diff --git a/.editorconfig b/.editorconfig index 74ed4eb..cbb5538 100644 --- a/.editorconfig +++ b/.editorconfig @@ -16,6 +16,10 @@ charset = utf-8 indent_style = space indent_size = 4 max_line_length = 120 +# for shfmt +switch_case_indent = true +binary_next_line = true + [*.{yml,yaml}] end_of_line = lf @@ -32,3 +36,6 @@ trim_trailing_whitespace = true charset = utf-8 indent_style = space indent_size = 2 + +[Makefile] +indent_style = tab diff --git a/.gitignore b/.gitignore index 74a0a52..4921633 100644 --- a/.gitignore +++ b/.gitignore @@ -1,7 +1,9 @@ *~ -archiso-*.tar.gz* +*.tar +*.tar.* work/ out/ +codesigning* *.iso *.img *.cer @@ -10,3 +12,5 @@ out/ *.pem user-data meta-data +network-config +man/version.rst diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml deleted file mode 100644 index 17ac5ff..0000000 --- a/.gitlab-ci.yml +++ /dev/null @@ -1,71 +0,0 @@ ---- -# -# SPDX-License-Identifier: GPL-3.0-or-later - -stages: - - check - - build - -check: - before_script: - # NOTE: Install latest archlinux-keyring before upgrading system. In the - # future this should not be needed anymore when we can guarantee a valid - # keyring for longer: - # https://gitlab.archlinux.org/archlinux/archlinux-keyring/-/issues/4 - - pacman -Sy --needed --noconfirm archlinux-keyring - - pacman --noconfirm -Syu --needed make shellcheck - script: - - make check - stage: check - interruptible: true - -.build: - artifacts: - reports: - metrics: output/metrics.txt - before_script: - - pacman -Sy --needed --noconfirm archlinux-keyring - - pacman -Syu --needed --noconfirm arch-install-scripts bash dosfstools e2fsprogs erofs-utils gnupg grub jq libarchive libisoburn mtools openssl qemu-headless squashfs-tools zsync - script: - - ./.gitlab/ci/build_archiso.sh ${BUILD_SCRIPT_ARGS} - stage: build - tags: - - vm - -build_short: - extends: .build - parallel: - matrix: - - BUILD_SCRIPT_ARGS: baseline bootstrap - - BUILD_SCRIPT_ARGS: releng bootstrap - only: - refs: - - master - - merge_requests - changes: - - archiso/* - - configs/**/* - - Makefile - - .gitlab-ci.yml - - .gitlab/ci/* - interruptible: true - -build_long: - extends: .build - parallel: - matrix: - - BUILD_SCRIPT_ARGS: baseline iso - - BUILD_SCRIPT_ARGS: baseline netboot - - BUILD_SCRIPT_ARGS: releng iso - - BUILD_SCRIPT_ARGS: releng netboot - only: - refs: - - master - - merge_requests - changes: - - archiso/* - - configs/**/* - - Makefile - - .gitlab-ci.yml - - .gitlab/ci/* - interruptible: true diff --git a/.gitlab/ci/build_archiso.sh b/.gitlab/ci/build_archiso.sh deleted file mode 100755 index 5250b51..0000000 --- a/.gitlab/ci/build_archiso.sh +++ /dev/null @@ -1,273 +0,0 @@ -#!/usr/bin/env bash -# -# This script is run within a virtual environment to build the available archiso profiles and their available build -# modes and create checksum files for the resulting images. -# The script needs to be run as root and assumes $PWD to be the root of the repository. -# -# Dependencies: -# * all archiso dependencies -# * coreutils -# * gnupg -# * openssl -# * zsync -# -# $1: profile -# $2: buildmode - -set -euo pipefail -shopt -s extglob - -readonly orig_pwd="${PWD}" -readonly output="${orig_pwd}/output" -readonly tmpdir_base="${orig_pwd}/tmp" -readonly profile="${1}" -readonly buildmode="${2}" -readonly install_dir="arch" - -tmpdir="" -tmpdir="$(mktemp --dry-run --directory --tmpdir="${tmpdir_base}")" -gnupg_homedir="" -codesigning_dir="" -codesigning_cert="" -codesigning_key="" -pgp_key_id="" - -print_section_start() { - # gitlab collapsible sections start: https://docs.gitlab.com/ee/ci/jobs/#custom-collapsible-sections - local _section _title - _section="${1}" - _title="${2}" - - printf "\e[0Ksection_start:%(%s)T:%s\r\e[0K%s\n" '-1' "${_section}" "${_title}" -} - -print_section_end() { - # gitlab