| Age | Commit message (Collapse) | Author |
|---|
|
|
|
While using GRUB as the UEFI boot loader has reduced the size of the ISO,
it has brought nothing but pain otherwise:
* We cannot use `gfxterm` since it is not visible on some hardware.
* GRUB has a a strange and nonsensical limitation where the EFI binary
can be built with either support for shim or custom Secure Boot key
support, but not both. This means you cannot repack the ISO to use
shim + MOK since we currently use `--disable-shim-lock` to provide
support for setups with custom keys.
* GRUB's EFI binary needs to be built with `grub-mkstandalone` instead
of there being a ready made EFI binary in the package. This requires
having grub installed on the host system which affects reproducibility.
This increases the size of the ISO since systemd-boot cannot boot files
from other volumes, i.e. the kernel and initramfs is duplicated in the
EFI system partition (the second partition made from `efiboot.img`).
Implements https://gitlab.archlinux.org/archlinux/archiso/-/issues/227
|
|
`archisosearchuuid=` first searches for a matching UUID. If that fails,
then it mounts and looks for a `/boot/${archisosearchuuid}.uuid` file in
all detected block devices (in whatever order `blkid` lists them).
This implements "file system transposition" without relaying on boot
loader specific features and does not tie us to GRUB anymore.
Related to https://gitlab.archlinux.org/archlinux/mkinitcpio/mkinitcpio-archiso/-/merge_requests/48
Fixes https://gitlab.archlinux.org/archlinux/archiso/-/issues/217
|
|
microcode images
This simplifies boot loader configuration, but custom PXE setups will
be forced to update theirs.
Implements https://gitlab.archlinux.org/archlinux/archiso/-/issues/226
|
|
The zstd tool has now been around for a while, so the availability of
it should not be a concern anymore.
Unlike gzip which was used until now, zstd offers higher compression
while still being faster (and multi-threaded).
The `--auto-threads=logical` option is used just so that there is some
difference between the releng and baseline profiles.
Everyone using the official Arch Linux bootstrap tarball (previously
`archlinux-bootstrap-YYYY.MM.DD-x86_64.tar.gz` or
`archlinux-bootstrap-x86_64.tar.gz`) will need to update their scripts
and etc. to use `archlinux-bootstrap-YYYY.MM.DD-x86_64.tar.zst` or
`archlinux-bootstrap-x86_64.tar.zst` instead.
Implements https://gitlab.archlinux.org/archlinux/archiso/-/issues/130
|
|
Create a boot entry for Memtest86+.
Implements https://gitlab.archlinux.org/archlinux/archiso/-/issues/228
|
|
* bootstrap will use .tar.zst with `zstd -c -T0 --long -19`,
* releng will retain .tar.gz with `gzip -cn9` for now.
This will later be changed as part of https://gitlab.archlinux.org/archlinux/archiso/-/issues/130.
|
|
Starting with kernel 6.7, the releng ISO exceeds 900 MiB which is the
maximum size of a CD.
Adjust the description to say "DVD" instead.
Closes https://gitlab.archlinux.org/archlinux/archiso/-/issues/144
|
|
Currently the ldns package is pulled in as a dependency of openssh, but
that dependency may be gone in the future.
See https://gitlab.archlinux.org/archlinux/packaging/packages/openssh/-/issues/2
Explicitly include ldns to ensure the live environment will continue to
have `drill`.
|
|
By default systemd-networkd-wait-online.service considers a network
connection to be "online" when it has reached the "degraded" state
(see networkctl(1) for the definitions).
Since "degraded" does not ensure there's a routable address, let's
change the connection's requirement to "routable" instead.
This gives a better chance that the network really is online when
network-online.target is reached.
|
|
|
|
|
|
Make sure the ISO can be booted successfully without triggering questions from systemd-firstboot.
Fixes https://gitlab.archlinux.org/archlinux/archiso/-/issues/205
Fixes: 6e1be91961967a6485901ac431f6f6b06675b750 ("archiso/mkarchiso: write "uninitialized" to /etc/machine-id")
|
|
See https://www.supergrubdisk.org/wiki/Loopback.cfg for details.
Only `${iso_path}` is guaranteed, so we need to search for the volume,
on which the ISO file resides, ourselves.
Implements https://gitlab.archlinux.org/archlinux/archiso/-/issues/165
|
|
Construct a human readable platform identifier from GRUB's built-in
variables and use it in menu item descriptions.
Only add the menu entries for the additional tools (UEFI shell,
Memtest86+) if the files exist.
Modify baseline's `grub.cfg` to closer match releng.
|
|
Move the `play` command to the end of the file so it plays after the
menu entries are shown and ready.
|
|
* Do not manually load modules that will get loaded by invoking a command.
* Explicitly load serial modules.
* Move `insmod all_video` after the font is loaded.
|
|
bolt can be used to list and authorize Thunderbolt and USB4 devices.
Inspired by https://bbs.archlinux.org/viewtopic.php?id=288731 where a
user needed to install the package in the live environment.
|
|
As opgpcard uses pcsclite and gnupg is able to use it as well, switch
away from using gnupg's internal ccid driver.
|
|
|
|
The only changes we make to the default are to enable root login via a
password.
While `PasswordAuthentication yes` is the default, let's set it
explicitly to avoid potential issues in the future.
|
|
openssh 9.4p1-2 changed /etc/ssh/sshd_config to add support for
drop-in files in /etc/ssh/sshd_config.d/.
