index : archiso32 | |
Archlinux32 iso tools | gitolite user |
summaryrefslogtreecommitdiff |
-rw-r--r-- | CHANGELOG.rst | 23 | ||||
-rw-r--r-- | README.rst | 6 | ||||
-rwxr-xr-x | archiso/mkarchiso | 160 | ||||
-rw-r--r-- | configs/baseline/airootfs/etc/ssh/sshd_config | 6 | ||||
-rw-r--r-- | configs/baseline/grub/grub.cfg | 16 | ||||
-rw-r--r-- | configs/baseline/profiledef.sh | 4 | ||||
-rw-r--r-- | configs/releng/airootfs/etc/ssh/sshd_config | 6 | ||||
-rw-r--r-- | configs/releng/grub/grub.cfg | 24 | ||||
-rw-r--r-- | configs/releng/profiledef.sh | 4 | ||||
-rw-r--r-- | configs/releng/syslinux/archiso_head.cfg | 2 | ||||
-rw-r--r-- | configs/releng/syslinux/archiso_tail.cfg | 6 | ||||
-rw-r--r-- | docs/README.transfer | 133 | ||||
-rw-r--r-- | docs/README.transfer.rst | 165 |
diff --git a/CHANGELOG.rst b/CHANGELOG.rst index f4ad972..d6bca3a 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -8,12 +8,33 @@ Changelog Added ----- +- Support *file system transposition* to simplify boot medium preparation for UEFI boot via extracting the ISO image + contents to a drive. ``grub.cfg`` does not hardcode the ISO volume label anymore, instead GRUB will search for volume + with a ``/boot/grub/YYYY-mm-dd-HH-MM-SS-00.uuid`` file on it. +- Preload GRUB's NTFS modules for UEFI that allegedly have native NTFS support. GRUB's exFAT and UDF modules are also + preloaded in case someone finds them useful. + Changed ------- +- Identify the ISO volume via a UUID instead of a file system label to avoid collisions of multiple ISOs created in the + same month. +- Honor ``SOURCE_DATE_EPOCH`` in the ``date`` command used by ``profiledef.sh`` of the shipped profiles. +- Do not duplicate ``grub.cfg`` in both ISO 9660 and the EFI system partition / El Torito image. GRUB will search for + the ISO volume and load the ``grub.cfg`` from there. +- Moved GRUB files on ISO 9660 from ``/EFI/BOOT/`` to a boot-platform neutral place ``/boot/grub/``. This does not apply + to the EFI binaries that remain in the default/fallback boot path. +- Move ``grubenv`` to ``/boot/grub/grubenv`` on ISO 9660 so that it is together with the rest of GRUB-specific files. + Additionally write more variables in it. The previous ``/${install_dir}/grubenv`` (``/arch/grubenv`` for releng) + is deprecated and a future archiso release will not create this file anymore. +- Moved syslinux directory from ``/syslinux/`` to ``/boot/syslinux/`` to keep most boot loader files in ``/boot/``. +- Update ``README.transfer`` documentation and convert it to reStructuredText. + Removed ------- +- Do not place memtest86+ in netboot artifacts. + [69] - 2022-12-24 ================= @@ -241,7 +262,7 @@ Removed ------- - Remove all files related to ``mkinitcpio`` integration, as they now live in - https://gitlab.archlinux.org/mkinitcpio/mkinitcpio-archiso + https://gitlab.archlinux.org/archlinux/mkinitcpio/mkinitcpio-archiso [57] - 2021-07-30 ================= @@ -129,7 +129,7 @@ boot the iso image from GRUB with a version specific cow directory to mitigate o .. code:: sh loopback loop archlinux.iso - load_env -f (loop)/arch/grubenv + load_env -f (loop)/boot/grub/grubenv linux (loop)/arch/boot/x86_64/vmlinuz-linux ... \ cow_directory=${NAME}/${VERSION} ... initrd (loop)/arch/boot/x86_64/initramfs-linux-lts.img @@ -139,14 +139,14 @@ Contribute Development of archiso takes place on Arch Linux' Gitlab: https://gitlab.archlinux.org/archlinux/archiso. -Please read our distribution-wide `Code of Conduct <https://wiki.archlinux.org/title/Code_of_conduct>`_ before +Please read our distribution-wide `Code of Conduct <https://terms.archlinux.org/docs/code-of-conduct/>`_ before contributing, to understand what actions will and will not be tolerated. Read our `contributing guide <CONTRIBUTING.rst>`_ to learn more about how to provide fixes or improvements for the code base. Discussion around archiso takes place on the `arch-releng mailing list -<https://lists.archlinux.org/listinfo/arch-releng>`_ and in `#archlinux-releng +<https://lists.archlinux.org/mailman3/lists/arch-releng.lists.archlinux.org/>`_ and in `#archlinux-releng <ircs://irc.libera.chat/archlinux-releng>`_ on `Libera Chat <https://libera.chat/>`_. All past and present authors of archiso are listed in `AUTHORS <AUTHORS.rst>`_. diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 7f6de7c..bbbac55 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -445,39 +445,38 @@ _make_boot_on_iso9660() { # Prepare syslinux for booting from MBR (isohybrid) _make_bootmode_bios.syslinux.mbr() { _msg_info "Setting up SYSLINUX for BIOS