Commit Graph

501 Commits

Author SHA1 Message Date
Kristian Klausen
03ac49f64e Remove haveged
haveged was added 8 years ago[1] to increase entropy and presumably to
prevent entropy starvation.

A few things has changed since, most notable:
* the kernel actively tries to add entropy (jitter entropy)[2][3][4][5]
* /dev/random no longer blocks after CRNG initialization[6][7]

[1] d7e790d ("Initialize pacman keyring on bootup")
[2] 3f2dc2798b
[3] 50ee7529ec
[4] https://lore.kernel.org/lkml/alpine.DEB.2.21.1909290010500.2636@nanos.tec.linutronix.de/T/
[5] https://lwn.net/Articles/800509/
[6] 30c08efec8
[7] https://lwn.net/Articles/808575/

Fix #98
2021-02-16 16:33:06 +00:00
nl6720
f9a7b206a5
configs/releng: move locale-gen from customize_airootfs.sh to a pacman hook
This finally removes customize_airootfs.sh from releng.

Fixes https://gitlab.archlinux.org/archlinux/archiso/-/issues/21 .
2021-01-31 11:34:56 +02:00
nl6720
a46c74087f
config/releng: remove pacman hooks specific to ISO build process from airootfs after they run
This works around https://bugs.archlinux.org/task/49347 .
Leaving the hooks in the airootfs image will result in it being run when pacstrap is run in the live environment. This should not happen as they are intended for the ISO build process only.

Fixes https://gitlab.archlinux.org/archlinux/archiso/-/issues/91 .
2021-01-31 09:55:25 +02:00
Michael Vorburger
e7306a309c add cloud-init to baseline 2021-01-27 14:16:43 +00:00
Michael Vorburger
744b8f13ed make baseline have working ethernet networking, like releng 2021-01-27 14:16:43 +00:00
Michael Vorburger
94dd194c22 add SSH server to baseline
inspired by https://wiki.archlinux.org/index.php/Archiso#Prepare_an_ISO_for_an_installation_via_SSH
2021-01-27 14:16:43 +00:00
Michael Vorburger
221a9211e5 use same airootfs_image_tool_options in baseline as in releng 2021-01-27 14:16:43 +00:00
nl6720
4f4047a3f8
configs/releng: move the mirror uncommenting sed command from customize_airootfs.sh to a pacman hook
After pacman-mirrorlist is installed, /etc/pacman.d/hooks/uncomment-mirrors.hook will run a sed command which uncomments all Server lines in /etc/pacman.d/mirrorlist.
This brings us another step closer to the complete removal of customize_airootfs.sh.

Related to https://gitlab.archlinux.org/archlinux/archiso/-/issues/21 .
2021-01-27 00:07:45 +02:00
Michael Vorburger
833cbd5e72 enable SSH server in releng profile 2021-01-23 15:54:31 +00:00
Michael Vorburger
9b03e0b08a add cloud-init to releng 2021-01-23 15:54:31 +00:00
nl6720
a178ff44bc
profiledef.sh: Remove www. from archlinux.org
See https://lists.archlinux.org/pipermail/arch-devops/2020-December/000474.html .
2020-12-26 20:11:06 +02:00
nl6720
8ba2870829
configs/releng/syslinux/archiso_pxe-linux.cfg: add missing /boot to initrd file path
Fixes https://bugs.archlinux.org/task/68803 .
2020-12-01 07:12:31 +02:00
David Runge
c10004dfec
Fix issues with file ownerships/modes
archiso/mkarchiso:
Make sure to always compare absolute paths in `_make_custom_airootfs()` (as `realpath` is used).
Remove `echo` calls that prevent the setting of actual file ownerships and modes.

configs/releng/profiledef.sh:
Set file mode of /root/.automated_script.sh to 755.

Fixes #82
2020-11-30 21:48:08 +01:00
nl6720
863247d0a6
Keep all SYSLINUX files in /syslinux
This gets rid of the duplicate ldlinux.c32 and the useless isolinux.cfg which only points to syslinux.cfg.

