From 0b8704fe4bda6b9208b5bb9e4060a0aeeea2a669 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Sun, 30 Jul 2023 15:52:51 +0300 Subject: configs/releng/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount: use tmpfs with noswap option Since tmpfs has a `noswap` option, use it instead of ramfs. Unlike ramfs, tmpfs has a limit to its size. This reverts commit 09b0428128700f37bd465eb54c6e45f69c17617d ("configs/releng/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount: use ramfs"). --- configs/releng/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'configs/releng/airootfs/etc/systemd/system') diff --git a/configs/releng/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount b/configs/releng/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount index 0ba0e67..038961e 100644 --- a/configs/releng/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount +++ b/configs/releng/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount @@ -2,7 +2,7 @@ Description=Temporary /etc/pacman.d/gnupg directory [Mount] -What=ramfs +What=tmpfs Where=/etc/pacman.d/gnupg -Type=ramfs -Options=mode=0755 +Type=tmpfs +Options=mode=0755,noswap -- cgit v1.2.3-54-g00ecf From 6c5ab3d3885024bc7a8feb724b721d4b481f13a9 Mon Sep 17 00:00:00 2001 From: David Runge Date: Tue, 29 Aug 2023 20:09:46 +0200 Subject: Use pcsclite for communicating with OpenPGP smartcards As opgpcard uses pcsclite and gnupg is able to use it as well, switch away from using gnupg's internal ccid driver. --- CHANGELOG.rst | 1 + .../airootfs/etc/systemd/system/sockets.target.wants/pcscd.socket | 1 + configs/releng/airootfs/root/.gnupg/scdaemon.conf | 4 ++++ configs/releng/profiledef.sh | 1 + 4 files changed, 7 insertions(+) create mode 120000 configs/releng/airootfs/etc/systemd/system/sockets.target.wants/pcscd.socket create mode 100644 configs/releng/airootfs/root/.gnupg/scdaemon.conf (limited to 'configs/releng/airootfs/etc/systemd/system') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index d941d1a..0cf973a 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -19,6 +19,7 @@ Changed the file system size. - Enable systemd-networkd's support for IPv6 Privacy Extensions globally instead of per-connection. - Moved custom ``sshd_config`` files to ``/ssh/sshd_config.d/10-archiso.conf`` +- Use pcsclite for interfacing with smartcards, since both gnupg and opgpcard support it. Deprecated ---------- diff --git a/configs/releng/airootfs/etc/systemd/system/sockets.target.wants/pcscd.socket b/configs/releng/airootfs/etc/systemd/system/sockets.target.wants/pcscd.socket new file mode 120000 index 0000000..3897c63 --- /dev/null +++ b/configs/releng/airootfs/etc/systemd/system/sockets.target.wants/pcscd.socket @@ -0,0 +1 @@ +/usr/lib/systemd/system/pcscd.socket \ No newline at end of file diff --git a/configs/releng/airootfs/root/.gnupg/scdaemon.conf b/configs/releng/airootfs/root/.gnupg/scdaemon.conf new file mode 100644 index 0000000..e1f3d1f --- /dev/null +++ b/configs/releng/airootfs/root/.gnupg/scdaemon.conf @@ -0,0 +1,4 @@ +disable-ccid +disable-pinpad +pcsc-driver /usr/lib/libpcsclite.so +pcsc-shared diff --git a/configs/releng/profiledef.sh b/configs/releng/profiledef.sh index 4154816..5cba1b5 100644 --- a/configs/releng/profiledef.sh +++ b/configs/releng/profiledef.sh @@ -19,6 +19,7 @@ file_permissions=( ["/etc/shadow"]="0:0:400" ["/root"]="0:0:750" ["/root/.automated_script.sh"]="0:0:755" + ["/root/.gnupg"]="0:0:700" ["/usr/local/bin/choose-mirror"]="0:0:755" ["/usr/local/bin/Installation_guide"]="0:0:755" ["/usr/local/bin/livecd-sound"]="0:0:755" -- cgit v1.2.3-54-g00ecf