From 29f4b0071bd56fa437ea89b472dbf61674ada905 Mon Sep 17 00:00:00 2001 From: David Runge Date: Mon, 27 Feb 2023 19:33:25 +0100 Subject: Add changelog entry for terminal_output fix --- CHANGELOG.rst | 1 + 1 file changed, 1 insertion(+) (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index d6bca3a..ab1a142 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -29,6 +29,7 @@ Changed is deprecated and a future archiso release will not create this file anymore. - Moved syslinux directory from ``/syslinux/`` to ``/boot/syslinux/`` to keep most boot loader files in ``/boot/``. - Update ``README.transfer`` documentation and convert it to reStructuredText. +- Use ``console`` as grub's ``terminal_output``, as ``gfxterm`` leads to a blank screen on some hardware. Removed ------- -- cgit v1.2.3-54-g00ecf From 5c36c85bd51b7f28f5e9b50fd82e66fde8286e37 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Fri, 24 Feb 2023 12:12:04 +0200 Subject: Add changelog for 70 --- CHANGELOG.rst | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index ab1a142..4fb2063 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -8,6 +8,24 @@ Changelog Added ----- +Changed +------- + +Deprecated +---------- + +Fixed +----- + +Removed +------- + +[70] - 2023-02-27 +================= + +Added +----- + - Support *file system transposition* to simplify boot medium preparation for UEFI boot via extracting the ISO image contents to a drive. ``grub.cfg`` does not hardcode the ISO volume label anymore, instead GRUB will search for volume with a ``/boot/grub/YYYY-mm-dd-HH-MM-SS-00.uuid`` file on it. -- cgit v1.2.3-54-g00ecf From f60525103d152923e1321490936cf17fd033bf4d Mon Sep 17 00:00:00 2001 From: Zig Globulin Date: Wed, 9 Feb 2022 14:28:16 +0100 Subject: wait for networkd online before curl invocation 1) wait for network-online.target before invoking curl as there's no synchronization with network setup for this script 2) don't hide curl errors - it may be easier to debug the issues 3) add log and comments --- CHANGELOG.rst | 3 +++ configs/releng/airootfs/root/.automated_script.sh | 11 ++++++++++- 2 files changed, 13 insertions(+), 1 deletion(-) (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 4fb2063..cef568a 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -17,6 +17,9 @@ Deprecated Fixed ----- +- Wait for ``network-online.target`` to become active before trying to download the script passed via the ``script=`` + boot parameter. + Removed ------- diff --git a/configs/releng/airootfs/root/.automated_script.sh b/configs/releng/airootfs/root/.automated_script.sh index 52c47e6..f257537 100755 --- a/configs/releng/airootfs/root/.automated_script.sh +++ b/configs/releng/airootfs/root/.automated_script.sh @@ -16,7 +16,13 @@ automated_script () script="$(script_cmdline)" if [[ -n "${script}" && ! -x /tmp/startup_script ]]; then if [[ "${script}" =~ ^((http|https|ftp)://) ]]; then - curl "${script}" --location --retry-connrefused --retry 10 -s -o /tmp/startup_script >/dev/null + # there's no synchronization for network availability before executing this script + printf '%s: waiting for network-online.target\n' "$0" + until systemctl --quiet is-active network-online.target; do + sleep 1 + done + printf '%s: downloading %s\n' "$0" "${script}" + curl "${script}" --location --retry-connrefused --retry 10 -s -o /tmp/startup_script rt=$? else cp "${script}" /tmp/startup_script @@ -24,6 +30,9 @@ automated_script () fi if [[ ${rt} -eq 0 ]]; then chmod +x /tmp/startup_script + printf '%s: executing automated script\n' "$0" + # note that script is executed when other services (like pacman-init) may be still in progress, please + # synchronize to "systemctl is-system-running --wait" when your script depends on other services /tmp/startup_script fi fi -- cgit v1.2.3-54-g00ecf From 20fc8030a38d7c71c341fd267c12eb6bee3c4549 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Fri, 17 Mar 2023 19:00:25 +0200 Subject: configs/baseline/profiledef.sh: compress more * Use LZMA extreme compression level, * enable experimental compressed fragments feature to create a smaller image, * enable experimental data deduplication. This decreases the baseline profile's `airootfs.erofs` size by about ~16 MiB. --- CHANGELOG.rst | 3 +++ configs/baseline/profiledef.sh | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 4fb2063..19ff603 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -11,6 +11,9 @@ Added Changed ------- +- Increase EROFS compression for the baseline profile by using an extreme LZMA compression level and enabling the + experimental compressed fragments and data deduplication features. + Deprecated ---------- diff --git a/configs/baseline/profiledef.sh b/configs/baseline/profiledef.sh index 63acce1..913ff8a 100644 --- a/configs/baseline/profiledef.sh +++ b/configs/baseline/profiledef.sh @@ -14,7 +14,7 @@ bootmodes=('bios.syslinux.mbr' 'bios.syslinux.eltorito' arch="x86_64" pacman_conf="pacman.conf" airootfs_image_type="erofs" -airootfs_image_tool_options=('-zlzma,9' -E ztailpacking) +airootfs_image_tool_options=('-zlzma,109' -E 'ztailpacking,fragments,dedupe') file_permissions=( ["/etc/shadow"]="0:0:400" ) -- cgit v1.2.3-54-g00ecf From 42f645edc3ed14331666ad417df597c829da4600 Mon Sep 17 00:00:00 2001 From: Antonio V Date: Sun, 14 May 2023 15:17:35 +0000 Subject: Fixed subdirectories copy from grub/ to the ISO --- CHANGELOG.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 3d1172a..b35f1c6 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -23,6 +23,8 @@ Fixed - Wait for ``network-online.target`` to become active before trying to download the script passed via the ``script=`` boot parameter. +- Subdirectories from ``grub/`` are copied to the ISO. + Removed ------- -- cgit v1.2.3-54-g00ecf From 2b2f212845c4be4bf6a3c9866b21d9d8e2ee102e Mon Sep 17 00:00:00 2001 From: Antonio V Date: Sun, 14 May 2023 15:20:07 +0000 Subject: Added classes for Memtest86+ and UEFI Shell menuentries --- CHANGELOG.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 3d1172a..4c68d6e 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -8,6 +8,8 @@ Changelog Added ----- +- Added classes for Memtest86+ and UEFI Shell menuentries. + Changed ------- -- cgit v1.2.3-54-g00ecf From 14b2e44d9040ac24017268e309d3abfb14831d7e Mon Sep 17 00:00:00 2001 From: shivanandvp Date: Wed, 17 May 2023 04:08:33 -0500 Subject: mkarchiso: Fix the cp command arguments to retain mkarchiso's behavior prior to the GNU Coreutils update. Fixes Issue #214 --- CHANGELOG.rst | 2 +- archiso/mkarchiso | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 8503cb2..a4cd42f 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -24,8 +24,8 @@ Fixed - Wait for ``network-online.target`` to become active before trying to download the script passed via the ``script=`` boot parameter. - - Subdirectories from ``grub/`` are copied to the ISO. +- Modify the commandline options to a ``cp`` command in ``mkarchiso`` so that the entire script does not exit with failure when a custom ``.bashrc`` file is supplied with the archiso configuration. This fix was needed after **GNU Coreutils** recently changed the behaviour of the ``-n`` (or ``--no-clobber``) commandline option to the ``cp`` command. Removed ------- diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 23e0a75..e991b52 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -390,7 +390,7 @@ _make_customize_airootfs() { if [[ ! -d "${pacstrap_dir}${passwd[5]}" ]]; then install -d -m 0750 -o "${passwd[2]}" -g "${passwd[3]}" -- "${pacstrap_dir}${passwd[5]}" fi - cp -dnRT --preserve=mode,timestamps,links -- "${pacstrap_dir}/etc/skel/." "${pacstrap_dir}${passwd[5]}" + cp -dRT --update=none --preserve=mode,timestamps,links -- "${pacstrap_dir}/etc/skel/." "${pacstrap_dir}${passwd[5]}" chmod -f 0750 -- "${pacstrap_dir}${passwd[5]}" chown -hR -- "${passwd[2]}:${passwd[3]}" "${pacstrap_dir}${passwd[5]}" else -- cgit v1.2.3-54-g00ecf From ce8fdedbf7af54544983f87472f8854b7b850603 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Thu, 16 Mar 2023 09:30:03 +0200 Subject: Use UUIDs in all boot loader configuration files Relying on the volume UUID instead of its LABEL avoids collisions of multiple ISOs created in the same month. Fixes #202 --- CHANGELOG.rst | 1 + configs/baseline/efiboot/loader/entries/01-archiso-x86_64-linux.conf | 2 +- configs/baseline/syslinux/syslinux-linux.cfg | 2 +- configs/releng/efiboot/loader/entries/01-archiso-x86_64-linux.conf | 2 +- .../releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf | 2 +- configs/releng/syslinux/archiso_pxe-linux.cfg | 2 +- configs/releng/syslinux/archiso_sys-linux.cfg | 4 ++-- 7 files changed, 8 insertions(+), 7 deletions(-) (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index a4cd42f..c8630bd 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -15,6 +15,7 @@ Changed - Increase EROFS compression for the baseline profile by using an extreme LZMA compression level and enabling the experimental compressed fragments and data deduplication features. +- Identify the ISO volume via a UUID instead of a file system label in all boot loader configuration files. Deprecated ---------- diff --git a/configs/baseline/efiboot/loader/entries/01-archiso-x86_64-linux.conf b/configs/baseline/efiboot/loader/entries/01-archiso-x86_64-linux.conf index 11624b6..68c1d2c 100644 --- a/configs/baseline/efiboot/loader/entries/01-archiso-x86_64-linux.conf +++ b/configs/baseline/efiboot/loader/entries/01-archiso-x86_64-linux.conf @@ -1,4 +1,4 @@ title Arch Linux (x86_64, UEFI) linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% +options archisobasedir=%INSTALL_DIR% archisodevice=UUID=%ARCHISO_UUID% diff --git a/configs/baseline/syslinux/syslinux-linux.cfg b/configs/baseline/syslinux/syslinux-linux.cfg index 0311f29..3fd9da5 100644 --- a/configs/baseline/syslinux/syslinux-linux.cfg +++ b/configs/baseline/syslinux/syslinux-linux.cfg @@ -2,4 +2,4 @@ LABEL arch MENU LABEL Arch Linux (x86_64, BIOS) LINUX /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux INITRD /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% +APPEND archisobasedir=%INSTALL_DIR% archisodevice=UUID=%ARCHISO_UUID% diff --git a/configs/releng/efiboot/loader/entries/01-archiso-x86_64-linux.conf b/configs/releng/efiboot/loader/entries/01-archiso-x86_64-linux.conf index 1c2a7a8..2506f07 100644 --- a/configs/releng/efiboot/loader/entries/01-archiso-x86_64-linux.conf +++ b/configs/releng/efiboot/loader/entries/01-archiso-x86_64-linux.conf @@ -4,4 +4,4 @@ linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux initrd /%INSTALL_DIR%/boot/intel-ucode.img initrd /%INSTALL_DIR%/boot/amd-ucode.img initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% +options archisobasedir=%INSTALL_DIR% archisodevice=UUID=%ARCHISO_UUID% diff --git a/configs/releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf b/configs/releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf index 64253d3..6928a10 100644 --- a/configs/releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf +++ b/configs/releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf @@ -4,4 +4,4 @@ linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux initrd /%INSTALL_DIR%/boot/intel-ucode.img initrd /%INSTALL_DIR%/boot/amd-ucode.img initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% accessibility=on +options archisobasedir=%INSTALL_DIR% archisodevice=UUID=%ARCHISO_UUID% accessibility=on diff --git a/configs/releng/syslinux/archiso_pxe-linux.cfg b/configs/releng/syslinux/archiso_pxe-linux.cfg index 0eb1705..305b8fd 100644 --- a/configs/releng/syslinux/archiso_pxe-linux.cfg +++ b/configs/releng/syslinux/archiso_pxe-linux.cfg @@ -6,7 +6,7 @@ ENDTEXT MENU LABEL Arch Linux install medium (x86_64, NBD) LINUX ::/%INSTALL_DIR%/boot/x86_64/vmlinuz-linux INITRD ::/%INSTALL_DIR%/boot/intel-ucode.img,::/%INSTALL_DIR%/boot/amd-ucode.img,::/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% archiso_nbd_srv=${pxeserver} cms_verify=y +APPEND archisobasedir=%INSTALL_DIR% archisodevice=UUID=%ARCHISO_UUID% archiso_nbd_srv=${pxeserver} cms_verify=y SYSAPPEND 3 LABEL arch64_nfs diff --git a/configs/releng/syslinux/archiso_sys-linux.cfg b/configs/releng/syslinux/archiso_sys-linux.cfg index f9d3b0d..950dc48 100644 --- a/configs/releng/syslinux/archiso_sys-linux.cfg +++ b/configs/releng/syslinux/archiso_sys-linux.cfg @@ -6,7 +6,7 @@ ENDTEXT MENU LABEL Arch Linux install medium (x86_64, BIOS) LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% +APPEND archisobasedir=%INSTALL_DIR% archisodevice=UUID=%ARCHISO_UUID% # Accessibility boot option LABEL arch64speech @@ -17,4 +17,4 @@ ENDTEXT MENU LABEL Arch Linux install medium (x86_64, BIOS) with ^speech LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% accessibility=on +APPEND archisobasedir=%INSTALL_DIR% archisodevice=UUID=%ARCHISO_UUID% accessibility=on -- cgit v1.2.3-54-g00ecf From 8cc0e9e5b09d504a50701a825f0ab9992ed73b6f Mon Sep 17 00:00:00 2001 From: nl6720 Date: Thu, 16 Mar 2023 09:45:00 +0200 Subject: mkarchiso: read SOURCE_DATE_EPOCH from file early When restarting an interrupted build, SOURCE_DATE_EPOCH needs to be available before `profiledef.sh` is read, since it may reference it. Fixes 7c6f266ec94e3eff23466ed8d0c45e4bee0ddae4 --- CHANGELOG.rst | 3 +++ archiso/mkarchiso | 15 +++++++++------ 2 files changed, 12 insertions(+), 6 deletions(-) (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index c8630bd..36d173d 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -23,10 +23,13 @@ Deprecated Fixed ----- +<<<<<<< HEAD - Wait for ``network-online.target`` to become active before trying to download the script passed via the ``script=`` boot parameter. - Subdirectories from ``grub/`` are copied to the ISO. - Modify the commandline options to a ``cp`` command in ``mkarchiso`` so that the entire script does not exit with failure when a custom ``.bashrc`` file is supplied with the archiso configuration. This fix was needed after **GNU Coreutils** recently changed the behaviour of the ``-n`` (or ``--no-clobber``) commandline option to the ``cp`` command. +- Ensure ``SOURCE_DATE_EPOCH`` is read from the ``build_date`` file before ``profiledef.sh`` is sourced to ensure the + variable has a correct value when used inside ``profiledef.sh``. Removed ------- diff --git a/archiso/mkarchiso b/archiso/mkarchiso index afaeb6e..d1d753e 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1742,12 +1742,8 @@ _build_iso_base() { # Create working directory [[ -d "${work_dir}" ]] || install -d -- "${work_dir}" - # Write build date to file or if the file exists, read it from there - if [[ -e "${work_dir}/build_date" ]]; then - SOURCE_DATE_EPOCH="$(<"${work_dir}/build_date")" - else - printf '%s\n' "$SOURCE_DATE_EPOCH" > "${work_dir}/build_date" - fi + # Write build date to file if it does not exist already + [[ -e "${work_dir}/build_date" ]] || printf '%s\n' "$SOURCE_DATE_EPOCH" > "${work_dir}/build_date" [[ "${quiet}" == "y" ]] || _show_config _run_once _make_pacman_conf @@ -1863,6 +1859,13 @@ fi # get the absolute path representation of the first non-option argument profile="$(realpath -- "${1}")" +# Read SOURCE_DATE_EPOCH from file early +build_date_file="$(realpath -q -- "${override_work_dir:-./work}/build_date")" || : +if [[ -f "$build_date_file" ]]; then + SOURCE_DATE_EPOCH="$(<"$build_date_file")" +fi +unset build_date_file + _read_profile _set_overrides _validate_options -- cgit v1.2.3-54-g00ecf From 493aa90fd2250ebfe37598eb933550e635adbc4b Mon Sep 17 00:00:00 2001 From: nl6720 Date: Sat, 13 May 2023 15:58:06 +0300 Subject: configs/releng/packages.x86_64: add more terminfo packages Add foot-terminfo and wezterm-terminfo packages to allow using their terminfo entries for installations via SSH. --- CHANGELOG.rst | 2 ++ configs/releng/packages.x86_64 | 2 ++ 2 files changed, 4 insertions(+) (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 36d173d..7295875 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -9,6 +9,8 @@ Added ----- - Added classes for Memtest86+ and UEFI Shell menuentries. +- Add foot-terminfo and wezterm-terminfo packages to releng to support terminal emulators using them. E.g. when + installing via SSH. Changed ------- diff --git a/configs/releng/packages.x86_64 b/configs/releng/packages.x86_64 index 5771920..43678b2 100644 --- a/configs/releng/packages.x86_64 +++ b/configs/releng/packages.x86_64 @@ -28,6 +28,7 @@ ethtool exfatprogs f2fs-tools fatresize +foot-terminfo fsarchiver gnu-netcat gpart @@ -114,6 +115,7 @@ usbutils vim virtualbox-guest-utils-nox vpnc +wezterm-terminfo wireless-regdb wireless_tools wpa_supplicant -- cgit v1.2.3-54-g00ecf From 7f1632334bd4a1a3a69af68baca338eec09e643b Mon Sep 17 00:00:00 2001 From: nl6720 Date: Wed, 17 May 2023 17:36:27 +0300 Subject: CHANGELOG.rst: remove stray git conflict marker Fixes 8cc0e9e5b09d504a50701a825f0ab9992ed73b6f --- CHANGELOG.rst | 1 - 1 file changed, 1 deletion(-) (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 7295875..53b8c47 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -25,7 +25,6 @@ Deprecated Fixed ----- -<<<<<<< HEAD - Wait for ``network-online.target`` to become active before trying to download the script passed via the ``script=`` boot parameter. - Subdirectories from ``grub/`` are copied to the ISO. -- cgit v1.2.3-54-g00ecf From b5e7f5afc59497e1967f37d0e99e35f38781f432 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Sat, 25 Feb 2023 11:54:41 +0200 Subject: mkarchiso: add a -r option to delete the working directory `-r` will instruct to delete the working directory at the end of a `mkarchiso` run. If the specified directory already exists, then it will not be deleted and instead produce a warning. Implements #211 --- CHANGELOG.rst | 1 + archiso/mkarchiso | 25 +++++++++++++++++++++++-- 2 files changed, 24 insertions(+), 2 deletions(-) (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 53b8c47..6906305 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -11,6 +11,7 @@ Added - Added classes for Memtest86+ and UEFI Shell menuentries. - Add foot-terminfo and wezterm-terminfo packages to releng to support terminal emulators using them. E.g. when installing via SSH. +- Add a new ``-r`` option to ``mkarchiso`` that deletes the working directly after the build. Changed ------- diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 18b6ed7..66a8f45 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -39,6 +39,7 @@ pacman_conf="" packages="" bootstrap_packages="" pacstrap_dir="" +declare -i rm_work_dir=0 buildmodes=() bootmodes=() airootfs_image_type="" @@ -110,6 +111,7 @@ usage: ${app_name} [options] Default: '${out_dir}' -p [package ..] Package(s) to install. Multiple packages are provided as quoted, space delimited list. + -r Delete the working directory at the end. -v Enable verbose output -w Set the working directory Default: '${work_dir}' @@ -1658,6 +1660,9 @@ _set_overrides() { elif [[ -z "$quiet" ]]; then quiet="y" fi + if [[ -v override_rm_work_dir ]]; then + rm_work_dir="$override_rm_work_dir" + fi # Set variables that do not have overrides [[ -n "$airootfs_image_type" ]] || airootfs_image_type="squashfs" @@ -1730,6 +1735,16 @@ _make_pkglist() { _msg_info "Done!" } +# Create working directory +_make_work_dir() { + if [[ ! -d "${work_dir}" ]]; then + install -d -- "${work_dir}" + elif (( rm_work_dir )); then + rm_work_dir=0 + _msg_warning "Working directory removal requested, but '${work_dir}' already exists. It will not be removed!" 0 + fi +} + # build the base for an ISO and/or a netboot target _build_iso_base() { local run_once_mode="base" @@ -1741,7 +1756,7 @@ _build_iso_base() { isofs_dir="${work_dir}/iso" # Create working directory - [[ -d "${work_dir}" ]] || install -d -- "${work_dir}" + _run_once _make_work_dir # Write build date to file if it does not exist already [[ -e "${work_dir}/build_date" ]] || printf '%s\n' "$SOURCE_DATE_EPOCH" > "${work_dir}/build_date" @@ -1820,9 +1835,14 @@ _build() { for buildmode in "${buildmodes[@]}"; do _run_once "_build_buildmode_${buildmode}" done + if (( rm_work_dir )); then + _msg_info 'Removing the working directory...' + rm -rf -- "${work_dir:?