Commit Graph

1084 Commits

Author SHA1 Message Date
Thomas Bächler
e36e63b8f1 Optionally sign the squashfs files with gpg and add the gpg key to the initramfs
A new option -g <keyid> is added to build.sh set the key id. If it is set, the squashfs files will be signed
by gpg and the gpg key will be added to archiso.img. In order to use this option, a gpg agent must be running.
Since build.sh is executed as root, it may be necessary to set the GNUPGHOME environment variable, for
example

$ su -c "GNUPGHOME=/home/youruser/.gnupg /path/to/build.sh -g yourkeyid"
2016-02-28 17:09:08 -03:00
Thomas Bächler
b644d3e923 Optionally sign the squashfs files with gpg
A new option -g <keyid> is added to set the key id. The squashfs files are only signed if
this option is set.
2016-02-28 17:09:08 -03:00
Thomas Bächler
1a59eb3792 Add the verify=y option to verify the squashfs signature with gpg 2016-02-28 17:09:08 -03:00
Thomas Bächler
249a52d941 Add gpg to the image and optionally create a keyring
If the ARCHISO_GNUPG_FD environment variable is set, its contents will be interpreted as an open file
descriptor and its contents will be used to create a keyring in the initramfs in /gpg.
2016-02-28 17:09:08 -03:00
Christian Hesse
5725183716 fix boot parameters for mount options
Fixes: 03c296cb4f
Signed-off-by: Christian Hesse <mail@eworm.de>
2016-02-04 23:13:28 -03:00
Christian Hesse
03c296cb4f add boot params archisoflags= and cow_flags= for mount options
Having files on btrfs subvolumes requires to give mount options. Add
boot params archisoflags= and cow_flags= for this purpose. Boot
parameters could look like this:

... archisodevice=/dev/sdaX archisoflags=subvolume=isos
cow_device=/dev/sdaX cow_flags=subvolume=persist ...

Signed-off-by: Christian Hesse <mail@eworm.de>
2015-12-13 12:21:43 -03:00
Gerardo Exequiel Pozzi
d1e95f8581 prepare release
Signed-off-by: Gerardo Exequiel Pozzi <vmlinuz386@gmail.com>
2015-09-28 20:08:49 -03:00
Gerardo Exequiel Pozzi
c1e475bf18 [archiso] mkarchiso: Switch to overlayfs by default
If old behaviour is needed use "... -s sfs prepare".

Signed-off-by: Gerardo Exequiel Pozzi <vmlinuz386@gmail.com>
2015-09-28 19:36:58 -03:00
Adam Purkrt
d35d87f252 cleaner boot from loopmounted iso file
Currently, when booting loopmounted iso file, it is necessary to
specify not only img_dev and img_loop (which should be sufficient),
but also archisolabel or archisodevice. With this patch, archisodevice
is directly populated with the correct loop device, and it is not
necessary to specify the label when booting from loopmounted iso,
which makes for leaner and cleaner grub.cfg.
2015-09-13 14:45:20 -03:00
Gerardo Exequiel Pozzi
217a05eb86 [configs/releng] Fix (again) sshd root login
Signed-off-by: Gerardo Exequiel Pozzi <vmlinuz386@gmail.com>
2015-09-11 21:06:55 -03:00
Gerardo Exequiel Pozzi
8e7601caae [configs/releng] Ignore Lid/Sus/Hib switch/keys by logind
Signed-off-by: Gerardo Exequiel Pozzi <vmlinuz386@gmail.com>
2015-08-11 21:45:33 -03:00
Gerardo Exequiel Pozzi
ab14ac64a6 prepare release
Signed-off-by: Gerardo Exequiel Pozzi <vmlinuz386@gmail.com>
2015-07-30 01:13:15 -03:00
Gerardo Exequiel Pozzi
9dfae68fbe [configs/releng] Fix EFI shells URL
Signed-off-by: Gerardo Exequiel Pozzi <vmlinuz386@gmail.com>
2015-07-20 13:04:34 -03:00
Gerardo Exequiel Pozzi
e709474a89 [configs/releng] Update EFI Shells URL
Signed-off-by: Gerardo Exequiel Pozzi <vmlinuz386@gmail.com>
2015-07-18 15:39:48 -03:00
Gerardo Exequiel Pozzi
8de9b98cad [configs/releng] Set old behavior of sshd PermitRootLogin -> yes
Requested at FS#45563

