tools/archiso
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: tools:master
Branches Tags
tools:master
tools:rm-pacman-init.service
tools:v82
tools:v81
tools:v80
tools:v79
tools:v78
tools:v77
tools:v76
tools:v75
tools:v74
tools:v73
tools:v72
tools:v71
tools:v70
tools:v69
tools:v68
tools:v67
tools:v66
tools:v65
tools:v64
tools:v63
tools:v62.1
tools:v62
tools:v61
tools:v60
tools:v59
tools:v58
tools:v57
tools:v56.1
tools:v56
tools:v55
tools:v54
tools:v53
tools:v52
tools:v51
tools:v50.1
tools:v50
tools:v49
tools:v48.1
tools:v48
tools:v47.1
tools:v47
tools:v46
tools:v45
tools:v44
tools:v43
tools:v42
tools:v41
tools:v40
tools:v39
tools:v38
tools:v37
tools:v36
tools:v35
tools:v34
tools:v33
tools:v32
tools:v31
tools:v30
tools:v29
tools:v28
tools:v27
tools:v26
tools:v25
tools:v24
tools:v23
tools:v22
tools:v21
tools:v20
tools:v19
tools:v18
tools:v17
tools:v16
tools:v15
tools:v14
tools:v13
tools:v12
tools:v11
tools:v10
tools:v9
tools:v8
tools:v7
tools:v6
tools:v5
tools:v4
tools:v3
tools:v2
tools:v1
..
compare: tools:rm-pacman-init.service
Branches Tags
tools:master
tools:rm-pacman-init.service
tools:v82
tools:v81
tools:v80
tools:v79
tools:v78
tools:v77
tools:v76
tools:v75
tools:v74
tools:v73
tools:v72
tools:v71
tools:v70
tools:v69
tools:v68
tools:v67
tools:v66
tools:v65
tools:v64
tools:v63
tools:v62.1
tools:v62
tools:v61
tools:v60
tools:v59
tools:v58
tools:v57
tools:v56.1
tools:v56
tools:v55
tools:v54
tools:v53
tools:v52
tools:v51
tools:v50.1
tools:v50
tools:v49
tools:v48.1
tools:v48
tools:v47.1
tools:v47
tools:v46
tools:v45
tools:v44
tools:v43
tools:v42
tools:v41
tools:v40
tools:v39
tools:v38
tools:v37
tools:v36
tools:v35
tools:v34
tools:v33
tools:v32
tools:v31
tools:v30
tools:v29
tools:v28
tools:v27
tools:v26
tools:v25
tools:v24
tools:v23
tools:v22
tools:v21
tools:v20
tools:v19
tools:v18
tools:v17
tools:v16
tools:v15
tools:v14
tools:v13
tools:v12
tools:v11
tools:v10
tools:v9
tools:v8
tools:v7
tools:v6
tools:v5
tools:v4
tools:v3
tools:v2
tools:v1

1 commit
master ... rm-pacman-

Author SHA1 Message Date
nl6720
de8923f8b2
Remove pacman-init.service from releng 
pacman-init.service causes more problems than it's worth.

Due to archlinux-keyring bloat, it takes too long to finish making it possible to corrupt the keyring if pacman or pacstrap is used before pacman-init.service is done.

If the timezone is in UTC+X, gpg as run by pacman-key will create and sign the keys with a future timestamp causing issues when updating the pacman keyring.

The solutions were to either:

* Automate more. Enable systemd-timesyncd.service and systemd-time-wait-sync.service. Order pacman-init.service after time-sync.target.
* Automate less. Get rid of pacman-init.service entirely.

"Automating more" just means more automagic that makes the releng profile differ from a newly installed system. Which in turn gives false expectations for those installing Arch.

This change will require that users manually initialize the pacman keyring and populate the keys in the live environment. I.e. these commands will now need to be run manually:

    # pacman-key --init
    # pacman-key --populate

Alternatively, using the latest Arch Linux keyring from the repos:

    # pacman-key --init
    # pacman -Sy archlinux-keyring

Regardless of the chosen commands, they should be run after the system time is synced via NTP.

Fixes #190
Fixes #191
 2022-09-10 14:47:42 +03:00
76 changed files with 1339 additions and 1823 deletions
Download patch file Download diff file Expand all files Collapse all files

7
.editorconfig
View file

@ -16,10 +16,6 @@ charset = utf-8
indent_style = space
indent_size = 4
max_line_length = 120
# for shfmt
switch_case_indent = true
binary_next_line = true
[*.{yml,yaml}]
end_of_line = lf
@ -36,6 +32,3 @@ trim_trailing_whitespace = true
charset = utf-8
indent_style = space
indent_size = 2
[Makefile]
indent_style = tab

6
.gitignore vendored
View file

@ -1,9 +1,7 @@
*~
*.tar
*.tar.*
archiso-*.tar.gz*
work/
out/
codesigning*
*.iso
*.img
*.cer
@ -12,5 +10,3 @@ codesigning*
*.pem
user-data
meta-data
network-config
man/version.rst

71
.gitlab-ci.yml Normal file
View file

@ -0,0 +1,71 @@
---
#
# SPDX-License-Identifier: GPL-3.0-or-later
stages:
- check
- build
check:
before_script:
# NOTE: Install latest archlinux-keyring before upgrading system. In the
# future this should not be needed anymore when we can guarantee a valid
# keyring for longer:
# https://gitlab.archlinux.org/archlinux/archlinux-keyring/-/issues/4
- pacman -Sy --needed --noconfirm archlinux-keyring
- pacman --noconfirm -Syu --needed make shellcheck
script:
- make check
stage: check
interruptible: true
.build:
artifacts:
reports:
metrics: output/metrics.txt
before_script:
- pacman -Sy --needed --noconfirm archlinux-keyring
- pacman -Syu --needed --noconfirm arch-install-scripts bash dosfstools e2fsprogs erofs-utils gnupg grub jq libarchive libisoburn mtools openssl qemu-headless squashfs-tools zsync
script:
- ./.gitlab/ci/build_archiso.sh ${BUILD_SCRIPT_ARGS}
stage: build
tags:
- vm
build_short:
extends: .build
parallel:
matrix:
- BUILD_SCRIPT_ARGS: baseline bootstrap
- BUILD_SCRIPT_ARGS: releng bootstrap
only:
refs:
- master
- merge_requests
changes:
- archiso/*
- configs/**/*
- Makefile
- .gitlab-ci.yml
- .gitlab/ci/*
interruptible: true
build_long:
extends: .build
parallel:
matrix:
- BUILD_SCRIPT_ARGS: baseline iso
- BUILD_SCRIPT_ARGS: baseline netboot
- BUILD_SCRIPT_ARGS: releng iso
- BUILD_SCRIPT_ARGS: releng netboot
only:
refs:
- master
- merge_requests
changes:
- archiso/*
- configs/**/*
- Makefile
- .gitlab-ci.yml
- .gitlab/ci/*
interruptible: true

