Age | Commit message (Collapse) | Author |
|
|
|
`-r` will instruct to delete the working directory at the end of a
`mkarchiso` run.
If the specified directory already exists, then it will not be deleted
and instead produce a warning.
Implements #211
|
|
Fixes 8cc0e9e5b09d504a50701a825f0ab9992ed73b6f
|
|
Add foot-terminfo and wezterm-terminfo packages to allow using their
terminfo entries for installations via SSH.
|
|
When restarting an interrupted build, SOURCE_DATE_EPOCH needs to be
available before `profiledef.sh` is read, since it may reference it.
Fixes 7c6f266ec94e3eff23466ed8d0c45e4bee0ddae4
|
|
Relying on the volume UUID instead of its LABEL avoids collisions of
multiple ISOs created in the same month.
Fixes #202
|
|
to the GNU Coreutils update. Fixes Issue #214
|
|
By Antonio V
* origin/merge-requests/322:
Fixed subdirectories copy from grub/ to the ISO
Subdirectories from grub/ are copied to the ISO
Fixes https://gitlab.archlinux.org/archlinux/archiso/-/issues/215
See merge request https://gitlab.archlinux.org/archlinux/archiso/-/merge_requests/322
|
|
|
|
|
|
By Zig Globulin
* origin/merge-requests/235:
wait for networkd online before curl invocation
See merge request https://gitlab.archlinux.org/archlinux/archiso/-/merge_requests/235
|
|
* Use LZMA extreme compression level,
* enable experimental compressed fragments feature to create a smaller image,
* enable experimental data deduplication.
This decreases the baseline profile's `airootfs.erofs` size by about ~16 MiB.
|
|
1) wait for network-online.target before invoking curl
as there's no synchronization with network setup for this script
2) don't hide curl errors - it may be easier to debug the issues
3) add log and comments
|
|
|
|
|
|
Convert the file to reStructuredText markup.
Fixes #39.
Rewrite the instructions where possible or otherwise update them.
E.g. fix the changed boot loader paths, etc.
The "Manual formatting (BIOS only)", previosly "PC-BIOS (ISOHYBRID-MBR)",
method is not tested and it is not clear if it still even works.
|
|
This allows to reduce the number of top-level directories by one and
matches with the GRUB directory move.
Most boot loader related things will now be in the /boot/ directory.
Fixes #207
|
|
To prevent the file from being accidentally missed when someone copies
the ISO's contents, let's not place it in a directory that starts with a
dot. Since all GRUB related files are in /boot/grub/, put it there too.
Instead of using a more unique UUID for the file name, use
`YYYY-mm-dd-HH-MM-SS-00.uuid` which matches the ISO's modification date
in UTC,i.e. its "UUID". If multiple ISOs would be generated in the exact
same second, the ISO 9660 modification date (i.e. its "UUID") would be
the same, so there would be not way to distinguish between the volumes
anyway. This also makes the file look less suspicious to the casual
glance.
|
|
Add all variables that we replace with values in configuration files.
Keep `${isofs_dir}/${install_dir}/grubenv` with fewer variables for
backwards compatibility. It will be removed in the future.
|
|
Move the location of GRUB files so that there is boot-platform
(BIOS vs EFI) neutral place for GRUB-specific files (e.g. configuration
files, background images, etc.).
The EFI binaries are obviosly staying in the default/fallback boot path
`/EFI/BOOT/BOOT*.EFI`, otherwise there will be no UEFI booting.
The /boot/grub/ directory will be used to store BIOS (i386-pc) GRUB
bootsector images, if we get to that.
It is also a requirement for implementing `loopback.cfg` support, since
the file's path must be `/boot/grub/loopback.cfg`.
Implements #206
|
|
Instruct the embeded grub.cfg to search for a volume with a
`/.disk/%UUID_SEARCH_FILENAME%.uuid` file and load `/EFI/BOOT/grub.cfg`
from it.
This avoid duplicating GRUB configuration files in two places (ISO 9660
and FAT) and ensures there is no confusion about which is the _correct_
configuration file.
Since nothing besides EFI binaries is copied to `efibootimg`, the
`_make_common_bootmode_grub_copy_to_efibootimg` function is removed.
Fixes #208
|
|
Ensure the **correct** date is used in `iso_label` and `iso_version`.
|
|
Move memtest86+ to `/boot/memtest86+/` on ISO 9660. That directory is
not copied to netboot artifact output.