}/" + _msg_info 'Done!' + fi } -while getopts 'c:p:C:L:P:A:D:w:m:o:g:G:vh?' arg; do +while getopts 'c:p:C:L:P:A:D:w:m:o:g:G:vrh?' arg; do case "${arg}" in p) read -r -a override_pkg_list <<< "${OPTARG}" ;; C) override_pacman_conf="${OPTARG}" ;; @@ -1837,6 +1857,7 @@ while getopts 'c:p:C:L:P:A:D:w:m:o:g:G:vh?' arg; do g) override_gpg_key="${OPTARG}" ;; G) override_gpg_sender="${OPTARG}" ;; v) override_quiet="n" ;; + r) declare -i override_rm_work_dir=1 ;; h|?) _usage 0 ;; *) _msg_error "Invalid argument '${arg}'" 0 -- cgit v1.2.3-54-g00ecf From 32b32bd61549ef44c585a5c8176981f255f3c532 Mon Sep 17 00:00:00 2001 From: Sorin Pânca Date: Mon, 22 May 2023 15:58:50 +0300 Subject: Add support for mDNS. --- CHANGELOG.rst | 1 + configs/baseline/airootfs/etc/systemd/network/20-ethernet.network | 1 + configs/baseline/airootfs/etc/systemd/resolved.conf.d/archiso.conf | 4 ++++ configs/releng/airootfs/etc/systemd/network/20-ethernet.network | 1 + configs/releng/airootfs/etc/systemd/network/20-wlan.network | 1 + configs/releng/airootfs/etc/systemd/resolved.conf.d/archiso.conf | 4 ++++ 6 files changed, 12 insertions(+) create mode 100644 configs/baseline/airootfs/etc/systemd/resolved.conf.d/archiso.conf create mode 100644 configs/releng/airootfs/etc/systemd/resolved.conf.d/archiso.conf (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 6906305..23c5bb4 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -12,6 +12,7 @@ Added - Add foot-terminfo and wezterm-terminfo packages to releng to support terminal emulators using them. E.g. when installing via SSH. - Add a new ``-r`` option to ``mkarchiso`` that deletes the working directly after the build. +- Add support for mDNS announce and resolve. Changed ------- diff --git a/configs/baseline/airootfs/etc/systemd/network/20-ethernet.network b/configs/baseline/airootfs/etc/systemd/network/20-ethernet.network index 4b6a2ab..64bb07e 100644 --- a/configs/baseline/airootfs/etc/systemd/network/20-ethernet.network +++ b/configs/baseline/airootfs/etc/systemd/network/20-ethernet.network @@ -7,4 +7,5 @@ Name=eth* [Network] DHCP=yes +MulticastDNS=yes IPv6PrivacyExtensions=yes diff --git a/configs/baseline/airootfs/etc/systemd/resolved.conf.d/archiso.conf b/configs/baseline/airootfs/etc/systemd/resolved.conf.d/archiso.conf new file mode 100644 index 0000000..636f3bd --- /dev/null +++ b/configs/baseline/airootfs/etc/systemd/resolved.conf.d/archiso.conf @@ -0,0 +1,4 @@ +# Default systemd-resolved configuration for archiso + +[Resolve] +MulticastDNS=yes diff --git a/configs/releng/airootfs/etc/systemd/network/20-ethernet.network b/configs/releng/airootfs/etc/systemd/network/20-ethernet.network index 9ada778..ce8de1f 100644 --- a/configs/releng/airootfs/etc/systemd/network/20-ethernet.network +++ b/configs/releng/airootfs/etc/systemd/network/20-ethernet.network @@ -7,6 +7,7 @@ Name=eth* [Network] DHCP=yes +MulticastDNS=yes IPv6PrivacyExtensions=yes # systemd-networkd does not set per-interface-type default route metrics diff --git a/configs/releng/airootfs/etc/systemd/network/20-wlan.network b/configs/releng/airootfs/etc/systemd/network/20-wlan.network index 601d5b8..e5990bf 100644 --- a/configs/releng/airootfs/etc/systemd/network/20-wlan.network +++ b/configs/releng/airootfs/etc/systemd/network/20-wlan.network @@ -3,6 +3,7 @@ Name=wl* [Network] DHCP=yes +MulticastDNS=yes IPv6PrivacyExtensions=yes # systemd-networkd does not set per-interface-type default route metrics diff --git a/configs/releng/airootfs/etc/systemd/resolved.conf.d/archiso.conf b/configs/releng/airootfs/etc/systemd/resolved.conf.d/archiso.conf new file mode 100644 index 0000000..636f3bd --- /dev/null +++ b/configs/releng/airootfs/etc/systemd/resolved.conf.d/archiso.conf @@ -0,0 +1,4 @@ +# Default systemd-resolved configuration for archiso + +[Resolve] +MulticastDNS=yes -- cgit v1.2.3-54-g00ecf From 1637dc3590ca6b15657bb850ee75000975d189ab Mon Sep 17 00:00:00 2001 From: nl6720 Date: Mon, 22 May 2023 15:14:11 +0300 Subject: Update configs/{baseline,releng}/pacman.conf Update pacman.conf to match the one shipped with pacman 6.0.2-7. The community repository is gone. See https://archlinux.org/news/git-migration-completed/ --- CHANGELOG.rst | 1 + configs/baseline/pacman.conf | 9 +++------ configs/releng/pacman.conf | 9 +++------ 3 files changed, 7 insertions(+), 12 deletions(-) (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 23c5bb4..6e34d6a 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -20,6 +20,7 @@ Changed - Increase EROFS compression for the baseline profile by using an extreme LZMA compression level and enabling the experimental compressed fragments and data deduplication features. - Identify the ISO volume via a UUID instead of a file system label in all boot loader configuration files. +- Update ``pacman.conf`` to match the one shipped with pacman 6.0.2-7 which removes the community repository. Deprecated ---------- diff --git a/configs/baseline/pacman.conf b/configs/baseline/pacman.conf index 5ee6c1e..f382fab 100644 --- a/configs/baseline/pacman.conf +++ b/configs/baseline/pacman.conf @@ -70,19 +70,16 @@ LocalFileSigLevel = Optional # repo name header and Include lines. You can add preferred servers immediately # after the header, and they will be used before the default mirrors. -#[testing] +#[core-testing] #Include = /etc/pacman.d/mirrorlist [core] Include = /etc/pacman.d/mirrorlist -[extra] -Include = /etc/pacman.d/mirrorlist - -#[community-testing] +#[extra-testing] #Include = /etc/pacman.d/mirrorlist -[community] +[extra] Include = /etc/pacman.d/mirrorlist # If you want to run 32 bit applications on your x86_64 system, diff --git a/configs/releng/pacman.conf b/configs/releng/pacman.conf index 5ee6c1e..f382fab 100644 --- a/configs/releng/pacman.conf +++ b/configs/releng/pacman.conf @@ -70,19 +70,16 @@ LocalFileSigLevel = Optional # repo name header and Include lines. You can add preferred servers immediately # after the header, and they will be used before the default mirrors. -#[testing] +#[core-testing] #Include = /etc/pacman.d/mirrorlist [core] Include = /etc/pacman.d/mirrorlist -[extra] -Include = /etc/pacman.d/mirrorlist - -#[community-testing] +#[extra-testing] #Include = /etc/pacman.d/mirrorlist -[community] +[extra] Include = /etc/pacman.d/mirrorlist # If you want to run 32 bit applications on your x86_64 system, -- cgit v1.2.3-54-g00ecf From c50ffaf48b7ec18a16c9271b3cda5365049b70e3 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Fri, 19 May 2023 14:02:59 +0300 Subject: Add changelog for 71 and update AUTHORS.rst --- AUTHORS.rst | 26 +++++++++++++++++++++++--- CHANGELOG.rst | 29 ++++++++++++++++++++++------- 2 files changed, 45 insertions(+), 10 deletions(-) (limited to 'CHANGELOG.rst') diff --git a/AUTHORS.rst b/AUTHORS.rst index 18207eb..b03d31a 100644 --- a/AUTHORS.rst +++ b/AUTHORS.rst @@ -2,38 +2,58 @@ Archiso Authors =============== +* 2hexed <2hexed@protonmail.com> * Aaron Griffin * Adam Purkrt * Alexander Epaneshnikov +* Alexander Speshilov +* Anton Hvornum +* Antonio V * Chandan Singh * Charles Vejnar * Christian Hesse * Christopher Brannon * Dan McGee +* Darren Ng * David Runge * David Thurstenson * Dieter Plaetinck * Eli Schwartz +* Eric Toombs <567-ewtoombs@users.noreply.gitlab.archlinux.org> * Florian Pritz * Francois Dupoux * Gerardo Exequiel Pozzi * Gerhard Brauer +* Giancarlo Razzolini +* Howard Hicks * James Sitegen +* Jonathan Liu +* Jonathon Fernyhough * Justin Kromlinger * Keshav Amburay +* Kristian Klausen * Loui Chang * Lukas Fleischer * Martin Damian Fernandez +* Michael Gilchrist * Michael Vorburger +* Pellegrino Prevete * Pierre Schmitz * Sean Enck * Simo Leone +* Simon Wilper +* Sorin Pânca * Steffen Bönigk * Sven-Hendrik Haase * Thomas Bächler +* Tobias Powalowski +* Tom Yan * Yu Li-Yu +* Zig Globulin +* hayao +* mono wock * nl6720 -* Øyvind Heggstad * plain linen -* Pellegrino Prevete -* Anton Hvornum +* shivanandvp +* weltio weltio +* Øyvind Heggstad diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 6e34d6a..86cdc02 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -8,6 +8,24 @@ Changelog Added ----- +Changed +------- + +Deprecated +---------- + +Fixed +----- + +Removed +------- + +[71] - 2023-05-28 +================= + +Added +----- + - Added classes for Memtest86+ and UEFI Shell menuentries. - Add foot-terminfo and wezterm-terminfo packages to releng to support terminal emulators using them. E.g. when installing via SSH. @@ -22,22 +40,19 @@ Changed - Identify the ISO volume via a UUID instead of a file system label in all boot loader configuration files. - Update ``pacman.conf`` to match the one shipped with pacman 6.0.2-7 which removes the community repository. -Deprecated ----------- - Fixed ----- - Wait for ``network-online.target`` to become active before trying to download the script passed via the ``script=`` boot parameter. - Subdirectories from ``grub/`` are copied to the ISO. -- Modify the commandline options to a ``cp`` command in ``mkarchiso`` so that the entire script does not exit with failure when a custom ``.bashrc`` file is supplied with the archiso configuration. This fix was needed after **GNU Coreutils** recently changed the behaviour of the ``-n`` (or ``--no-clobber``) commandline option to the ``cp`` command. +- Modify the commandline options to a ``cp`` command in ``mkarchiso`` so that the entire script does not exit with + failure when a custom ``.bashrc`` file is supplied with the archiso configuration. This fix was needed after + **GNU Coreutils** recently changed the behaviour of the ``-n`` (or ``--no-clobber``) commandline option to the ``cp`` + command. - Ensure ``SOURCE_DATE_EPOCH`` is read from the ``build_date`` file before ``profiledef.sh`` is sourced to ensure the variable has a correct value when used inside ``profiledef.sh``. -Removed -------- - [70] - 2023-02-27 ================= -- cgit v1.2.3-54-g00ecf From 1d1f9a0fc8feec8c917f36af3ddd28d20431e3db Mon Sep 17 00:00:00 2001 From: nl6720 Date: Thu, 1 Jun 2023 08:56:28 +0300 Subject: mkarchiso: run _cms_sign_artifact only once Since `_build_buildmode_netboot` runs `_build_iso_base` which runs `_prepare_airootfs_image`, the call to `_cms_sign_artifact` in `_build_buildmode_netboot` can be removed. Fixes #197 --- CHANGELOG.rst | 2 ++ archiso/mkarchiso | 1 - 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 86cdc02..31e48df 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -17,6 +17,8 @@ Deprecated Fixed ----- +- Sign the root file system image only once. + Removed ------- diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 66a8f45..3961f15 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1813,7 +1813,6 @@ _build_buildmode_netboot() { if [[ -v cert_list ]]; then _run_once _sign_netboot_artifacts - _cms_sign_artifact "${airootfs_image_filename}" fi _run_once _export_netboot_artifacts } -- cgit v1.2.3-54-g00ecf From bf79d7be9ec51c061b5fcca3b36a7da3423fc154 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Wed, 1 Dec 2021 18:08:26 +0200 Subject: mkarchiso: prevent interference from xorriso startup files Options set in xorriso startup files (~/.xorrisorc) could interfere with the xorriso command run by mkarchiso. For example, if ~root/.xorrisorc contains -dummy on, then the ISO file will be empty. Pass -no_rc as the first option to xorriso to prevent interference and unintended behavior. Fixes #153. --- CHANGELOG.rst | 1 + archiso/mkarchiso | 7 ++++++- 2 files changed, 7 insertions(+), 1 deletion(-) (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 31e48df..cab4633 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -18,6 +18,7 @@ Fixed ----- - Sign the root file system image only once. +- Make sure xorriso does not read its configuration files to prevent interference and unintended behavior. Removed ------- diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 3961f15..470a960 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1501,11 +1501,16 @@ _build_iso_image() { [[ -d "${out_dir}" ]] || install -d -- "${out_dir}" + # Do not read xorriso startup files to prevent interference and unintended behavior. + # For it to work, -no_rc must be the first argument passed to xorriso. + xorriso_options=('-no_rc') + + if [[ "${quiet}" == "y" ]]; then # The when xorriso is run in mkisofs compatibility mode (xorrisofs), the mkisofs option -quiet is interpreted # too late (e.g. messages about SOURCE_DATE_EPOCH still get shown). # Instead use native xorriso option to silence the output. - xorriso_options=('-report_about' 'SORRY' "${xorriso_options[@]}") + xorriso_options+=('-report_about' 'SORRY') fi # Add required xorrisofs options for each boot mode -- cgit v1.2.3-54-g00ecf From eb5720331bf72ae9ac97d77b0f7c48c3a3fb7980 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Thu, 1 Jun 2023 10:06:07 +0300 Subject: configs/: move custom mkinitcpio.conf files to /etc/mkinitcpio.conf.d/ This allows to retain a pristine /etc/mkinitcpio.conf in the rootfs. --- CHANGELOG.rst | 2 + configs/baseline/airootfs/etc/mkinitcpio.conf | 67 ---------------------- .../airootfs/etc/mkinitcpio.conf.d/archiso.conf | 67 ++++++++++++++++++++++ .../airootfs/etc/mkinitcpio.d/linux.preset | 2 +- configs/releng/airootfs/etc/mkinitcpio.conf | 67 ---------------------- .../airootfs/etc/mkinitcpio.conf.d/archiso.conf | 67 ++++++++++++++++++++++ .../releng/airootfs/etc/mkinitcpio.d/linux.preset | 2 +- 7 files changed, 138 insertions(+), 136 deletions(-) delete mode 100644 configs/baseline/airootfs/etc/mkinitcpio.conf create mode 100644 configs/baseline/airootfs/etc/mkinitcpio.conf.d/archiso.conf delete mode 100644 configs/releng/airootfs/etc/mkinitcpio.conf create mode 100644 configs/releng/airootfs/etc/mkinitcpio.conf.d/archiso.conf (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index cab4633..18051a6 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -11,6 +11,8 @@ Added Changed ------- +- Moved custom ``mkinitcpio.conf`` files to ``/etc/mkinitcpio.conf.d/archiso.conf``. + Deprecated ---------- diff --git a/configs/baseline/airootfs/etc/mkinitcpio.conf b/configs/baseline/airootfs/etc/mkinitcpio.conf deleted file mode 100644 index 34b1a06..0000000 --- a/configs/baseline/airootfs/etc/mkinitcpio.conf +++ /dev/null @@ -1,67 +0,0 @@ -# vim:set ft=sh -# MODULES -# The following modules are loaded before any boot hooks are -# run. Advanced users may wish to specify all system modules -# in this array. For instance: -# MODULES=(piix ide_disk reiserfs) -MODULES=() - -# BINARIES -# This setting includes any additional binaries a given user may -# wish into the CPIO image. This is run last, so it may be used to -# override the actual binaries included by a given hook -# BINARIES are dependency parsed, so you may safely ignore libraries -BINARIES=() - -# FILES -# This setting is similar to BINARIES above, however, files are added -# as-is and are not parsed in any way. This is useful for config files. -FILES=() - -# HOOKS -# This is the most important setting in this file. The HOOKS control the -# modules and scripts added to the image, and what happens at boot time. -# Order is important, and it is recommended that you do not change the -# order in which HOOKS are added. Run 'mkinitcpio -H ' for -# help on a given hook. -# 'base' is _required_ unless you know precisely what you are doing. -# 'udev' is _required_ in order to automatically load modules -# 'filesystems' is _required_ unless you specify your fs modules in MODULES -# Examples: -## This setup specifies all modules in the MODULES setting above. -## No raid, lvm2, or encrypted root is needed. -# HOOKS=(base) -# -## This setup will autodetect all modules for your system and should -## work as a sane default -# HOOKS=(base udev autodetect block filesystems) -# -## This setup will generate a 'full' image which supports most systems. -## No autodetection is done. -# HOOKS=(base udev block filesystems) -# -## This setup assembles a pata mdadm array with an encrypted root FS. -## Note: See 'mkinitcpio -H mdadm' for more information on raid devices. -# HOOKS=(base udev block mdadm encrypt filesystems) -# -## This setup loads an lvm2 volume group on a usb device. -# HOOKS=(base udev block lvm2 filesystems) -# -## NOTE: If you have /usr on a separate partition, you MUST include the -# usr, fsck and shutdown hooks. -HOOKS=(base udev modconf archiso block filesystems) - -# COMPRESSION -# Use this to compress the initramfs image. By default, gzip compression -# is used. Use 'cat' to create an uncompressed image. -#COMPRESSION="gzip" -#COMPRESSION="bzip2" -#COMPRESSION="lzma" -#COMPRESSION="xz" -#COMPRESSION="lzop" -#COMPRESSION="lz4" -#COMPRESSION="zstd" - -# COMPRESSION_OPTIONS -# Additional options for the compressor -#COMPRESSION_OPTIONS=() diff --git a/configs/baseline/airootfs/etc/mkinitcpio.conf.d/archiso.conf b/configs/baseline/airootfs/etc/mkinitcpio.conf.d/archiso.conf new file mode 100644 index 0000000..34b1a06 --- /dev/null +++ b/configs/baseline/airootfs/etc/mkinitcpio.conf.d/archiso.conf @@ -0,0 +1,67 @@ +# vim:set ft=sh +# MODULES +# The following modules are loaded before any boot hooks are +# run. Advanced users may wish to specify all system modules +# in this array. For instance: +# MODULES=(piix ide_disk reiserfs) +MODULES=() + +# BINARIES +# This setting includes any additional binaries a given user may +# wish into the CPIO image. This is run last, so it may be used to +# override the actual binaries included by a given hook +# BINARIES are dependency parsed, so you may safely ignore libraries +BINARIES=() + +# FILES +# This setting is similar to BINARIES above, however, files are added +# as-is and are not parsed in any way. This is useful for config files. +FILES=() + +# HOOKS +# This is the most important setting in this file. The HOOKS control the +# modules and scripts added to the image, and what happens at boot time. +# Order is important, and it is recommended that you do not change the +# order in which HOOKS are added. Run 'mkinitcpio -H ' for +# help on a given hook. +# 'base' is _required_ unless you know precisely what you are doing. +# 'udev' is _required_ in order to automatically load modules +# 'filesystems' is _required_ unless you specify your fs modules in MODULES +# Examples: +## This setup specifies all modules in the MODULES setting above. +## No raid, lvm2, or encrypted root is needed. +# HOOKS=(base) +# +## This setup will autodetect all modules for your system and should +## work as a sane default +# HOOKS=(base udev autodetect block filesystems) +# +## This setup will generate a 'full' image which supports most systems. +## No autodetection is done. +# HOOKS=(base udev block filesystems) +# +## This setup assembles a pata mdadm array with an encrypted root FS. +## Note: See 'mkinitcpio -H mdadm' for more information on raid devices. +# HOOKS=(base udev block mdadm encrypt filesystems) +# +## This setup loads an lvm2 volume group on a usb device. +# HOOKS=(base udev block lvm2 filesystems) +# +## NOTE: If you have /usr on a separate partition, you MUST include the +# usr, fsck and shutdown hooks. +HOOKS=(base udev modconf archiso block filesystems) + +# COMPRESSION +# Use this to compress the initramfs image. By default, gzip compression +# is used. Use 'cat' to create an uncompressed image. +#COMPRESSION="gzip" +#COMPRESSION="bzip2" +#COMPRESSION="lzma" +#COMPRESSION="xz" +#COMPRESSION="lzop" +#COMPRESSION="lz4" +#COMPRESSION="zstd" + +# COMPRESSION_OPTIONS +# Additional options for the compressor +#COMPRESSION_OPTIONS=() diff --git a/configs/baseline/airootfs/etc/mkinitcpio.d/linux.preset b/configs/baseline/airootfs/etc/mkinitcpio.d/linux.preset index 9f67184..8e85205 100644 --- a/configs/baseline/airootfs/etc/mkinitcpio.d/linux.preset +++ b/configs/baseline/airootfs/etc/mkinitcpio.d/linux.preset @@ -3,6 +3,6 @@ PRESETS=('archiso') ALL_kver='/boot/vmlinuz-linux' -ALL_config='/etc/mkinitcpio.conf' +archiso_config='/etc/mkinitcpio.conf.d/archiso.conf' archiso_image="/boot/initramfs-linux.img" diff --git a/configs/releng/airootfs/etc/mkinitcpio.conf b/configs/releng/airootfs/etc/mkinitcpio.conf deleted file mode 100644 index 96a8752..0000000 --- a/configs/releng/airootfs/etc/mkinitcpio.conf +++ /dev/null @@ -1,67 +0,0 @@ -# vim:set ft=sh -# MODULES -# The following modules are loaded before any boot hooks are -# run. Advanced users may wish to specify all system modules -# in this array. For instance: -# MODULES=(piix ide_disk reiserfs) -MODULES=() - -# BINARIES -# This setting includes any additional binaries a given user may -# wish into the CPIO image. This is run last, so it may be used to -# override the actual binaries included by a given hook -# BINARIES are dependency parsed, so you may safely ignore libraries -BINARIES=() - -# FILES -# This setting is similar to BINARIES above, however, files are added -# as-is and are not parsed in any way. This is useful for config files. -FILES=() - -# HOOKS -# This is the most important setting in this file. The HOOKS control the -# modules and scripts added to the image, and what happens at boot time. -# Order is important, and it is recommended that you do not change the -# order in which HOOKS are added. Run 'mkinitcpio -H ' for -# help on a given hook. -# 'base' is _required_ unless you know precisely what you are doing. -# 'udev' is _required_ in order to automatically load modules -# 'filesystems' is _required_ unless you specify your fs modules in MODULES -# Examples: -## This setup specifies all modules in the MODULES setting above. -## No raid, lvm2, or encrypted root is needed. -# HOOKS=(base) -# -## This setup will autodetect all modules for your system and should -## work as a sane default -# HOOKS=(base udev autodetect block filesystems) -# -## This