Using drop-in files avoids needing to keep up with changes to the
default /etc/ssh/sshd_config.
|
|
The tools are useful for clearing, creating and reading keys and etc.
on the TPM.
|
|
Since systemd 245, IPv6PrivacyExtensions can be set not just per
connection, but also globally for all connection with a configuration
file in /etc/systemd/network.conf.d/.
|
|
tmpfs with noswap option
Since tmpfs has a `noswap` option, use it instead of ramfs. Unlike
ramfs, tmpfs has a limit to its size.
This reverts commit 09b0428128700f37bd465eb54c6e45f69c17617d ("configs/releng/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount: use ramfs").
|
|
unused options
Set only the custom values for HOOKS and COMPRESSION.
|
|
This allows to retain a pristine /etc/mkinitcpio.conf in the rootfs.
|
|
Additionally fix a few code style issues found with shfmt.
|
|
Update pacman.conf to match the one shipped with pacman 6.0.2-7.
The community repository is gone. See
https://archlinux.org/news/git-migration-completed/
|
|
|
|
Add foot-terminfo and wezterm-terminfo packages to allow using their
terminfo entries for installations via SSH.
|
|
Relying on the volume UUID instead of its LABEL avoids collisions of
multiple ISOs created in the same month.
Fixes #202
|
|
|
|
By Zig Globulin
* origin/merge-requests/235:
wait for networkd online before curl invocation
See merge request https://gitlab.archlinux.org/archlinux/archiso/-/merge_requests/235
|
|
* Use LZMA extreme compression level,
* enable experimental compressed fragments feature to create a smaller image,
* enable experimental data deduplication.
This decreases the baseline profile's `airootfs.erofs` size by about ~16 MiB.
|
|
1) wait for network-online.target before invoking curl
as there's no synchronization with network setup for this script
2) don't hide curl errors - it may be easier to debug the issues
3) add log and comments
|
|
configs/{baseline,releng}/grub/grub.cfg:
Use `console` as grub's `terminal_output`, as with `gfxterm` only a blank screen is shown on some hardware.
Fixes #212
|
|
|
|
Use the shorter and more nicer looking `UUID=` *tags* instead of the
`/dev/disk/by-uuid/` paths.
This requires mkinitcpio-archiso v68.
Related to #202
|
|
To prevent the file from being accidentally missed when someone copies
the ISO's contents, let's not place it in a directory that starts with a
dot. Since all GRUB related files are in /boot/grub/, put it there too.
Instead of using a more unique UUID for the file name, use
`YYYY-mm-dd-HH-MM-SS-00.uuid` which matches the ISO's modification date
in UTC,i.e. its "UUID". If multiple ISOs would be generated in the exact
same second, the ISO 9660 modification date (i.e. its "UUID") would be
the same, so there would be not way to distinguish between the volumes
anyway. This also makes the file look less suspicious to the casual
glance.
|
|
embedded grub.cfg
The `grub.cfg` embedded in the GRUB binaries already sets `ARCHISO_HINT`
and `ARCHISO_UUID` in most cases. To avoid performing the same searches
multiple times, use the existing variables.
|
|
Ensure the **correct** date is used in `iso_label` and `iso_version`.
|
|
Move memtest86+ to `/boot/memtest86+/` on ISO 9660. That directory is
not copied to netboot artifact output.
Netboot boot menu https://ipxe.archlinux.org/releng/netboot/archlinux.ipxe
does not have entries for memtest and archiso-manager removes these files
(not the EFI one, though) before uploading the release files anyway.
|
|
Update /etc/ssh/sshd_config to match changes made in
https://github.com/archlinux/svntogit-packages/commit/42aa04744e96c5805b7aa3904636f8cbd781f682
and https://github.com/archlinux/svntogit-packages/commit/7166713c55002dac3c2b306fdc63e89a412083a6
The only modification remains `PermitRootLogin yes`.
|
|
There are claims that some UEFI allegedly natively support NTFS.
Preload the required GRUB modules to support booting from NTFS on such
systems.
Additionally preload the exFAT and UEF modules, because, why not?
|
|
volume it's on
Search for `/.disk/%UUID_SEARCH_FILENAME%.uuid` and pass the UUID of the
volume it's on as `archisodevice`. mkarchiso will replace
`%UUID_SEARCH_FILENAME%` with a hardcoded value generated using
`SOURCE_DATE_EPOCH` durring ISO build.
This allows to prepare an UEFI bootable installation medium by simply
copying the directory structure without having to touch `grub.cfg`.
Relying on the volume UUID instead of its LABEL also avoids collisions
of multiple ISOs created in the same month.
Fixes #202
|
|
* Update mkinitcpio-archiso project link,
* Update code of conduct link,
* Update arch-releng mailing list link,
* Use HTTPS where possible,
* Replace dead link.
|
|
A
|
|
Now that xz 5.4 is out and erofs-utils is built with LZMA support, it is
possible to compress the EROFS image with LZMA for higher compression.
`mkfs.erofs` trows a few warnings about using experimental features, but
they should not be an issue.
Nothing changes for the releng profile, for now at least.
|
|
with cms_verify=y
Specify `cms_verify=y` in SYSLINUX/PXELINUX configuration to use OpenSSL
CMS based method for verifying the root file system image against the
code signing certificates in the initramfs.
`checksum` and `verify` are removed since they essentially serve the same
purpose and performing all the checks just needlessly delays boot.
Additionally, the removal of `verify` allows to build the ISO without gpg,
i.e. without using `mkarchiso`'s `-g` and `-G` options.
Fixes #200
|