Netboot boot menu https://ipxe.archlinux.org/releng/netboot/archlinux.ipxe
does not have entries for memtest and archiso-manager removes these files
(not the EFI one, though) before uploading the release files anyway.
|
|
There are claims that some UEFI allegedly natively support NTFS.
Preload the required GRUB modules to support booting from NTFS on such
systems.
Additionally preload the exFAT and UEF modules, because, why not?
|
|
volume it's on
Search for `/.disk/%UUID_SEARCH_FILENAME%.uuid` and pass the UUID of the
volume it's on as `archisodevice`. mkarchiso will replace
`%UUID_SEARCH_FILENAME%` with a hardcoded value generated using
`SOURCE_DATE_EPOCH` durring ISO build.
This allows to prepare an UEFI bootable installation medium by simply
copying the directory structure without having to touch `grub.cfg`.
Relying on the volume UUID instead of its LABEL also avoids collisions
of multiple ISOs created in the same month.
Fixes #202
|
|
* Update mkinitcpio-archiso project link,
* Update code of conduct link,
* Update arch-releng mailing list link,
* Use HTTPS where possible,
* Replace dead link.
|
|
|
|
This is a new value introduced in systemd v247. It makes sure a new
machine-id is generated, but is handled as first boot as well.
See "First Boot Semantics" in machine-id(5) for details.
|
|
Now that xz 5.4 is out and erofs-utils is built with LZMA support, it is
possible to compress the EROFS image with LZMA for higher compression.
`mkfs.erofs` trows a few warnings about using experimental features, but
they should not be an issue.
Nothing changes for the releng profile, for now at least.
|
|
Look for the files in `*_validate_options` and error out early if they do
not exist.
|
|
file descriptors only for reading
Nothing should ever be written to these files, so let's make sure it cannot happen.
|
|
The `bootstrap` build mode never calls `_export_gpg_publickey`, so even if
the GPG key is passed with the `-g` option and thus the `gpg_key` variable
is set, the `${work_dir}/pubkey.gpg` file will not exist.
This has not caused any issue so far because the `ARCHISO_GNUPG_FD` file
descriptor opens the file for both reading and writing, which means the
file gets created if it does not exist.
Assign the exported public key file name to a `gpg_publickey` variable in
`_export_gpg_publickey` and check for it when the file is used.
Since the exist status of the gpg command cannot be checked, look for the
exported public key file instead.
|
|
Implements #203.
|
|
|
|
archiso_kms hook with kms
The archiso_kms hook was moved from mkinitcpio-archiso to the mkinitcpio project.
See https://github.com/archlinux/mkinitcpio/commit/7bfe4861eacb3bf6cb70d9a17a0262542733a8ed and https://gitlab.archlinux.org/mkinitcpio/mkinitcpio-archiso/-/commit/dec17db5324285118e2faee296cc990ff1281bd8
|
|
The default is now copytoram=auto which enables copying to RAM when the rootfs image size is less than 4 GiB and free RAM exceeds the rootfs image size + 2 GiB.
See https://gitlab.archlinux.org/mkinitcpio/mkinitcpio-archiso/-/issues/13 and https://gitlab.archlinux.org/mkinitcpio/mkinitcpio-archiso/-/merge_requests/26.
Implements #177.
|
|
Make sure existing sig files are deleted before creating new ones and make sure to not sign any sig files.
This allows retrying failed mkarchiso runs without ending up with files such as vmlinuz.ipxe.sig.ipxe.sig.
Fixes #198
|
|
qemu-guest-agent.service will be started by the /usr/lib/udev/rules.d/99-qemu-guest-agent.rules udev rule.
Fixes #199
|
|
CHANGELOG.rst:
Add changelog for version 67.
|
|
``-c`` is given.
(gitlab ci)
Added a CA structure to the codesigning certificates.
This to test the functionality of optional CA being in the signing message.
(mkarchiso)
Removed the ``sign_netboot_artifacts`` variable and instead
we'll now rely on ``if [[ -v cert_list ]]; then``.
Added ``ARCHISO_TLS_FD`` and ``ARCHISO_TLSCA_FD`` environment variables
to override the certificates used. This is so that third party CA's can
be used during building in a meaningful way without distrupting the
CA trust that is shipped by default.
_cms_sign_artifact() was added which signs the rootfs using OpenSSL CMS.