Signed-off-by: Gerardo Exequiel Pozzi <vmlinuz386@gmail.com>
2015-07-09 14:09:53 -03:00
Gerardo Exequiel Pozzi
f1a445ad4e [configs/releng] refind-efi is not used for ISO build, move to packages
Signed-off-by: Gerardo Exequiel Pozzi <vmlinuz386@gmail.com>
2015-06-24 22:18:46 -03:00
Gerardo Exequiel Pozzi
6004782c21 [configs/releng] Move on gummiboot -> systemd-boot
Signed-off-by: Gerardo Exequiel Pozzi <vmlinuz386@gmail.com>
2015-06-24 22:17:29 -03:00
Christian Hesse
f21da59e81 flush ip addresses after copy to RAM
We received an IP address from DHCP server and configure it statically.
This is required if we continue to use network connectivity to access
the root device (for example via NBD or NFS).

The lease is not updated, though. This can cause trouble in networks
with low lease times. So let's flush the addresses if root filesystem
has been copied to RAM. A dhcp client in main system can handle the
network connectivity then.

Signed-off-by: Christian Hesse <mail@eworm.de>
2015-06-24 21:52:40 -03:00
Christian Hesse
dc845b3f13 limit access to cow directory
Signed-off-by: Christian Hesse <mail@eworm.de>
2015-05-29 17:03:10 -03:00
Christian Hesse
b1a397e98d launch interactive shell if ipconfig fails
Signed-off-by: Christian Hesse <mail@eworm.de>
2015-05-29 13:10:42 -03:00
Christian Hesse
b1011376cf explicitly detach loop device on umount and silent losetup error
Umount detaches the loop device automatically, but let's make it
explicit to be sure. Additionally losetup gives:

losetup: /dev/loop0: detach failed: No such device or address

This is kind of expected, let's silent the error message.

Signed-off-by: Christian Hesse <mail@eworm.de>
2015-05-29 13:10:37 -03:00
Gerardo Exequiel Pozzi
f0452f22ca prepare release
Signed-off-by: Gerardo Exequiel Pozzi <vmlinuz386@gmail.com>
2015-04-24 14:19:31 -03:00
Christian Hesse
dced05a847 explicitly detach loop device on umount
I see cases where a stale loop device stays around and fills up my
partition as image file is still in use and does not get unlinked.

Explicitly detach loop device on umount to fix that.

Signed-off-by: Christian Hesse <mail@eworm.de>
2015-04-21 19:24:30 -03:00
Gerardo Exequiel Pozzi
49bd7ce4bd [configs/releng] Remove unused 'arch' user
Signed-off-by: Gerardo Exequiel Pozzi <vmlinuz386@gmail.com>
2015-04-19 17:31:17 -03:00
Gerardo Exequiel Pozzi
2b1d127835 [configs/releng] Fix pacman.conf location when non-default work_dir is used
Fix FS#44620, reported by Lukas B.

Signed-off-by: Gerardo Exequiel Pozzi <vmlinuz386@gmail.com>
2015-04-17 11:26:31 -03:00
Gerardo Exequiel Pozzi
24a9f2fc90 [configs/releng] Add vim-minimal to live-enviroment
Signed-off-by: Gerardo Exequiel Pozzi <vmlinuz386@gmail.com>
2015-04-16 22:10:57 -03:00
Gerardo Exequiel Pozzi
9322a0d3b7 [archiso] Rename cowfile_size to cow_spacesize=
The name is more relevant since the usage is shared for both
dm-snapshot and overlayfs.