273
.gitlab/ci/build_archiso.sh Executable file
View file

@ -0,0 +1,273 @@
#!/usr/bin/env bash
#
# This script is run within a virtual environment to build the available archiso profiles and their available build
# modes and create checksum files for the resulting images.
# The script needs to be run as root and assumes $PWD to be the root of the repository.
#
# Dependencies:
# * all archiso dependencies
# * coreutils
# * gnupg
# * openssl
# * zsync
#
# $1: profile
# $2: buildmode
set -euo pipefail
shopt -s extglob
readonly orig_pwd="${PWD}"
readonly output="${orig_pwd}/output"
readonly tmpdir_base="${orig_pwd}/tmp"
readonly profile="${1}"
readonly buildmode="${2}"
readonly install_dir="arch"
tmpdir=""
tmpdir="$(mktemp --dry-run --directory --tmpdir="${tmpdir_base}")"
gnupg_homedir=""
codesigning_dir=""
codesigning_cert=""
codesigning_key=""
pgp_key_id=""
print_section_start() {
# gitlab collapsible sections start: https://docs.gitlab.com/ee/ci/jobs/#custom-collapsible-sections
local _section _title
_section="${1}"
_title="${2}"
printf "\e[0Ksection_start:%(%s)T:%s\r\e[0K%s\n" '-1' "${_section}" "${_title}"
}
print_section_end() {
# gitlab collapsible sections end: https://docs.gitlab.com/ee/ci/jobs/#custom-collapsible-sections
local _section
_section="${1}"
printf "\e[0Ksection_end:%(%s)T:%s\r\e[0K\n" '-1' "${_section}"
}
cleanup() {
# clean up temporary directories
print_section_start "cleanup" "Cleaning up temporary directory"
if [ -n "${tmpdir_base:-}" ]; then
rm -fr "${tmpdir_base}"
fi
print_section_end "cleanup"
}
create_checksums() {
# create checksums for files
# $@: files
local _file_path _file_name _current_pwd
_current_pwd="${PWD}"
print_section_start "checksums" "Creating checksums"
for _file_path in "$@"; do
cd "$(dirname "${_file_path}")"
_file_name="$(basename "${_file_path}")"
b2sum "${_file_name}" > "${_file_name}.b2"
md5sum "${_file_name}" > "${_file_name}.md5"
sha1sum "${_file_name}" > "${_file_name}.sha1"
sha256sum "${_file_name}" > "${_file_name}.sha256"
sha512sum "${_file_name}" > "${_file_name}.sha512"
ls -lah "${_file_name}."{b2,md5,sha{1,256,512}}
cat "${_file_name}."{b2,md5,sha{1,256,512}}
done
cd "${_current_pwd}"
print_section_end "checksums"
}
create_zsync_delta() {
# create zsync control files for files
# $@: files
local _file
print_section_start "zsync_delta" "Creating zsync delta"
for _file in "$@"; do
if [[ "${buildmode}" == "bootstrap" ]]; then
# zsyncmake fails on 'too long between blocks' with default block size on bootstrap image
zsyncmake -v -b 512 -C -u "${_file##*/}" -o "${_file}".zsync "${_file}"
else
zsyncmake -v -C -u "${_file##*/}" -o "${_file}".zsync "${_file}"
fi
done
print_section_end "zsync_delta"
}
create_metrics() {
local _metrics="${output}/metrics.txt"
# create metrics
print_section_start "metrics" "Creating metrics"
{
# create metrics based on buildmode
case "${buildmode}" in
iso)
printf 'image_size_mebibytes{image="%s"} %s\n' \
"${profile}" \
"$(du -m -- "${output}/"*.iso | cut -f1)"
printf 'package_count{image="%s"} %s\n' \
"${profile}" \
"$(sort -u -- "${tmpdir}/iso/"*/pkglist.*.txt | wc -l)"
if [[ -e "${tmpdir}/efiboot.img" ]]; then
printf 'eltorito_efi_image_size_mebibytes{image="%s"} %s\n' \
"${profile}" \
"$(du -m -- "${tmpdir}/efiboot.img" | cut -f1)"
fi
# shellcheck disable=SC2046
# shellcheck disable=SC2183
printf 'initramfs_size_mebibytes{image="%s",initramfs="%s"} %s\n' \
$(du -m -- "${tmpdir}/iso/"*/boot/**/initramfs*.img | \
awk -v profile="${profile}" \
'function basename(file) {
sub(".*/", "", file)
return file
}
{ print profile, basename($2), $1 }'
)
;;
netboot)
printf 'netboot_size_mebibytes{image="%s"} %s\n' \
"${profile}" \
"$(du -m -- "${output}/${install_dir}/" | tail -n1 | cut -f1)"
printf 'netboot_package_count{image="%s"} %s\n' \
"${profile}" \
"$(sort -u -- "${tmpdir}/iso/"*/pkglist.*.txt | wc -l)"
;;
bootstrap)
printf 'bootstrap_size_mebibytes{image="%s"} %s\n' \
"${profile}" \
"$(du -m -- "${output}/"*.tar*(.gz|.xz|.zst) | cut -f1)"
printf 'bootstrap_package_count{image="%s"} %s\n' \
"${profile}" \
"$(sort -u -- "${tmpdir}/"*/bootstrap/root.*/pkglist.*.txt | wc -l)"
;;
esac
} > "${_metrics}"
ls -lah "${_metrics}"
cat "${_metrics}"
print_section_end "metrics"
}
create_ephemeral_pgp_key() {
# create an ephemeral PGP key for signing the rootfs image
print_section_start "ephemeral_pgp_key" "Creating ephemeral PGP key"
gnupg_homedir="$tmpdir/.gnupg"
mkdir -p "${gnupg_homedir}"
chmod 700 "${gnupg_homedir}"
cat << __EOF__ > "${gnupg_homedir}"/gpg.conf
quiet
batch
no-tty
no-permission-warning
export-options no-export-attributes,export-clean
list-options no-show-keyring
armor
no-emit-version
__EOF__
gpg --homedir "${gnupg_homedir}" --gen-key <<EOF
%echo Generating ephemeral Arch Linux release engineering key pair...
Key-Type: default
Key-Length: 3072
Key-Usage: sign
Name-Real: Arch Linux Release Engineering
Name-Comment: Ephemeral Signing Key
Name-Email: arch-releng@lists.archlinux.org
Expire-Date: 0
%no-protection
%commit
%echo Done
EOF
pgp_key_id="$(
gpg --homedir "${gnupg_homedir}" \
--list-secret-keys \
--with-colons \
| awk -F':' '{if($1 ~ /sec/){ print $5 }}'
)"
pgp_sender="Arch Linux Release Engineering (Ephemeral Signing Key) <arch-releng@lists.archlinux.org>"
print_section_end "ephemeral_pgp_key"
}
create_ephemeral_codesigning_key() {
# create ephemeral certificates used for codesigning
print_section_start "ephemeral_codesigning_key" "Creating ephemeral codesigning key"
codesigning_dir="${tmpdir}/.codesigning/"
local codesigning_conf="${codesigning_dir}/openssl.cnf"
local codesigning_subj="/C=DE/ST=Berlin/L=Berlin/O=Arch Linux/OU=Release Engineering/CN=archlinux.org"
codesigning_cert="${codesigning_dir}/codesign.crt"
codesigning_key="${codesigning_dir}/codesign.key"
mkdir -p "${codesigning_dir}"
cp -- /etc/ssl/openssl.cnf "${codesigning_conf}"
printf "\n[codesigning]\nkeyUsage=digitalSignature\nextendedKeyUsage=codeSigning\n" >> "${codesigning_conf}"
openssl req \
-newkey rsa:4096 \
-keyout "${codesigning_key}" \
-nodes \
-sha256 \
-x509 \
-days 365 \
-out "${codesigning_cert}" \
-config "${codesigning_conf}" \
-subj "${codesigning_subj}" \
-extensions codesigning
print_section_end "ephemeral_codesigning_key"
}
run_mkarchiso() {
# run mkarchiso
create_ephemeral_pgp_key
create_ephemeral_codesigning_key
print_section_start "mkarchiso" "Running mkarchiso"
mkdir -p "${output}/" "${tmpdir}/"
GNUPGHOME="${gnupg_homedir}" ./archiso/mkarchiso \
-D "${install_dir}" \
-c "${codesigning_cert} ${codesigning_key}" \
-g "${pgp_key_id}" \
-G "${pgp_sender}" \
-o "${output}/" \
-w "${tmpdir}/" \
-m "${buildmode}" \
-v "configs/${profile}"
print_section_end "mkarchiso"
if [[ "${buildmode}" =~ "iso" ]]; then
create_zsync_delta "${output}/"*.iso
create_checksums "${output}/"*.iso
fi
if [[ "${buildmode}" == "bootstrap" ]]; then
create_zsync_delta "${output}/"*.tar*(.gz|.xz|.zst)
create_checksums "${output}/"*.tar*(.gz|.xz|.zst)
fi
create_metrics
print_section_start "ownership" "Setting ownership on output"
if [[ -n "${SUDO_UID:-}" ]] && [[ -n "${SUDO_GID:-}" ]]; then
chown -Rv "${SUDO_UID}:${SUDO_GID}" -- "${output}"
fi
print_section_end "ownership"
}
trap cleanup EXIT
run_mkarchiso

11
.shellcheckrc
View file

@ -1,11 +0,0 @@
# Suggest explicitly using -n in `[ $var ]`
enable=avoid-nullary-conditions
# Suggest 'command -v' instead of 'which'
enable=deprecate-which
# Suggest quoting variables without metacharacters
enable=quote-safe-variables
# Require [[ and warn about [ in Bash/Ksh
enable=require-double-brackets

27
AUTHORS.rst
View file

@ -2,60 +2,37 @@
Archiso Authors
===============
* 2hexed <2hexed@protonmail.com>
* Aaron Griffin <aaron@archlinux.org>
* Adam Purkrt <adam@purkrt.net>
* Alexander Epaneshnikov <aarnaarn2@gmail.com>
* Alexander Speshilov <speshuric@gmail.com>
* Anton Hvornum <anton@hvornum.se>
* Antonio V <crazysnob@live.it>
* Chandan Singh <cks071g2@gmail.com>
* Charles Vejnar <ce@vejnar.org>
* Christian Hesse <mail@eworm.de>
* Christopher Brannon <cmbrannon79@gmail.com>
* Dan McGee <dan@archlinux.org>
* Darren Ng <un1gfn@gmail.com>
* David Runge <dvzrv@archlinux.org>
* David Thurstenson <thurstylark@gmail.com>
* Dieter Plaetinck <dieter@plaetinck.be>
* Eli Schwartz <eschwartz@archlinux.org>
* Eric Toombs <567-ewtoombs@users.noreply.gitlab.archlinux.org>
* Florian Pritz <bluewind@xinu.at>
* Francois Dupoux <fdupoux@users.sourceforge.net>
* Gerardo Exequiel Pozzi <vmlinuz386@gmail.com>
* Gerhard Brauer <gerbra@archlinux.de>
* Giancarlo Razzolini <grazzolini@archlinux.org>
* Howard Hicks <deimosian@gmail.com>
* James Sitegen <jamesm.sitegen@gmail.com>
* John Lane <archlinux@jelmail.com>
* Jonathan Liu <net147@gmail.com>
* Jonathon Fernyhough <jonathon@m2x.dev>
* Justin Kromlinger <hashworks@archlinux.org>
* Keshav Amburay <the.ridikulus.rat@gmail.com>
* Kristian Klausen <kristian@klausen.dk>
* Loui Chang <louipc.ist@gmail.com>
* Lukas Fleischer <archlinux@cryptocrack.de>
* Martin Damian Fernandez <martin.damian.fernandez@gmail.com>
* Michael Gilchrist <michaelgilch@gmail.com>
* Michael Vorburger <mike@vorburger.ch>
* Pellegrino Prevete <pellegrinoprevete@gmail.com>
* Pierre Schmitz <pierre@archlinux.de>
* Sean Enck <enckse@voidedtech.com>
* Simo Leone <simo@archlinux.org>
* Simon Wilper <sxw@chronowerks.de>
* Sorin Pânca <sorin.panca@gmail.com>
* Steffen Bönigk <boenki@gmx.de>
* Sven-Hendrik Haase <svenstaro@gmail.com>
* Thomas Bächler <thomas@archlinux.org>
* Tobias Powalowski <tpowa@archlinux.org>
* Tom Yan <tom.ty89@gmail.com>
* Yu Li-Yu <afg984@gmail.com>
* Zig Globulin <zig@zigsystem.com>
* hayao <hayao@fascode.net>
* kojq su <3145-kojqsu@users.noreply.gitlab.archlinux.org>
* mono wock <aaronleemorrison@protonmail.com>
* nl6720 <nl6720@gmail.com>
* plain linen <bcdedit@hotmail.com>
* shivanandvp <shivanandvp.oss@gmail.com>
* weltio weltio <weltio@web.de>
* Øyvind Heggstad <heggstad@gmail.com>
* plain linen <bcdedit@hotmail.com>
* Pellegrino Prevete <pellegrinoprevete@gmail.com>