Implements https://gitlab.archlinux.org/archlinux/archiso/-/issues/46 .
2020-11-30 16:00:15 +02:00
nl6720
42d9e4f983
Allow specifying ownership and mode of custom airootfs files and directories
profiledef.sh can now contain an associative array called file_permissions which can be used to set custom ownership and mode of custom airootfs files. The array's keys contain the path and the value is a colon separated list of owner UID, owner GID and access mode.
For example:

    file_permissions=(
      ["/etc/shadow"]="0:0:400"
    )

This means that mkarchiso now copies airootfs files (and directores) without permissions and anything that should be owned by a user other than root and/or if the mode should be something other than 644 for files and 755 for directories must to be listed in ${file_permission[@]} in profiledef.sh.

Fixes https://gitlab.archlinux.org/archlinux/archiso/-/issues/61 .
2020-11-30 08:46:24 +02:00
Sven-Hendrik Haase
bb91fd52d9
Use better xz options
Default: 732M
With these options: 675M
2020-11-03 21:17:20 +01:00
nl6720
cc169d7e31
configs/releng/packages.x86_64: add fatresize, gpart and tmux
- fatresize is a utility to resize FAT filesystems using libparted.
- gpart is partition table rescue/guessing tool.
- tmux is a terminal multiplexer. Requested in https://bugs.archlinux.org/task/68252 .
2020-11-01 19:46:32 +02:00
David Runge
40ae3ba97c
Set syslinux bootloader timeout to 15s
configs/releng/syslinux/archiso_sys.cfg:
Set the syslinux bootloader timeout to 15s.
In !97 it has accidentally been set to 1.5s.
2020-10-31 19:12:44 +01:00
David Runge
ee6c5faa86
Set bootloader timeouts to 15s
configs/releng/efiboot/loader/loader.conf,
configs/releng/syslinux/archiso_sys.cfg:

Set the bootloader timeout to 15s, as they have been set to an overly generous 30s in !79.

Fixes #80
2020-10-31 17:53:40 +01:00
Alexander Epaneshnikov
e369ade17d fix a typo, add myself in AUTHORS.rst 2020-10-29 16:55:16 +00:00
David Runge
8bb3e8c12f
Fix linter errors in livecd-sound
configs/releng/airootfs/usr/local/bin/livecd-sound:
Replace oldstyle expr with a bash test in `is_numeric()`.

Replace use of `nword()` with call to `wc -w`.

Quote variables in `pick_a_card()`.

Fixes #78
2020-10-29 15:48:51 +01:00
Alexander Epaneshnikov
6a39300b0f implement accessibility support in archiso
this fixes #67
2020-10-29 12:30:37 +00:00
nl6720
6820f2cb69
Add modconf to HOOKS array in mkinitcpio.conf
The default mkinitcpio.conf includes modconf in HOOKS.
2020-10-29 13:36:27 +02:00
nl6720
3caa30fa2a
configs/releng/packages.x86_64: add squashfs-tools and udftools
- squashfs-tools can be used for system backup. https://wiki.archlinux.org/index.php/Full_system_backup_with_SquashFS
- udftools is needed to format UDF file systems.
2020-10-29 13:34:37 +02:00
David Runge
1bd944ee7c
Remove build.sh support from profiles and mkarchiso
configs/{baseline,releng}/build.sh:
Remove `build.sh` scripts. They were deprecated with v47.

archiso/mkarchiso:
Remove all `build.sh` related functionality (i.e. `command_pkglist()`, `command_iso()`, `command_prepare()`,
`command_install()`, `command_init()`, `command_run()`).

Rename `command_build_profile()` to `_build_profile()` to be more in line with the style of the other function naming.

Change `_show_config()` to only print info about the profile and make no more use of parameters.

Remove all help output related to legacy `build.sh` commands.

Fixes #51
2020-10-29 12:32:48 +01:00
nl6720
ae0e914114
configs/baseline: support UEFI 2020-10-24 19:57:30 +03:00
nl6720
8c047047ab
Split SYSLINUX configuration into per-kernel configuration files
Slightly simplifies adding boot loader configuration for more kernels.
Unfortunately the INCLUDE statement doesn't support wildcards, so each new file must be manually included in the main syslinux configuration file (syslinux.cfg for baseline and archiso_sys.cfg for releng).
2020-09-27 20:54:11 +03:00
nl6720
83e4cb9fb9
Use the same file paths in both ISO 9660 and FAT
This allows to use only one systemd-boot configuration file per kernel.
Fixes https://gitlab.archlinux.org/archlinux/archiso/-/issues/44 .
2020-09-27 20:54:11 +03:00
nl6720
136152e672
Do not rename the initramfs image
This is a breaking change. archweb, archiso-manager and various documentation must be updated.

