --git a/configs/releng/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount b/configs/releng/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount index 0ba0e67..038961e 100644 --- a/configs/releng/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount +++ b/configs/releng/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount @@ -2,7 +2,7 @@ Description=Temporary /etc/pacman.d/gnupg directory [Mount] -What=ramfs +What=tmpfs Where=/etc/pacman.d/gnupg -Type=ramfs -Options=mode=0755 +Type=tmpfs +Options=mode=0755,noswap diff --git a/configs/releng/airootfs/etc/systemd/system/pacman-init.service b/configs/releng/airootfs/etc/systemd/system/pacman-init.service index b824884..0db2b0f 100644 --- a/configs/releng/airootfs/etc/systemd/system/pacman-init.service +++ b/configs/releng/airootfs/etc/systemd/system/pacman-init.service @@ -8,8 +8,10 @@ Before=archlinux-keyring-wkd-sync.service [Service] Type=oneshot RemainAfterExit=yes +ExecStart=-rm -f /etc/pacman.d/gnupg ExecStart=/usr/bin/pacman-key --init -ExecStart=/usr/bin/pacman-key --populate +ExecStart=-/usr/bin/pacman-key --populate archlinux +ExecStart=-/usr/bin/pacman-key --populate archlinux32 [Install] WantedBy=multi-user.target diff --git a/configs/releng/airootfs/etc/systemd/system/sockets.target.wants/pcscd.socket b/configs/releng/airootfs/etc/systemd/system/sockets.target.wants/pcscd.socket new file mode 120000 index 0000000..3897c63 --- /dev/null +++ b/configs/releng/airootfs/etc/systemd/system/sockets.target.wants/pcscd.socket @@ -0,0 +1 @@ +/usr/lib/systemd/system/pcscd.socket
\ No newline at end of file diff --git a/configs/releng/airootfs/root/.automated_script.sh b/configs/releng/airootfs/root/.automated_script.sh index 52c47e6..0d95012 100755 --- a/configs/releng/airootfs/root/.automated_script.sh +++ b/configs/releng/airootfs/root/.automated_script.sh @@ -1,22 +1,29 @@ #!/usr/bin/env bash -script_cmdline () -{ +script_cmdline() { local param - for param in $(< /proc/cmdline); do + for param in $(</proc/cmdline); do case "${param}" in - script=*) echo "${param#*=}" ; return 0 ;; + script=*) + echo "${param#*=}" + return 0 + ;; esac done } -automated_script () -{ +automated_script() { local script rt script="$(script_cmdline)" if [[ -n "${script}" && ! -x /tmp/startup_script ]]; then - if [[ "${script}" =~ ^((http|https|ftp)://) ]]; then - curl "${script}" --location --retry-connrefused --retry 10 -s -o /tmp/startup_script >/dev/null + if [[ "${script}" =~ ^((http|https|ftp|tftp)://) ]]; then + # there's no synchronization for network availability before executing this script + printf '%s: waiting for network-online.target\n' "$0" + until systemctl --quiet is-active network-online.target; do + sleep 1 + done + printf '%s: downloading %s\n' "$0" "${script}" + curl "${script}" --location --retry-connrefused --retry 10 -s -o /tmp/startup_script rt=$? else cp "${script}" /tmp/startup_script @@ -24,6 +31,9 @@ automated_script () fi if [[ ${rt} -eq 0 ]]; then chmod +x /tmp/startup_script + printf '%s: executing automated script\n' "$0" + # note that script is executed when other services (like pacman-init) may be still in progress, please + # synchronize to "systemctl is-system-running --wait" when your script depends on other services /tmp/startup_script fi fi diff --git a/configs/releng/airootfs/root/.gnupg/scdaemon.conf b/configs/releng/airootfs/root/.gnupg/scdaemon.conf new file mode 100644 index 0000000..e1f3d1f --- /dev/null +++ b/configs/releng/airootfs/root/.gnupg/scdaemon.conf @@ -0,0 +1,4 @@ +disable-ccid +disable-pinpad +pcsc-driver /usr/lib/libpcsclite.so +pcsc-shared diff --git a/configs/releng/airootfs/usr/local/bin/choose-mirror b/configs/releng/airootfs/usr/local/bin/choose-mirror index b021945..d2349de 100755 --- a/configs/releng/airootfs/usr/local/bin/choose-mirror +++ b/configs/releng/airootfs/usr/local/bin/choose-mirror @@ -4,21 +4,22 @@ get_cmdline() { local param - for param in $(< /proc/cmdline); do + for param in $(</proc/cmdline); do case "${param}" in - $1=*) echo "${param##*=}"; - return 0 - ;; + "${1}="*) + echo "${param##*=}" + return 0 + ;; esac done } -mirror=$(get_cmdline mirror) -[[ $mirror = auto ]] && mirror=$(get_cmdline archiso_http_srv) -[[ $mirror ]] || exit 0 +mirror="$(get_cmdline mirror)" +[[ "$mirror" == 'auto' ]] && mirror="$(get_cmdline archiso_http_srv)" +[[ -n "$mirror" ]] || exit 0 mv /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.orig -cat >/etc/pacman.d/mirrorlist << EOF +cat >/etc/pacman.d/mirrorlist <<EOF # # Arch Linux repository mirrorlist # Generated by archiso diff --git a/configs/releng/airootfs/usr/local/bin/livecd-sound b/configs/releng/airootfs/usr/local/bin/livecd-sound index baae0d2..b92fcf2 100755 --- a/configs/releng/airootfs/usr/local/bin/livecd-sound +++ b/configs/releng/airootfs/usr/local/bin/livecd-sound @@ -3,7 +3,7 @@ # SPDX-License-Identifier: GPL-3.0-or-later usage() { - cat <<- _EOF_ + cat <<-_EOF_ live cd sound helper script. Usage: livecdsound [OPTION] OPTIONS @@ -14,14 +14,13 @@ usage() { _EOF_ } -bugout () { +bugout() { printf "/usr/local/bin/livecdsound: programming error" stat_fail } -echo_card_indices() -{ - if [ -f /proc/asound/cards ] ; then +echo_card_indices() { + if [[ -f /proc/asound/cards ]]; then sed -n -e's/^[[:space:]]*\([0-7]\)[[:space:]].