diff --git a/.editorconfig b/.editorconfig index cbb5538..74ed4eb 100644 --- a/.editorconfig +++ b/.editorconfig @@ -16,10 +16,6 @@ charset = utf-8 indent_style = space indent_size = 4 max_line_length = 120 -# for shfmt -switch_case_indent = true -binary_next_line = true - [*.{yml,yaml}] end_of_line = lf @@ -36,6 +32,3 @@ trim_trailing_whitespace = true charset = utf-8 indent_style = space indent_size = 2 - -[Makefile] -indent_style = tab diff --git a/.gitignore b/.gitignore index 4921633..74a0a52 100644 --- a/.gitignore +++ b/.gitignore @@ -1,9 +1,7 @@ *~ -*.tar -*.tar.* +archiso-*.tar.gz* work/ out/ -codesigning* *.iso *.img *.cer @@ -12,5 +10,3 @@ codesigning* *.pem user-data meta-data -network-config -man/version.rst diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..17ac5ff --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,71 @@ +--- +# +# SPDX-License-Identifier: GPL-3.0-or-later + +stages: + - check + - build + +check: + before_script: + # NOTE: Install latest archlinux-keyring before upgrading system. In the + # future this should not be needed anymore when we can guarantee a valid + # keyring for longer: + # https://gitlab.archlinux.org/archlinux/archlinux-keyring/-/issues/4 + - pacman -Sy --needed --noconfirm archlinux-keyring + - pacman --noconfirm -Syu --needed make shellcheck + script: + - make check + stage: check + interruptible: true + +.build: + artifacts: + reports: + metrics: output/metrics.txt + before_script: + - pacman -Sy --needed --noconfirm archlinux-keyring + - pacman -Syu --needed --noconfirm arch-install-scripts bash dosfstools e2fsprogs erofs-utils gnupg grub jq libarchive libisoburn mtools openssl qemu-headless squashfs-tools zsync + script: + - ./.gitlab/ci/build_archiso.sh ${BUILD_SCRIPT_ARGS} + stage: build + tags: + - vm + +build_short: + extends: .build + parallel: + matrix: + - BUILD_SCRIPT_ARGS: baseline bootstrap + - BUILD_SCRIPT_ARGS: releng bootstrap + only: + refs: + - master + - merge_requests + changes: + - archiso/* + - configs/**/* + - Makefile + - .gitlab-ci.yml + - .gitlab/ci/* + interruptible: true + +build_long: + extends: .build + parallel: + matrix: + - BUILD_SCRIPT_ARGS: baseline iso + - BUILD_SCRIPT_ARGS: baseline netboot + - BUILD_SCRIPT_ARGS: releng iso + - BUILD_SCRIPT_ARGS: releng netboot + only: + refs: + - master + - merge_requests + changes: + - archiso/* + - configs/**/* + - Makefile + - .gitlab-ci.yml + - .gitlab/ci/* + interruptible: true diff --git a/.gitlab/ci/build_archiso.sh b/.gitlab/ci/build_archiso.sh new file mode 100755 index 0000000..5250b51 --- /dev/null +++ b/.gitlab/ci/build_archiso.sh @@ -0,0 +1,273 @@ +#!/usr/bin/env bash +# +# This script is run within a virtual environment to build the available archiso profiles and their available build +# modes and create checksum files for the resulting images. +# The script needs to be run as root and assumes $PWD to be the root of the repository. +# +# Dependencies: +# * all archiso dependencies +# * coreutils +# * gnupg +# * openssl +# * zsync +# +# $1: profile +# $2: buildmode + +set -euo pipefail +shopt -s extglob + +readonly orig_pwd="${PWD}" +readonly output="${orig_pwd}/output" +readonly tmpdir_base="${orig_pwd}/tmp" +readonly profile="${1}" +readonly buildmode="${2}" +readonly install_dir="arch" + +tmpdir="" +tmpdir="$(mktemp --dry-run --directory --tmpdir="${tmpdir_base}")" +gnupg_homedir="" +codesigning_dir="" +codesigning_cert="" +codesigning_key="" +pgp_key_id="" + +print_section_start() { + # gitlab collapsible sections start: https://docs.gitlab.com/ee/ci/jobs/#custom-collapsible-sections + local _section _title + _section="${1}" + _title="${2}" + + printf "\e[0Ksection_start:%(%s)T:%s\r\e[0K%s\n" '-1' "${_section}" "${_title}" +} + +print_section_end() { + # gitlab