Age | Commit message (Collapse) | Author |
|
`uefi-ia32.systemd-boot.eltorito` has the same requirements as
`uefi-ia32.systemd-boot.esp`, not the same as `uefi-x64.systemd-boot.esp`.
Fixes: 5e72546e89024a9e8095c75be6ca86312f5c376a ("mkarchiso: add uefi-ia32.systemd-boot.esp and uefi-ia32.systemd-boot.eltorito boot modes")
|
|
Create a boot entry for Memtest86+.
Implements https://gitlab.archlinux.org/archlinux/archiso/-/issues/228
|
|
If the Memtest86+ EFI binary exists, copy it to the EFI system partition
(`efiboot.img`) and also to ISO 9660.
Implements https://gitlab.archlinux.org/archlinux/archiso/-/issues/228
|
|
|
|
* bootstrap will use .tar.zst with `zstd -c -T0 --long -19`,
* releng will retain .tar.gz with `gzip -cn9` for now.
This will later be changed as part of https://gitlab.archlinux.org/archlinux/archiso/-/issues/130.
|
|
profiledef.sh gains a new option `bootstrap_tarball_compression` which
is a bash array containing the compression program and its arguments.
Related to https://gitlab.archlinux.org/archlinux/archiso/-/issues/130.
|
|
* more tarball matching,
* `network-config` used by cloud-init,
* anything starting with `codesigning`.
|
|
contains early_cpio
The early uncompressed CPIO archive containing microcode update files
can be part of the initramfs file. To avoid wasting space, first check
if the initramfs file contains `early_cpio` and only copy external
microcode initramfs images if it does not.
|
|
/boot/YYYY-mm-dd-HH-MM-SS-00.uuid
Once mkinitcpio-archiso implements searching for the file in early
userspace, this file's use will not be limited to just GRUB.
Related to https://gitlab.archlinux.org/archlinux/archiso/-/issues/217
|
|
Starting with glibc 2.39, LC_ALL=C.UTF-8 overrides LANGUAGE, just like
LC_ALL=C. See https://sourceware.org/bugzilla/show_bug.cgi?id=16621 for
details.
This reverts commit 6ac22309530f3aa07a2b638ccde419a3a509f50c.
|
|
rst2man from python-docutils is required to convert the man page from
reStructuredText.
|
|
|
|
|
|
Starting with kernel 6.7, the releng ISO exceeds 900 MiB which is the
maximum size of a CD.
Adjust the description to say "DVD" instead.
Closes https://gitlab.archlinux.org/archlinux/archiso/-/issues/144
|
|
The licenses package does not ship
`/usr/share/licenses/common/GPL2/license.txt` anymore, which results in:
/usr/share/licenses/common/GPL2/license.txt': No such file or directory
Use its replacement, `/usr/share/licenses/spdx/GPL-2.0-only.txt` instead.
Fixes https://gitlab.archlinux.org/archlinux/archiso/-/issues/225
|
|
Currently the ldns package is pulled in as a dependency of openssh, but
that dependency may be gone in the future.
See https://gitlab.archlinux.org/archlinux/packaging/packages/openssh/-/issues/2
Explicitly include ldns to ensure the live environment will continue to
have `drill`.
|
|
|
|
Keep the prepared `.conf` files in `work_dir` to avoid having to run
them through `sed` twice.
This makes sure the FAT image size calculation is more correct and also
simplifies copying the files m to both ISO 9660 and the FAT image since
the the whole `loader` directory can copied instead of copying
individual files.
|
|
/loader/entries/*.conf on ISO 9660
Fixes: 094afd169a0ff871eb7a6b37d68a9b9bcb7195e4 ("mkarchiso: support %ARCHISO_UUID% variable in boot loader configuration")
|
|
By default systemd-networkd-wait-online.service considers a network
connection to be "online" when it has reached the "degraded" state
(see networkctl(1) for the definitions).
Since "degraded" does not ensure there's a routable address, let's
change the connection's requirement to "routable" instead.
This gives a better chance that the network really is online when
network-online.target is reached.
|
|
By John Lane
* origin/merge-requests/355:
update changelog
Allow download automated script using TFTP
See merge request https://gitlab.archlinux.org/archlinux/archiso/-/merge_requests/355
|
|
|
|
|
|
By Anton Hvornum
* origin/merge-requests/353:
Ensured the correct CA key and CA certificate is used during signing process. It's been working based on default assumptions from the openssl configuration, but it's worth being explicit when doing these operations. Also removed a redundant -sha256
See merge request https://gitlab.archlinux.org/archlinux/archiso/-/merge_requests/353
|
|
process. It's been working based on default assumptions from the openssl configuration, but it's worth being explicit when doing these operations. Also removed a redundant -sha256
|
|
GnuPG changed their default from RSA to ECC, so Key-Length not
a thing it supports. Instead it asks for the Key-Curve.