*/\1/p' /proc/asound/cards fi } @@ -33,8 +32,8 @@ echo_card_indices() # $1 <card id> # $2 <control> # $3 <level> -unmute_and_set_level(){ - { [ "$3" ] &&[ "$2" ] && [ "$1" ] ; } || bugout +unmute_and_set_level() { + [[ -n "$3" && -n "$2" && -n "$1" ]] || bugout systemd-cat -t "livecdsound" printf "Setting: %s on card: %s to %s\n" "$2" "$1" "$3" systemd-cat -t "livecdsound" amixer -c "$1" set "$2" "$3" unmute return 0 @@ -42,9 +41,8 @@ unmute_and_set_level(){ # $1 <card id> # $2 <control> -mute_and_zero_level() -{ - { [ "$1" ] && [ "$2" ] ; } || bugout +mute_and_zero_level() { + [[ -n "$1" && -n "$2" ]] || bugout systemd-cat -t "livecdsound" printf "Muting control: %s on card: %s\n" "$2" "$1" systemd-cat -t "livecdsound" amixer -c "$1" set "$2" "0%" mute return 0 @@ -53,17 +51,15 @@ mute_and_zero_level() # $1 <card ID> # $2 <control> # $3 "on" | "off" -switch_control() -{ - { [ "$3" ] && [ "$1" ] ; } || bugout +switch_control() { + [[ -n "$3" && -n "$1" ]] || bugout systemd-cat -t "livecdsound" printf "Switching control: %s on card: %s to %s\n" "$2" "$1" "$3" systemd-cat -t "livecdsound" amixer -c "$1" set "$2" "$3" return 0 } # $1 <card ID> -sanify_levels_on_card() -{ +sanify_levels_on_card() { unmute_and_set_level "$1" "Front" "80%" unmute_and_set_level "$1" "Master" "80%" unmute_and_set_level "$1" "Master Mono" "80%" @@ -134,94 +130,89 @@ sanify_levels_on_card() } # $1 <card ID> | "all" -sanify_levels() -{ +sanify_levels() { local ttsdml_returnstatus=0 local card case "$1" in - all) - for card in $(echo_card_indices) ; do - sanify_levels_on_card "$card" || ttsdml_returnstatus=1 - done - ;; - *) - sanify_levels_on_card "$1" || ttsdml_returnstatus=1 - ;; + all) + for card in $(echo_card_indices); do + sanify_levels_on_card "$card" || ttsdml_returnstatus=1 + done + ;; + *) + sanify_levels_on_card "$1" || ttsdml_returnstatus=1 + ;; esac - return $ttsdml_returnstatus + return "$ttsdml_returnstatus" } # List all cards that *should* be usable for PCM audio. In my experience, # the console speaker (handled by the pcsp driver) isn't a suitable playback # device, so we'll exclude it. -list_non_pcsp_cards() -{ +list_non_pcsp_cards() { for card in $(echo_card_indices); do local cardfile="/proc/asound/card${card}/id" - if [ -r "$cardfile" ] && [ -f "$cardfile" ] && \ - [ "$(cat "$cardfile")" != pcsp ]; then + if [[ -r "$cardfile" && -f "$cardfile" && "$(cat "$cardfile")" != pcsp ]]; then echo "$card" fi done } # Properly initialize the sound card so that we have audio at boot. -unmute_all_cards() -{ +unmute_all_cards() { sanify_levels all } is_numeric() { - local str=$1 + local str="$1" [[ "$str" =~ ^[0-9]+$ ]] } set_default_card() { - local card=$1 - sed -e "s/%card%/$card/g" < /usr/local/share/livecd-sound/asound.conf.in \ - > /etc/asound.conf + local card="$1" + sed -e "s/%card%/$card/g" </usr/local/share/livecd-sound/asound.conf.in \ + >/etc/asound.conf } play_on_card() { - local card=$1 file=$2 + local card="$1" file="$2" aplay -q "-Dplughw:$card,0" "$file" } # If there are multiple usable sound cards, prompt the user to choose one, # using auditory feedback. -pick_a_card() -{ +pick_a_card() { set -f usable_cards="$(list_non_pcsp_cards)" - num_usable_cards="$(wc -w <<< "$usable_cards")" + num_usable_cards="$(wc -w <<<"$usable_cards")" - if [ "$num_usable_cards" -eq 1 ]; then + if (( num_usable_cards == 1 )); then systemd-cat -t "livecdsound" printf "Only one sound card is detected\n" exit 0 fi systemd-cat -t "livecdsound" printf "multiple sound cards detected\n" - for card in $usable_cards; do + for card in "${usable_cards[@]}"; do if ! is_numeric "$card"; then continue fi - play_on_card "$card" /usr/share/livecd-sounds/pick-a-card.wav& + play_on_card "$card" /usr/share/livecd-sounds/pick-a-card.wav & done wait sleep 1 - for card in $usable_cards; do + for card in "${usable_cards[@]}"; do if ! is_numeric "$card"; then continue - fi - play_on_card "$card" /usr/share/livecd-sounds/beep.wav - if read -r -t 10; then - systemd-cat -t "livecdsound" printf "Selecting %s sound card as default\n" "$card" - set_default_card "$card" - break - fi -done + fi + play_on_card "$card" /usr/share/livecd-sounds/beep.wav + if read -r -t 10; then + systemd-cat -t "livecdsound" printf "Selecting %s sound card as default\n" "$card" + set_default_card "$card" + break + fi + done } -if [[ $# -eq 0 ]]; then +if (( $# == 0 )); then echo "error: No argument passed." exit 1 fi diff --git a/configs/releng/bootstrap_packages.i686 b/configs/releng/bootstrap_packages.i686 new file mode 100644 index 0000000..64966d0 --- /dev/null +++ b/configs/releng/bootstrap_packages.i686 @@ -0,0 +1,2 @@ +arch-install-scripts +base diff --git a/configs/releng/build.sh b/configs/releng/build.sh new file mode 100755 index 0000000..99e0dbd --- /dev/null +++ b/configs/releng/build.sh @@ -0,0 +1,342 @@ +#!/usr/bin/env bash + +set -e -u + +iso_name=archlinux +iso_label="ARCH_$(date +%Y%m)" +iso_publisher="Arch Linux <http://www.archlinux.org>" +iso_application="Arch Linux Live/Rescue CD" +iso_version=$(date +%Y.%m.%d) +install_dir=arch +work_dir=work +out_dir=out +gpg_key="" + +arch=$(uname -m) +verbose="" +script_path="$( cd -P "$( dirname "$(readlink -f "$0")" )" && pwd )" + +umask 0022 + +_usage () +{ + echo "usage ${0} [options]" + echo + echo " General options:" + echo " -N <iso_name> Set an iso filename (prefix)" + echo " Default: ${iso_name}" + echo " -V <iso_version> Set an iso version (in filename)" + echo " Default: ${iso_version}" + echo " -L <iso_label> Set an iso label (disk label)" + echo " Default: ${iso_label}" + echo " -P <publisher> Set a publisher for the disk" + echo " Default: '${iso_publisher}'" + echo " -A <application> Set an application name for the disk" + echo " Default: '${iso_application}'" + echo " -D <install_dir> Set an install_dir (directory inside iso)" + echo " Default: ${install_dir}" + echo " -w <work_dir> Set the working directory" + echo " Default: ${work_dir}" + echo " -o <out_dir> Set the output directory" + echo " Default: ${out_dir}" + echo " -v Enable verbose output" + echo " -h This help message" + exit "${1}" +} + +# Helper function to run make_*() only one time per architecture. +run_once() { + if [[ ! -e "${work_dir}/build.${1}_${arch}" ]]; then + "$1" + touch "${work_dir}/build.${1}_${arch}" + fi +} + +# Setup custom pacman.conf with current cache directories and custom mirrorlist and custom architecture. +make_pacman_conf() { + local _cache_dirs + _cache_dirs=("$(pacman -v 2>&1 | grep '^Cache Dirs:' | sed 's/Cache Dirs:\s*//g')") + sed -r "s|^#?\\s*CacheDir.+|CacheDir = $(echo -n "${_cache_dirs[@]}")|g" \ + "${script_path}/pacman.conf" > "${work_dir}/pacman-x86_64.conf" + sed ' + s@/var/cache/pacman/pkg/@/var/cache/archbuild32/@ + s@Include = /etc/pacman\.d/mirrorlist$@\032@ + ' "${work_dir}/pacman-x86_64.conf" > "${work_dir}/pacman-i686.conf" + local _conf + for _conf in "${work_dir}/"pacman-*.conf; do + sed -i ' + /^Architecture =/ s/=.