* https://github.com/archlinux/archweb/blob/master/templates/releng/archlinux.ipxe
* https://github.com/pierres/archiso-manager/blob/master/Makefile
2020-09-27 20:54:10 +03:00
nl6720
9544bbfdf1
configs/releng: remove custom reflector.service and use the service provided by the package
archiso specific options are placed in a /etc/systemd/system/reflector.service.d/archiso.conf drop-in.
2020-09-27 19:55:38 +03:00
David Runge
d90184a7f0
Pass profile directory as parameter to mkarchiso
**archiso/mkarchiso**:

Change all override option parameters (i.e. `-A`, `-C`, `-D`, `-L`, `-P` and `-g`) to not directly override the global
variable they are tied to, but instead using an `override_` prefixed variable.

Add `_set_overrides()` to use `override_` prefixed variables (if set) to override those without a prefix.

Remove `-B` (a profile directory) from the list of parameters. The profile directory is now provided as separate
non-option parameter.

Add a call to `_read_profile()`, `_set_overrides()` and `command_build_profile()` to the fallthrough option of the
switch-case checking `command_name` - a non-option parameter to mkarchiso. This effectively provides the possibility to
set the profile directory using a non-option parameter, while still maintaining compatibility to legacy named arguments
used in the configs' `build.sh` scripts.

Extend the warning in regards to legacy `build.sh` based commands to mkarchiso by providing an EOL with archiso v49.

Change the help output to reflect the changes and further elaborate on the legacy commands used by `build.sh` scripts.

Change help output to be ordered alphabetically.

Add help output for `-r` and `-g` options.

Call `_set_overrides()` for legacy commands that accept one or more of the overriden options (i.e. `command_init`,
`command_install`, `command_prepare` and `command_iso`).

Various style fixes.

**configs/{baseline,releng}/build.sh**:

Change call to mkarchiso to use the profile's directory as a named argument instead of an option-argument.

**README.rst**:

Fix documentation on how to call mkarchiso with a profile directory.

Fix wording and ordering of option arguments for run_archiso documentation.

Fixes #52
2020-08-25 19:06:43 +02:00
nl6720
e6455b885b
archiso/mkarchiso: create an empty /etc/machine-id
Fixes https://gitlab.archlinux.org/archlinux/archiso/-/issues/42 .
2020-08-18 21:27:52 +03:00
nl6720
e9f209efbf
Deprecate build.sh scripts and old mkarchiso commands
Replace build.sh scripts with calls to mkarchiso -B "profiledir" build_profile.

Fixes https://gitlab.archlinux.org/archlinux/archiso/-/issues/37 .
2020-08-17 21:33:20 +03:00
nl6720
7c2247f615
archiso/mkarchiso: allow choosing boot modes from profiledef.sh
Boot mode names are:

- bios_syslinux.mbr: SYSLINUX in MBR
- bios.syslinux.eltorito: SYSLINUX (ISOLINUX) via El Torito
- uefi-x64.systemd-boot.esp: systemd-boot on ESP in MBR
- uefi-x64.systemd-boot.eltorito: systemd-boot on ESP via El Torito

It is not yet possible to create an ISO with only El Torito or only MBR boot modes!
2020-08-17 17:14:06 +03:00
nl6720
1cc7375c25
archiso/mkarchiso: start preparing a build_profile command
Nothing is implemented yet!