354
CHANGELOG.rst
View file

@ -11,359 +11,9 @@ Added
Changed
-------
Deprecated
----------
Fixed
-----
Removed
-------
[82] - 2024-11-27
=================
Fixed
-----
- Commented out ``DownloadUser`` in ``pacman.conf`` so that the working directory is not restricted to paths to which
the ``alpm`` user has access to.
[81] - 2024-10-28
=================
Fixed
-----
- Change enabled services in baseline and releng profile to adapt to changes in ``cloud-init`` ≥ 24.3 (renamed
``cloud-init.service`` to ``cloud-init-network.service``, introduced new ``cloud-init-main.service``).
Removed
-------
- Removed gnu-netcat from releng profile, as cloud-init requires openbsd-netcat and the two netcat versions can not be
installed side-by-side.
[80] - 2024-09-26
=================
Added
-----
- Support compressing the bootstrap tarball with ``xz``.
Changed
-------
- Use an empty UUID for the EROFS image file since the file system will never be referenced by it.
- Do not use ``mkfs.erofs`` extended options ``fragments`` and ``dedupe`` in the baseline profile. This reduces the EROFS
image size and compression time.
- Update profile ``pacman.conf`` to include the new options added to ``/etc/pacman.conf`` in pacman 7.0.0.r3.g7736133-1.
Fixed
-----
- Show the correct image file name, including the extension, when building a bootstrap image.
Removed
-------
- Removed reiserfsprogs from packages (EOL)
[79] - 2024-07-25
=================
Fixed
-----
- When downloading an automation script fail with non-zero status code instead of returning an HTML document when the
remote HTTP server fails to deliver the document.
Removed
-------
- Remove unneeded workaround for e2fsprogs < 1.47.1.
[78] - 2024-05-23
=================
Changed
-------
- Moved the ``pkglist.x86_64.txt`` file outside the bootstrap tarball's ``root.x86_64`` directly to avoid polluting the
root file system.
- Use 4 MiB OVMF files in ``run_archiso`` instead of the old 2 MiB ones.
- Increase the additional free space of the EFI partition size from 1 MiB to 8 MiB to account for file system overhead
when using FAT32 (needs less than 1 MiB) and to give more space for adding custom files when repacking an ISO (e.g.
when preparing it for Secure Boot).
- Remove 300 KiB padding needed for CDs if the ISO exceeds the maximum size of a CD.
- Use ``xz -9e`` as the releng profile's initramfs compression. Now that mkinitcpio does not decompress the loadable
kernel modules and firmware files anymore and moves them to the early uncompressed initramfs, we can compress the main
initramfs image with a higher compression without it having much impact on the ISO build time.
- Format the EFI system partition image as FAT32 if the size allows it (i.e. if it is at least 36 MiB).
Fixed
-----
- Look for microcode update files in the initramfs images when checking if external microcode images are needed. The
existence of a ``early_cpio`` file is not enough since mkinitcpio can and will place other files in the early
uncompressed CPIO even when the ``microcode`` hook is not used.
Removed
-------
- Remove the wezterm-terminfo package from the releng profile as the relevant file is now provided by the ncurses
package instead.
[77] - 2024-04-21
=================
Added
-----
- Copy Memtest86+ EFI binary to the EFI system partition and ISO 9660 for ``uefi-x86.systemd-boot`` boot modes.
Additionally, create a boot entry with it for the releng profile.
Changed
-------
- Change releng profile's bootstrap tarball compression from gzip to zstd. zstd provides higher and faster compression.
- Use mkinitcpio's ``microcode`` hook instead of external microcode images to simplify boot loader configuration.
Custom PXE setups will need to update their boot loader configuration.
- Replace ``archisodevice`` boot parameter with ``archisosearchuuid`` in all boot loader configuration. This allows to
have "file system transposition" without relaying on GRUB-specific features.
- Replace GRUB with systemd-boot as the UEFI boot loader for the releng profile. While this increases the ISO size, it
avoids all GRUB-specific annoyances and oddities.
Fixed
-----
- Fix requirement validation logic for the ``uefi-ia32.systemd-boot.eltorito`` boot mode. It incorrectly applied the
same requirements as ``uefi-x64.systemd-boot.esp``.
[76] - 2024-03-30
=================
Added
-----
- Add a man page for ``mkarchiso``.
- Implement configurable bootstrap tarball compression. It is configured in ``profiledef.sh`` using a bash array called
``bootstrap_tarball_compression``. baseline tarball now uses zstd compression while releng remains with gzip for now.
Changed
-------
- Move ``/boot/grub/YYYY-mm-dd-HH-MM-SS-00.uuid`` to ``/boot/YYYY-mm-dd-HH-MM-SS-00.uuid`` and always create the file.
Once mkinitcpio-archiso implements searching for the file in early userspace, this file's use will not be limited to
just GRUB.
- Skip including external microcode images in build artifacts if the initramfs file contains ``early_cpio`` (indicating
an early uncompressed CPIO archive which should have the microcode update files).
Removed
-------
- Remove workaround for glibc < 2.39. ``LC_ALL=C.UTF-8`` now overrides ``LANGUAGE``, just like ``LC_ALL=C``.
[75] - 2024-01-24
=================
Added
-----
- Explicitly add ldns to releng (as opposed to it only being pulled in as a dependency of another package) to ensure
``drill`` remains available.
Changed
-------
- Update the releng ISO description to "Arch Linux Live/Rescue DVD" since the ISO size now exceeds the maximum size of
a CD (900 MiB).
Fixed
-----
- Update the location where ``mkarchiso`` looks for the memtest86+ license file.
[74] - 2023-12-21
=================
Added
-----
- Add bcachefs-tools to releng for access to bcachefs userspace tools.
- Add tftp as a valid protocol for downloading automated boot script.
Changed
-------
- Set ``RequiredForOnline=routable`` in systemd-networkd configuration files to improve the chances that the network
really is *online* when ``network-online.target`` is reached.
Fixed
-----
- Add missing replacement for the UUID variable in systemd-boot configuration files on ISO 9660.
[73] - 2023-09-29
=================
Added
-----
- Add bolt to releng for authorizing and otherwise managing Thunderbolt and USB4 devices.
- Add ``uefi-ia32.systemd-boot.esp`` and ``uefi-ia32.systemd-boot.eltorito`` boot modes that use systemd-boot for IA32
UEFI. The boot modes of baseline and releng are not changed.
- Add GRUB configuration file ``/boot/grub/loopback.cfg`` to the releng and baseline profiles. It sets the necessary
boot parameters required for booting the ISO image as a file on a file system.
Fixed
-----
- Add ``/etc/localtime`` to the baseline profile to ensure the ISO can be booted successfully without triggering
questions from systemd-firstboot.
[72] - 2023-08-29
=================
Added
-----
- Add tpm2-tools to releng to allow clearing, creating and reading keys on the TPM.
- Add sequoia-sq and openpgp-card-tools as additional tooling for working with OpenPGP certificates and smartcards.
Changed
-------
- Moved custom ``mkinitcpio.conf`` files to ``/etc/mkinitcpio.conf.d/archiso.conf``.
- Mount ``/etc/pacman.d/gnupg`` on tmpfs with option ``noswap`` instead of using ramfs. This ensures there is a limit to
the file system size.
- Enable systemd-networkd's support for IPv6 Privacy Extensions globally instead of per-connection.
- Moved custom ``sshd_config`` files to ``/ssh/sshd_config.d/10-archiso.conf``
- Use pcsclite for interfacing with smartcards, since both gnupg and opgpcard support it.
Fixed
-----
- Sign the root file system image only once.
- Make sure xorriso does not read its configuration files to prevent interference and unintended behavior.
[71] - 2023-05-28
=================
Added
-----
- Added classes for Memtest86+ and UEFI Shell menuentries.
- Add foot-terminfo and wezterm-terminfo packages to releng to support terminal emulators using them. E.g. when
installing via SSH.
- Add a new ``-r`` option to ``mkarchiso`` that deletes the working directly after the build.
- Add support for mDNS announce and resolve.
Changed
-------
- Increase EROFS compression for the baseline profile by using an extreme LZMA compression level and enabling the
experimental compressed fragments and data deduplication features.
- Identify the ISO volume via a UUID instead of a file system label in all boot loader configuration files.
- Update ``pacman.conf`` to match the one shipped with pacman 6.0.2-7 which removes the community repository.
Fixed
-----
- Wait for ``network-online.target`` to become active before trying to download the script passed via the ``script=``
boot parameter.
- Subdirectories from ``grub/`` are copied to the ISO.
- Modify the commandline options to a ``cp`` command in ``mkarchiso`` so that the entire script does not exit with
failure when a custom ``.bashrc`` file is supplied with the archiso configuration. This fix was needed after
**GNU Coreutils** recently changed the behaviour of the ``-n`` (or ``--no-clobber``) commandline option to the ``cp``
command.
- Ensure ``SOURCE_DATE_EPOCH`` is read from the ``build_date`` file before ``profiledef.sh`` is sourced to ensure the
variable has a correct value when used inside ``profiledef.sh``.
[70] - 2023-02-27
=================
Added
-----
- Support *file system transposition* to simplify boot medium preparation for UEFI boot via extracting the ISO image
contents to a drive. ``grub.cfg`` does not hardcode the ISO volume label anymore, instead GRUB will search for volume
with a ``/boot/grub/YYYY-mm-dd-HH-MM-SS-00.uuid`` file on it.
- Preload GRUB's NTFS modules for UEFI that allegedly have native NTFS support. GRUB's exFAT and UDF modules are also
preloaded in case someone finds them useful.
Changed
-------
- Identify the ISO volume via a UUID instead of a file system label to avoid collisions of multiple ISOs created in the
same month.
- Honor ``SOURCE_DATE_EPOCH`` in the ``date`` command used by ``profiledef.sh`` of the shipped profiles.
- Do not duplicate ``grub.cfg`` in both ISO 9660 and the EFI system partition / El Torito image. GRUB will search for
the ISO volume and load the ``grub.cfg`` from there.
- Moved GRUB files on ISO 9660 from ``/EFI/BOOT/`` to a boot-platform neutral place ``/boot/grub/``. This does not apply
to the EFI binaries that remain in the default/fallback boot path.
- Move ``grubenv`` to ``/boot/grub/grubenv`` on ISO 9660 so that it is together with the rest of GRUB-specific files.
Additionally write more variables in it. The previous ``/${install_dir}/grubenv`` (``/arch/grubenv`` for releng)
is deprecated and a future archiso release will not create this file anymore.
- Moved syslinux directory from ``/syslinux/`` to ``/boot/syslinux/`` to keep most boot loader files in ``/boot/``.
- Update ``README.transfer`` documentation and convert it to reStructuredText.
- Use ``console`` as grub's ``terminal_output``, as ``gfxterm`` leads to a blank screen on some hardware.
Removed
-------
- Do not place memtest86+ in netboot artifacts.
[69] - 2022-12-24
=================
Added
-----
- Add Memtest86+ to x86_64 UEFI GRUB boot menu.
Changed
-------
- Check if the GPG public key file was successfully placed in the work directory before trying to use it.
- Open the file descriptors for code signing certificates and GPG public key as read only. Nothing from the within the
``pacstrap`` invoked chroot should ever be allowed to write outside of it.
- Error out early if any of the code signing certificate files passed with option ``-c`` do not exist.
- Use LZMA compressed EROFS image for the baseline profile. Now that xz 5.4 is out and erofs-utils is built with LZMA
support, using a higher compression is possible.
- Add ``/etc/machine-id`` with special value ``uninitialized``. The final id is generated at boot time, and systemd's
first-boot mechanim (see ``First Boot Semantics`` in ``machine-id(5)``) applies. No functional change unless that
``ConditionFirstBoot=yes`` is true and passive unit ``first-boot-complete.target`` activates for ordering.
[68] - 2022-10-30
=================
Changed
-------
- Do not explicitly enable ``qemu-guest-agent.service`` as it will be started by a udev rule.
- Remove existing signature (``.sig``) files and do not sign them when signing netboot artifacts. This is mostly
applicable when re-running ``mkarchiso`` after a failure.
- Replace ``archiso_kms`` with ``kms`` in ``mkinitcpio.conf``. The hook is available in mkinitcpio since version 32.
[67] - 2022-09-25
=================
Added
-----
- The ability to generate rootfs signatures using openssl CMS module if ``-c`` is given.
Changed
-------
- Order ``pacman-init.service`` before ``archlinux-keyring-wkd-sync.service`` since
``archlinux-keyring-wkd-sync.service`` needs an initialized pacman keyring.
- Order ``pacman-init.service`` after ``time-sync.target`` since ``pacman-init.service`` may otherwise create local
signatures that are not valid on target systems after installation.
[66] - 2022-08-28
=================
@ -403,8 +53,6 @@ Removed
- Remove the custom pacman hook that ran ``locale-gen`` on glibc install from the releng profile. The used locale now
ships with the glibc package itself.
- Remove "Copy to RAM" boot entries since the ``archiso`` mkinitcpio hook enables it automatically when there is enough
free RAM.
[64] - 2022-05-30
=================
@ -543,7 +191,7 @@ Removed
-------
- Remove all files related to ``mkinitcpio`` integration, as they now live in
https://gitlab.archlinux.org/archlinux/mkinitcpio/mkinitcpio-archiso
https://gitlab.archlinux.org/mkinitcpio/mkinitcpio-archiso
[57] - 2021-07-30
=================

