These options are not compatible with multi-threaded compression and
actually increase the image file size.
With this change, the baseline profile's EROFS image file size is
reduced from 488 MiB to 398 MiB.
On my system, the compression time is reduced from about 2m6.274s to
1m59.410s when using erofs-utils built without multi-threaded
compression and to 0m27.883s when using erofs-utils built with
multi-threaded compression.
When a download attempt fails with an HTTP error, the body of the failed
request will be written to the output file with a 0 exit status, causing the
execution of an error message as a script.
This issue is resolved by adding the --fail option to curl.
Co-authored-by: David Runge <dvzrv@archlinux.org>
Use higher compression for the initramfs.
Now that mkinitcpio moves the compressed kernel modules and firmware
files to the early uncompressed initramfs, we can compress the main
initramfs image slightly more without it increasing the built time too
much. This will increase the memory required for decompression from
9 MiB to 65 MiB (assuming the kernel's decompressor works the same as
the xz tool), but that should not be an issue for any system targeting
Arch.
This reduces the initramfs size by ~250 KiB, which will save ~500 KiB
for the whole ISO.
While using GRUB as the UEFI boot loader has reduced the size of the ISO,
it has brought nothing but pain otherwise:
* We cannot use `gfxterm` since it is not visible on some hardware.
* GRUB has a a strange and nonsensical limitation where the EFI binary
can be built with either support for shim or custom Secure Boot key
support, but not both. This means you cannot repack the ISO to use
shim + MOK since we currently use `--disable-shim-lock` to provide
support for setups with custom keys.
* GRUB's EFI binary needs to be built with `grub-mkstandalone` instead
of there being a ready made EFI binary in the package. This requires
having grub installed on the host system which affects reproducibility.
This increases the size of the ISO since systemd-boot cannot boot files
from other volumes, i.e. the kernel and initramfs is duplicated in the
EFI system partition (the second partition made from `efiboot.img`).
Implements https://gitlab.archlinux.org/archlinux/archiso/-/issues/227
The zstd tool has now been around for a while, so the availability of
it should not be a concern anymore.
Unlike gzip which was used until now, zstd offers higher compression
while still being faster (and multi-threaded).
The `--auto-threads=logical` option is used just so that there is some
difference between the releng and baseline profiles.
Everyone using the official Arch Linux bootstrap tarball (previously
`archlinux-bootstrap-YYYY.MM.DD-x86_64.tar.gz` or
`archlinux-bootstrap-x86_64.tar.gz`) will need to update their scripts
and etc. to use `archlinux-bootstrap-YYYY.MM.DD-x86_64.tar.zst` or
`archlinux-bootstrap-x86_64.tar.zst` instead.
Implements https://gitlab.archlinux.org/archlinux/archiso/-/issues/130
By default systemd-networkd-wait-online.service considers a network
connection to be "online" when it has reached the "degraded" state
(see networkctl(1) for the definitions).
Since "degraded" does not ensure there's a routable address, let's
change the connection's requirement to "routable" instead.
This gives a better chance that the network really is online when
network-online.target is reached.
Construct a human readable platform identifier from GRUB's built-in
variables and use it in menu item descriptions.
Only add the menu entries for the additional tools (UEFI shell,
Memtest86+) if the files exist.
Modify baseline's `grub.cfg` to closer match releng.
* Do not manually load modules that will get loaded by invoking a command.
* Explicitly load serial modules.
* Move `insmod all_video` after the font is loaded.
bolt can be used to list and authorize Thunderbolt and USB4 devices.
Inspired by https://bbs.archlinux.org/viewtopic.php?id=288731 where a
user needed to install the package in the live environment.
The only changes we make to the default are to enable root login via a
password.
While `PasswordAuthentication yes` is the default, let's set it
explicitly to avoid potential issues in the future.
openssh 9.4p1-2 changed /etc/ssh/sshd_config to add support for
drop-in files in /etc/ssh/sshd_config.d/.
Using drop-in files avoids needing to keep up with changes to the
default /etc/ssh/sshd_config.
Since systemd 245, IPv6PrivacyExtensions can be set not just per
connection, but also globally for all connection with a configuration
file in /etc/systemd/network.conf.d/.
Since tmpfs has a `noswap` option, use it instead of ramfs. Unlike
ramfs, tmpfs has a limit to its size.
This reverts commit 09b0428128 ("configs/releng/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount: use ramfs").
* Use LZMA extreme compression level,
* enable experimental compressed fragments feature to create a smaller image,
* enable experimental data deduplication.
This decreases the baseline profile's `airootfs.erofs` size by about ~16 MiB.
1) wait for network-online.target before invoking curl
as there's no synchronization with network setup for this script
2) don't hide curl errors - it may be easier to debug the issues
3) add log and comments
configs/{baseline,releng}/grub/grub.cfg:
Use `console` as grub's `terminal_output`, as with `gfxterm` only a blank screen is shown on some hardware.
Fixes#212
To prevent the file from being accidentally missed when someone copies
the ISO's contents, let's not place it in a directory that starts with a
dot. Since all GRUB related files are in /boot/grub/, put it there too.
Instead of using a more unique UUID for the file name, use
`YYYY-mm-dd-HH-MM-SS-00.uuid` which matches the ISO's modification date
in UTC,i.e. its "UUID". If multiple ISOs would be generated in the exact
same second, the ISO 9660 modification date (i.e. its "UUID") would be
the same, so there would be not way to distinguish between the volumes
anyway. This also makes the file look less suspicious to the casual
glance.
The `grub.cfg` embedded in the GRUB binaries already sets `ARCHISO_HINT`
and `ARCHISO_UUID` in most cases. To avoid performing the same searches
multiple times, use the existing variables.
Move memtest86+ to `/boot/memtest86+/` on ISO 9660. That directory is
not copied to netboot artifact output.
Netboot boot menu https://ipxe.archlinux.org/releng/netboot/archlinux.ipxe
does not have entries for memtest and archiso-manager removes these files
(not the EFI one, though) before uploading the release files anyway.
There are claims that some UEFI allegedly natively support NTFS.
Preload the required GRUB modules to support booting from NTFS on such
systems.
Additionally preload the exFAT and UEF modules, because, why not?
