Send patches - preferably formatted by git format-patch - to patches at archlinux32 dot org.
summaryrefslogtreecommitdiff
path: root/configs/releng/airootfs
AgeCommit message (Collapse)Author
2023-08-29Use pcsclite for communicating with OpenPGP smartcardsDavid Runge
As opgpcard uses pcsclite and gnupg is able to use it as well, switch away from using gnupg's internal ccid driver.
2023-08-26/etc/ssh/sshd_config.d/10-archiso.conf: keep only the modified optionsnl6720
The only changes we make to the default are to enable root login via a password. While `PasswordAuthentication yes` is the default, let's set it explicitly to avoid potential issues in the future.
2023-08-26Move custom sshd_config to /etc/ssh/sshd_config.d/nl6720
openssh 9.4p1-2 changed /etc/ssh/sshd_config to add support for drop-in files in /etc/ssh/sshd_config.d/. Using drop-in files avoids needing to keep up with changes to the default /etc/ssh/sshd_config.
2023-08-11Set IPv6PrivacyExtensions=yes in global systemd-netorkd configurationnl6720
Since systemd 245, IPv6PrivacyExtensions can be set not just per connection, but also globally for all connection with a configuration file in /etc/systemd/network.conf.d/.
2023-08-05configs/releng/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount: use ↵nl6720
tmpfs with noswap option Since tmpfs has a `noswap` option, use it instead of ramfs. Unlike ramfs, tmpfs has a limit to its size. This reverts commit 09b0428128700f37bd465eb54c6e45f69c17617d ("configs/releng/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount: use ramfs").
2023-06-21configs/*/airootfs/etc/mkinitcpio.conf.d/archiso.conf: remove comments and ↵nl6720
unused options Set only the custom values for HOOKS and COMPRESSION.
2023-06-21configs/: move custom mkinitcpio.conf files to /etc/mkinitcpio.conf.d/nl6720
This allows to retain a pristine /etc/mkinitcpio.conf in the rootfs.
2023-06-15Fix optional shellcheck warningsnl6720
Additionally fix a few code style issues found with shfmt.
2023-05-22Add support for mDNS.Sorin Pânca
2023-03-02wait for networkd online before curl invocationZig Globulin
1) wait for network-online.target before invoking curl as there's no synchronization with network setup for this script 2) don't hide curl errors - it may be easier to debug the issues 3) add log and comments
2023-02-07configs/*/airootfs/etc/ssh/sshd_config: update to match 9.2p1-1nl6720
Update /etc/ssh/sshd_config to match changes made in https://github.com/archlinux/svntogit-packages/commit/42aa04744e96c5805b7aa3904636f8cbd781f682 and https://github.com/archlinux/svntogit-packages/commit/7166713c55002dac3c2b306fdc63e89a412083a6 The only modification remains `PermitRootLogin yes`.
2022-11-12configs/releng/airootfs/root/.zlogin: use grep -a to ensure /proc/cmdline is ↵nl6720
treated as text This protects against the case where /proc/cmdline contains garbage triggering grep to think it is a binary. See e.g. https://bugs.archlinux.org/task/76468 for an example.
2022-10-25configs/releng/airootfs/etc/mkinitcpio.conf: replace the deprecated ↵nl6720
archiso_kms hook with kms The archiso_kms hook was moved from mkinitcpio-archiso to the mkinitcpio project. See https://github.com/archlinux/mkinitcpio/commit/7bfe4861eacb3bf6cb70d9a17a0262542733a8ed and https://gitlab.archlinux.org/mkinitcpio/mkinitcpio-archiso/-/commit/dec17db5324285118e2faee296cc990ff1281bd8
2022-10-06configs/: Do not explicitly enable qemu-guest-agent.servicenl6720
qemu-guest-agent.service will be started by the /usr/lib/udev/rules.d/99-qemu-guest-agent.rules udev rule. Fixes #199
2022-09-25Order pacman-init.service after time-sync.targetDavid Runge
configs/releng/airootfs/etc/systemd/system/pacman-init.service: Order pacman-init.service after time-sync.target, so that time on the host is synchronized before initializing pacman.
2022-09-25Enable systemd-timesyncd and systemd-time-wait-syncDavid Runge
configs/releng/airootfs/etc/systemd/system/{dbus-org.freedesktop.timesync1},sysinit.target.wants/systemd-timesyncd}.service: Enable systemd-timesyncd which aliases to dbus-org.freedesktop.timesync1 to ensure time gets synced on the host. configs/releng/airootfs/etc/systemd/system/sysinit.target.wants/systemd-time-wait-sync.service: Enable systemd-time-wait-sync to ensure time is finished syncing when time-sync.target is finished.
2022-09-01Order pacman-init.service before archlinux-keyring-wkd-sync.servicenl6720
archlinux-keyring-wkd-sync.service needs an initialized pacman keyring to work. Add BindsTo=etc-pacman.d-gnupg.mount to stop pacman-init.service if the mount unit suddenly enters inactive state.