11
Makefile
View file

@ -4,13 +4,11 @@
PREFIX ?= /usr/local
BIN_DIR=$(DESTDIR)$(PREFIX)/bin
DOC_DIR=$(DESTDIR)$(PREFIX)/share/doc/archiso
MAN_DIR?=$(DESTDIR)$(PREFIX)/share/man
PROFILE_DIR=$(DESTDIR)$(PREFIX)/share/archiso
DOC_FILES=$(wildcard docs/*) $(wildcard *.rst)
SCRIPT_FILES=$(wildcard archiso/*) $(wildcard scripts/*.sh) $(wildcard .gitlab/ci/*.sh) \
$(wildcard configs/*/profiledef.sh) $(wildcard configs/*/airootfs/usr/local/bin/*)
VERSION?=$(shell git describe --long --abbrev=7 | sed 's/^v//;s/\([^-]*-g\)/r\1/;s/-/./g;s/\.r0\.g.*//')
all:
@ -19,7 +17,7 @@ check: shellcheck
shellcheck:
shellcheck -s bash $(SCRIPT_FILES)
install: install-scripts install-profiles install-doc install-man
install: install-scripts install-profiles install-doc
install-scripts:
install -vDm 755 archiso/mkarchiso -t "$(BIN_DIR)/"
@ -32,9 +30,4 @@ install-profiles:
install-doc:
install -vDm 644 $(DOC_FILES) -t $(DOC_DIR)
install-man:
@printf '.. |version| replace:: %s\n' '$(VERSION)' > man/version.rst
install -d -m 755 $(MAN_DIR)/man1
rst2man man/mkarchiso.1.rst $(MAN_DIR)/man1/mkarchiso.1
.PHONY: check install install-doc install-man install-profiles install-scripts shellcheck
.PHONY: check install install-doc install-profiles install-scripts shellcheck

14
README.rst
View file

@ -3,7 +3,7 @@ archiso
=======
The archiso project features scripts and configuration templates to build installation media (*.iso* images and
*.tar bootstrap images) as well as netboot artifacts for BIOS and UEFI based systems on the x86_64 architecture.
*.tar.gz* bootstrap images) as well as netboot artifacts for BIOS and UEFI based systems on the x86_64 architecture.
Currently creating the images is only supported on Arch Linux but may work on other operating systems as well.
Requirements
@ -36,10 +36,6 @@ For linting the shell scripts the following package is required:
* shellcheck
For generating the man pages:
* python-docutils
Profiles
========
@ -133,7 +129,7 @@ boot the iso image from GRUB with a version specific cow directory to mitigate o
.. code:: sh
loopback loop archlinux.iso
load_env -f (loop)/boot/grub/grubenv
load_env -f (loop)/arch/grubenv
linux (loop)/arch/boot/x86_64/vmlinuz-linux ... \
cow_directory=${NAME}/${VERSION} ...
initrd (loop)/arch/boot/x86_64/initramfs-linux-lts.img
@ -143,14 +139,14 @@ Contribute
Development of archiso takes place on Arch Linux' Gitlab: https://gitlab.archlinux.org/archlinux/archiso.
Please read our distribution-wide `Code of Conduct <https://terms.archlinux.org/docs/code-of-conduct/>`_ before
Please read our distribution-wide `Code of Conduct <https://wiki.archlinux.org/title/Code_of_conduct>`_ before
contributing, to understand what actions will and will not be tolerated.
Read our `contributing guide <CONTRIBUTING.rst>`_ to learn more about how to provide fixes or improvements for the code
base.
Discussion around archiso takes place on the `arch-releng mailing list
<https://lists.archlinux.org/mailman3/lists/arch-releng.lists.archlinux.org/>`_ and in `#archlinux-releng
<https://lists.archlinux.org/listinfo/arch-releng>`_ and in `#archlinux-releng
<ircs://irc.libera.chat/archlinux-releng>`_ on `Libera Chat <https://libera.chat/>`_.
All past and present authors of archiso are listed in `AUTHORS <AUTHORS.rst>`_.
@ -160,7 +156,7 @@ Releases
`Releases of archiso <https://gitlab.archlinux.org/archlinux/archiso/-/tags>`_ are created by their current maintainers
- `David Runge <https://gitlab.archlinux.org/dvzrv>`_ (``991F6E3F0765CF6295888586139B09DA5BF0D338``)
- `David Runge <https://gitlab.archlinux.org/dvzrv>`_ (``C7E7849466FE2358343588377258734B41C31549``)
- `nl6720 <https://gitlab.archlinux.org/nl6720>`_ (``BB8E6F1B81CF0BB301D74D1CBF425A01E68B38EF``)
Tags are signed using respective PGP keys.

926
archiso/mkarchiso
View file

File diff suppressed because it is too large Load diff

1
configs/baseline/airootfs/etc/localtime
View file

@ -1 +0,0 @@
/usr/share/zoneinfo/UTC

67
configs/baseline/airootfs/etc/mkinitcpio.conf Normal file
View file

@ -0,0 +1,67 @@
# vim:set ft=sh
# MODULES
# The following modules are loaded before any boot hooks are
# run. Advanced users may wish to specify all system modules
# in this array. For instance:
# MODULES=(piix ide_disk reiserfs)
MODULES=()
# BINARIES
# This setting includes any additional binaries a given user may
# wish into the CPIO image. This is run last, so it may be used to
# override the actual binaries included by a given hook
# BINARIES are dependency parsed, so you may safely ignore libraries
BINARIES=()
# FILES
# This setting is similar to BINARIES above, however, files are added
# as-is and are not parsed in any way. This is useful for config files.
FILES=()
# HOOKS
# This is the most important setting in this file. The HOOKS control the
# modules and scripts added to the image, and what happens at boot time.
# Order is important, and it is recommended that you do not change the
# order in which HOOKS are added. Run 'mkinitcpio -H <hook name>' for
# help on a given hook.
# 'base' is _required_ unless you know precisely what you are doing.
# 'udev' is _required_ in order to automatically load modules
# 'filesystems' is _required_ unless you specify your fs modules in MODULES
# Examples:
## This setup specifies all modules in the MODULES setting above.
## No raid, lvm2, or encrypted root is needed.
# HOOKS=(base)
#
## This setup will autodetect all modules for your system and should
## work as a sane default
# HOOKS=(base udev autodetect block filesystems)
#
## This setup will generate a 'full' image which supports most systems.
## No autodetection is done.
# HOOKS=(base udev block filesystems)
#
## This setup assembles a pata mdadm array with an encrypted root FS.
## Note: See 'mkinitcpio -H mdadm' for more information on raid devices.
# HOOKS=(base udev block mdadm encrypt filesystems)
#
## This setup loads an lvm2 volume group on a usb device.
# HOOKS=(base udev block lvm2 filesystems)
#
## NOTE: If you have /usr on a separate partition, you MUST include the
# usr, fsck and shutdown hooks.
HOOKS=(base udev modconf archiso block filesystems)
# COMPRESSION
# Use this to compress the initramfs image. By default, gzip compression
# is used. Use 'cat' to create an uncompressed image.
#COMPRESSION="gzip"
#COMPRESSION="bzip2"
#COMPRESSION="lzma"
#COMPRESSION="xz"
#COMPRESSION="lzop"
#COMPRESSION="lz4"
#COMPRESSION="zstd"
# COMPRESSION_OPTIONS
# Additional options for the compressor
#COMPRESSION_OPTIONS=()