Avoid using the default and hardcode ed25519 (which is the current
GnuPG default).
|
|
By kojq su
* origin/merge-requests/351:
add bcachefs-tools
See merge request https://gitlab.archlinux.org/archlinux/archiso/-/merge_requests/351
|
|
|
|
|
|
Make sure the ISO can be booted successfully without triggering questions from systemd-firstboot.
Fixes https://gitlab.archlinux.org/archlinux/archiso/-/issues/205
Fixes: 6e1be91961967a6485901ac431f6f6b06675b750 ("archiso/mkarchiso: write "uninitialized" to /etc/machine-id")
|
|
Even if GRUB is not used as a boot loader for the ISO, create a
`/boot/grub/grubenv` file in the ISO 9660 file system. If a
`loopback.cfg` file exists in the profile's `grub` directory, copy it
to `/boot/grub/loopback.cfg` on the ISO.
This ensures the funtionality will not be lost if the used boot loaders
are changed.
|
|
See https://www.supergrubdisk.org/wiki/Loopback.cfg for details.
Only `${iso_path}` is guaranteed, so we need to search for the volume,
on which the ISO file resides, ourselves.
Implements https://gitlab.archlinux.org/archlinux/archiso/-/issues/165
|
|
Construct a human readable platform identifier from GRUB's built-in
variables and use it in menu item descriptions.
Only add the menu entries for the additional tools (UEFI shell,
Memtest86+) if the files exist.
Modify baseline's `grub.cfg` to closer match releng.
|
|
Move the `play` command to the end of the file so it plays after the
menu entries are shown and ready.
|
|
* Do not manually load modules that will get loaded by invoking a command.
* Explicitly load serial modules.
* Move `insmod all_video` after the font is loaded.
|
|
uefi-ia32.systemd-boot.eltorito boot modes
The systemd 254.2-1 package ships with IA32 systemd-boot, so it is
possible to use for booting on IA32 UEFI.
Perhaps they will be useful in the future.
At least for now, the baseline and releng profiles are not changed to
use them. When the issues and headaches caused with GRUB reach a
critical point, then we will switch.
|
|
bolt can be used to list and authorize Thunderbolt and USB4 devices.
Inspired by https://bbs.archlinux.org/viewtopic.php?id=288731 where a
user needed to install the package in the live environment.
|
|
|
|
As opgpcard uses pcsclite and gnupg is able to use it as well, switch
away from using gnupg's internal ccid driver.
|
|
|
|
The only changes we make to the default are to enable root login via a
password.
While `PasswordAuthentication yes` is the default, let's set it
explicitly to avoid potential issues in the future.
|
|
openssh 9.4p1-2 changed /etc/ssh/sshd_config to add support for
drop-in files in /etc/ssh/sshd_config.d/.
Using drop-in files avoids needing to keep up with changes to the
default /etc/ssh/sshd_config.
|
|
The tools are useful for clearing, creating and reading keys and etc.
on the TPM.
|
|
Remove qemu-headless since it is no longer needed to build the project
and is also no longer provided by qemu-base.
|
|
Since systemd 245, IPv6PrivacyExtensions can be set not just per
connection, but also globally for all connection with a configuration
file in /etc/systemd/network.conf.d/.
|
|
tmpfs with noswap option
Since tmpfs has a `noswap` option, use it instead of ramfs. Unlike
ramfs, tmpfs has a limit to its size.
This reverts commit 09b0428128700f37bd465eb54c6e45f69c17617d ("configs/releng/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount: use ramfs").
|
|
Make sure the certificate has a extendedKeyUsage section with
codeSigning per the iPXE requirements.
Fixes #195
|
|
Adjust subject name to more closely match what's used in create_ephemeral_pgp_key.
Reduce the certificate validity to two days. These are just temporary
certificates, they will not be used anywhere.
Fixes #196
|
|
unused options
Set only the custom values for HOOKS and COMPRESSION.
|
|
This allows to retain a pristine /etc/mkinitcpio.conf in the rootfs.
|