collapsible sections end: https://docs.gitlab.com/ee/ci/jobs/#custom-collapsible-sections + local _section + _section="${1}" + + printf "\e[0Ksection_end:%(%s)T:%s\r\e[0K\n" '-1' "${_section}" +} + +cleanup() { + # clean up temporary directories + print_section_start "cleanup" "Cleaning up temporary directory" + + if [ -n "${tmpdir_base:-}" ]; then + rm -fr "${tmpdir_base}" + fi + + print_section_end "cleanup" +} + +create_checksums() { + # create checksums for files + # $@: files + local _file_path _file_name _current_pwd + _current_pwd="${PWD}" + + print_section_start "checksums" "Creating checksums" + + for _file_path in "$@"; do + cd "$(dirname "${_file_path}")" + _file_name="$(basename "${_file_path}")" + b2sum "${_file_name}" > "${_file_name}.b2" + md5sum "${_file_name}" > "${_file_name}.md5" + sha1sum "${_file_name}" > "${_file_name}.sha1" + sha256sum "${_file_name}" > "${_file_name}.sha256" + sha512sum "${_file_name}" > "${_file_name}.sha512" + ls -lah "${_file_name}."{b2,md5,sha{1,256,512}} + cat "${_file_name}."{b2,md5,sha{1,256,512}} + done + cd "${_current_pwd}" + + print_section_end "checksums" +} + +create_zsync_delta() { + # create zsync control files for files + # $@: files + local _file + + print_section_start "zsync_delta" "Creating zsync delta" + + for _file in "$@"; do + if [[ "${buildmode}" == "bootstrap" ]]; then + # zsyncmake fails on 'too long between blocks' with default block size on bootstrap image + zsyncmake -v -b 512 -C -u "${_file##*/}" -o "${_file}".zsync "${_file}" + else + zsyncmake -v -C -u "${_file##*/}" -o "${_file}".zsync "${_file}" + fi + done + + print_section_end "zsync_delta" +} + +create_metrics() { + local _metrics="${output}/metrics.txt" + # create metrics + print_section_start "metrics" "Creating metrics" + + { + # create metrics based on buildmode + case "${buildmode}" in + iso) + printf 'image_size_mebibytes{image="%s"} %s\n' \ + "${profile}" \ + "$(du -m -- "${output}/"*.iso | cut -f1)" + printf 'package_count{image="%s"} %s\n' \ + "${profile}" \ + "$(sort -u -- "${tmpdir}/iso/"*/pkglist.*.txt | wc -l)" + if [[ -e "${tmpdir}/efiboot.img" ]]; then + printf 'eltorito_efi_image_size_mebibytes{image="%s"} %s\n' \ + "${profile}" \ + "$(du -m -- "${tmpdir}/efiboot.img" | cut -f1)" + fi + # shellcheck disable=SC2046 + # shellcheck disable=SC2183 + printf 'initramfs_size_mebibytes{image="%s",initramfs="%s"} %s\n' \ + $(du -m -- "${tmpdir}/iso/"*/boot/**/initramfs*.img | \ + awk -v profile="${profile}" \ + 'function basename(file) { + sub(".*/", "", file) + return file + } + { print profile, basename($2), $1 }' + ) + ;; + netboot) + printf 'netboot_size_mebibytes{image="%s"} %s\n' \ + "${profile}" \ + "$(du -m -- "${output}/${install_dir}/" | tail -n1 | cut -f1)" + printf 'netboot_package_count{image="%s"} %s\n' \ + "${profile}" \ + "$(sort -u -- "${tmpdir}/iso/"*/pkglist.*.txt | wc -l)" + ;; + bootstrap) + printf 'bootstrap_size_mebibytes{image="%s"} %s\n' \ + "${profile}" \ + "$(du -m -- "${output}/"*.tar*(.gz|.xz|.zst) | cut -f1)" + printf 'bootstrap_package_count{image="%s"} %s\n' \ + "${profile}" \ + "$(sort -u -- "${tmpdir}/"*/bootstrap/root.*/pkglist.*.txt | wc -l)" + ;; + esac + } > "${_metrics}" + ls -lah "${_metrics}" + cat "${_metrics}" + + print_section_end "metrics" +} + +create_ephemeral_pgp_key() { + # create an ephemeral PGP key for signing the rootfs image + print_section_start "ephemeral_pgp_key" "Creating ephemeral PGP key" + + gnupg_homedir="$tmpdir/.gnupg" + mkdir -p "${gnupg_homedir}" + chmod 700 "${gnupg_homedir}" + + cat << __EOF__ > "${gnupg_homedir}"/gpg.conf +quiet +batch +no-tty +no-permission-warning +export-options no-export-attributes,export-clean +list-options no-show-keyring +armor +no-emit-version +__EOF__ + + gpg --homedir "${gnupg_homedir}" --gen-key <> "${codesigning_conf}" + openssl req \ + -newkey rsa:4096 \ + -keyout "${codesigning_key}" \ + -nodes \ + -sha256 \ + -x509 \ + -days 365 \ + -out "${codesigning_cert}" \ + -config "${codesigning_conf}" \ + -subj "${codesigning_subj}" \ + -extensions codesigning + + print_section_end "ephemeral_codesigning_key" +} + +run_mkarchiso() { + # run mkarchiso + create_ephemeral_pgp_key + create_ephemeral_codesigning_key + + print_section_start "mkarchiso" "Running mkarchiso" + mkdir -p "${output}/" "${tmpdir}/" + GNUPGHOME="${gnupg_homedir}" ./archiso/mkarchiso \ + -D "${install_dir}" \ + -c "${codesigning_cert} ${codesigning_key}" \ + -g "${pgp_key_id}" \ + -G "${pgp_sender}" \ + -o "${output}/" \ + -w "${tmpdir}/" \ + -m "${buildmode}" \ + -v "configs/${profile}" + + print_section_end "mkarchiso" + + if [[ "${buildmode}" =~ "iso" ]]; then + create_zsync_delta "${output}/"*.iso + create_checksums "${output}/"*.iso + fi + if [[ "${buildmode}" == "bootstrap" ]]; then + create_zsync_delta "${output}/"*.tar*(.gz|.xz|.zst) + create_checksums "${output}/"*.tar*(.gz|.xz|.zst) + fi + create_metrics + + print_section_start "ownership" "Setting ownership on output" + + if [[ -n "${SUDO_UID:-}" ]] && [[ -n "${SUDO_GID:-}" ]]; then + chown -Rv "${SUDO_UID}:${SUDO_GID}" -- "${output}" + fi + print_section_end "ownership" +} + +trap cleanup EXIT + +run_mkarchiso diff --git a/.shellcheckrc b/.shellcheckrc deleted file mode 100644 index 75aca74..0000000 --- a/.shellcheckrc +++ /dev/null @@ -1,11 +0,0 @@ -# Suggest explicitly using -n in `[ $var ]` -enable=avoid-nullary-conditions - -# Suggest 'command -v' instead of 'which' -enable=deprecate-which - -# Suggest quoting variables without metacharacters -enable=quote-safe-variables - -# Require [[ and warn about [ in Bash/Ksh -enable=require-double-brackets diff --git a/AUTHORS.rst b/AUTHORS.rst index 428b35f..b03b91e 100644 --- a/AUTHORS.rst +++ b/AUTHORS.rst @@ -2,60 +2,37 @@ Archiso Authors =============== -* 2hexed <2hexed@protonmail.com> * Aaron Griffin * Adam Purkrt * Alexander Epaneshnikov -* Alexander Speshilov -* Anton Hvornum -* Antonio V * Chandan Singh * Charles Vejnar * Christian Hesse * Christopher Brannon * Dan McGee -* Darren Ng * David Runge * David Thurstenson * Dieter Plaetinck * Eli Schwartz -* Eric Toombs <567-ewtoombs@users.noreply.gitlab.archlinux.org> * Florian Pritz * Francois Dupoux * Gerardo Exequiel Pozzi * Gerhard Brauer -* Giancarlo Razzolini -* Howard Hicks * James Sitegen -* John Lane -* Jonathan Liu -* Jonathon Fernyhough * Justin Kromlinger * Keshav Amburay -* Kristian Klausen * Loui Chang * Lukas Fleischer * Martin Damian Fernandez -* Michael Gilchrist * Michael Vorburger -* Pellegrino Prevete * Pierre Schmitz * Sean Enck * Simo Leone -* Simon Wilper -* Sorin Pânca * Steffen Bönigk * Sven-Hendrik Haase * Thomas Bächler -* Tobias Powalowski -* Tom Yan * Yu Li-Yu -* Zig Globulin -* hayao -* kojq su <3145-kojqsu@users.noreply.gitlab.archlinux.org> -* mono wock * nl6720 -* plain linen -* shivanandvp -* weltio weltio * Øyvind Heggstad +* plain linen +* Pellegrino Prevete diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 17b6e51..a4ca833 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -11,359 +11,9 @@ Added Changed ------- -Deprecated ----------- - -Fixed ------ - Removed ------- - -[82] - 2024-11-27 -================= - -Fixed ------ - -- Commented out ``DownloadUser`` in ``pacman.conf`` so that the working directory is not restricted to paths to which - the ``alpm`` user has access to. - -[81] - 2024-10-28 -================= - -Fixed ------ - -- Change enabled services in baseline and releng profile to adapt to changes in ``cloud-init`` ≥ 24.3 (renamed - ``cloud-init.service`` to ``cloud-init-network.service``, introduced new ``cloud-init-main.service``). - -Removed -------- - -- Removed gnu-netcat from releng profile, as cloud-init requires openbsd-netcat and the two netcat versions can not be - installed side-by-side. - -[80] - 2024-09-26 -================= - -Added ------ - -- Support compressing the bootstrap tarball with ``xz``. - -Changed -------- - -- Use an empty UUID for the EROFS image file since the file system will never be referenced by it. -- Do not use ``mkfs.erofs`` extended options ``fragments`` and ``dedupe`` in the baseline profile. This reduces the EROFS - image size and compression time. -- Update profile ``pacman.conf`` to include the new options added to ``/etc/pacman.conf`` in pacman 7.0.0.r3.g7736133-1. - -Fixed ------ - -- Show the correct image file name, including the extension, when building a bootstrap image. - -Removed -------- - -- Removed reiserfsprogs from packages (EOL) - -[79] - 2024-07-25 -================= - -Fixed ------ - -- When downloading an automation script fail with non-zero status code instead of returning an HTML document when the - remote HTTP server fails to deliver the document. - -Removed -------- - -- Remove unneeded workaround for e2fsprogs < 1.47.1. - -[78] - 2024-05-23 -================= - -Changed -------- - -- Moved the ``pkglist.x86_64.txt`` file outside the bootstrap tarball's ``root.x86_64`` directly to avoid polluting the - root file system. -- Use 4 MiB OVMF files in ``run_archiso`` instead of the old 2 MiB ones. -- Increase the additional free space of the EFI partition size from 1 MiB to 8 MiB to account for file system overhead - when using FAT32 (needs less than 1 MiB) and to give more space for adding custom files when repacking an ISO (e.g. - when preparing it for Secure Boot). -- Remove 300 KiB padding needed for CDs if the ISO exceeds the maximum size of a CD. -- Use ``xz -9e`` as the releng profile's initramfs compression. Now that mkinitcpio does not decompress the loadable - kernel modules and firmware files anymore and moves them to the early uncompressed initramfs, we can compress the main - initramfs image with a higher compression without it having much impact on the ISO build time. -- Format the EFI system partition image as FAT32 if the size allows it (i.e. if it is at least 36 MiB). - -Fixed ------ - -- Look for microcode update files in the initramfs images when checking if external microcode images are needed. The - existence of a ``early_cpio`` file is not enough since mkinitcpio can and will place other files in the early - uncompressed CPIO even when the ``microcode`` hook is not used. - -Removed -------- - -- Remove the wezterm-terminfo package from the releng profile as the relevant file is now provided by the ncurses - package instead. - -[77] - 2024-04-21 -================= - -Added ------ - -- Copy Memtest86+ EFI binary to the EFI system partition and ISO 9660 for ``uefi-x86.systemd-boot`` boot modes. - Additionally, create a boot entry with it for the releng profile. - -Changed -------- - -- Change releng profile's bootstrap tarball compression from gzip to zstd. zstd provides higher and faster compression. -- Use mkinitcpio's ``microcode`` hook instead of external microcode images to simplify boot loader configuration. - Custom PXE setups will need to update their boot loader configuration. -- Replace ``archisodevice`` boot parameter with ``archisosearchuuid`` in all boot loader configuration. This allows to - have "file system transposition" without relaying on GRUB-specific features. -- Replace GRUB with systemd-boot as the UEFI boot loader for the releng profile. While this increases the ISO size, it - avoids all GRUB-specific annoyances and