1
configs/baseline/airootfs/etc/mkinitcpio.conf.d/archiso.conf
View file

@ -1 +0,0 @@
HOOKS=(base udev modconf archiso block filesystems)

2
configs/baseline/airootfs/etc/mkinitcpio.d/linux.preset
View file

@ -3,6 +3,6 @@
PRESETS=('archiso')
ALL_kver='/boot/vmlinuz-linux'
archiso_config='/etc/mkinitcpio.conf.d/archiso.conf'
ALL_config='/etc/mkinitcpio.conf'
archiso_image="/boot/initramfs-linux.img"

116
configs/baseline/airootfs/etc/ssh/sshd_config Normal file
View file

@ -0,0 +1,116 @@
# $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
#KbdInteractiveAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the KbdInteractiveAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via KbdInteractiveAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and KbdInteractiveAuthentication to 'no'.
UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no # pam does that
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# override default of no subsystems
Subsystem sftp /usr/lib/ssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server

3
configs/baseline/airootfs/etc/ssh/sshd_config.d/10-archiso.conf
View file

@ -1,3 +0,0 @@
# Allow root login using password authentication
PasswordAuthentication yes
PermitRootLogin yes

2
configs/baseline/airootfs/etc/systemd/network.conf.d/ipv6-privacy-extensions.conf
View file

@ -1,2 +0,0 @@
[Network]
IPv6PrivacyExtensions=yes

5
configs/baseline/airootfs/etc/systemd/network/20-ethernet.network
View file

@ -5,9 +5,6 @@
Name=en*
Name=eth*
[Link]
RequiredForOnline=routable
[Network]
DHCP=yes
MulticastDNS=yes
IPv6PrivacyExtensions=yes

4
configs/baseline/airootfs/etc/systemd/resolved.conf.d/archiso.conf
View file

@ -1,4 +0,0 @@
# Default systemd-resolved configuration for archiso
[Resolve]
MulticastDNS=yes

1
configs/baseline/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-init-main.service
View file

@ -1 +0,0 @@
/usr/lib/systemd/system/cloud-init-main.service

1
configs/baseline/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-init-network.service
View file

@ -1 +0,0 @@
/usr/lib/systemd/system/cloud-init-network.service

1
configs/baseline/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-init.service Symbolic link
View file

@ -0,0 +1 @@
/usr/lib/systemd/system/cloud-init.service

1
configs/baseline/airootfs/etc/systemd/system/multi-user.target.wants/qemu-guest-agent.service Symbolic link
View file

@ -0,0 +1 @@
/usr/lib/systemd/system/qemu-guest-agent.service

2
configs/baseline/efiboot/loader/entries/01-archiso-x86_64-linux.conf
View file

@ -1,4 +1,4 @@
title Arch Linux (x86_64, UEFI)
linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux
initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img
options archisobasedir=%INSTALL_DIR% archisosearchuuid=%ARCHISO_UUID%
options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL%

4
configs/baseline/efiboot/loader/entries/02-archiso-x86_64-ram-linux.conf Normal file
View file

@ -0,0 +1,4 @@
title Arch Linux (x86_64, UEFI) Copy to RAM
linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux
initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img
options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% copytoram

79
configs/baseline/grub/grub.cfg
View file

@ -3,46 +3,23 @@ insmod part_gpt
insmod part_msdos
insmod fat
insmod iso9660
insmod ntfs
insmod ntfscomp
insmod exfat
insmod udf
# Use graphics-mode output
insmod all_video
insmod font
if loadfont "${prefix}/fonts/unicode.pf2" ; then
insmod all_video
insmod gfxterm
set gfxmode="auto"
terminal_input console
terminal_output console
terminal_output gfxterm
fi
# Enable serial console
insmod serial
insmod usbserial_common
insmod usbserial_ftdi
insmod usbserial_pl2303
insmod usbserial_usbdebug
if serial --unit=0 --speed=115200; then
terminal_input --append serial
terminal_output --append serial
fi
# Get a human readable platform identifier
if [ "${grub_platform}" == 'efi' ]; then
archiso_platform='UEFI'
if [ "${grub_cpu}" == 'x86_64' ]; then
archiso_platform="x64 ${archiso_platform}"
elif [ "${grub_cpu}" == 'i386' ]; then
archiso_platform="IA32 ${archiso_platform}"
else
archiso_platform="${grub_cpu} ${archiso_platform}"
fi
elif [ "${grub_platform}" == 'pc' ]; then
archiso_platform='BIOS'
else
archiso_platform="${grub_cpu} ${grub_platform}"
fi
# Set default menu entry
default=archlinux
timeout=15
@ -51,46 +28,16 @@ timeout_style=menu
# Menu entries
menuentry "Arch Linux (%ARCH%, ${archiso_platform})" --class arch --class gnu-linux --class gnu --class os --id 'archlinux' {
menuentry "Arch Linux (x86_64, UEFI)" --class arch --class gnu-linux --class gnu --class os --id 'archlinux' {
set gfxpayload=keep
linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisosearchuuid=%ARCHISO_UUID%
initrd /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img
search --no-floppy --set=root --label %ARCHISO_LABEL%
linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL%
initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img
}
if [ "${grub_platform}" == 'efi' -a "${grub_cpu}" == 'x86_64' -a -f '/boot/memtest86+/memtest.efi' ]; then
menuentry 'Run Memtest86+ (RAM test)' --class memtest86 --class gnu --class tool {
set gfxpayload=800x600,1024x768
linux /boot/memtest86+/memtest.efi
}
fi
if [ "${grub_platform}" == 'pc' -a -f '/boot/memtest86+/memtest' ]; then
menuentry 'Run Memtest86+ (RAM test)' --class memtest86 --class gnu --class tool {
set gfxpayload=800x600,1024x768
linux /boot/memtest86+/memtest
}
fi
if [ "${grub_platform}" == 'efi' ]; then
if [ "${grub_cpu}" == 'x86_64' -a -f '/shellx64.efi' ]; then
menuentry 'UEFI Shell' {
chainloader /shellx64.efi
}
elif [ "${grub_cpu}" == "i386" -a -f '/shellia32.efi' ]; then
menuentry 'UEFI Shell' {
chainloader /shellia32.efi
}
fi
menuentry 'UEFI Firmware Settings' --id 'uefi-firmware' {
fwsetup
}
fi
menuentry 'System shutdown' --class shutdown --class poweroff {
echo 'System shutting down...'
halt
}
menuentry 'System restart' --class reboot --class restart {
echo 'System rebooting...'
reboot
menuentry "Arch Linux (x86_64, UEFI) Copy to RAM" --class arch --class gnu-linux --class gnu --class os --id 'archlinux-copy-to-ram' {
set gfxpayload=keep
search --no-floppy --set=root --label %ARCHISO_LABEL%
linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% copytoram
initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img
}

73
configs/baseline/grub/loopback.cfg
View file

@ -1,73 +0,0 @@
# https://www.supergrubdisk.org/wiki/Loopback.cfg
# Search for the ISO volume
search --no-floppy --set=archiso_img_dev --file "${iso_path}"
probe --set archiso_img_dev_uuid --fs-uuid "${archiso_img_dev}"
# Get a human readable platform identifier
if [ "${grub_platform}" == 'efi' ]; then
archiso_platform='UEFI'
if [ "${grub_cpu}" == 'x86_64' ]; then
archiso_platform="x64 ${archiso_platform}"
elif [ "${grub_cpu}" == 'i386' ]; then
archiso_platform="IA32 ${archiso_platform}"
else
archiso_platform="${grub_cpu} ${archiso_platform}"
fi
elif [ "${grub_platform}" == 'pc' ]; then
archiso_platform='BIOS'
else
archiso_platform="${grub_cpu} ${grub_platform}"
fi
# Set default menu entry
default=archlinux
timeout=15
timeout_style=menu
# Menu entries
menuentry "Arch Linux (%ARCH%, ${archiso_platform})" --class arch --class gnu-linux --class gnu --class os --id 'archlinux' {
set gfxpayload=keep
linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux archisobasedir=%INSTALL_DIR% img_dev=UUID=${archiso_img_dev_uuid} img_loop="${iso_path}"
initrd /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img
}
if [ "${grub_platform}" == 'efi' -a "${grub_cpu}" == 'x86_64' -a -f '/boot/memtest86+/memtest.efi' ]; then
menuentry 'Run Memtest86+ (RAM test)' --class memtest86 --class gnu --class tool {
set gfxpayload=800x600,1024x768
linux /boot/memtest86+/memtest.efi
}
fi
if [ "${grub_platform}" == 'pc' -a -f '/boot/memtest86+/memtest' ]; then
menuentry 'Run Memtest86+ (RAM test)' --class memtest86 --class gnu --class tool {
set gfxpayload=800x600,1024x768
linux /boot/memtest86+/memtest
}
fi
if [ "${grub_platform}" == 'efi' ]; then
if [ "${grub_cpu}" == 'x86_64' -a -f '/shellx64.efi' ]; then
menuentry 'UEFI Shell' {
chainloader /shellx64.efi
}
elif [ "${grub_cpu}" == "i386" -a -f '/shellia32.efi' ]; then
menuentry 'UEFI Shell' {
chainloader /shellia32.efi
}
fi
menuentry 'UEFI Firmware Settings' --id 'uefi-firmware' {
fwsetup
}
fi
menuentry 'System shutdown' --class shutdown --class poweroff {
echo 'System shutting down...'
halt
}
menuentry 'System restart' --class reboot --class restart {
echo 'System rebooting...'
reboot
}