booting from a disk..." - install -d -m 0755 -- "${isofs_dir}/syslinux" + install -d -m 0755 -- "${isofs_dir}/boot/syslinux" for _cfg in "${profile}/syslinux/"*.cfg; do sed "s|%ARCHISO_LABEL%|${iso_label}|g; s|%INSTALL_DIR%|${install_dir}|g; s|%ARCH%|${arch}|g" \ - "${_cfg}" > "${isofs_dir}/syslinux/${_cfg##*/}" + "${_cfg}" > "${isofs_dir}/boot/syslinux/${_cfg##*/}" done if [[ -e "${profile}/syslinux/splash.png" ]]; then - install -m 0644 -- "${profile}/syslinux/splash.png" "${isofs_dir}/syslinux/" + install -m 0644 -- "${profile}/syslinux/splash.png" "${isofs_dir}/boot/syslinux/" fi - install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/"*.c32 "${isofs_dir}/syslinux/" - install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/lpxelinux.0" "${isofs_dir}/syslinux/" - install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/memdisk" "${isofs_dir}/syslinux/" + install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/"*.c32 "${isofs_dir}/boot/syslinux/" + install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/lpxelinux.0" "${isofs_dir}/boot/syslinux/" + install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/memdisk" "${isofs_dir}/boot/syslinux/" _run_once _make_boot_on_iso9660 - if [[ -e "${isofs_dir}/syslinux/hdt.c32" ]]; then - install -d -m 0755 -- "${isofs_dir}/syslinux/hdt" + if [[ -e "${isofs_dir}/boot/syslinux/hdt.c32" ]]; then + install -d -m 0755 -- "${isofs_dir}/boot/syslinux/hdt" if [[ -e "${pacstrap_dir}/usr/share/hwdata/pci.ids" ]]; then gzip -cn9 "${pacstrap_dir}/usr/share/hwdata/pci.ids" > \ - "${isofs_dir}/syslinux/hdt/pciids.gz" + "${isofs_dir}/boot/syslinux/hdt/pciids.gz" fi find "${pacstrap_dir}/usr/lib/modules" -name 'modules.alias' -print -exec gzip -cn9 '{}' ';' -quit > \ - "${isofs_dir}/syslinux/hdt/modalias.gz" + "${isofs_dir}/boot/syslinux/hdt/modalias.gz" fi # Add other aditional/extra files to ${install_dir}/boot/ if [[ -e "${pacstrap_dir}/boot/memtest86+/memtest.bin" ]]; then + install -d -m 0755 -- "${isofs_dir}/boot/memtest86+/" # rename for PXE: https://wiki.archlinux.org/title/Syslinux#Using_memtest - install -m 0644 -- "${pacstrap_dir}/boot/memtest86+/memtest.bin" "${isofs_dir}/${install_dir}/boot/memtest" - install -d -m 0755 -- "${isofs_dir}/${install_dir}/boot/licenses/memtest86+/" - install -m 0644 -- "${pacstrap_dir}/usr/share/licenses/common/GPL2/license.txt" \ - "${isofs_dir}/${install_dir}/boot/licenses/memtest86+/" + install -m 0644 -- "${pacstrap_dir}/boot/memtest86+/memtest.bin" "${isofs_dir}/boot/memtest86+/memtest" + install -m 0644 -- "${pacstrap_dir}/usr/share/licenses/common/GPL2/license.txt" "${isofs_dir}/boot/memtest86+/" fi _msg_info "Done! SYSLINUX set up for BIOS booting from a disk successfully." } @@ -485,9 +484,9 @@ _make_bootmode_bios.syslinux.mbr() { # Prepare syslinux for El-Torito booting _make_bootmode_bios.syslinux.eltorito() { _msg_info "Setting up SYSLINUX for BIOS booting from an optical disc..." - install -d -m 0755 -- "${isofs_dir}/syslinux" - install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/isolinux.bin" "${isofs_dir}/syslinux/" - install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/isohdpfx.bin" "${isofs_dir}/syslinux/" + install -d -m 0755 -- "${isofs_dir}/boot/syslinux" + install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/isolinux.bin" "${isofs_dir}/boot/syslinux/" + install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/isohdpfx.bin" "${isofs_dir}/boot/syslinux/" # ISOLINUX and SYSLINUX installation is shared _run_once _make_bootmode_bios.syslinux.mbr @@ -547,18 +546,7 @@ _make_efibootimg() { mmd -i "${efibootimg}" ::/EFI ::/EFI/BOOT } -# Copy GRUB files to efiboot.img which is used by both IA32 UEFI and x64 UEFI. -_make_common_bootmode_grub_copy_to_efibootimg() { - local files_to_copy=() - - files_to_copy+=("${work_dir}/grub/"*) - if compgen -G "${profile}/grub/!(*.cfg)" &> /dev/null; then - files_to_copy+=("${profile}/grub/"!(*.cfg)) - fi - mcopy -i "${efibootimg}" "${files_to_copy[@]}" ::/EFI/BOOT/ -} - -# Copy GRUB files to efiboot.img which is used by both IA32 UEFI and x64 UEFI. +# Copy GRUB files to ISO 9660 which is used by both IA32 UEFI and x64 UEFI _make_common_bootmode_grub_copy_to_isofs() { local files_to_copy=() @@ -566,37 +554,86 @@ _make_common_bootmode_grub_copy_to_isofs() { if compgen -G "${profile}/grub/!(*.cfg)" &> /dev/null; then files_to_copy+=("${profile}/grub/"!