oddities. - -Fixed ------ - -- Fix requirement validation logic for the ``uefi-ia32.systemd-boot.eltorito`` boot mode. It incorrectly applied the - same requirements as ``uefi-x64.systemd-boot.esp``. - -[76] - 2024-03-30 -================= - -Added ------ - -- Add a man page for ``mkarchiso``. -- Implement configurable bootstrap tarball compression. It is configured in ``profiledef.sh`` using a bash array called - ``bootstrap_tarball_compression``. baseline tarball now uses zstd compression while releng remains with gzip for now. - -Changed -------- - -- Move ``/boot/grub/YYYY-mm-dd-HH-MM-SS-00.uuid`` to ``/boot/YYYY-mm-dd-HH-MM-SS-00.uuid`` and always create the file. - Once mkinitcpio-archiso implements searching for the file in early userspace, this file's use will not be limited to - just GRUB. -- Skip including external microcode images in build artifacts if the initramfs file contains ``early_cpio`` (indicating - an early uncompressed CPIO archive which should have the microcode update files). - -Removed -------- - -- Remove workaround for glibc < 2.39. ``LC_ALL=C.UTF-8`` now overrides ``LANGUAGE``, just like ``LC_ALL=C``. - -[75] - 2024-01-24 -================= - -Added ------ - -- Explicitly add ldns to releng (as opposed to it only being pulled in as a dependency of another package) to ensure - ``drill`` remains available. - -Changed -------- - -- Update the releng ISO description to "Arch Linux Live/Rescue DVD" since the ISO size now exceeds the maximum size of - a CD (900 MiB). - -Fixed ------ - -- Update the location where ``mkarchiso`` looks for the memtest86+ license file. - -[74] - 2023-12-21 -================= - -Added ------ - -- Add bcachefs-tools to releng for access to bcachefs userspace tools. -- Add tftp as a valid protocol for downloading automated boot script. - -Changed -------- - -- Set ``RequiredForOnline=routable`` in systemd-networkd configuration files to improve the chances that the network - really is *online* when ``network-online.target`` is reached. - -Fixed ------ - -- Add missing replacement for the UUID variable in systemd-boot configuration files on ISO 9660. - -[73] - 2023-09-29 -================= - -Added ------ - -- Add bolt to releng for authorizing and otherwise managing Thunderbolt and USB4 devices. -- Add ``uefi-ia32.systemd-boot.esp`` and ``uefi-ia32.systemd-boot.eltorito`` boot modes that use systemd-boot for IA32 - UEFI. The boot modes of baseline and releng are not changed. -- Add GRUB configuration file ``/boot/grub/loopback.cfg`` to the releng and baseline profiles. It sets the necessary - boot parameters required for booting the ISO image as a file on a file system. - -Fixed ------ - -- Add ``/etc/localtime`` to the baseline profile to ensure the ISO can be booted successfully without triggering - questions from systemd-firstboot. - -[72] - 2023-08-29 -================= - -Added ------ - -- Add tpm2-tools to releng to allow clearing, creating and reading keys on the TPM. -- Add sequoia-sq and openpgp-card-tools as additional tooling for working with OpenPGP certificates and smartcards. - -Changed -------- - -- Moved custom ``mkinitcpio.conf`` files to ``/etc/mkinitcpio.conf.d/archiso.conf``. -- Mount ``/etc/pacman.d/gnupg`` on tmpfs with option ``noswap`` instead of using ramfs. This ensures there is a limit to - the file system size. -- Enable systemd-networkd's support for IPv6 Privacy Extensions globally instead of per-connection. -- Moved custom ``sshd_config`` files to ``/ssh/sshd_config.d/10-archiso.conf`` -- Use pcsclite for interfacing with smartcards, since both gnupg and opgpcard support it. - -Fixed ------ - -- Sign the root file system image only once. -- Make sure xorriso does not read its configuration files to prevent