11
configs/baseline/pacman.conf
View file

@ -36,8 +36,6 @@ Architecture = auto
#CheckSpace
#VerbosePkgLists
ParallelDownloads = 5
#DownloadUser = alpm
#DisableSandbox
# By default, pacman accepts packages signed by keys that its local keyring
# trusts (see pacman-key and its man page), as well as unsigned packages.
@ -72,16 +70,19 @@ LocalFileSigLevel = Optional
# repo name header and Include lines. You can add preferred servers immediately
# after the header, and they will be used before the default mirrors.
#[core-testing]
#[testing]
#Include = /etc/pacman.d/mirrorlist
[core]
Include = /etc/pacman.d/mirrorlist
#[extra-testing]
[extra]
Include = /etc/pacman.d/mirrorlist
#[community-testing]
#Include = /etc/pacman.d/mirrorlist
[extra]
[community]
Include = /etc/pacman.d/mirrorlist
# If you want to run 32 bit applications on your x86_64 system,

7
configs/baseline/profiledef.sh
View file

@ -2,10 +2,10 @@
# shellcheck disable=SC2034
iso_name="archlinux-baseline"
iso_label="ARCH_$(date --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +%Y%m)"
iso_label="ARCH_$(date +%Y%m)"
iso_publisher="Arch Linux <https://archlinux.org>"
iso_application="Arch Linux baseline"
iso_version="$(date --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +%Y.%m.%d)"
iso_version="$(date +%Y.%m.%d)"
install_dir="arch"
buildmodes=('iso')
bootmodes=('bios.syslinux.mbr' 'bios.syslinux.eltorito'
@ -14,8 +14,7 @@ bootmodes=('bios.syslinux.mbr' 'bios.syslinux.eltorito'
arch="x86_64"
pacman_conf="pacman.conf"
airootfs_image_type="erofs"
airootfs_image_tool_options=('-zlzma,109' -E 'ztailpacking')
bootstrap_tarball_compression=(zstd -c -T0 --long -19)
airootfs_image_tool_options=('-zlz4hc,12' -E ztailpacking)
file_permissions=(
["/etc/shadow"]="0:0:400"
)

8
configs/baseline/syslinux/syslinux-linux.cfg
View file

@ -2,4 +2,10 @@ LABEL arch
MENU LABEL Arch Linux (x86_64, BIOS)
LINUX /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux
INITRD /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img
APPEND archisobasedir=%INSTALL_DIR% archisosearchuuid=%ARCHISO_UUID%
APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL%
LABEL arch-ram
MENU LABEL Arch Linux (x86_64, BIOS) Copy to RAM
LINUX /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux
INITRD /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img
APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% copytoram

67
configs/releng/airootfs/etc/mkinitcpio.conf Normal file
View file

@ -0,0 +1,67 @@
# vim:set ft=sh
# MODULES
# The following modules are loaded before any boot hooks are
# run. Advanced users may wish to specify all system modules
# in this array. For instance:
# MODULES=(piix ide_disk reiserfs)
MODULES=()
# BINARIES
# This setting includes any additional binaries a given user may
# wish into the CPIO image. This is run last, so it may be used to
# override the actual binaries included by a given hook
# BINARIES are dependency parsed, so you may safely ignore libraries
BINARIES=()
# FILES
# This setting is similar to BINARIES above, however, files are added
# as-is and are not parsed in any way. This is useful for config files.
FILES=()
# HOOKS
# This is the most important setting in this file. The HOOKS control the
# modules and scripts added to the image, and what happens at boot time.
# Order is important, and it is recommended that you do not change the
# order in which HOOKS are added. Run 'mkinitcpio -H <hook name>' for
# help on a given hook.
# 'base' is _required_ unless you know precisely what you are doing.
# 'udev' is _required_ in order to automatically load modules
# 'filesystems' is _required_ unless you specify your fs modules in MODULES
# Examples:
## This setup specifies all modules in the MODULES setting above.
## No raid, lvm2, or encrypted root is needed.
# HOOKS=(base)
#
## This setup will autodetect all modules for your system and should
## work as a sane default
# HOOKS=(base udev autodetect block filesystems)
#
## This setup will generate a 'full' image which supports most systems.
## No autodetection is done.
# HOOKS=(base udev block filesystems)
#
## This setup assembles a pata mdadm array with an encrypted root FS.
## Note: See 'mkinitcpio -H mdadm' for more information on raid devices.
# HOOKS=(base udev block mdadm encrypt filesystems)
#
## This setup loads an lvm2 volume group on a usb device.
# HOOKS=(base udev block lvm2 filesystems)
#
## NOTE: If you have /usr on a separate partition, you MUST include the
# usr, fsck and shutdown hooks.
HOOKS=(base udev modconf memdisk archiso archiso_loop_mnt archiso_pxe_common archiso_pxe_nbd archiso_pxe_http archiso_pxe_nfs archiso_kms block filesystems keyboard)
# COMPRESSION
# Use this to compress the initramfs image. By default, gzip compression
# is used. Use 'cat' to create an uncompressed image.
#COMPRESSION="gzip"
#COMPRESSION="bzip2"
#COMPRESSION="lzma"
COMPRESSION="xz"
#COMPRESSION="lzop"
#COMPRESSION="lz4"
#COMPRESSION="zstd"
# COMPRESSION_OPTIONS
# Additional options for the compressor
#COMPRESSION_OPTIONS=()

3
configs/releng/airootfs/etc/mkinitcpio.conf.d/archiso.conf
View file

@ -1,3 +0,0 @@
HOOKS=(base udev microcode modconf kms memdisk archiso archiso_loop_mnt archiso_pxe_common archiso_pxe_nbd archiso_pxe_http archiso_pxe_nfs block filesystems keyboard)
COMPRESSION="xz"
COMPRESSION_OPTIONS=(-9e)

2
configs/releng/airootfs/etc/mkinitcpio.d/linux.preset
View file

@ -3,6 +3,6 @@
PRESETS=('archiso')
ALL_kver='/boot/vmlinuz-linux'
archiso_config='/etc/mkinitcpio.conf.d/archiso.conf'
ALL_config='/etc/mkinitcpio.conf'
archiso_image="/boot/initramfs-linux.img"

116
configs/releng/airootfs/etc/ssh/sshd_config Normal file
View file

@ -0,0 +1,116 @@
# $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
#KbdInteractiveAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the KbdInteractiveAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via KbdInteractiveAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and KbdInteractiveAuthentication to 'no'.
UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no # pam does that
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# override default of no subsystems
Subsystem sftp /usr/lib/ssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server

3
configs/releng/airootfs/etc/ssh/sshd_config.d/10-archiso.conf
View file

@ -1,3 +0,0 @@
# Allow root login using password authentication
PasswordAuthentication yes
PermitRootLogin yes

2
configs/releng/airootfs/etc/systemd/network.conf.d/ipv6-privacy-extensions.conf
View file

@ -1,2 +0,0 @@
[Network]
IPv6PrivacyExtensions=yes

5
configs/releng/airootfs/etc/systemd/network/20-ethernet.network
View file

@ -5,12 +5,9 @@
Name=en*
Name=eth*
[Link]
RequiredForOnline=routable
[Network]
DHCP=yes
MulticastDNS=yes
IPv6PrivacyExtensions=yes
# systemd-networkd does not set per-interface-type default route metrics
# https://github.com/systemd/systemd/issues/17698

5
configs/releng/airootfs/etc/systemd/network/20-wlan.network
View file

@ -1,12 +1,9 @@
[Match]
Name=wl*
[Link]
RequiredForOnline=routable
[Network]
DHCP=yes
MulticastDNS=yes
IPv6PrivacyExtensions=yes
# systemd-networkd does not set per-interface-type default route metrics
# https://github.com/systemd/systemd/issues/17698

4
configs/releng/airootfs/etc/systemd/network/20-wwan.network
View file

@ -1,11 +1,9 @@
[Match]
Name=ww*
[Link]
RequiredForOnline=routable
[Network]
DHCP=yes
IPv6PrivacyExtensions=yes
# systemd-networkd does not set per-interface-type default route metrics
# https://github.com/systemd/systemd/issues/17698

4
configs/releng/airootfs/etc/systemd/resolved.conf.d/archiso.conf
View file

@ -1,4 +0,0 @@
# Default systemd-resolved configuration for archiso
[Resolve]
MulticastDNS=yes

1
configs/releng/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-init-main.service
View file

@ -1 +0,0 @@
/usr/lib/systemd/system/cloud-init-main.service

1
configs/releng/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-init-network.service
View file

@ -1 +0,0 @@
/usr/lib/systemd/system/cloud-init-network.service

1
configs/releng/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-init.service Symbolic link
View file

@ -0,0 +1 @@
/usr/lib/systemd/system/cloud-init.service

1
configs/releng/airootfs/etc/systemd/system/dbus-org.freedesktop.timesync1.service
View file

@ -1 +0,0 @@
/usr/lib/systemd/system/systemd-timesyncd.service

6
configs/releng/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount
View file

@ -2,7 +2,7 @@
Description=Temporary /etc/pacman.d/gnupg directory
[Mount]
What=tmpfs
What=ramfs
Where=/etc/pacman.d/gnupg
Type=tmpfs
Options=mode=0755,noswap
Type=ramfs
Options=mode=0755

1
configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/pacman-init.service
View file

@ -1 +0,0 @@
../pacman-init.service

1
configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/qemu-guest-agent.service Symbolic link
View file

@ -0,0 +1 @@
/usr/lib/systemd/system/qemu-guest-agent.service

15
configs/releng/airootfs/etc/systemd/system/pacman-init.service
View file

@ -1,15 +0,0 @@
[Unit]
Description=Initializes Pacman keyring
Requires=etc-pacman.d-gnupg.mount
After=etc-pacman.d-gnupg.mount time-sync.target
BindsTo=etc-pacman.d-gnupg.mount
Before=archlinux-keyring-wkd-sync.service
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/bin/pacman-key --init
ExecStart=/usr/bin/pacman-key --populate
[Install]
WantedBy=multi-user.target

1
configs/releng/airootfs/etc/systemd/system/sockets.target.wants/pcscd.socket
View file

