From ced3d3ffa384600012618612c98476a231f5fb89 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Sun, 7 Aug 2022 15:59:52 +0300 Subject: [PATCH 001/145] Order pacman-init.service before archlinux-keyring-wkd-sync.service archlinux-keyring-wkd-sync.service needs an initialized pacman keyring to work. Add BindsTo=etc-pacman.d-gnupg.mount to stop pacman-init.service if the mount unit suddenly enters inactive state. --- CHANGELOG.rst | 3 +++ configs/releng/airootfs/etc/systemd/system/pacman-init.service | 2 ++ 2 files changed, 5 insertions(+) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index a4ca833..5766eb2 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -11,6 +11,9 @@ Added Changed ------- +- Order ``pacman-init.service`` before ``archlinux-keyring-wkd-sync.service`` since + ``archlinux-keyring-wkd-sync.service`` needs an initialized pacman keyring. + Removed ------- diff --git a/configs/releng/airootfs/etc/systemd/system/pacman-init.service b/configs/releng/airootfs/etc/systemd/system/pacman-init.service index b18f7f8..9ad2e69 100644 --- a/configs/releng/airootfs/etc/systemd/system/pacman-init.service +++ b/configs/releng/airootfs/etc/systemd/system/pacman-init.service @@ -2,6 +2,8 @@ Description=Initializes Pacman keyring Requires=etc-pacman.d-gnupg.mount After=etc-pacman.d-gnupg.mount +BindsTo=etc-pacman.d-gnupg.mount +Before=archlinux-keyring-wkd-sync.service [Service] Type=oneshot From de8923f8b22088ef5410b0e257b2dedc18f2b2aa Mon Sep 17 00:00:00 2001 From: nl6720 Date: Wed, 31 Aug 2022 15:53:23 +0300 Subject: [PATCH 002/145] Remove pacman-init.service from releng pacman-init.service causes more problems than it's worth. Due to archlinux-keyring bloat, it takes too long to finish making it possible to corrupt the keyring if pacman or pacstrap is used before pacman-init.service is done. If the timezone is in UTC+X, gpg as run by pacman-key will create and sign the keys with a future timestamp causing issues when updating the pacman keyring. The solutions were to either: * Automate more. Enable systemd-timesyncd.service and systemd-time-wait-sync.service. Order pacman-init.service after time-sync.target. * Automate less. Get rid of pacman-init.service entirely. "Automating more" just means more automagic that makes the releng profile differ from a newly installed system. Which in turn gives false expectations for those installing Arch. This change will require that users manually initialize the pacman keyring and populate the keys in the live environment. I.e. these commands will now need to be run manually: # pacman-key --init # pacman-key --populate Alternatively, using the latest Arch Linux keyring from the repos: # pacman-key --init # pacman -Sy archlinux-keyring Regardless of the chosen commands, they should be run after the system time is synced via NTP. Fixes #190 Fixes #191 --- .../multi-user.target.wants/pacman-init.service | 1 - .../airootfs/etc/systemd/system/pacman-init.service | 13 ------------- 2 files changed, 14 deletions(-) delete mode 120000 configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/pacman-init.service delete mode 100644 configs/releng/airootfs/etc/systemd/system/pacman-init.service diff --git a/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/pacman-init.service b/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/pacman-init.service deleted file mode 120000 index d09eec6..0000000 --- a/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/pacman-init.service +++ /dev/null @@ -1 +0,0 @@ -../pacman-init.service \ No newline at end of file diff --git a/configs/releng/airootfs/etc/systemd/system/pacman-init.service b/configs/releng/airootfs/etc/systemd/system/pacman-init.service deleted file mode 100644 index b18f7f8..0000000 --- a/configs/releng/airootfs/etc/systemd/system/pacman-init.service +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=Initializes Pacman keyring -Requires=etc-pacman.d-gnupg.mount -After=etc-pacman.d-gnupg.mount - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=/usr/bin/pacman-key --init -ExecStart=/usr/bin/pacman-key --populate - -[Install] -WantedBy=multi-user.target From 4d64a58a905403b3abfca5077dcd924ef7901ba7 Mon Sep 17 00:00:00 2001 From: Tobias Powalowski Date: Thu, 22 Sep 2022 11:01:03 +0200 Subject: [PATCH 003/145] remove ipw2100-fw and ipw2200-fw, cleanup of [core] --- configs/releng/packages.x86_64 | 2 -- 1 file changed, 2 deletions(-) diff --git a/configs/releng/packages.x86_64 b/configs/releng/packages.x86_64 index 8a0c80d..02ef538 100644 --- a/configs/releng/packages.x86_64 +++ b/configs/releng/packages.x86_64 @@ -38,8 +38,6 @@ grub hdparm hyperv intel-ucode -ipw2100-fw -ipw2200-fw irssi iw iwd From 69b22dc41f8b367fa2d49af6331699bb2dcda4f8 Mon Sep 17 00:00:00 2001 From: David Runge Date: Sun, 25 Sep 2022 15:36:18 +0200 Subject: [PATCH 004/145] Enable systemd-timesyncd and systemd-time-wait-sync configs/releng/airootfs/etc/systemd/system/{dbus-org.freedesktop.timesync1},sysinit.target.wants/systemd-timesyncd}.service: Enable systemd-timesyncd which aliases to dbus-org.freedesktop.timesync1 to ensure time gets synced on the host. configs/releng/airootfs/etc/systemd/system/sysinit.target.wants/systemd-time-wait-sync.service: Enable systemd-time-wait-sync to ensure time is finished syncing when time-sync.target is finished. --- .../etc/systemd/system/dbus-org.freedesktop.timesync1.service | 1 + .../system/sysinit.target.wants/systemd-time-wait-sync.service | 1 + .../system/sysinit.target.wants/systemd-timesyncd.service | 1 + 3 files changed, 3 insertions(+) create mode 120000 configs/releng/airootfs/etc/systemd/system/dbus-org.freedesktop.timesync1.service create mode 120000 configs/releng/airootfs/etc/systemd/system/sysinit.target.wants/systemd-time-wait-sync.service create mode 120000 configs/releng/airootfs/etc/systemd/system/sysinit.target.wants/systemd-timesyncd.service diff --git a/configs/releng/airootfs/etc/systemd/system/dbus-org.freedesktop.timesync1.service b/configs/releng/airootfs/etc/systemd/system/dbus-org.freedesktop.timesync1.service new file mode 120000 index 0000000..cd00411 --- /dev/null +++ b/configs/releng/airootfs/etc/systemd/system/dbus-org.freedesktop.timesync1.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/systemd-timesyncd.service \ No newline at end of file diff --git a/configs/releng/airootfs/etc/systemd/system/sysinit.target.wants/systemd-time-wait-sync.service b/configs/releng/airootfs/etc/systemd/system/sysinit.target.wants/systemd-time-wait-sync.service new file mode 120000 index 0000000..cabf28b --- /dev/null +++ b/configs/releng/airootfs/etc/systemd/system/sysinit.target.wants/systemd-time-wait-sync.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/systemd-time-wait-sync.service \ No newline at end of file diff --git a/configs/releng/airootfs/etc/systemd/system/sysinit.target.wants/systemd-timesyncd.service b/configs/releng/airootfs/etc/systemd/system/sysinit.target.wants/systemd-timesyncd.service new file mode 120000 index 0000000..cd00411 --- /dev/null +++ b/configs/releng/airootfs/etc/systemd/system/sysinit.target.wants/systemd-timesyncd.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/systemd-timesyncd.service \ No newline at end of file From 3f55c95613ac55f765d1767c2878043a67e803f6 Mon Sep 17 00:00:00 2001 From: David Runge Date: Sun, 25 Sep 2022 15:39:28 +0200 Subject: [PATCH 005/145] Order pacman-init.service after time-sync.target configs/releng/airootfs/etc/systemd/system/pacman-init.service: Order pacman-init.service after time-sync.target, so that time on the host is synchronized before initializing pacman. --- configs/releng/airootfs/etc/systemd/system/pacman-init.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configs/releng/airootfs/etc/systemd/system/pacman-init.service b/configs/releng/airootfs/etc/systemd/system/pacman-init.service index 9ad2e69..b824884 100644 --- a/configs/releng/airootfs/etc/systemd/system/pacman-init.service +++ b/configs/releng/airootfs/etc/systemd/system/pacman-init.service @@ -1,7 +1,7 @@ [Unit] Description=Initializes Pacman keyring Requires=etc-pacman.d-gnupg.mount -After=etc-pacman.d-gnupg.mount +After=etc-pacman.d-gnupg.mount time-sync.target BindsTo=etc-pacman.d-gnupg.mount Before=archlinux-keyring-wkd-sync.service From 5f135b4342eb8306bce917bc9f3095fc38985c4c Mon Sep 17 00:00:00 2001 From: David Runge Date: Sun, 25 Sep 2022 15:43:41 +0200 Subject: [PATCH 006/145] Add changelog entry for ordering pacman-init after time-sync.target CHANGELOG.rst: Add changelog entry for ordering pacman-init after time-sync.target --- CHANGELOG.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 5766eb2..687b413 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -13,6 +13,8 @@ Changed - Order ``pacman-init.service`` before ``archlinux-keyring-wkd-sync.service`` since ``archlinux-keyring-wkd-sync.service`` needs an initialized pacman keyring. +- Order ``pacman-init.service`` after ``time-sync.target`` since ``pacman-init.service`` may otherwise create local + signatures that are not valid on target systems after installation. Removed ------- From 326cfed7cc59af487cdae1d1a75e1e3a8f84cb67 Mon Sep 17 00:00:00 2001 From: Anton Hvornum Date: Wed, 18 May 2022 16:42:28 +0200 Subject: [PATCH 007/145] Add the ability to generate rootfs signatures using openssl CMS module if ``-c`` is given. (gitlab ci) Added a CA structure to the codesigning certificates. This to test the functionality of optional CA being in the signing message. (mkarchiso) Removed the ``sign_netboot_artifacts`` variable and instead we'll now rely on ``if [[ -v cert_list ]]; then``. Added ``ARCHISO_TLS_FD`` and ``ARCHISO_TLSCA_FD`` environment variables to override the certificates used. This is so that third party CA's can be used during building in a meaningful way without distrupting the CA trust that is shipped by default. _cms_sign_artifact() was added which signs the rootfs using OpenSSL CMS. The files will be saved as "${artifact}.cms.sig". That would be for instance "${isofs_dir}/${install_dir}/${arch}/airootfs.sfs.cms.sig". --- .gitlab/ci/build_archiso.sh | 80 +++++++++++++++++++--- AUTHORS.rst | 1 + CHANGELOG.rst | 2 + archiso/mkarchiso | 130 +++++++++++++++++++++++++----------- 4 files changed, 165 insertions(+), 48 deletions(-) diff --git a/.gitlab/ci/build_archiso.sh b/.gitlab/ci/build_archiso.sh index 5250b51..104792a 100755 --- a/.gitlab/ci/build_archiso.sh +++ b/.gitlab/ci/build_archiso.sh @@ -30,6 +30,8 @@ gnupg_homedir="" codesigning_dir="" codesigning_cert="" codesigning_key="" +ca_cert="" +ca_key="" pgp_key_id="" print_section_start() { @@ -204,43 +206,103 @@ EOF print_section_end "ephemeral_pgp_key" } -create_ephemeral_codesigning_key() { +create_ephemeral_codesigning_keys() { # create ephemeral certificates used for codesigning - print_section_start "ephemeral_codesigning_key" "Creating ephemeral codesigning key" + print_section_start "ephemeral_codesigning_key" "Creating ephemeral codesigning keys" + # The exact steps in creating a CA with Codesigning being signed was taken from + # https://jamielinux.com/docs/openssl-certificate-authority/introduction.html + # (slight modifications to the process to not disturb default values of /etc/ssl/openssl.cnf) + codesigning_dir="${tmpdir}/.codesigning/" - local codesigning_conf="${codesigning_dir}/openssl.cnf" + local ca_dir="${codesigning_dir}/ca/" + + local ca_conf="${ca_dir}/certificate_authority.cnf" + local ca_subj="/C=DE/ST=Berlin/L=Berlin/O=Arch Linux/OU=Release Engineering/CN=archlinux.org" + ca_cert="${ca_dir}/cacert.pem" + ca_key="${ca_dir}/private/cakey.pem" + + local codesigning_conf="${codesigning_dir}/code_signing.cnf" local codesigning_subj="/C=DE/ST=Berlin/L=Berlin/O=Arch Linux/OU=Release Engineering/CN=archlinux.org" codesigning_cert="${codesigning_dir}/codesign.crt" codesigning_key="${codesigning_dir}/codesign.key" + + mkdir -p "${ca_dir}/"{private,newcerts,crl} mkdir -p "${codesigning_dir}" cp -- /etc/ssl/openssl.cnf "${codesigning_conf}" - printf "\n[codesigning]\nkeyUsage=digitalSignature\nextendedKeyUsage=codeSigning\n" >> "${codesigning_conf}" + cp -- /etc/ssl/openssl.cnf "${ca_conf}" + touch "${ca_dir}/index.txt" + echo "1000" > "${ca_dir}/serial" + + # Prepare the ca configuration for the change in directory + sed -i "s#/etc/ssl#${ca_dir}#g" "${ca_conf}" + + # Create the Certificate Authority + openssl req \ + -newkey rsa:4096 \ + -sha256 \ + -nodes \ + -x509 \ + -new \ + -sha256 \ + -keyout "${ca_key}" \ + -config "${ca_conf}" \ + -subj "${ca_subj}" \ + -out "${ca_cert}" + + cat << EOF >> "${ca_conf}" + +[ v3_intermediate_ca ] +# Extensions for a typical intermediate CA ('man x509v3_config'). +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical, CA:true, pathlen:0 +keyUsage = critical, digitalSignature, cRLSign, keyCertSign + +EOF + + cat << EOF >> "${codesigning_conf}" + +[codesigning] +keyUsage=digitalSignature +extendedKeyUsage=codeSigning, clientAuth, emailProtection + +EOF + openssl req \ -newkey rsa:4096 \ -keyout "${codesigning_key}" \ -nodes \ -sha256 \ - -x509 \ - -days 365 \ - -out "${codesigning_cert}" \ + -out "${codesigning_cert}.csr" \ -config "${codesigning_conf}" \ -subj "${codesigning_subj}" \ -extensions codesigning + # Sign the code signing certificate with the CA + openssl ca \ + -batch \ + -config "${ca_conf}" \ + -extensions v3_intermediate_ca \ + -days 3650 \ + -notext \ + -md sha256 \ + -in "${codesigning_cert}.csr" \ + -out "${codesigning_cert}" + print_section_end "ephemeral_codesigning_key" } run_mkarchiso() { # run mkarchiso create_ephemeral_pgp_key - create_ephemeral_codesigning_key + create_ephemeral_codesigning_keys print_section_start "mkarchiso" "Running mkarchiso" mkdir -p "${output}/" "${tmpdir}/" GNUPGHOME="${gnupg_homedir}" ./archiso/mkarchiso \ -D "${install_dir}" \ - -c "${codesigning_cert} ${codesigning_key}" \ + -c "${codesigning_cert} ${codesigning_key} ${ca_cert}" \ -g "${pgp_key_id}" \ -G "${pgp_sender}" \ -o "${output}/" \ diff --git a/AUTHORS.rst b/AUTHORS.rst index b03b91e..18207eb 100644 --- a/AUTHORS.rst +++ b/AUTHORS.rst @@ -36,3 +36,4 @@ Archiso Authors * Øyvind Heggstad * plain linen * Pellegrino Prevete +* Anton Hvornum diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 687b413..1d9eeea 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -8,6 +8,8 @@ Changelog Added ----- +- The ability to generate rootfs signatures using openssl CMS module if ``-c`` is given. + Changed ------- diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 5f0c79b..2fbbf66 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -43,7 +43,6 @@ bootmodes=() airootfs_image_type="" airootfs_image_tool_options=() cert_list=() -sign_netboot_artifacts="" declare -A file_permissions=() efibootimg="" efiboot_files=() @@ -94,10 +93,11 @@ usage: ${app_name} [options] Default: '${iso_label}' -P Set the ISO publisher Default: '${iso_publisher}' - -c [cert ..] Provide certificates for codesigning of netboot artifacts + -c [cert ..] Provide certificates for codesigning of netboot artifacts as + well as the rootfs artifact. Multiple files are provided as quoted, space delimited list. The first file is considered as the signing certificate, - the second as the key. + the second as the key and the third as the optional certificate authority. -g Set the PGP key ID to be used for signing the rootfs image. Passed to gpg as the value for --default-key -G Set the PGP signer (must include an email address) @@ -250,14 +250,11 @@ _mkchecksum() { } # GPG sign the root file system image. -_mksignature() { - local airootfs_image_filename gpg_options=() - _msg_info "Signing rootfs image..." - if [[ -e "${isofs_dir}/${install_dir}/${arch}/airootfs.sfs" ]]; then - airootfs_image_filename="${isofs_dir}/${install_dir}/${arch}/airootfs.sfs" - elif [[ -e "${isofs_dir}/${install_dir}/${arch}/airootfs.erofs" ]]; then - airootfs_image_filename="${isofs_dir}/${install_dir}/${arch}/airootfs.erofs" - fi +_mk_pgp_signature() { + local gpg_options=() + local airootfs_image_filename="${1}" + _msg_info "Signing rootfs image using GPG..." + rm -f -- "${airootfs_image_filename}.sig" # Add gpg sender option if the value is provided [[ -z "${gpg_sender}" ]] || gpg_options+=('--sender' "${gpg_sender}") @@ -342,6 +339,15 @@ _make_packages() { exec {ARCHISO_GNUPG_FD}<>"${work_dir}/pubkey.gpg" export ARCHISO_GNUPG_FD fi + if [[ -v cert_list[0] ]]; then + exec {ARCHISO_TLS_FD}<>"${cert_list[0]}" + export ARCHISO_TLS_FD + fi + if [[ -v cert_list[2] ]]; then + exec {ARCHISO_TLSCA_FD}<>"${cert_list[2]}" + export ARCHISO_TLSCA_FD + fi + # Unset TMPDIR to work around https://bugs.archlinux.org/task/70580 if [[ "${quiet}" = "y" ]]; then @@ -350,6 +356,14 @@ _make_packages() { env -u TMPDIR pacstrap -C "${work_dir}/${buildmode}.pacman.conf" -c -G -M -- "${pacstrap_dir}" "${buildmode_pkg_list[@]}" fi + if [[ -v cert_list[0] ]]; then + exec {ARCHISO_TLS_FD}<&- + unset ARCHISO_TLS_FD + fi + if [[ -v cert_list[2] ]]; then + exec {ARCHISO_TLSCA_FD}<&- + unset ARCHISO_TLSCA_FD + fi if [[ -n "${gpg_key}" ]]; then exec {ARCHISO_GNUPG_FD}<&- unset ARCHISO_GNUPG_FD @@ -998,8 +1012,18 @@ _validate_requirements_bootmode_uefi-x64.grub.eltorito() { _prepare_airootfs_image() { _run_once "_mkairootfs_${airootfs_image_type}" _mkchecksum + + if [[ -e "${isofs_dir}/${install_dir}/${arch}/airootfs.sfs" ]]; then + airootfs_image_filename="${isofs_dir}/${install_dir}/${arch}/airootfs.sfs" + elif [[ -e "${isofs_dir}/${install_dir}/${arch}/airootfs.erofs" ]]; then + airootfs_image_filename="${isofs_dir}/${install_dir}/${arch}/airootfs.erofs" + fi + if [[ -n "${gpg_key}" ]]; then - _mksignature + _mk_pgp_signature "${airootfs_image_filename}" + fi + if [[ -v cert_list ]]; then + _cms_sign_artifact "${airootfs_image_filename}" fi } @@ -1012,6 +1036,32 @@ _export_netboot_artifacts() { du -hs -- "${out_dir}/${install_dir}" } +_cms_sign_artifact() { + local artifact="${1}" + local openssl_flags=( + "-sign" + "-binary" + "-nocerts" + "-noattr" + "-outform" "DER" "-out" "${artifact}.cms.sig" + "-in" "${artifact}" + "-signer" "${cert_list[0]}" + "-inkey" "${cert_list[1]}" + ) + + if (( ${#cert_list[@]} > 2 )); then + openssl_flags+=("-certfile" "${cert_list[2]}") + fi + + _msg_info "Signing ${artifact} image using openssl cms..." + + rm -f -- "${artifact}.cms.sig" + + openssl cms "${openssl_flags[@]}" + + _msg_info "Done!" +} + # sign build artifacts for netboot _sign_netboot_artifacts() { local _file _dir @@ -1115,6 +1165,26 @@ _validate_common_requirements_buildmode_iso_netboot() { _msg_error "Packages file '${packages}' does not exist." 