setup will generate a 'full' image which supports most systems. -## No autodetection is done. -# HOOKS=(base udev block filesystems) -# -## This setup assembles a pata mdadm array with an encrypted root FS. -## Note: See 'mkinitcpio -H mdadm' for more information on raid devices. -# HOOKS=(base udev block mdadm encrypt filesystems) -# -## This setup loads an lvm2 volume group on a usb device. -# HOOKS=(base udev block lvm2 filesystems) -# -## NOTE: If you have /usr on a separate partition, you MUST include the -# usr, fsck and shutdown hooks. -HOOKS=(base udev modconf kms memdisk archiso archiso_loop_mnt archiso_pxe_common archiso_pxe_nbd archiso_pxe_http archiso_pxe_nfs block filesystems keyboard) - -# COMPRESSION -# Use this to compress the initramfs image. By default, gzip compression -# is used. Use 'cat' to create an uncompressed image. -#COMPRESSION="gzip" -#COMPRESSION="bzip2" -#COMPRESSION="lzma" -COMPRESSION="xz" -#COMPRESSION="lzop" -#COMPRESSION="lz4" -#COMPRESSION="zstd" - -# COMPRESSION_OPTIONS -# Additional options for the compressor -#COMPRESSION_OPTIONS=() diff --git a/configs/releng/airootfs/etc/mkinitcpio.conf.d/archiso.conf b/configs/releng/airootfs/etc/mkinitcpio.conf.d/archiso.conf new file mode 100644 index 0000000..96a8752 --- /dev/null +++ b/configs/releng/airootfs/etc/mkinitcpio.conf.d/archiso.conf @@ -0,0 +1,67 @@ +# vim:set ft=sh +# MODULES +# The following modules are loaded before any boot hooks are +# run. Advanced users may wish to specify all system modules +# in this array. For instance: +# MODULES=(piix ide_disk reiserfs) +MODULES=() + +# BINARIES +# This setting includes any additional binaries a given user may +# wish into the CPIO image. This is run last, so it may be used to +# override the actual binaries included by a given hook +# BINARIES are dependency parsed, so you may safely ignore libraries +BINARIES=() + +# FILES +# This setting is similar to BINARIES above, however, files are added +# as-is and are not parsed in any way. This is useful for config files. +FILES=() + +# HOOKS +# This is the most important setting in this file. The HOOKS control the +# modules and scripts added to the image, and what happens at boot time. +# Order is important, and it is recommended that you do not change the +# order in which HOOKS are added. Run 'mkinitcpio -H ' for +# help on a given hook. +# 'base' is _required_ unless you know precisely what you are doing. +# 'udev' is _required_ in order to automatically load modules +# 'filesystems' is _required_ unless you specify your fs modules in MODULES +# Examples: +## This setup specifies all modules in the MODULES setting above. +## No raid, lvm2, or encrypted root is needed. +# HOOKS=(base) +# +## This setup will autodetect all modules for your system and should +## work as a sane default +# HOOKS=(base udev autodetect block filesystems) +# +## This setup will generate a 'full' image which supports most systems. +## No autodetection is done. +# HOOKS=(base udev block filesystems) +# +## This setup assembles a pata mdadm array with an encrypted root FS. +## Note: See 'mkinitcpio -H mdadm' for more information on raid devices. +# HOOKS=(base udev block mdadm encrypt filesystems) +# +## This setup loads an lvm2 volume group on a usb device. +# HOOKS=(base udev block lvm2 filesystems) +# +## NOTE: If you have /usr on a separate partition, you MUST include the +# usr, fsck and shutdown hooks. +HOOKS=(base udev modconf kms memdisk archiso archiso_loop_mnt archiso_pxe_common archiso_pxe_nbd archiso_pxe_http archiso_pxe_nfs block filesystems keyboard) + +# COMPRESSION +# Use this to compress the initramfs image. By default, gzip compression +# is used. Use 'cat' to create an uncompressed image. +#COMPRESSION="gzip" +#COMPRESSION="bzip2" +#COMPRESSION="lzma" +COMPRESSION="xz" +#COMPRESSION="lzop" +#COMPRESSION="lz4" +#COMPRESSION="zstd" + +# COMPRESSION_OPTIONS +# Additional options for the compressor +#COMPRESSION_OPTIONS=() diff --git a/configs/releng/airootfs/etc/mkinitcpio.d/linux.preset b/configs/releng/airootfs/etc/mkinitcpio.d/linux.preset index 9f67184..8e85205 100644 --- a/configs/releng/airootfs/etc/mkinitcpio.d/linux.preset +++ b/configs/releng/airootfs/etc/mkinitcpio.d/linux.preset @@ -3,6 +3,6 @@ PRESETS=('archiso') ALL_kver='/boot/vmlinuz-linux' -ALL_config='/etc/mkinitcpio.conf' +archiso_config='/etc/mkinitcpio.conf.d/archiso.conf' archiso_image="/boot/initramfs-linux.img" -- cgit v1.2.3-54-g00ecf From 0b8704fe4bda6b9208b5bb9e4060a0aeeea2a669 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Sun, 30 Jul 2023 15:52:51 +0300 Subject: configs/releng/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount: use tmpfs with noswap option Since tmpfs has a `noswap` option, use it instead of ramfs. Unlike ramfs, tmpfs has a limit to its size. This reverts commit 09b0428128700f37bd465eb54c6e45f69c17617d ("configs/releng/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount: use ramfs"). --- CHANGELOG.rst | 2 ++ configs/releng/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount | 6 +++--- 2 files changed, 5 insertions(+), 3 deletions(-) (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 18051a6..cdfd7f5 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -12,6 +12,8 @@ Changed ------- - Moved custom ``mkinitcpio.conf`` files to ``/etc/mkinitcpio.conf.d/archiso.conf``. +- Mount ``/etc/pacman.d/gnupg`` on tmpfs with option ``noswap`` instead of using ramfs. This ensures there is a limit to + the file system size. Deprecated ---------- diff --git a/configs/releng/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount b/configs/releng/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount index 0ba0e67..038961e 100644 --- a/configs/releng/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount +++ b/configs/releng/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount @@ -2,7 +2,7 @@ Description=Temporary /etc/pacman.d/gnupg directory [Mount] -What=ramfs +What=tmpfs Where=/etc/pacman.d/gnupg -Type=ramfs -Options=mode=0755 +Type=tmpfs +Options=mode=0755,noswap -- cgit v1.2.3-54-g00ecf From 2e6db24f23abe37e0aefbe8950ecc6c15e3bd50f Mon Sep 17 00:00:00 2001 From: nl6720 Date: Wed, 2 Aug 2023 11:10:37 +0300 Subject: Set IPv6PrivacyExtensions=yes in global systemd-netorkd configuration Since systemd 245, IPv6PrivacyExtensions can be set not just per connection, but also globally for all connection with a configuration file in /etc/systemd/network.conf.d/. --- CHANGELOG.rst | 1 + .../airootfs/etc/systemd/network.conf.d/ipv6-privacy-extensions.conf | 2 ++ configs/baseline/airootfs/etc/systemd/network/20-ethernet.network | 1 - .../airootfs/etc/systemd/network.conf.d/ipv6-privacy-extensions.conf | 2 ++ configs/releng/airootfs/etc/systemd/network/20-ethernet.network | 1 - configs/releng/airootfs/etc/systemd/network/20-wlan.network | 1 - configs/releng/airootfs/etc/systemd/network/20-wwan.network | 1 - 7 files changed, 5 insertions(+), 4 deletions(-) create mode 100644 configs/baseline/airootfs/etc/systemd/network.conf.d/ipv6-privacy-extensions.conf create mode 100644 configs/releng/airootfs/etc/systemd/network.conf.d/ipv6-privacy-extensions.conf (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index cdfd7f5..1323333 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -14,6 +14,7 @@ Changed - Moved custom ``mkinitcpio.conf`` files to ``/etc/mkinitcpio.conf.d/archiso.conf``. - Mount ``/etc/pacman.d/gnupg`` on tmpfs with option ``noswap`` instead of using ramfs. This ensures there is a limit to the file system size. +- Enable systemd-networkd's support for IPv6 Privacy Extensions globally instead of per-connection. Deprecated ---------- diff --git a/configs/baseline/airootfs/etc/systemd/network.conf.d/ipv6-privacy-extensions.conf b/configs/baseline/airootfs/etc/systemd/network.conf.d/ipv6-privacy-extensions.conf new file mode 100644 index 0000000..0e9ceb4 --- /dev/null +++ b/configs/baseline/airootfs/etc/systemd/network.conf.d/ipv6-privacy-extensions.conf @@ -0,0 +1,2 @@ +[Network] +IPv6PrivacyExtensions=yes diff --git a/configs/baseline/airootfs/etc/systemd/network/20-ethernet.network b/configs/baseline/airootfs/etc/systemd/network/20-ethernet.network index 64bb07e..177e0aa 100644 --- a/configs/baseline/airootfs/etc/systemd/network/20-ethernet.network +++ b/configs/baseline/airootfs/etc/systemd/network/20-ethernet.network @@ -8,4 +8,3 @@ Name=eth* [Network] DHCP=yes MulticastDNS=yes -IPv6PrivacyExtensions=yes diff --git a/configs/releng/airootfs/etc/systemd/network.conf.d/ipv6-privacy-extensions.conf b/configs/releng/airootfs/etc/systemd/network.conf.d/ipv6-privacy-extensions.conf new file mode 100644 index 0000000..0e9ceb4 --- /dev/null +++ b/configs/releng/airootfs/etc/systemd/network.conf.d/ipv6-privacy-extensions.conf @@ -0,0 +1,2 @@ +[Network] +IPv6PrivacyExtensions=yes diff --git a/configs/releng/airootfs/etc/systemd/network/20-ethernet.network b/configs/releng/airootfs/etc/systemd/network/20-ethernet.network index ce8de1f..4b0f9b3 100644 --- a/configs/releng/airootfs/etc/systemd/network/20-ethernet.network +++ b/configs/releng/airootfs/etc/systemd/network/20-ethernet.network @@ -8,7 +8,6 @@ Name=eth* [Network] DHCP=yes MulticastDNS=yes -IPv6PrivacyExtensions=yes # systemd-networkd does not set per-interface-type default route metrics # https://github.com/systemd/systemd/issues/17698 diff --git a/configs/releng/airootfs/etc/systemd/network/20-wlan.network b/configs/releng/airootfs/etc/systemd/network/20-wlan.network index e5990bf..970eb70 100644 --- a/configs/releng/airootfs/etc/systemd/network/20-wlan.network +++ b/configs/releng/airootfs/etc/systemd/network/20-wlan.network @@ -4,7 +4,6 @@ Name=wl* [Network] DHCP=yes MulticastDNS=yes -IPv6PrivacyExtensions=yes # systemd-networkd does not set per-interface-type default route metrics # https://github.com/systemd/systemd/issues/17698 diff --git a/configs/releng/airootfs/etc/systemd/network/20-wwan.network b/configs/releng/airootfs/etc/systemd/network/20-wwan.network index 9104c24..625abbe 100644 --- a/configs/releng/airootfs/etc/systemd/network/20-wwan.network +++ b/configs/releng/airootfs/etc/systemd/network/20-wwan.network @@ -3,7 +3,6 @@ Name=ww* [Network] DHCP=yes -IPv6PrivacyExtensions=yes # systemd-networkd does not set per-interface-type default route metrics # https://github.com/systemd/systemd/issues/17698 -- cgit v1.2.3-54-g00ecf From 9bb29f39805f38b1fecd6c6b5660ed124202f930 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Fri, 11 Aug 2023 11:51:31 +0300 Subject: configs/releng/packages.x86_64: add tpm2-tools The tools are useful for clearing, creating and reading keys and etc. on the TPM. --- CHANGELOG.rst | 2 ++ configs/releng/packages.x86_64 | 1 + 2 files changed, 3 insertions(+) (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 1323333..6d9546f 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -8,6 +8,8 @@ Changelog Added ----- +- Add tpm2-tools to releng to allow clearing, creating and reading keys on the TPM. + Changed ------- diff --git a/configs/releng/packages.x86_64 b/configs/releng/packages.x86_64 index 43678b2..98b86cf 100644 --- a/configs/releng/packages.x86_64 +++ b/configs/releng/packages.x86_64 @@ -107,6 +107,7 @@ tcpdump terminus-font testdisk tmux +tpm2-tools tpm2-tss udftools usb_modeswitch -- cgit v1.2.3-54-g00ecf From d501e235bb784885b3bd59843d701b1e546ad492 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Sat, 12 Aug 2023 09:07:03 +0300 Subject: Move custom sshd_config to /etc/ssh/sshd_config.d/ openssh 9.4p1-2 changed /etc/ssh/sshd_config to add support for drop-in files in /etc/ssh/sshd_config.d/. Using drop-in files avoids needing to keep up with changes to the default /etc/ssh/sshd_config. --- CHANGELOG.rst | 1 + configs/baseline/airootfs/etc/ssh/sshd_config | 116 --------------------- .../airootfs/etc/ssh/sshd_config.d/10-archiso.conf | 116 +++++++++++++++++++++ configs/releng/airootfs/etc/ssh/sshd_config | 116 --------------------- .../airootfs/etc/ssh/sshd_config.d/10-archiso.conf | 116 +++++++++++++++++++++ 5 files changed, 233 insertions(+), 232 deletions(-) delete mode 100644 configs/baseline/airootfs/etc/ssh/sshd_config create mode 100644 configs/baseline/airootfs/etc/ssh/sshd_config.d/10-archiso.conf delete mode 100644 configs/releng/airootfs/etc/ssh/sshd_config create mode 100644 configs/releng/airootfs/etc/ssh/sshd_config.d/10-archiso.conf (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 6d9546f..c6f6296 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -17,6 +17,7 @@ Changed - Mount ``/etc/pacman.d/gnupg`` on tmpfs with option ``noswap`` instead of using ramfs. This ensures there is a limit to the file system size. - Enable systemd-networkd's support for IPv6 Privacy Extensions globally instead of per-connection. +- Moved custom ``sshd_config`` files to ``/ssh/sshd_config.d/10-archiso.conf`` Deprecated ---------- diff --git a/configs/baseline/airootfs/etc/ssh/sshd_config b/configs/baseline/airootfs/etc/ssh/sshd_config deleted file mode 100644 index dc22c11..0000000 --- a/configs/baseline/airootfs/etc/ssh/sshd_config +++ /dev/null @@ -1,116 +0,0 @@ -# $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $ - -# This is the sshd server system-wide configuration file. See -# sshd_config(5) for more information. - -# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/bin - -# The strategy used for options in the default sshd_config shipped with -# OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options override the -# default value. - -#Port 22 -#AddressFamily any -#ListenAddress 0.0.0.0 -#ListenAddress :: - -#HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_ecdsa_key -#HostKey /etc/ssh/ssh_host_ed25519_key - -# Ciphers and keying -#RekeyLimit default none - -# Logging -#SyslogFacility AUTH -#LogLevel INFO - -# Authentication: - -#LoginGraceTime 2m -PermitRootLogin yes -#StrictModes yes -#MaxAuthTries 6 -#MaxSessions 10 - -#PubkeyAuthentication yes - -# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 -# but this is overridden so installations will only check .ssh/authorized_keys -AuthorizedKeysFile .ssh/authorized_keys - -#AuthorizedPrincipalsFile none - -#AuthorizedKeysCommand none -#AuthorizedKeysCommandUser nobody - -# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#HostbasedAuthentication no -# Change to yes if you don't trust ~/.ssh/known_hosts for -# HostbasedAuthentication -#IgnoreUserKnownHosts no -# Don't read the user's ~/.rhosts and ~/.shosts files -#IgnoreRhosts yes - -# To disable tunneled clear text passwords, change to no here! -#PasswordAuthentication yes -#PermitEmptyPasswords no - -# Change to no to disable s/key passwords -KbdInteractiveAuthentication no - -# Kerberos options -#KerberosAuthentication no -#KerberosOrLocalPasswd yes -#KerberosTicketCleanup yes -#KerberosGetAFSToken no - -# GSSAPI options -#GSSAPIAuthentication no -#GSSAPICleanupCredentials yes - -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will -# be allowed through the KbdInteractiveAuthentication and -# PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via KbdInteractiveAuthentication may bypass -# the setting of "PermitRootLogin prohibit-password". -# If you just want the PAM account and session checks to run without -# PAM authentication, then enable this but set PasswordAuthentication -# and KbdInteractiveAuthentication to 'no'. -UsePAM yes - -#AllowAgentForwarding yes -#AllowTcpForwarding yes -#GatewayPorts no -#X11Forwarding no -#X11DisplayOffset 10 -#X11UseLocalhost yes -#PermitTTY yes -PrintMotd no -#PrintLastLog yes -#TCPKeepAlive yes -#PermitUserEnvironment no -#Compression delayed -#ClientAliveInterval 0 -#ClientAliveCountMax 3 -#UseDNS no -#PidFile /run/sshd.pid -#MaxStartups 10:30:100 -#PermitTunnel no -#ChrootDirectory none -#VersionAddendum none - -# no default banner path -#Banner none - -# override default of no subsystems -Subsystem sftp /usr/lib/ssh/sftp-server - -# Example of overriding settings on a per-user basis -#Match User anoncvs -# X11Forwarding no -# AllowTcpForwarding no -# PermitTTY no -# ForceCommand cvs server diff --git a/configs/baseline/airootfs/etc/ssh/sshd_config.d/10-archiso.conf b/configs/baseline/airootfs/etc/ssh/sshd_config.d/10-archiso.conf new file mode 100644 index 0000000..dc22c11 --- /dev/null +++ b/configs/baseline/airootfs/etc/ssh/sshd_config.d/10-archiso.conf @@ -0,0 +1,116 @@ +# $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/bin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options override the +# default value. + +#Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key +#HostKey /etc/ssh/ssh_host_ed25519_key + +# Ciphers and keying +#RekeyLimit default none + +# Logging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +PermitRootLogin yes +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#PubkeyAuthentication yes + +# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 +# but this is overridden so installations will only check .ssh/authorized_keys +AuthorizedKeysFile .ssh/authorized_keys + +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +#PermitEmptyPasswords no + +# Change to no to disable s/key passwords +KbdInteractiveAuthentication no + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the KbdInteractiveAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via KbdInteractiveAuthentication may bypass +# the setting of "PermitRootLogin prohibit-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and KbdInteractiveAuthentication to 'no'. +UsePAM yes + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +#X11Forwarding no +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PermitTTY yes +PrintMotd no +#PrintLastLog yes +#TCPKeepAlive yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS no +#PidFile /run/sshd.pid +#MaxStartups 10:30:100 +#PermitTunnel no +#ChrootDirectory none +#VersionAddendum none + +# no default banner path +#Banner none + +# override default of no subsystems +Subsystem sftp /usr/lib/ssh/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# PermitTTY no +# ForceCommand cvs server diff --git a/configs/releng/airootfs/etc/ssh/sshd_config b/configs/releng/airootfs/etc/ssh/sshd_config deleted file mode 100644 index dc22c11..0000000 --- a/configs/releng/airootfs/etc/ssh/sshd_config +++ /dev/null @@ -1,116 +0,0 @@ -# $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $ - -# This is the sshd server system-wide configuration file. See -# sshd_config(5) for more information. - -# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/bin - -# The strategy used for options in the default sshd_config shipped with -# OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options override the -# default value. - -#Port 22 -#AddressFamily any -#ListenAddress 0.0.0.0 -#ListenAddress :: - -#HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_ecdsa_key -#HostKey /etc/ssh/ssh_host_ed25519_key - -# Ciphers and keying -#RekeyLimit default none - -# Logging -#SyslogFacility AUTH -#LogLevel INFO - -# Authentication: - -#LoginGraceTime 2m -PermitRootLogin yes -#StrictModes yes -#MaxAuthTries 6 -#MaxSessions 10 - -#PubkeyAuthentication yes - -# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 -# but this is overridden so installations will only check .ssh/authorized_keys -AuthorizedKeysFile .ssh/authorized_keys - -#AuthorizedPrincipalsFile none - -#AuthorizedKeysCommand none -#AuthorizedKeysCommandUser nobody - -# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#HostbasedAuthentication no -# Change to yes if you don't trust ~/.ssh/known_hosts for -# HostbasedAuthentication -#IgnoreUserKnownHosts no -# Don't read the user's ~/.rhosts and ~/.shosts files -#IgnoreRhosts yes - -# To disable tunneled clear text passwords, change to no here! -#PasswordAuthentication yes -#PermitEmptyPasswords no - -# Change to no to disable s/key passwords -KbdInteractiveAuthentication no - -# Kerberos options -#KerberosAuthentication no -#KerberosOrLocalPasswd yes -#KerberosTicketCleanup yes -#KerberosGetAFSToken no - -# GSSAPI options -#GSSAPIAuthentication no -#GSSAPICleanupCredentials yes - -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will -# be allowed through the KbdInteractiveAuthentication and -# PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via KbdInteractiveAuthentication may bypass -# the setting of "PermitRootLogin prohibit-password". -# If you just want the PAM account and session checks to run without -# PAM authentication, then enable this but set PasswordAuthentication -# and KbdInteractiveAuthentication to 'no'. -UsePAM yes - -#AllowAgentForwarding yes -#AllowTcpForwarding yes -#GatewayPorts no -#X11Forwarding no -#X11DisplayOffset 10 -#X11UseLocalhost yes -#PermitTTY yes -PrintMotd no -#PrintLastLog yes -#TCPKeepAlive yes -#PermitUserEnvironment no -#Compression delayed -#ClientAliveInterval 0 -#ClientAliveCountMax 3 -#UseDNS no -#PidFile /run/sshd.pid -#MaxStartups 10:30:100 -#PermitTunnel no -#ChrootDirectory none -#VersionAddendum none - -# no default banner path -#Banner none - -# override default of no subsystems -Subsystem sftp /usr/lib/ssh/sftp-server - -# Example of overriding settings on a per-user basis -#Match User anoncvs -# X11Forwarding no -# AllowTcpForwarding no -# PermitTTY no -# ForceCommand cvs server diff --git a/configs/releng/airootfs/etc/ssh/sshd_config.d/10-archiso.conf b/configs/releng/airootfs/etc/ssh/sshd_config.d/10-archiso.conf new file mode 100644 index 0000000..dc22c11 --- /dev/null +++ b/configs/releng/airootfs/etc/ssh/sshd_config.d/10-archiso.conf @@ -0,0 +1,116 @@ +# $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/bin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options override the +# default value. + +#Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key +#HostKey /etc/ssh/ssh_host_ed25519_key + +# Ciphers and keying +#RekeyLimit default none + +# Logging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +PermitRootLogin yes +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#PubkeyAuthentication yes + +# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 +# but this is overridden so installations will only check .ssh/authorized_keys +AuthorizedKeysFile .ssh/authorized_keys + +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +#PermitEmptyPasswords no + +# Change to no to disable s/key passwords +KbdInteractiveAuthentication no + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the KbdInteractiveAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via KbdInteractiveAuthentication may bypass +# the setting of "PermitRootLogin prohibit-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and KbdInteractiveAuthentication to 'no'. +UsePAM yes + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +#X11Forwarding no +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PermitTTY yes +PrintMotd no +#PrintLastLog yes +#TCPKeepAlive yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS no +#PidFile /run/sshd.pid +#MaxStartups 10:30:100 +#PermitTunnel no +#ChrootDirectory none +#VersionAddendum none + +# no default banner path +#Banner none + +# override default of no subsystems +Subsystem sftp /usr/lib/ssh/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# PermitTTY no +# ForceCommand cvs server -- cgit v1.2.3-54-g00ecf From 81d62d4c5d0319906f9b18707a21029b0efdd896 Mon Sep 17 00:00:00 2001 From: David Runge Date: Tue, 29 Aug 2023 15:04:25 +0200 Subject: Add sequoia-sq and openpgp-card-tools to releng profile --- CHANGELOG.rst | 1 + configs/releng/packages.x86_64 | 2 ++ 2 files changed, 3 insertions(+) (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index c6f6296..d941d1a 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -9,6 +9,7 @@ Added ----- - Add tpm2-tools to releng to allow clearing, creating and reading keys on the TPM. +- Add sequoia-sq and openpgp-card-tools as additional tooling for working with OpenPGP certificates and smartcards. Changed ------- diff --git a/configs/releng/packages.x86_64 b/configs/releng/packages.x86_64 index 98b86cf..6b6cf0c 100644 --- a/configs/releng/packages.x86_64 +++ b/configs/releng/packages.x86_64 @@ -78,6 +78,7 @@ nvme-cli open-iscsi open-vm-tools openconnect +openpgp-card-tools openssh openvpn partclone @@ -96,6 +97,7 @@ rsync rxvt-unicode-terminfo screen sdparm +sequoia-sq sg3_utils smartmontools sof-firmware -- cgit v1.2.3-54-g00ecf From 6c5ab3d3885024bc7a8feb724b721d4b481f13a9 Mon Sep 17 00:00:00 2001 From: David Runge Date: Tue, 29 Aug 2023 20:09:46 +0200 Subject: Use pcsclite for communicating with OpenPGP smartcards As opgpcard uses pcsclite and gnupg is able to use it as well, switch away from using gnupg's internal ccid driver. --- CHANGELOG.rst | 1 + .../airootfs/etc/systemd/system/sockets.target.wants/pcscd.socket | 1 + configs/releng/airootfs/root/.gnupg/scdaemon.conf | 4 ++++ configs/releng/profiledef.sh | 1 + 4 files changed, 7 insertions(+) create mode 120000 configs/releng/airootfs/etc/systemd/system/sockets.target.wants/pcscd.socket create mode 100644 configs/releng/airootfs/root/.gnupg/scdaemon.conf (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index d941d1a..0cf973a 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -19,6 +19,7 @@ Changed the file system size. - Enable systemd-networkd's support for IPv6 Privacy Extensions globally instead of per-connection. - Moved custom ``sshd_config`` files to ``/ssh/sshd_config.d/10-archiso.conf`` +- Use pcsclite for interfacing with smartcards, since both gnupg and opgpcard support it. Deprecated ---------- diff --git a/configs/releng/airootfs/etc/systemd/system/sockets.target.wants/pcscd.socket b/configs/releng/airootfs/etc/systemd/system/sockets.target.wants/pcscd.socket new file mode 120000 index 0000000..3897c63 --- /dev/null +++ b/configs/releng/airootfs/etc/systemd/system/sockets.target.wants/pcscd.socket @@ -0,0 +1 @@ +/usr/lib/systemd/system/pcscd.socket \ No newline at end of file diff --git a/configs/releng/airootfs/root/.gnupg/scdaemon.conf b/configs/releng/airootfs/root/.gnupg/scdaemon.conf new file mode 100644 index 0000000..e1f3d1f --- /dev/null +++ b/configs/releng/airootfs/root/.gnupg/scdaemon.conf @@ -0,0 +1,4 @@ +disable-ccid +disable-pinpad +pcsc-driver /usr/lib/libpcsclite.so +pcsc-shared diff --git a/configs/releng/profiledef.sh b/configs/releng/profiledef.sh index 4154816..5cba1b5 100644 --- a/configs/releng/profiledef.sh +++ b/configs/releng/profiledef.sh @@ -19,6 +19,7 @@ file_permissions=( ["/etc/shadow"]="0:0:400" ["/root"]="0:0:750" ["/root/.automated_script.sh"]="0:0:755" + ["/root/.gnupg"]="0:0:700" ["/usr/local/bin/choose-mirror"]="0:0:755" ["/usr/local/bin/Installation_guide"]="0:0:755" ["/usr/local/bin/livecd-sound"]="0:0:755" -- cgit v1.2.3-54-g00ecf From a4bbbfde42178c1f69fd60fe3234e44fa7b20b84 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Sat, 26 Aug 2023 13:19:08 +0300 Subject: Add changelog for 72 --- CHANGELOG.rst | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 0cf973a..be2a91f 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -8,6 +8,24 @@ Changelog Added ----- +Changed +------- + +Deprecated +---------- + +Fixed +----- + +Removed +------- + +[72] - 2023-08-29 +================= + +Added +----- + - Add tpm2-tools to releng to allow clearing, creating and reading keys on the TPM. - Add sequoia-sq and openpgp-card-tools as additional tooling for working with OpenPGP certificates and smartcards. @@ -21,18 +39,12 @@ Changed - Moved custom ``sshd_config`` files to ``/ssh/sshd_config.d/10-archiso.conf`` - Use pcsclite for interfacing with smartcards, since both gnupg and opgpcard support it. -Deprecated ----------- - Fixed ----- - Sign the root file system image only once. - Make sure xorriso does not read its configuration files to prevent interference and unintended behavior. -Removed -------- - [71] - 2023-05-28 ================= -- cgit v1.2.3-54-g00ecf From 519a5c004d6a8d3f4d75c95890641cc5e31a39be Mon Sep 17 00:00:00 2001 From: nl6720 Date: Sun, 24 Sep 2023 11:23:33 +0300 Subject: configs/releng/packages.x86_64: add bolt bolt can be used to list and authorize Thunderbolt and USB4 devices. Inspired by https://bbs.archlinux.org/viewtopic.php?id=288731 where a user needed to install the package in the live environment. --- CHANGELOG.rst | 2 ++ configs/releng/packages.x86_64 | 1 + 2 files changed, 3 insertions(+) (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index be2a91f..edd9895 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -8,6 +8,8 @@ Changelog Added ----- +- Add bolt to releng for authorizing and otherwise managing Thunderbolt and USB4 devices. + Changed ------- diff --git a/configs/releng/packages.x86_64 b/configs/releng/packages.x86_64 index 6b6cf0c..feefa24 100644 --- a/configs/releng/packages.x86_64 +++ b/configs/releng/packages.x86_64 @@ -5,6 +5,7 @@ archinstall b43-fwcutter base bind +bolt brltty broadcom-wl btrfs-progs -- cgit v1.2.3-54-g00ecf From 5e72546e89024a9e8095c75be6ca86312f5c376a Mon Sep 17 00:00:00 2001 From: nl6720 Date: Mon, 11 Sep 2023 18:35:08 +0300 Subject: mkarchiso: add uefi-ia32.systemd-boot.esp and uefi-ia32.systemd-boot.eltorito boot modes The systemd 254.2-1 package ships with IA32 systemd-boot, so it is possible to use for booting on IA32 UEFI. Perhaps they will be useful in the future. At least for now, the baseline and releng profiles are not changed to use them. When the issues and headaches caused with GRUB reach a critical point, then we will switch. --- CHANGELOG.rst | 2 + archiso/mkarchiso | 154 +++++++++++++++++++++++++++++++++++++++--------- docs/README.profile.rst | 10 ++-- 3 files changed, 135 insertions(+), 31 deletions(-) (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index edd9895..a41b474 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -9,6 +9,8 @@ Added ----- - Add bolt to releng for authorizing and otherwise managing Thunderbolt and USB4 devices. +- Add ``uefi-ia32.systemd-boot.esp`` and ``uefi-ia32.systemd-boot.eltorito`` boot modes that use systemd-boot for IA32 + UEFI. The boot modes of baseline and releng are not changed. Changed ------- diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 15534bf..a727a1a 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -793,11 +793,9 @@ _make_bootmode_uefi-x64.grub.eltorito() { _msg_info "Done!" } -# Prepare systemd-boot for booting when written to a disk (isohybrid) -_make_bootmode_uefi-x64.systemd-boot.esp() { +_make_common_bootmode_systemd-boot() { local _file efiboot_imgsize local _available_ucodes=() - _msg_info "Setting up systemd-boot for UEFI booting..." for _file in "${ucodes[@]}"; do if [[ -e "${pacstrap_dir}/boot/${_file}" ]]; then @@ -805,20 +803,41 @@ _make_bootmode_uefi-x64.systemd-boot.esp() { fi done # Calculate the required FAT image size in bytes - efiboot_files+=("${pacstrap_dir}/usr/lib/systemd/boot/efi/systemd-bootx64.efi" - "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" - "${profile}/efiboot/" + # shellcheck disable=SC2076 + if [[ " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.esp ' || " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.eltorito ' ]]; then + efiboot_files+=("${pacstrap_dir}/usr/lib/systemd/boot/efi/systemd-bootx64.efi" + "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi") + fi + # shellcheck disable=SC2076 + if [[ " ${bootmodes[*]} " =~ ' uefi-ia32.systemd-boot.esp ' || " ${bootmodes[*]} " =~ ' uefi-ia32.systemd-boot.eltorito ' ]]; then + efiboot_files+=("${pacstrap_dir}/usr/lib/systemd/boot/efi/systemd-bootia32.efi" + "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi") + fi + efiboot_files+=("${profile}/efiboot/" "${pacstrap_dir}/boot/vmlinuz-"* "${pacstrap_dir}/boot/initramfs-"*".img" "${_available_ucodes[@]}") - efiboot_imgsize="$(du -bcs -- "${efiboot_files[@]}" \ - 2>/dev/null | awk 'END { print $1 }')" + efiboot_imgsize="$(du -bcs -- "${efiboot_files[@]}" 2>/dev/null | awk 'END { print $1 }')" # Create a FAT image for the EFI system partition _make_efibootimg "$efiboot_imgsize" +} - # Copy systemd-boot EFI binary to the default/fallback boot path - mcopy -i "${efibootimg}" \ - "${pacstrap_dir}/usr/lib/systemd/boot/efi/systemd-bootx64.efi" ::/EFI/BOOT/BOOTx64.EFI +_make_common_bootmode_systemd-boot_conf.isofs() { + local _conf + + # Copy systemd-boot configuration files + install -d -m 0755 -- "${isofs_dir}/loader/entries" + install -m 0644 -- "${profile}/efiboot/loader/loader.conf" "${isofs_dir}/loader/" + for _conf in "${profile}/efiboot/loader/entries/"*".conf"; do + sed "s|%ARCHISO_LABEL%|${iso_label}|g; + s|%INSTALL_DIR%|${install_dir}|g; + s|%ARCH%|${arch}|g" \ + "${_conf}" >"${isofs_dir}/loader/entries/${_conf##*/}" + done +} + +_make_common_bootmode_systemd-boot_conf.esp() { + local _conf # Copy systemd-boot configuration files mmd -i "${efibootimg}" ::/loader ::/loader/entries @@ -830,6 +849,20 @@ _make_bootmode_uefi-x64.systemd-boot.esp() { s|%ARCH%|${arch}|g" \ "${_conf}" | mcopy -i "${efibootimg}" - "::/loader/entries/${_conf##*/}" done +} + +# Prepare systemd-boot for booting when written to a disk (isohybrid) +_make_bootmode_uefi-x64.systemd-boot.esp() { + _msg_info "Setting up systemd-boot for x64 UEFI booting..." + + _run_once _make_common_bootmode_systemd-boot + + # Copy systemd-boot EFI binary to the default/fallback boot path + mcopy -i "${efibootimg}" \ + "${pacstrap_dir}/usr/lib/systemd/boot/efi/systemd-bootx64.efi" ::/EFI/BOOT/BOOTx64.EFI + + # Copy systemd-boot configuration files + _run_once _make_common_bootmode_systemd-boot_conf.esp # shellx64.efi is picked up automatically when on / if [[ -e "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" ]]; then @@ -839,9 +872,9 @@ _make_bootmode_uefi-x64.systemd-boot.esp() { # Copy kernel and initramfs to FAT image. # systemd-boot can only access files from the EFI system partition it was launched from. - _make_boot_on_fat + _run_once _make_boot_on_fat - _msg_info "Done! systemd-boot set up for UEFI booting successfully." + _msg_info "Done! systemd-boot set up for x64 UEFI booting successfully." } # Prepare systemd-boot for El Torito booting @@ -861,14 +894,7 @@ _make_bootmode_uefi-x64.systemd-boot.eltorito() { "${isofs_dir}/EFI/BOOT/BOOTx64.EFI" # Copy systemd-boot configuration files - install -d -m 0755 -- "${isofs_dir}/loader/entries" - install -m 0644 -- "${profile}/efiboot/loader/loader.conf" "${isofs_dir}/loader/" - for _conf in "${profile}/efiboot/loader/entries/"*".conf"; do - sed "s|%ARCHISO_LABEL%|${iso_label}|g; - s|%INSTALL_DIR%|${install_dir}|g; - s|%ARCH%|${arch}|g" \ - "${_conf}" >"${isofs_dir}/loader/entries/${_conf##*/}" - done + _run_once _make_common_bootmode_systemd-boot_conf.isofs # edk2-shell based UEFI shell # shellx64.efi is picked up automatically when on / @@ -879,6 +905,58 @@ _make_bootmode_uefi-x64.systemd-boot.eltorito() { _msg_info "Done!" } +_make_bootmode_uefi-ia32.systemd-boot.esp() { + _msg_info "Setting up systemd-boot for IA32 UEFI booting..." + + _run_once _make_common_bootmode_systemd-boot + + # Copy systemd-boot EFI binary to the default/fallback boot path + mcopy -i "${efibootimg}" \ + "${pacstrap_dir}/usr/lib/systemd/boot/efi/systemd-bootia32.efi" ::/EFI/BOOT/BOOTIA32.EFI + + # Copy systemd-boot configuration files + _run_once _make_common_bootmode_systemd-boot_conf.esp + + # shellia32.efi is picked up automatically when on / + if [[ -e "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi" ]]; then + mcopy -i "${efibootimg}" \ + "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi" ::/shellia32.efi + fi + + # Copy kernel and initramfs to FAT image. + # systemd-boot can only access files from the EFI system partition it was launched from. + _run_once _make_boot_on_fat + + _msg_info "Done! systemd-boot set up for IA32 UEFI booting successfully." +} + +_make_bootmode_uefi-ia32.systemd-boot.eltorito() { + # El Torito UEFI boot requires an image containing the EFI system partition. + # uefi-ia32.systemd-boot.eltorito has the same requirements as uefi-ia32.systemd-boot.esp + _run_once _make_bootmode_uefi-ia32.systemd-boot.esp + + # Additionally set up systemd-boot in ISO 9660. This allows creating a medium for the live environment by using + # manual partitioning and simply copying the ISO 9660 file system contents. + # This is not related to El Torito booting and no firmware uses these files. + _msg_info "Preparing an /EFI directory for the ISO 9660 file system..." + install -d -m 0755 -- "${isofs_dir}/EFI/BOOT" + + # Copy systemd-boot EFI binary to the default/fallback boot path + install -m 0644 -- "${pacstrap_dir}/usr/lib/systemd/boot/efi/systemd-bootia32.efi" \ + "${isofs_dir}/EFI/BOOT/BOOTIA32.EFI" + + # Copy systemd-boot configuration files + _run_once _make_common_bootmode_systemd-boot_conf.isofs + + # edk2-shell based UEFI shell + # shellia32.efi is picked up automatically when on / + if [[ -e "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi" ]]; then + install -m 0644 -- "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi" "${isofs_dir}/shellia32.efi" + fi + + _msg_info "Done!" +} + _validate_requirements_bootmode_bios.syslinux.mbr() { # bios.syslinux.mbr requires bios.syslinux.eltorito # shellcheck disable=SC2076 @@ -922,12 +1000,7 @@ _validate_requirements_bootmode_bios.syslinux.eltorito() { _validate_requirements_bootmode_bios.syslinux.mbr } -_validate_requirements_bootmode_uefi-x64.systemd-boot.esp() { - # shellcheck disable=SC2076 - if [[ " ${bootmodes[*]} " =~ ' uefi-x64.grub.esp ' ]]; then - _msg_error "Validating '${bootmode}': cannot be used with bootmode uefi-x64.grub.esp!" 0 - fi - +_validate_requirements_common_systemd-boot() { # Check if mkfs.fat is available if ! command -v mkfs.fat &>/dev/null; then (( validation_error=validation_error+1 )) @@ -967,6 +1040,14 @@ _validate_requirements_bootmode_uefi-x64.systemd-boot.esp() { fi } +_validate_requirements_bootmode_uefi-x64.systemd-boot.esp() { + # shellcheck disable=SC2076 + if [[ " ${bootmodes[*]} " =~ ' uefi-x64.grub.esp ' ]]; then + _msg_error "Validating '${bootmode}': cannot be used with bootmode uefi-x64.grub.esp!" 0 + fi + _validate_requirements_common_systemd-boot +} + _validate_requirements_bootmode_uefi-x64.systemd-boot.eltorito() { # shellcheck disable=SC2076 if [[ " ${bootmodes[*]} " =~ ' uefi-x64.grub.eltorito ' ]]; then @@ -977,6 +1058,25 @@ _validate_requirements_bootmode_uefi-x64.systemd-boot.eltorito() { _validate_requirements_bootmode_uefi-x64.systemd-boot.esp } +_validate_requirements_bootmode_uefi-ia32.systemd-boot.esp() { + # shellcheck disable=SC2076 + if [[ " ${bootmodes[*]} " =~ ' uefi-ia32.grub.esp ' ]]; then + _msg_error "Validating '${bootmode}': cannot be used with bootmode uefi-ia32.grub.esp!" 0 + fi + + _validate_requirements_common_systemd-boot +} + +_validate_requirements_bootmode_uefi-ia32.systemd-boot.eltorito() { + # shellcheck disable=SC2076 + if [[ " ${bootmodes[*]} " =~ ' uefi-ia32.grub.eltorito ' ]]; then + _msg_error "Validating '${bootmode}': cannot be used with bootmode uefi-ia32.grub.eltorito!" 