collapsible sections end: https://docs.gitlab.com/ee/ci/jobs/#custom-collapsible-sections - local _section - _section="${1}" - - printf "\e[0Ksection_end:%(%s)T:%s\r\e[0K\n" '-1' "${_section}" -} - -cleanup() { - # clean up temporary directories - print_section_start "cleanup" "Cleaning up temporary directory" - - if [ -n "${tmpdir_base:-}" ]; then - rm -fr "${tmpdir_base}" - fi - - print_section_end "cleanup" -} - -create_checksums() { - # create checksums for files - # $@: files - local _file_path _file_name _current_pwd - _current_pwd="${PWD}" - - print_section_start "checksums" "Creating checksums" - - for _file_path in "$@"; do - cd "$(dirname "${_file_path}")" - _file_name="$(basename "${_file_path}")" - b2sum "${_file_name}" > "${_file_name}.b2" - md5sum "${_file_name}" > "${_file_name}.md5" - sha1sum "${_file_name}" > "${_file_name}.sha1" - sha256sum "${_file_name}" > "${_file_name}.sha256" - sha512sum "${_file_name}" > "${_file_name}.sha512" - ls -lah "${_file_name}."{b2,md5,sha{1,256,512}} - cat "${_file_name}."{b2,md5,sha{1,256,512}} - done - cd "${_current_pwd}" - - print_section_end "checksums" -} - -create_zsync_delta() { - # create zsync control files for files - # $@: files - local _file - - print_section_start "zsync_delta" "Creating zsync delta" - - for _file in "$@"; do - if [[ "${buildmode}" == "bootstrap" ]]; then - # zsyncmake fails on 'too long between blocks' with default block size on bootstrap image - zsyncmake -v -b 512 -C -u "${_file##*/}" -o "${_file}".zsync "${_file}" - else - zsyncmake -v -C -u "${_file##*/}" -o "${_file}".zsync "${_file}" - fi - done - - print_section_end "zsync_delta" -} - -create_metrics() { - local _metrics="${output}/metrics.txt" - # create metrics - print_section_start "metrics" "Creating metrics" - - { - # create metrics based on buildmode - case "${buildmode}" in - iso) - printf 'image_size_mebibytes{image="%s"} %s\n' \ - "${profile}" \ - "$(du -m -- "${output}/"*.iso | cut -f1)" - printf 'package_count{image="%s"} %s\n' \ - "${profile}" \ - "$(sort -u -- "${tmpdir}/iso/"*/pkglist.*.txt | wc -l)" - if [[ -e "${tmpdir}/efiboot.img" ]]; then - printf 'eltorito_efi_image_size_mebibytes{image="%s"} %s\n' \ - "${profile}" \ - "$(du -m -- "${tmpdir}/efiboot.img" | cut -f1)" - fi - # shellcheck disable=SC2046 - # shellcheck disable=SC2183 - printf 'initramfs_size_mebibytes{image="%s",initramfs="%s"} %s\n' \ - $(du -m -- "${tmpdir}/iso/"*/boot/**/initramfs*.img | \ - awk -v profile="${profile}" \ - 'function basename(file) { - sub(".*/", "", file) - return file - } - { print profile, basename($2), $1 }' - ) - ;; - netboot) - printf 'netboot_size_mebibytes{image="%s"} %s\n' \ - "${profile}" \ - "$(du -m -- "${output}/${install_dir}/" | tail -n1 | cut -f1)" - printf 'netboot_package_count{image="%s"} %s\n' \ - "${profile}" \ - "$(sort -u -- "${tmpdir}/iso/"*/pkglist.*.txt | wc -l)" - ;; - bootstrap) - printf 'bootstrap_size_mebibytes{image="%s"} %s\n' \ - "${profile}" \ - "$(du -m -- "${output}/"*.tar*(.gz|.xz|.zst) | cut -f1)" - printf 'bootstrap_package_count{image="%s"} %s\n' \ - "${profile}" \ - "$(sort -u -- "${tmpdir}/"*/bootstrap/root.*/pkglist.