*$/= '"${_conf##*/pacman-}"'/ + T + s/\.conf$// + ' "${_conf}" + done +} + +# Prepare working directory and copy custom airootfs files (airootfs) +make_custom_airootfs() { + local _airootfs="${work_dir}/${arch}/airootfs" + mkdir -p -- "${_airootfs}" + + if [[ -d "${script_path}/airootfs" ]]; then + cp -af --no-preserve=ownership -- "${script_path}/airootfs/." "${_airootfs}" + + [[ -e "${_airootfs}/etc/shadow" ]] && chmod -f 0400 -- "${_airootfs}/etc/shadow" + [[ -e "${_airootfs}/etc/gshadow" ]] && chmod -f 0400 -- "${_airootfs}/etc/gshadow" + [[ -e "${_airootfs}/root" ]] && chmod -f 0750 -- "${_airootfs}/root" + fi +} + +# Packages (airootfs) +make_packages() { + if [ -n "${verbose}" ]; then + arch=${arch} mkarchiso -v -w "${work_dir}/${arch}" -C "${work_dir}/pacman-${arch}.conf" -D "${install_dir}" \ + -p "$(grep -h -v '^#' "${script_path}/packages."{both,${arch}}| sed ':a;N;$!ba;s/\n/ /g')" install + else + arch=${arch} mkarchiso -w "${work_dir}/${arch}" -C "${work_dir}/pacman-${arch}.conf" -D "${install_dir}" \ + -p "$(grep -h -v '^#' "${script_path}/packages."{both,${arch}}| sed ':a;N;$!ba;s/\n/ /g')" install + fi +} + +# Needed packages for x86_64 EFI boot +make_packages_efi() { + if [ -n "${verbose}" ]; then + arch=${arch} mkarchiso -v -w "${work_dir}/${arch}" -C "${work_dir}/pacman-${arch}.conf" -D "${install_dir}" -p "efitools" install + else + arch=${arch} mkarchiso -w "${work_dir}/${arch}" -C "${work_dir}/pacman-${arch}.conf" -D "${install_dir}" -p "efitools" install + fi +} + +# Copy mkinitcpio archiso hooks and build initramfs (airootfs) +make_setup_mkinitcpio() { + local _hook + mkdir -p "${work_dir}/${arch}/airootfs/etc/initcpio/hooks" + mkdir -p "${work_dir}/${arch}/airootfs/etc/initcpio/install" + for _hook in archiso archiso_shutdown archiso_pxe_common archiso_pxe_nbd archiso_pxe_http archiso_pxe_nfs archiso_loop_mnt; do + cp "/usr/lib/initcpio/hooks/${_hook}" "${work_dir}/${arch}/airootfs/etc/initcpio/hooks" + cp "/usr/lib/initcpio/install/${_hook}" "${work_dir}/${arch}/airootfs/etc/initcpio/install" + done + sed -i "s|/usr/lib/initcpio/|/etc/initcpio/|g" "${work_dir}/${arch}/airootfs/etc/initcpio/install/archiso_shutdown" + cp /usr/lib/initcpio/install/archiso_kms "${work_dir}/${arch}/airootfs/etc/initcpio/install" + cp /usr/lib/initcpio/archiso_shutdown "${work_dir}/${arch}/airootfs/etc/initcpio" + cp ${script_path}/mkinitcpio.conf "${work_dir}/${arch}/airootfs/etc/mkinitcpio-archiso.conf" + if [[ "${gpg_key}" ]]; then + gpg --export "${gpg_key}" > "${work_dir}/gpgkey" + exec 17<>"${work_dir}/gpgkey" + fi + if [ -n "${verbose}" ]; then + ARCHISO_GNUPG_FD="${gpg_key:+17}" arch=${arch} mkarchiso -v -w "${work_dir}/${arch}" -C "${work_dir}/pacman-${arch}.conf" \ + -D "${install_dir}" \ + -r 'mkinitcpio -c /etc/mkinitcpio-archiso.conf -k /boot/vmlinuz-linux -g /boot/archiso.img' run + else + ARCHISO_GNUPG_FD="${gpg_key:+17}" arch=${arch} mkarchiso -w "${work_dir}/${arch}" -C "${work_dir}/pacman-${arch}.conf" \ + -D "${install_dir}" \ + -r 'mkinitcpio -c /etc/mkinitcpio-archiso.conf -k /boot/vmlinuz-linux -g /boot/archiso.img' run + fi + if [[ "${gpg_key}" ]]; then + exec 17<&- + fi +} + +# Customize installation (airootfs) +make_customize_airootfs() { + if [ -n "${verbose}" ]; then + arch=${arch} mkarchiso -v -w "${work_dir}/${arch}" -C "${work_dir}/pacman-${arch}.conf" -D "${install_dir}" \ + -r '/root/customize_airootfs.sh' run + else + arch=${arch} mkarchiso -w "${work_dir}/${arch}" -C "${work_dir}/pacman-${arch}.conf" -D "${install_dir}" \ + -r '/root/customize_airootfs.sh' run + fi + rm "${work_dir}/${arch}/airootfs/root/customize_airootfs.sh" +} + +# Prepare kernel/initramfs ${install_dir}/boot/ +make_boot() { + mkdir -p "${work_dir}/iso/${install_dir}/boot/${arch}" + cp "${work_dir}/${arch}/airootfs/boot/archiso.img" "${work_dir}/iso/${install_dir}/boot/${arch}/archiso.img" + cp "${work_dir}/${arch}/airootfs/boot/vmlinuz-linux" "${work_dir}/iso/${install_dir}/boot/${arch}/vmlinuz" +} + +# Add other aditional/extra files to ${install_dir}/boot/ +make_boot_extra() { + if [[ -e "${work_dir}/${arch}/airootfs/boot/memtest86+/memtest.bin" ]]; then + cp "${work_dir}/${arch}/airootfs/boot/memtest86+/memtest.bin" "${work_dir}/iso/${install_dir}/boot/memtest" + cp "${work_dir}/${arch}/airootfs/usr/share/licenses/common/GPL2/license.txt" \ + "${work_dir}/iso/${install_dir}/boot/memtest.COPYING" + fi + if [[ -e "${work_dir}/${arch}/airootfs/boot/intel-ucode.img" ]]; then + cp "${work_dir}/${arch}/airootfs/boot/intel-ucode.img" "${work_dir}/iso/${install_dir}/boot/intel_ucode.img" + cp "${work_dir}/${arch}/airootfs/usr/share/licenses/intel-ucode/LICENSE" \ + "${work_dir}/iso/${install_dir}/boot/intel_ucode.LICENSE" + fi + if [[ -e "${work_dir}/${arch}/airootfs/boot/amd-ucode.img" ]]; then + cp "${work_dir}/${arch}/airootfs/boot/amd-ucode.img" "${work_dir}/iso/${install_dir}/boot/amd_ucode.img" + cp "${work_dir}/${arch}/airootfs/usr/share/licenses/amd-ucode/LICENSE" \ + "${work_dir}/iso/${install_dir}/boot/amd_ucode.LICENSE" + fi +} + +# Prepare /${install_dir}/boot/syslinux +make_syslinux() { + _uname_r=$(file -b "${work_dir}/${arch}/airootfs/boot/vmlinuz-linux"| awk 'f{print;f=0} /version/{f=1}' RS=' ') + mkdir -p "${work_dir}/iso/${install_dir}/boot/syslinux" + for _cfg in "${script_path}/syslinux/"*.cfg; do + sed "s|%ARCHISO_LABEL%|${iso_label}|g; + s|%INSTALL_DIR%|${install_dir}|g" "${_cfg}" > "${work_dir}/iso/${install_dir}/boot/syslinux/${_cfg##*/}" + done + cp "${script_path}/syslinux/splash.png" "${work_dir}/iso/${install_dir}/boot/syslinux" + cp "${work_dir}/${arch}/airootfs/usr/lib/syslinux/bios/"*.c32 "${work_dir}/iso/${install_dir}/boot/syslinux" + cp "${work_dir}/${arch}/airootfs/usr/lib/syslinux/bios/lpxelinux.0" "${work_dir}/iso/${install_dir}/boot/syslinux" + cp "${work_dir}/${arch}/airootfs/usr/lib/syslinux/bios/memdisk" "${work_dir}/iso/${install_dir}/boot/syslinux" + mkdir -p "${work_dir}/iso/${install_dir}/boot/syslinux/hdt" + gzip -c -9 "${work_dir}/${arch}/airootfs/usr/share/hwdata/pci.ids" > \ + "${work_dir}/iso/${install_dir}/boot/syslinux/hdt/pciids.gz" + gzip -c -9 "${work_dir}/${arch}/airootfs/usr/lib/modules/${_uname_r}/modules.alias" > \ + "${work_dir}/iso/${install_dir}/boot/syslinux/hdt/modalias.gz" +} + +# Prepare /isolinux +make_isolinux() { + mkdir -p "${work_dir}/iso/isolinux" + sed "s|%INSTALL_DIR%|${install_dir}|g" \ + "${script_path}/isolinux/isolinux.cfg" > "${work_dir}/iso/isolinux/isolinux.cfg" + cp "${work_dir}/${arch}/airootfs/usr/lib/syslinux/bios/isolinux.bin" "${work_dir}/iso/isolinux/" + cp "${work_dir}/${arch}/airootfs/usr/lib/syslinux/bios/isohdpfx.bin" "${work_dir}/iso/isolinux/" + cp "${work_dir}/${arch}/airootfs/usr/lib/syslinux/bios/ldlinux.c32" "${work_dir}/iso/isolinux/" +} + +# Prepare /EFI +make_efi() { + mkdir -p "${work_dir}/iso/EFI/boot" + cp "${work_dir}/i686/airootfs/usr/lib/systemd/boot/efi/systemd-bootia32.efi" \ + "${work_dir}/iso/EFI/boot/bootia32.efi" + + mkdir -p "${work_dir}/iso/loader/entries" + cp "${script_path}/efiboot/loader/loader.conf" "${work_dir}/iso/loader/" + + sed "s|%ARCHISO_LABEL%|${iso_label}|g; + s|%INSTALL_DIR%|${install_dir}|g" \ + "${script_path}/efiboot/loader/entries/archiso-x86_64-usb.conf" > \ + "${work_dir}/iso/loader/entries/archiso-x86_64.conf" + + # edk2-shell based UEFI shell + # shellx64.efi is picked up automatically when on / + cp /usr/share/edk2-shell/x64/Shell_Full.efi "${work_dir}/iso/shellx64.efi" +} + +# Prepare efiboot.img::/EFI for "El Torito" EFI boot mode +make_efiboot() { + mkdir -p "${work_dir}/iso/EFI/archiso" + truncate -s 64M "${work_dir}/iso/EFI/archiso/efiboot.img" + mkfs.fat -n ARCHISO_EFI "${work_dir}/iso/EFI/archiso/efiboot.img" + + mkdir -p "${work_dir}/efiboot" + mount "${work_dir}/iso/EFI/archiso/efiboot.img" "${work_dir}/efiboot" + + mkdir -p "${work_dir}/efiboot/EFI/archiso" + cp "${work_dir}/iso/${install_dir}/boot/i686/vmlinuz" "${work_dir}/efiboot/EFI/archiso/vmlinuz.efi" + cp "${work_dir}/iso/${install_dir}/boot/i686/archiso.img" "${work_dir}/efiboot/EFI/archiso/archiso.img" + + cp "${work_dir}/iso/${install_dir}/boot/intel_ucode.img" "${work_dir}/efiboot/EFI/archiso/intel_ucode.img" + cp "${work_dir}/iso/${install_dir}/boot/amd_ucode.img" "${work_dir}/efiboot/EFI/archiso/amd_ucode.img" + + mkdir -p "${work_dir}/efiboot/EFI/boot" + cp "${work_dir}/i686/airootfs/usr/lib/systemd/boot/efi/systemd-bootia32.efi" \ + "${work_dir}/efiboot/EFI/boot/bootia32.efi" + + mkdir -p "${work_dir}/efiboot/loader/entries" + cp "${script_path}/efiboot/loader/loader.conf" "${work_dir}/efiboot/loader/" + + sed "s|%ARCHISO_LABEL%|${iso_label}|g; + s|%INSTALL_DIR%|${install_dir}|g" \ + "${script_path}/efiboot/loader/entries/archiso-x86_64-cd.conf" > \ + "${work_dir}/efiboot/loader/entries/archiso-x86_64.conf" + + # shellx64.efi is picked up automatically when on / + cp "${work_dir}/iso/shellx64.efi" "${work_dir}/efiboot/" + + umount -d "${work_dir}/efiboot" +} + +# Build airootfs filesystem image +make_prepare() { + cp -a -l -f "${work_dir}/${arch}/airootfs" "${work_dir}" + if [ -n "${verbose}" ]; then + arch=${arch} mkarchiso -v -w "${work_dir}" -D "${install_dir}" pkglist + arch=${arch} mkarchiso -v -w "${work_dir}" -D "${install_dir}" ${gpg_key:+-g ${gpg_key}} prepare + else + arch=${arch} mkarchiso -w "${work_dir}" -D "${install_dir}" pkglist + arch=${arch} mkarchiso -w "${work_dir}" -D "${install_dir}" ${gpg_key:+-g ${gpg_key}} prepare + fi + rm -rf "${work_dir}/airootfs" + # rm -rf "${work_dir}/${arch}/airootfs" (if low space, this helps) +} + +# Build ISO +make_iso() { + if [ -n "${verbose}" ]; then + arch=${arch} mkarchiso -v -w "${work_dir}" -D "${install_dir}" -L "${iso_label}" -P "${iso_publisher}" \ + -A "${iso_application}" -o "${out_dir}" iso "${iso_name}-${iso_version}-i686.iso" + else + arch=${arch} mkarchiso -w "${work_dir}" -D "${install_dir}" -L "${iso_label}" -P "${iso_publisher}" \ + -A "${iso_application}" -o "${out_dir}" iso "${iso_name}-${iso_version}-i686.iso" + fi +} + +if [[ ${EUID} -ne 0 ]]; then + echo "This script must be run as root." + _usage 1 +fi + +while getopts 'N:V:L:P:A:D:w:o:g:vh' arg; do + case "${arg}" in + N) iso_name="${OPTARG}" ;; + V) iso_version="${OPTARG}" ;; + L) iso_label="${OPTARG}" ;; + P) iso_publisher="${OPTARG}" ;; + A) iso_application="${OPTARG}" ;; + D) install_dir="${OPTARG}" ;; + w) work_dir="${OPTARG}" ;; + o) out_dir="${OPTARG}" ;; + g) gpg_key="${OPTARG}" ;; + v) verbose="-v" ;; + h) _usage 0 ;; + *) + echo "Invalid argument '${arg}'" + _usage 1 + ;; + esac +done + +mkdir -p "${work_dir}" + +run_once make_pacman_conf + +# Do all stuff for each airootfs +for arch in i686; do + run_once make_custom_airootfs + run_once make_packages +done + +run_once make_packages_efi + +for arch in i686; do + run_once make_setup_mkinitcpio + run_once make_customize_airootfs +done + +for arch in i686; do + run_once make_boot +done + +# Do all stuff for "iso" +run_once make_boot_extra +run_once make_syslinux +run_once make_isolinux +run_once make_efi +run_once make_efiboot + +for arch in i686; do + run_once make_prepare +done + +run_once make_iso diff --git a/configs/releng/efiboot/loader/entries/01-archiso-x86_64-linux.conf b/configs/releng/efiboot/loader/entries/01-archiso-x86_64-linux.conf index 1c2a7a8..bc8ab33 100644 --- a/configs/releng/efiboot/loader/entries/01-archiso-x86_64-linux.conf +++ b/configs/releng/efiboot/loader/entries/01-archiso-x86_64-linux.conf @@ -1,7 +1,5 @@ title Arch Linux install medium (x86_64, UEFI) sort-key 01 linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux -initrd /%INSTALL_DIR%/boot/intel-ucode.img -initrd /%INSTALL_DIR%/boot/amd-ucode.img initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% +options archisobasedir=%INSTALL_DIR% archisosearchuuid=%ARCHISO_UUID% diff --git a/configs/releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf b/configs/releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf index 64253d3..c0cb1c8 100644 --- a/configs/releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf +++ b/configs/releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf @@ -1,7 +1,5 @@ title Arch Linux install medium (x86_64, UEFI) with speech sort-key 02 linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux -initrd /%INSTALL_DIR%/boot/intel-ucode.img -initrd /%INSTALL_DIR%/boot/amd-ucode.img initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% accessibility=on +options archisobasedir=%INSTALL_DIR% archisosearchuuid=%ARCHISO_UUID% accessibility=on diff --git a/configs/releng/efiboot/loader/entries/03-archiso-x86_64-memtest86+.conf b/configs/releng/efiboot/loader/entries/03-archiso-x86_64-memtest86+.conf new file mode 100644 index 0000000..d0b305c --- /dev/null +++ b/configs/releng/efiboot/loader/entries/03-archiso-x86_64-memtest86+.conf @@ -0,0 +1,3 @@ +title Memtest86+ +sort-key 03 +efi /boot/memtest86+/memtest.efi diff --git a/configs/releng/grub/grub.cfg b/configs/releng/grub/grub.cfg index 1882e49..25194a3 100644 --- a/configs/releng/grub/grub.cfg +++ b/configs/releng/grub/grub.cfg @@ -9,28 +9,38 @@ insmod exfat insmod udf # Use graphics-mode output -insmod all_video -insmod font if loadfont "${prefix}/fonts/unicode.pf2" ; then - insmod gfxterm + insmod all_video set gfxmode="auto" terminal_input console - terminal_output gfxterm + terminal_output console fi # Enable serial console +insmod serial +insmod usbserial_common +insmod usbserial_ftdi +insmod usbserial_pl2303 +insmod usbserial_usbdebug if serial --unit=0 --speed=115200; then terminal_input --append serial terminal_output --append serial fi -# Search for the ISO volume -if [ -z "${ARCHISO_UUID}" ]; then - if [ -z "${ARCHISO_HINT}" ]; then - regexp --set=1:ARCHISO_HINT '^\(([^)]+)\)' "${cmdpath}" +# Get a human readable platform identifier +if [ "${grub_platform}" == 'efi' ]; then + archiso_platform='UEFI' + if [ "${grub_cpu}" == 'x86_64' ]; then + archiso_platform="x64 ${archiso_platform}" + elif [ "${grub_cpu}" == 'i386' ]; then + archiso_platform="IA32 ${archiso_platform}" + else + archiso_platform="${grub_cpu} ${archiso_platform}" fi - search --no-floppy --set=root --file '%ARCHISO_SEARCH_FILENAME%' --hint "${ARCHISO_HINT}" - probe --set ARCHISO_UUID --fs-uuid "${root}" +elif [ "${grub_platform}" == 'pc' ]; then + archiso_platform='BIOS' +else + archiso_platform="${grub_cpu} ${grub_platform}" fi # Set default menu entry @@ -38,36 +48,41 @@ default=archlinux timeout=15 timeout_style=menu -# GRUB init tune for accessibility -play 600 988 1 1319 4 # Menu entries -menuentry "Arch Linux install medium (x86_64, UEFI)" --class arch --class gnu-linux --class gnu --class os --id 'archlinux' { +menuentry "Arch Linux install medium (%ARCH%, ${archiso_platform})" --class arch --class gnu-linux --class gnu --class os --id 'archlinux' { set gfxpayload=keep - linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisodevice=UUID=${ARCHISO_UUID} - initrd /%INSTALL_DIR%/boot/intel-ucode.img /%INSTALL_DIR%/boot/amd-ucode.img /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img + linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisosearchuuid=%ARCHISO_UUID% + initrd /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img } -menuentry "Arch Linux install medium with speakup screen reader (x86_64, UEFI)" --hotkey s --class arch --class gnu-linux --class gnu --class os --id 'archlinux-accessibility' { +menuentry "Arch Linux install medium with speakup screen reader (%ARCH%, ${archiso_platform})" --hotkey s --class arch --class gnu-linux --class gnu --class os --id 'archlinux-accessibility' { set gfxpayload=keep - linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisodevice=UUID=${ARCHISO_UUID} accessibility=on - initrd /%INSTALL_DIR%/boot/intel-ucode.img /%INSTALL_DIR%/boot/amd-ucode.img /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img + linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisosearchuuid=%ARCHISO_UUID% accessibility=on + initrd /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img } -if [ "${grub_platform}" == "efi" ]; then - if [ "${grub_cpu}" == "x86_64" ]; then - menuentry "Run Memtest86+ (RAM test)" --class memtest86 --class gnu --class tool { - set gfxpayload=800x600,1024x768 - linux /boot/memtest86+/memtest.efi - } - menuentry "UEFI Shell" { - insmod chain + +if [ "${grub_platform}" == 'efi' -a "${grub_cpu}" == 'x86_64' -a -f '/boot/memtest86+/memtest.efi' ]; then + menuentry 'Run Memtest86+ (RAM test)' --class memtest86 --class memtest --class gnu --class tool { + set gfxpayload=800x600,1024x768 + linux /boot/memtest86+/memtest.efi + } +fi +if [ "${grub_platform}" == 'pc' -a -f '/boot/memtest86+/memtest' ]; then + menuentry 'Run Memtest86+ (RAM test)' --class memtest86 --class memtest --class gnu --class tool { + set gfxpayload=800x600,1024x768 + linux /boot/memtest86+/memtest + } +fi +if [ "${grub_platform}" == 'efi' ]; then + if [ "${grub_cpu}" == 'x86_64' -a -f '/shellx64.efi' ]; then + menuentry 'UEFI Shell' --class efi { chainloader /shellx64.efi } - elif [ "${grub_cpu}" == "i386" ]; then - menuentry "UEFI Shell" { - insmod chain + elif [ "${grub_cpu}" == "i386" -a -f '/shellia32.efi' ]; then + menuentry 'UEFI Shell' --class efi { chainloader /shellia32.efi } fi @@ -77,12 +92,16 @@ if [ "${grub_platform}" == "efi" ]; then } fi -menuentry "System shutdown" --class shutdown --class poweroff { - echo "System shutting down..." +menuentry 'System shutdown' --class shutdown --class poweroff { + echo 'System shutting down...' halt } -menuentry "System restart" --class reboot --class restart { - echo "System rebooting..." +menuentry 'System restart' --class reboot --class restart { + echo 'System rebooting...' reboot } + + +# GRUB init tune for accessibility +play 600 988 1 1319 4 diff --git a/configs/releng/grub/loopback.cfg b/configs/releng/grub/loopback.cfg new file mode 100644 index 0000000..d7d5ece --- /dev/null +++ b/configs/releng/grub/loopback.cfg @@ -0,0 +1,80 @@ +# https://www.supergrubdisk.org/wiki/Loopback.cfg + +# Search for the ISO volume +search --no-floppy --set=archiso_img_dev --file "${iso_path}" +probe --set archiso_img_dev_uuid --fs-uuid "${archiso_img_dev}" + +# Get a human readable platform identifier +if [ "${grub_platform}" == 'efi' ]; then + archiso_platform='UEFI' + if [ "${grub_cpu}" == 'x86_64' ]; then + archiso_platform="x64 ${archiso_platform}" + elif [ "${grub_cpu}" == 'i386' ]; then + archiso_platform="IA32 ${archiso_platform}" + else + archiso_platform="${grub_cpu} ${archiso_platform}" + fi +elif [ "${grub_platform}" == 'pc' ]; then + archiso_platform='BIOS' +else + archiso_platform="${grub_cpu} ${grub_platform}" +fi + +# Set default menu entry +default=archlinux +timeout=15 +timeout_style=menu + + +# Menu entries + +menuentry "Arch Linux install medium (%ARCH%, ${archiso_platform})" --class arch --class gnu-linux --class gnu --class os --id 'archlinux' { + set gfxpayload=keep + linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux archisobasedir=%INSTALL_DIR% img_dev=UUID=${archiso_img_dev_uuid} img_loop="${iso_path}" + initrd /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img +} + +menuentry "Arch Linux install medium with speakup screen reader (%ARCH%, ${archiso_platform})" --hotkey s --class arch --class gnu-linux --class gnu --class os --id 'archlinux-accessibility' { + set gfxpayload=keep + linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux archisobasedir=%INSTALL_DIR% img_dev=UUID=${archiso_img_dev_uuid} img_loop="${iso_path}" accessibility=on + initrd /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img +} + + +if [ "${grub_platform}" == 'efi' -a "${grub_cpu}" == 'x86_64' -a -f '/boot/memtest86+/memtest.efi' ]; then + menuentry 'Run Memtest86+ (RAM test)' --class memtest86 --class memtest --class gnu --class tool { + set gfxpayload=800x600,1024x768 + linux /boot/memtest86+/memtest.efi + } +fi +if [ "${grub_platform}" == 'pc' -a -f '/boot/memtest86+/memtest' ]; then + menuentry 'Run Memtest86+ (RAM test)' --class memtest86 --class memtest --class gnu --class tool { + set gfxpayload=800x600,1024x768 + linux /boot/memtest86+/memtest + } +fi +if [ "${grub_platform}" == 'efi' ]; then + if [ "${grub_cpu}" == 'x86_64' -a -f '/shellx64.efi' ]; then + menuentry 'UEFI Shell' --class efi { + chainloader /shellx64.efi + } + elif [ "${grub_cpu}" == "i386" -a -f '/shellia32.efi' ]; then + menuentry 'UEFI Shell' --class efi { + chainloader /shellia32.efi + } + fi + + menuentry 'UEFI Firmware Settings' --id 'uefi-firmware' { + fwsetup + } +fi + +menuentry 'System shutdown' --class shutdown --class poweroff { + echo 'System shutting down...' + halt +} + +menuentry 'System restart' --class reboot --class restart { + echo 'System rebooting...' + reboot +} diff --git a/configs/releng/packages.i686 b/configs/releng/packages.i686 new file mode 100644 index 0000000..a693762 --- /dev/null +++ b/configs/releng/packages.i686 @@ -0,0 +1,122 @@ +alsa-utils +amd-ucode +arch-install-scripts +archinstall +b43-fwcutter +base +bind +brltty +broadcom-wl +btrfs-progs +clonezilla +cloud-init +cryptsetup +darkhttpd +ddrescue +dhclient +dhcpcd +diffutils +dmidecode +dmraid +dnsmasq +dosfstools +e2fsprogs +edk2-shell +efibootmgr +espeakup +ethtool +exfatprogs +f2fs-tools +fatresize +fsarchiver +gnu-netcat +gpart +gpm +gptfdisk +grml-zsh-config +grub +hdparm +hyperv +intel-ucode +irssi +iw +iwd +jfsutils +kitty-terminfo +less +lftp +libfido2 +libusb-compat +linux +linux-atm +linux-firmware +livecd-sounds +lsscsi +lvm2 +lynx +man-db +man-pages +mc +mdadm +memtest86+ +mkinitcpio +mkinitcpio-archiso +mkinitcpio-nfs-utils +modemmanager +mtools +nano +nbd +ndisc6 +nfs-utils +nilfs-utils +nmap +ntfs-3g +nvme-cli +open-iscsi +open-vm-tools +openconnect +openssh +openvpn +partclone +parted +partimage +pcsclite +ppp +pptpclient +pv +qemu-guest-agent +refind +reflector +reiserfsprogs +rp-pppoe +rsync +rxvt-unicode-terminfo +screen +sdparm +sg3_utils +smartmontools +sof-firmware +squashfs-tools +sudo +syslinux +systemd-resolvconf +tcpdump +terminus-font +testdisk +tmux +tpm2-tss +udftools +usb_modeswitch +usbmuxd +usbutils +vim +virtualbox-guest-utils-nox +vpnc +wireless-regdb +wireless_tools +wpa_supplicant +wvdial +xfsprogs +xl2tpd +zsh +pcmciautils diff --git a/configs/releng/packages.x86_64 b/configs/releng/packages.x86_64 index 5771920..36c929d 100644 --- a/configs/releng/packages.x86_64 +++ b/configs/releng/packages.x86_64 @@ -4,7 +4,9 @@ arch-install-scripts archinstall b43-fwcutter base +bcachefs-tools bind +bolt brltty broadcom-wl btrfs-progs @@ -28,6 +30,7 @@ ethtool exfatprogs f2fs-tools fatresize +foot-terminfo fsarchiver gnu-netcat gpart @@ -43,6 +46,7 @@ iw iwd jfsutils kitty-terminfo +ldns less lftp libfido2 @@ -77,6 +81,7 @@ nvme-cli open-iscsi open-vm-tools openconnect +openpgp-card-tools openssh openvpn partclone @@ -95,6 +100,7 @@ rsync rxvt-unicode-terminfo screen sdparm +sequoia-sq sg3_utils smartmontools sof-firmware @@ -106,6 +112,7 @@ tcpdump terminus-font testdisk tmux +tpm2-tools tpm2-tss udftools usb_modeswitch @@ -114,6 +121,7 @@ usbutils vim virtualbox-guest-utils-nox vpnc +wezterm-terminfo wireless-regdb wireless_tools wpa_supplicant diff --git a/configs/releng/pacman.conf b/configs/releng/pacman.conf index 5ee6c1e..f907e66 100644 --- a/configs/releng/pacman.conf +++ b/configs/releng/pacman.conf @@ -70,20 +70,23 @@ LocalFileSigLevel = Optional # repo name header and Include lines. You can add preferred servers immediately # after the header, and they will be used before the default mirrors. -#[testing] -#Include = /etc/pacman.d/mirrorlist +#[core-testing] +#Include = /etc/pacman.d/mirrorlist32 [core] -Include = /etc/pacman.d/mirrorlist +Include = /etc/pacman.d/mirrorlist32 + +#[extra-testing] +#Include = /etc/pacman.d/mirrorlist32 [extra] -Include = /etc/pacman.d/mirrorlist +Include = /etc/pacman.d/mirrorlist32 #[community-testing] -#Include = /etc/pacman.d/mirrorlist +#Include = /etc/pacman.d/mirrorlist32 [community] -Include = /etc/pacman.d/mirrorlist +Include = /etc/pacman.d/mirrorlist32 # If you want to run 32 bit applications on your x86_64 system, # enable the multilib repositories as required here. diff --git a/configs/releng/profiledef.sh b/configs/releng/profiledef.sh index 4154816..f84b07b 100644 --- a/configs/releng/profiledef.sh +++ b/configs/releng/profiledef.sh @@ -1,24 +1,24 @@ #!/usr/bin/env bash # shellcheck disable=SC2034 -iso_name="archlinux" +iso_name="archlinux32" iso_label="ARCH_$(date --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +%Y%m)" iso_publisher="Arch Linux <https://archlinux.org>" -iso_application="Arch Linux Live/Rescue CD" +iso_application="Arch Linux Live/Rescue DVD" iso_version="$(date --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +%Y.