0 + fi + + # uefi-ia32.systemd-boot.eltorito has the exact same requirements as uefi-ia32.systemd-boot.esp + _validate_requirements_bootmode_uefi-x64.systemd-boot.esp +} + _validate_requirements_bootmode_uefi-ia32.grub.esp() { # Check if GRUB is available if ! command -v grub-mkstandalone &>/dev/null; then diff --git a/docs/README.profile.rst b/docs/README.profile.rst index 0b5041a..5a0c0bd 100644 --- a/docs/README.profile.rst +++ b/docs/README.profile.rst @@ -48,10 +48,12 @@ The image file is constructed from some of the variables in ``profiledef.sh``: ` - ``bios.syslinux.eltorito``: Syslinux for x86 BIOS booting from an optical disc - ``uefi-ia32.grub.esp``: GRUB for IA32 UEFI booting from a disk - ``uefi-ia32.grub.eltorito``: GRUB for IA32 UEFI booting from an optical disc - - ``uefi-x64.grub.esp``: GRUB for x86_64 UEFI booting from a disk - - ``uefi-x64.grub.eltorito``: GRUB for x86_64 UEFI booting from an optical disc - - ``uefi-x64.systemd-boot.esp``: systemd-boot for x86_64 UEFI booting from a disk - - ``uefi-x64.systemd-boot.eltorito``: systemd-boot for x86_64 UEFI booting from an optical disc + - ``uefi-x64.grub.esp``: GRUB for x64 UEFI booting from a disk + - ``uefi-x64.grub.eltorito``: GRUB for x64 UEFI booting from an optical disc + - ``uefi-ia32.systemd-boot.esp``: systemd-boot for IA32 UEFI booting from a disk + - ``uefi-ia32.systemd-boot.eltorito``: systemd-boot for IA32UEFI booting from an optical disc + - ``uefi-x64.systemd-boot.esp``: systemd-boot for x64 UEFI booting from a disk + - ``uefi-x64.systemd-boot.eltorito``: systemd-boot for x64 UEFI booting from an optical disc Note that BIOS El Torito boot mode must always be listed before UEFI El Torito boot mode. * ``arch``: The architecture (e.g. ``x86_64``) to build the image for. This is also used to resolve the name of the packages file (e.g. ``packages.x86_64``) -- cgit v1.2.3-54-g00ecf From 4280af747466c4a7d37eabc6502c1ed697210db9 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Thu, 26 Jan 2023 15:51:23 +0200 Subject: Add configs/*/grub/loopback.cfg See https://www.supergrubdisk.org/wiki/Loopback.cfg for details. Only `${iso_path}` is guaranteed, so we need to search for the volume, on which the ISO file resides, ourselves. Implements https://gitlab.archlinux.org/archlinux/archiso/-/issues/165 --- CHANGELOG.rst | 2 + configs/baseline/grub/loopback.cfg | 73 ++++++++++++++++++++++++++++++++++ configs/releng/grub/loopback.cfg | 80 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 155 insertions(+) create mode 100644 configs/baseline/grub/loopback.cfg create mode 100644 configs/releng/grub/loopback.cfg (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index a41b474..53baf85 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -11,6 +11,8 @@ Added - Add bolt to releng for authorizing and otherwise managing Thunderbolt and USB4 devices. - Add ``uefi-ia32.systemd-boot.esp`` and ``uefi-ia32.systemd-boot.eltorito`` boot modes that use systemd-boot for IA32 UEFI. The boot modes of baseline and releng are not changed. +- Add GRUB configuration file ``/boot/grub/loopback.cfg`` to the releng and baseline profiles. It sets the necessary + boot parameters required for booting the ISO image as a file on a file system. Changed ------- diff --git a/configs/baseline/grub/loopback.cfg b/configs/baseline/grub/loopback.cfg new file mode 100644 index 0000000..dc38fdf --- /dev/null +++ b/configs/baseline/grub/loopback.cfg @@ -0,0 +1,73 @@ +# https://www.supergrubdisk.org/wiki/Loopback.cfg + +# Search for the ISO volume +search --no-floppy --set=archiso_img_dev --file "${iso_path}" +probe --set archiso_img_dev_uuid --fs-uuid "${archiso_img_dev}" + +# Get a human readable platform identifier +if [ "${grub_platform}" == 'efi' ]; then + archiso_platform='UEFI' + if [ "${grub_cpu}" == 'x86_64' ]; then + archiso_platform="x64 ${archiso_platform}" + elif [ "${grub_cpu}" == 'i386' ]; then + archiso_platform="IA32 ${archiso_platform}" + else + archiso_platform="${grub_cpu} ${archiso_platform}" + fi +elif [ "${grub_platform}" == 'pc' ]; then + archiso_platform='BIOS' +else + archiso_platform="${grub_cpu} ${grub_platform}" +fi + +# Set default menu entry +default=archlinux +timeout=15 +timeout_style=menu + + +# Menu entries + +menuentry "Arch Linux (%ARCH%, ${archiso_platform})" --class arch --class gnu-linux --class gnu --class os --id 'archlinux' { + set gfxpayload=keep + linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux archisobasedir=%INSTALL_DIR% img_dev=UUID=${archiso_img_dev_uuid} img_loop="${iso_path}" + initrd /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img +} + +if [ "${grub_platform}" == 'efi' -a "${grub_cpu}" == 'x86_64' -a -f '/boot/memtest86+/memtest.efi' ]; then + menuentry 'Run Memtest86+ (RAM test)' --class memtest86 --class gnu --class tool { + set gfxpayload=800x600,1024x768 + linux /boot/memtest86+/memtest.efi + } +fi +if [ "${grub_platform}" == 'pc' -a -f '/boot/memtest86+/memtest' ]; then + menuentry 'Run Memtest86+ (RAM test)' --class memtest86 --class gnu --class tool { + set gfxpayload=800x600,1024x768 + linux /boot/memtest86+/memtest + } +fi +if [ "${grub_platform}" == 'efi' ]; then + if [ "${grub_cpu}" == 'x86_64' -a -f '/shellx64.efi' ]; then + menuentry 'UEFI Shell' { + chainloader /shellx64.efi + } + elif [ "${grub_cpu}" == "i386" -a -f '/shellia32.efi' ]; then + menuentry 'UEFI Shell' { + chainloader /shellia32.efi + } + fi + + menuentry 'UEFI Firmware Settings' --id 'uefi-firmware' { + fwsetup + } +fi + +menuentry 'System shutdown' --class shutdown --class poweroff { + echo 'System shutting down...' + halt +} + +menuentry 'System restart' --class reboot --class restart { + echo 'System rebooting...' + reboot +} diff --git a/configs/releng/grub/loopback.cfg b/configs/releng/grub/loopback.cfg new file mode 100644 index 0000000..3ee0d33 --- /dev/null +++ b/configs/releng/grub/loopback.cfg @@ -0,0 +1,80 @@ +# https://www.supergrubdisk.org/wiki/Loopback.cfg + +# Search for the ISO volume +search --no-floppy --set=archiso_img_dev --file "${iso_path}" +probe --set archiso_img_dev_uuid --fs-uuid "${archiso_img_dev}" + +# Get a human readable platform identifier +if [ "${grub_platform}" == 'efi' ]; then + archiso_platform='UEFI' + if [ "${grub_cpu}" == 'x86_64' ]; then + archiso_platform="x64 ${archiso_platform}" + elif [ "${grub_cpu}" == 'i386' ]; then + archiso_platform="IA32 ${archiso_platform}" + else + archiso_platform="${grub_cpu} ${archiso_platform}" + fi +elif [ "${grub_platform}" == 'pc' ]; then + archiso_platform='BIOS' +else + archiso_platform="${grub_cpu} ${grub_platform}" +fi + +# Set default menu entry +default=archlinux +timeout=15 +timeout_style=menu + + +# Menu entries + +menuentry "Arch Linux install medium (%ARCH%, ${archiso_platform})" --class arch --class gnu-linux --class gnu --class os --id 'archlinux' { + set gfxpayload=keep + linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux archisobasedir=%INSTALL_DIR% img_dev=UUID=${archiso_img_dev_uuid} img_loop="${iso_path}" + initrd /%INSTALL_DIR%/boot/intel-ucode.img /%INSTALL_DIR%/boot/amd-ucode.img /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img +} + +menuentry "Arch Linux install medium with speakup screen reader (%ARCH%, ${archiso_platform})" --hotkey s --class arch --class gnu-linux --class gnu --class os --id 'archlinux-accessibility' { + set gfxpayload=keep + linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux archisobasedir=%INSTALL_DIR% img_dev=UUID=${archiso_img_dev_uuid} img_loop="${iso_path}" accessibility=on + initrd /%INSTALL_DIR%/boot/intel-ucode.img /%INSTALL_DIR%/boot/amd-ucode.img /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img +} + + +if [ "${grub_platform}" == 'efi' -a "${grub_cpu}" == 'x86_64' -a -f '/boot/memtest86+/memtest.efi' ]; then + menuentry 'Run Memtest86+ (RAM test)' --class memtest86 --class memtest --class gnu --class tool { + set gfxpayload=800x600,1024x768 + linux /boot/memtest86+/memtest.efi + } +fi +if [ "${grub_platform}" == 'pc' -a -f '/boot/memtest86+/memtest' ]; then + menuentry 'Run Memtest86+ (RAM test)' --class memtest86 --class memtest --class gnu --class tool { + set gfxpayload=800x600,1024x768 + linux /boot/memtest86+/memtest + } +fi +if [ "${grub_platform}" == 'efi' ]; then + if [ "${grub_cpu}" == 'x86_64' -a -f '/shellx64.efi' ]; then + menuentry 'UEFI Shell' --class efi { + chainloader /shellx64.efi + } + elif [ "${grub_cpu}" == "i386" -a -f '/shellia32.efi' ]; then + menuentry 'UEFI Shell' --class efi { + chainloader /shellia32.efi + } + fi + + menuentry 'UEFI Firmware Settings' --id 'uefi-firmware' { + fwsetup + } +fi + +menuentry 'System shutdown' --class shutdown --class poweroff { + echo 'System shutting down...' + halt +} + +menuentry 'System restart' --class reboot --class restart { + echo 'System rebooting...' + reboot +} -- cgit v1.2.3-54-g00ecf From 4b489cd8bc7a042770f457058c543cd0d339617f Mon Sep 17 00:00:00 2001 From: nl6720 Date: Thu, 28 Sep 2023 11:40:19 +0300 Subject: Add configs/baseline/airootfs/etc/localtime Make sure the ISO can be booted successfully without triggering questions from systemd-firstboot. Fixes https://gitlab.archlinux.org/archlinux/archiso/-/issues/205 Fixes: 6e1be91961967a6485901ac431f6f6b06675b750 ("archiso/mkarchiso: write "uninitialized" to /etc/machine-id") --- CHANGELOG.rst | 3 +++ configs/baseline/airootfs/etc/localtime | 1 + 2 files changed, 4 insertions(+) create mode 120000 configs/baseline/airootfs/etc/localtime (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 53baf85..a0879f1 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -23,6 +23,9 @@ Deprecated Fixed ----- +- Add ``/etc/localtime`` to the baseline profile to ensure the ISO can be booted successfully without triggering + questions from systemd-firstboot. + Removed ------- diff --git a/configs/baseline/airootfs/etc/localtime b/configs/baseline/airootfs/etc/localtime new file mode 120000 index 0000000..0e35b57 --- /dev/null +++ b/configs/baseline/airootfs/etc/localtime @@ -0,0 +1 @@ +/usr/share/zoneinfo/UTC \ No newline at end of file -- cgit v1.2.3-54-g00ecf From e8801729840db7dcb4b31ea3cb7f8f3d7aaec587 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Fri, 29 Sep 2023 13:34:21 +0300 Subject: Add changelog for 73 --- CHANGELOG.rst | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index a0879f1..141988e 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -8,12 +8,6 @@ Changelog Added ----- -- Add bolt to releng for authorizing and otherwise managing Thunderbolt and USB4 devices. -- Add ``uefi-ia32.systemd-boot.esp`` and ``uefi-ia32.systemd-boot.eltorito`` boot modes that use systemd-boot for IA32 - UEFI. The boot modes of baseline and releng are not changed. -- Add GRUB configuration file ``/boot/grub/loopback.cfg`` to the releng and baseline profiles. It sets the necessary - boot parameters required for booting the ISO image as a file on a file system. - Changed ------- @@ -23,12 +17,27 @@ Deprecated Fixed ----- -- Add ``/etc/localtime`` to the baseline profile to ensure the ISO can be booted successfully without triggering - questions from systemd-firstboot. - Removed ------- +[73] - 2023-09-29 +================= + +Added +----- + +- Add bolt to releng for authorizing and otherwise managing Thunderbolt and USB4 devices. +- Add ``uefi-ia32.systemd-boot.esp`` and ``uefi-ia32.systemd-boot.eltorito`` boot modes that use systemd-boot for IA32 + UEFI. The boot modes of baseline and releng are not changed. +- Add GRUB configuration file ``/boot/grub/loopback.cfg`` to the releng and baseline profiles. It sets the necessary + boot parameters required for booting the ISO image as a file on a file system. + +Fixed +----- + +- Add ``/etc/localtime`` to the baseline profile to ensure the ISO can be booted successfully without triggering + questions from systemd-firstboot. + [72] - 2023-08-29 ================= -- cgit v1.2.3-54-g00ecf From 7b843d6f27f7ce525cf4f0bf0baddcc7122fc029 Mon Sep 17 00:00:00 2001 From: kojq su <3145-kojqsu@users.noreply.gitlab.archlinux.org> Date: Mon, 27 Nov 2023 18:04:20 +0000 Subject: add bcachefs-tools --- CHANGELOG.rst | 2 ++ configs/releng/packages.x86_64 | 1 + 2 files changed, 3 insertions(+) (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 141988e..0888737 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -8,6 +8,8 @@ Changelog Added ----- +- Add bcachefs-tools to releng for access to bcachefs userspace tools. + Changed ------- diff --git a/configs/releng/packages.x86_64 b/configs/releng/packages.x86_64 index feefa24..e2a3e64 100644 --- a/configs/releng/packages.x86_64 +++ b/configs/releng/packages.x86_64 @@ -4,6 +4,7 @@ arch-install-scripts archinstall b43-fwcutter base +bcachefs-tools bind bolt brltty -- cgit v1.2.3-54-g00ecf From e11875e951bf3ebf9f7a033a91e0397683789285 Mon Sep 17 00:00:00 2001 From: John Lane Date: Thu, 7 Dec 2023 20:40:26 +0000 Subject: update changelog --- CHANGELOG.rst | 1 + 1 file changed, 1 insertion(+) (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 0888737..93b044e 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -9,6 +9,7 @@ Added ----- - Add bcachefs-tools to releng for access to bcachefs userspace tools. +- Add tftp as a valid protocol for downloading automated boot script. Changed ------- -- cgit v1.2.3-54-g00ecf From cb61daf8eaffb5e831e51f50aa44080fffac27e8 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Sat, 9 Dec 2023 12:31:58 +0200 Subject: configs/*/airootfs/etc/systemd/network/: add RequiredForOnline=routable By default systemd-networkd-wait-online.service considers a network connection to be "online" when it has reached the "degraded" state (see networkctl(1) for the definitions). Since "degraded" does not ensure there's a routable address, let's change the connection's requirement to "routable" instead. This gives a better chance that the network really is online when network-online.target is reached. --- CHANGELOG.rst | 3 +++ configs/baseline/airootfs/etc/systemd/network/20-ethernet.network | 3 +++ configs/releng/airootfs/etc/systemd/network/20-ethernet.network | 3 +++ configs/releng/airootfs/etc/systemd/network/20-wlan.network | 3 +++ configs/releng/airootfs/etc/systemd/network/20-wwan.network | 3 +++ 5 files changed, 15 insertions(+) (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 93b044e..fcc57c2 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -14,6 +14,9 @@ Added Changed ------- +- Set ``RequiredForOnline=routable`` in systemd-networkd configuration files to improve the chances that the network + really is *online* when ``network-online.target`` is reached. + Deprecated ---------- diff --git a/configs/baseline/airootfs/etc/systemd/network/20-ethernet.network b/configs/baseline/airootfs/etc/systemd/network/20-ethernet.network index 177e0aa..0e4287b 100644 --- a/configs/baseline/airootfs/etc/systemd/network/20-ethernet.network +++ b/configs/baseline/airootfs/etc/systemd/network/20-ethernet.network @@ -5,6 +5,9 @@ Name=en* Name=eth* +[Link] +RequiredForOnline=routable + [Network] DHCP=yes MulticastDNS=yes diff --git a/configs/releng/airootfs/etc/systemd/network/20-ethernet.network b/configs/releng/airootfs/etc/systemd/network/20-ethernet.network index 4b0f9b3..d3a3271 100644 --- a/configs/releng/airootfs/etc/systemd/network/20-ethernet.network +++ b/configs/releng/airootfs/etc/systemd/network/20-ethernet.network @@ -5,6 +5,9 @@ Name=en* Name=eth* +[Link] +RequiredForOnline=routable + [Network] DHCP=yes MulticastDNS=yes diff --git a/configs/releng/airootfs/etc/systemd/network/20-wlan.network b/configs/releng/airootfs/etc/systemd/network/20-wlan.network index 970eb70..8b70a95 100644 --- a/configs/releng/airootfs/etc/systemd/network/20-wlan.network +++ b/configs/releng/airootfs/etc/systemd/network/20-wlan.network @@ -1,6 +1,9 @@ [Match] Name=wl* +[Link] +RequiredForOnline=routable + [Network] DHCP=yes MulticastDNS=yes diff --git a/configs/releng/airootfs/etc/systemd/network/20-wwan.network b/configs/releng/airootfs/etc/systemd/network/20-wwan.network index 625abbe..6e1c8dd 100644 --- a/configs/releng/airootfs/etc/systemd/network/20-wwan.network +++ b/configs/releng/airootfs/etc/systemd/network/20-wwan.network @@ -1,6 +1,9 @@ [Match] Name=ww* +[Link] +RequiredForOnline=routable + [Network] DHCP=yes -- cgit v1.2.3-54-g00ecf From ebceecbd848e2cad15393fe6db66737eea9e422d Mon Sep 17 00:00:00 2001 From: nl6720 Date: Thu, 21 Dec 2023 09:41:54 +0200 Subject: mkarchiso: add missing replacement for ARCHISO_UUID in /loader/entries/*.conf on ISO 9660 Fixes: 094afd169a0ff871eb7a6b37d68a9b9bcb7195e4 ("mkarchiso: support %ARCHISO_UUID% variable in boot loader configuration") --- CHANGELOG.rst | 2 ++ archiso/mkarchiso | 1 + 2 files changed, 3 insertions(+) (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index fcc57c2..b9813c7 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -23,6 +23,8 @@ Deprecated Fixed ----- +- Add missing replacement for the UUID variable in systemd-boot configuration files on ISO 9660. + Removed ------- diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 7890615..fc5976c 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -868,6 +868,7 @@ _make_common_bootmode_systemd-boot_conf.isofs() { install -m 0644 -- "${profile}/efiboot/loader/loader.conf" "${isofs_dir}/loader/" for _conf in "${profile}/efiboot/loader/entries/"*".conf"; do sed "s|%ARCHISO_LABEL%|${iso_label}|g; + s|%ARCHISO_UUID%|${iso_uuid}|g; s|%INSTALL_DIR%|${install_dir}|g; s|%ARCH%|${arch}|g" \ "${_conf}" >"${isofs_dir}/loader/entries/${_conf##*/}" -- cgit v1.2.3-54-g00ecf From a3b7121afb66ab9026bc1658720e6c22349f3ac8 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Sat, 16 Dec 2023 12:18:55 +0200 Subject: Add changelog for 74 and update AUTHORS.rst --- AUTHORS.rst | 2 ++ CHANGELOG.rst | 24 ++++++++++++++++++------ 2 files changed, 20 insertions(+), 6 deletions(-) (limited to 'CHANGELOG.rst') diff --git a/AUTHORS.rst b/AUTHORS.rst index b03d31a..428b35f 100644 --- a/AUTHORS.rst +++ b/AUTHORS.rst @@ -27,6 +27,7 @@ Archiso Authors * Giancarlo Razzolini * Howard Hicks * James Sitegen +* John Lane * Jonathan Liu * Jonathon Fernyhough * Justin Kromlinger @@ -51,6 +52,7 @@ Archiso Authors * Yu Li-Yu * Zig Globulin * hayao +* kojq su <3145-kojqsu@users.noreply.gitlab.archlinux.org> * mono wock * nl6720 * plain linen diff --git a/CHANGELOG.rst b/CHANGELOG.rst index b9813c7..27b0488 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -8,6 +8,24 @@ Changelog Added ----- +Changed +------- + +Deprecated +---------- + +Fixed +----- + +Removed +------- + +[74] - 2023-12-21 +================= + +Added +----- + - Add bcachefs-tools to releng for access to bcachefs userspace tools. - Add tftp as a valid protocol for downloading automated boot script. @@ -17,17 +35,11 @@ Changed - Set ``RequiredForOnline=routable`` in systemd-networkd configuration files to improve the chances that the network really is *online* when ``network-online.target`` is reached. -Deprecated ----------- - Fixed ----- - Add missing replacement for the UUID variable in systemd-boot configuration files on ISO 9660. -Removed -------- - [73] - 2023-09-29 ================= -- cgit v1.2.3-54-g00ecf From e04a40d04bd97569008bc72f93faa28029913d82 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Fri, 5 Jan 2024 17:33:11 +0200 Subject: configs/releng/packages.x86_64: explicitly add ldns Currently the ldns package is pulled in as a dependency of openssh, but that dependency may be gone in the future. See https://gitlab.archlinux.org/archlinux/packaging/packages/openssh/-/issues/2 Explicitly include ldns to ensure the live environment will continue to have `drill`. --- CHANGELOG.rst | 3 +++ configs/releng/packages.x86_64 | 1 + 2 files changed, 4 insertions(+) (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 27b0488..4c7a050 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -11,6 +11,9 @@ Added Changed ------- +- Explicitly add ldns to releng (as opposed to it only being pulled in as a dependency of another package) to ensure + ``drill`` remains available. + Deprecated ---------- diff --git a/configs/releng/packages.x86_64 b/configs/releng/packages.x86_64 index e2a3e64..36c929d 100644 --- a/configs/releng/packages.x86_64 +++ b/configs/releng/packages.x86_64 @@ -46,6 +46,7 @@ iw iwd jfsutils kitty-terminfo +ldns less lftp libfido2 -- cgit v1.2.3-54-g00ecf From 5aac945f76d2bf8bb92ba16c9c1c08fc5cae5ab2 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Thu, 18 Jan 2024 09:41:31 +0200 Subject: mkarchiso: update memtest86+ license file location The licenses package does not ship `/usr/share/licenses/common/GPL2/license.txt` anymore, which results in: /usr/share/licenses/common/GPL2/license.txt': No such file or directory Use its replacement, `/usr/share/licenses/spdx/GPL-2.0-only.txt` instead. Fixes https://gitlab.archlinux.org/archlinux/archiso/-/issues/225 --- CHANGELOG.rst | 2 ++ archiso/mkarchiso | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 4c7a050..75cf2d2 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -20,6 +20,8 @@ Deprecated Fixed ----- +- Update the location where ``mkarchiso`` looks for the memtest86+ license file. + Removed ------- diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 53a638c..7a2587e 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -482,7 +482,7 @@ _make_bootmode_bios.syslinux.mbr() { install -d -m 0755 -- "${isofs_dir}/boot/memtest86+/" # rename for PXE: https://wiki.archlinux.org/title/Syslinux#Using_memtest install -m 0644 -- "${pacstrap_dir}/boot/memtest86+/memtest.bin" "${isofs_dir}/boot/memtest86+/memtest" - install -m 0644 -- "${pacstrap_dir}/usr/share/licenses/common/GPL2/license.txt" "${isofs_dir}/boot/memtest86+/" + install -m 0644 -- "${pacstrap_dir}/usr/share/licenses/spdx/GPL-2.0-only.txt" "${isofs_dir}/boot/memtest86+/LICENSE" fi _msg_info "Done! SYSLINUX set up for BIOS booting from a disk successfully." } @@ -796,7 +796,7 @@ _make_bootmode_uefi-x64.grub.esp() { if [[ -e "${pacstrap_dir}/boot/memtest86+/memtest.efi" ]]; then install -d -m 0755 -- "${isofs_dir}/boot/memtest86+/" install -m 0644 -- "${pacstrap_dir}/boot/memtest86+/memtest.efi" "${isofs_dir}/boot/memtest86+/memtest.efi" - install -m 0644 -- "${pacstrap_dir}/usr/share/licenses/common/GPL2/license.txt" "${isofs_dir}/boot/memtest86+/" + install -m 0644 -- "${pacstrap_dir}/usr/share/licenses/spdx/GPL-2.0-only.txt" "${isofs_dir}/boot/memtest86+/LICENSE" fi _msg_info "Done! GRUB set up for UEFI booting successfully." -- cgit v1.2.3-54-g00ecf From 5d8fe01fe15c77231880798cd93f99c8c08bb5c0 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Mon, 15 Jan 2024 10:00:00 +0200 Subject: configs/releng/profiledef.sh: replace "CD" with "DVD" in iso_application Starting with kernel 6.7, the releng ISO exceeds 900 MiB which is the maximum size of a CD. Adjust the description to say "DVD" instead. Closes https://gitlab.archlinux.org/archlinux/archiso/-/issues/144 --- CHANGELOG.rst | 2 ++ configs/releng/profiledef.sh | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 75cf2d2..58a7c8b 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -13,6 +13,8 @@ Changed - Explicitly add ldns to releng (as opposed to it only being pulled in as a dependency of another package) to ensure ``drill`` remains available. +- Update the releng ISO description to "Arch Linux Live/Rescue DVD" since the ISO size now exceeds the maximum size of + a CD (900 MiB). Deprecated ---------- diff --git a/configs/releng/profiledef.sh b/configs/releng/profiledef.sh index 5cba1b5..12d70c6 100644 --- a/configs/releng/profiledef.sh +++ b/configs/releng/profiledef.sh @@ -4,7 +4,7 @@ iso_name="archlinux" iso_label="ARCH_$(date --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +%Y%m)" iso_publisher="Arch Linux " -iso_application="Arch Linux Live/Rescue CD" +iso_application="Arch Linux Live/Rescue DVD" iso_version="$(date --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +%Y.