0 fi + if [[ -v cert_list ]]; then + # Check if the certificate files exist + for _cert in "${cert_list[@]}"; do + if [[ ! -e "${_cert}" ]]; then + (( validation_error=validation_error+1 )) + _msg_error "File '${_cert}' does not exist." 0 + fi + done + # Check if there are at least three certificate files to sign netboot and rootfs. + if (( ${#cert_list[@]} < 2 )); then + (( validation_error=validation_error+1 )) + _msg_error "Two certificates are required for codesigning netboot artifacts, but '${cert_list[*]}' is provided." 0 + fi + + if ! command -v openssl &> /dev/null; then + (( validation_error=validation_error+1 )) + _msg_error "Validating build mode '${_buildmode}': openssl is not available on this host. Install 'openssl'!" 0 + fi + fi + # Check if the specified airootfs_image_type is supported if typeset -f "_mkairootfs_${airootfs_image_type}" &> /dev/null; then if typeset -f "_validate_requirements_airootfs_image_type_${airootfs_image_type}" &> /dev/null; then @@ -1156,31 +1226,8 @@ _validate_requirements_buildmode_iso() { } _validate_requirements_buildmode_netboot() { - local _override_cert_list=() - - if [[ "${sign_netboot_artifacts}" == "y" ]]; then - # Check if the certificate files exist - for _cert in "${cert_list[@]}"; do - if [[ -e "${_cert}" ]]; then - _override_cert_list+=("$(realpath -- "${_cert}")") - else - (( validation_error=validation_error+1 )) - _msg_error "File '${_cert}' does not exist." 0 - fi - done - cert_list=("${_override_cert_list[@]}") - # Check if there are at least two certificate files - if (( ${#cert_list[@]} < 2 )); then - (( validation_error=validation_error+1 )) - _msg_error "Two certificates are required for codesigning, but '${cert_list[*]}' is provided." 0 - fi - fi _validate_common_requirements_buildmode_iso_netboot _validate_common_requirements_buildmode_all - if ! command -v openssl &> /dev/null; then - (( validation_error=validation_error+1 )) - _msg_error "Validating build mode '${_buildmode}': openssl is not available on this host. Install 'openssl'!" 0 - fi } # SYSLINUX El Torito @@ -1541,10 +1588,7 @@ _set_overrides() { fi [[ ! -v override_gpg_key ]] || gpg_key="$override_gpg_key" [[ ! -v override_gpg_sender ]] || gpg_sender="$override_gpg_sender" - if [[ -v override_cert_list ]]; then - sign_netboot_artifacts="y" - fi - [[ ! -v override_cert_list ]] || cert_list+=("${override_cert_list[@]}") + [[ ! -v override_cert_list ]] || mapfile -t cert_list < <(realpath -- "${override_cert_list[@]}") if [[ -v override_quiet ]]; then quiet="$override_quiet" elif [[ -z "$quiet" ]]; then @@ -1675,8 +1719,16 @@ _build_buildmode_netboot() { local run_once_mode="${buildmode}" _build_iso_base + + if [[ -e "${isofs_dir}/${install_dir}/${arch}/airootfs.sfs" ]]; then + airootfs_image_filename="${isofs_dir}/${install_dir}/${arch}/airootfs.sfs" + elif [[ -e "${isofs_dir}/${install_dir}/${arch}/airootfs.erofs" ]]; then + airootfs_image_filename="${isofs_dir}/${install_dir}/${arch}/airootfs.erofs" + fi + if [[ -v cert_list ]]; then _run_once _sign_netboot_artifacts + _cms_sign_artifact "${airootfs_image_filename}" fi _run_once _export_netboot_artifacts } From 3e962dbeda641400c196bef0ccf46ad705519673 Mon Sep 17 00:00:00 2001 From: David Runge Date: Sun, 25 Sep 2022 19:14:12 +0200 Subject: [PATCH 008/145] Update PGP key ID for David Runge README.rst: Change referenced PGP key ID from `C7E7849466FE2358343588377258734B41C31549` to `991F6E3F0765CF6295888586139B09DA5BF0D338`, as the latter is now in used. The keys are cross-signed and both available via Arch Linux's WKD. --- README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.rst b/README.rst index 6ac7434..d1aa233 100644 --- a/README.rst +++ b/README.rst @@ -156,7 +156,7 @@ Releases `Releases of archiso `_ are created by their current maintainers -- `David Runge `_ (``C7E7849466FE2358343588377258734B41C31549``) +- `David Runge `_ (``991F6E3F0765CF6295888586139B09DA5BF0D338``) - `nl6720 `_ (``BB8E6F1B81CF0BB301D74D1CBF425A01E68B38EF``) Tags are signed using respective PGP keys. From fbc72247b834262c24a26470bf623007d90b6e87 Mon Sep 17 00:00:00 2001 From: David Runge Date: Sun, 25 Sep 2022 19:59:58 +0200 Subject: [PATCH 009/145] Add changelog for version 67 CHANGELOG.rst: Add changelog for version 67. --- CHANGELOG.rst | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 1d9eeea..1b05ff4 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -8,6 +8,18 @@ Changelog Added ----- +Changed +------- + +Removed +------- + +[67] - 2022-09-25 +================= + +Added +----- + - The ability to generate rootfs signatures using openssl CMS module if ``-c`` is given. Changed @@ -18,9 +30,6 @@ Changed - Order ``pacman-init.service`` after ``time-sync.target`` since ``pacman-init.service`` may otherwise create local signatures that are not valid on target systems after installation. -Removed -------- - [66] - 2022-08-28 ================= From f4f0a3a5ecbb13dd76e7fef09642e7f15808d347 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Sat, 1 Oct 2022 15:02:58 +0300 Subject: [PATCH 010/145] configs/: Do not explicitly enable qemu-guest-agent.service qemu-guest-agent.service will be started by the /usr/lib/udev/rules.d/99-qemu-guest-agent.rules udev rule. Fixes #199 --- CHANGELOG.rst | 2 ++ .../system/multi-user.target.wants/qemu-guest-agent.service | 1 - .../system/multi-user.target.wants/qemu-guest-agent.service | 1 - 3 files changed, 2 insertions(+), 2 deletions(-) delete mode 120000 configs/baseline/airootfs/etc/systemd/system/multi-user.target.wants/qemu-guest-agent.service delete mode 120000 configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/qemu-guest-agent.service diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 1b05ff4..73fa2d9 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -11,6 +11,8 @@ Added Changed ------- +- Do not explicitly enable ``qemu-guest-agent.service`` as it will be started by a udev rule. + Removed ------- diff --git a/configs/baseline/airootfs/etc/systemd/system/multi-user.target.wants/qemu-guest-agent.service b/configs/baseline/airootfs/etc/systemd/system/multi-user.target.wants/qemu-guest-agent.service deleted file mode 120000 index 8e3ff80..0000000 --- a/configs/baseline/airootfs/etc/systemd/system/multi-user.target.wants/qemu-guest-agent.service +++ /dev/null @@ -1 +0,0 @@ -/usr/lib/systemd/system/qemu-guest-agent.service \ No newline at end of file diff --git a/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/qemu-guest-agent.service b/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/qemu-guest-agent.service deleted file mode 120000 index 8e3ff80..0000000 --- a/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/qemu-guest-agent.service +++ /dev/null @@ -1 +0,0 @@ -/usr/lib/systemd/system/qemu-guest-agent.service \ No newline at end of file From 11971619a671c778b027ce823e1c1a7d9ad48482 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Wed, 12 Oct 2022 13:12:29 +0300 Subject: [PATCH 011/145] mkarchiso: do not sign .sig files Make sure existing sig files are deleted before creating new ones and make sure to not sign any sig files. This allows retrying failed mkarchiso runs without ending up with files such as vmlinuz.ipxe.sig.ipxe.sig. Fixes #198 --- CHANGELOG.rst | 2 ++ archiso/mkarchiso | 7 ++++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 73fa2d9..4c18fd2 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -12,6 +12,8 @@ Changed ------- - Do not explicitly enable ``qemu-guest-agent.service`` as it will be started by a udev rule. +- Remove existing signature (``.sig``) files and do not sign them when signing netboot artifacts. This is mostly + applicable when re-running ``mkarchiso`` after a failure. Removed ------- diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 2fbbf66..caeb21e 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -254,7 +254,7 @@ _mk_pgp_signature() { local gpg_options=() local airootfs_image_filename="${1}" _msg_info "Signing rootfs image using GPG..." - + rm -f -- "${airootfs_image_filename}.sig" # Add gpg sender option if the value is provided [[ -z "${gpg_sender}" ]] || gpg_options+=('--sender' "${gpg_sender}") @@ -1054,7 +1054,7 @@ _cms_sign_artifact() { fi _msg_info "Signing ${artifact} image using openssl cms..." - + rm -f -- "${artifact}.cms.sig" openssl cms "${openssl_flags[@]}" @@ -1073,7 +1073,8 @@ _sign_netboot_artifacts() { _files_to_sign+=("${_dir}${_file}") fi done - for _file in "${_files_to_sign[@]}" "${_dir}${arch}/vmlinuz-"* "${_dir}${arch}/initramfs-"*.img; do + for _file in "${_files_to_sign[@]}" "${_dir}${arch}/vmlinuz-"!(*.sig) "${_dir}${arch}/initramfs-"*.img; do + rm -f -- "${_file}".ipxe.sig openssl cms \ -sign \ -binary \ From 2f9cfdf42fce7144f2a83dff08df5af899aceaba Mon Sep 17 00:00:00 2001 From: nl6720 Date: Fri, 17 Jun 2022 15:01:31 +0300 Subject: [PATCH 012/145] configs/: remove "Copy to RAM" boot entries since it is automatic now The default is now copytoram=auto which enables copying to RAM when the rootfs image size is less than 4 GiB and free RAM exceeds the rootfs image size + 2 GiB. See https://gitlab.archlinux.org/mkinitcpio/mkinitcpio-archiso/-/issues/13 and https://gitlab.archlinux.org/mkinitcpio/mkinitcpio-archiso/-/merge_requests/26. Implements #177. --- CHANGELOG.rst | 2 ++ .../loader/entries/02-archiso-x86_64-ram-linux.conf | 4 ---- configs/baseline/grub/grub.cfg | 7 ------- configs/baseline/syslinux/syslinux-linux.cfg | 6 ------ .../loader/entries/03-archiso-x86_64-ram-linux.conf | 7 ------- .../entries/04-archiso-x86_64-ram-speech-linux.conf | 7 ------- configs/releng/syslinux/archiso_sys-linux.cfg | 11 ----------- 7 files changed, 2 insertions(+), 42 deletions(-) delete mode 100644 configs/baseline/efiboot/loader/entries/02-archiso-x86_64-ram-linux.conf delete mode 100644 configs/releng/efiboot/loader/entries/03-archiso-x86_64-ram-linux.conf delete mode 100644 configs/releng/efiboot/loader/entries/04-archiso-x86_64-ram-speech-linux.conf diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 4c18fd2..4c522fd 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -73,6 +73,8 @@ Removed - Remove the custom pacman hook that ran ``locale-gen`` on glibc install from the releng profile. The used locale now ships with the glibc package itself. +- Remove "Copy to RAM" boot entries since the ``archiso`` mkinitcpio hook enables it automatically when there is enough + free RAM. [64] - 2022-05-30 ================= diff --git a/configs/baseline/efiboot/loader/entries/02-archiso-x86_64-ram-linux.conf b/configs/baseline/efiboot/loader/entries/02-archiso-x86_64-ram-linux.conf deleted file mode 100644 index d66f5a6..0000000 --- a/configs/baseline/efiboot/loader/entries/02-archiso-x86_64-ram-linux.conf +++ /dev/null @@ -1,4 +0,0 @@ -title Arch Linux (x86_64, UEFI) Copy to RAM -linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux -initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% copytoram diff --git a/configs/baseline/grub/grub.cfg b/configs/baseline/grub/grub.cfg index dead8ce..d2aa4ab 100644 --- a/configs/baseline/grub/grub.cfg +++ b/configs/baseline/grub/grub.cfg @@ -34,10 +34,3 @@ menuentry "Arch Linux (x86_64, UEFI)" --class arch --class gnu-linux --class gnu linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img } - -menuentry "Arch Linux (x86_64, UEFI) Copy to RAM" --class arch --class gnu-linux --class gnu --class os --id 'archlinux-copy-to-ram' { - set gfxpayload=keep - search --no-floppy --set=root --label %ARCHISO_LABEL% - linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% copytoram - initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -} diff --git a/configs/baseline/syslinux/syslinux-linux.cfg b/configs/baseline/syslinux/syslinux-linux.cfg index 6bfd0c3..0311f29 100644 --- a/configs/baseline/syslinux/syslinux-linux.cfg +++ b/configs/baseline/syslinux/syslinux-linux.cfg @@ -3,9 +3,3 @@ MENU LABEL Arch Linux (x86_64, BIOS) LINUX /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux INITRD /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% - -LABEL arch-ram -MENU LABEL Arch Linux (x86_64, BIOS) Copy to RAM -LINUX /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux -INITRD /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% copytoram diff --git a/configs/releng/efiboot/loader/entries/03-archiso-x86_64-ram-linux.conf b/configs/releng/efiboot/loader/entries/03-archiso-x86_64-ram-linux.conf deleted file mode 100644 index 3e26651..0000000 --- a/configs/releng/efiboot/loader/entries/03-archiso-x86_64-ram-linux.conf +++ /dev/null @@ -1,7 +0,0 @@ -title Arch Linux install medium (x86_64, UEFI, Copy to RAM) -sort-key 03 -linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux -initrd /%INSTALL_DIR%/boot/intel-ucode.img -initrd /%INSTALL_DIR%/boot/amd-ucode.img -initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% copytoram diff --git a/configs/releng/efiboot/loader/entries/04-archiso-x86_64-ram-speech-linux.conf b/configs/releng/efiboot/loader/entries/04-archiso-x86_64-ram-speech-linux.conf deleted file mode 100644 index 0d67999..0000000 --- a/configs/releng/efiboot/loader/entries/04-archiso-x86_64-ram-speech-linux.conf +++ /dev/null @@ -1,7 +0,0 @@ -title Arch Linux install medium (x86_64, UEFI, Copy to RAM) with speech -sort-key 04 -linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux -initrd /%INSTALL_DIR%/boot/intel-ucode.img -initrd /%INSTALL_DIR%/boot/amd-ucode.img -initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% copytoram accessibility=on diff --git a/configs/releng/syslinux/archiso_sys-linux.cfg b/configs/releng/syslinux/archiso_sys-linux.cfg index 0d85fcc..f9d3b0d 100644 --- a/configs/releng/syslinux/archiso_sys-linux.cfg +++ b/configs/releng/syslinux/archiso_sys-linux.cfg @@ -18,14 +18,3 @@ MENU LABEL Arch Linux install medium (x86_64, BIOS) with ^speech LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% accessibility=on - -# Copy to RAM boot option -LABEL arch64ram -TEXT HELP -Boot the Arch Linux install medium on BIOS with Copy-to-RAM option -It allows you to install Arch Linux or perform system maintenance. -ENDTEXT -MENU LABEL Arch Linux install medium (x86_64, BIOS, Copy to RAM) -LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux -INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% copytoram From e0e4d200c1398eff946c05911a373b0c39338db3 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Tue, 25 Oct 2022 11:29:33 +0300 Subject: [PATCH 013/145] configs/releng/airootfs/etc/mkinitcpio.conf: replace the deprecated archiso_kms hook with kms The archiso_kms hook was moved from mkinitcpio-archiso to the mkinitcpio project. See https://github.com/archlinux/mkinitcpio/commit/7bfe4861eacb3bf6cb70d9a17a0262542733a8ed and https://gitlab.archlinux.org/mkinitcpio/mkinitcpio-archiso/-/commit/dec17db5324285118e2faee296cc990ff1281bd8 --- CHANGELOG.rst | 1 + configs/releng/airootfs/etc/mkinitcpio.conf | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 4c522fd..7119eba 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -14,6 +14,7 @@ Changed - Do not explicitly enable ``qemu-guest-agent.service`` as it will be started by a udev rule. - Remove existing signature (``.sig``) files and do not sign them when signing netboot artifacts. This is mostly applicable when re-running ``mkarchiso`` after a failure. +- Replace ``archiso_kms`` with ``kms`` in ``mkinitcpio.conf``. The hook is available in mkinitcpio since version 32. Removed ------- diff --git a/configs/releng/airootfs/etc/mkinitcpio.conf b/configs/releng/airootfs/etc/mkinitcpio.conf index f57dbdd..96a8752 100644 --- a/configs/releng/airootfs/etc/mkinitcpio.conf +++ b/configs/releng/airootfs/etc/mkinitcpio.conf @@ -49,7 +49,7 @@ FILES=() # ## NOTE: If you have /usr on a separate partition, you MUST include the # usr, fsck and shutdown hooks. -HOOKS=(base udev modconf memdisk archiso archiso_loop_mnt archiso_pxe_common archiso_pxe_nbd archiso_pxe_http archiso_pxe_nfs archiso_kms block filesystems keyboard) +HOOKS=(base udev modconf kms memdisk archiso archiso_loop_mnt archiso_pxe_common archiso_pxe_nbd archiso_pxe_http archiso_pxe_nfs block filesystems keyboard) # COMPRESSION # Use this to compress the initramfs image. By default, gzip compression From ee4e4a96d260040af11482cf9d28b49541b813a6 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Sun, 30 Oct 