*.txt | wc -l)" - ;; - esac - } > "${_metrics}" - ls -lah "${_metrics}" - cat "${_metrics}" - - print_section_end "metrics" -} - -create_ephemeral_pgp_key() { - # create an ephemeral PGP key for signing the rootfs image - print_section_start "ephemeral_pgp_key" "Creating ephemeral PGP key" - - gnupg_homedir="$tmpdir/.gnupg" - mkdir -p "${gnupg_homedir}" - chmod 700 "${gnupg_homedir}" - - cat << __EOF__ > "${gnupg_homedir}"/gpg.conf -quiet -batch -no-tty -no-permission-warning -export-options no-export-attributes,export-clean -list-options no-show-keyring -armor -no-emit-version -__EOF__ - - gpg --homedir "${gnupg_homedir}" --gen-key <> "${codesigning_conf}" - openssl req \ - -newkey rsa:4096 \ - -keyout "${codesigning_key}" \ - -nodes \ - -sha256 \ - -x509 \ - -days 365 \ - -out "${codesigning_cert}" \ - -config "${codesigning_conf}" \ - -subj "${codesigning_subj}" \ - -extensions codesigning - - print_section_end "ephemeral_codesigning_key" -} - -run_mkarchiso() { - # run mkarchiso - create_ephemeral_pgp_key - create_ephemeral_codesigning_key - - print_section_start "mkarchiso" "Running mkarchiso" - mkdir -p "${output}/" "${tmpdir}/" - GNUPGHOME="${gnupg_homedir}" ./archiso/mkarchiso \ - -D "${install_dir}" \ - -c "${codesigning_cert} ${codesigning_key}" \ - -g "${pgp_key_id}" \ - -G "${pgp_sender}" \ - -o "${output}/" \ - -w "${tmpdir}/" \ - -m "${buildmode}" \ - -v "configs/${profile}" - - print_section_end "mkarchiso" - - if [[ "${buildmode}" =~ "iso" ]]; then - create_zsync_delta "${output}/"*.iso - create_checksums "${output}/"*.iso - fi - if [[ "${buildmode}" == "bootstrap" ]]; then - create_zsync_delta "${output}/"*.tar*(.gz|.xz|.zst) - create_checksums "${output}/"*.tar*(.gz|.xz|.zst) - fi - create_metrics - - print_section_start "ownership" "Setting ownership on output" - - if [[ -n "${SUDO_UID:-}" ]] && [[ -n "${SUDO_GID:-}" ]]; then - chown -Rv "${SUDO_UID}:${SUDO_GID}" -- "${output}" - fi - print_section_end "ownership" -} - -trap cleanup EXIT - -run_mkarchiso diff --git a/.shellcheckrc b/.shellcheckrc new file mode 100644 index 0000000..75aca74 --- /dev/null +++ b/.shellcheckrc @@ -0,0 +1,11 @@ +# Suggest explicitly using -n in `[ $var ]` +enable=avoid-nullary-conditions + +# Suggest 'command -v' instead of 'which' +enable=deprecate-which + +# Suggest quoting variables without metacharacters +enable=quote-safe-variables + +# Require [[ and warn about [ in Bash/Ksh +enable=require-double-brackets diff --git a/AUTHORS.rst b/AUTHORS.rst index b03b91e..428b35f 100644 --- a/AUTHORS.rst +++ b/AUTHORS.rst @@ -2,37 +2,60 @@ Archiso Authors =============== +* 2hexed <2hexed@protonmail.com> * Aaron Griffin * Adam Purkrt * Alexander Epaneshnikov +* Alexander Speshilov +* Anton Hvornum +* Antonio V * Chandan Singh * Charles Vejnar * Christian Hesse * Christopher Brannon * Dan McGee +* Darren Ng * David Runge * David Thurstenson * Dieter Plaetinck * Eli Schwartz +* Eric Toombs <567-ewtoombs@users.noreply.gitlab.archlinux.org> * Florian Pritz * Francois Dupoux * Gerardo Exequiel Pozzi * Gerhard Brauer +* Giancarlo Razzolini +* Howard Hicks * James Sitegen +* John Lane +* Jonathan Liu +* Jonathon Fernyhough * Justin Kromlinger * Keshav Amburay +* Kristian Klausen * Loui Chang * Lukas Fleischer * Martin Damian Fernandez +* Michael Gilchrist * Michael Vorburger +* Pellegrino Prevete * Pierre Schmitz * Sean Enck * Simo Leone +* Simon Wilper +* Sorin Pânca * Steffen Bönigk * Sven-Hendrik Haase * Thomas Bächler +* Tobias Powalowski +* Tom Yan * Yu Li-Yu +* Zig Globulin +* hayao +* kojq su <3145-kojqsu@users.noreply.gitlab.archlinux.org> +* mono wock * nl6720 -* Øyvind Heggstad * plain linen -* Pellegrino Prevete +* shivanandvp +* weltio weltio +* Øyvind Heggstad diff --git a/CHANGELOG.rst b/CHANGELOG.rst index a4ca833..17b6e51 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -11,9 +11,359 @@ Added Changed ------- +Deprecated +---------- + +Fixed +----- + Removed ------- + +[82] - 2024-11-27 +================= + +Fixed +----- + +- Commented out ``DownloadUser`` in ``pacman.conf`` so that the working directory is not restricted to paths to which + the ``alpm`` user has access to. + +[81] - 2024-10-28 +================= + +Fixed +----- + +- Change enabled services in baseline and releng profile to adapt to changes in ``cloud-init`` ≥ 24.3 (renamed + ``cloud-init.service`` to ``cloud-init-network.service``, introduced new ``cloud-init-main.service``). + +Removed +------- + +- Removed gnu-netcat from releng profile, as cloud-init requires openbsd-netcat and the two netcat versions can not be + installed side-by-side. + +[80] - 2024-09-26 +================= + +Added +----- + +- Support compressing the bootstrap tarball with ``xz``. + +Changed +------- + +- Use an empty UUID for the EROFS image file since the file system will never be referenced by it. +- Do not use ``mkfs.erofs`` extended options ``fragments`` and ``dedupe`` in the baseline profile. This reduces the EROFS + image size and compression time. +- Update profile ``pacman.conf`` to include the new options added to ``/etc/pacman.conf`` in pacman 7.0.0.r3.g7736133-1. + +Fixed +----- + +- Show the correct image file name, including the extension, when building a bootstrap image. + +Removed +------- + +- Removed reiserfsprogs from packages (EOL) + +[79] - 2024-07-25 +================= + +Fixed +----- + +- When downloading an automation script fail with non-zero status code instead of returning an HTML document when the + remote HTTP server fails to deliver the document. + +Removed +------- + +- Remove unneeded workaround for e2fsprogs < 1.47.1. + +[78] - 2024-05-23 +================= + +Changed +------- + +- Moved the ``pkglist.x86_64.txt`` file outside the bootstrap tarball's ``root.x86_64`` directly to avoid polluting the + root file system. +- Use 4 MiB OVMF files in ``run_archiso`` instead of the old 2 MiB ones. +- Increase the additional free space of the EFI partition size from 1 MiB to 8 MiB to account for file system overhead + when using FAT32 (needs less than 1 MiB) and to give more space for adding custom files when repacking an ISO (e.g. + when preparing it for Secure Boot). +- Remove 300 KiB padding needed for CDs if the ISO exceeds the maximum size of a CD. +- Use ``xz -9e`` as the releng profile's initramfs compression. Now that mkinitcpio does not decompress the loadable + kernel modules and firmware files anymore and moves them to the early uncompressed initramfs, we can compress the main + initramfs image with a higher compression without it having much impact on the ISO build time. +- Format the EFI system partition image as FAT32 if the size allows it (i.e. if it is at least 36 MiB). + +Fixed +----- + +- Look for microcode update files in the initramfs images when checking if external microcode images are needed. The + existence of a ``early_cpio`` file is not enough since mkinitcpio can and will place other files in the early + uncompressed CPIO even when the ``microcode`` hook is not used. + +Removed +------- + +- Remove the wezterm-terminfo package from the releng profile as the relevant file is now provided by the ncurses + package instead. + +[77] - 2024-04-21 +================= + +Added +----- + +- Copy Memtest86+ EFI binary to the EFI system partition and ISO 9660 for ``uefi-x86.systemd-boot`` boot modes. + Additionally, create a boot entry with it for the releng profile. + +Changed +------- + +- Change releng profile's bootstrap tarball compression from gzip to zstd. zstd provides higher and faster compression. +- Use mkinitcpio's ``microcode`` hook instead of external microcode images to simplify boot loader configuration. + Custom PXE setups will need to update their boot loader configuration. +- Replace ``archisodevice`` boot parameter with ``archisosearchuuid`` in all boot loader configuration. This allows to + have "file system transposition" without relaying on GRUB-specific features. +- Replace GRUB with systemd-boot as the UEFI boot loader for the releng profile. While this increases the ISO size, it + avoids all GRUB-specific