(*.cfg)) fi - install -m 0644 -- "${files_to_copy[@]}" "${isofs_dir}/EFI/BOOT/" + install -d -m 0755 -- "${isofs_dir}/boot/grub" + install -m 0644 -- "${files_to_copy[@]}" "${isofs_dir}/boot/grub/" } # Prepare GRUB configuration files _make_common_bootmode_grub_cfg(){ - local _cfg + local _cfg archiso_uuid search_filename install -d -- "${work_dir}/grub" + # Precalculate the ISO's modification date in UTC, i.e. its "UUID" + TZ=UTC printf -v archiso_uuid '%(%F-%H-%M-%S-00)T' "$SOURCE_DATE_EPOCH" + # Create a /boot/grub/YYYY-mm-dd-HH-MM-SS-00.uuid file on ISO 9660. GRUB will search for it to find the ISO + # volume. This is similar to what grub-mkrescue does, except it places the file in /.disk/, but we opt to use a + # directory that does not start with a dot to avoid it being accidentally missed when copying the ISO's contents. + : > "${work_dir}/grub/${archiso_uuid}.uuid" + search_filename="/boot/grub/${archiso_uuid}.uuid" + # Fill GRUB configuration files for _cfg in "${profile}/grub/"*'.cfg'; do sed "s|%ARCHISO_LABEL%|${iso_label}|g; s|%INSTALL_DIR%|${install_dir}|g; - s|%ARCH%|${arch}|g" \ + s|%ARCH%|${arch}|g; + s|%ARCHISO_SEARCH_FILENAME%|${search_filename}|g" \ "${_cfg}" > "${work_dir}/grub/${_cfg##*/}" done - # Add all GRUB files to the list of files used to calculate the required FAT image size. - efiboot_files+=("${work_dir}/grub/" - "${profile}/grub/"!(*.cfg)) + # Prepare grub.cfg that will be embedded inside the GRUB binaries IFS='' read -r -d '' grubembedcfg <<'EOF' || true if ! [ -d "$cmdpath" ]; then - # On some firmware, GRUB has a wrong cmdpath when booted from an optical disc. - # https://gitlab.archlinux.org/archlinux/archiso/-/issues/183 - if regexp --set=1:isodevice '^(\([^)]+\))\/?[Ee][Ff][Ii]\/[Bb][Oo][Oo][Tt]\/?$' "$cmdpath"; then - cmdpath="${isodevice}/EFI/BOOT" + # On some firmware, GRUB has a wrong cmdpath when booted from an optical disc. During El Torito boot, GRUB is + # launched from a case-insensitive FAT-formatted EFI system partition, but it seemingly cannot access that partition + # and sets cmdpath to the whole cd# device which has case-sensitive ISO 9660 + Rock Ridge + Joliet file systems. + # See https://gitlab.archlinux.org/archlinux/archiso/-/issues/183 and https://savannah.gnu.org/bugs/?62886 + if regexp --set=1:archiso_bootdevice '^\(([^)]+)\)\/?[Ee][Ff][Ii]\/[Bb][Oo][Oo][Tt]\/?$' "${cmdpath}"; then + set cmdpath="(${archiso_bootdevice})/EFI/BOOT" + set ARCHISO_HINT="${archiso_bootdevice}" + fi +fi + +# Prepare a hint for the search command using the device in cmdpath +if [ -z "${ARCHISO_HINT}" ]; then + regexp --set=1:ARCHISO_HINT '^\(([^)]+)\)' "${cmdpath}" +fi + +# Search for the ISO volume +if search --no-floppy --set=archiso_device --file '%ARCHISO_SEARCH_FILENAME%' --hint "${ARCHISO_HINT}"; then + set ARCHISO_HINT="${archiso_device}" + if probe --set ARCHISO_UUID --fs-uuid "${ARCHISO_HINT}"; then + export ARCHISO_UUID fi +else + echo "Could not find a volume with a '%ARCHISO_SEARCH_FILENAME%' file on it!" +fi + +# Load grub.cfg +if [ "${ARCHISO_HINT}" == 'memdisk' -o -z "${ARCHISO_HINT}" ]; then + echo 'Could not find the ISO volume!' +elif [ -e "(${ARCHISO_HINT})/boot/grub/grub.cfg" ]; then + export ARCHISO_HINT + set root="${ARCHISO_HINT}" + configfile "(${ARCHISO_HINT})/boot/grub/grub.cfg" +else + echo "File '(${ARCHISO_HINT})/boot/grub/grub.cfg' not found!" fi -configfile "${cmdpath}/grub.cfg" EOF + grubembedcfg="${grubembedcfg//'%ARCHISO_SEARCH_FILENAME%'/"${search_filename}"}" printf '%s\n' "$grubembedcfg" > "${work_dir}/grub-embed.cfg" + + # Write grubenv + printf '%.1024s' \ + "$(printf '# GRUB Environment Block\nNAME=%s\nVERSION=%s\nARCHISO_LABEL=%s\nINSTALL_DIR=%s\nARCH=%s\nARCHISO_SEARCH_FILENAME=%s\n%s' \ + "${iso_name}" \ + "${iso_version}" \ + "${iso_label}" \ + "${install_dir}" \ + "${arch}" \ + "${search_filename}" \ + "$(printf '%0.1s' "#"{1..1024})")" \ + > "${work_dir}/grub/grubenv" } _make_bootmode_uefi-ia32.grub.esp() { @@ -607,11 +644,11 @@ _make_bootmode_uefi-ia32.grub.esp() { # Create EFI binary # Module list from https://bugs.archlinux.org/task/71382#comment202911 - grubmodules=(all_video at_keyboard boot btrfs cat chain configfile echo efifwsetup efinet ext2 f2fs fat font \ + grubmodules=(all_video at_keyboard boot btrfs cat chain configfile echo efifwsetup efinet exfat ext2 f2fs fat font \ gfxmenu gfxterm gzio halt hfsplus iso9660 jpeg keylayouts linux loadenv loopback lsefi lsefimmap \ - minicmd normal part_apple part_gpt part_msdos png read reboot regexp search search_fs_file \ - search_fs_uuid search_label serial sleep tpm usb usbserial_common usbserial_ftdi usbserial_pl2303 \ - usbserial_usbdebug video xfs zstd) + minicmd normal ntfs ntfscomp part_apple part_gpt part_msdos png read reboot