%m.%d)" install_dir="arch" buildmodes=('iso') -bootmodes=('bios.syslinux.mbr' 'bios.syslinux.eltorito' - 'uefi-ia32.grub.esp' 'uefi-x64.grub.esp' - 'uefi-ia32.grub.eltorito' 'uefi-x64.grub.eltorito') -arch="x86_64" +bootmodes=('bios.syslinux.mbr' 'bios.syslinux.eltorito') +arch="i686" pacman_conf="pacman.conf" airootfs_image_type="squashfs" airootfs_image_tool_options=('-comp' 'xz' '-Xbcj' 'x86' '-b' '1M' '-Xdict-size' '1M') +bootstrap_tarball_compression=('zstd' '-c' '-T0' '--auto-threads=logical' '--long' '-19') file_permissions=( ["/etc/shadow"]="0:0:400" ["/root"]="0:0:750" ["/root/.automated_script.sh"]="0:0:755" + ["/root/.gnupg"]="0:0:700" ["/usr/local/bin/choose-mirror"]="0:0:755" ["/usr/local/bin/Installation_guide"]="0:0:755" ["/usr/local/bin/livecd-sound"]="0:0:755" diff --git a/configs/releng/syslinux/archiso_pxe-linux.cfg b/configs/releng/syslinux/archiso_pxe-linux.cfg index 0eb1705..6710f3e 100644 --- a/configs/releng/syslinux/archiso_pxe-linux.cfg +++ b/configs/releng/syslinux/archiso_pxe-linux.cfg @@ -1,32 +1,32 @@ -LABEL arch64_nbd +LABEL arch32_nbd TEXT HELP Boot the Arch Linux install medium using NBD. It allows you to install Arch Linux or perform system maintenance. ENDTEXT -MENU LABEL Arch Linux install medium (x86_64, NBD) -LINUX ::/%INSTALL_DIR%/boot/x86_64/vmlinuz-linux -INITRD ::/%INSTALL_DIR%/boot/intel-ucode.img,::/%INSTALL_DIR%/boot/amd-ucode.img,::/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% archiso_nbd_srv=${pxeserver} cms_verify=y +MENU LABEL Arch Linux install medium (i686, NBD) +LINUX ::/%INSTALL_DIR%/boot/i686/vmlinuz-linux +INITRD ::/%INSTALL_DIR%/boot/i686/initramfs-linux.img +APPEND archisobasedir=%INSTALL_DIR% archisosearchuuid=%ARCHISO_UUID% archiso_nbd_srv=${pxeserver} cms_verify=y SYSAPPEND 3 -LABEL arch64_nfs +LABEL arch32_nfs TEXT HELP Boot the Arch Linux live medium using NFS. It allows you to install Arch Linux or perform system maintenance. ENDTEXT -MENU LABEL Arch Linux install medium (x86_64, NFS) -LINUX ::/%INSTALL_DIR%/boot/x86_64/vmlinuz-linux -INITRD ::/%INSTALL_DIR%/boot/intel-ucode.img,::/%INSTALL_DIR%/boot/amd-ucode.img,::/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img +MENU LABEL Arch Linux install medium (i686, NFS) +LINUX ::/%INSTALL_DIR%/boot/i686/vmlinuz-linux +INITRD ::/%INSTALL_DIR%/boot/i686/initramfs-linux.img APPEND archisobasedir=%INSTALL_DIR% archiso_nfs_srv=${pxeserver}:/run/archiso/bootmnt cms_verify=y SYSAPPEND 3 -LABEL arch64_http +LABEL arch32_http TEXT HELP Boot the Arch Linux live medium using HTTP. It allows you to install Arch Linux or perform system maintenance. ENDTEXT -MENU LABEL Arch Linux install medium (x86_64, HTTP) -LINUX ::/%INSTALL_DIR%/boot/x86_64/vmlinuz-linux -INITRD ::/%INSTALL_DIR%/boot/intel-ucode.img,::/%INSTALL_DIR%/boot/amd-ucode.img,::/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img +MENU LABEL Arch Linux install medium (i686, HTTP) +LINUX ::/%INSTALL_DIR%/boot/i686/vmlinuz-linux +INITRD ::/%INSTALL_DIR%/boot/i686/initramfs-linux.img APPEND archisobasedir=%INSTALL_DIR% archiso_http_srv=http://${pxeserver}/ cms_verify=y SYSAPPEND 3 diff --git a/configs/releng/syslinux/archiso_pxe_32_inc.cfg b/configs/releng/syslinux/archiso_pxe_32_inc.cfg new file mode 100644 index 0000000..e4115df --- /dev/null +++ b/configs/releng/syslinux/archiso_pxe_32_inc.cfg @@ -0,0 +1,3 @@ +INCLUDE boot/syslinux/archiso_head.cfg +INCLUDE boot/syslinux/archiso_pxe32.cfg +INCLUDE boot/syslinux/archiso_tail.cfg diff --git a/configs/releng/syslinux/archiso_sys-linux.cfg b/configs/releng/syslinux/archiso_sys-linux.cfg index f9d3b0d..a81fd41 100644 --- a/configs/releng/syslinux/archiso_sys-linux.cfg +++ b/configs/releng/syslinux/archiso_sys-linux.cfg @@ -1,20 +1,20 @@ -LABEL arch64 +LABEL arch32 TEXT HELP Boot the Arch Linux install medium on BIOS. It allows you to install Arch Linux or perform system maintenance. ENDTEXT -MENU LABEL Arch Linux install medium (x86_64, BIOS) -LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux -INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% +MENU LABEL Arch Linux install medium (i686, BIOS) +LINUX /%INSTALL_DIR%/boot/i686/vmlinuz-linux +INITRD /%INSTALL_DIR%/boot/i686/initramfs-linux.img +APPEND archisobasedir=%INSTALL_DIR% archisosearchuuid=%ARCHISO_UUID% # Accessibility boot option -LABEL arch64speech +LABEL arch32speech TEXT HELP Boot the Arch Linux install medium on BIOS with speakup screen reader. It allows you to install Arch Linux or perform system maintenance with speech feedback. ENDTEXT -MENU LABEL Arch Linux install medium (x86_64, BIOS) with ^speech -LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux -INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% accessibility=on +MENU LABEL Arch Linux install medium (i686, BIOS) with ^speech +LINUX /%INSTALL_DIR%/boot/i686/vmlinuz-linux +INITRD /%INSTALL_DIR%/boot/i686/initramfs-linux.img +APPEND archisobasedir=%INSTALL_DIR% archisosearchuuid=%ARCHISO_UUID% accessibility=on diff --git a/configs/releng/syslinux/archiso_sys.cfg b/configs/releng/syslinux/archiso_sys.cfg index d93bcfe..dc1a6eb 100644 --- a/configs/releng/syslinux/archiso_sys.cfg +++ b/configs/releng/syslinux/archiso_sys.cfg @@ -1,6 +1,6 @@ INCLUDE archiso_head.cfg -DEFAULT arch64 +DEFAULT arch32 TIMEOUT 150 INCLUDE archiso_sys-linux.cfg diff --git a/configs/releng/syslinux/archiso_sys_32_inc.cfg b/configs/releng/syslinux/archiso_sys_32_inc.cfg new file mode 100644 index 0000000..9e37093 --- /dev/null +++ b/configs/releng/syslinux/archiso_sys_32_inc.cfg @@ -0,0 +1,3 @@ +INCLUDE boot/syslinux/archiso_head.cfg +INCLUDE boot/syslinux/archiso_sys32.cfg +INCLUDE boot/syslinux/archiso_tail.cfg diff --git a/docs/README.profile.rst b/docs/README.profile.rst index f1fd717..d1f6bc3 100644 --- a/docs/README.profile.rst +++ b/docs/README.profile.rst @@ -48,10 +48,12 @@ The image file is constructed from some of the variables in ``profiledef.sh``: ` - ``bios.syslinux.eltorito``: Syslinux for x86 BIOS booting from an optical disc - ``uefi-ia32.grub.esp``: GRUB for IA32 UEFI booting