annoyances and oddities. + +Fixed +----- + +- Fix requirement validation logic for the ``uefi-ia32.systemd-boot.eltorito`` boot mode. It incorrectly applied the + same requirements as ``uefi-x64.systemd-boot.esp``. + +[76] - 2024-03-30 +================= + +Added +----- + +- Add a man page for ``mkarchiso``. +- Implement configurable bootstrap tarball compression. It is configured in ``profiledef.sh`` using a bash array called + ``bootstrap_tarball_compression``. baseline tarball now uses zstd compression while releng remains with gzip for now. + +Changed +------- + +- Move ``/boot/grub/YYYY-mm-dd-HH-MM-SS-00.uuid`` to ``/boot/YYYY-mm-dd-HH-MM-SS-00.uuid`` and always create the file. + Once mkinitcpio-archiso implements searching for the file in early userspace, this file's use will not be limited to + just GRUB. +- Skip including external microcode images in build artifacts if the initramfs file contains ``early_cpio`` (indicating + an early uncompressed CPIO archive which should have the microcode update files). + +Removed +------- + +- Remove workaround for glibc < 2.39. ``LC_ALL=C.UTF-8`` now overrides ``LANGUAGE``, just like ``LC_ALL=C``. + +[75] - 2024-01-24 +================= + +Added +----- + +- Explicitly add ldns to releng (as opposed to it only being pulled in as a dependency of another package) to ensure + ``drill`` remains available. + +Changed +------- + +- Update the releng ISO description to "Arch Linux Live/Rescue DVD" since the ISO size now exceeds the maximum size of + a CD (900 MiB). + +Fixed +----- + +- Update the location where ``mkarchiso`` looks for the memtest86+ license file. + +[74] - 2023-12-21 +================= + +Added +----- + +- Add bcachefs-tools to releng for access to bcachefs userspace tools. +- Add tftp as a valid protocol for downloading automated boot script. + +Changed +------- + +- Set ``RequiredForOnline=routable`` in systemd-networkd configuration files to improve the chances that the network + really is *online* when ``network-online.target`` is reached. + +Fixed +----- + +- Add missing replacement for the UUID variable in systemd-boot configuration files on ISO 9660. + +[73] - 2023-09-29 +================= + +Added +----- + +- Add bolt to releng for authorizing and otherwise managing Thunderbolt and USB4 devices. +- Add ``uefi-ia32.systemd-boot.esp`` and ``uefi-ia32.systemd-boot.eltorito`` boot modes that use systemd-boot for IA32 + UEFI. The boot modes of baseline and releng are not changed. +- Add GRUB configuration file ``/boot/grub/loopback.cfg`` to the releng and baseline profiles. It sets the necessary + boot parameters required for booting the ISO image as a file on a file system. + +Fixed +----- + +- Add ``/etc/localtime`` to the baseline profile to ensure the ISO can be booted successfully without triggering + questions from systemd-firstboot. + +[72] - 2023-08-29 +================= + +Added +----- + +- Add tpm2-tools to releng to allow clearing, creating and reading keys on the TPM. +- Add sequoia-sq and openpgp-card-tools as additional tooling for working with OpenPGP certificates and smartcards. + +Changed +------- + +- Moved custom ``mkinitcpio.conf`` files to ``/etc/mkinitcpio.conf.d/archiso.conf``. +- Mount ``/etc/pacman.d/gnupg`` on tmpfs with option ``noswap`` instead of using ramfs. This ensures there is a limit to + the file system size. +- Enable systemd-networkd's support for IPv6 Privacy Extensions globally instead of per-connection. +- Moved custom ``sshd_config`` files to ``/ssh/sshd_config.d/10-archiso.conf`` +- Use pcsclite for interfacing with smartcards, since both gnupg and opgpcard support it. + +Fixed +----- + +- Sign the root file system image only once. +- Make sure xorriso does not read its configuration files to