%m.%d)" install_dir="arch" buildmodes=('iso') -- cgit v1.2.3-54-g00ecf From 1f65b695d309d6089bdc2251bb4c9aa00bd11a51 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Wed, 24 Jan 2024 12:23:44 +0200 Subject: Add changelog for 75 --- CHANGELOG.rst | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 58a7c8b..d524190 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -11,22 +11,35 @@ Added Changed ------- +Deprecated +---------- + +Fixed +----- + +Removed +------- + +[75] - 2024-01-24 +================= + +Added +----- + - Explicitly add ldns to releng (as opposed to it only being pulled in as a dependency of another package) to ensure ``drill`` remains available. + +Changed +------- + - Update the releng ISO description to "Arch Linux Live/Rescue DVD" since the ISO size now exceeds the maximum size of a CD (900 MiB). -Deprecated ----------- - Fixed ----- - Update the location where ``mkarchiso`` looks for the memtest86+ license file. -Removed -------- - [74] - 2023-12-21 ================= -- cgit v1.2.3-54-g00ecf From 2932a9def38fbe03c3727c6f5ca4f8e888826c78 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Mon, 12 Jun 2023 20:55:08 +0300 Subject: Makefile: build and install the mkarchiso(1) man page rst2man from python-docutils is required to convert the man page from reStructuredText. --- .gitignore | 1 + .gitlab-ci.yml | 2 +- CHANGELOG.rst | 2 ++ Makefile | 11 ++++++++-- README.rst | 4 ++++ man/mkarchiso.1.rst | 60 +++++++++++++++++++++++++---------------------------- man/variables.rst | 5 +++-- 7 files changed, 48 insertions(+), 37 deletions(-) (limited to 'CHANGELOG.rst') diff --git a/.gitignore b/.gitignore index 74a0a52..05ae886 100644 --- a/.gitignore +++ b/.gitignore @@ -10,3 +10,4 @@ out/ *.pem user-data meta-data +man/version.rst diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index d2f601d..0e7f709 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -25,7 +25,7 @@ check: metrics: output/metrics.txt before_script: - pacman -Sy --needed --noconfirm archlinux-keyring - - pacman -Syu --needed --noconfirm arch-install-scripts bash dosfstools e2fsprogs erofs-utils gnupg grub jq libarchive libisoburn mtools openssl squashfs-tools zsync + - pacman -Syu --needed --noconfirm arch-install-scripts bash dosfstools e2fsprogs erofs-utils gnupg grub jq libarchive libisoburn mtools openssl python-docutils squashfs-tools zsync script: - ./.gitlab/ci/build_archiso.sh ${BUILD_SCRIPT_ARGS} stage: build diff --git a/CHANGELOG.rst b/CHANGELOG.rst index d524190..148a9df 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -8,6 +8,8 @@ Changelog Added ----- +- Add a man page for ``mkarchiso``. + Changed ------- diff --git a/Makefile b/Makefile index c4ceb2f..1a6bf6f 100644 --- a/Makefile +++ b/Makefile @@ -4,11 +4,13 @@ PREFIX ?= /usr/local BIN_DIR=$(DESTDIR)$(PREFIX)/bin DOC_DIR=$(DESTDIR)$(PREFIX)/share/doc/archiso +MAN_DIR?=$(DESTDIR)$(PREFIX)/share/man PROFILE_DIR=$(DESTDIR)$(PREFIX)/share/archiso DOC_FILES=$(wildcard docs/*) $(wildcard *.rst) SCRIPT_FILES=$(wildcard archiso/*) $(wildcard scripts/*.sh) $(wildcard .gitlab/ci/*.sh) \ $(wildcard configs/*/profiledef.sh) $(wildcard configs/*/airootfs/usr/local/bin/*) +VERSION?=$(shell git describe --long --abbrev=7 | sed 's/^v//;s/\([^-]*-g\)/r\1/;s/-/./g;s/\.r0\.g.*//') all: @@ -17,7 +19,7 @@ check: shellcheck shellcheck: shellcheck -s bash $(SCRIPT_FILES) -install: install-scripts install-profiles install-doc +install: install-scripts install-profiles install-doc install-man install-scripts: install -vDm 755 archiso/mkarchiso -t "$(BIN_DIR)/" @@ -30,4 +32,9 @@ install-profiles: install-doc: install -vDm 644 $(DOC_FILES) -t $(DOC_DIR) -.PHONY: check install install-doc install-profiles install-scripts shellcheck +install-man: + @printf '.. |version| replace:: %s\n' '$(VERSION)' > man/version.rst + install -d -m 755 $(MAN_DIR)/man1 + rst2man man/mkarchiso.1.rst $(MAN_DIR)/man1/mkarchiso.1 + +.PHONY: check install install-doc install-man install-profiles install-scripts shellcheck diff --git a/README.rst b/README.rst index 5a544c5..fff961d 100644 --- a/README.rst +++ b/README.rst @@ -36,6 +36,10 @@ For linting the shell scripts the following package is required: * shellcheck +For generating the man pages: + +* python-docutils + Profiles ======== diff --git a/man/mkarchiso.1.rst b/man/mkarchiso.1.rst index 22d4c1b..c54d2bb 100644 --- a/man/mkarchiso.1.rst +++ b/man/mkarchiso.1.rst @@ -12,46 +12,42 @@ Arch Linux ISO generator Synopsis ======== -mkarchiso *[options]* *profile_directory* +**mkarchiso** [options] *profile_directory* Description =========== -mkarchiso create an ISO, netboot artifacts and a bootstrap tarball and optionally signs them. +**mkarchiso** creates an ISO, netboot artifacts and a bootstrap tarball and optionally signs them. Options ======= --A application Set an application name for the ISO. - Default: |iso_application|. --C file pacman configuration file. - Default: |pacman_conf|. --D install_dir Set an install_dir. All files will be located here. - Default: |install_dir|. - NOTE: Max 8 characters, use only *a-z0-9*. --L label Set the ISO volume label. - Default: |iso_label|. --P publisher Set the ISO publisher. - Default: |iso_publisher|. --c cert_and_key Provide certificates for codesigning of netboot artifacts as well as the rootfs artifact. - Multiple files are provided as quoted, space delimited list. - The first file is considered as the signing certificate, - the second as the key and the third as the optional certificate authority. --g gpg_key Set the PGP key ID to be used for signing the rootfs image. - Passed to gpg as the value for **--default-key**. --G mbox Set the PGP signer (must include an email address). - Passed to gpg as the value for **--sender**. --h Help message. --m mode Build mode(s) to use (valid modes are: *bootstrap*, *iso* and *netboot*). - Multiple build modes are provided as quoted, space delimited list. --o out_dir Set the output directory. - Default: |out_dir|. --p packages Package(s) to install. - Multiple packages are provided as quoted, space delimited list. --r Delete the working directory at the end. --v Enable verbose output. --w work_dir Set the working directory. - Default: |work_dir|. +-A application | Set an application name for the ISO. + | Default: |iso_application|. +-C file | pacman configuration file. + | Default: |pacman_conf|. +-D install_dir | Set an install_dir. All files will be located here. + | Default: |install_dir|. + | NOTE: Max 8 characters, use only *a-z0-9*. +-L label | Set the ISO volume label. + | Default: |iso_label|. +-P publisher | Set the ISO publisher. + | Default: |iso_publisher|. +-c cert_and_key | Provide certificates for codesigning of netboot artifacts as well as the rootfs artifact. + | Multiple files are provided as quoted, space delimited list. + | The first file is considered as the signing certificate, the second as the key and the third as the optional certificate authority. +-g gpg_key | Set the PGP key ID to be used for signing the rootfs image. Passed to gpg as the value for **--default-key**. +-G mbox | Set the PGP signer (must include an email address). Passed to gpg as the value for **--sender**. +-h | Help message. +-m mode | Build mode(s) to use (valid modes are: *bootstrap*, *iso* and *netboot*). Multiple build modes are provided as quoted, space delimited list. +-o out_dir | Set the output directory. + | Default: |out_dir|. +-p packages | Package(s) to install. + | Multiple packages are provided as quoted, space delimited list. +-r | Delete the working directory at the end. +-v | Enable verbose output. +-w work_dir | Set the working directory. + | Default: |work_dir|. Examples ======== diff --git a/man/variables.rst b/man/variables.rst index 084c94d..152f154 100644 --- a/man/variables.rst +++ b/man/variables.rst @@ -1,9 +1,10 @@ -.. |iso_application| replace:: *mkarchiso iso* +.. |iso_application| replace:: '*mkarchiso iso*' .. |pacman_conf| replace:: */etc/pacman.conf* .. |install_dir| replace:: *arch* .. |iso_label| replace:: *MKARCHISO* .. |iso_publisher| replace:: *mkarchiso* .. |out_dir| replace:: *./out* .. |work_dir| replace:: *./work* -.. |version| replace:: insert.version.here .. |profile_dir| replace:: /usr/share/archiso + +.. include:: version.rst -- cgit v1.2.3-54-g00ecf From 7dd615ea8301b6554450b0589a7fc3895076839b Mon Sep 17 00:00:00 2001 From: nl6720 Date: Tue, 20 Feb 2024 13:56:51 +0200 Subject: Revert "mkarchiso: unset LANGUAGE" Starting with glibc 2.39, LC_ALL=C.UTF-8 overrides LANGUAGE, just like LC_ALL=C. See https://sourceware.org/bugzilla/show_bug.cgi?id=16621 for details. This reverts commit 6ac22309530f3aa07a2b638ccde419a3a509f50c. --- CHANGELOG.rst | 2 ++ archiso/mkarchiso | 5 ----- 2 files changed, 2 insertions(+), 5 deletions(-) (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 148a9df..493a990 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -22,6 +22,8 @@ Fixed Removed ------- +- Remove workaround for glibc < 2.39. ``LC_ALL=C.UTF-8`` now overrides ``LANGUAGE``, just like ``LC_ALL=C``. + [75] - 2024-01-24 ================= diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 7a2587e..a156687 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -8,11 +8,6 @@ shopt -s extglob # Control the environment umask 0022 export LC_ALL="C.UTF-8" -if [[ -v LANGUAGE ]]; then - # LC_ALL=C.UTF-8, unlike LC_ALL=C, does not override LANGUAGE. - # See https://sourceware.org/bugzilla/show_bug.cgi?id=16621 and https://savannah.gnu.org/bugs/?62815 - unset LANGUAGE -fi [[ -v SOURCE_DATE_EPOCH ]] || printf -v SOURCE_DATE_EPOCH '%(%s)T' -1 export SOURCE_DATE_EPOCH -- cgit v1.2.3-54-g00ecf From 84843f5c2751012990fd273f757d8bcc260e2c8e Mon Sep 17 00:00:00 2001 From: nl6720 Date: Sun, 24 Mar 2024 18:22:46 +0200 Subject: mkarchiso: move /boot/grub/YYYY-mm-dd-HH-MM-SS-00.uuid to /boot/YYYY-mm-dd-HH-MM-SS-00.uuid Once mkinitcpio-archiso implements searching for the file in early userspace, this file's use will not be limited to just GRUB. Related to https://gitlab.archlinux.org/archlinux/archiso/-/issues/217 --- CHANGELOG.rst | 4 ++++ archiso/mkarchiso | 24 ++++++++++-------------- 2 files changed, 14 insertions(+), 14 deletions(-) (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 493a990..c316aed 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -13,6 +13,10 @@ Added Changed ------- +- Move ``/boot/grub/YYYY-mm-dd-HH-MM-SS-00.uuid`` to ``/boot/YYYY-mm-dd-HH-MM-SS-00.uuid`` and always create the file. + Once mkinitcpio-archiso implements searching for the file in early userspace, this file's use will not be limited to + just GRUB. + Deprecated ---------- diff --git a/archiso/mkarchiso b/archiso/mkarchiso index a156687..80d4a79 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -34,6 +34,7 @@ pacman_conf="" packages="" bootstrap_packages="" pacstrap_dir="" +search_filename="" declare -i rm_work_dir=0 buildmodes=() bootmodes=() @@ -439,6 +440,7 @@ _make_boot_on_iso9660() { fi fi done + _msg_info "Done!" } @@ -562,16 +564,10 @@ _make_common_bootmode_grub_copy_to_isofs() { # Prepare GRUB configuration files _make_common_bootmode_grub_cfg() { - local _cfg search_filename + local _cfg install -d -- "${work_dir}/grub" - # Create a /boot/grub/YYYY-mm-dd-HH-MM-SS-00.uuid file on ISO 9660. GRUB will search for it to find the ISO - # volume. This is similar to what grub-mkrescue does, except it places the file in /.disk/, but we opt to use a - # directory that does not start with a dot to avoid it being accidentally missed when copying the ISO's contents. - : >"${work_dir}/grub/${iso_uuid}.uuid" - search_filename="/boot/grub/${iso_uuid}.uuid" - # Fill GRUB configuration files for _cfg in "${profile}/grub/"*'.cfg'; do sed "s|%ARCHISO_LABEL%|${iso_label}|g; @@ -639,15 +635,8 @@ EOF # Create GRUB specific configuration files when GRUB is not used as a boot loader _make_common_grubenv_and_loopbackcfg() { - local search_filename install -d -m 0755 -- "${isofs_dir}/boot/grub" - # Create a /boot/grub/YYYY-mm-dd-HH-MM-SS-00.uuid file on ISO 9660. GRUB will search for it to find the ISO - # volume. This is similar to what grub-mkrescue does, except it places the file in /.disk/, but we opt to use a - # directory that does not start with a dot to avoid it being accidentally missed when copying the ISO's contents. - search_filename="/boot/grub/${iso_uuid}.uuid" - : >"${isofs_dir}/${search_filename}" - # Write grubenv printf '%.1024s' \ "$(printf '# GRUB Environment Block\nNAME=%s\nVERSION=%s\nARCHISO_LABEL=%s\nINSTALL_DIR=%s\nARCH=%s\nARCHISO_SEARCH_FILENAME=%s\n%s' \ @@ -1850,6 +1839,13 @@ _make_version() { printf '%.1024s' "$(printf '# GRUB Environment Block\nNAME=%s\nVERSION=%s\n%s' \ "${iso_name}" "${iso_version}" "$(printf '%0.1s' "#"{1..1024})")" \ >"${isofs_dir}/${install_dir}/grubenv" + + # Create a /boot/YYYY-mm-dd-HH-MM-SS-00.uuid file on ISO 9660. GRUB will search for it to find the ISO + # volume. This is similar to what grub-mkrescue does, except it places the file in /.disk/, but we opt to use a + # directory that does not start with a dot to avoid it being accidentally missed when copying the ISO's contents. + search_filename="/boot/${iso_uuid}.uuid" + install -d -m 755 -- "${isofs_dir}/boot" + : >"${isofs_dir}${search_filename}" fi # Append IMAGE_ID & IMAGE_VERSION to os-release -- cgit v1.2.3-54-g00ecf From dc090c1fae9840938bd8c29f569b6f26badfd0b4 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Sun, 17 Mar 2024 15:10:50 +0200 Subject: mkarchiso: skip including external microcode images if the initramfs file contains early_cpio The early uncompressed CPIO archive containing microcode update files can be part of the initramfs file. To avoid wasting space, first check if the initramfs file contains `early_cpio` and only copy external microcode initramfs images if it does not. --- CHANGELOG.rst | 2 ++ archiso/mkarchiso | 62 ++++++++++++++++++++++++++++++++++++------------------- 2 files changed, 43 insertions(+), 21 deletions(-) (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index c316aed..40961be 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -16,6 +16,8 @@ Changed - Move ``/boot/grub/YYYY-mm-dd-HH-MM-SS-00.uuid`` to ``/boot/YYYY-mm-dd-HH-MM-SS-00.uuid`` and always create the file. Once mkinitcpio-archiso implements searching for the file in early userspace, this file's use will not be limited to just GRUB. +- Skip including external microcode images in build artifacts if the initramfs file contains ``early_cpio`` (indicating + an early uncompressed CPIO archive which should have the microcode update files). Deprecated ---------- diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 80d4a79..dbae227 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -46,6 +46,7 @@ efibootimg="" efiboot_files=() # adapted from GRUB_EARLY_INITRD_LINUX_STOCK in https://git.savannah.gnu.org/cgit/grub.git/tree/util/grub-mkconfig.in readonly ucodes=('intel-uc.img' 'intel-ucode.img' 'amd-uc.img' 'amd-ucode.img' 'early_ucode.cpio' 'microcode.cpio') +declare -i need_external_ucodes=0 # Show an INFO message @@ -430,17 +431,18 @@ _make_boot_on_iso9660() { install -m 0644 -- "${pacstrap_dir}/boot/initramfs-"*".img" "${isofs_dir}/${install_dir}/boot/${arch}/" install -m 0644 -- "${pacstrap_dir}/boot/vmlinuz-"* "${isofs_dir}/${install_dir}/boot/${arch}/" - for ucode_image in "${ucodes[@]}"; do - if [[ -e "${pacstrap_dir}/boot/${ucode_image}" ]]; then - install -m 0644 -- "${pacstrap_dir}/boot/${ucode_image}" "${isofs_dir}/${install_dir}/boot/" - if [[ -e "${pacstrap_dir}/usr/share/licenses/${ucode_image%.*}/" ]]; then - install -d -m 0755 -- "${isofs_dir}/${install_dir}/boot/licenses/${ucode_image%.*}/" - install -m 0644 -- "${pacstrap_dir}/usr/share/licenses/${ucode_image%.*}/"* \ - "${isofs_dir}/${install_dir}/boot/licenses/${ucode_image%.*}/" + if (( need_external_ucodes )); then + for ucode_image in "${ucodes[@]}"; do + if [[ -e "${pacstrap_dir}/boot/${ucode_image}" ]]; then + install -m 0644 -- "${pacstrap_dir}/boot/${ucode_image}" "${isofs_dir}/${install_dir}/boot/" + if [[ -e "${pacstrap_dir}/usr/share/licenses/${ucode_image%.*}/" ]]; then + install -d -m 0755 -- "${isofs_dir}/${install_dir}/boot/licenses/${ucode_image%.*}/" + install -m 0644 -- "${pacstrap_dir}/usr/share/licenses/${ucode_image%.*}/"* \ + "${isofs_dir}/${install_dir}/boot/licenses/${ucode_image%.*}/" + fi fi - fi - done - + done + fi _msg_info "Done!" } @@ -505,13 +507,15 @@ _make_boot_on_fat() { "::/${install_dir}" "::/${install_dir}/boot" "::/${install_dir}/boot/${arch}" mcopy -i "${efibootimg}" "${pacstrap_dir}/boot/vmlinuz-"* \ "${pacstrap_dir}/boot/initramfs-"*".img" "::/${install_dir}/boot/${arch}/" - for ucode_image in "${ucodes[@]}"; do - if [[ -e "${pacstrap_dir}/boot/${ucode_image}" ]]; then - all_ucode_images+=("${pacstrap_dir}/boot/${ucode_image}") + if (( need_external_ucodes )); then + for ucode_image in "${ucodes[@]}"; do + if [[ -e "${pacstrap_dir}/boot/${ucode_image}" ]]; then + all_ucode_images+=("${pacstrap_dir}/boot/${ucode_image}") + fi + done + if (( ${#all_ucode_images[@]} )); then + mcopy -i "${efibootimg}" "${all_ucode_images[@]}" "::/${install_dir}/boot/" fi - done - if (( ${#all_ucode_images[@]} )); then - mcopy -i "${efibootimg}" "${all_ucode_images[@]}" "::/${install_dir}/boot/" fi _msg_info "Done!" } @@ -550,6 +554,19 @@ _make_efibootimg() { mmd -i "${efibootimg}" ::/EFI ::/EFI/BOOT } +# Check if initramfs files contain early_cpio +_check_if_initramfs_has_early_cpio() { + local initrd + + for initrd in $(compgen -G "${pacstrap_dir}"'/boot/initramfs-*.img'); do + if ! bsdtar -tf "$initrd" early_cpio &>/dev/null; then + need_external_ucodes=1 + _msg_info "Initramfs file does not contain 'early_cpio'. External microcode initramfs images will be copied." + return + fi + done +} + # Copy GRUB files to ISO 9660 which is used by both IA32 UEFI and x64 UEFI _make_common_bootmode_grub_copy_to_isofs() { local files_to_copy=() @@ -819,11 +836,13 @@ _make_common_bootmode_systemd-boot() { local _file efiboot_imgsize local _available_ucodes=() - for _file in "${ucodes[@]}"; do - if [[ -e "${pacstrap_dir}/boot/${_file}" ]]; then - _available_ucodes+=("${pacstrap_dir}/boot/${_file}") - fi - done + if (( need_external_ucodes )); then + for _file in "${ucodes[@]}"; do + if [[ -e "${pacstrap_dir}/boot/${_file}" ]]; then + _available_ucodes+=("${pacstrap_dir}/boot/${_file}") + fi + done + fi # Calculate the required FAT image size in bytes # shellcheck disable=SC2076 if [[ " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.esp ' || " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.eltorito ' ]]; then @@ -1914,6 +1933,7 @@ _build_iso_base() { _run_once _make_version _run_once _make_customize_airootfs _run_once _make_pkglist + _run_once _check_if_initramfs_has_early_cpio if [[ "${buildmode}" == 'netboot' ]]; then _run_once _make_boot_on_iso9660 else -- cgit v1.2.3-54-g00ecf From 3b3984b4843b194ad2353bbd761f75ec8ab1af95 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Fri, 25 Mar 2022 18:10:12 +0200 Subject: mkarchiso: implement configurable bootstrap tarball compression profiledef.sh gains a new option `bootstrap_tarball_compression` which is a bash array containing the compression program and its arguments. Related to https://gitlab.archlinux.org/archlinux/archiso/-/issues/130. --- CHANGELOG.rst | 2 ++ README.rst | 2 +- archiso/mkarchiso | 53 ++++++++++++++++++++++++++++++++++++++++++++++--- docs/README.profile.rst | 2 ++ 4 files changed, 55 insertions(+), 4 deletions(-) (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 40961be..2f234fe 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -9,6 +9,8 @@ Added ----- - Add a man page for ``mkarchiso``. +- Implement configurable bootstrap tarball compression. It is configured in ``profiledef.sh`` using a bash array called + ``bootstrap_tarball_compression``. Changed ------- diff --git a/README.rst b/README.rst index fff961d..cf91628 100644 --- a/README.rst +++ b/README.rst @@ -3,7 +3,7 @@ archiso ======= The archiso project features scripts and configuration templates to build installation media (*.iso* images and -*.tar.gz* bootstrap images) as well as netboot artifacts for BIOS and UEFI based systems on the x86_64 architecture. +*.tar bootstrap images) as well as netboot artifacts for BIOS and UEFI based systems on the x86_64 architecture. Currently creating the images is only supported on Arch Linux but may work on other operating systems as well. Requirements diff --git a/archiso/mkarchiso b/archiso/mkarchiso index dbae227..e3b582f 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -40,6 +40,7 @@ buildmodes=() bootmodes=() airootfs_image_type="" airootfs_image_tool_options=() +bootstrap_tarball_compression="" cert_list=() declare -A file_permissions=() efibootimg="" @@ -1356,6 +1357,32 @@ _validate_requirements_buildmode_bootstrap() { (( validation_error=validation_error+1 )) _msg_error "Validating build mode '${_buildmode}': bsdtar is not available on this host. Install 'libarchive'!" 