interference and unintended behavior. - -[71] - 2023-05-28 -================= - -Added ------ - -- Added classes for Memtest86+ and UEFI Shell menuentries. -- Add foot-terminfo and wezterm-terminfo packages to releng to support terminal emulators using them. E.g. when - installing via SSH. -- Add a new ``-r`` option to ``mkarchiso`` that deletes the working directly after the build. -- Add support for mDNS announce and resolve. - -Changed -------- - -- Increase EROFS compression for the baseline profile by using an extreme LZMA compression level and enabling the - experimental compressed fragments and data deduplication features. -- Identify the ISO volume via a UUID instead of a file system label in all boot loader configuration files. -- Update ``pacman.conf`` to match the one shipped with pacman 6.0.2-7 which removes the community repository. - -Fixed ------ - -- Wait for ``network-online.target`` to become active before trying to download the script passed via the ``script=`` - boot parameter. -- Subdirectories from ``grub/`` are copied to the ISO. -- Modify the commandline options to a ``cp`` command in ``mkarchiso`` so that the entire script does not exit with - failure when a custom ``.bashrc`` file is supplied with the archiso configuration. This fix was needed after - **GNU Coreutils** recently changed the behaviour of the ``-n`` (or ``--no-clobber``) commandline option to the ``cp`` - command. -- Ensure ``SOURCE_DATE_EPOCH`` is read from the ``build_date`` file before ``profiledef.sh`` is sourced to ensure the - variable has a correct value when used inside ``profiledef.sh``. - -[70] - 2023-02-27 -================= - -Added ------ - -- Support *file system transposition* to simplify boot medium preparation for UEFI boot via extracting the ISO image - contents to a drive. ``grub.cfg`` does not hardcode the ISO volume label anymore, instead GRUB will search for volume - with a ``/boot/grub/YYYY-mm-dd-HH-MM-SS-00.uuid`` file on it. -- Preload GRUB's NTFS modules for UEFI that allegedly have native NTFS support. GRUB's exFAT and UDF modules are also - preloaded in case someone finds them useful. - -Changed -------- - -- Identify the ISO volume via a UUID instead of a file system label to avoid collisions of multiple ISOs created in the - same month. -- Honor ``SOURCE_DATE_EPOCH`` in the ``date`` command used by ``profiledef.sh`` of the shipped profiles. -- Do not duplicate ``grub.cfg`` in both ISO 9660 and the EFI system partition / El Torito image. GRUB will search for - the ISO volume and load the ``grub.cfg`` from there. -- Moved GRUB files on ISO 9660 from ``/EFI/BOOT/`` to a boot-platform neutral place ``/boot/grub/``. This does not apply - to the EFI binaries that remain in the default/fallback boot path. -- Move ``grubenv`` to ``/boot/grub/grubenv`` on ISO 9660 so that it is together with the rest of GRUB-specific files. - Additionally write more variables in it. The previous ``/${install_dir}/grubenv`` (``/arch/grubenv`` for releng) - is deprecated and a future archiso release will not create this file anymore. -- Moved syslinux directory from ``/syslinux/`` to ``/boot/syslinux/`` to keep most boot loader files in ``/boot/``. -- Update ``README.transfer`` documentation and convert it to reStructuredText. -- Use ``console`` as grub's ``terminal_output``, as ``gfxterm`` leads to a blank screen on some hardware. - -Removed -------- - -- Do not place memtest86+ in netboot artifacts. - -[69] - 2022-12-24 -================= - -Added ------ - -- Add Memtest86+ to x86_64 UEFI GRUB boot menu. - -Changed -------- - -- Check if the GPG public key file was successfully placed in the work directory before trying to use it. -- Open the file descriptors for code signing certificates and