2022 10:39:45 +0200 Subject: [PATCH 014/145] Add changelog for 68 --- CHANGELOG.rst | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 7119eba..0e9d737 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -11,14 +11,20 @@ Added Changed ------- +Removed +------- + +[68] - 2022-10-30 +================= + +Changed +------- + - Do not explicitly enable ``qemu-guest-agent.service`` as it will be started by a udev rule. - Remove existing signature (``.sig``) files and do not sign them when signing netboot artifacts. This is mostly applicable when re-running ``mkarchiso`` after a failure. - Replace ``archiso_kms`` with ``kms`` in ``mkinitcpio.conf``. The hook is available in mkinitcpio since version 32. -Removed -------- - [67] - 2022-09-25 ================= From 477294955a52874e167c33994dd99f9f3d60d912 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Sat, 12 Nov 2022 11:30:19 +0200 Subject: [PATCH 015/145] configs/releng/airootfs/root/.zlogin: use grep -a to ensure /proc/cmdline is treated as text This protects against the case where /proc/cmdline contains garbage triggering grep to think it is a binary. See e.g. https://bugs.archlinux.org/task/76468 for an example. --- configs/releng/airootfs/root/.zlogin | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configs/releng/airootfs/root/.zlogin b/configs/releng/airootfs/root/.zlogin index 0fb119d..bf6bc8f 100644 --- a/configs/releng/airootfs/root/.zlogin +++ b/configs/releng/airootfs/root/.zlogin @@ -1,5 +1,5 @@ # fix for screen readers -if grep -Fq 'accessibility=' /proc/cmdline &> /dev/null; then +if grep -Fqa 'accessibility=' /proc/cmdline &> /dev/null; then setopt SINGLE_LINE_ZLE fi From 9d391c092570909a9631c514600d2588b2cd5310 Mon Sep 17 00:00:00 2001 From: Jonathan Liu Date: Sat, 3 Dec 2022 20:56:18 +1100 Subject: [PATCH 016/145] Add Memtest86+ to x86_64 UEFI GRUB boot menu Implements #203. --- CHANGELOG.rst | 1 + archiso/mkarchiso | 11 +++++++++++ configs/releng/grub/grub.cfg | 5 +++++ configs/releng/packages.x86_64 | 1 + 4 files changed, 18 insertions(+) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 0e9d737..5115cb1 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -7,6 +7,7 @@ Changelog Added ----- +- Add Memtest86+ to x86_64 UEFI GRUB boot menu. Changed ------- diff --git a/archiso/mkarchiso b/archiso/mkarchiso index caeb21e..9b917ab 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -712,6 +712,14 @@ _make_bootmode_uefi-x64.grub.esp() { mcopy -i "${efibootimg}" "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" ::/shellx64.efi fi + # Add other aditional/extra files to ${install_dir}/boot/ + if [[ -e "${pacstrap_dir}/boot/memtest86+/memtest.efi" ]]; then + install -m 0644 -- "${pacstrap_dir}/boot/memtest86+/memtest.efi" "${isofs_dir}/${install_dir}/boot/memtest.efi" + install -d -m 0755 -- "${isofs_dir}/${install_dir}/boot/licenses/memtest86+/" + install -m 0644 -- "${pacstrap_dir}/usr/share/licenses/common/GPL2/license.txt" \ + "${isofs_dir}/${install_dir}/boot/licenses/memtest86+/" + fi + _msg_info "Done! GRUB set up for UEFI booting successfully." } @@ -997,6 +1005,9 @@ _validate_requirements_bootmode_uefi-x64.grub.esp() { if [[ ! " ${pkg_list[*]} " =~ ' edk2-shell ' ]]; then _msg_info "'edk2-shell' is not in the package list. The ISO will not contain a bootable UEFI shell." fi + if [[ ! " ${pkg_list[*]} " =~ ' memtest86+-efi ' ]]; then + _msg_info "Validating '${bootmode}': 'memtest86+-efi' is not in the package list. Memory testing will not be available from GRUB." + fi } _validate_requirements_bootmode_uefi-x64.grub.eltorito() { diff --git a/configs/releng/grub/grub.cfg b/configs/releng/grub/grub.cfg index 43fad0e..79ea2d2 100644 --- a/configs/releng/grub/grub.cfg +++ b/configs/releng/grub/grub.cfg @@ -46,6 +46,11 @@ menuentry "Arch Linux install medium with speakup screen reader (x86_64, UEFI)" if [ "${grub_platform}" == "efi" ]; then if [ "${grub_cpu}" == "x86_64" ]; then + menuentry "Run Memtest86+ (RAM test)" --class memtest86 --class gnu --class tool { + set gfxpayload=800x600,1024x768 + search --fs-uuid --no-floppy --set=root --label %ARCHISO_LABEL% + linux /%INSTALL_DIR%/boot/memtest.efi + } menuentry "UEFI Shell" { insmod chain search --no-floppy --set=root --label %ARCHISO_LABEL% diff --git a/configs/releng/packages.x86_64 b/configs/releng/packages.x86_64 index 02ef538..5771920 100644 --- a/configs/releng/packages.x86_64 +++ b/configs/releng/packages.x86_64 @@ -60,6 +60,7 @@ man-pages mc mdadm memtest86+ +memtest86+-efi mkinitcpio mkinitcpio-archiso mkinitcpio-nfs-utils From 4ee6fdc1eab278485e13590c47c33db27de4efe5 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Tue, 6 Dec 2022 12:27:35 +0200 Subject: [PATCH 017/145] mkarchiso: disable shellcheck warning when searching an array The warning about SC2076 does not apply here. --- archiso/mkarchiso | 1 + 1 file changed, 1 insertion(+) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 9b917ab..30c1e06 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1005,6 +1005,7 @@ _validate_requirements_bootmode_uefi-x64.grub.esp() { if [[ ! " ${pkg_list[*]} " =~ ' edk2-shell ' ]]; then _msg_info "'edk2-shell' is not in the package list. The ISO will not contain a bootable UEFI shell." fi + # shellcheck disable=SC2076 if [[ ! " ${pkg_list[*]} " =~ ' memtest86+-efi ' ]]; then _msg_info "Validating '${bootmode}': 'memtest86+-efi' is not in the package list. Memory testing will not be available from GRUB." fi From d31f38843ac0cb803561b0dbe976a3189ac0191c Mon Sep 17 00:00:00 2001 From: nl6720 Date: Sat, 26 Nov 2022 21:35:38 +0200 Subject: [PATCH 018/145] mkarchiso: do not try to use an non existent GPG public key file The `bootstrap` build mode never calls `_export_gpg_publickey`, so even if the GPG key is passed with the `-g` option and thus the `gpg_key` variable is set, the `${work_dir}/pubkey.gpg` file will not exist. This has not caused any issue so far because the `ARCHISO_GNUPG_FD` file descriptor opens the file for both reading and writing, which means the file gets created if it does not exist. Assign the exported public key file name to a `gpg_publickey` variable in `_export_gpg_publickey` and check for it when the file is used. Since the exist status of the gpg command cannot be checked, look for the exported public key file instead. --- CHANGELOG.rst | 2 ++ archiso/mkarchiso | 12 +++++++----- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 5115cb1..982c722 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -12,6 +12,8 @@ Added Changed ------- +- Check if the GPG public key file was successfully placed in the work directory before trying to use it. + Removed ------- diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 30c1e06..9000044 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -335,8 +335,8 @@ _make_custom_airootfs() { _make_packages() { _msg_info "Installing packages to '${pacstrap_dir}/'..." - if [[ -n "${gpg_key}" ]]; then - exec {ARCHISO_GNUPG_FD}<>"${work_dir}/pubkey.gpg" + if [[ -v gpg_publickey ]]; then + exec {ARCHISO_GNUPG_FD}<>"$gpg_publickey" export ARCHISO_GNUPG_FD fi if [[ -v cert_list[0] ]]; then @@ -364,7 +364,7 @@ _make_packages() { exec {ARCHISO_TLSCA_FD}<&- unset ARCHISO_TLSCA_FD fi - if [[ -n "${gpg_key}" ]]; then + if [[ -v gpg_publickey ]]; then exec {ARCHISO_GNUPG_FD}<&- unset ARCHISO_GNUPG_FD fi @@ -1614,8 +1614,10 @@ _set_overrides() { } _export_gpg_publickey() { - rm -f -- "${work_dir}/pubkey.gpg" - gpg --batch --no-armor --output "${work_dir}/pubkey.gpg" --export "${gpg_key}" + gpg_publickey="${work_dir}/pubkey.gpg" + rm -f -- "$gpg_publickey" + gpg --batch --no-armor --output "$gpg_publickey" --export "${gpg_key}" + [[ -s "$gpg_publickey" ]] || return } _make_version() { From 2c3420204e25c31b6768f8e30ade348db757b722 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Sat, 26 Nov 2022 20:00:40 +0200 Subject: [PATCH 019/145] mkarchiso: open the ARCHISO_GNUPG_FD, ARCHISO_TLS_FD and ARCHISO_TLSCA_FD file descriptors only for reading Nothing should ever be written to these files, so let's make sure it cannot happen. --- CHANGELOG.rst | 2 ++ archiso/mkarchiso | 6 +++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 982c722..4fa88db 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -13,6 +13,8 @@ Changed ------- - Check if the GPG public key file was successfully placed in the work directory before trying to use it. +- Open the file descriptors for code signing certificates and GPG public key as read only. Nothing from the within the + ``pacstrap`` invoked chroot should ever be allowed to write outside of it. Removed ------- diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 9000044..7a3fd1c 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -336,15 +336,15 @@ _make_packages() { _msg_info "Installing packages to '${pacstrap_dir}/'..." if [[ -v gpg_publickey ]]; then - exec {ARCHISO_GNUPG_FD}<>"$gpg_publickey" + exec {ARCHISO_GNUPG_FD}<"$gpg_publickey" export ARCHISO_GNUPG_FD fi if [[ -v cert_list[0] ]]; then - exec {ARCHISO_TLS_FD}<>"${cert_list[0]}" + exec {ARCHISO_TLS_FD}<"${cert_list[0]}" export ARCHISO_TLS_FD fi if [[ -v cert_list[2] ]]; then - exec {ARCHISO_TLSCA_FD}<>"${cert_list[2]}" + exec {ARCHISO_TLSCA_FD}<"${cert_list[2]}" export ARCHISO_TLSCA_FD fi From 2da65f64adfbce72671cdd7e482b55f1f83d135d Mon Sep 17 00:00:00 2001 From: nl6720 Date: Sat, 26 Nov 2022 21:18:15 +0200 Subject: [PATCH 020/145] mkarchiso: check if the code signing files specified with option -c exist Look for the files in `*_validate_options` and error out early if they do not exist. --- CHANGELOG.rst | 1 + archiso/mkarchiso | 10 +++++++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 4fa88db..400628a 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -15,6 +15,7 @@ Changed - Check if the GPG public key file was successfully placed in the work directory before trying to use it. - Open the file descriptors for code signing certificates and GPG public key as read only. Nothing from the within the ``pacstrap`` invoked chroot should ever be allowed to write outside of it. +- Error out early if any of the code signing certificate files passed with option ``-c`` do not exist. Removed ------- diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 7a3fd1c..8449f51 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1522,7 +1522,7 @@ _read_profile() { # Validate set options _validate_options() { - local validation_error=0 _buildmode + local validation_error=0 _buildmode certfile _msg_info "Validating options..." @@ -1532,6 +1532,14 @@ _validate_options() { _msg_error "File '${pacman_conf}' does not exist." 0 fi + # Check if the code signing certificate files exist + for certfile in "${cert_list[@]}"; do + if [[ ! -e "$certfile" ]]; then + (( validation_error=validation_error+1 )) + _msg_error "Code signing certificate '${certfile}' does not exist." 0 + fi + done + # Check if the specified buildmodes are supported for _buildmode in "${buildmodes[@]}"; do if typeset -f "_build_buildmode_${_buildmode}" &> /dev/null; then From dedfe0364cd665a12bb7a4d6fdb3b978d02026ab Mon Sep 17 00:00:00 2001 From: nl6720 Date: Wed, 7 Dec 2022 08:46:59 +0200 Subject: [PATCH 021/145] configs/releng/syslinux/archiso_pxe-linux.cfg: replace checksum and verify with cms_verify=y Specify `cms_verify=y` in SYSLINUX/PXELINUX configuration to use OpenSSL CMS based method for verifying the root file system image against the code signing certificates in the initramfs. `checksum` and `verify` are removed since they essentially serve the same purpose and performing all the checks just needlessly delays boot. Additionally, the removal of `verify` allows to build the ISO without gpg, i.e. without using `mkarchiso`'s `-g` and `-G` options. Fixes #200 --- configs/releng/syslinux/archiso_pxe-linux.cfg | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/configs/releng/syslinux/archiso_pxe-linux.cfg b/configs/releng/syslinux/archiso_pxe-linux.cfg index d812402..0eb1705 100644 --- a/configs/releng/syslinux/archiso_pxe-linux.cfg +++ b/configs/releng/syslinux/archiso_pxe-linux.cfg @@ -6,7 +6,7 @@ ENDTEXT MENU LABEL Arch Linux install medium (x86_64, NBD) LINUX ::/%INSTALL_DIR%/boot/x86_64/vmlinuz-linux INITRD ::/%INSTALL_DIR%/boot/intel-ucode.img,::/%INSTALL_DIR%/boot/amd-ucode.img,::/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% archiso_nbd_srv=${pxeserver} checksum verify +APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% archiso_nbd_srv=${pxeserver} cms_verify=y SYSAPPEND 3 LABEL arch64_nfs @@ -17,7 +17,7 @@ ENDTEXT MENU LABEL Arch Linux install medium (x86_64, NFS) LINUX ::/%INSTALL_DIR%/boot/x86_64/vmlinuz-linux INITRD ::/%INSTALL_DIR%/boot/intel-ucode.img,::/%INSTALL_DIR%/boot/amd-ucode.img,::/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archiso_nfs_srv=${pxeserver}:/run/archiso/bootmnt checksum verify +APPEND archisobasedir=%INSTALL_DIR% archiso_nfs_srv=${pxeserver}:/run/archiso/bootmnt cms_verify=y SYSAPPEND 3 LABEL arch64_http @@ -28,5 +28,5 @@ ENDTEXT MENU LABEL Arch Linux install medium (x86_64, HTTP) LINUX ::/%INSTALL_DIR%/boot/x86_64/vmlinuz-linux INITRD ::/%INSTALL_DIR%/boot/intel-ucode.img,::/%INSTALL_DIR%/boot/amd-ucode.img,::/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archiso_http_srv=http://${pxeserver}/ checksum verify +APPEND archisobasedir=%INSTALL_DIR% archiso_http_srv=http://${pxeserver}/ cms_verify=y SYSAPPEND 3 From 55a1b132a0bb6865d327726afdf21bc7e2d105db Mon Sep 17 00:00:00 2001 From: nl6720 Date: Sat, 17 Dec 2022 19:34:04 +0200 Subject: [PATCH 022/145] configs/baseline/profiledef.sh: use LZMA compression for the EROFS image Now that xz 5.4 is out and erofs-utils is built with LZMA support, it is possible to compress the EROFS image with LZMA for higher compression. `mkfs.erofs` trows a few warnings about using experimental features, but they should not be an issue. Nothing changes for the releng profile, for now at least. --- CHANGELOG.rst | 2 ++ configs/baseline/profiledef.sh | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 400628a..4966b84 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -16,6 +16,8 @@ Changed - Open the file descriptors for code signing certificates and GPG public key as read only. Nothing from the within the ``pacstrap`` invoked chroot should ever be allowed to write outside of it. - Error out early if any of the code signing certificate files passed with option ``-c`` do not exist. +- Use LZMA compressed EROFS image for the baseline profile. Now that xz 5.4 is out and erofs-utils is built with LZMA + support, using a higher compression is possible. Removed ------- diff --git a/configs/baseline/profiledef.sh b/configs/baseline/profiledef.sh index 4115581..ed486ca 100644 --- a/configs/baseline/profiledef.sh +++ b/configs/baseline/profiledef.sh @@ -14,7 +14,7 @@ bootmodes=('bios.syslinux.mbr' 'bios.syslinux.eltorito' arch="x86_64" pacman_conf="pacman.conf" airootfs_image_type="erofs" -airootfs_image_tool_options=('-zlz4hc,12' -E ztailpacking) +airootfs_image_tool_options=('-zlzma,9' -E ztailpacking) file_permissions=( ["/etc/shadow"]="0:0:400" ) From 6e1be91961967a6485901ac431f6f6b06675b750 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Thu, 22 Dec 2022 10:41:41 +0100 Subject: [PATCH 023/145] archiso/mkarchiso: write "uninitialized" to /etc/machine-id This is a new value introduced in systemd v247. It makes sure a new machine-id is generated, but is handled as first boot as well. See "First Boot Semantics" in machine-id(5) for details. --- CHANGELOG.rst | 3 +++ archiso/mkarchiso | 5 +++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 4966b84..19a4d91 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -18,6 +18,9 @@ Changed - Error out early if any of the code signing certificate files passed with option ``-c`` do not exist. - Use LZMA compressed EROFS image for the baseline profile. Now that xz 5.4 is out and erofs-utils is built with LZMA support, using a higher compression is possible. +- Add ``/etc/machine-id`` with special value ``uninitialized``. The final id is generated at boot time, and systemd's + first-boot mechanim (see ``First Boot Semantics`` in ``machine-id(5)``) applies. No functional change unless that + ``ConditionFirstBoot=yes`` is true and passive unit ``first-boot-complete.target`` activates for ordering. Removed ------- diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 8449f51..7331bb0 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -163,9 +163,10 @@ _cleanup_pacstrap_dir() { [[ -d "${pacstrap_dir}/var/tmp" ]] && find "${pacstrap_dir}/var/tmp" -mindepth 1 -delete # Delete package pacman related files. find "${work_dir}" \( -name '*.pacnew' -o -name '*.pacsave' -o -name '*.pacorig' \) -delete - # Create an empty /etc/machine-id + # Create /etc/machine-id with special value 'uninitialized': the final id is + # generated on first boot, systemd's first-boot mechanism applies (see machine-id(5)) rm -f -- "${pacstrap_dir}/etc/machine-id" - printf '' > "${pacstrap_dir}/etc/machine-id" + printf 'uninitialized\n' > "${pacstrap_dir}/etc/machine-id" _msg_info "Done!" } From cca3eee83323ae94d9cab2ddb4e7f9b1e3235f30 Mon Sep 17 00:00:00 2001 From: Alexander Speshilov Date: Thu, 22 Dec 2022 20:58:49 +0000 Subject: [PATCH 024/145] fix typo in README.profile.rst --- docs/README.profile.