prevent interference and unintended behavior. + +[71] - 2023-05-28 +================= + +Added +----- + +- Added classes for Memtest86+ and UEFI Shell menuentries. +- Add foot-terminfo and wezterm-terminfo packages to releng to support terminal emulators using them. E.g. when + installing via SSH. +- Add a new ``-r`` option to ``mkarchiso`` that deletes the working directly after the build. +- Add support for mDNS announce and resolve. + +Changed +------- + +- Increase EROFS compression for the baseline profile by using an extreme LZMA compression level and enabling the + experimental compressed fragments and data deduplication features. +- Identify the ISO volume via a UUID instead of a file system label in all boot loader configuration files. +- Update ``pacman.conf`` to match the one shipped with pacman 6.0.2-7 which removes the community repository. + +Fixed +----- + +- Wait for ``network-online.target`` to become active before trying to download the script passed via the ``script=`` + boot parameter. +- Subdirectories from ``grub/`` are copied to the ISO. +- Modify the commandline options to a ``cp`` command in ``mkarchiso`` so that the entire script does not exit with + failure when a custom ``.bashrc`` file is supplied with the archiso configuration. This fix was needed after + **GNU Coreutils** recently changed the behaviour of the ``-n`` (or ``--no-clobber``) commandline option to the ``cp`` + command. +- Ensure ``SOURCE_DATE_EPOCH`` is read from the ``build_date`` file before ``profiledef.sh`` is sourced to ensure the + variable has a correct value when used inside ``profiledef.sh``. + +[70] - 2023-02-27 +================= + +Added +----- + +- Support *file system transposition* to simplify boot medium preparation for UEFI boot via extracting the ISO image + contents to a drive. ``grub.cfg`` does not hardcode the ISO volume label anymore, instead GRUB will search for volume + with a ``/boot/grub/YYYY-mm-dd-HH-MM-SS-00.uuid`` file on it. +- Preload GRUB's NTFS modules for UEFI that allegedly have native NTFS support. GRUB's exFAT and UDF modules are also + preloaded in case someone finds them useful. + +Changed +------- + +- Identify the ISO volume via a UUID instead of a file system label to avoid collisions of multiple ISOs created in the + same month. +- Honor ``SOURCE_DATE_EPOCH`` in the ``date`` command used by ``profiledef.sh`` of the shipped profiles. +- Do not duplicate ``grub.cfg`` in both ISO 9660 and the EFI system partition / El Torito image. GRUB will search for + the ISO volume and load the ``grub.cfg`` from there. +- Moved GRUB files on ISO 9660 from ``/EFI/BOOT/`` to a boot-platform neutral place ``/boot/grub/``. This does not apply + to the EFI binaries that remain in the default/fallback boot path. +- Move ``grubenv`` to ``/boot/grub/grubenv`` on ISO 9660 so that it is together with the rest of GRUB-specific files. + Additionally write more variables in it. The previous ``/${install_dir}/grubenv`` (``/arch/grubenv`` for releng) + is deprecated and a future archiso release will not create this file anymore. +- Moved syslinux directory from ``/syslinux/`` to ``/boot/syslinux/`` to keep most boot loader files in ``/boot/``. +- Update ``README.transfer`` documentation and convert it to reStructuredText. +- Use ``console`` as grub's ``terminal_output``, as ``gfxterm`` leads to a blank screen on some hardware. + +Removed +------- + +- Do not place memtest86+ in netboot artifacts. + +[69] - 2022-12-24 +================= + +Added +----- + +- Add Memtest86+ to x86_64 UEFI GRUB boot menu. + +Changed +------- + +- Check if the GPG public key file was successfully placed in the work directory before trying to use it. +- Open the file descriptors for code signing certificates