GPG public key as read only. Nothing from the within the - ``pacstrap`` invoked chroot should ever be allowed to write outside of it. -- Error out early if any of the code signing certificate files passed with option ``-c`` do not exist. -- Use LZMA compressed EROFS image for the baseline profile. Now that xz 5.4 is out and erofs-utils is built with LZMA - support, using a higher compression is possible. -- Add ``/etc/machine-id`` with special value ``uninitialized``. The final id is generated at boot time, and systemd's - first-boot mechanim (see ``First Boot Semantics`` in ``machine-id(5)``) applies. No functional change unless that - ``ConditionFirstBoot=yes`` is true and passive unit ``first-boot-complete.target`` activates for ordering. - -[68] - 2022-10-30 -================= - -Changed -------- - -- Do not explicitly enable ``qemu-guest-agent.service`` as it will be started by a udev rule. -- Remove existing signature (``.sig``) files and do not sign them when signing netboot artifacts. This is mostly - applicable when re-running ``mkarchiso`` after a failure. -- Replace ``archiso_kms`` with ``kms`` in ``mkinitcpio.conf``. The hook is available in mkinitcpio since version 32. - -[67] - 2022-09-25 -================= - -Added ------ - -- The ability to generate rootfs signatures using openssl CMS module if ``-c`` is given. - -Changed -------- - -- Order ``pacman-init.service`` before ``archlinux-keyring-wkd-sync.service`` since - ``archlinux-keyring-wkd-sync.service`` needs an initialized pacman keyring. -- Order ``pacman-init.service`` after ``time-sync.target`` since ``pacman-init.service`` may otherwise create local - signatures that are not valid on target systems after installation. - [66] - 2022-08-28 ================= @@ -403,8 +53,6 @@ Removed - Remove the custom pacman hook that ran ``locale-gen`` on glibc install from the releng profile. The used locale now ships with the glibc package itself. -- Remove "Copy to RAM" boot entries since the ``archiso`` mkinitcpio hook enables it automatically when there is enough - free RAM. [64] - 2022-05-30 ================= @@ -543,7 +191,7 @@ Removed ------- - Remove all files related to ``mkinitcpio`` integration, as they now live in - https://gitlab.archlinux.org/archlinux/mkinitcpio/mkinitcpio-archiso + https://gitlab.archlinux.org/mkinitcpio/mkinitcpio-archiso [57] - 2021-07-30 ================= diff --git a/Makefile b/Makefile index 1a6bf6f..c4ceb2f 100644 --- a/Makefile +++ b/Makefile @@ -4,13 +4,11 @@ PREFIX ?= /usr/local BIN_DIR=$(DESTDIR)$(PREFIX)/bin DOC_DIR=$(DESTDIR)$(PREFIX)/share/doc/archiso -MAN_DIR?=$(DESTDIR)$(PREFIX)/share/man PROFILE_DIR=$(DESTDIR)$(PREFIX)/share/archiso DOC_FILES=$(wildcard docs/*) $(wildcard *.rst) SCRIPT_FILES=$(wildcard archiso/*) $(wildcard scripts/*.sh) $(wildcard .gitlab/ci/*.sh) \ $(wildcard configs/*/profiledef.sh) $(wildcard configs/*/airootfs/usr/local/bin/*) -VERSION?=$(shell git describe --long --abbrev=7 | sed 's/^v//;s/\([^-]*-g\)/r\1/;s/-/./g;s/\.r0\.g.*//') all: @@ -19,7 +17,7 @@ check: shellcheck shellcheck: shellcheck -s bash $(SCRIPT_FILES) -install: install-scripts install-profiles install-doc install-man +install: install-scripts install-profiles install-doc install-scripts: install -vDm 755 archiso/mkarchiso -t "$(BIN_DIR)/" @@ -32,9 +30,4 @@ install-profiles: install-doc: install -vDm 644 $(DOC_FILES) -t $(DOC_DIR) -install-man: - @printf '.. |version| replace:: %s\n' '$(VERSION)' > man/version.rst - install -d -m 755 $(MAN_DIR)/man1 - rst2man man/mkarchiso.1.rst $(MAN_DIR)/man1/mkarchiso.1 - -.PHONY: check install install-doc install-man install-profiles install-scripts shellcheck +.PHONY: check install install-doc install-profiles install-scripts shellcheck diff --git