Signed-off-by: Gerardo Exequiel Pozzi <vmlinuz386@gmail.com>
2015-01-27 14:37:05 -03:00
Gerardo Exequiel Pozzi
a637bdb857 [archiso] Add optional OverlayFS support
This is the first attemp to test overlayfs in archiso.
The current dm-snapshot mode is keep and is enabled by default,
while the new mode is enabled via "-s sfs" to mkarchiso.
No new boot parameters are added, since archiso hooks detects
if the .sfs file is for dm-snapshot (airootfs.img inside)
or for overlayfs.
Persistence is supported in overlayfs mode using the same options
(cowlabel or cowdevice), but warning while in dm-snapshot mode,
only one file is used (airootfs.cow), in overlayfs mode internal
files for workdir/ and upperdir/ are allocated, so you can not use
VFAT or NTFS.

To test this, you need to enable [testing] in pacman.conf from
releng profile and edit build.sh then add "-s sfs" in make_prepare()

Look at:
    setarch ${arch} mkarchiso ${verbose} -w "${work_dir}" -D "${install_dir}" prepare
Replace with:
    setarch ${arch} mkarchiso ${verbose} -w "${work_dir}" -s sfs -D "${install_dir}" prepare

The build requires just half of space that the build for dm-snapshot,
since there is no ext4 img ;)

Just to remember: there is no space gain in .sfs (just about 2M)

There is at least one thing during boot with machine-id service:
Dec 24 03:31:39 archiso systemd-machine-id-commit[183]: Failed to unmount transient /etc/machine-id file in our private namespace: Invalid argument

Signed-off-by: Gerardo Exequiel Pozzi <vmlinuz386@gmail.com>
2015-01-27 14:37:05 -03:00
Christian Hesse
fe29d5f334 add documentation for cow_chunksize=
Signed-off-by: Christian Hesse <mail@eworm.de>
2015-01-02 15:13:36 -03:00
Christian Hesse
156b9a6093 allow to change dm snapshot chunksize
Copying big amount of data results in bad performance as data is
written in chunks of 4kiB (8 * 512 bytes).

The default is not changed but can be overwritten.

Signed-off-by: Christian Hesse <mail@eworm.de>
2015-01-02 15:13:36 -03:00
Christian Hesse
0b7a77cfc3 use consistent syntax for boot parameter processing
Signed-off-by: Christian Hesse <mail@eworm.de>
2015-01-02 15:13:35 -03:00
Gerardo Exequiel Pozzi
1da2d027c5 [configs/releng] Always install needed pkgs from build.sh
Signed-off-by: Gerardo Exequiel Pozzi <vmlinuz386@gmail.com>
2014-12-21 18:54:24 -03:00
Gerardo Exequiel Pozzi
f5518de732 [archiso] Merge cowspace_size= option in cowfile_size=
Since now cowspace_size == cowfile_size (only one file inside)

Signed-off-by: Gerardo Exequiel Pozzi <vmlinuz386@gmail.com>
2014-12-13 16:53:06 -03:00
Gerardo Exequiel Pozzi
abe198a73a prepare release
Signed-off-by: Gerardo Exequiel Pozzi <vmlinuz386@gmail.com>
2014-10-31 22:36:15 -03:00
Gerardo Exequiel Pozzi
d5ee91554b [configs/releng] Always load intel-ucode in early boot stage
Signed-off-by: Gerardo Exequiel Pozzi <vmlinuz386@gmail.com>
2014-10-31 22:29:33 -03:00
Gerardo Exequiel Pozzi
89e89bd96b [configs/*] Install archiso initcpio files in /etc/initcpio
Signed-off-by: Gerardo Exequiel Pozzi <vmlinuz386@gmail.com>
2014-10-29 20:35:00 -03:00
Gerardo Exequiel Pozzi
edfdd37ba0 [archiso] Change cowfile_size= behavior
Move from percent to explicit size and set a default of 256M (sparse)