0 fi + + # Check if the compressor is installed + if (( ${#bootstrap_tarball_compression[@]} )); then + case "${bootstrap_tarball_compression[0]}" in + 'bzip'|'gzip'|'lrzip'|'lzip'|'lzop'|'zstd'|'zstdmt') + if ! command -v "${bootstrap_tarball_compression[0]}" &>/dev/null; then + (( validation_error=validation_error+1 )) + _msg_error "Validating build mode '${_buildmode}': '${bootstrap_tarball_compression[0]}' is not available on this host. Install '${bootstrap_tarball_compression[0]/zstdmt/zstd}'!" 0 + fi + ;; + 'cat') + if ! command -v cat &>/dev/null; then + (( validation_error=validation_error+1 )) + _msg_error "Validating build mode '${_buildmode}': 'cat' is not available on this host. Install 'coreutils'!" 0 + fi + if (( ${#bootstrap_tarball_compression[@]} > 1 )); then + (( validation_error=validation_error+1 )) + _msg_error "Validating build mode '${_buildmode}': 'cat' compression does not accept arguments!" 0 + fi + ;; + *) + (( validation_error=validation_error+1 )) + _msg_error "Validating build mode '${_buildmode}': '${bootstrap_tarball_compression[0]}' is not a supported compression method!" 0 + ;; + esac + fi } _validate_common_requirements_buildmode_iso_netboot() { @@ -1632,6 +1659,25 @@ _add_xorrisofs_options_uefi-x64.grub.eltorito() { # Build bootstrap image _build_bootstrap_image() { + local tarball_ext + + # Set default tarball compression to uncompressed + if (( ! "${#bootstrap_tarball_compression[@]}" )); then + bootstrap_tarball_compression=('cat') + fi + + # Set tarball extension + case "${bootstrap_tarball_compression[0]}" in + 'cat') tarball_ext='' ;; + 'bzip') tarball_ext='.b2z' ;; + 'gzip') tarball_ext='.gz' ;; + 'lrzip') tarball_ext='.lrz' ;; + 'lzip') tarball_ext='.lz' ;; + 'lzop') tarball_ext='.lzo' ;; + 'zstd'|'zstdmt') tarball_ext='.zst' ;; + *) _msg_error 'Unsupported compression!' 1 ;; + esac + local _bootstrap_parent _bootstrap_parent="$(dirname -- "${pacstrap_dir}")" @@ -1640,9 +1686,10 @@ _build_bootstrap_image() { cd -- "${_bootstrap_parent}" _msg_info "Creating bootstrap image..." - bsdtar -cf - "root.${arch}" | gzip -cn9 >"${out_dir}/${image_name}" + rm -f -- "${out_dir:?}/${image_name:?}${tarball_ext}" + bsdtar -cf - "root.${arch}" | "${bootstrap_tarball_compression[@]}" >"${out_dir}/${image_name}${tarball_ext}" _msg_info "Done!" - du -h -- "${out_dir}/${image_name}" + du -h -- "${out_dir}/${image_name}${tarball_ext}" cd -- "${OLDPWD}" } @@ -1945,7 +1992,7 @@ _build_iso_base() { # Build the bootstrap buildmode _build_buildmode_bootstrap() { - local image_name="${iso_name}-bootstrap-${iso_version}-${arch}.tar.gz" + local image_name="${iso_name}-bootstrap-${iso_version}-${arch}.tar" local run_once_mode="${buildmode}" local buildmode_packages="${bootstrap_packages}" # Set the package list to use diff --git a/docs/README.profile.rst b/docs/README.profile.rst index 5a0c0bd..d1f6bc3 100644 --- a/docs/README.profile.rst +++ b/docs/README.profile.rst @@ -66,6 +66,8 @@ The image file is constructed from some of the variables in ``profiledef.sh``: ` - ``erofs``: Create an EROFS image for the airootfs work directory * ``airootfs_image_tool_options``: An array of options to pass to the tool to create the airootfs image. ``mksquashfs`` and ``mkfs.erofs`` are supported. See ``mksquashfs --help`` or ``mkfs.erofs --help`` for all possible options +* ``bootstrap_tarball_compression``: An array containing the compression program and arguments passed to it for + compressing the bootstrap tarball (defaults to ``cat``). For example: ``bootstrap_tarball_compression=(zstd -c -T0 --long -19)``. * ``file_permissions``: An associative array that lists files and/or directories who need specific ownership or permissions. The array's keys contain the path and the value is a colon separated list of owner UID, owner GID and access mode. E.g. ``file_permissions=(["/etc/shadow"]="0:0:400")``. When directories are listed with a trailing backslash (``/``) **all** files and directories contained within the listed directory will have the same owner UID, owner GID, and access mode applied recursively. -- cgit v1.2.3-54-g00ecf From 4df73069248708d716cef4773ebb3f80dad66a4b Mon Sep 17 00:00:00 2001 From: nl6720 Date: Wed, 27 Mar 2024 11:02:30 +0200 Subject: configs/*/profiledef.sh: set bootstrap_tarball_compression * bootstrap will use .tar.zst with `zstd -c -T0 --long -19`, * releng will retain .tar.gz with `gzip -cn9` for now. This will later be changed as part of https://gitlab.archlinux.org/archlinux/archiso/-/issues/130. --- CHANGELOG.rst | 2 +- configs/baseline/profiledef.sh | 1 + configs/releng/profiledef.sh | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 2f234fe..ceff6d1 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -10,7 +10,7 @@ Added - Add a man page for ``mkarchiso``. - Implement configurable bootstrap tarball compression. It is configured in ``profiledef.sh`` using a bash array called - ``bootstrap_tarball_compression``. + ``bootstrap_tarball_compression``. baseline tarball now uses zstd compression while releng remains with gzip for now. Changed ------- diff --git a/configs/baseline/profiledef.sh b/configs/baseline/profiledef.sh index 913ff8a..618235a 100644 --- a/configs/baseline/profiledef.sh +++ b/configs/baseline/profiledef.sh @@ -15,6 +15,7 @@ arch="x86_64" pacman_conf="pacman.conf" airootfs_image_type="erofs" airootfs_image_tool_options=('-zlzma,109' -E 'ztailpacking,fragments,dedupe') +bootstrap_tarball_compression=(zstd -c -T0 --long -19) file_permissions=( ["/etc/shadow"]="0:0:400" ) diff --git a/configs/releng/profiledef.sh b/configs/releng/profiledef.sh index 12d70c6..4603210 100644 --- a/configs/releng/profiledef.sh +++ b/configs/releng/profiledef.sh @@ -15,6 +15,7 @@ arch="x86_64" pacman_conf="pacman.conf" airootfs_image_type="squashfs" airootfs_image_tool_options=('-comp' 'xz' '-Xbcj' 'x86' '-b' '1M' '-Xdict-size' '1M') +bootstrap_tarball_compression=(gzip -cn9) file_permissions=( ["/etc/shadow"]="0:0:400" ["/root"]="0:0:750" -- cgit v1.2.3-54-g00ecf From 7b1d6a7b14b08a8d2cebb1321fd3ed93ab920f12 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Sat, 30 Mar 2024 23:12:43 +0200 Subject: Add changelog for 76 --- CHANGELOG.rst | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index ceff6d1..9a7e255 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -8,6 +8,24 @@ Changelog Added ----- +Changed +------- + +Deprecated +---------- + +Fixed +----- + +Removed +------- + +[76] - 2024-03-30 +================= + +Added +----- + - Add a man page for ``mkarchiso``. - Implement configurable bootstrap tarball compression. It is configured in ``profiledef.sh`` using a bash array called ``bootstrap_tarball_compression``. baseline tarball now uses zstd compression while releng remains with gzip for now. @@ -21,12 +39,6 @@ Changed - Skip including external microcode images in build artifacts if the initramfs file contains ``early_cpio`` (indicating an early uncompressed CPIO archive which should have the microcode update files). -Deprecated ----------- - -Fixed ------ - Removed ------- -- cgit v1.2.3-54-g00ecf From 4136bfe085c8900452390d6521f872b439196fa9 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Mon, 1 Apr 2024 19:23:12 +0300 Subject: mkarchiso: copy Memtest86+ for uefi-x64.systemd-boot.* boot modes If the Memtest86+ EFI binary exists, copy it to the EFI system partition (`efiboot.img`) and also to ISO 9660. Implements https://gitlab.archlinux.org/archlinux/archiso/-/issues/228 --- CHANGELOG.rst | 2 ++ archiso/mkarchiso | 26 +++++++++++++++++++++++++- 2 files changed, 27 insertions(+), 1 deletion(-) (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 9a7e255..16359f1 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -8,6 +8,8 @@ Changelog Added ----- +- Copy Memtest86+ EFI binary to the EFI system partition and ISO 9660 for ``uefi-x86.systemd-boot`` boot modes. + Changed ------- diff --git a/archiso/mkarchiso b/archiso/mkarchiso index e3b582f..5d175e2 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -848,13 +848,16 @@ _make_common_bootmode_systemd-boot() { # shellcheck disable=SC2076 if [[ " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.esp ' || " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.eltorito ' ]]; then efiboot_files+=("${pacstrap_dir}/usr/lib/systemd/boot/efi/systemd-bootx64.efi" - "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi") + "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" + "${pacstrap_dir}/boot/memtest86+/memtest.efi" + "${pacstrap_dir}/usr/share/licenses/spdx/GPL-2.0-only.txt") fi # shellcheck disable=SC2076 if [[ " ${bootmodes[*]} " =~ ' uefi-ia32.systemd-boot.esp ' || " ${bootmodes[*]} " =~ ' uefi-ia32.systemd-boot.eltorito ' ]]; then efiboot_files+=("${pacstrap_dir}/usr/lib/systemd/boot/efi/systemd-bootia32.efi" "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi") fi + efiboot_files+=("${work_dir}/loader/" "${pacstrap_dir}/boot/vmlinuz-"* "${pacstrap_dir}/boot/initramfs-"*".img" @@ -912,6 +915,15 @@ _make_bootmode_uefi-x64.systemd-boot.esp() { "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" ::/shellx64.efi fi + # Copy Memtest86+ + if [[ -e "${pacstrap_dir}/boot/memtest86+/memtest.efi" ]]; then + mmd -i "${efibootimg}" ::/boot ::/boot/memtest86+ + mcopy -i "${efibootimg}" \ + "${pacstrap_dir}/boot/memtest86+/memtest.efi" ::/boot/memtest86+/ + mcopy -i "${efibootimg}" \ + "${pacstrap_dir}/usr/share/licenses/spdx/GPL-2.0-only.txt" ::/boot/memtest86+/LICENSE + fi + # Copy kernel and initramfs to FAT image. # systemd-boot can only access files from the EFI system partition it was launched from. _run_once _make_boot_on_fat @@ -947,6 +959,13 @@ _make_bootmode_uefi-x64.systemd-boot.eltorito() { install -m 0644 -- "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" "${isofs_dir}/shellx64.efi" fi + # Copy Memtest86+ + if [[ -e "${pacstrap_dir}/boot/memtest86+/memtest.efi" ]]; then + install -d -m 0755 -- "${isofs_dir}/boot/memtest86+/" + install -m 0644 -- "${pacstrap_dir}/boot/memtest86+/memtest.efi" "${isofs_dir}/boot/memtest86+/memtest.efi" + install -m 0644 -- "${pacstrap_dir}/usr/share/licenses/spdx/GPL-2.0-only.txt" "${isofs_dir}/boot/memtest86+/LICENSE" + fi + _msg_info "Done!" } @@ -1098,6 +1117,11 @@ _validate_requirements_bootmode_uefi-x64.systemd-boot.esp() { _msg_error "Validating '${bootmode}': cannot be used with bootmode uefi-x64.grub.esp!" 0 fi _validate_requirements_common_systemd-boot + + # shellcheck disable=SC2076 + if [[ ! " ${pkg_list[*]} " =~ ' memtest86+-efi ' ]]; then + _msg_info "Validating '${bootmode}': 'memtest86+-efi' is not in the package list. Memory testing will not be available from systemd-boot." + fi } _validate_requirements_bootmode_uefi-x64.systemd-boot.eltorito() { -- cgit v1.2.3-54-g00ecf From d3c8f38eadd3b0ffc454733f6b1624f86d947d4b Mon Sep 17 00:00:00 2001 From: nl6720 Date: Mon, 1 Apr 2024 19:28:28 +0300 Subject: Add configs/releng/efiboot/loader/entries/03-archiso-x86_64-memtest86+.conf Create a boot entry for Memtest86+. Implements https://gitlab.archlinux.org/archlinux/archiso/-/issues/228 --- CHANGELOG.rst | 1 + .../releng/efiboot/loader/entries/03-archiso-x86_64-memtest86+.conf | 3 +++ 2 files changed, 4 insertions(+) create mode 100644 configs/releng/efiboot/loader/entries/03-archiso-x86_64-memtest86+.conf (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 16359f1..02bf408 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -9,6 +9,7 @@ Added ----- - Copy Memtest86+ EFI binary to the EFI system partition and ISO 9660 for ``uefi-x86.systemd-boot`` boot modes. + Additionally, create a boot entry with it for the releng profile. Changed ------- diff --git a/configs/releng/efiboot/loader/entries/03-archiso-x86_64-memtest86+.conf b/configs/releng/efiboot/loader/entries/03-archiso-x86_64-memtest86+.conf new file mode 100644 index 0000000..d0b305c --- /dev/null +++ b/configs/releng/efiboot/loader/entries/03-archiso-x86_64-memtest86+.conf @@ -0,0 +1,3 @@ +title Memtest86+ +sort-key 03 +efi /boot/memtest86+/memtest.efi -- cgit v1.2.3-54-g00ecf From 57ccf8ef5706be307443f0e17dbf6803e5a230ba Mon Sep 17 00:00:00 2001 From: nl6720 Date: Mon, 1 Apr 2024 19:46:26 +0300 Subject: mkarchiso: fix requirement validation logic for uefi-ia32.systemd-boot.eltorito `uefi-ia32.systemd-boot.eltorito` has the same requirements as `uefi-ia32.systemd-boot.esp`, not the same as `uefi-x64.systemd-boot.esp`. Fixes: 5e72546e89024a9e8095c75be6ca86312f5c376a ("mkarchiso: add uefi-ia32.systemd-boot.esp and uefi-ia32.systemd-boot.eltorito boot modes") --- CHANGELOG.rst | 3 +++ archiso/mkarchiso | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 02bf408..388cba3 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -20,6 +20,9 @@ Deprecated Fixed ----- +- Fix requirement validation logic for the ``uefi-ia32.systemd-boot.eltorito`` boot mode. It incorrectly applied the + same requirements as ``uefi-x64.systemd-boot.esp``. + Removed ------- diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 5d175e2..2a8c02f 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1150,7 +1150,7 @@ _validate_requirements_bootmode_uefi-ia32.systemd-boot.eltorito() { fi # uefi-ia32.systemd-boot.eltorito has the exact same requirements as uefi-ia32.systemd-boot.esp - _validate_requirements_bootmode_uefi-x64.systemd-boot.esp + _validate_requirements_bootmode_uefi-ia32.systemd-boot.esp } _validate_requirements_bootmode_uefi-ia32.grub.esp() { -- cgit v1.2.3-54-g00ecf From 924a97aeb1a5ed03529aa766f579a145ae67261a Mon Sep 17 00:00:00 2001 From: nl6720 Date: Thu, 11 Apr 2024 16:13:30 +0300 Subject: configs/releng/profiledef.sh: use zstd compression for bootstrap image The zstd tool has now been around for a while, so the availability of it should not be a concern anymore. Unlike gzip which was used until now, zstd offers higher compression while still being faster (and multi-threaded). The `--auto-threads=logical` option is used just so that there is some difference between the releng and baseline profiles. Everyone using the official Arch Linux bootstrap tarball (previously `archlinux-bootstrap-YYYY.MM.DD-x86_64.tar.gz` or `archlinux-bootstrap-x86_64.tar.gz`) will need to update their scripts and etc. to use `archlinux-bootstrap-YYYY.MM.DD-x86_64.tar.zst` or `archlinux-bootstrap-x86_64.tar.zst` instead. Implements https://gitlab.archlinux.org/archlinux/archiso/-/issues/130 --- CHANGELOG.rst | 2 ++ configs/releng/profiledef.sh | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 388cba3..0592b94 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -14,6 +14,8 @@ Added Changed ------- +- Change releng profile's bootstrap tarball compression from gzip to zstd. zstd provides higher and faster compression. + Deprecated ---------- diff --git a/configs/releng/profiledef.sh b/configs/releng/profiledef.sh index 4603210..06e488d 100644 --- a/configs/releng/profiledef.sh +++ b/configs/releng/profiledef.sh @@ -15,7 +15,7 @@ arch="x86_64" pacman_conf="pacman.conf" airootfs_image_type="squashfs" airootfs_image_tool_options=('-comp' 'xz' '-Xbcj' 'x86' '-b' '1M' '-Xdict-size' '1M') -bootstrap_tarball_compression=(gzip -cn9) +bootstrap_tarball_compression=('zstd' '-c' '-T0' '--auto-threads=logical' '--long' '-19') file_permissions=( ["/etc/shadow"]="0:0:400" ["/root"]="0:0:750" -- cgit v1.2.3-54-g00ecf From 2facc4630cd3677e5c61705a25d5d5594fd0cc80 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Mon, 1 Apr 2024 18:39:09 +0300 Subject: configs/releng/: use mkinitcpio's microcode hook instead of external microcode images This simplifies boot loader configuration, but custom PXE setups will be forced to update theirs. Implements https://gitlab.archlinux.org/archlinux/archiso/-/issues/226 --- CHANGELOG.rst | 2 ++ configs/releng/airootfs/etc/mkinitcpio.conf.d/archiso.conf | 2 +- configs/releng/efiboot/loader/entries/01-archiso-x86_64-linux.conf | 2 -- .../efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf | 2 -- configs/releng/grub/grub.cfg | 4 ++-- configs/releng/grub/loopback.cfg | 4 ++-- configs/releng/syslinux/archiso_pxe-linux.cfg | 6 +++--- configs/releng/syslinux/archiso_sys-linux.cfg | 4 ++-- 8 files changed, 12 insertions(+), 14 deletions(-) (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 0592b94..a41a43d 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -15,6 +15,8 @@ Changed ------- - Change releng profile's bootstrap tarball compression from gzip to zstd. zstd provides higher and faster compression. +- Use mkinitcpio's ``microcode`` hook instead of external microcode images to simplify boot loader configuration. + Custom PXE setups will need to update their boot loader configuration. Deprecated ---------- diff --git a/configs/releng/airootfs/etc/mkinitcpio.conf.d/archiso.conf b/configs/releng/airootfs/etc/mkinitcpio.conf.d/archiso.conf index b4b3095..98dd514 100644 --- a/configs/releng/airootfs/etc/mkinitcpio.conf.d/archiso.conf +++ b/configs/releng/airootfs/etc/mkinitcpio.conf.d/archiso.conf @@ -1,2 +1,2 @@ -HOOKS=(base udev modconf kms memdisk archiso archiso_loop_mnt archiso_pxe_common archiso_pxe_nbd archiso_pxe_http archiso_pxe_nfs block filesystems keyboard) +HOOKS=(base udev microcode modconf kms memdisk archiso archiso_loop_mnt archiso_pxe_common archiso_pxe_nbd archiso_pxe_http archiso_pxe_nfs block filesystems keyboard) COMPRESSION="xz" diff --git a/configs/releng/efiboot/loader/entries/01-archiso-x86_64-linux.conf b/configs/releng/efiboot/loader/entries/01-archiso-x86_64-linux.conf index 2506f07..9df6b0a 100644 --- a/configs/releng/efiboot/loader/entries/01-archiso-x86_64-linux.conf +++ b/configs/releng/efiboot/loader/entries/01-archiso-x86_64-linux.conf @@ -1,7 +1,5 @@ title Arch Linux install medium (x86_64, UEFI) sort-key 01 linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux -initrd /%INSTALL_DIR%/boot/intel-ucode.img -initrd /%INSTALL_DIR%/boot/amd-ucode.img initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img options archisobasedir=%INSTALL_DIR% archisodevice=UUID=%ARCHISO_UUID% diff --git a/configs/releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf b/configs/releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf index 6928a10..865b37f 100644 --- a/configs/releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf +++ b/configs/releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf @@ -1,7 +1,5 @@ title Arch Linux install medium (x86_64, UEFI) with speech sort-key 02 linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux -initrd /%INSTALL_DIR%/boot/intel-ucode.img -initrd /%INSTALL_DIR%/boot/amd-ucode.img initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img options archisobasedir=%INSTALL_DIR% archisodevice=UUID=%ARCHISO_UUID% accessibility=on diff --git a/configs/releng/grub/grub.cfg b/configs/releng/grub/grub.cfg index 3486753..6b64947 100644 --- a/configs/releng/grub/grub.cfg +++ b/configs/releng/grub/grub.cfg @@ -63,13 +63,13 @@ timeout_style=menu menuentry "Arch Linux install medium (%ARCH%, ${archiso_platform})" --class arch --class gnu-linux --class gnu --class os --id 'archlinux' { set gfxpayload=keep linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisodevice=UUID=${ARCHISO_UUID} - initrd /%INSTALL_DIR%/boot/intel-ucode.img /%INSTALL_DIR%/boot/amd-ucode.img /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img + initrd /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img } menuentry "Arch Linux install medium with speakup screen reader (%ARCH%, ${archiso_platform})" --hotkey s --class arch --class gnu-linux --class gnu --class os --id 'archlinux-accessibility' { set gfxpayload=keep linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisodevice=UUID=${ARCHISO_UUID} accessibility=on - initrd /%INSTALL_DIR%/boot/intel-ucode.img /%INSTALL_DIR%/boot/amd-ucode.img /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img + initrd /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img } diff --git a/configs/releng/grub/loopback.cfg b/configs/releng/grub/loopback.cfg index 3ee0d33..d7d5ece 100644 --- a/configs/releng/grub/loopback.cfg +++ b/configs/releng/grub/loopback.cfg @@ -31,13 +31,13 @@ timeout_style=menu menuentry "Arch Linux install medium (%ARCH%, ${archiso_platform})" --class arch --class gnu-linux --class gnu --class os --id 'archlinux' { set gfxpayload=keep linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux archisobasedir=%INSTALL_DIR% img_dev=UUID=${archiso_img_dev_uuid} img_loop="${iso_path}" - initrd /%INSTALL_DIR%/boot/intel-ucode.img /%INSTALL_DIR%/boot/amd-ucode.img /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img + initrd /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img } menuentry "Arch Linux install medium with speakup screen reader (%ARCH%, ${archiso_platform})" --hotkey s --class arch --class gnu-linux --class gnu --class os --id 