@ -1 +0,0 @@
/usr/lib/systemd/system/pcscd.socket

1
configs/releng/airootfs/etc/systemd/system/sysinit.target.wants/systemd-time-wait-sync.service
View file

@ -1 +0,0 @@
/usr/lib/systemd/system/systemd-time-wait-sync.service

1
configs/releng/airootfs/etc/systemd/system/sysinit.target.wants/systemd-timesyncd.service
View file

@ -1 +0,0 @@
/usr/lib/systemd/system/systemd-timesyncd.service

26
configs/releng/airootfs/root/.automated_script.sh
View file

@ -1,29 +1,22 @@
#!/usr/bin/env bash
script_cmdline() {
script_cmdline ()
{
local param
for param in $(</proc/cmdline); do
for param in $(< /proc/cmdline); do
case "${param}" in
script=*)
echo "${param#*=}"
return 0
;;
script=*) echo "${param#*=}" ; return 0 ;;
esac
done
}
automated_script() {
automated_script ()
{
local script rt
script="$(script_cmdline)"
if [[ -n "${script}" && ! -x /tmp/startup_script ]]; then
if [[ "${script}" =~ ^((http|https|ftp|tftp)://) ]]; then
# there's no synchronization for network availability before executing this script
printf '%s: waiting for network-online.target\n' "$0"
until systemctl --quiet is-active network-online.target; do
sleep 1
done
printf '%s: downloading %s\n' "$0" "${script}"
curl "${script}" --location --retry-connrefused --retry 10 --fail -s -o /tmp/startup_script
if [[ "${script}" =~ ^((http|https|ftp)://) ]]; then
curl "${script}" --location --retry-connrefused --retry 10 -s -o /tmp/startup_script >/dev/null
rt=$?
else
cp "${script}" /tmp/startup_script
@ -31,9 +24,6 @@ automated_script() {
fi
if [[ ${rt} -eq 0 ]]; then
chmod +x /tmp/startup_script
printf '%s: executing automated script\n' "$0"
# note that script is executed when other services (like pacman-init) may be still in progress, please
# synchronize to "systemctl is-system-running --wait" when your script depends on other services
/tmp/startup_script
fi
fi

4
configs/releng/airootfs/root/.gnupg/scdaemon.conf
View file

@ -1,4 +0,0 @@
disable-ccid
disable-pinpad
pcsc-driver /usr/lib/libpcsclite.so
pcsc-shared

2
configs/releng/airootfs/root/.zlogin
View file

@ -1,5 +1,5 @@
# fix for screen readers
if grep -Fqa 'accessibility=' /proc/cmdline &> /dev/null; then
if grep -Fq 'accessibility=' /proc/cmdline &> /dev/null; then
setopt SINGLE_LINE_ZLE
fi

17
configs/releng/airootfs/usr/local/bin/choose-mirror
View file

@ -4,22 +4,21 @@
get_cmdline() {
local param
for param in $(</proc/cmdline); do
for param in $(< /proc/cmdline); do
case "${param}" in
"${1}="*)
echo "${param##*=}"
return 0
;;
$1=*) echo "${param##*=}";
return 0
;;
esac
done
}
mirror="$(get_cmdline mirror)"
[[ "$mirror" == 'auto' ]] && mirror="$(get_cmdline archiso_http_srv)"
[[ -n "$mirror" ]] || exit 0
mirror=$(get_cmdline mirror)
[[ $mirror = auto ]] && mirror=$(get_cmdline archiso_http_srv)
[[ $mirror ]] || exit 0
mv /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.orig
cat >/etc/pacman.d/mirrorlist <<EOF
cat >/etc/pacman.d/mirrorlist << EOF
#
# Arch Linux repository mirrorlist
# Generated by archiso

97
configs/releng/airootfs/usr/local/bin/livecd-sound
View file

@ -3,7 +3,7 @@
# SPDX-License-Identifier: GPL-3.0-or-later
usage() {
cat <<-_EOF_
cat <<- _EOF_
live cd sound helper script.
Usage: livecdsound [OPTION]
OPTIONS
@ -14,13 +14,14 @@ usage() {
_EOF_
}
bugout() {
bugout () {
printf "/usr/local/bin/livecdsound: programming error"
stat_fail
}
echo_card_indices() {
if [[ -f /proc/asound/cards ]]; then
echo_card_indices()
{
if [ -f /proc/asound/cards ] ; then
sed -n -e's/^[[:space:]]*\([0-7]\)[[:space:]].*/\1/p' /proc/asound/cards
fi
}
@ -32,8 +33,8 @@ echo_card_indices() {
# $1 <card id>
# $2 <control>
# $3 <level>
unmute_and_set_level() {
[[ -n "$3" && -n "$2" && -n "$1" ]] || bugout
unmute_and_set_level(){
{ [ "$3" ] &&[ "$2" ] && [ "$1" ] ; } || bugout
systemd-cat -t "livecdsound" printf "Setting: %s on card: %s to %s\n" "$2" "$1" "$3"
systemd-cat -t "livecdsound" amixer -c "$1" set "$2" "$3" unmute
return 0
@ -41,8 +42,9 @@ unmute_and_set_level() {
# $1 <card id>
# $2 <control>
mute_and_zero_level() {
[[ -n "$1" && -n "$2" ]] || bugout
mute_and_zero_level()
{
{ [ "$1" ] && [ "$2" ] ; } || bugout
systemd-cat -t "livecdsound" printf "Muting control: %s on card: %s\n" "$2" "$1"
systemd-cat -t "livecdsound" amixer -c "$1" set "$2" "0%" mute
return 0
@ -51,15 +53,17 @@ mute_and_zero_level() {
# $1 <card ID>
# $2 <control>
# $3 "on" | "off"
switch_control() {
[[ -n "$3" && -n "$1" ]] || bugout
switch_control()
{
{ [ "$3" ] && [ "$1" ] ; } || bugout
systemd-cat -t "livecdsound" printf "Switching control: %s on card: %s to %s\n" "$2" "$1" "$3"
systemd-cat -t "livecdsound" amixer -c "$1" set "$2" "$3"
return 0
}
# $1 <card ID>
sanify_levels_on_card() {
sanify_levels_on_card()
{
unmute_and_set_level "$1" "Front" "80%"
unmute_and_set_level "$1" "Master" "80%"
unmute_and_set_level "$1" "Master Mono" "80%"
@ -130,89 +134,94 @@ sanify_levels_on_card() {
}
# $1 <card ID> | "all"
sanify_levels() {
sanify_levels()
{
local ttsdml_returnstatus=0
local card
case "$1" in
all)
for card in $(echo_card_indices); do
sanify_levels_on_card "$card" || ttsdml_returnstatus=1
done
;;
*)
sanify_levels_on_card "$1" || ttsdml_returnstatus=1
;;
all)
for card in $(echo_card_indices) ; do
sanify_levels_on_card "$card" || ttsdml_returnstatus=1
done
;;
*)
sanify_levels_on_card "$1" || ttsdml_returnstatus=1
;;
esac
return "$ttsdml_returnstatus"
return $ttsdml_returnstatus
}
# List all cards that *should* be usable for PCM audio. In my experience,
# the console speaker (handled by the pcsp driver) isn't a suitable playback
# device, so we'll exclude it.
list_non_pcsp_cards() {
list_non_pcsp_cards()
{
for card in $(echo_card_indices); do
local cardfile="/proc/asound/card${card}/id"
if [[ -r "$cardfile" && -f "$cardfile" && "$(cat "$cardfile")" != pcsp ]]; then
if [ -r "$cardfile" ] && [ -f "$cardfile" ] && \
[ "$(cat "$cardfile")" != pcsp ]; then
echo "$card"
fi
done
}
# Properly initialize the sound card so that we have audio at boot.
unmute_all_cards() {
unmute_all_cards()
{
sanify_levels all
}
is_numeric() {
local str="$1"
local str=$1
[[ "$str" =~ ^[0-9]+$ ]]
}
set_default_card() {
local card="$1"
sed -e "s/%card%/$card/g" </usr/local/share/livecd-sound/asound.conf.in \
>/etc/asound.conf
local card=$1
sed -e "s/%card%/$card/g" < /usr/local/share/livecd-sound/asound.conf.in \
> /etc/asound.conf
}
play_on_card() {
local card="$1" file="$2"
local card=$1 file=$2
aplay -q "-Dplughw:$card,0" "$file"
}
# If there are multiple usable sound cards, prompt the user to choose one,
# using auditory feedback.
pick_a_card() {
pick_a_card()
{
set -f
usable_cards="$(list_non_pcsp_cards)"
num_usable_cards="$(wc -w <<<"$usable_cards")"
num_usable_cards="$(wc -w <<< "$usable_cards")"
if (( num_usable_cards == 1 )); then
if [ "$num_usable_cards" -eq 1 ]; then
systemd-cat -t "livecdsound" printf "Only one sound card is detected\n"
exit 0
fi
systemd-cat -t "livecdsound" printf "multiple sound cards detected\n"
for card in "${usable_cards[@]}"; do
for card in $usable_cards; do
if ! is_numeric "$card"; then
continue
fi
play_on_card "$card" /usr/share/livecd-sounds/pick-a-card.wav &
play_on_card "$card" /usr/share/livecd-sounds/pick-a-card.wav&
done
wait
sleep 1
for card in "${usable_cards[@]}"; do
for card in $usable_cards; do
if ! is_numeric "$card"; then
continue
fi
play_on_card "$card" /usr/share/livecd-sounds/beep.wav
if read -r -t 10; then
systemd-cat -t "livecdsound" printf "Selecting %s sound card as default\n" "$card"
set_default_card "$card"
break
fi
done
fi
play_on_card "$card" /usr/share/livecd-sounds/beep.wav
if read -r -t 10; then
systemd-cat -t "livecdsound" printf "Selecting %s sound card as default\n" "$card"
set_default_card "$card"
break
fi
done
}
if (( $# == 0 )); then
if [[ $# -eq 0 ]]; then
echo "error: No argument passed."
exit 1
fi