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/README.profile.rst b/docs/README.profile.rst index efcb861..f1fd717 100644 --- a/docs/README.profile.rst +++ b/docs/README.profile.rst @@ -137,7 +137,7 @@ The following *custom template identifiers* are understood and will be replaced respective variables in ``profiledef.sh``: * ``%ARCHISO_LABEL%``: Set this using the ``iso_label`` variable in ``profiledef.sh``. -* ``%INSTALL_DIR%``: Set this using the ``iso_label`` variable in ``profiledef.sh``. +* ``%INSTALL_DIR%``: Set this using the ``install_dir`` variable in ``profiledef.sh``. * ``%ARCH%``: Set this using the ``arch`` variable in ``profiledef.sh``. From cd621f5f4a180ddbf5b6ddf2eb53c9d17cd9a14c Mon Sep 17 00:00:00 2001 From: nl6720 Date: Sat, 24 Dec 2022 10:33:18 +0200 Subject: [PATCH 025/145] Add changelog for 69 --- CHANGELOG.rst | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 19a4d91..f4ad972 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -7,6 +7,19 @@ Changelog Added ----- + +Changed +------- + +Removed +------- + +[69] - 2022-12-24 +================= + +Added +----- + - Add Memtest86+ to x86_64 UEFI GRUB boot menu. Changed @@ -22,9 +35,6 @@ Changed first-boot mechanim (see ``First Boot Semantics`` in ``machine-id(5)``) applies. No functional change unless that ``ConditionFirstBoot=yes`` is true and passive unit ``first-boot-complete.target`` activates for ordering. -Removed -------- - [68] - 2022-10-30 ================= From ab3d78860e1dc4cd157e455a7071cc9e8a99a772 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Sun, 29 Jan 2023 11:11:38 +0200 Subject: [PATCH 026/145] Update URLs * Update mkinitcpio-archiso project link, * Update code of conduct link, * Update arch-releng mailing list link, * Use HTTPS where possible, * Replace dead link. --- CHANGELOG.rst | 2 +- README.rst | 4 ++-- configs/releng/syslinux/archiso_head.cfg | 2 +- configs/releng/syslinux/archiso_tail.cfg | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index f4ad972..66ffe75 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -241,7 +241,7 @@ Removed ------- - Remove all files related to ``mkinitcpio`` integration, as they now live in - https://gitlab.archlinux.org/mkinitcpio/mkinitcpio-archiso + https://gitlab.archlinux.org/archlinux/mkinitcpio/mkinitcpio-archiso [57] - 2021-07-30 ================= diff --git a/README.rst b/README.rst index d1aa233..51cb600 100644 --- a/README.rst +++ b/README.rst @@ -139,14 +139,14 @@ Contribute Development of archiso takes place on Arch Linux' Gitlab: https://gitlab.archlinux.org/archlinux/archiso. -Please read our distribution-wide `Code of Conduct `_ before +Please read our distribution-wide `Code of Conduct `_ before contributing, to understand what actions will and will not be tolerated. Read our `contributing guide `_ to learn more about how to provide fixes or improvements for the code base. Discussion around archiso takes place on the `arch-releng mailing list -`_ and in `#archlinux-releng +`_ and in `#archlinux-releng `_ on `Libera Chat `_. All past and present authors of archiso are listed in `AUTHORS `_. diff --git a/configs/releng/syslinux/archiso_head.cfg b/configs/releng/syslinux/archiso_head.cfg index 1154f78..671ab4e 100644 --- a/configs/releng/syslinux/archiso_head.cfg +++ b/configs/releng/syslinux/archiso_head.cfg @@ -12,7 +12,7 @@ MENU CMDLINEROW 14 MENU HELPMSGROW 16 MENU HELPMSGENDROW 29 -# Refer to http://syslinux.zytor.com/wiki/index.php/Doc/menu +# Refer to https://wiki.syslinux.org/wiki/index.php/Comboot/menu.c32 MENU COLOR border 30;44 #40ffffff #a0000000 std MENU COLOR title 1;36;44 #9033ccff #a0000000 std diff --git a/configs/releng/syslinux/archiso_tail.cfg b/configs/releng/syslinux/archiso_tail.cfg index e5339a2..dcbb413 100644 --- a/configs/releng/syslinux/archiso_tail.cfg +++ b/configs/releng/syslinux/archiso_tail.cfg @@ -7,12 +7,12 @@ MENU LABEL Boot existing OS COM32 chain.c32 APPEND hd0 0 -# http://www.memtest.org/ +# https://www.memtest.org/ LABEL memtest MENU LABEL Run Memtest86+ (RAM test) LINUX /%INSTALL_DIR%/boot/memtest -# http://hdt-project.org/ +# https://wiki.syslinux.org/wiki/index.php/Hdt_(Hardware_Detection_Tool) LABEL hdt MENU LABEL Hardware Information (HDT) COM32 hdt.c32 From 8d7ad3c629e1a2d0cb2f2008e62ea979639230e7 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Sun, 22 Jan 2023 12:02:35 +0200 Subject: [PATCH 027/145] mkarchiso: write a .uuid file to /.disk/ on ISO 9660 to allow GRUB to search for it Create a `/.disk/INSERT_UUID_HERE.uuid` file to implement something called "file system transposition". See https://www.mail-archive.com/grub-devel@gnu.org/msg34346.html for the proposal of it for grub-mkrescue. This will allow GRUB to search for the volume containing the file instead of hardcoding the ISO volume label or another file system or partition attribute in GRUB configuration. By only relying on the directory structure simplifies supporting medium preparation methods with manual partitioning such as https://wiki.archlinux.org/title/USB_flash_installation_medium#In_GNU/Linux_4 --- archiso/mkarchiso | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 7331bb0..f8a3df1 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -569,7 +569,13 @@ _make_common_bootmode_grub_copy_to_isofs() { # Prepare GRUB configuration files _make_common_bootmode_grub_cfg(){ - local _cfg + local _cfg uuid_search_filename + + # Create a .uuid file and place it in /.disk/ on ISO 9660 to provide a way for GRUB to search for the volume + uuid_search_filename="$(uuidgen --sha1 --namespace 93a870ff-8565-4cf3-a67b-f47299271a96 \ + --name "${SOURCE_DATE_EPOCH} disk search UUID")" + install -d -m 0755 -- "${isofs_dir}/.disk" + : > "${isofs_dir}/.disk/${uuid_search_filename}.uuid" install -d -- "${work_dir}/grub" @@ -577,7 +583,8 @@ _make_common_bootmode_grub_cfg(){ for _cfg in "${profile}/grub/"*'.cfg'; do sed "s|%ARCHISO_LABEL%|${iso_label}|g; s|%INSTALL_DIR%|${install_dir}|g; - s|%ARCH%|${arch}|g" \ + s|%ARCH%|${arch}|g; + s|%UUID_SEARCH_FILENAME%|${uuid_search_filename}|g" \ "${_cfg}" > "${work_dir}/grub/${_cfg##*/}" done # Add all GRUB files to the list of files used to calculate the required FAT image size. From 3f95d391eff6145e0546b8c0b69bd2851fc3c400 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Sun, 22 Jan 2023 12:17:51 +0200 Subject: [PATCH 028/145] configs/*/grub/grub.cfg: search for a .uuid file in /.disk/ and use the volume it's on Search for `/.disk/%UUID_SEARCH_FILENAME%.uuid` and pass the UUID of the volume it's on as `archisodevice`. mkarchiso will replace `%UUID_SEARCH_FILENAME%` with a hardcoded value generated using `SOURCE_DATE_EPOCH` durring ISO build. This allows to prepare an UEFI bootable installation medium by simply copying the directory structure without having to touch `grub.cfg`. Relying on the volume UUID instead of its LABEL also avoids collisions of multiple ISOs created in the same month. Fixes #202 --- CHANGELOG.rst | 7 +++++++ configs/baseline/grub/grub.cfg | 8 ++++++-- configs/releng/grub/grub.cfg | 14 +++++++------- 3 files changed, 20 insertions(+), 9 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 66ffe75..f6a6f25 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -8,9 +8,16 @@ Changelog Added ----- +- Support *file system transposition* to simplify boot medium preparation for UEFI boot via extracting the ISO image + contents to a drive. ``grub.cfg`` does not hardcode the ISO volume label anymore, instead GRUB will search for volume + with a ``/.disk/%UUID_SEARCH_FILENAME%.uuid`` file on it. + Changed ------- +- Identify the ISO volume via a UUID instead of a file system label to avoid collisions of multiple ISOs created in the + same month. + Removed ------- diff --git a/configs/baseline/grub/grub.cfg b/configs/baseline/grub/grub.cfg index d2aa4ab..7d73fe6 100644 --- a/configs/baseline/grub/grub.cfg +++ b/configs/baseline/grub/grub.cfg @@ -20,6 +20,11 @@ if serial --unit=0 --speed=115200; then terminal_output --append serial fi +# Search for the ISO volume +regexp --set=1:ARCHISO_HINT '^\(([^)]+)\)' "${cmdpath}" +search --no-floppy --set=root --file '/.disk/%UUID_SEARCH_FILENAME%.uuid' --hint "${ARCHISO_HINT}" +probe --set ARCHISO_UUID --fs-uuid "${root}" + # Set default menu entry default=archlinux timeout=15 @@ -30,7 +35,6 @@ timeout_style=menu menuentry "Arch Linux (x86_64, UEFI)" --class arch --class gnu-linux --class gnu --class os --id 'archlinux' { set gfxpayload=keep - search --no-floppy --set=root --label %ARCHISO_LABEL% - linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% + linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisodevice=/dev/disk/by-uuid/${ARCHISO_UUID} initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img } diff --git a/configs/releng/grub/grub.cfg b/configs/releng/grub/grub.cfg index 79ea2d2..ddd8af2 100644 --- a/configs/releng/grub/grub.cfg +++ b/configs/releng/grub/grub.cfg @@ -20,6 +20,11 @@ if serial --unit=0 --speed=115200; then terminal_output --append serial fi +# Search for the ISO volume +regexp --set=1:ARCHISO_HINT '^\(([^)]+)\)' "${cmdpath}" +search --no-floppy --set=root --file '/.disk/%UUID_SEARCH_FILENAME%.uuid' --hint "${ARCHISO_HINT}" +probe --set ARCHISO_UUID --fs-uuid "${root}" + # Set default menu entry default=archlinux timeout=15 @@ -32,15 +37,13 @@ play 600 988 1 1319 4 menuentry "Arch Linux install medium (x86_64, UEFI)" --class arch --class gnu-linux --class gnu --class os --id 'archlinux' { set gfxpayload=keep - search --no-floppy --set=root --label %ARCHISO_LABEL% - linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% + linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisodevice=/dev/disk/by-uuid/${ARCHISO_UUID} initrd /%INSTALL_DIR%/boot/intel-ucode.img /%INSTALL_DIR%/boot/amd-ucode.img /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img } menuentry "Arch Linux install medium with speakup screen reader (x86_64, UEFI)" --hotkey s --class arch --class gnu-linux --class gnu --class os --id 'archlinux-accessibility' { set gfxpayload=keep - search --no-floppy --set=root --label %ARCHISO_LABEL% - linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% accessibility=on + linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisodevice=/dev/disk/by-uuid/${ARCHISO_UUID} accessibility=on initrd /%INSTALL_DIR%/boot/intel-ucode.img /%INSTALL_DIR%/boot/amd-ucode.img /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img } @@ -48,18 +51,15 @@ if [ "${grub_platform}" == "efi" ]; then if [ "${grub_cpu}" == "x86_64" ]; then menuentry "Run Memtest86+ (RAM test)" --class memtest86 --class gnu --class tool { set gfxpayload=800x600,1024x768 - search --fs-uuid --no-floppy --set=root --label %ARCHISO_LABEL% linux /%INSTALL_DIR%/boot/memtest.efi } menuentry "UEFI Shell" { insmod chain - search --no-floppy --set=root --label %ARCHISO_LABEL% chainloader /shellx64.efi } elif [ "${grub_cpu}" == "i386" ]; then menuentry "UEFI Shell" { insmod chain - search --no-floppy --set=root --label %ARCHISO_LABEL% chainloader /shellia32.efi } fi From 5587e031f34d7cd1828012596453bc9b2c8be26b Mon Sep 17 00:00:00 2001 From: nl6720 Date: Sun, 22 Jan 2023 13:32:54 +0200 Subject: [PATCH 029/145] Preload GRUB's NTFS, exFAT and UDF modules There are claims that some UEFI allegedly natively support NTFS. Preload the required GRUB modules to support booting from NTFS on such systems. Additionally preload the exFAT and UEF modules, because, why not? --- CHANGELOG.rst | 2 ++ archiso/mkarchiso | 16 ++++++++-------- configs/baseline/grub/grub.cfg | 4 ++++ configs/releng/grub/grub.cfg | 4 ++++ 4 files changed, 18 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index f6a6f25..e2dfa9e 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -11,6 +11,8 @@ Added - Support *file system transposition* to simplify boot medium preparation for UEFI boot via extracting the ISO image contents to a drive. ``grub.cfg`` does not hardcode the ISO volume label anymore, instead GRUB will search for volume with a ``/.disk/%UUID_SEARCH_FILENAME%.uuid`` file on it. +- Preload GRUB's NTFS modules for UEFI that allegedly have native NTFS support. GRUB's exFAT and UDF modules are also + preloaded in case someone finds them useful. Changed ------- diff --git a/archiso/mkarchiso b/archiso/mkarchiso index f8a3df1..c1a8c22 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -612,11 +612,11 @@ _make_bootmode_uefi-ia32.grub.esp() { # Create EFI binary # Module list from https://bugs.archlinux.org/task/71382#comment202911 - grubmodules=(all_video at_keyboard boot btrfs cat chain configfile echo efifwsetup efinet ext2 f2fs fat font \ + grubmodules=(all_video at_keyboard boot btrfs cat chain configfile echo efifwsetup efinet exfat ext2 f2fs fat font \ gfxmenu gfxterm gzio halt hfsplus iso9660 jpeg keylayouts linux loadenv loopback lsefi lsefimmap \ - minicmd normal part_apple part_gpt part_msdos png read reboot regexp search search_fs_file \ - search_fs_uuid search_label serial sleep tpm usb usbserial_common usbserial_ftdi usbserial_pl2303 \ - usbserial_usbdebug video xfs zstd) + minicmd normal ntfs ntfscomp part_apple part_gpt part_msdos png read reboot regexp search \ + search_fs_file search_fs_uuid search_label serial sleep tpm udf usb usbserial_common usbserial_ftdi \ + usbserial_pl2303 usbserial_usbdebug video xfs zstd) grub-mkstandalone -O i386-efi \ --modules="${grubmodules[*]}" \ --locales="en@quot" \ @@ -689,11 +689,11 @@ _make_bootmode_uefi-x64.grub.esp() { # Create EFI binary # Module list from https://bugs.archlinux.org/task/71382#comment202911 - grubmodules=(all_video at_keyboard boot btrfs cat chain configfile echo efifwsetup efinet ext2 f2fs fat font \ + grubmodules=(all_video at_keyboard boot btrfs cat chain configfile echo efifwsetup efinet exfat ext2 f2fs fat font \ gfxmenu gfxterm gzio halt hfsplus iso9660 jpeg keylayouts linux loadenv loopback lsefi lsefimmap \ - minicmd normal part_apple part_gpt part_msdos png read reboot regexp search search_fs_file \ - search_fs_uuid search_label serial sleep tpm usb usbserial_common usbserial_ftdi usbserial_pl2303 \ - usbserial_usbdebug video xfs zstd) + minicmd normal ntfs ntfscomp part_apple part_gpt part_msdos png read reboot regexp search \ + search_fs_file search_fs_uuid search_label serial sleep tpm udf usb usbserial_common usbserial_ftdi \ + usbserial_pl2303 usbserial_usbdebug video xfs zstd) grub-mkstandalone -O x86_64-efi \ --modules="${grubmodules[*]}" \ --locales="en@quot" \ diff --git a/configs/baseline/grub/grub.cfg b/configs/baseline/grub/grub.cfg index 7d73fe6..d606b10 100644 --- a/configs/baseline/grub/grub.cfg +++ b/configs/baseline/grub/grub.cfg @@ -3,6 +3,10 @@ insmod part_gpt insmod part_msdos insmod fat insmod iso9660 +insmod ntfs +insmod ntfscomp +insmod exfat +insmod udf # Use graphics-mode output insmod all_video diff --git a/configs/releng/grub/grub.cfg b/configs/releng/grub/grub.cfg index ddd8af2..ddf71e7 100644 --- a/configs/releng/grub/grub.cfg +++ b/configs/releng/grub/grub.cfg @@ -3,6 +3,10 @@ insmod part_gpt insmod part_msdos insmod fat insmod iso9660 +insmod ntfs +insmod ntfscomp +insmod exfat +insmod udf # Use graphics-mode output insmod all_video From 0f34e4429a6d16d201c2568417cdc5ff79dd68dd Mon Sep 17 00:00:00 2001 From: nl6720 Date: Sat, 18 Jun 2022 11:01:49 +0300 Subject: [PATCH 030/145] configs/*/airootfs/etc/ssh/sshd_config: update to match 9.2p1-1 Update /etc/ssh/sshd_config to match changes made in https://github.com/archlinux/svntogit-packages/commit/42aa04744e96c5805b7aa3904636f8cbd781f682 and https://github.com/archlinux/svntogit-packages/commit/7166713c55002dac3c2b306fdc63e89a412083a6 The only modification remains `PermitRootLogin yes`. --- configs/baseline/airootfs/etc/ssh/sshd_config | 6 +++--- configs/releng/airootfs/etc/ssh/sshd_config | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/configs/baseline/airootfs/etc/ssh/sshd_config b/configs/baseline/airootfs/etc/ssh/sshd_config index 93f7d63..dc22c11 100644 --- a/configs/baseline/airootfs/etc/ssh/sshd_config +++ b/configs/baseline/airootfs/etc/ssh/sshd_config @@ -58,7 +58,7 @@ AuthorizedKeysFile .ssh/authorized_keys #PermitEmptyPasswords no # Change to no to disable s/key passwords -#KbdInteractiveAuthentication yes +KbdInteractiveAuthentication no # Kerberos options #KerberosAuthentication no @@ -75,7 +75,7 @@ AuthorizedKeysFile .ssh/authorized_keys # be allowed through the KbdInteractiveAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via KbdInteractiveAuthentication may bypass -# the setting of "PermitRootLogin without-password". +# the setting of "PermitRootLogin prohibit-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and KbdInteractiveAuthentication to 'no'. @@ -88,7 +88,7 @@ UsePAM yes #X11DisplayOffset 10 #X11UseLocalhost yes #PermitTTY yes -PrintMotd no # pam does that +PrintMotd no #PrintLastLog yes #TCPKeepAlive yes #PermitUserEnvironment no diff --git a/configs/releng/airootfs/etc/ssh/sshd_config b/configs/releng/airootfs/etc/ssh/sshd_config index 93f7d63..dc22c11 100644 --- a/configs/releng/airootfs/etc/ssh/sshd_config +++ b/configs/releng/airootfs/etc/ssh/sshd_config @@ -58,7 +58,7 @@ AuthorizedKeysFile .ssh/authorized_keys #PermitEmptyPasswords no # Change to no to disable s/key passwords -#KbdInteractiveAuthentication yes +KbdInteractiveAuthentication no # Kerberos options #KerberosAuthentication no @@ -75,7 +75,7 @@ AuthorizedKeysFile .ssh/authorized_keys # be allowed through the KbdInteractiveAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via KbdInteractiveAuthentication may bypass -# the setting of "PermitRootLogin without-password". +# the setting of "PermitRootLogin prohibit-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and KbdInteractiveAuthentication to 'no'. @@ -88,7 +88,7 @@ UsePAM yes #X11DisplayOffset 10 #X11UseLocalhost yes #PermitTTY yes -PrintMotd no # pam does that +PrintMotd no #PrintLastLog yes #TCPKeepAlive yes #PermitUserEnvironment no From 28d2bc11e3dc4a86667a8f5f379d8ac9c18c0a03 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Thu, 27 Oct 2022 11:04:42 +0300 Subject: [PATCH 031/145] mkarchiso: do not place memtest86+ in netboot artifacts Move memtest86+ to `/boot/memtest86+/` on ISO 9660. That directory is not copied to netboot artifact output. Netboot boot menu https://ipxe.archlinux.org/releng/netboot/archlinux.ipxe does not have entries for memtest and archiso-manager removes these files (not the EFI one, though) before uploading the release files anyway. --- CHANGELOG.rst | 2 ++ archiso/mkarchiso | 14 ++++++-------- configs/releng/grub/grub.cfg | 2 +- configs/releng/syslinux/archiso_tail.cfg | 2 +- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index e2dfa9e..2b0d90f 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -23,6 +23,8 @@ Changed Removed ------- +- Do not place memtest86+ in netboot artifacts. + [69] - 2022-12-24 ================= diff --git a/archiso/mkarchiso b/archiso/mkarchiso index c1a8c22..ce89642 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -471,11 +471,10 @@ _make_bootmode_bios.syslinux.mbr() { # Add other aditional/extra files to ${install_dir}/boot/ if [[ -e "${pacstrap_dir}/boot/memtest86+/memtest.bin" ]]; then + install -d -m 0755 -- "${isofs_dir}/boot/memtest86+/" # rename for PXE: https://wiki.archlinux.org/title/Syslinux#Using_memtest - install -m 0644 -- "${pacstrap_dir}/boot/memtest86+/memtest.bin" "${isofs_dir}/${install_dir}/boot/memtest" - install -d -m 0755 -- "${isofs_dir}/${install_dir}/boot/licenses/memtest86+/" - install -m 0644 -- "${pacstrap_dir}/usr/share/licenses/common/GPL2/license.txt" \ - "${isofs_dir}/${install_dir}/boot/licenses/memtest86+/" + install -m 0644 -- "${pacstrap_dir}/boot/memtest86+/memtest.bin" "${isofs_dir}/boot/memtest86+/memtest" + install -m 0644 -- "${pacstrap_dir}/usr/share/licenses/common/GPL2/license.txt" "${isofs_dir}/boot/memtest86+/" fi _msg_info "Done! SYSLINUX set up for BIOS booting from a disk successfully." } @@ -722,10 +721,9 @@ _make_bootmode_uefi-x64.grub.esp() { # Add other aditional/extra files to ${install_dir}/boot/ if [[ -e "${pacstrap_dir}/boot/memtest86+/memtest.efi" ]]; then - install -m 0644 -- "${pacstrap_dir}/boot/memtest86+/memtest.efi" "${isofs_dir}/${install_dir}/boot/memtest.efi" - install -d -m 0755 -- "${isofs_dir}/${install_dir}/boot/licenses/memtest86+/" - install -m 0644 -- "${pacstrap_dir}/usr/share/licenses/common/GPL2/license.txt" \ - "${isofs_dir}/${install_dir}/boot/licenses/memtest86+/" + install -d -m 0755 -- "${isofs_dir}/boot/memtest86+/" + install -m 0644 -- "${pacstrap_dir}/boot/memtest86+/memtest.efi" "${isofs_dir}/boot/memtest86+/memtest.efi" + install -m 0644 -- "${pacstrap_dir}/usr/share/licenses/common/GPL2/license.txt" "${isofs_dir}/boot/memtest86+/" fi _msg_info "Done! GRUB set up for UEFI booting successfully." diff --git a/configs/releng/grub/grub.cfg b/configs/releng/grub/grub.cfg index ddf71e7..eb45a00 100644 --- a/configs/releng/grub/grub.cfg +++ b/configs/releng/grub/grub.cfg @@ -55,7 +55,7 @@ if [ "${grub_platform}" == "efi" ]; then if [ "${grub_cpu}" == "x86_64" ]; then menuentry "Run Memtest86+ (RAM test)" --class memtest86 --class gnu --class tool { set gfxpayload=800x600,1024x768 - linux /%INSTALL_DIR%/boot/memtest.efi + linux /boot/memtest86+/memtest.efi } menuentry "UEFI Shell" { insmod chain diff --git a/configs/releng/syslinux/archiso_tail.cfg b/configs/releng/syslinux/archiso_tail.cfg index dcbb413..e84897c 100644 --- a/configs/releng/syslinux/archiso_tail.cfg +++ b/configs/releng/syslinux/archiso_tail.cfg @@ -10,7 +10,7 @@ APPEND hd0 0 # https://www.memtest.org/ LABEL memtest MENU LABEL Run Memtest86+ (RAM test) -LINUX /%INSTALL_DIR%/boot/memtest +LINUX /boot/memtest86+/memtest # https://wiki.syslinux.org/wiki/index.php/Hdt_(Hardware_Detection_Tool) LABEL hdt From 7c6f266ec94e3eff23466ed8d0c45e4bee0ddae4 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Sat, 28 Jan 2023 20:54:32 +0200 Subject: [PATCH 032/145] configs/*/profiledef.sh: honor SOURCE_DATE_EPOCH Ensure the **correct** date is used in `iso_label` and `iso_version`. --- CHANGELOG.rst | 1 + configs/baseline/profiledef.sh | 4 ++-- configs/releng/profiledef.sh | 4 ++-- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 2b0d90f..d55c15d 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -19,6 +19,7 @@ Changed - Identify the ISO volume via a UUID instead of a file system label to avoid collisions of multiple ISOs created in the same month. +- Honor ``SOURCE_DATE_EPOCH`` in the ``date`` command used by ``profiledef.sh`` of the shipped profiles. Removed ------- diff --git a/configs/baseline/profiledef.sh b/configs/baseline/profiledef.sh index ed486ca..63acce1 100644 --- a/configs/baseline/profiledef.sh +++ b/configs/baseline/profiledef.sh @@ -2,10 +2,10 @@ # shellcheck disable=SC2034 iso_name="archlinux-baseline" -iso_label="ARCH_$(date +%Y%m)" +iso_label="ARCH_$(date --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +%Y%m)" iso_publisher="Arch Linux " iso_application="Arch Linux baseline" -iso_version="$(date +%Y.%m.%d)" +iso_version="$(date --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +%Y.%m.%d)" install_dir="arch" buildmodes=('iso') bootmodes=('bios.syslinux.mbr' 'bios.syslinux.eltorito' diff --git a/configs/releng/profiledef.sh b/configs/releng/profiledef.sh index 4b4e68c..4154816 100644 --- a/configs/releng/profiledef.sh +++ b/configs/releng/profiledef.sh @@ -2,10 +2,10 @@ # shellcheck disable=SC2034 iso_name="archlinux" -iso_label="ARCH_$(date +%Y%m)" +iso_label="ARCH_$(date --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +%Y%m)" iso_publisher="Arch Linux " iso_application="Arch Linux Live/Rescue CD" -iso_version="$(date +%Y.%m.%d)" +iso_version="$(date --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +%Y.%m.%d)" install_dir="arch" buildmodes=('iso') bootmodes=('bios.syslinux.mbr' 'bios.syslinux.eltorito' From 40e09767f0cea7c4a94af98504e9c936f1dd7720 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Wed, 25 Jan 2023 23:05:48 +0200 Subject: [PATCH 033/145] mkarchiso: add more details to the comment in grub-embed.cfg Link to the upstream issue report. --- archiso/mkarchiso | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index ce89642..c116a27 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -590,10 +590,13 @@ _make_common_bootmode_grub_cfg(){ efiboot_files+=("${work_dir}/grub/" "${profile}/grub/"!(*.cfg)) + # Prepare grub.cfg that will be embedded inside the GRUB binaries IFS='' read -r -d '' grubembedcfg <<'EOF' || true if ! [ -d "$cmdpath" ]; then - # On some firmware, GRUB has a wrong cmdpath when booted from an optical disc. - # https://gitlab.archlinux.org/archlinux/archiso/-/issues/183 + # On some firmware, GRUB has a wrong cmdpath when booted from an optical disc. During El Torito boot, GRUB is + # launched from a case-insensitive FAT-formatted EFI system partition, but it seemingly cannot access that partition + # and sets cmdpath to the whole cd# device which has case-sensitive ISO 9660 + Rock Ridge + Joliet file systems. + # See https://gitlab.archlinux.org/archlinux/archiso/-/issues/183 and https://savannah.gnu.org/bugs/?62886 if regexp --set=1:isodevice '^(\([^)]+\))\/?[Ee][Ff][Ii]\/[Bb][Oo][Oo][Tt]\/?$' "$cmdpath"; then cmdpath="${isodevice}/EFI/BOOT" fi From f5ade898f9cb0de1f6fb01fcef088d8a6b56de7d Mon Sep 17 00:00:00 2001 From: nl6720 Date: Sat, 28 Jan 2023 13:08:49 +0200 Subject: [PATCH 034/145] Do not duplicate grub.cfg in efiboot.img Instruct the embeded grub.cfg to search for a volume with a `/.disk/%UUID_SEARCH_FILENAME%.uuid` file and load `/EFI/BOOT/grub.cfg` from it. This avoid duplicating GRUB configuration files in two places (ISO 9660 and FAT) and ensures there is no confusion about which is the _correct_ configuration file. Since nothing besides EFI binaries is copied to `efibootimg`, the `_make_common_bootmode_grub_copy_to_efibootimg` function is removed. Fixes #208 --- CHANGELOG.rst | 2 ++ archiso/mkarchiso | 54 +++++++++++++++++++++++++++++------------------ 2 files changed, 36 insertions(+), 20 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index d55c15d..e00ebcb 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -20,6 +20,8 @@ Changed - Identify the ISO volume via a UUID instead of a file system label to avoid collisions of multiple ISOs created in the same month. - Honor ``SOURCE_DATE_EPOCH`` in the ``date`` command used by ``profiledef.sh`` of the shipped profiles. +- Do not duplicate ``grub.cfg`` in both ISO 9660 and the EFI system partition / El Torito image. GRUB will search for + the ISO volume and load the ``grub.cfg`` from there. Removed ------- diff --git a/archiso/mkarchiso b/archiso/mkarchiso index c116a27..00c974e 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -544,18 +544,7 @@ _make_efibootimg() { mmd -i "${efibootimg}" ::/EFI ::/EFI/BOOT } -# Copy GRUB files to efiboot.img which is used by both IA32 UEFI and x64 UEFI. -_make_common_bootmode_grub_copy_to_efibootimg() { - local files_to_copy=() - - files_to_copy+=("${work_dir}/grub/"*) - if compgen -G "${profile}/grub/!(*.cfg)" &> /dev/null; then - files_to_copy+=("${profile}/grub/"!(*.cfg)) - fi - mcopy -i "${efibootimg}" "${files_to_copy[@]}" ::/EFI/BOOT/ -} - -# Copy GRUB files to efiboot.img which is used by both IA32 UEFI and x64 UEFI. +# Copy GRUB files to ISO 9660 which is used by both IA32 UEFI and x64 UEFI _make_common_bootmode_grub_copy_to_isofs() { local files_to_copy=() @@ -563,6 +552,7 @@ _make_common_bootmode_grub_copy_to_isofs() { if compgen -G "${profile}/grub/!(*.cfg)" &> /dev/null; then files_to_copy+=("${profile}/grub/"!(*.cfg)) fi + install -d -m 0755 -- "${isofs_dir}/EFI/BOOT" install -m 0644 -- "${files_to_copy[@]}" "${isofs_dir}/EFI/BOOT/" } @@ -586,9 +576,6 @@ _make_common_bootmode_grub_cfg(){ s|%UUID_SEARCH_FILENAME%|${uuid_search_filename}|g" \ "${_cfg}" > "${work_dir}/grub/${_cfg##*/}" done - # Add all GRUB files to the list of files used to calculate the required FAT image size. - efiboot_files+=("${work_dir}/grub/" - "${profile}/grub/"!(*.cfg)) # Prepare grub.cfg that will be embedded inside the GRUB binaries IFS='' read -r -d '' grubembedcfg <<'EOF' || true @@ -597,12 +584,39 @@ if ! [ -d "$cmdpath" ]; then # launched from a case-insensitive FAT-formatted EFI system partition, but it seemingly cannot access that partition # and sets cmdpath to the whole cd# device which has case-sensitive ISO 9660 + Rock Ridge + Joliet file systems. # See https://gitlab.archlinux.org/archlinux/archiso/-/issues/183 and https://savannah.gnu.org/bugs/?62886 - if regexp --set=1:isodevice '^(\([^)]+\))\/?[Ee][Ff][Ii]\/[Bb][Oo][Oo][Tt]\/?$' "$cmdpath"; then - cmdpath="${isodevice}/EFI/BOOT" + if regexp --set=1:archiso_bootdevice '^\(([^)]+)\)\/?[Ee][Ff][Ii]\/[Bb][Oo][Oo][Tt]\/?$' "${cmdpath}"; then + set cmdpath="(${archiso_bootdevice})/EFI/BOOT" + set ARCHISO_HINT="${archiso_bootdevice}" fi fi -configfile "${cmdpath}/grub.cfg" + +# Prepare a hint for the search command using the device in cmdpath +if [ -z "${ARCHISO_HINT}" ]; then + regexp --set=1:ARCHISO_HINT '^\(([^)]+)\)' "${cmdpath}" +fi + +# Search for the ISO volume +if search --no-floppy --set=archiso_device --file '/.disk/%UUID_SEARCH_FILENAME%.uuid' --hint "${ARCHISO_HINT}"; then + set ARCHISO_HINT="${archiso_device}" + if probe --set ARCHISO_UUID --fs-uuid "${ARCHISO_HINT}"; then + export ARCHISO_UUID + fi +else + echo "Could not find a volume with a '/.disk/%UUID_SEARCH_FILENAME%.uuid' file on it!" +fi + +# Load grub.cfg +if [ "${ARCHISO_HINT}" == 'memdisk' -o -z "${ARCHISO_HINT}" ]; then + echo 'Could not find the ISO volume!' +elif [ -e "(${ARCHISO_HINT})/EFI/BOOT/grub.cfg" ]; then + export ARCHISO_HINT + set root="${ARCHISO_HINT}" + configfile "(${ARCHISO_HINT})/EFI/BOOT/grub.cfg" +else + echo "File '(${ARCHISO_HINT})/EFI/BOOT/grub.cfg' not found!" +fi EOF + grubembedcfg="${grubembedcfg//'%UUID_SEARCH_FILENAME%'/"${uuid_search_filename}"}" printf '%s\n' "$grubembedcfg" > "${work_dir}/grub-embed.cfg" } @@ -645,7 +659,7 @@ _make_bootmode_uefi-ia32.grub.esp() { mcopy -i "${efibootimg}" "${work_dir}/BOOTIA32.EFI" ::/EFI/BOOT/BOOTIA32.EFI # Copy GRUB files - _run_once _make_common_bootmode_grub_copy_to_efibootimg + _run_once _make_common_bootmode_grub_copy_to_isofs if [[ -e "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi" ]]; then mcopy -i "${efibootimg}" "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi" ::/shellia32.efi @@ -716,7 +730,7 @@ _make_bootmode_uefi-x64.grub.esp() { mcopy -i "${efibootimg}" "${work_dir}/BOOTx64.EFI" ::/EFI/BOOT/BOOTx64.EFI # Copy GRUB files - _run_once _make_common_bootmode_grub_copy_to_efibootimg + _run_once _make_common_bootmode_grub_copy_to_isofs if [[ -e "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" ]]; then mcopy -i "${efibootimg}" "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" ::/shellx64.efi From b94d7c4ce5afdec032835378a7f6c564aecb05ed Mon Sep 17 00:00:00 2001 From: nl6720 Date: Sat, 28 Jan 2023 13:22:42 +0200 Subject: [PATCH 035/145] Move grub files from /EFI/BOOT/ to /boot/grub/ on ISO 9660 Move the location of GRUB files so that there is boot-platform (BIOS vs EFI) neutral place for GRUB-specific files (e.g. configuration files, background images, etc.). The EFI binaries are obviosly staying in the default/fallback boot path `/EFI/BOOT/BOOT*.EFI`, otherwise there will be no UEFI booting. The /boot/grub/ directory will be used to store BIOS (i386-pc) GRUB bootsector images, if we get to that. It is also a requirement for implementing `loopback.cfg` support, since the file's path must be `/boot/grub/loopback.cfg`. Implements #206 --- CHANGELOG.rst | 2 ++ archiso/mkarchiso | 10 +++++----- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index e00ebcb..da1c9ea 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -22,6 +22,8 @@ Changed - Honor ``SOURCE_DATE_EPOCH`` in the ``date`` command used by ``profiledef.sh`` of the shipped profiles. - Do not duplicate ``grub.cfg`` in both ISO 9660 and the EFI system partition / El Torito image. GRUB will search for the ISO volume and load the ``grub.cfg`` from there. +- Moved GRUB files on ISO 9660 from ``/EFI/BOOT/`` to a boot-platform neutral place ``/boot/grub/``. This does not apply + to the EFI binaries that remain in the default/fallback boot path. Removed ------- diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 00c974e..9acba1a 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -552,8 +552,8 @@ _make_common_bootmode_grub_copy_to_isofs() { if compgen -G "${profile}/grub/!(*.cfg)" &> /dev/null; then files_to_copy+=("${profile}/grub/"!