regexp search \ + search_fs_file search_fs_uuid search_label serial sleep tpm udf usb usbserial_common usbserial_ftdi \ + usbserial_pl2303 usbserial_usbdebug video xfs zstd) grub-mkstandalone -O i386-efi \ --modules="${grubmodules[*]}" \ --locales="en@quot" \ @@ -638,7 +675,7 @@ _make_bootmode_uefi-ia32.grub.esp() { mcopy -i "${efibootimg}" "${work_dir}/BOOTIA32.EFI" ::/EFI/BOOT/BOOTIA32.EFI # Copy GRUB files - _run_once _make_common_bootmode_grub_copy_to_efibootimg + _run_once _make_common_bootmode_grub_copy_to_isofs if [[ -e "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi" ]]; then mcopy -i "${efibootimg}" "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi" ::/shellia32.efi @@ -684,11 +721,11 @@ _make_bootmode_uefi-x64.grub.esp() { # Create EFI binary # Module list from https://bugs.archlinux.org/task/71382#comment202911 - grubmodules=(all_video at_keyboard boot btrfs cat chain configfile echo efifwsetup efinet ext2 f2fs fat font \ + grubmodules=(all_video at_keyboard boot btrfs cat chain configfile echo efifwsetup efinet exfat ext2 f2fs fat font \ gfxmenu gfxterm gzio halt hfsplus iso9660 jpeg keylayouts linux loadenv loopback lsefi lsefimmap \ - minicmd normal part_apple part_gpt part_msdos png read reboot regexp search search_fs_file \ - search_fs_uuid search_label serial sleep tpm usb usbserial_common usbserial_ftdi usbserial_pl2303 \ - usbserial_usbdebug video xfs zstd) + minicmd normal ntfs ntfscomp part_apple part_gpt part_msdos png read reboot regexp search \ + search_fs_file search_fs_uuid search_label serial sleep tpm udf usb usbserial_common usbserial_ftdi \ + usbserial_pl2303 usbserial_usbdebug video xfs zstd) grub-mkstandalone -O x86_64-efi \ --modules="${grubmodules[*]}" \ --locales="en@quot" \ @@ -709,7 +746,7 @@ _make_bootmode_uefi-x64.grub.esp() { mcopy -i "${efibootimg}" "${work_dir}/BOOTx64.EFI" ::/EFI/BOOT/BOOTx64.EFI # Copy GRUB files - _run_once _make_common_bootmode_grub_copy_to_efibootimg + _run_once _make_common_bootmode_grub_copy_to_isofs if [[ -e "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" ]]; then mcopy -i "${efibootimg}" "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" ::/shellx64.efi @@ -717,10 +754,9 @@ _make_bootmode_uefi-x64.grub.esp() { # Add other aditional/extra files to ${install_dir}/boot/ if [[ -e "${pacstrap_dir}/boot/memtest86+/memtest.efi" ]]; then - install -m 0644 -- "${pacstrap_dir}/boot/memtest86+/memtest.efi" "${isofs_dir}/${install_dir}/boot/memtest.efi" - install -d -m 0755 -- "${isofs_dir}/${install_dir}/boot/licenses/memtest86+/" - install -m 0644 -- "${pacstrap_dir}/usr/share/licenses/common/GPL2/license.txt" \ - "${isofs_dir}/${install_dir}/boot/licenses/memtest86+/" + install -d -m 0755 -- "${isofs_dir}/boot/memtest86+/" + install -m 0644 -- "${pacstrap_dir}/boot/memtest86+/memtest.efi" "${isofs_dir}/boot/memtest86+/memtest.efi" + install -m 0644 -- "${pacstrap_dir}/usr/share/licenses/common/GPL2/license.txt" "${isofs_dir}/boot/memtest86+/" fi _msg_info "Done! GRUB set up for UEFI booting successfully." @@ -1047,6 +1083,10 @@ _export_netboot_artifacts() { _msg_info "Exporting netboot artifacts..." install -d -m 0755 "${out_dir}" cp -a -- "${isofs_dir}/${install_dir}/" "${out_dir}/" + + # Remove grubenv since it serves no purpose in netboot artifacts + rm -f -- "${out_dir}/${install_dir}/grubenv" + _msg_info "Done!" du -hs -- "${out_dir}/${install_dir}" } @@ -1250,9 +1290,9 @@ _validate_requirements_buildmode_netboot() { _add_xorrisofs_options_bios.syslinux.eltorito() { xorrisofs_options+=( # El Torito boot image for x86 BIOS - '-eltorito-boot' 'syslinux/isolinux.bin' + '-eltorito-boot' 'boot/syslinux/isolinux.bin' # El Torito boot catalog file - '-eltorito-catalog' 'syslinux/boot.cat' + '-eltorito-catalog' 'boot/syslinux/boot.cat' # Required options to boot with ISOLINUX '-no-emul-boot' '-boot-load-size' '4' '-boot-info-table' ) @@ -1262,7 +1302,7 @@ _add_xorrisofs_options_bios.syslinux.eltorito() { _add_xorrisofs_options_bios.syslinux.mbr() { xorrisofs_options+=( # SYSLINUX MBR bootstrap code; does not work without "-eltorito-boot syslinux/isolinux.bin" - '-isohybrid-mbr' "${isofs_dir}/syslinux/isohdpfx.bin" + '-isohybrid-mbr' "${isofs_dir}/boot/syslinux/isohdpfx.bin" # When GPT is used, create an additional partition in the MBR (besides 0xEE) for sectors 0–1 (MBR # bootstrap code area) and mark it as bootable # May allow booting on some systems @@ -1643,7 +1683,13 @@ _make_version() { install -d -m 0755 -- "${isofs_dir}/${install_dir}" # Write version file to ISO 9660 printf '%s\n' "${iso_version}" > "${isofs_dir}/${install_dir}/version" + + fi + if [[ "${buildmode}" == "iso" ]]; then # Write grubenv with version information to ISO 9660 + # TODO: after sufficient time has passed, do not create this file anymore when GRUB boot modes are used. + # _make_common_bootmode_grub_cfg already creates ${isofs_dir}/boot/grub/grubenv + rm -f -- "${isofs_dir}/${install_dir}/grubenv" printf '%.1024s' "$(printf '# GRUB Environment Block\nNAME=%s\nVERSION=%s\n%s' \ "${iso_name}" "${iso_version}" "$(printf '%0.1s' "#"{1..1024})")" \ > "${isofs_dir}/${install_dir}/grubenv" diff --git a/configs/baseline/airootfs/etc/ssh/sshd_config b/configs/baseline/airootfs/etc/ssh/sshd_config index 93f7d63..dc22c11 100644 --- a/configs/baseline/airootfs/etc/ssh/sshd_config +++ b/configs/baseline/airootfs/etc/ssh/sshd_config @@ -58,7 +58,7 @@ AuthorizedKeysFile .ssh/authorized_keys #PermitEmptyPasswords no # Change to no to disable s/key passwords -#KbdInteractiveAuthentication yes +KbdInteractiveAuthentication no # Kerberos options #KerberosAuthentication no @@ -75,7 +75,7 @@ AuthorizedKeysFile .ssh/authorized_keys # be allowed through the KbdInteractiveAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via KbdInteractiveAuthentication may bypass -# the setting of "PermitRootLogin without-password". +# the setting of "PermitRootLogin prohibit-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and KbdInteractiveAuthentication to 'no'. @@ -88,7 +88,7 @@ UsePAM yes #X11DisplayOffset 10 #X11UseLocalhost yes #PermitTTY yes -PrintMotd no # pam does that +PrintMotd no #PrintLastLog yes #TCPKeepAlive yes #PermitUserEnvironment no diff --git a/configs/baseline/grub/grub.cfg b/configs/baseline/grub/grub.cfg index d2aa4ab..ed56578 100644 --- a/configs/baseline/grub/grub.cfg +++ b/configs/baseline/grub/grub.cfg @@ -3,6 +3,10 @@ insmod part_gpt insmod part_msdos insmod fat insmod iso9660 +insmod ntfs +insmod ntfscomp +insmod exfat +insmod udf # Use graphics-mode output insmod all_video @@ -20,6 +24,15 @@ if serial --unit=0 --speed=115200; then terminal_output --append serial fi +# Search for the ISO volume +if [ -z "${ARCHISO_UUID}" ]; then + if [ -z "${ARCHISO_HINT}" ]; then + regexp --set=1:ARCHISO_HINT '^\(([^)]+)\)' "${cmdpath}" + fi + search --no-floppy --set=root --file '%ARCHISO_SEARCH_FILENAME%' --hint "${ARCHISO_HINT}" + probe --set ARCHISO_UUID --fs-uuid "${root}" +fi + # Set default menu entry default=archlinux timeout=15 @@ -30,7 +43,6 @@ timeout_style=menu menuentry "Arch Linux (x86_64, UEFI)" --class arch --class gnu-linux --class gnu --class os --id 'archlinux' { set gfxpayload=keep - search --no-floppy --set=root --label %ARCHISO_LABEL% - linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% + linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisodevice=UUID=${ARCHISO_UUID} initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img } diff --git a/configs/baseline/profiledef.sh b/configs/baseline/profiledef.sh index ed486ca..63acce1 100644 --- a/configs/baseline/profiledef.sh +++ b/configs/baseline/profiledef.sh @@ -2,10 +2,10 @@ # shellcheck disable=SC2034 iso_name="archlinux-baseline" -iso_label="ARCH_$(date +%Y%m)" +iso_label="ARCH_$(date --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +%Y%m)" iso_publisher="Arch Linux <https://archlinux.org>" iso_application="Arch Linux baseline" -iso_version="$(date +%Y.%m.%d)" +iso_version="$(date --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +%Y.%m.%d)" install_dir="arch" buildmodes=('iso') bootmodes=('bios.syslinux.mbr' 'bios.syslinux.eltorito' diff --git a/configs/releng/airootfs/etc/ssh/sshd_config b/configs/releng/airootfs/etc/ssh/sshd_config index 93f7d63..dc22c11 100644 --- a/configs/releng/airootfs/etc/ssh/sshd_config +++ b/configs/releng/airootfs/etc/ssh/sshd_config @@ -58,7 +58,7 @@ AuthorizedKeysFile .ssh/authorized_keys #PermitEmptyPasswords no # Change to no to disable s/key passwords -#KbdInteractiveAuthentication yes +KbdInteractiveAuthentication no # Kerberos options #KerberosAuthentication no @@ -75,7 +75,7 @@ AuthorizedKeysFile .ssh/authorized_keys # be allowed through the KbdInteractiveAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via KbdInteractiveAuthentication may bypass -# the setting of "PermitRootLogin without-password". +# the setting of "PermitRootLogin prohibit-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and KbdInteractiveAuthentication to 'no'. @@ -88,7 +88,7 @@ UsePAM yes #X11DisplayOffset 10 #X11UseLocalhost yes #PermitTTY yes -PrintMotd no # pam does that +PrintMotd no #PrintLastLog yes #TCPKeepAlive yes #PermitUserEnvironment no diff --git a/configs/releng/grub/grub.cfg b/configs/releng/grub/grub.cfg index 79ea2d2..1882e49 100644 --- a/configs/releng/grub/grub.cfg +++ b/configs/releng/grub/grub.cfg @@ -3,6 +3,10 @@ insmod part_gpt insmod part_msdos insmod fat insmod iso9660 +insmod ntfs +insmod ntfscomp +insmod exfat +insmod udf # Use graphics-mode output insmod all_video @@ -20,6 +24,15 @@ if serial --unit=0 --speed=115200; then terminal_output --append serial fi +# Search for the ISO volume +if [ -z "${ARCHISO_UUID}" ]; then + if [ -z "${ARCHISO_HINT}" ]; then + regexp --set=1:ARCHISO_HINT '^\(([^)]+)\)' "${cmdpath}" + fi + search --no-floppy --set=root --file '%ARCHISO_SEARCH_FILENAME%' --hint "${ARCHISO_HINT}" + probe --set ARCHISO_UUID --fs-uuid "${root}" +fi + # Set default menu entry default=archlinux timeout=15 @@ -32,15 +45,13 @@ play 600 988 1 1319 4 menuentry "Arch Linux install medium (x86_64, UEFI)" --class arch --class gnu-linux --class gnu --class os --id 'archlinux' { set gfxpayload=keep - search --no-floppy --set=root --label %ARCHISO_LABEL% - linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% + linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisodevice=UUID=${ARCHISO_UUID} initrd /%INSTALL_DIR%/boot/intel-ucode.img /%INSTALL_DIR%/boot/amd-ucode.img /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img } menuentry "Arch Linux install medium with speakup screen reader (x86_64, UEFI)" --hotkey s --class arch --class gnu-linux --class gnu --class os --id 'archlinux-accessibility' { set gfxpayload=keep - search --no-floppy --set=root --label %ARCHISO_LABEL% - linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% accessibility=on + linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisodevice=UUID=${ARCHISO_UUID} accessibility=on initrd /%INSTALL_DIR%/boot/intel-ucode.img /%INSTALL_DIR%/boot/amd-ucode.img /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img } @@ -48,18 +59,15 @@ if [ "${grub_platform}" == "efi" ]; then if [ "${grub_cpu}" == "x86_64" ]; then menuentry "Run Memtest86+ (RAM test)" --class memtest86 --class gnu --class tool { set gfxpayload=800x600,1024x768 - search --fs-uuid --no-floppy --set=root --label %ARCHISO_LABEL% - linux /%INSTALL_DIR%/boot/memtest.efi + linux /boot/memtest86+/memtest.efi } menuentry "UEFI Shell" { insmod chain - search --no-floppy --set=root --label %ARCHISO_LABEL% chainloader /shellx64.efi } elif [ "${grub_cpu}" == "i386" ]; then menuentry "UEFI Shell" { insmod chain - search --no-floppy --set=root --label %ARCHISO_LABEL% chainloader /shellia32.efi } fi diff --git a/configs/releng/profiledef.sh b/configs/releng/profiledef.sh index e8fdf55..834290b 100644 --- a/configs/releng/profiledef.sh +++ b/configs/releng/profiledef.sh @@ -2,10 +2,10 @@ # shellcheck disable=SC2034 iso_name="archlinux32" -iso_label="ARCH_$(date +%Y%m)" +iso_label="ARCH_$(date --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +%Y%m)" iso_publisher="Arch Linux <https://archlinux.org>" iso_application="Arch Linux Live/Rescue CD" -iso_version="$(date +%Y.%m.%d)" +iso_version="$(date --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +%Y.%m.%d)" install_dir="arch" buildmodes=('iso') bootmodes=('bios.syslinux.mbr' 'bios.syslinux.eltorito') diff --git a/configs/releng/syslinux/archiso_head.cfg b/configs/releng/syslinux/archiso_head.cfg index 1154f78..671ab4e 100644 --- a/configs/releng/syslinux/archiso_head.cfg +++ b/configs/releng/syslinux/archiso_head.cfg @@ -12,7 +12,7 @@ MENU CMDLINEROW 14 MENU HELPMSGROW 16 MENU HELPMSGENDROW 29 -# Refer to http://syslinux.zytor.com/wiki/index.php/Doc/menu +# Refer to https://wiki.syslinux.org/wiki/index.php/Comboot/menu.c32 MENU COLOR border 30;44 #40ffffff #a0000000 std MENU COLOR title 1;36;44 #9033ccff #a0000000 std diff --git a/configs/releng/syslinux/archiso_tail.cfg b/configs/releng/syslinux/archiso_tail.cfg index e5339a2..e84897c 100644 --- a/configs/releng/syslinux/archiso_tail.cfg +++ b/configs/releng/syslinux/archiso_tail.cfg @@ -7,12 +7,12 @@ MENU LABEL Boot existing OS COM32 chain.c32 APPEND hd0 0 -# http://www.memtest.org/ +# https://www.memtest.org/ LABEL memtest MENU LABEL Run Memtest86+ (RAM test) -LINUX /%INSTALL_DIR%/boot/memtest +LINUX /boot/memtest86+/memtest -# http://hdt-project.org/ +# https://wiki.syslinux.org/wiki/index.php/Hdt_(Hardware_Detection_Tool) LABEL hdt MENU LABEL Hardware Information (HDT) COM32 hdt.c32 diff --git a/docs/README.transfer b/docs/README.transfer deleted file mode 100644 index aed5f92..0000000 --- a/docs/README.transfer +++ /dev/null @@ -1,133 +0,0 @@ -INDEX ------ - -* Transfer ISO file to target medium (configs/releng) - * To -> CD / DVD / BD - * To -> USB-key / SD / HDD / SSD - * PC-BIOS (MBR) - * PC-BIOS (ISOHYBRID-MBR) - * PC-EFI (GPT) [x86_64 only] - * PC-EFI (ISOHYBRID-GPT) [x86_64 only] - - - -*** Transfer ISO image to target medium (configs/releng) - -ISO images names consist of: archlinux32-<YYYY>.