from a disk - ``uefi-ia32.grub.eltorito``: GRUB for IA32 UEFI booting from an optical disc - - ``uefi-x64.grub.esp``: GRUB for x86_64 UEFI booting from a disk - - ``uefi-x64.grub.eltorito``: GRUB for x86_64 UEFI booting from an optical disc - - ``uefi-x64.systemd-boot.esp``: systemd-boot for x86_64 UEFI booting from a disk - - ``uefi-x64.systemd-boot.eltorito``: systemd-boot for x86_64 UEFI booting from an optical disc + - ``uefi-x64.grub.esp``: GRUB for x64 UEFI booting from a disk + - ``uefi-x64.grub.eltorito``: GRUB for x64 UEFI booting from an optical disc + - ``uefi-ia32.systemd-boot.esp``: systemd-boot for IA32 UEFI booting from a disk + - ``uefi-ia32.systemd-boot.eltorito``: systemd-boot for IA32UEFI booting from an optical disc + - ``uefi-x64.systemd-boot.esp``: systemd-boot for x64 UEFI booting from a disk + - ``uefi-x64.systemd-boot.eltorito``: systemd-boot for x64 UEFI booting from an optical disc Note that BIOS El Torito boot mode must always be listed before UEFI El Torito boot mode. * ``arch``: The architecture (e.g. ``x86_64``) to build the image for. This is also used to resolve the name of the packages file (e.g. ``packages.x86_64``) @@ -64,6 +66,8 @@ The image file is constructed from some of the variables in ``profiledef.sh``: ` - ``erofs``: Create an EROFS image for the airootfs work directory * ``airootfs_image_tool_options``: An array of options to pass to the tool to create the airootfs image. ``mksquashfs`` and ``mkfs.erofs`` are supported. See ``mksquashfs --help`` or ``mkfs.erofs --help`` for all possible options +* ``bootstrap_tarball_compression``: An array containing the compression program and arguments passed to it for + compressing the bootstrap tarball (defaults to ``cat``). For example: ``bootstrap_tarball_compression=(zstd -c -T0 --long -19)``. * ``file_permissions``: An associative array that lists files and/or directories who need specific ownership or permissions. The array's keys contain the path and the value is a colon separated list of owner UID, owner GID and access mode. E.g. ``file_permissions=(["/etc/shadow"]="0:0:400")``. When directories are listed with a trailing backslash (``/``) **all** files and directories contained within the listed directory will have the same owner UID, owner GID, and access mode applied recursively. @@ -140,6 +144,12 @@ respective variables in ``profiledef.sh``: * ``%INSTALL_DIR%``: Set this using the ``install_dir`` variable in ``profiledef.sh``. * ``%ARCH%``: Set this using the ``arch`` variable in ``profiledef.sh``. +Additionally there are also *custom template identifiers* have harcoded values set by ``mkarchiso`` that cannot be +overridden: + +* ``%ARCHISO_UUID%``: the ISO 9660 modification date in UTC, i.e. its "UUID", +* ``%ARCHISO_SEARCH_FILENAME%``: file path on ISO 9660 that can be used by GRUB to find the ISO volume + (**for GRUB ``.cfg`` files only**). efiboot ------- diff --git a/man/mkarchiso.1.rst b/man/mkarchiso.1.rst new file mode 100644 index 0000000..c54d2bb --- /dev/null +++ b/man/mkarchiso.1.rst @@ -0,0 +1,80 @@ +========= +mkarchiso +========= + +------------------------ +Arch Linux ISO generator +------------------------ + +:Version: archiso |version| +:Manual section: 1 + +Synopsis +======== + +**mkarchiso** [options] *profile_directory* + +Description +=========== + +**mkarchiso** creates an ISO, netboot artifacts and a bootstrap tarball and optionally signs them. + +Options +======= + +-A application | Set an application name for the ISO. + | Default: |iso_application|. +-C file | pacman configuration file. + | Default: |pacman_conf|. +-D install_dir | Set an install_dir. All files will be located here. + | Default: |install_dir|. + | NOTE: Max 8 characters, use only *a-z0-9*. +-L label | Set the ISO volume label. + | Default: |iso_label|. +-P publisher | Set the ISO publisher. + | Default: |iso_publisher|. +-c cert_and_key | Provide certificates for codesigning of netboot artifacts as well as the rootfs artifact. + | Multiple files are provided as quoted, space delimited list. + | The first file is considered as the signing certificate, the second as the key and the third as the optional certificate authority. +-g gpg_key | Set the PGP key ID to be used for signing the rootfs image. Passed to gpg as the value for **--default-key**. +-G mbox | Set the PGP signer (must include an email address). Passed to gpg as the value for **--sender**. +-h | Help message. +-m mode | Build mode(s) to use (valid modes are: *bootstrap*, *iso* and *netboot*). Multiple build modes are provided as quoted, space delimited list. +-o out_dir | Set the output directory. + | Default: |out_dir|. +-p packages | Package(s) to install. + | Multiple packages are provided as quoted, space delimited list. +-r | Delete the working directory at the end. +-v | Enable verbose output. +-w work_dir | Set the working directory. + | Default: |work_dir|. + +Examples +======== + +Build the releng profile +------------------------ + + mkarchiso |profile_dir|/configs/releng + +Bugs +==== + +https://gitlab.archlinux.org/archlinux/archiso/-/issues + +Authors +======= + +archiso is maintained by the Arch Linux community. Refer to the *AUTHORS* file for a full list of contributors. + +Copyright +========= + +Copyright 🄯 archiso contributors. GPL-3.0-or-later. + +See also +======== + +* /usr/share/doc/archiso/README.profile.rst + +.. include:: variables.rst diff --git a/man/variables.rst b/man/variables.rst new file mode 100644 index 0000000..152f154 --- /dev/null +++ b/man/variables.rst @@ -0,0 +1,10 @@ +.. |iso_application| replace:: '*mkarchiso iso*' +.. |pacman_conf| replace:: */etc/pacman.conf* +.. |install_dir| replace:: *arch* +.. |iso_label| replace:: *MKARCHISO* +.. |iso_publisher| replace:: *mkarchiso* +.. |out_dir| replace:: *./out* +.. |work_dir| replace:: *./work* +.. |profile_dir| replace:: /usr/share/archiso + +.. include:: version.rst diff --git a/scripts/run_archiso.sh b/scripts/run_archiso.sh index 6ddce15..87e5e25 100755 --- a/scripts/run_archiso.sh +++ b/scripts/run_archiso.sh @@ -11,7 +11,6 @@ # - qemu # - edk2-ovmf (when UEFI booting) - set -eu print_help() { |