(*.cfg)) fi - install -d -m 0755 -- "${isofs_dir}/EFI/BOOT" - install -m 0644 -- "${files_to_copy[@]}" "${isofs_dir}/EFI/BOOT/" + install -d -m 0755 -- "${isofs_dir}/boot/grub" + install -m 0644 -- "${files_to_copy[@]}" "${isofs_dir}/boot/grub/" } # Prepare GRUB configuration files @@ -608,12 +608,12 @@ fi # Load grub.cfg if [ "${ARCHISO_HINT}" == 'memdisk' -o -z "${ARCHISO_HINT}" ]; then echo 'Could not find the ISO volume!' -elif [ -e "(${ARCHISO_HINT})/EFI/BOOT/grub.cfg" ]; then +elif [ -e "(${ARCHISO_HINT})/boot/grub/grub.cfg" ]; then export ARCHISO_HINT set root="${ARCHISO_HINT}" - configfile "(${ARCHISO_HINT})/EFI/BOOT/grub.cfg" + configfile "(${ARCHISO_HINT})/boot/grub/grub.cfg" else - echo "File '(${ARCHISO_HINT})/EFI/BOOT/grub.cfg' not found!" + echo "File '(${ARCHISO_HINT})/boot/grub/grub.cfg' not found!" fi EOF grubembedcfg="${grubembedcfg//'%UUID_SEARCH_FILENAME%'/"${uuid_search_filename}"}" From f7502001b0e538bd443cb7ab82539f5aaa7afddb Mon Sep 17 00:00:00 2001 From: nl6720 Date: Sat, 28 Jan 2023 14:04:15 +0200 Subject: [PATCH 036/145] configs/*/grub/grub.cfg: reuse ARCHISO_HINT and ARCHISO_UUID passed from the embedded grub.cfg The `grub.cfg` embedded in the GRUB binaries already sets `ARCHISO_HINT` and `ARCHISO_UUID` in most cases. To avoid performing the same searches multiple times, use the existing variables. --- configs/baseline/grub/grub.cfg | 10 +++++++--- configs/releng/grub/grub.cfg | 10 +++++++--- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/configs/baseline/grub/grub.cfg b/configs/baseline/grub/grub.cfg index d606b10..e855ea9 100644 --- a/configs/baseline/grub/grub.cfg +++ b/configs/baseline/grub/grub.cfg @@ -25,9 +25,13 @@ if serial --unit=0 --speed=115200; then fi # Search for the ISO volume -regexp --set=1:ARCHISO_HINT '^\(([^)]+)\)' "${cmdpath}" -search --no-floppy --set=root --file '/.disk/%UUID_SEARCH_FILENAME%.uuid' --hint "${ARCHISO_HINT}" -probe --set ARCHISO_UUID --fs-uuid "${root}" +if [ -z "${ARCHISO_UUID}" ]; then + if [ -z "${ARCHISO_HINT}" ]; then + regexp --set=1:ARCHISO_HINT '^\(([^)]+)\)' "${cmdpath}" + fi + search --no-floppy --set=root --file '/.disk/%UUID_SEARCH_FILENAME%.uuid' --hint "${ARCHISO_HINT}" + probe --set ARCHISO_UUID --fs-uuid "${root}" +fi # Set default menu entry default=archlinux diff --git a/configs/releng/grub/grub.cfg b/configs/releng/grub/grub.cfg index eb45a00..88a5d60 100644 --- a/configs/releng/grub/grub.cfg +++ b/configs/releng/grub/grub.cfg @@ -25,9 +25,13 @@ if serial --unit=0 --speed=115200; then fi # Search for the ISO volume -regexp --set=1:ARCHISO_HINT '^\(([^)]+)\)' "${cmdpath}" -search --no-floppy --set=root --file '/.disk/%UUID_SEARCH_FILENAME%.uuid' --hint "${ARCHISO_HINT}" -probe --set ARCHISO_UUID --fs-uuid "${root}" +if [ -z "${ARCHISO_UUID}" ]; then + if [ -z "${ARCHISO_HINT}" ]; then + regexp --set=1:ARCHISO_HINT '^\(([^)]+)\)' "${cmdpath}" + fi + search --no-floppy --set=root --file '/.disk/%UUID_SEARCH_FILENAME%.uuid' --hint "${ARCHISO_HINT}" + probe --set ARCHISO_UUID --fs-uuid "${root}" +fi # Set default menu entry default=archlinux From d96a3569957906eb95a76e302cf75da250cd8337 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Sat, 28 Jan 2023 13:57:36 +0200 Subject: [PATCH 037/145] mkarchiso: write grubenv in _make_common_bootmode_grub_cfg Add all variables that we replace with values in configuration files. Keep `${isofs_dir}/${install_dir}/grubenv` with fewer variables for backwards compatibility. It will be removed in the future. --- CHANGELOG.rst | 3 +++ README.rst | 2 +- archiso/mkarchiso | 22 ++++++++++++++++++++++ 3 files changed, 26 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index da1c9ea..0196770 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -24,6 +24,9 @@ Changed the ISO volume and load the ``grub.cfg`` from there. - Moved GRUB files on ISO 9660 from ``/EFI/BOOT/`` to a boot-platform neutral place ``/boot/grub/``. This does not apply to the EFI binaries that remain in the default/fallback boot path. +- Move ``grubenv`` to ``/boot/grub/grubenv`` on ISO 9660 so that it is together with the rest of GRUB-specific files. + Additionally write more variables in it. The previous ``/${install_dir}/grubenv`` (``/arch/grubenv`` for releng) + is deprecated and a future archiso release will not create this file anymore. Removed ------- diff --git a/README.rst b/README.rst index 51cb600..5a544c5 100644 --- a/README.rst +++ b/README.rst @@ -129,7 +129,7 @@ boot the iso image from GRUB with a version specific cow directory to mitigate o .. code:: sh loopback loop archlinux.iso - load_env -f (loop)/arch/grubenv + load_env -f (loop)/boot/grub/grubenv linux (loop)/arch/boot/x86_64/vmlinuz-linux ... \ cow_directory=${NAME}/${VERSION} ... initrd (loop)/arch/boot/x86_64/initramfs-linux-lts.img diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 9acba1a..0ffe0ca 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -618,6 +618,18 @@ fi EOF grubembedcfg="${grubembedcfg//'%UUID_SEARCH_FILENAME%'/"${uuid_search_filename}"}" printf '%s\n' "$grubembedcfg" > "${work_dir}/grub-embed.cfg" + + # Write grubenv + printf '%.1024s' \ + "$(printf '# GRUB Environment Block\nNAME=%s\nVERSION=%s\nARCHISO_LABEL=%s\nINSTALL_DIR=%s\nARCH=%s\nUUID_SEARCH_FILENAME=%s\n%s' \ + "${iso_name}" \ + "${iso_version}" \ + "${iso_label}" \ + "${install_dir}" \ + "${arch}" \ + "${uuid_search_filename}" \ + "$(printf '%0.1s' "#"{1..1024})")" \ + > "${work_dir}/grub/grubenv" } _make_bootmode_uefi-ia32.grub.esp() { @@ -1067,6 +1079,10 @@ _export_netboot_artifacts() { _msg_info "Exporting netboot artifacts..." install -d -m 0755 "${out_dir}" cp -a -- "${isofs_dir}/${install_dir}/" "${out_dir}/" + + # Remove grubenv since it serves no purpose in netboot artifacts + rm -f -- "${out_dir}/${install_dir}/grubenv" + _msg_info "Done!" du -hs -- "${out_dir}/${install_dir}" } @@ -1663,7 +1679,13 @@ _make_version() { install -d -m 0755 -- "${isofs_dir}/${install_dir}" # Write version file to ISO 9660 printf '%s\n' "${iso_version}" > "${isofs_dir}/${install_dir}/version" + + fi + if [[ "${buildmode}" == "iso" ]]; then # Write grubenv with version information to ISO 9660 + # TODO: after sufficient time has passed, do not create this file anymore when GRUB boot modes are used. + # _make_common_bootmode_grub_cfg already creates ${isofs_dir}/boot/grub/grubenv + rm -f -- "${isofs_dir}/${install_dir}/grubenv" printf '%.1024s' "$(printf '# GRUB Environment Block\nNAME=%s\nVERSION=%s\n%s' \ "${iso_name}" "${iso_version}" "$(printf '%0.1s' "#"{1..1024})")" \ > "${isofs_dir}/${install_dir}/grubenv" From c8474f8dbe2df8fa9af11e4b3d0bde24bb8b54f9 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Thu, 9 Feb 2023 11:16:52 +0200 Subject: [PATCH 038/145] Move the .uuid file to /boot/grub/YYYY-mm-dd-HH-MM-SS-00.uuid To prevent the file from being accidentally missed when someone copies the ISO's contents, let's not place it in a directory that starts with a dot. Since all GRUB related files are in /boot/grub/, put it there too. Instead of using a more unique UUID for the file name, use `YYYY-mm-dd-HH-MM-SS-00.uuid` which matches the ISO's modification date in UTC,i.e. its "UUID". If multiple ISOs would be generated in the exact same second, the ISO 9660 modification date (i.e. its "UUID") would be the same, so there would be not way to distinguish between the volumes anyway. This also makes the file look less suspicious to the casual glance. --- CHANGELOG.rst | 2 +- archiso/mkarchiso | 28 +++++++++++++++------------- configs/baseline/grub/grub.cfg | 2 +- configs/releng/grub/grub.cfg | 2 +- 4 files changed, 18 insertions(+), 16 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 0196770..7a83622 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -10,7 +10,7 @@ Added - Support *file system transposition* to simplify boot medium preparation for UEFI boot via extracting the ISO image contents to a drive. ``grub.cfg`` does not hardcode the ISO volume label anymore, instead GRUB will search for volume - with a ``/.disk/%UUID_SEARCH_FILENAME%.uuid`` file on it. + with a ``/boot/grub/YYYY-mm-dd-HH-MM-SS-00.uuid`` file on it. - Preload GRUB's NTFS modules for UEFI that allegedly have native NTFS support. GRUB's exFAT and UDF modules are also preloaded in case someone finds them useful. diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 0ffe0ca..a543280 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -558,22 +558,24 @@ _make_common_bootmode_grub_copy_to_isofs() { # Prepare GRUB configuration files _make_common_bootmode_grub_cfg(){ - local _cfg uuid_search_filename - - # Create a .uuid file and place it in /.disk/ on ISO 9660 to provide a way for GRUB to search for the volume - uuid_search_filename="$(uuidgen --sha1 --namespace 93a870ff-8565-4cf3-a67b-f47299271a96 \ - --name "${SOURCE_DATE_EPOCH} disk search UUID")" - install -d -m 0755 -- "${isofs_dir}/.disk" - : > "${isofs_dir}/.disk/${uuid_search_filename}.uuid" + local _cfg archiso_uuid search_filename install -d -- "${work_dir}/grub" + # Precalculate the ISO's modification date in UTC, i.e. its "UUID" + TZ=UTC printf -v archiso_uuid '%(%F-%H-%M-%S-00)T' "$SOURCE_DATE_EPOCH" + # Create a /boot/grub/YYYY-mm-dd-HH-MM-SS-00.uuid file on ISO 9660. GRUB will search for it to find the ISO + # volume. This is similar to what grub-mkrescue does, except it places the file in /.disk/, but we opt to use a + # directory that does not start with a dot to avoid it being accidentally missed when copying the ISO's contents. + : > "${work_dir}/grub/${archiso_uuid}.uuid" + search_filename="/boot/grub/${archiso_uuid}.uuid" + # Fill GRUB configuration files for _cfg in "${profile}/grub/"*'.cfg'; do sed "s|%ARCHISO_LABEL%|${iso_label}|g; s|%INSTALL_DIR%|${install_dir}|g; s|%ARCH%|${arch}|g; - s|%UUID_SEARCH_FILENAME%|${uuid_search_filename}|g" \ + s|%ARCHISO_SEARCH_FILENAME%|${search_filename}|g" \ "${_cfg}" > "${work_dir}/grub/${_cfg##*/}" done @@ -596,13 +598,13 @@ if [ -z "${ARCHISO_HINT}" ]; then fi # Search for the ISO volume -if search --no-floppy --set=archiso_device --file '/.disk/%UUID_SEARCH_FILENAME%.uuid' --hint "${ARCHISO_HINT}"; then +if search --no-floppy --set=archiso_device --file '%ARCHISO_SEARCH_FILENAME%' --hint "${ARCHISO_HINT}"; then set ARCHISO_HINT="${archiso_device}" if probe --set ARCHISO_UUID --fs-uuid "${ARCHISO_HINT}"; then export ARCHISO_UUID fi else - echo "Could not find a volume with a '/.disk/%UUID_SEARCH_FILENAME%.uuid' file on it!" + echo "Could not find a volume with a '%ARCHISO_SEARCH_FILENAME%' file on it!" fi # Load grub.cfg @@ -616,18 +618,18 @@ else echo "File '(${ARCHISO_HINT})/boot/grub/grub.cfg' not found!" fi EOF - grubembedcfg="${grubembedcfg//'%UUID_SEARCH_FILENAME%'/"${uuid_search_filename}"}" + grubembedcfg="${grubembedcfg//'%ARCHISO_SEARCH_FILENAME%'/"${search_filename}"}" printf '%s\n' "$grubembedcfg" > "${work_dir}/grub-embed.cfg" # Write grubenv printf '%.1024s' \ - "$(printf '# GRUB Environment Block\nNAME=%s\nVERSION=%s\nARCHISO_LABEL=%s\nINSTALL_DIR=%s\nARCH=%s\nUUID_SEARCH_FILENAME=%s\n%s' \ + "$(printf '# GRUB Environment Block\nNAME=%s\nVERSION=%s\nARCHISO_LABEL=%s\nINSTALL_DIR=%s\nARCH=%s\nARCHISO_SEARCH_FILENAME=%s\n%s' \ "${iso_name}" \ "${iso_version}" \ "${iso_label}" \ "${install_dir}" \ "${arch}" \ - "${uuid_search_filename}" \ + "${search_filename}" \ "$(printf '%0.1s' "#"{1..1024})")" \ > "${work_dir}/grub/grubenv" } diff --git a/configs/baseline/grub/grub.cfg b/configs/baseline/grub/grub.cfg index e855ea9..13043b3 100644 --- a/configs/baseline/grub/grub.cfg +++ b/configs/baseline/grub/grub.cfg @@ -29,7 +29,7 @@ if [ -z "${ARCHISO_UUID}" ]; then if [ -z "${ARCHISO_HINT}" ]; then regexp --set=1:ARCHISO_HINT '^\(([^)]+)\)' "${cmdpath}" fi - search --no-floppy --set=root --file '/.disk/%UUID_SEARCH_FILENAME%.uuid' --hint "${ARCHISO_HINT}" + search --no-floppy --set=root --file '%ARCHISO_SEARCH_FILENAME%' --hint "${ARCHISO_HINT}" probe --set ARCHISO_UUID --fs-uuid "${root}" fi diff --git a/configs/releng/grub/grub.cfg b/configs/releng/grub/grub.cfg index 88a5d60..c4478e8 100644 --- a/configs/releng/grub/grub.cfg +++ b/configs/releng/grub/grub.cfg @@ -29,7 +29,7 @@ if [ -z "${ARCHISO_UUID}" ]; then if [ -z "${ARCHISO_HINT}" ]; then regexp --set=1:ARCHISO_HINT '^\(([^)]+)\)' "${cmdpath}" fi - search --no-floppy --set=root --file '/.disk/%UUID_SEARCH_FILENAME%.uuid' --hint "${ARCHISO_HINT}" + search --no-floppy --set=root --file '%ARCHISO_SEARCH_FILENAME%' --hint "${ARCHISO_HINT}" probe --set ARCHISO_UUID --fs-uuid "${root}" fi From a0941539c01951031ac199413d7107d942200b23 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Thu, 26 Jan 2023 16:21:24 +0200 Subject: [PATCH 039/145] Move SYSLINUX directory from /syslinux/ to /boot/syslinux/ This allows to reduce the number of top-level directories by one and matches with the GRUB directory move. Most boot loader related things will now be in the /boot/ directory. Fixes #207 --- CHANGELOG.rst | 1 + archiso/mkarchiso | 32 ++++++++++++++++---------------- 2 files changed, 17 insertions(+), 16 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 7a83622..2b58b21 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -27,6 +27,7 @@ Changed - Move ``grubenv`` to ``/boot/grub/grubenv`` on ISO 9660 so that it is together with the rest of GRUB-specific files. Additionally write more variables in it. The previous ``/${install_dir}/grubenv`` (``/arch/grubenv`` for releng) is deprecated and a future archiso release will not create this file anymore. +- Moved syslinux directory from ``/syslinux/`` to ``/boot/syslinux/`` to keep most boot loader files in ``/boot/``. Removed ------- diff --git a/archiso/mkarchiso b/archiso/mkarchiso index a543280..e0806bd 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -443,30 +443,30 @@ _make_boot_on_iso9660() { # Prepare syslinux for booting from MBR (isohybrid) _make_bootmode_bios.syslinux.mbr() { _msg_info "Setting up SYSLINUX for BIOS booting from a disk..." - install -d -m 0755 -- "${isofs_dir}/syslinux" + install -d -m 0755 -- "${isofs_dir}/boot/syslinux" for _cfg in "${profile}/syslinux/"*.cfg; do sed "s|%ARCHISO_LABEL%|${iso_label}|g; s|%INSTALL_DIR%|${install_dir}|g; s|%ARCH%|${arch}|g" \ - "${_cfg}" > "${isofs_dir}/syslinux/${_cfg##*/}" + "${_cfg}" > "${isofs_dir}/boot/syslinux/${_cfg##*/}" done if [[ -e "${profile}/syslinux/splash.png" ]]; then - install -m 0644 -- "${profile}/syslinux/splash.png" "${isofs_dir}/syslinux/" + install -m 0644 -- "${profile}/syslinux/splash.png" "${isofs_dir}/boot/syslinux/" fi - install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/"*.c32 "${isofs_dir}/syslinux/" - install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/lpxelinux.0" "${isofs_dir}/syslinux/" - install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/memdisk" "${isofs_dir}/syslinux/" + install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/"*.c32 "${isofs_dir}/boot/syslinux/" + install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/lpxelinux.0" "${isofs_dir}/boot/syslinux/" + install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/memdisk" "${isofs_dir}/boot/syslinux/" _run_once _make_boot_on_iso9660 - if [[ -e "${isofs_dir}/syslinux/hdt.c32" ]]; then - install -d -m 0755 -- "${isofs_dir}/syslinux/hdt" + if [[ -e "${isofs_dir}/boot/syslinux/hdt.c32" ]]; then + install -d -m 0755 -- "${isofs_dir}/boot/syslinux/hdt" if [[ -e "${pacstrap_dir}/usr/share/hwdata/pci.ids" ]]; then gzip -cn9 "${pacstrap_dir}/usr/share/hwdata/pci.ids" > \ - "${isofs_dir}/syslinux/hdt/pciids.gz" + "${isofs_dir}/boot/syslinux/hdt/pciids.gz" fi find "${pacstrap_dir}/usr/lib/modules" -name 'modules.alias' -print -exec gzip -cn9 '{}' ';' -quit > \ - "${isofs_dir}/syslinux/hdt/modalias.gz" + "${isofs_dir}/boot/syslinux/hdt/modalias.gz" fi # Add other aditional/extra files to ${install_dir}/boot/ @@ -482,9 +482,9 @@ _make_bootmode_bios.syslinux.mbr() { # Prepare syslinux for El-Torito booting _make_bootmode_bios.syslinux.eltorito() { _msg_info "Setting up SYSLINUX for BIOS booting from an optical disc..." - install -d -m 0755 -- "${isofs_dir}/syslinux" - install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/isolinux.bin" "${isofs_dir}/syslinux/" - install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/isohdpfx.bin" "${isofs_dir}/syslinux/" + install -d -m 0755 -- "${isofs_dir}/boot/syslinux" + install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/isolinux.bin" "${isofs_dir}/boot/syslinux/" + install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/isohdpfx.bin" "${isofs_dir}/boot/syslinux/" # ISOLINUX and SYSLINUX installation is shared _run_once _make_bootmode_bios.syslinux.mbr @@ -1288,9 +1288,9 @@ _validate_requirements_buildmode_netboot() { _add_xorrisofs_options_bios.syslinux.eltorito() { xorrisofs_options+=( # El Torito boot image for x86 BIOS - '-eltorito-boot' 'syslinux/isolinux.bin' + '-eltorito-boot' 'boot/syslinux/isolinux.bin' # El Torito boot catalog file - '-eltorito-catalog' 'syslinux/boot.cat' + '-eltorito-catalog' 'boot/syslinux/boot.cat' # Required options to boot with ISOLINUX '-no-emul-boot' '-boot-load-size' '4' '-boot-info-table' ) @@ -1300,7 +1300,7 @@ _add_xorrisofs_options_bios.syslinux.eltorito() { _add_xorrisofs_options_bios.syslinux.mbr() { xorrisofs_options+=( # SYSLINUX MBR bootstrap code; does not work without "-eltorito-boot syslinux/isolinux.bin" - '-isohybrid-mbr' "${isofs_dir}/syslinux/isohdpfx.bin" + '-isohybrid-mbr' "${isofs_dir}/boot/syslinux/isohdpfx.bin" # When GPT is used, create an additional partition in the MBR (besides 0xEE) for sectors 0–1 (MBR # bootstrap code area) and mark it as bootable # May allow booting on some systems From 04d439d1b74b03880fda807246aa147ec71791c7 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Sat, 18 Feb 2023 10:52:08 +0200 Subject: [PATCH 040/145] Rename docs/README.transfer to docs/README.transfer.rst --- docs/{README.transfer => README.transfer.rst} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename docs/{README.transfer => README.transfer.rst} (100%) diff --git a/docs/README.transfer b/docs/README.transfer.rst similarity index 100% rename from docs/README.transfer rename to docs/README.transfer.rst From 1da743cc4ea0dc344e46d3f760ccdfec5c9baecf Mon Sep 17 00:00:00 2001 From: nl6720 Date: Sat, 18 Feb 2023 12:39:27 +0200 Subject: [PATCH 041/145] README.transfer.rst: update instructions Convert the file to reStructuredText markup. Fixes #39. Rewrite the instructions where possible or otherwise update them. E.g. fix the changed boot loader paths, etc. The "Manual formatting (BIOS only)", previosly "PC-BIOS (ISOHYBRID-MBR)", method is not tested and it is not clear if it still even works. --- CHANGELOG.rst | 1 + docs/README.transfer.rst | 212 ++++++++++++++++++++++----------------- 2 files changed, 123 insertions(+), 90 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 2b58b21..d6bca3a 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -28,6 +28,7 @@ Changed Additionally write more variables in it. The previous ``/${install_dir}/grubenv`` (``/arch/grubenv`` for releng) is deprecated and a future archiso release will not create this file anymore. - Moved syslinux directory from ``/syslinux/`` to ``/boot/syslinux/`` to keep most boot loader files in ``/boot/``. +- Update ``README.transfer`` documentation and convert it to reStructuredText. Removed ------- diff --git a/docs/README.transfer.rst b/docs/README.transfer.rst index f366061..ab99b10 100644 --- a/docs/README.transfer.rst +++ b/docs/README.transfer.rst @@ -1,133 +1,165 @@ -INDEX ------ +============================================== +Transfer ISO to target medium (configs/releng) +============================================== -* Transfer ISO file to target medium (configs/releng) - * To -> CD / DVD / BD - * To -> USB-key / SD / HDD / SSD - * PC-BIOS (MBR) - * PC-BIOS (ISOHYBRID-MBR) - * PC-EFI (GPT) [x86_64 only] - * PC-EFI (ISOHYBRID-GPT) [x86_64 only] +ISO images names consist of: ``archlinux-YYYY.MM.DD-x86_64.iso``. +Where: ``YYYY`` is the year, ``MM`` the month and ``DD`` the day. +.. contents:: -*** Transfer ISO image to target medium (configs/releng) +Burn to an optical disc +======================= -ISO images names consist of: archlinux-..