Signed-off-by: Gerardo Exequiel Pozzi <vmlinuz386@gmail.com>
2014-10-13 21:15:22 -03:00
Thomas Bächler
ccbeb35a7f prepare release
Signed-off-by: Thomas Bächler <thomas@archlinux.org>
2014-09-02 20:37:04 +02:00
Thomas Bächler
8e1cb0670e releng: Add an empty machine-id in airootfs
This makes systemd generate a machine-id on early boot and prevents it from thinking we need
any "first boot" setup. We really don't want systemd thinking that, since we carefully prepared
our root file system.

This also ensures every live environment has a unique machine id.
2014-09-02 20:28:04 +02:00
Gerardo Exequiel Pozzi
d6ad403a43 prepare release
Signed-off-by: Gerardo Exequiel Pozzi <vmlinuz386@gmail.com>
2014-08-28 19:24:38 -03:00
Gerardo Exequiel Pozzi
9f88990065 [archiso] Disable ext4 resize_inode on airootfs.
Remove unused feature, just to save space
sizeof ext4 image (empty): 4.3M vs 403K (du airootfs.img)
sizeof used space (empty):  48M vs  20K (df)

Thanks Christian Hesse for initial tip.

Signed-off-by: Gerardo Exequiel Pozzi <vmlinuz386@gmail.com>
2014-08-22 20:10:10 -03:00
Gerardo Exequiel Pozzi
b14adf04fe [archiso] Update README
Signed-off-by: Gerardo Exequiel Pozzi <vmlinuz386@gmail.com>
2014-08-12 20:37:12 -03:00
Lukas Fleischer
f5b84dad94 archiso_pxe_http: Fix location of airootfs.md5
Currently, when booting via HTTP, the airootfs.md5 file is downloaded to
/run/archiso/bootmnt/arch/. However, the checksum file is later assumed
to be located at "/run/archiso/bootmnt/arch/${arch}". Fix the _curl_get
invocation and directly place the file in the right directory.

Fixes a regression introduced in commit b3e1d31 ([archiso] Rework
checksum function, 2014-06-28).

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-08-12 19:32:31 -03:00
Lukas Fleischer
5a8a8c7b10 Reintroduce the possibility to force an architecture
Among other things, 36459f3 ([archiso] Drop aitab support, 2014-06-28)
removed the possibility to manually set a specific architecture by using
kernel parameters. This, however, is useful, e.g. when installing Arch
Linux on a device that reports itself as i586 but works fine with the
i686 flavor.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-08-08 13:37:30 -03:00
Gerardo Exequiel Pozzi
01773d2b86 [configs/releng] Fix /root mode
Thanks Izumi Natsuka for reporting this.

Signed-off-by: Gerardo Exequiel Pozzi <vmlinuz386@gmail.com>
2014-07-28 11:41:46 -03:00
Gerardo Exequiel Pozzi
c32457c5cf prepare release
Signed-off-by: Gerardo Exequiel Pozzi <vmlinuz386@gmail.com>
2014-07-26 17:56:03 -03:00
Gerardo Exequiel Pozzi
eea299fa19 [archiso] Remove workwaround for nls/vfat
The proper fix in now in mkinitcpio-18

Signed-off-by: Gerardo Exequiel Pozzi <vmlinuz386@gmail.com>
2014-07-26 17:26:16 -03:00
Gerardo Exequiel Pozzi
b3e1d31343 [archiso] Rework checksum function 2014-06-28 00:35:51 -03:00
Gerardo Exequiel Pozzi
4890ce0b67 [archiso] _chroot_init() remove "already runned" logic
This is done better with run_once() in build.sh
2014-06-28 00:35:51 -03:00
Gerardo Exequiel Pozzi
12286e2712 [archiso] command_install() remove "already executed" logic
This is done better with run_once() in build.sh
2014-06-28 00:35:51 -03:00