a/README.rst b/README.rst index cf91628..6ac7434 100644 --- a/README.rst +++ b/README.rst @@ -3,7 +3,7 @@ archiso ======= The archiso project features scripts and configuration templates to build installation media (*.iso* images and -*.tar bootstrap images) as well as netboot artifacts for BIOS and UEFI based systems on the x86_64 architecture. +*.tar.gz* bootstrap images) as well as netboot artifacts for BIOS and UEFI based systems on the x86_64 architecture. Currently creating the images is only supported on Arch Linux but may work on other operating systems as well. Requirements @@ -36,10 +36,6 @@ For linting the shell scripts the following package is required: * shellcheck -For generating the man pages: - -* python-docutils - Profiles ======== @@ -133,7 +129,7 @@ boot the iso image from GRUB with a version specific cow directory to mitigate o .. code:: sh loopback loop archlinux.iso - load_env -f (loop)/boot/grub/grubenv + load_env -f (loop)/arch/grubenv linux (loop)/arch/boot/x86_64/vmlinuz-linux ... \ cow_directory=${NAME}/${VERSION} ... initrd (loop)/arch/boot/x86_64/initramfs-linux-lts.img @@ -143,14 +139,14 @@ Contribute Development of archiso takes place on Arch Linux' Gitlab: https://gitlab.archlinux.org/archlinux/archiso. -Please read our distribution-wide `Code of Conduct `_ before +Please read our distribution-wide `Code of Conduct `_ before contributing, to understand what actions will and will not be tolerated. Read our `contributing guide `_ to learn more about how to provide fixes or improvements for the code base. Discussion around archiso takes place on the `arch-releng mailing list -`_ and in `#archlinux-releng +`_ and in `#archlinux-releng `_ on `Libera Chat `_. All past and present authors of archiso are listed in `AUTHORS `_. @@ -160,7 +156,7 @@ Releases `Releases of archiso `_ are created by their current maintainers -- `David Runge `_ (``991F6E3F0765CF6295888586139B09DA5BF0D338``) +- `David Runge `_ (``C7E7849466FE2358343588377258734B41C31549``) - `nl6720 `_ (``BB8E6F1B81CF0BB301D74D1CBF425A01E68B38EF``) Tags are signed using respective PGP keys. diff --git a/archiso/mkarchiso b/archiso/mkarchiso index ed8b28c..5f0c79b 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -8,6 +8,11 @@ shopt -s extglob # Control the environment umask 0022 export LC_ALL="C.UTF-8" +if [[ -v LANGUAGE ]]; then + # LC_ALL=C.UTF-8, unlike LC_ALL=C, does not override LANGUAGE. + # See https://sourceware.org/bugzilla/show_bug.cgi?id=16621 and https://savannah.gnu.org/bugs/?62815 + unset LANGUAGE +fi [[ -v SOURCE_DATE_EPOCH ]] || printf -v SOURCE_DATE_EPOCH '%(%s)T' -1 export SOURCE_DATE_EPOCH @@ -24,7 +29,6 @@ gpg_key="" gpg_sender="" iso_name="" iso_label="" -iso_uuid="" iso_publisher="" iso_application="" iso_version="" @@ -33,22 +37,18 @@ arch="" pacman_conf="" packages="" bootstrap_packages="" -bootstrap_parent="" pacstrap_dir="" -search_filename="" -declare -i rm_work_dir=0 buildmodes=() bootmodes=() airootfs_image_type="" airootfs_image_tool_options=() -bootstrap_tarball_compression="" cert_list=() +sign_netboot_artifacts="" declare -A file_permissions=() efibootimg="" efiboot_files=() # adapted from GRUB_EARLY_INITRD_LINUX_STOCK in https://git.savannah.gnu.org/cgit/grub.git/tree/util/grub-mkconfig.in readonly ucodes=('intel-uc.img' 'intel-ucode.img' 'amd-uc.img' 'amd-ucode.img' 'early_ucode.cpio' 'microcode.cpio') -declare -i need_external_ucodes=0 # Show an INFO message @@ -87,18 +87,17 @@ usage: ${app_name} [options] Default: '${iso_application}' -C pacman configuration file. Default: '${pacman_conf}' - -D Set an install_dir. All files will be located here. + -D Set an install_dir. All files will by located here. Default: '${install_dir}' NOTE: Max 8 characters, use only [a-z0-9] -L