-x86_64.iso + .. note:: + All ISO images are BIOS and UEFI bootable via "El Torito" in no-emulation mode. -Where: - Year - Month -
Day +Burn the ISO using your favorite disc burning program. +For example: -** To -> CD / DVD / BD +.. code:: sh -Note: All ISO images are booteable on a PC-BIOS via "El Torito" in no-emulation mode, - All x86_64 ISO images are booteable on a PC-EFI via "El Torito" in no-emulation mode. + xorriso -as cdrecord -v -sao dev=/dev/sr0 archlinux-YYYY.MM.DD-x86_64.iso + +Write to an USB flash drive / memory card / hard disk drive / solid state drive / etc. +====================================================================================== + + .. tip:: + See https://wiki.archlinux.org/title/USB_flash_installation_medium for more detailed instructions. Nomeclature: - scsibus number - target number - lun number - (Note: see cdrecord -scanbus, for these numbers) +```` + Device node of the drive where ISO contents should be copied (example: ``/dev/sdx``). +```` + Device node of the partition on ```` (example: ``/dev/sdx1``). +```` + Represents the file system label of the ``archlinux-YYYY.MM.DD-x86_64.iso`` (example: ``ARCH_201703``). -1) Write it directly using your favorite recording program. -# cdrecord dev=,, -dao archlinux-..
-x86_64.iso +ISOHYBRID (BIOS and UEFI) +------------------------- + .. note:: + This method is the most easily, quick and dirty, but is the most limited if you want to use your target medium + for other purposes. If using this does not work, use the `File system transposition (UEFI only)`_ method instead. -** To -> USB Flash Drive (USB-key) / Memory card (SD) / - Hard-Disk Drive (HDD) / Solid-State Drive (SSD) +Directly write the ISO file to the target medium: -Note: These steps are the general workflow, you can skip some of them, - using another filesystem if your bootloader supports it, - installing to another directory than "arch/" or using more than - one partition. Just ensure that main boot params options - (archisolabel= and archisobasedir=) are set correctly according to your setup. +.. code:: sh -Nomeclature: -: Device node of the drive where ISO contents should be copied - (example: /dev/sdx) -: Device node of the partition on - (example: /dev/sdx1) -: Mount point path where is mounted - (example: /mnt/sdx/1) -: Path to the ISO file archlinux-..
-x86_64.iso - (example: ~/archlinux-2017.03.01-x86_64.iso) -: Represents the filesystem label of the - (example: ARCH_201703) + dd bs=4M if=archlinux-YYYY.MM.DD-x86_64.iso of= conv=fsync oflag=direct status=progress +File system transposition (UEFI only) +-------------------------------- -* PC-BIOS (MBR): +This method extracts the contents of the ISO onto a prepared UEFI-bootable volume. -Note: Using here a MBR partition mode as example, but GPT should also works - if machine firmware is not broken. - Just ensure that partition is set with attribute "2: legacy BIOS bootable" - and use gptmbr.bin instead of mbr.bin for syslinux. +If your drive is already partitioned and formatted, skip to the "Mount the target file system" step. -1) Create one partition entry in MBR and mark it as "active" (booteable). -Note: Type "b" for FAT32, "83" for EXTFS or "7" for NTFS. -# fdisk + .. note:: + Using MBR with one FAT formatted active partition is the most compatible method. -2) Create a FAT32, EXTFS or NTFS filesystem on such partition and setup a label. -Note: COW is not supported on NTFS. -# mkfs.fat -F 32 -n -# mkfs.ext4 -L -# mkfs.ntfs -L +1. Partition the drive with *fdisk*. -3) Mount target filesystem. -# mount + .. code:: sh -4) Extract ISO image on target filesystem. -# bsdtar -x --exclude=isolinux/ --exclude=EFI/ --exclude=loader/ -f -C + fdisk -5) Install syslinux bootloader on target filesystem. -# extlinux -i /arch/boot/syslinux + 1) Create a new MBR partition table with command ``o``. -6) Unmount target filesystem. -# umount + .. warning:: + This will destroy all data on the drive. -7) Install syslinux MBR boot code on target drive. -# dd bs=440 count=1 conv=notrunc if=/usr/lib/syslinux/bios/mbr.bin of= + 2) Create a new primary partition with command ``n`` and set its type code to ``0c`` with command ``t``. + 3) Mark the partition as bootable with the ``a`` command. -* PC-BIOS (ISOHYBRID-MBR): + 4) Write the changes and exit with ``w``. -Note: This method is the most easily, quick and dirty, but is the most limited - if you want to use your target medium for other purposes. - If using this does not work, use PC-BIOS (MBR) method instead. +2. Format the newly created partition to FAT32 -1) Dump ISO file to target medium. -# dd if= of= + .. code:: sh + mkfs.fat -F 32 /dev/disk/by-id/-part1 -* PC-EFI (GPT) [x86_64 only] +3. Mount the target file system -Note: Using here a GPT partition mode as example, but MBR should also works - if machine firmware is not broken. + .. code:: sh -1) Create one partition entry in GPT (of type "ef00") -# gdisk + mount /mnt -2) Create a FAT32 filesystem on such partition and setup a label. -# mkfs.fat -F 32 -n +4. Extract the ISO image on the target file system. -3) Mount target filesystem. -# mount + .. code:: sh -4) Extract ISO image on target filesystem. -# bsdtar -x --exclude=isolinux/ --exclude=EFI/archiso/ --exclude=arch/boot/syslinux/ -f -C + bsdtar -x --exclude=boot/syslinux/ -f archlinux-YYYY.MM.DD-x86_64.iso -C /mnt -5) Unmount target filesystem. -# umount +5. Unmount the target file system. + .. code:: sh -* PC-EFI (ISOHYBRID-GPT) [x86_64 only] + umount /mnt -Note: This method is the most easily, quick and dirty, but is the most limited - if you want to use your target medium for other purposes. - If using this does not work, use PC-EFI (GPT) method instead. +Manual formatting (BIOS only) +----------------------------- + + .. note:: + These steps are the general workflow, you can skip some of them, using another file system if your boot loader + supports it, installing to another directory than ``arch/`` or using more than one partition. Just ensure that + main boot parameters (``archisolabel=`` and ``archisobasedir=``) are set correctly according to your setup. + + Using here a MBR partition mode as example, but GPT should also work if the machine firmware is not broken. Just + ensure that partition is set with attribute ``2: legacy BIOS bootable`` and use ``gptmbr.bin`` instead of + ``mbr.bin`` for syslinux. + +1) Create one partition entry in MBR and mark it as "active" (bootable). + + .. note:: + Type ``b`` for FAT32, ``83`` for EXTFS or ``7`` for NTFS. + + .. code:: sh + + fdisk + +2) Create a FAT32, EXTFS or NTFS file system on such partition and setup a label. + + .. note:: + COW is not supported on NTFS. + + .. code:: sh + + mkfs.fat -F 32 -n + mkfs.ext4 -L + mkfs.ntfs -L + +3) Mount the target file system. + + .. code:: sh + + mount /mnt + +4) Extract the ISO image on the target file system. + + .. code:: sh + + bsdtar -x --exclude=boot/grub/ --exclude=EFI/ -f archlinux-YYYY.MM.DD-x86_64.iso -C /mnt + +5) Install the syslinux boot loader on the target file system. + + .. code:: sh + + extlinux -i /mnt/boot/syslinux + +6) Unmount the target file system. + + .. code:: sh + + umount /mnt + +7) Install syslinux MBR boot code on the target drive. + + .. code:: sh + + dd bs=440 count=1 conv=notrunc if=/usr/lib/syslinux/bios/mbr.bin of= -1) Dump ISO file to target medium. -# dd if= of= From cedb3d142c470511ba1bb86fa987fd9bb39501d2 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Wed, 22 Feb 2023 10:57:27 +0200 Subject: [PATCH 042/145] configs/*/grub/grub.cfg: replace /dev/disk/by-uuid/ with UUID= Use the shorter and more nicer looking `UUID=` *tags* instead of the `/dev/disk/by-uuid/` paths. This requires mkinitcpio-archiso v68. Related to #202 --- configs/baseline/grub/grub.cfg | 2 +- configs/releng/grub/grub.cfg | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/configs/baseline/grub/grub.cfg b/configs/baseline/grub/grub.cfg index 13043b3..ed56578 100644 --- a/configs/baseline/grub/grub.cfg +++ b/configs/baseline/grub/grub.cfg @@ -43,6 +43,6 @@ timeout_style=menu menuentry "Arch Linux (x86_64, UEFI)" --class arch --class gnu-linux --class gnu --class os --id 'archlinux' { set gfxpayload=keep - linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisodevice=/dev/disk/by-uuid/${ARCHISO_UUID} + linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisodevice=UUID=${ARCHISO_UUID} initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img } diff --git a/configs/releng/grub/grub.cfg b/configs/releng/grub/grub.cfg index c4478e8..1882e49 100644 --- a/configs/releng/grub/grub.cfg +++ b/configs/releng/grub/grub.cfg @@ -45,13 +45,13 @@ play 600 988 1 1319 4 menuentry "Arch Linux install medium (x86_64, UEFI)" --class arch --class gnu-linux --class gnu --class os --id 'archlinux' { set gfxpayload=keep - linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisodevice=/dev/disk/by-uuid/${ARCHISO_UUID} + linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisodevice=UUID=${ARCHISO_UUID} initrd /%INSTALL_DIR%/boot/intel-ucode.img /%INSTALL_DIR%/boot/amd-ucode.img /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img } menuentry "Arch Linux install medium with speakup screen reader (x86_64, UEFI)" --hotkey s --class arch --class gnu-linux --class gnu --class os --id 'archlinux-accessibility' { set gfxpayload=keep - linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisodevice=/dev/disk/by-uuid/${ARCHISO_UUID} accessibility=on + linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisodevice=UUID=${ARCHISO_UUID} accessibility=on initrd /%INSTALL_DIR%/boot/intel-ucode.img /%INSTALL_DIR%/boot/amd-ucode.img /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img } From 8535d695ff6dadb1fd47973c083c9af4698b56fc Mon Sep 17 00:00:00 2001 From: David Runge Date: Mon, 27 Feb 2023 19:31:45 +0100 Subject: [PATCH 043/145] Use console as grub's terminal_output configs/{baseline,releng}/grub/grub.cfg: Use `console` as grub's `terminal_output`, as with `gfxterm` only a blank screen is shown on some hardware. Fixes #212 --- configs/baseline/grub/grub.cfg | 3 +-- configs/releng/grub/grub.cfg | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/configs/baseline/grub/grub.cfg b/configs/baseline/grub/grub.cfg index ed56578..40248eb 100644 --- a/configs/baseline/grub/grub.cfg +++ b/configs/baseline/grub/grub.cfg @@ -12,10 +12,9 @@ insmod udf insmod all_video insmod font if loadfont "${prefix}/fonts/unicode.pf2" ; then - insmod gfxterm set gfxmode="auto" terminal_input console - terminal_output gfxterm + terminal_output console fi # Enable serial console diff --git a/configs/releng/grub/grub.cfg b/configs/releng/grub/grub.cfg index 1882e49..5ea764d 100644 --- a/configs/releng/grub/grub.cfg +++ b/configs/releng/grub/grub.cfg @@ -12,10 +12,9 @@ insmod udf insmod all_video insmod font if loadfont "${prefix}/fonts/unicode.pf2" ; then - insmod gfxterm set gfxmode="auto" terminal_input console - terminal_output gfxterm + terminal_output console fi # Enable serial console From 29f4b0071bd56fa437ea89b472dbf61674ada905 Mon Sep 17 00:00:00 2001 From: David Runge Date: Mon, 27 Feb 2023 19:33:25 +0100 Subject: [PATCH 044/145] Add changelog entry for terminal_output fix --- CHANGELOG.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index d6bca3a..ab1a142 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -29,6 +29,7 @@ Changed is deprecated and a future archiso release will not create this file anymore. - Moved syslinux directory from ``/syslinux/`` to ``/boot/syslinux/`` to keep most boot loader files in ``/boot/``. - Update ``README.transfer`` documentation and convert it to reStructuredText. +- Use ``console`` as grub's ``terminal_output``, as ``gfxterm`` leads to a blank screen on some hardware. Removed ------- From 5c36c85bd51b7f28f5e9b50fd82e66fde8286e37 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Fri, 24 Feb 2023 12:12:04 +0200 Subject: [PATCH 045/145] Add changelog for 70 --- CHANGELOG.rst | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index ab1a142..4fb2063 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -8,6 +8,24 @@ Changelog Added ----- +Changed +------- + +Deprecated +---------- + +Fixed +----- + +Removed +------- + +[70] - 2023-02-27 +================= + +Added +----- + - Support *file system transposition* to simplify boot medium preparation for UEFI boot via extracting the ISO image contents to a drive. ``grub.cfg`` does not hardcode the ISO volume label anymore, instead GRUB will search for volume with a ``/boot/grub/YYYY-mm-dd-HH-MM-SS-00.uuid`` file on it. From f60525103d152923e1321490936cf17fd033bf4d Mon Sep 17 00:00:00 2001 From: Zig Globulin Date: Wed, 9 Feb 2022 14:28:16 +0100 Subject: [PATCH 046/145] wait for networkd online before curl invocation 1) wait for network-online.target before invoking curl as there's no synchronization with network setup for this script 2) don't hide curl errors - it may be easier to debug the issues 3) add log and comments --- CHANGELOG.rst | 3 +++ configs/releng/airootfs/root/.automated_script.sh | 11 ++++++++++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 4fb2063..cef568a 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -17,6 +17,9 @@ Deprecated Fixed ----- +- Wait for ``network-online.target`` to become active before trying to download the script passed via the ``script=`` + boot parameter. + Removed ------- diff --git a/configs/releng/airootfs/root/.automated_script.sh b/configs/releng/airootfs/root/.automated_script.sh index 52c47e6..f257537 100755 --- a/configs/releng/airootfs/root/.automated_script.sh +++ b/configs/releng/airootfs/root/.automated_script.sh @@ -16,7 +16,13 @@ automated_script () script="$(script_cmdline)" if [[ -n "${script}" && ! -x /tmp/startup_script ]]; then if [[ "${script}" =~ ^((http|https|ftp)://) ]]; then - curl "${script}" --location --retry-connrefused --retry 10 -s -o /tmp/startup_script >/dev/null + # there's no synchronization for network availability before executing this script + printf '%s: waiting for network-online.target\n' "$0" + until systemctl --quiet is-active network-online.target; do + sleep 1 + done + printf '%s: downloading %s\n' "$0" "${script}" + curl "${script}" --location --retry-connrefused --retry 10 -s -o /tmp/startup_script rt=$? else cp "${script}" /tmp/startup_script @@ -24,6 +30,9 @@ automated_script () fi if [[ ${rt} -eq 0 ]]; then chmod +x /tmp/startup_script + printf '%s: executing automated script\n' "$0" + # note that script is executed when other services (like pacman-init) may be still in progress, please + # synchronize to "systemctl is-system-running --wait" when your script depends on other services /tmp/startup_script fi fi From 20fc8030a38d7c71c341fd267c12eb6bee3c4549 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Fri, 17 Mar 2023 19:00:25 +0200 Subject: [PATCH 047/145] configs/baseline/profiledef.sh: compress more * Use LZMA extreme compression level, * enable experimental compressed fragments feature to create a smaller image, * enable experimental data deduplication. This decreases the baseline profile's `airootfs.erofs` size by about ~16 MiB. --- CHANGELOG.rst | 3 +++ configs/baseline/profiledef.sh | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 4fb2063..19ff603 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -11,6 +11,9 @@ Added Changed ------- +- Increase EROFS compression for the baseline profile by using an extreme LZMA compression level and enabling the + experimental compressed fragments and data deduplication features. + Deprecated ---------- diff --git a/configs/baseline/profiledef.sh b/configs/baseline/profiledef.sh index 63acce1..913ff8a 100644 --- a/configs/baseline/profiledef.sh +++ b/configs/baseline/profiledef.sh @@ -14,7 +14,7 @@ bootmodes=('bios.syslinux.mbr' 'bios.syslinux.eltorito' arch="x86_64" pacman_conf="pacman.conf" airootfs_image_type="erofs" -airootfs_image_tool_options=('-zlzma,9' -E ztailpacking) +airootfs_image_tool_options=('-zlzma,109' -E 'ztailpacking,fragments,dedupe') file_permissions=( ["/etc/shadow"]="0:0:400" ) From 63c77dc2d1ff9726ca4bbc57dc84bb22e9c1a195 Mon Sep 17 00:00:00 2001 From: Antonio V Date: Sun, 14 May 2023 14:59:53 +0000 Subject: [PATCH 048/145] Subdirectories from grub/ are copied to the ISO --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index e0806bd..23e0a75 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -553,7 +553,7 @@ _make_common_bootmode_grub_copy_to_isofs() { files_to_copy+=("${profile}/grub/"!