2022-06-09configs/: use the C.UTF-8 localenl6720
The glibc 2.35-6 package ships with the C.UTF-8 locale included. This means there is now a UTF-8 locale available by default and en_US.UTF-8, which requires editing /etc/locale.gen and running locale-gen, is not needed anymore. Implements #175.
2022-04-30configs/*: add VMware and Hyper-V guest packages and enable their servicesnl6720
* open-vm-tools package, vmtoolsd.service and vmware-vmblock-fuse.service for VMware. * hyperv package, hv_fcopy_daemon.service, hv_kvp_daemon.service and hv_vss_daemon.service for Hyper-V. Related to #118.
2022-04-28configs/releng/airootfs/etc/xdg/reflector/reflector.conf: use mirrors that ↵nl6720
support both IPv4 & IPv6 This ensures that IPv6-only systems get working mirrors.
2022-04-06configs/releng/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount: use ramfsnl6720
When using tmpfs, it is possible that parts of it end up getting put in swap space (only if there is one). This may not be desired, so use ramfs instead.
2022-04-04Revert "Merge remote-tracking branch 'origin/merge-requests/239'"nl6720
People get scared by it. See https://gitlab.archlinux.org/archlinux/archiso/-/merge_requests/239#note_61954. This reverts commit b5011af3f4ac63214fdecef442550cce5ae4a971, reversing changes made to 07d8035624cff64e28f1148ddec9e970e26173da.
2022-03-31Merge remote-tracking branch 'origin/merge-requests/239'nl6720
* origin/merge-requests/239: add needed files See merge request !239
2022-03-29configs/releng: Improve motdKristian Klausen
Fix #167
2022-03-29add needed filesAlexander Epaneshnikov
this fixes #167
2022-03-25configs/{baseline,releng}/: disable systemd-gpt-auto-generatornl6720
When booting the ISO, you can observe a message that systemd-gpt-auto-generator has failed: systemd-gpt-auto-generator[197]: Reading EFI variable /sys/firmware/efi/efivars/LoaderDevicePartUUID-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f. systemd-gpt-auto-generator[197]: open("/sys/firmware/efi/efivars/LoaderDevicePartUUID-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f") failed: No such file or directory systemd-gpt-auto-generator[197]: EFI loader partition unknown, exiting. systemd-gpt-auto-generator[197]: (The boot loader did not set EFI variable LoaderDevicePartUUID.) systemd-gpt-auto-generator[197]: Failed to open device: No such device Seeing as it started to appear relatively recently, it may be a systemd bug. Since we do not want any GPT partition automounting in the live environment anyway, systemd-gpt-auto-generator can simply be disabled. Fixes #164.
2022-01-28configs/releng/airootfs/etc/systemd/system/getty@tty1.service.d/autologin.co ↵nl6720
nf: update ExecStart Update the drop-in to more closely match getty@.service of systemd 250. Use example from https://wiki.archlinux.org/title/getty#Virtual_console
2022-01-22configs/*/airootfs/etc/systemd/network/20-ethernet.network: add a comment to ↵nl6720
document why an interface name glob is used This documents the changes made in !177 inside the .network files themselves. Related to #142.
2021-12-02configs/releng/airootfs/etc/mkinitcpio.conf: remove archiso_shutdownnl6720
The archiso_shutdown hook has been obsolete since mkinitcpio 16. https://lists.archlinux.org/pipermail/arch-dev-public/2013-December/025742.html Related to mkinitcpio/mkinitcpio-archiso#8.
2021-11-30Fixes failure to retry script download. Tested and verified the issue is ↵Howard Hicks
resolved. The curl --retry-connrefused option is used with not instead of the --retry <num> option to add an extra type of failure to retry on, without --retry <num> it does not retry at all even on a connection refused. https://man.archlinux.org/man/curl.1.en
2021-08-25configs/*/airootfs/etc/ssh/sshd_config: update to openssh 8.7p1-1nl6720
Update /etc/ssh/sshd_config to match upstream changes. The only modification remains "PermitRootLogin yes".
2021-07-29Remove SPDX license identifier from releng configsDavid Runge
configs/releng/*: Remove the SPDX license identifier comment from the configuration files in the profile, as they are not eligible for copyright.
2021-07-27configs/*/airootfs/etc/systemd/system/systemd-networkd-wait-online.service.d ↵nl6720
/wait-for-only-one-interface.conf: document why the drop-in file exists Related to #142. Add missing `ExecStart=` to baseline's /etc/systemd/system/systemd-networkd-wait-online.service.d/wait-for-only-one-interface.conf.
2021-07-27configs/releng/airootfs/etc/systemd/network/: move RouteMetric= from ↵nl6720
[DHCPv6] to [IPv6AcceptRA] systemd moved the option. See https://github.com/systemd/systemd/commit/8ebafba9f987c21aa5787c8767f2e390b4ec0bc5 . Implements #123. Document in comments why the route metrics need to be set (because of https://github.com/systemd/systemd/issues/17698 ) and use the same metric values as NetworkManager. https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/main/src/core/devices/nm-device.c Additionally remove RouteMetric from configs/baseline/airootfs/etc/systemd/network/20-ethernet.network. There is only one networkd configuration file in baseline, meaning, there are no other routes.