<MM>.<DD>-i686.iso - -Where: - <YYYY> Year - <MM> Month - <DD> Day - - -** To -> CD / DVD / BD - -Note: All ISO images are booteable on a PC-BIOS via "El Torito" in no-emulation mode, - All x86_64 ISO images are booteable on a PC-EFI via "El Torito" in no-emulation mode. - -Nomeclature: - <B> scsibus number - <T> target number - <L> lun number - (Note: see cdrecord -scanbus, for these numbers) - - -1) Write it directly using your favorite recording program. -# cdrecord dev=<B>,<T>,<L> -dao archlinux32-<YYYY>.<MM>.<DD>-i686.iso - - -** To -> USB Flash Drive (USB-key) / Memory card (SD) / - Hard-Disk Drive (HDD) / Solid-State Drive (SSD) - -Note: These steps are the general workflow, you can skip some of them, - using another filesystem if your bootloader supports it, - installing to another directory than "arch/" or using more than - one partition. Just ensure that main boot params options - (archisolabel= and archisobasedir=) are set correctly according to your setup. - -Nomeclature: -<DEV-TARGET>: Device node of the drive where ISO contents should be copied - (example: /dev/sdx) -<DEV-TARGET-N>: Device node of the partition on <DEV-TARGET> - (example: /dev/sdx1) -<MNT-TARGET-N>: Mount point path where <DEV-TARGET-N> is mounted - (example: /mnt/sdx/1) -<ISO-SOURCE>: Path to the ISO file archlinux32-<YYYY>.<MM>.<DD>-i686.iso - (example: ~/archlinux32-2017.03.01-i686.iso) -<FS-LABEL>: Represents the filesystem label of the <ISO-SOURCE> - (example: ARCH_201703) - - -* PC-BIOS (MBR): - -Note: Using here a MBR partition mode as example, but GPT should also works - if machine firmware is not broken. - Just ensure that partition is set with attribute "2: legacy BIOS bootable" - and use gptmbr.bin instead of mbr.bin for syslinux. - -1) Create one partition entry in MBR and mark it as "active" (booteable). -Note: Type "b" for FAT32, "83" for EXTFS or "7" for NTFS. -# fdisk <DEV-TARGET> - -2) Create a FAT32, EXTFS or NTFS filesystem on such partition and setup a label. -Note: COW is not supported on NTFS. -# mkfs.fat -F 32 -n <FS-LABEL> <DEV-TARGET-N> -# mkfs.ext4 -L <FS-LABEL> <DEV-TARGET-N> -# mkfs.ntfs -L <FS-LABEL> <DEV-TARGET-N> - -3) Mount target filesystem. -# mount <DEV-TARGET-N> <MNT-TARGET-N> - -4) Extract ISO image on target filesystem. -# bsdtar -x --exclude=isolinux/ --exclude=EFI/ --exclude=loader/ -f <ISO-SOURCE> -C <MNT-TARGET-N> - -5) Install syslinux bootloader on target filesystem. -# extlinux -i <MNT-TARGET-N>/arch/boot/syslinux - -6) Unmount target filesystem. -# umount <MNT-TARGET-N> - -7) Install syslinux MBR boot code on target drive. -# dd bs=440 count=1 conv=notrunc if=/usr/lib/syslinux/bios/mbr.bin of=<DEV-TARGET> - - -* PC-BIOS (ISOHYBRID-MBR): - -Note: This method is the most easily, quick and dirty, but is the most limited - if you want to use your target medium for other purposes. - If using this does not work, use PC-BIOS (MBR) method instead. - -1) Dump ISO file to target medium. -# dd if=<ISO-SOURCE> of=<DEV-TARGET> - - -* PC-EFI (GPT) [x86_64 only] - -Note: Using here a GPT partition mode as example, but MBR should also works - if machine firmware is not broken. - -1) Create one partition entry in GPT (of type "ef00") -# gdisk <DEV-TARGET> - -2) Create a FAT32 filesystem on such partition and setup a label. -# mkfs.fat -F 32 -n <FS-LABEL> <DEV-TARGET-N> - -3) Mount target filesystem. -# mount <DEV-TARGET-N> <MNT-TARGET-N> - -4) Extract ISO image on target filesystem. -# bsdtar -x --exclude=isolinux/ --exclude=EFI/archiso/ --exclude=arch/boot/syslinux/ -f <ISO-SOURCE> -C <MNT-TARGET-N> - -5) Unmount target filesystem. -# umount <MNT-TARGET-N> - - -* PC-EFI (ISOHYBRID-GPT) [x86_64 only] - -Note: This method is the most easily, quick and dirty, but is the most limited - if you want to use your target medium for other purposes. - If using this does not work, use PC-EFI (GPT) method instead. - -1) Dump ISO file to target medium. -# dd if=<ISO-SOURCE> of=<DEV-TARGET> diff --git a/docs/README.transfer.rst b/docs/README.transfer.rst new file mode 100644 index 0000000..ab99b10 --- /dev/null +++ b/docs/README.transfer.rst @@ -0,0 +1,165 @@ +============================================== +Transfer ISO to target medium (configs/releng) +============================================== + +ISO images names consist of: ``archlinux-YYYY.MM.DD-x86_64.iso``. + +Where: ``YYYY`` is the year, ``MM`` the month and ``DD`` the day. + +.. contents:: + +Burn to an optical disc +======================= + + .. note:: + All ISO images are BIOS and UEFI bootable via "El Torito" in no-emulation mode. + +Burn the ISO using your favorite disc burning program. + +For example: + +.. code:: sh + + xorriso -as cdrecord -v -sao dev=/dev/sr0 archlinux-YYYY.MM.DD-x86_64.iso + +Write to an USB flash drive / memory card / hard disk drive / solid state drive / etc. +====================================================================================== + + .. tip:: + See https://wiki.archlinux.org/title/USB_flash_installation_medium for more detailed instructions. + +Nomeclature: + +``<DEV-TARGET>`` + Device node of the drive where ISO contents should be copied (example: ``/dev/sdx``). +``<DEV-TARGET-N>`` + Device node of the partition on ``<DEV-TARGET>`` (example: ``/dev/sdx1``). +``<FS-LABEL>`` + Represents the file system label of the ``archlinux-YYYY.MM.DD-x86_64.iso`` (example: ``ARCH_201703``). + +ISOHYBRID (BIOS and UEFI) +------------------------- + + .. note:: + This method is the most easily, quick and dirty, but is the most limited if you want to use your target medium + for other purposes. If using this does not work, use the `File system transposition (UEFI only)`_ method instead. + +Directly write the ISO file to the target medium: + +.. code:: sh + + dd bs=4M if=archlinux-YYYY.MM.DD-x86_64.iso of=<DEV-TARGET> conv=fsync oflag=direct status=progress + +File system transposition (UEFI only) +-------------------------------- + +This method extracts the contents of the ISO onto a prepared UEFI-bootable volume. + +If your drive is already partitioned and formatted, skip to the "Mount the target file system" step. + + .. note:: + Using MBR with one FAT formatted active partition is the most compatible method. + +1. Partition the drive with *fdisk*. + + .. code:: sh + + fdisk <DEV-TARGET> + + 1) Create a new MBR partition table with command ``o``. + + .. warning:: + This will destroy all data on the drive. + + 2) Create a new primary partition with command ``n`` and set its type code to ``0c`` with command ``t``. + + 3) Mark the partition as bootable with the ``a`` command. + + 4) Write the changes and exit with ``w``. + +2. Format the newly created partition to FAT32 + + .. code:: sh + + mkfs.fat -F 32 /dev/disk/by-id/<TARGET-DEVICE>-part1 + +3. Mount the target file system + + .. code:: sh + + mount <DEV-TARGET-N> /mnt + +4. Extract the ISO image on the target file system. + + .. code:: sh + + bsdtar -x --exclude=boot/syslinux/ -f archlinux-YYYY.MM.DD-x86_64.iso -C /mnt + +5. Unmount the target file system. + + .. code:: sh + + umount /mnt + +Manual formatting (BIOS only) +----------------------------- + + .. note:: + These steps are the general workflow, you can skip some of them, using another file system if your boot loader + supports it, installing to another directory than ``arch/`` or using more than one partition. Just ensure that + main boot parameters (``archisolabel=`` and ``archisobasedir=``) are set correctly according to your setup. + + Using here a MBR partition mode as example, but GPT should also work if the machine firmware is not broken. Just + ensure that partition is set with attribute ``2: legacy BIOS bootable`` and use ``gptmbr.bin`` instead of + ``mbr.bin`` for syslinux. + +1) Create one partition entry in MBR and mark it as "active" (bootable). + + .. note:: + Type ``b`` for FAT32, ``83`` for EXTFS or ``7`` for NTFS. + + .. code:: sh + + fdisk <DEV-TARGET> + +2) Create a FAT32, EXTFS or NTFS file system on such partition and setup a label. + + .. note:: + COW is not supported on NTFS. + + .. code:: sh + + mkfs.fat -F 32 -n <FS-LABEL> <DEV-TARGET-N> + mkfs.ext4 -L <FS-LABEL> <DEV-TARGET-N> + mkfs.ntfs -L <FS-LABEL> <DEV-TARGET-N> + +3) Mount the target file system. + + .. code:: sh + + mount <DEV-TARGET-N> /mnt + +4) Extract the ISO image on the target file system. + + .. code:: sh + + bsdtar -x --exclude=boot/grub/ --exclude=EFI/ -f archlinux-YYYY.MM.DD-x86_64.iso -C /mnt + +5) Install the syslinux boot loader on the target file system. + + .. code:: sh + + extlinux -i /mnt/boot/syslinux + +6) Unmount the target file system. + + .. code:: sh + + umount /mnt + +7) Install syslinux MBR boot code on the target drive. + + .. code:: sh + + dd bs=440 count=1 conv=notrunc if=/usr/lib/syslinux/bios/mbr.bin of=<DEV-TARGET> + |