and GPG public key as read only. Nothing from the within the + ``pacstrap`` invoked chroot should ever be allowed to write outside of it. +- Error out early if any of the code signing certificate files passed with option ``-c`` do not exist. +- Use LZMA compressed EROFS image for the baseline profile. Now that xz 5.4 is out and erofs-utils is built with LZMA + support, using a higher compression is possible. +- Add ``/etc/machine-id`` with special value ``uninitialized``. The final id is generated at boot time, and systemd's + first-boot mechanim (see ``First Boot Semantics`` in ``machine-id(5)``) applies. No functional change unless that + ``ConditionFirstBoot=yes`` is true and passive unit ``first-boot-complete.target`` activates for ordering. + +[68] - 2022-10-30 +================= + +Changed +------- + +- Do not explicitly enable ``qemu-guest-agent.service`` as it will be started by a udev rule. +- Remove existing signature (``.sig``) files and do not sign them when signing netboot artifacts. This is mostly + applicable when re-running ``mkarchiso`` after a failure. +- Replace ``archiso_kms`` with ``kms`` in ``mkinitcpio.conf``. The hook is available in mkinitcpio since version 32. + +[67] - 2022-09-25 +================= + +Added +----- + +- The ability to generate rootfs signatures using openssl CMS module if ``-c`` is given. + +Changed +------- + +- Order ``pacman-init.service`` before ``archlinux-keyring-wkd-sync.service`` since + ``archlinux-keyring-wkd-sync.service`` needs an initialized pacman keyring. +- Order ``pacman-init.service`` after ``time-sync.target`` since ``pacman-init.service`` may otherwise create local + signatures that are not valid on target systems after installation. + [66] - 2022-08-28 ================= @@ -53,6 +403,8 @@ Removed - Remove the custom pacman hook that ran ``locale-gen`` on glibc install from the releng profile. The used locale now ships with the glibc package itself. +- Remove "Copy to RAM" boot entries since the ``archiso`` mkinitcpio hook enables it automatically when there is enough + free RAM. [64] - 2022-05-30 ================= @@ -191,7 +543,7 @@ Removed ------- - Remove all files related to ``mkinitcpio`` integration, as they now live in - https://gitlab.archlinux.org/mkinitcpio/mkinitcpio-archiso + https://gitlab.archlinux.org/archlinux/mkinitcpio/mkinitcpio-archiso [57] - 2021-07-30 ================= diff --git a/Makefile b/Makefile index c4ceb2f..1a6bf6f 100644 --- a/Makefile +++ b/Makefile @@ -4,11 +4,13 @@ PREFIX ?= /usr/local BIN_DIR=$(DESTDIR)$(PREFIX)/bin DOC_DIR=$(DESTDIR)$(PREFIX)/share/doc/archiso +MAN_DIR?=$(DESTDIR)$(PREFIX)/share/man PROFILE_DIR=$(DESTDIR)$(PREFIX)/share/archiso DOC_FILES=$(wildcard docs/*) $(wildcard *.rst) SCRIPT_FILES=$(wildcard archiso/*) $(wildcard scripts/*.sh) $(wildcard .gitlab/ci/*.sh) \ $(wildcard configs/*/profiledef.sh) $(wildcard configs/*/airootfs/usr/local/bin/*) +VERSION?=$(shell git describe --long --abbrev=7 | sed 's/^v//;s/\([^-]*-g\)/r\1/;s/-/./g;s/\.r0\.g.*//') all: @@ -17,7 +19,7 @@ check: shellcheck shellcheck: shellcheck -s bash $(SCRIPT_FILES) -install: install-scripts install-profiles install-doc +install: install-scripts install-profiles install-doc install-man install-scripts: install -vDm 755 archiso/mkarchiso -t "$(BIN_DIR)/" @@ -30,4 +32,9 @@ install-profiles: install-doc: install -vDm 644 $(DOC_FILES) -t $(DOC_DIR) -.PHONY: check install install-doc install-profiles install-scripts shellcheck +install-man: + @printf '.. |version| replace:: %s\n' '$(VERSION)' > man/version.rst + install -d -m 755 $(MAN_DIR)/man1 + rst2man man/mkarchiso.1.rst $(MAN_DIR)/man1/mkarchiso.1 + +.PHONY: check install install-doc install-man install-profiles install-scripts shellcheck diff --git