configs/releng/profiledef.sh:
A test profile.
2020-08-17 14:22:36 +03:00
nl6720
951b217813
configs/releng/packages.x86_64: replace exfat-utils with exfatprogs
exfatprogs uses the kernel's driver unlike exfat-utils which provides a FUSE driver.
2020-08-11 11:05:44 +03:00
nl6720
e467c69e94
configs/releng/syslinux/archiso_pxe.cfg: add "checksum" and "verify" boot options
An ISO's checksum and GPG validation primarily matters when PXE booting, so it would be appropriate to enable these options for releng.
They should protect against booting a corrupt image.
2020-08-11 09:52:53 +03:00
nl6720
d52d36363e
releng: copy UEFI shell from airootfs instead of the host system
Fixes https://gitlab.archlinux.org/archlinux/archiso/-/issues/35 .
2020-07-30 18:31:25 +03:00
nl6720
0ada52d47f
releng: place custom sshd_config in airootfs
Properly track the file instead of modifying it on-the-fly with customize_airootfs.sh.
See https://gitlab.archlinux.org/archlinux/archiso/-/issues/21 .
2020-07-30 15:53:46 +03:00
David Runge
a96330699f
Use latest synced mirrors instead of age
configs/releng/airootfs/etc/systemd/system/reflector.service:
Use the 70 mirrors synced most recently (--latest) instead of a specific time since last sync (--age).
According to FS#67399 using 1hour as sync age is too short, as it sometimes leads to empty list.
2020-07-30 12:06:57 +02:00
nl6720
b5f04dba2b
Install mkinitcpio-archiso-hooks in airootfs instead of copying the hooks from host 2020-07-30 12:55:12 +03:00
nl6720
ff0c13f90c
Build initramfs images only once
Place custom mkinitcpio.conf in airootfs.
Use a custom mkinitcpio preset to specify generated image file path.
2020-07-29 18:19:42 +03:00
nl6720
a5886ad71e
Remove unnecessary files from releng's airootfs
configs/releng/airootfs/etc/fstab:
/etc/fstab shipped by the filesystem package has only comments. There is no reason to replace it with an empty file.

configs/releng/airootfs/etc/systemd/system/default.target:
There is no harm in booting to graphical.target. releng does not enable (or even install) any service that has {Required,Wanted}By=graphical.target.
2020-07-29 18:10:25 +03:00
David Runge
e264b44682
Add license and basic documentation
LICENSE:
Add GPL-3.0 license.

{{archiso,configs}/*,.editorconfig,.gitlab-ci.yml}:
Add SPDX license identifier.

Makefile:
Add SPDX license identifier.
Install the `run_archiso.sh` script as global executable `run_archiso`.
Use -D and -t flags to install to install files more generically (without a previous call to install the directory).

README.rst:
Add README outlining the project's scope, how to build images from the profiles and how to test.

AUTHORS.rst:
Add list of all direct contributors to the repository.

CONTRIBUTING.rst:
Add basic contribution guidelines, explaining the linter and the license in use.

Closes #7
Closes #3
2020-07-29 14:27:48 +02:00
David Runge
47e11125e4
Copy files more generically
configs/*:
Copy all files that do not need a rename generically (not specifying a destination file name).
Do not rename vmlinuz-linux to vmlinuz or vmlinuz.efi (as this serves no purpose and makes the scripts more
complicated).
Do not rename microcode (i.e. {amd,intel}-ucode.img) when copying them and change all boot loader configuration files
that assume a renamed microcode image.
Add note and link to Arch Linux wiki to state why memtest.bin is renamed to memtest.
Copy license files for {amd,intel}-ucode and memtest more generically by placing them into subdirectories with the same
name as the package (to circumenvent overwriting one other).

Closes #33
2020-07-28 12:13:45 +02:00
nl6720
ba6b44f80a
Copy /etc/skel/ to user's home from build.sh instead of customize_airootfs.sh
Additionally copy the files to all custom user homes, not just root's.
2020-07-28 11:56:59 +03:00
nl6720
b922e8bc9c
Set up custom user home directories and their permissions 2020-07-28 11:56:59 +03:00
nl6720
78fe656042
Deprecate customize_airootfs.sh
Show a deprecation notice if airootfs/root/customize_airootfs.sh is found.
2020-07-28 11:56:58 +03:00
nl6720
df93289b73
Install all packages in one go and don't copy pacman.conf to airootfs
configs/{baseline,releng}/build.sh:
Copy custom files to airootfs before installing packages.
Instead of calling `mkarchiso init`, list all required packages in packages.x86_64 and install them all at once with `mkarchiso install`. The mkdir command which `mkarchiso init` performs is now done by make_custom_airootfs.

configs/releng/build.sh:
Don't copy configs/releng/pacman.conf to airootfs, it is only meant to provide a unmodified pacman.conf durring pacstrap. In airootfs, an unmodified /etc/pacman.conf will be installed with the pacman package.
2020-07-28 11:50:25 +03:00
nl6720
c54a41fb3d
Fix baseline profile
Install linux and mkinitcpio packages.
Remove root user's password.

Fixes https://bugs.archlinux.org/task/64236 .
2020-07-28 11:47:42 +03:00