2021-06-18Update ArchWiki article URLsnl6720
Use the new, prettier short URLs.
2021-05-29configs/releng/airootfs/etc/systemd/network/: match by globbing the ↵nl6720
interface name instead of matching the type Type=ether matches virtual Ethernet interfaces (veth*) which may break networking inside containers. Fixes https://bugs.archlinux.org/task/70892 . Partially reverts 8a521d0bfaedf16b95c09b4837981c4b567b5118 .
2021-05-12configs/releng/airootfs/etc/systemd/system/pacman-init.service: don't ↵nl6720
hardcode the keyrings If the keyring is not specified, pacman-key will simply use all keyrings from /usr/share/pacman/keyrings/. Fixes #133.
2021-05-11configs/*: add VM guest packages and enable their servicesnl6720
* virtualbox-guest-utils-nox package and vboxservice.service for VirtualBox. * qemu-guest-agent package and qemu-guest-agent.service for QEMU & libvirt. Implements #118.
2021-03-30Revert "configs/releng: improve UX"David Runge
This reverts commit 8b6f3545e348caf16a2ff30d948ff93b4d9a4b89.
2021-03-30configs/releng: improve UXnl6720
Implements #90
2021-03-29Reduce amount of checked mirrorsDavid Runge
configs/releng/airootfs/etc/xdg/reflector/reflector.conf: Reduce the amount mirrors that reflector checks from 70 to 20. This significantly reduces the time it takes to end up with an up-to-date mirrorlist during boot with the releng profile. Fixes #92
2021-03-29Allow redirects for scriptsDavid Runge
configs/releng/airootfs/root/.automated_script.sh: Add the `--location` curl parameter (see `man 1 curl`) to allow for curl to retrieve a remote script even if the source is being redirected (e.g. moved permanently) when using the `script=` kernel commandline parameter. Fixes #113
2021-03-26configs/releng: add and enable ModemManagernl6720
ModemManager's mmcli is the simplest way to connect with WWAN modems. Mention mmcli in MOTD. Implements #110.
2021-03-26configs/releng: start DHCP client for mobile broadbandnl6720
Add /etc/systemd/network/20-wwan.network Related to #110.
2021-03-26configs/releng: rename 20-wireless.network to 20-wlan.networknl6720
The file is limited to Wi-Fi (Type=wlan in networkd configuration).
2021-03-26Update ↵nl6720
configs/releng/airootfs/etc/systemd/network/20-{ethernet,wireless}.network * Match the device type instead of the interface name. * Replace DHCP section with DHCPv4/DHCPv6. systemd split the sections.
2021-02-16Remove havegedKristian Klausen
haveged was added 8 years ago[1] to increase entropy and presumably to prevent entropy starvation. A few things has changed since, most notable: * the kernel actively tries to add entropy (jitter entropy)[2][3][4][5] * /dev/random no longer blocks after CRNG initialization[6][7] [1] d7e790d ("Initialize pacman keyring on bootup") [2] https://github.com/torvalds/linux/commit/3f2dc2798b81531fd93a3b9b7c39da47ec689e55 [3] https://github.com/torvalds/linux/commit/50ee7529ec4500c88f8664560770a7a1b65db72b [4] https://lore.kernel.org/lkml/alpine.DEB.2.21.1909290010500.2636@nanos.tec.linutronix.de/T/ [5] https://lwn.net/Articles/800509/ [6] https://github.com/torvalds/linux/commit/30c08efec8884fb106b8e57094baa51bb4c44e32 [7] https://lwn.net/Articles/808575/ Fix #98
2021-01-31configs/releng: move locale-gen from customize_airootfs.sh to a pacman hooknl6720
This finally removes customize_airootfs.sh from releng. Fixes https://gitlab.archlinux.org/archlinux/archiso/-/issues/21 .
2021-01-31config/releng: remove pacman hooks specific to ISO build process from ↵nl6720
airootfs after they run This works around https://bugs.archlinux.org/task/49347 . Leaving the hooks in the airootfs image will result in it being run when pacstrap is run in the live environment. This should not happen as they are intended for the ISO build process only. Fixes https://gitlab.archlinux.org/archlinux/archiso/-/issues/91 .
2021-01-27configs/releng: move the mirror uncommenting sed command from ↵nl6720
customize_airootfs.sh to a pacman hook After pacman-mirrorlist is installed, /etc/pacman.d/hooks/uncomment-mirrors.hook will run a sed command which uncomments all Server lines in /etc/pacman.d/mirrorlist. This brings us another step closer to the complete removal of customize_airootfs.sh. Related to https://gitlab.archlinux.org/archlinux/archiso/-/issues/21 .