a/README.rst b/README.rst index 6ac7434..cf91628 100644 --- a/README.rst +++ b/README.rst @@ -3,7 +3,7 @@ archiso ======= The archiso project features scripts and configuration templates to build installation media (*.iso* images and -*.tar.gz* bootstrap images) as well as netboot artifacts for BIOS and UEFI based systems on the x86_64 architecture. +*.tar bootstrap images) as well as netboot artifacts for BIOS and UEFI based systems on the x86_64 architecture. Currently creating the images is only supported on Arch Linux but may work on other operating systems as well. Requirements @@ -36,6 +36,10 @@ For linting the shell scripts the following package is required: * shellcheck +For generating the man pages: + +* python-docutils + Profiles ======== @@ -129,7 +133,7 @@ boot the iso image from GRUB with a version specific cow directory to mitigate o .. code:: sh loopback loop archlinux.iso - load_env -f (loop)/arch/grubenv + load_env -f (loop)/boot/grub/grubenv linux (loop)/arch/boot/x86_64/vmlinuz-linux ... \ cow_directory=${NAME}/${VERSION} ... initrd (loop)/arch/boot/x86_64/initramfs-linux-lts.img @@ -139,14 +143,14 @@ Contribute Development of archiso takes place on Arch Linux' Gitlab: https://gitlab.archlinux.org/archlinux/archiso. -Please read our distribution-wide `Code of Conduct `_ before +Please read our distribution-wide `Code of Conduct `_ before contributing, to understand what actions will and will not be tolerated. Read our `contributing guide `_ to learn more about how to provide fixes or improvements for the code base. Discussion around archiso takes place on the `arch-releng mailing list -`_ and in `#archlinux-releng +`_ and in `#archlinux-releng `_ on `Libera Chat `_. All past and present authors of archiso are listed in `AUTHORS `_. @@ -156,7 +160,7 @@ Releases `Releases of archiso `_ are created by their current maintainers -- `David Runge `_ (``C7E7849466FE2358343588377258734B41C31549``) +- `David Runge `_ (``991F6E3F0765CF6295888586139B09DA5BF0D338``) - `nl6720 `_ (``BB8E6F1B81CF0BB301D74D1CBF425A01E68B38EF``) Tags are signed using respective PGP keys. diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 5f0c79b..ed8b28c 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -8,11 +8,6 @@ shopt -s extglob # Control the environment umask 0022 export LC_ALL="C.UTF-8" -if [[ -v LANGUAGE ]]; then - # LC_ALL=C.UTF-8, unlike LC_ALL=C, does not override LANGUAGE. - # See https://sourceware.org/bugzilla/show_bug.cgi?id=16621 and https://savannah.gnu.org/bugs/?62815 - unset LANGUAGE -fi [[ -v SOURCE_DATE_EPOCH ]] || printf -v SOURCE_DATE_EPOCH '%(%s)T' -1 export SOURCE_DATE_EPOCH @@ -29,6 +24,7 @@ gpg_key="" gpg_sender="" iso_name="" iso_label="" +iso_uuid="" iso_publisher="" iso_application="" iso_version="" @@ -37,18 +33,22 @@ arch="" pacman_conf="" packages="" bootstrap_packages="" +bootstrap_parent="" pacstrap_dir="" +search_filename="" +declare -i rm_work_dir=0 buildmodes=() bootmodes=() airootfs_image_type="" airootfs_image_tool_options=() +bootstrap_tarball_compression="" cert_list=() -sign_netboot_artifacts="" declare -A file_permissions=() efibootimg="" efiboot_files=() # adapted from GRUB_EARLY_INITRD_LINUX_STOCK in https://git.savannah.gnu.org/cgit/grub.git/tree/util/grub-mkconfig.in readonly ucodes=('intel-uc.img' 'intel-ucode.img' 'amd-uc.img' 'amd-ucode.img' 'early_ucode.cpio' 'microcode.cpio') +declare -i need_external_ucodes=0 # Show an INFO message @@ -87,17 +87,18 @@ usage: ${app_name} [options] Default: '${iso_application}' -C pacman configuration file. Default: '${pacman_conf}' - -D Set an install_dir. All files will by located here. + -D Set an install_dir. All files will be located here. Default: '${install_dir}' NOTE: Max 8 characters, use only [a-z0-9] -L