(*.cfg)) fi install -d -m 0755 -- "${isofs_dir}/boot/grub" - install -m 0644 -- "${files_to_copy[@]}" "${isofs_dir}/boot/grub/" + cp -r --remove-destination -- "${files_to_copy[@]}" "${isofs_dir}/boot/grub/" } # Prepare GRUB configuration files From 751f6ed9baa787765fb10f1a23279d57c3ac0d23 Mon Sep 17 00:00:00 2001 From: Antonio V Date: Sun, 14 May 2023 15:10:02 +0000 Subject: [PATCH 049/145] Added classes for Memtest86+ and UEFI Shell menuentries --- configs/releng/grub/grub.cfg | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/configs/releng/grub/grub.cfg b/configs/releng/grub/grub.cfg index 5ea764d..034bdb4 100644 --- a/configs/releng/grub/grub.cfg +++ b/configs/releng/grub/grub.cfg @@ -56,16 +56,16 @@ menuentry "Arch Linux install medium with speakup screen reader (x86_64, UEFI)" if [ "${grub_platform}" == "efi" ]; then if [ "${grub_cpu}" == "x86_64" ]; then - menuentry "Run Memtest86+ (RAM test)" --class memtest86 --class gnu --class tool { + menuentry "Run Memtest86+ (RAM test)" --class memtest86 --class memtest --class gnu --class tool { set gfxpayload=800x600,1024x768 linux /boot/memtest86+/memtest.efi } - menuentry "UEFI Shell" { + menuentry "UEFI Shell" --class efi { insmod chain chainloader /shellx64.efi } elif [ "${grub_cpu}" == "i386" ]; then - menuentry "UEFI Shell" { + menuentry "UEFI Shell" --class efi { insmod chain chainloader /shellia32.efi } From 42f645edc3ed14331666ad417df597c829da4600 Mon Sep 17 00:00:00 2001 From: Antonio V Date: Sun, 14 May 2023 15:17:35 +0000 Subject: [PATCH 050/145] Fixed subdirectories copy from grub/ to the ISO --- CHANGELOG.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 3d1172a..b35f1c6 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -23,6 +23,8 @@ Fixed - Wait for ``network-online.target`` to become active before trying to download the script passed via the ``script=`` boot parameter. +- Subdirectories from ``grub/`` are copied to the ISO. + Removed ------- From 2b2f212845c4be4bf6a3c9866b21d9d8e2ee102e Mon Sep 17 00:00:00 2001 From: Antonio V Date: Sun, 14 May 2023 15:20:07 +0000 Subject: [PATCH 051/145] Added classes for Memtest86+ and UEFI Shell menuentries --- CHANGELOG.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 3d1172a..4c68d6e 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -8,6 +8,8 @@ Changelog Added ----- +- Added classes for Memtest86+ and UEFI Shell menuentries. + Changed ------- From 14b2e44d9040ac24017268e309d3abfb14831d7e Mon Sep 17 00:00:00 2001 From: shivanandvp Date: Wed, 17 May 2023 04:08:33 -0500 Subject: [PATCH 052/145] mkarchiso: Fix the cp command arguments to retain mkarchiso's behavior prior to the GNU Coreutils update. Fixes Issue #214 --- CHANGELOG.rst | 2 +- archiso/mkarchiso | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 8503cb2..a4cd42f 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -24,8 +24,8 @@ Fixed - Wait for ``network-online.target`` to become active before trying to download the script passed via the ``script=`` boot parameter. - - Subdirectories from ``grub/`` are copied to the ISO. +- Modify the commandline options to a ``cp`` command in ``mkarchiso`` so that the entire script does not exit with failure when a custom ``.bashrc`` file is supplied with the archiso configuration. This fix was needed after **GNU Coreutils** recently changed the behaviour of the ``-n`` (or ``--no-clobber``) commandline option to the ``cp`` command. Removed ------- diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 23e0a75..e991b52 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -390,7 +390,7 @@ _make_customize_airootfs() { if [[ ! -d "${pacstrap_dir}${passwd[5]}" ]]; then install -d -m 0750 -o "${passwd[2]}" -g "${passwd[3]}" -- "${pacstrap_dir}${passwd[5]}" fi - cp -dnRT --preserve=mode,timestamps,links -- "${pacstrap_dir}/etc/skel/." "${pacstrap_dir}${passwd[5]}" + cp -dRT --update=none --preserve=mode,timestamps,links -- "${pacstrap_dir}/etc/skel/." "${pacstrap_dir}${passwd[5]}" chmod -f 0750 -- "${pacstrap_dir}${passwd[5]}" chown -hR -- "${passwd[2]}:${passwd[3]}" "${pacstrap_dir}${passwd[5]}" else From 094afd169a0ff871eb7a6b37d68a9b9bcb7195e4 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Thu, 16 Mar 2023 09:22:57 +0200 Subject: [PATCH 053/145] mkarchiso: support %ARCHISO_UUID% variable in boot loader configuration It will be replaced with the ISO's modification date in UTC, i.e. its "UUID". This allows to replace `archisolabel=%ARCHISO_LABEL%` with `archisodevice=UUID=%ARCHISO_UUID%` in boot loader configurations. Related to #202 --- archiso/mkarchiso | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index e991b52..afaeb6e 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -29,6 +29,7 @@ gpg_key="" gpg_sender="" iso_name="" iso_label="" +iso_uuid="" iso_publisher="" iso_application="" iso_version="" @@ -446,6 +447,7 @@ _make_bootmode_bios.syslinux.mbr() { install -d -m 0755 -- "${isofs_dir}/boot/syslinux" for _cfg in "${profile}/syslinux/"*.cfg; do sed "s|%ARCHISO_LABEL%|${iso_label}|g; + s|%ARCHISO_UUID%|${iso_uuid}|g; s|%INSTALL_DIR%|${install_dir}|g; s|%ARCH%|${arch}|g" \ "${_cfg}" > "${isofs_dir}/boot/syslinux/${_cfg##*/}" @@ -558,21 +560,20 @@ _make_common_bootmode_grub_copy_to_isofs() { # Prepare GRUB configuration files _make_common_bootmode_grub_cfg(){ - local _cfg archiso_uuid search_filename + local _cfg search_filename install -d -- "${work_dir}/grub" - # Precalculate the ISO's modification date in UTC, i.e. its "UUID" - TZ=UTC printf -v archiso_uuid '%(%F-%H-%M-%S-00)T' "$SOURCE_DATE_EPOCH" # Create a /boot/grub/YYYY-mm-dd-HH-MM-SS-00.uuid file on ISO 9660. GRUB will search for it to find the ISO # volume. This is similar to what grub-mkrescue does, except it places the file in /.disk/, but we opt to use a # directory that does not start with a dot to avoid it being accidentally missed when copying the ISO's contents. - : > "${work_dir}/grub/${archiso_uuid}.uuid" - search_filename="/boot/grub/${archiso_uuid}.uuid" + : > "${work_dir}/grub/${iso_uuid}.uuid" + search_filename="/boot/grub/${iso_uuid}.uuid" # Fill GRUB configuration files for _cfg in "${profile}/grub/"*'.cfg'; do sed "s|%ARCHISO_LABEL%|${iso_label}|g; + s|%ARCHISO_UUID%|${iso_uuid}|g; s|%INSTALL_DIR%|${install_dir}|g; s|%ARCH%|${arch}|g; s|%ARCHISO_SEARCH_FILENAME%|${search_filename}|g" \ @@ -821,6 +822,7 @@ _make_bootmode_uefi-x64.systemd-boot.esp() { mcopy -i "${efibootimg}" "${profile}/efiboot/loader/loader.conf" ::/loader/ for _conf in "${profile}/efiboot/loader/entries/"*".conf"; do sed "s|%ARCHISO_LABEL%|${iso_label}|g; + s|%ARCHISO_UUID%|${iso_uuid}|g; s|%INSTALL_DIR%|${install_dir}|g; s|%ARCH%|${arch}|g" \ "${_conf}" | mcopy -i "${efibootimg}" - "::/loader/entries/${_conf##*/}" @@ -1660,6 +1662,8 @@ _set_overrides() { # Set variables that do not have overrides [[ -n "$airootfs_image_type" ]] || airootfs_image_type="squashfs" [[ -n "$iso_name" ]] || iso_name="${app_name}" + # Precalculate the ISO's modification date in UTC, i.e. its "UUID" + TZ=UTC printf -v iso_uuid '%(%F-%H-%M-%S-00)T' "$SOURCE_DATE_EPOCH" } _export_gpg_publickey() { From ce8fdedbf7af54544983f87472f8854b7b850603 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Thu, 16 Mar 2023 09:30:03 +0200 Subject: [PATCH 054/145] Use UUIDs in all boot loader configuration files Relying on the volume UUID instead of its LABEL avoids collisions of multiple ISOs created in the same month. Fixes #202 --- CHANGELOG.rst | 1 + .../efiboot/loader/entries/01-archiso-x86_64-linux.conf | 2 +- configs/baseline/syslinux/syslinux-linux.cfg | 2 +- .../efiboot/loader/entries/01-archiso-x86_64-linux.conf | 2 +- .../loader/entries/02-archiso-x86_64-speech-linux.conf | 2 +- configs/releng/syslinux/archiso_pxe-linux.cfg | 2 +- configs/releng/syslinux/archiso_sys-linux.cfg | 4 ++-- 7 files changed, 8 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index a4cd42f..c8630bd 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -15,6 +15,7 @@ Changed - Increase EROFS compression for the baseline profile by using an extreme LZMA compression level and enabling the experimental compressed fragments and data deduplication features. +- Identify the ISO volume via a UUID instead of a file system label in all boot loader configuration files. Deprecated ---------- diff --git a/configs/baseline/efiboot/loader/entries/01-archiso-x86_64-linux.conf b/configs/baseline/efiboot/loader/entries/01-archiso-x86_64-linux.conf index 11624b6..68c1d2c 100644 --- a/configs/baseline/efiboot/loader/entries/01-archiso-x86_64-linux.conf +++ b/configs/baseline/efiboot/loader/entries/01-archiso-x86_64-linux.conf @@ -1,4 +1,4 @@ title Arch Linux (x86_64, UEFI) linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% +options archisobasedir=%INSTALL_DIR% archisodevice=UUID=%ARCHISO_UUID% diff --git a/configs/baseline/syslinux/syslinux-linux.cfg b/configs/baseline/syslinux/syslinux-linux.cfg index 0311f29..3fd9da5 100644 --- a/configs/baseline/syslinux/syslinux-linux.cfg +++ b/configs/baseline/syslinux/syslinux-linux.cfg @@ -2,4 +2,4 @@ LABEL arch MENU LABEL Arch Linux (x86_64, BIOS) LINUX /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux INITRD /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% +APPEND archisobasedir=%INSTALL_DIR% archisodevice=UUID=%ARCHISO_UUID% diff --git a/configs/releng/efiboot/loader/entries/01-archiso-x86_64-linux.conf b/configs/releng/efiboot/loader/entries/01-archiso-x86_64-linux.conf index 1c2a7a8..2506f07 100644 --- a/configs/releng/efiboot/loader/entries/01-archiso-x86_64-linux.conf +++ b/configs/releng/efiboot/loader/entries/01-archiso-x86_64-linux.conf @@ -4,4 +4,4 @@ linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux initrd /%INSTALL_DIR%/boot/intel-ucode.img initrd /%INSTALL_DIR%/boot/amd-ucode.img initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% +options archisobasedir=%INSTALL_DIR% archisodevice=UUID=%ARCHISO_UUID% diff --git a/configs/releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf b/configs/releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf index 64253d3..6928a10 100644 --- a/configs/releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf +++ b/configs/releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf @@ -4,4 +4,4 @@ linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux initrd /%INSTALL_DIR%/boot/intel-ucode.img initrd /%INSTALL_DIR%/boot/amd-ucode.img initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% accessibility=on +options archisobasedir=%INSTALL_DIR% archisodevice=UUID=%ARCHISO_UUID% accessibility=on diff --git a/configs/releng/syslinux/archiso_pxe-linux.cfg b/configs/releng/syslinux/archiso_pxe-linux.cfg index 0eb1705..305b8fd 100644 --- a/configs/releng/syslinux/archiso_pxe-linux.cfg +++ b/configs/releng/syslinux/archiso_pxe-linux.cfg @@ -6,7 +6,7 @@ ENDTEXT MENU LABEL Arch Linux install medium (x86_64, NBD) LINUX ::/%INSTALL_DIR%/boot/x86_64/vmlinuz-linux INITRD ::/%INSTALL_DIR%/boot/intel-ucode.img,::/%INSTALL_DIR%/boot/amd-ucode.img,::/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% archiso_nbd_srv=${pxeserver} cms_verify=y +APPEND archisobasedir=%INSTALL_DIR% archisodevice=UUID=%ARCHISO_UUID% archiso_nbd_srv=${pxeserver} cms_verify=y SYSAPPEND 3 LABEL arch64_nfs diff --git a/configs/releng/syslinux/archiso_sys-linux.cfg b/configs/releng/syslinux/archiso_sys-linux.cfg index f9d3b0d..950dc48 100644 --- a/configs/releng/syslinux/archiso_sys-linux.cfg +++ b/configs/releng/syslinux/archiso_sys-linux.cfg @@ -6,7 +6,7 @@ ENDTEXT MENU LABEL Arch Linux install medium (x86_64, BIOS) LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% +APPEND archisobasedir=%INSTALL_DIR% archisodevice=UUID=%ARCHISO_UUID% # Accessibility boot option LABEL arch64speech @@ -17,4 +17,4 @@ ENDTEXT MENU LABEL Arch Linux install medium (x86_64, BIOS) with ^speech LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% accessibility=on +APPEND archisobasedir=%INSTALL_DIR% archisodevice=UUID=%ARCHISO_UUID% accessibility=on From 8cc0e9e5b09d504a50701a825f0ab9992ed73b6f Mon Sep 17 00:00:00 2001 From: nl6720 Date: Thu, 16 Mar 2023 09:45:00 +0200 Subject: [PATCH 055/145] mkarchiso: read SOURCE_DATE_EPOCH from file early When restarting an interrupted build, SOURCE_DATE_EPOCH needs to be available before `profiledef.sh` is read, since it may reference it. Fixes 7c6f266ec94e3eff23466ed8d0c45e4bee0ddae4 --- CHANGELOG.rst | 3 +++ archiso/mkarchiso | 15 +++++++++------ 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index c8630bd..36d173d 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -23,10 +23,13 @@ Deprecated Fixed ----- +<<<<<<< HEAD - Wait for ``network-online.target`` to become active before trying to download the script passed via the ``script=`` boot parameter. - Subdirectories from ``grub/`` are copied to the ISO. - Modify the commandline options to a ``cp`` command in ``mkarchiso`` so that the entire script does not exit with failure when a custom ``.bashrc`` file is supplied with the archiso configuration. This fix was needed after **GNU Coreutils** recently changed the behaviour of the ``-n`` (or ``--no-clobber``) commandline option to the ``cp`` command. +- Ensure ``SOURCE_DATE_EPOCH`` is read from the ``build_date`` file before ``profiledef.sh`` is sourced to ensure the + variable has a correct value when used inside ``profiledef.sh``. Removed ------- diff --git a/archiso/mkarchiso b/archiso/mkarchiso index afaeb6e..d1d753e 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1742,12 +1742,8 @@ _build_iso_base() { # Create working directory [[ -d "${work_dir}" ]] || install -d -- "${work_dir}" - # Write build date to file or if the file exists, read it from there - if [[ -e "${work_dir}/build_date" ]]; then - SOURCE_DATE_EPOCH="$(<"${work_dir}/build_date")" - else - printf '%s\n' "$SOURCE_DATE_EPOCH" > "${work_dir}/build_date" - fi + # Write build date to file if it does not exist already + [[ -e "${work_dir}/build_date" ]] || printf '%s\n' "$SOURCE_DATE_EPOCH" > "${work_dir}/build_date" [[ "${quiet}" == "y" ]] || _show_config _run_once _make_pacman_conf @@ -1863,6 +1859,13 @@ fi # get the absolute path representation of the first non-option argument profile="$(realpath -- "${1}")" +# Read SOURCE_DATE_EPOCH from file early +build_date_file="$(realpath -q -- "${override_work_dir:-./work}/build_date")" || : +if [[ -f "$build_date_file" ]]; then + SOURCE_DATE_EPOCH="$(<"$build_date_file")" +fi +unset build_date_file + _read_profile _set_overrides _validate_options From db292a59ab72856b3f38de404d7e658dfa60b2d7 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Sun, 19 Mar 2023 13:34:54 +0200 Subject: [PATCH 056/145] README.profile.rst: document %ARCHISO_UUID% and %ARCHISO_SEARCH_FILENAME% While their values are not affected by `profiledef.sh` variables, there is no other place to document these *identifiers*. --- docs/README.profile.rst | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/README.profile.rst b/docs/README.profile.rst index f1fd717..0b5041a 100644 --- a/docs/README.profile.rst +++ b/docs/README.profile.rst @@ -140,6 +140,12 @@ respective variables in ``profiledef.sh``: * ``%INSTALL_DIR%``: Set this using the ``install_dir`` variable in ``profiledef.sh``. * ``%ARCH%``: Set this using the ``arch`` variable in ``profiledef.sh``. +Additionally there are also *custom template identifiers* have harcoded values set by ``mkarchiso`` that cannot be +overridden: + +* ``%ARCHISO_UUID%``: the ISO 9660 modification date in UTC, i.e. its "UUID", +* ``%ARCHISO_SEARCH_FILENAME%``: file path on ISO 9660 that can be used by GRUB to find the ISO volume + (**for GRUB ``.cfg`` files only**). efiboot ------- From 493aa90fd2250ebfe37598eb933550e635adbc4b Mon Sep 17 00:00:00 2001 From: nl6720 Date: Sat, 13 May 2023 15:58:06 +0300 Subject: [PATCH 057/145] configs/releng/packages.x86_64: add more terminfo packages Add foot-terminfo and wezterm-terminfo packages to allow using their terminfo entries for installations via SSH. --- CHANGELOG.rst | 2 ++ configs/releng/packages.x86_64 | 2 ++ 2 files changed, 4 insertions(+) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 36d173d..7295875 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -9,6 +9,8 @@ Added ----- - Added classes for Memtest86+ and UEFI Shell menuentries. +- Add foot-terminfo and wezterm-terminfo packages to releng to support terminal emulators using them. E.g. when + installing via SSH. Changed ------- diff --git a/configs/releng/packages.x86_64 b/configs/releng/packages.x86_64 index 5771920..43678b2 100644 --- a/configs/releng/packages.x86_64 +++ b/configs/releng/packages.x86_64 @@ -28,6 +28,7 @@ ethtool exfatprogs f2fs-tools fatresize +foot-terminfo fsarchiver gnu-netcat gpart @@ -114,6 +115,7 @@ usbutils vim virtualbox-guest-utils-nox vpnc +wezterm-terminfo wireless-regdb wireless_tools wpa_supplicant From 7f1632334bd4a1a3a69af68baca338eec09e643b Mon Sep 17 00:00:00 2001 From: nl6720 Date: Wed, 17 May 2023 17:36:27 +0300 Subject: [PATCH 058/145] CHANGELOG.rst: remove stray git conflict marker Fixes 8cc0e9e5b09d504a50701a825f0ab9992ed73b6f --- CHANGELOG.rst | 1 - 1 file changed, 1 deletion(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 7295875..53b8c47 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -25,7 +25,6 @@ Deprecated Fixed ----- -<<<<<<< HEAD - Wait for ``network-online.target`` to become active before trying to download the script passed via the ``script=`` boot parameter. - Subdirectories from ``grub/`` are copied to the ISO. From dc72a84dae41b21f1718ae23f966abf386f40960 Mon Sep 17 00:00:00 2001 From: 2hexed <2hexed@protonmail.com> Date: Wed, 17 May 2023 14:43:15 +0000 Subject: [PATCH 059/145] Update mkarchiso --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index d1d753e..18b6ed7 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -87,7 +87,7 @@ usage: ${app_name} [options] Default: '${iso_application}' -C pacman configuration file. Default: '${pacman_conf}' - -D Set an install_dir. All files will by located here. + -D Set an install_dir. All files will be located here. Default: '${install_dir}' NOTE: Max 8 characters, use only [a-z0-9] -L