'archlinux-accessibility' { set gfxpayload=keep linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux archisobasedir=%INSTALL_DIR% img_dev=UUID=${archiso_img_dev_uuid} img_loop="${iso_path}" accessibility=on - initrd /%INSTALL_DIR%/boot/intel-ucode.img /%INSTALL_DIR%/boot/amd-ucode.img /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img + initrd /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img } diff --git a/configs/releng/syslinux/archiso_pxe-linux.cfg b/configs/releng/syslinux/archiso_pxe-linux.cfg index 305b8fd..2d681d8 100644 --- a/configs/releng/syslinux/archiso_pxe-linux.cfg +++ b/configs/releng/syslinux/archiso_pxe-linux.cfg @@ -5,7 +5,7 @@ It allows you to install Arch Linux or perform system maintenance. ENDTEXT MENU LABEL Arch Linux install medium (x86_64, NBD) LINUX ::/%INSTALL_DIR%/boot/x86_64/vmlinuz-linux -INITRD ::/%INSTALL_DIR%/boot/intel-ucode.img,::/%INSTALL_DIR%/boot/amd-ucode.img,::/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img +INITRD ::/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img APPEND archisobasedir=%INSTALL_DIR% archisodevice=UUID=%ARCHISO_UUID% archiso_nbd_srv=${pxeserver} cms_verify=y SYSAPPEND 3 @@ -16,7 +16,7 @@ It allows you to install Arch Linux or perform system maintenance. ENDTEXT MENU LABEL Arch Linux install medium (x86_64, NFS) LINUX ::/%INSTALL_DIR%/boot/x86_64/vmlinuz-linux -INITRD ::/%INSTALL_DIR%/boot/intel-ucode.img,::/%INSTALL_DIR%/boot/amd-ucode.img,::/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img +INITRD ::/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img APPEND archisobasedir=%INSTALL_DIR% archiso_nfs_srv=${pxeserver}:/run/archiso/bootmnt cms_verify=y SYSAPPEND 3 @@ -27,6 +27,6 @@ It allows you to install Arch Linux or perform system maintenance. ENDTEXT MENU LABEL Arch Linux install medium (x86_64, HTTP) LINUX ::/%INSTALL_DIR%/boot/x86_64/vmlinuz-linux -INITRD ::/%INSTALL_DIR%/boot/intel-ucode.img,::/%INSTALL_DIR%/boot/amd-ucode.img,::/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img +INITRD ::/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img APPEND archisobasedir=%INSTALL_DIR% archiso_http_srv=http://${pxeserver}/ cms_verify=y SYSAPPEND 3 diff --git a/configs/releng/syslinux/archiso_sys-linux.cfg b/configs/releng/syslinux/archiso_sys-linux.cfg index 950dc48..d5898d1 100644 --- a/configs/releng/syslinux/archiso_sys-linux.cfg +++ b/configs/releng/syslinux/archiso_sys-linux.cfg @@ -5,7 +5,7 @@ It allows you to install Arch Linux or perform system maintenance. ENDTEXT MENU LABEL Arch Linux install medium (x86_64, BIOS) LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux -INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img +INITRD /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img APPEND archisobasedir=%INSTALL_DIR% archisodevice=UUID=%ARCHISO_UUID% # Accessibility boot option @@ -16,5 +16,5 @@ It allows you to install Arch Linux or perform system maintenance with speech fe ENDTEXT MENU LABEL Arch Linux install medium (x86_64, BIOS) with ^speech LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux -INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img +INITRD /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img APPEND archisobasedir=%INSTALL_DIR% archisodevice=UUID=%ARCHISO_UUID% accessibility=on -- cgit v1.2.3-54-g00ecf From 43e4d9ce364a4776f6f8873dcfb1e53e86211feb Mon Sep 17 00:00:00 2001 From: nl6720 Date: Fri, 5 Apr 2024 13:33:45 +0300 Subject: configs/: replace archisodevice boot parameter with archisosearchuuid `archisosearchuuid=` first searches for a matching UUID. If that fails, then it mounts and looks for a `/boot/${archisosearchuuid}.uuid` file in all detected block devices (in whatever order `blkid` lists them). This implements "file system transposition" without relaying on boot loader specific features and does not tie us to GRUB anymore. Related to https://gitlab.archlinux.org/archlinux/mkinitcpio/mkinitcpio-archiso/-/merge_requests/48 Fixes https://gitlab.archlinux.org/archlinux/archiso/-/issues/217 --- CHANGELOG.rst | 2 ++ .../efiboot/loader/entries/01-archiso-x86_64-linux.conf | 2 +- configs/baseline/grub/grub.cfg | 11 +---------- configs/baseline/syslinux/syslinux-linux.cfg | 2 +- .../efiboot/loader/entries/01-archiso-x86_64-linux.conf | 2 +- .../loader/entries/02-archiso-x86_64-speech-linux.conf | 2 +- configs/releng/grub/grub.cfg | 13 ++----------- configs/releng/syslinux/archiso_pxe-linux.cfg | 2 +- configs/releng/syslinux/archiso_sys-linux.cfg | 4 ++-- 9 files changed, 12 insertions(+), 28 deletions(-) (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index a41a43d..d706e9b 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -17,6 +17,8 @@ Changed - Change releng profile's bootstrap tarball compression from gzip to zstd. zstd provides higher and faster compression. - Use mkinitcpio's ``microcode`` hook instead of external microcode images to simplify boot loader configuration. Custom PXE setups will need to update their boot loader configuration. +- Replace ``archisodevice`` boot parameter with ``archisosearchuuid`` in all boot loader configuration. This allows to + have "file system transposition" without relaying on GRUB-specific features. Deprecated ---------- diff --git a/configs/baseline/efiboot/loader/entries/01-archiso-x86_64-linux.conf b/configs/baseline/efiboot/loader/entries/01-archiso-x86_64-linux.conf index 68c1d2c..3193768 100644 --- a/configs/baseline/efiboot/loader/entries/01-archiso-x86_64-linux.conf +++ b/configs/baseline/efiboot/loader/entries/01-archiso-x86_64-linux.conf @@ -1,4 +1,4 @@ title Arch Linux (x86_64, UEFI) linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -options archisobasedir=%INSTALL_DIR% archisodevice=UUID=%ARCHISO_UUID% +options archisobasedir=%INSTALL_DIR% archisosearchuuid=%ARCHISO_UUID% diff --git a/configs/baseline/grub/grub.cfg b/configs/baseline/grub/grub.cfg index c76657b..38164bd 100644 --- a/configs/baseline/grub/grub.cfg +++ b/configs/baseline/grub/grub.cfg @@ -27,15 +27,6 @@ if serial --unit=0 --speed=115200; then terminal_output --append serial fi -# Search for the ISO volume -if [ -z "${ARCHISO_UUID}" ]; then - if [ -z "${ARCHISO_HINT}" ]; then - regexp --set=1:ARCHISO_HINT '^\(([^)]+)\)' "${cmdpath}" - fi - search --no-floppy --set=root --file '%ARCHISO_SEARCH_FILENAME%' --hint "${ARCHISO_HINT}" - probe --set ARCHISO_UUID --fs-uuid "${root}" -fi - # Get a human readable platform identifier if [ "${grub_platform}" == 'efi' ]; then archiso_platform='UEFI' @@ -62,7 +53,7 @@ timeout_style=menu menuentry "Arch Linux (%ARCH%, ${archiso_platform})" --class arch --class gnu-linux --class gnu --class os --id 'archlinux' { set gfxpayload=keep - linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisodevice=UUID=${ARCHISO_UUID} + linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisosearchuuid=%ARCHISO_UUID% initrd /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img } diff --git a/configs/baseline/syslinux/syslinux-linux.cfg b/configs/baseline/syslinux/syslinux-linux.cfg index 3fd9da5..25b9d1b 100644 --- a/configs/baseline/syslinux/syslinux-linux.cfg +++ b/configs/baseline/syslinux/syslinux-linux.cfg @@ -2,4 +2,4 @@ LABEL arch MENU LABEL Arch Linux (x86_64, BIOS) LINUX /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux INITRD /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archisodevice=UUID=%ARCHISO_UUID% +APPEND archisobasedir=%INSTALL_DIR% archisosearchuuid=%ARCHISO_UUID% diff --git a/configs/releng/efiboot/loader/entries/01-archiso-x86_64-linux.conf b/configs/releng/efiboot/loader/entries/01-archiso-x86_64-linux.conf index 9df6b0a..bc8ab33 100644 --- a/configs/releng/efiboot/loader/entries/01-archiso-x86_64-linux.conf +++ b/configs/releng/efiboot/loader/entries/01-archiso-x86_64-linux.conf @@ -2,4 +2,4 @@ title Arch Linux install medium (x86_64, UEFI) sort-key 01 linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -options archisobasedir=%INSTALL_DIR% archisodevice=UUID=%ARCHISO_UUID% +options archisobasedir=%INSTALL_DIR% archisosearchuuid=%ARCHISO_UUID% diff --git a/configs/releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf b/configs/releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf index 865b37f..c0cb1c8 100644 --- a/configs/releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf +++ b/configs/releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf @@ -2,4 +2,4 @@ title Arch Linux install medium (x86_64, UEFI) with speech sort-key 02 linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -options archisobasedir=%INSTALL_DIR% archisodevice=UUID=%ARCHISO_UUID% accessibility=on +options archisobasedir=%INSTALL_DIR% archisosearchuuid=%ARCHISO_UUID% accessibility=on diff --git a/configs/releng/grub/grub.cfg b/configs/releng/grub/grub.cfg index 6b64947..25194a3 100644 --- a/configs/releng/grub/grub.cfg +++ b/configs/releng/grub/grub.cfg @@ -27,15 +27,6 @@ if serial --unit=0 --speed=115200; then terminal_output --append serial fi -# Search for the ISO volume -if [ -z "${ARCHISO_UUID}" ]; then - if [ -z "${ARCHISO_HINT}" ]; then - regexp --set=1:ARCHISO_HINT '^\(([^)]+)\)' "${cmdpath}" - fi - search --no-floppy --set=root --file '%ARCHISO_SEARCH_FILENAME%' --hint "${ARCHISO_HINT}" - probe --set ARCHISO_UUID --fs-uuid "${root}" -fi - # Get a human readable platform identifier if [ "${grub_platform}" == 'efi' ]; then archiso_platform='UEFI' @@ -62,13 +53,13 @@ timeout_style=menu menuentry "Arch Linux install medium (%ARCH%, ${archiso_platform})" --class arch --class gnu-linux --class gnu --class os --id 'archlinux' { set gfxpayload=keep - linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisodevice=UUID=${ARCHISO_UUID} + linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisosearchuuid=%ARCHISO_UUID% initrd /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img } menuentry "Arch Linux install medium with speakup screen reader (%ARCH%, ${archiso_platform})" --hotkey s --class arch --class gnu-linux --class gnu --class os --id 'archlinux-accessibility' { set gfxpayload=keep - linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisodevice=UUID=${ARCHISO_UUID} accessibility=on + linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisosearchuuid=%ARCHISO_UUID% accessibility=on initrd /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img } diff --git a/configs/releng/syslinux/archiso_pxe-linux.cfg b/configs/releng/syslinux/archiso_pxe-linux.cfg index 2d681d8..5d0f741 100644 --- a/configs/releng/syslinux/archiso_pxe-linux.cfg +++ b/configs/releng/syslinux/archiso_pxe-linux.cfg @@ -6,7 +6,7 @@ ENDTEXT MENU LABEL Arch Linux install medium (x86_64, NBD) LINUX ::/%INSTALL_DIR%/boot/x86_64/vmlinuz-linux INITRD ::/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archisodevice=UUID=%ARCHISO_UUID% archiso_nbd_srv=${pxeserver} cms_verify=y +APPEND archisobasedir=%INSTALL_DIR% archisosearchuuid=%ARCHISO_UUID% archiso_nbd_srv=${pxeserver} cms_verify=y SYSAPPEND 3 LABEL arch64_nfs diff --git a/configs/releng/syslinux/archiso_sys-linux.cfg b/configs/releng/syslinux/archiso_sys-linux.cfg index d5898d1..919e158 100644 --- a/configs/releng/syslinux/archiso_sys-linux.cfg +++ b/configs/releng/syslinux/archiso_sys-linux.cfg @@ -6,7 +6,7 @@ ENDTEXT MENU LABEL Arch Linux install medium (x86_64, BIOS) LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux INITRD /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archisodevice=UUID=%ARCHISO_UUID% +APPEND archisobasedir=%INSTALL_DIR% archisosearchuuid=%ARCHISO_UUID% # Accessibility boot option LABEL arch64speech @@ -17,4 +17,4 @@ ENDTEXT MENU LABEL Arch Linux install medium (x86_64, BIOS) with ^speech LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux INITRD /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archisodevice=UUID=%ARCHISO_UUID% accessibility=on +APPEND archisobasedir=%INSTALL_DIR% archisosearchuuid=%ARCHISO_UUID% accessibility=on -- cgit v1.2.3-54-g00ecf From 024cf1b7101fe778fc7c5d7ab61a045fb30d8056 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Fri, 19 Apr 2024 13:49:18 +0300 Subject: configs/releng/profiledef.sh: change UEFI boot loader from GRUB to systemd-boot While using GRUB as the UEFI boot loader has reduced the size of the ISO, it has brought nothing but pain otherwise: * We cannot use `gfxterm` since it is not visible on some hardware. * GRUB has a a strange and nonsensical limitation where the EFI binary can be built with either support for shim or custom Secure Boot key support, but not both. This means you cannot repack the ISO to use shim + MOK since we currently use `--disable-shim-lock` to provide support for setups with custom keys. * GRUB's EFI binary needs to be built with `grub-mkstandalone` instead of there being a ready made EFI binary in the package. This requires having grub installed on the host system which affects reproducibility. This increases the size of the ISO since systemd-boot cannot boot files from other volumes, i.e. the kernel and initramfs is duplicated in the EFI system partition (the second partition made from `efiboot.img`). Implements https://gitlab.archlinux.org/archlinux/archiso/-/issues/227 --- CHANGELOG.rst | 2 ++ configs/releng/profiledef.sh | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index d706e9b..316fb90 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -19,6 +19,8 @@ Changed Custom PXE setups will need to update their boot loader configuration. - Replace ``archisodevice`` boot parameter with ``archisosearchuuid`` in all boot loader configuration. This allows to have "file system transposition" without relaying on GRUB-specific features. +- Replace GRUB with systemd-boot as the UEFI boot loader for the releng profile. While this increases the ISO size, it + avoids all GRUB-specific annoyances and oddities. Deprecated ---------- diff --git a/configs/releng/profiledef.sh b/configs/releng/profiledef.sh index 06e488d..ce26e79 100644 --- a/configs/releng/profiledef.sh +++ b/configs/releng/profiledef.sh @@ -9,8 +9,8 @@ iso_version="$(date --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +%Y.%m.%d)" install_dir="arch" buildmodes=('iso') bootmodes=('bios.syslinux.mbr' 'bios.syslinux.eltorito' - 'uefi-ia32.grub.esp' 'uefi-x64.grub.esp' - 'uefi-ia32.grub.eltorito' 'uefi-x64.grub.eltorito') + 'uefi-ia32.systemd-boot.esp' 'uefi-x64.systemd-boot.esp' + 'uefi-ia32.systemd-boot.eltorito' 'uefi-x64.systemd-boot.eltorito') arch="x86_64" pacman_conf="pacman.conf" airootfs_image_type="squashfs" -- cgit v1.2.3-54-g00ecf From 34426df6522868aba1c911265318420285e5755a Mon Sep 17 00:00:00 2001 From: nl6720 Date: Sat, 20 Apr 2024 09:39:20 +0300 Subject: Add changelog for 77 --- CHANGELOG.rst | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 316fb90..5773eda 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -8,6 +8,24 @@ Changelog Added ----- +Changed +------- + +Deprecated +---------- + +Fixed +----- + +Removed +------- + +[77] - 2024-04-21 +================= + +Added +----- + - Copy Memtest86+ EFI binary to the EFI system partition and ISO 9660 for ``uefi-x86.systemd-boot`` boot modes. Additionally, create a boot entry with it for the releng profile. @@ -22,18 +40,12 @@ Changed - Replace GRUB with systemd-boot as the UEFI boot loader for the releng profile. While this increases the ISO size, it avoids all GRUB-specific annoyances and oddities. -Deprecated ----------- - Fixed ----- - Fix requirement validation logic for the ``uefi-ia32.systemd-boot.eltorito`` boot mode. It incorrectly applied the same requirements as ``uefi-x64.systemd-boot.esp``. -Removed -------- - [76] - 2024-03-30 ================= -- cgit v1.2.3-54-g00ecf From 969b91f700fab2f8b9c80fbf31cce0f8a1b248e5 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Sat, 4 May 2024 09:34:31 +0300 Subject: mkarchiso: fix check for microcode update files in initramfs images The existence of a ``early_cpio`` file is not enough since mkinitcpio can and will place other files in the early uncompressed CPIO even when the microcode hook is not used. Fixes https://gitlab.archlinux.org/archlinux/archiso/-/issues/231 --- CHANGELOG.rst | 4 ++++ archiso/mkarchiso | 10 +++++----- 2 files changed, 9 insertions(+), 5 deletions(-) (limited to 'CHANGELOG.rst') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 5773eda..a54b169 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -17,6 +17,10 @@ Deprecated Fixed ----- +- Look for microcode update files in the initramfs images when checking if external microcode images are needed. The + existence of a ``early_cpio`` file is not enough since mkinitcpio can and will place other files in the early + uncompressed CPIO even when the ``microcode`` hook is not used. + Removed ------- diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 2a8c02f..98bc248 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -555,14 +555,14 @@ _make_efibootimg() { mmd -i "${efibootimg}" ::/EFI ::/EFI/BOOT } -# Check if initramfs files contain early_cpio -_check_if_initramfs_has_early_cpio() { +# Check if initramfs files contain microcode update files +_check_if_initramfs_has_ucode() { local initrd for initrd in $(compgen -G "${pacstrap_dir}"'/boot/initramfs-*.img'); do - if ! bsdtar -tf "$initrd" early_cpio &>/dev/null; then + if ! bsdtar -tf "$initrd" 'early_cpio' 'kernel/x86/microcode/*.bin' &>/dev/null; then need_external_ucodes=1 - _msg_info "Initramfs file does not contain 'early_cpio'. External microcode initramfs images will be copied." + _msg_info "Initramfs file does not contain microcode update files. External microcode initramfs images will be copied." return fi done @@ -2004,7 +2004,7 @@ _build_iso_base() { _run_once _make_version _run_once _make_customize_airootfs _run_once _make_pkglist - _run_once _check_if_initramfs_has_early_cpio + _run_once _check_if_initramfs_has_ucode if [[ "${buildmode}" == 'netboot' ]]; then _run_once _make_boot_on_iso9660 else -- cgit v1.2.3-54-g00ecf From e567a2ab268e340be608ac442eb13c54c566fbff Mon Sep 17 00:00:00 2001 From: nl6720 Date: Thu, 2 May 2024 10:51:08 +0300 Subject: mkarchiso: do not place the pkglist.x86_64.txt file inside the bootstrap tarball's root.x86_64 directory Keep it inside the archive, but separate from the `root.x86_64` directory to avoid polluting it. --- .gitlab/ci/build_archiso.sh | 2 +- CHANGELOG.rst | 3 +++ archiso/mkarchiso | 11 +++++------ 3 files changed, 9 insertions(+), 7 deletions(-) (limited to 'CHANGELOG.rst') diff --git a/.gitlab/ci/build_archiso.sh b/.gitlab/ci/build_archiso.sh index eec8d75..24112b6 100755 --- a/.gitlab/ci/build_archiso.sh +++ b/.gitlab/ci/build_archiso.sh @@ -152,7 +152,7 @@ create_metrics() { "$(du -m -- "${output}/"*.tar*(.gz|.xz|.zst) | cut -f1)" printf 'bootstrap_package_count{image="%s"} %s\n' \ "${profile}" \ - "$(sort -u -- "${tmpdir}/"*/bootstrap/root.*/pkglist.*.txt | wc -l)" + "$(sort -u -- "${tmpdir}/"*/bootstrap/pkglist.*.txt | wc -l)" ;; esac } >"${_metrics}" diff --git a/CHANGELOG.rst b/CHANGELOG.rst index a54b169..8bb001f 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -11,6 +11,9 @@ Added Changed ------- +- Moved the ``pkglist.x86_64.txt`` file outside the bootstrap tarball's ``root.x86_64`` directly to avoid polluting the + root file system. + Deprecated ---------- diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 98bc248..cd00c9d 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -33,6 +33,7 @@ arch="" pacman_conf="" packages="" bootstrap_packages="" +bootstrap_parent="" pacstrap_dir="" search_filename="" declare -i rm_work_dir=0 @@ -1702,16 +1703,13 @@ _build_bootstrap_image() { *) _msg_error 'Unsupported compression!' 1 ;; esac - local _bootstrap_parent - _bootstrap_parent="$(dirname -- "${pacstrap_dir}")" - [[ -d "${out_dir}" ]] || install -d -- "${out_dir}" - cd -- "${_bootstrap_parent}" + cd -- "${bootstrap_parent}" _msg_info "Creating bootstrap image..." rm -f -- "${out_dir:?}/${image_name:?}${tarball_ext}" - bsdtar -cf - "root.${arch}" | "${bootstrap_tarball_compression[@]}" >"${out_dir}/${image_name}${tarball_ext}" + bsdtar -cf - "root.${arch}" "pkglist.${arch}.txt" | "${bootstrap_tarball_compression[@]}" >"${out_dir}/${image_name}${tarball_ext}" _msg_info "Done!" du -h -- "${out_dir}/${image_name}${tarball_ext}" cd -- "${OLDPWD}" @@ -1961,7 +1959,7 @@ _make_pkglist() { _msg_info "Creating a list of installed packages on live-enviroment..." case "${buildmode}" in "bootstrap") - pacman -Q --sysroot "${pacstrap_dir}" >"${pacstrap_dir}/pkglist.${arch}.txt" + pacman -Q --sysroot "${pacstrap_dir}" >"${bootstrap_parent}/pkglist.${arch}.txt" ;; "iso"|"netboot") install -d -m 0755 -- "${isofs_dir}/${install_dir}" @@ -2024,6 +2022,7 @@ _build_buildmode_bootstrap() { # Set up essential directory paths pacstrap_dir="${work_dir}/${arch}/bootstrap/root.${arch}" + bootstrap_parent="$(dirname -- "${pacstrap_dir}")" [[ -d "${work_dir}" ]] || install -d -- "${work_dir}" install -d -m 0755 -o 0 -g 0 -- "${pacstrap_dir}" -- cgit v1.2.3-54-g00ecf