The files will be saved as "${artifact}.cms.sig". That would be for instance
"${isofs_dir}/${install_dir}/${arch}/airootfs.sfs.cms.sig".
|
|
CHANGELOG.rst:
Add changelog entry for ordering pacman-init after time-sync.target
|
|
archlinux-keyring-wkd-sync.service needs an initialized pacman keyring to work.
Add BindsTo=etc-pacman.d-gnupg.mount to stop pacman-init.service if the mount unit suddenly enters inactive state.
|
|
|
|
This helps on systems with screwed or broken RTC.
|
|
--disable-shim-lock is required to support Secure Boot with custom signatures without using shim.
Otherwise GRUB will trow an error when trying to boot a kernel:
error: shim_lock protocol not found.
error: you need to load the kernel first.
The modules GRUB will use need to be preloaded otherwise the EFI binaries cannot be signed and used for Secure Boot.
See https://bugs.archlinux.org/task/71382.
GRUB will trow en error:
error: verification requested but nobody cares
These changes are done to support Secure Boot using custom keys (not shim) by simply extracting the boot loader
(BOOTx64.EFI and BOOTIA32.EFI), kernel, UEFI shell, signing them and then repacking the ISO.
For example.
Extract the files:
$ osirrox -indev archlinux-YYYY.MM.DD-x86_64.iso \
-extract_boot_images ./ \
-extract /EFI/BOOT/BOOTx64.EFI BOOTx64.EFI \
-extract /EFI/BOOT/BOOTIA32.EFI BOOTIA32.EFI \
-extract /shellx64.efi shellx64.efi \
-extract /shellia32.efi shellia32.efi \
-extract /arch/boot/x86_64/vmlinuz-linux vmlinuz-linux
Make the files writable:
$ chmod +w BOOTx64.EFI BOOTIA32.EFI shellx64.efi shellia32.efi vmlinuz-linux
Sign the files:
$ sbsign --key db.key --cert db.crt --output BOOTx64.EFI BOOTx64.EFI
$ sbsign --key db.key --cert db.crt --output BOOTIA32.EFI BOOTIA32.EFI
$ sbsign --key db.key --cert db.crt --output shellx64.efi shellx64.efi
$ sbsign --key db.key --cert db.crt --output shellia32.efi shellia32.efi
$ sbsign --key db.key --cert db.crt --output vmlinuz-linux vmlinuz-linux
Copy the boot loader and UEFI shell to the EFI system partition image:
$ mcopy -D oO -i eltorito_img2_uefi.img BOOTx64.EFI BOOTIA32.EFI ::/EFI/BOOT/
$ mcopy -D oO -i eltorito_img2_uefi.img shellx64.efi shellia32.efi ::/
Repack the ISO using the modified El Torito UEFI boot image and add the signed boot loader files, UEFI shell and
kernel to ISO9660:
$ xorriso -indev archlinux-YYYY.MM.DD-x86_64.iso \
-outdev archlinux-YYYY.MM.DD-x86_64-Secure_Boot.iso \
-boot_image any replay \
-append_partition 2 0xef eltorito_img2_uefi.img \
-map BOOTx64.EFI /EFI/BOOT/BOOTx64.EFI \
-map BOOTIA32.EFI /EFI/BOOT/BOOTIA32.EFI \
-map shellx64.efi /shellx64.efi \
-map shellia32.efi /shellia32.efi \
-map vmlinuz-linux /arch/boot/x86_64/vmlinuz-linux
Boot the resulting archlinux-YYYY.MM.DD-x86_64-Secure_Boot.iso.
|
|
Do not limit file copying to only grub.cfg and instead copy all GRUB configuration files and assets to both the ISO9660 and FAT image.
This will allow for including custom images, fonts, etc.
To easily match all non-configuration files (i.e. files without the .cfg extension), bash's extended glob feature will be enabled.
Actions common to multiple _make_bootmode_uefi-*.grub are split off into dedicated functions:
* _make_common_bootmode_grub_copy_to_efibootimg,
* _make_common_bootmode_grub_copy_to_isofs,
* _make_common_bootmode_grub_cfg.
Use the same du command in all efiboot_imgsize variable assignments.
Fixes #185.
|
|
Update authors
Update CHANGELOG
|
|
|
|
airootfs_image_tool_options for mkfs.erofs
As the man page says, it saves more space, although the feature is experimental.
|
|
|