4
configs/releng/efiboot/loader/entries/01-archiso-x86_64-linux.conf
View file

@ -1,5 +1,7 @@
title Arch Linux install medium (x86_64, UEFI)
sort-key 01
linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux
initrd /%INSTALL_DIR%/boot/intel-ucode.img
initrd /%INSTALL_DIR%/boot/amd-ucode.img
initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img
options archisobasedir=%INSTALL_DIR% archisosearchuuid=%ARCHISO_UUID%
options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL%

4
configs/releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf
View file

@ -1,5 +1,7 @@
title Arch Linux install medium (x86_64, UEFI) with speech
sort-key 02
linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux
initrd /%INSTALL_DIR%/boot/intel-ucode.img
initrd /%INSTALL_DIR%/boot/amd-ucode.img
initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img
options archisobasedir=%INSTALL_DIR% archisosearchuuid=%ARCHISO_UUID% accessibility=on
options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% accessibility=on

3
configs/releng/efiboot/loader/entries/03-archiso-x86_64-memtest86+.conf
View file

@ -1,3 +0,0 @@
title Memtest86+
sort-key 03
efi /boot/memtest86+/memtest.efi

7
configs/releng/efiboot/loader/entries/03-archiso-x86_64-ram-linux.conf Normal file
View file

@ -0,0 +1,7 @@
title Arch Linux install medium (x86_64, UEFI, Copy to RAM)
sort-key 03
linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux
initrd /%INSTALL_DIR%/boot/intel-ucode.img
initrd /%INSTALL_DIR%/boot/amd-ucode.img
initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img
options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% copytoram

7
configs/releng/efiboot/loader/entries/04-archiso-x86_64-ram-speech-linux.conf Normal file
View file

@ -0,0 +1,7 @@
title Arch Linux install medium (x86_64, UEFI, Copy to RAM) with speech
sort-key 04
linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux
initrd /%INSTALL_DIR%/boot/intel-ucode.img
initrd /%INSTALL_DIR%/boot/amd-ucode.img
initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img
options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% copytoram accessibility=on

86
configs/releng/grub/grub.cfg
View file

@ -3,86 +3,58 @@ insmod part_gpt
insmod part_msdos
insmod fat
insmod iso9660
insmod ntfs
insmod ntfscomp
insmod exfat
insmod udf
# Use graphics-mode output
insmod all_video
insmod font
if loadfont "${prefix}/fonts/unicode.pf2" ; then
insmod all_video
insmod gfxterm
set gfxmode="auto"
terminal_input console
terminal_output console
terminal_output gfxterm
fi
# Enable serial console
insmod serial
insmod usbserial_common
insmod usbserial_ftdi
insmod usbserial_pl2303
insmod usbserial_usbdebug
if serial --unit=0 --speed=115200; then
terminal_input --append serial
terminal_output --append serial
fi
# Get a human readable platform identifier
if [ "${grub_platform}" == 'efi' ]; then
archiso_platform='UEFI'
if [ "${grub_cpu}" == 'x86_64' ]; then
archiso_platform="x64 ${archiso_platform}"
elif [ "${grub_cpu}" == 'i386' ]; then
archiso_platform="IA32 ${archiso_platform}"
else
archiso_platform="${grub_cpu} ${archiso_platform}"
fi
elif [ "${grub_platform}" == 'pc' ]; then
archiso_platform='BIOS'
else
archiso_platform="${grub_cpu} ${grub_platform}"
fi
# Set default menu entry
default=archlinux
timeout=15
timeout_style=menu
# GRUB init tune for accessibility
play 600 988 1 1319 4
# Menu entries
menuentry "Arch Linux install medium (%ARCH%, ${archiso_platform})" --class arch --class gnu-linux --class gnu --class os --id 'archlinux' {
menuentry "Arch Linux install medium (x86_64, UEFI)" --class arch --class gnu-linux --class gnu --class os --id 'archlinux' {
set gfxpayload=keep
linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisosearchuuid=%ARCHISO_UUID%
initrd /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img
search --no-floppy --set=root --label %ARCHISO_LABEL%
linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL%
initrd /%INSTALL_DIR%/boot/intel-ucode.img /%INSTALL_DIR%/boot/amd-ucode.img /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img
}
menuentry "Arch Linux install medium with speakup screen reader (%ARCH%, ${archiso_platform})" --hotkey s --class arch --class gnu-linux --class gnu --class os --id 'archlinux-accessibility' {
menuentry "Arch Linux install medium with speakup screen reader (x86_64, UEFI)" --hotkey s --class arch --class gnu-linux --class gnu --class os --id 'archlinux-accessibility' {
set gfxpayload=keep
linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisosearchuuid=%ARCHISO_UUID% accessibility=on
initrd /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img
search --no-floppy --set=root --label %ARCHISO_LABEL%
linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% accessibility=on
initrd /%INSTALL_DIR%/boot/intel-ucode.img /%INSTALL_DIR%/boot/amd-ucode.img /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img
}
if [ "${grub_platform}" == 'efi' -a "${grub_cpu}" == 'x86_64' -a -f '/boot/memtest86+/memtest.efi' ]; then
menuentry 'Run Memtest86+ (RAM test)' --class memtest86 --class memtest --class gnu --class tool {
set gfxpayload=800x600,1024x768
linux /boot/memtest86+/memtest.efi
}
fi
if [ "${grub_platform}" == 'pc' -a -f '/boot/memtest86+/memtest' ]; then
menuentry 'Run Memtest86+ (RAM test)' --class memtest86 --class memtest --class gnu --class tool {
set gfxpayload=800x600,1024x768
linux /boot/memtest86+/memtest
}
fi
if [ "${grub_platform}" == 'efi' ]; then
if [ "${grub_cpu}" == 'x86_64' -a -f '/shellx64.efi' ]; then
menuentry 'UEFI Shell' --class efi {
if [ "${grub_platform}" == "efi" ]; then
if [ "${grub_cpu}" == "x86_64" ]; then
menuentry "UEFI Shell" {
insmod chain
search --no-floppy --set=root --label %ARCHISO_LABEL%
chainloader /shellx64.efi
}
elif [ "${grub_cpu}" == "i386" -a -f '/shellia32.efi' ]; then
menuentry 'UEFI Shell' --class efi {
elif [ "${grub_cpu}" == "i386" ]; then
menuentry "UEFI Shell" {
insmod chain
search --no-floppy --set=root --label %ARCHISO_LABEL%
chainloader /shellia32.efi
}
fi
@ -92,16 +64,12 @@ if [ "${grub_platform}" == 'efi' ]; then
}
fi
menuentry 'System shutdown' --class shutdown --class poweroff {
echo 'System shutting down...'
menuentry "System shutdown" --class shutdown --class poweroff {
echo "System shutting down..."
halt
}
menuentry 'System restart' --class reboot --class restart {
echo 'System rebooting...'
menuentry "System restart" --class reboot --class restart {
echo "System rebooting..."
reboot
}
# GRUB init tune for accessibility
play 600 988 1 1319 4

80
configs/releng/grub/loopback.cfg
View file

@ -1,80 +0,0 @@
# https://www.supergrubdisk.org/wiki/Loopback.cfg
# Search for the ISO volume
search --no-floppy --set=archiso_img_dev --file "${iso_path}"
probe --set archiso_img_dev_uuid --fs-uuid "${archiso_img_dev}"
# Get a human readable platform identifier
if [ "${grub_platform}" == 'efi' ]; then
archiso_platform='UEFI'
if [ "${grub_cpu}" == 'x86_64' ]; then
archiso_platform="x64 ${archiso_platform}"
elif [ "${grub_cpu}" == 'i386' ]; then
archiso_platform="IA32 ${archiso_platform}"
else
archiso_platform="${grub_cpu} ${archiso_platform}"
fi
elif [ "${grub_platform}" == 'pc' ]; then
archiso_platform='BIOS'
else
archiso_platform="${grub_cpu} ${grub_platform}"
fi
# Set default menu entry
default=archlinux
timeout=15
timeout_style=menu
# Menu entries
menuentry "Arch Linux install medium (%ARCH%, ${archiso_platform})" --class arch --class gnu-linux --class gnu --class os --id 'archlinux' {
set gfxpayload=keep
linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux archisobasedir=%INSTALL_DIR% img_dev=UUID=${archiso_img_dev_uuid} img_loop="${iso_path}"
initrd /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img
}
menuentry "Arch Linux install medium with speakup screen reader (%ARCH%, ${archiso_platform})" --hotkey s --class arch --class gnu-linux --class gnu --class os --id 'archlinux-accessibility' {
set gfxpayload=keep
linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux archisobasedir=%INSTALL_DIR% img_dev=UUID=${archiso_img_dev_uuid} img_loop="${iso_path}" accessibility=on
initrd /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img
}
if [ "${grub_platform}" == 'efi' -a "${grub_cpu}" == 'x86_64' -a -f '/boot/memtest86+/memtest.efi' ]; then
menuentry 'Run Memtest86+ (RAM test)' --class memtest86 --class memtest --class gnu --class tool {
set gfxpayload=800x600,1024x768
linux /boot/memtest86+/memtest.efi
}
fi
if [ "${grub_platform}" == 'pc' -a -f '/boot/memtest86+/memtest' ]; then
menuentry 'Run Memtest86+ (RAM test)' --class memtest86 --class memtest --class gnu --class tool {
set gfxpayload=800x600,1024x768
linux /boot/memtest86+/memtest
}
fi
if [ "${grub_platform}" == 'efi' ]; then
if [ "${grub_cpu}" == 'x86_64' -a -f '/shellx64.efi' ]; then
menuentry 'UEFI Shell' --class efi {
chainloader /shellx64.efi
}
elif [ "${grub_cpu}" == "i386" -a -f '/shellia32.efi' ]; then
menuentry 'UEFI Shell' --class efi {
chainloader /shellia32.efi
}
fi
menuentry 'UEFI Firmware Settings' --id 'uefi-firmware' {
fwsetup
}
fi
menuentry 'System shutdown' --class shutdown --class poweroff {
echo 'System shutting down...'
halt
}
menuentry 'System restart' --class reboot --class restart {
echo 'System rebooting...'
reboot
}

12
configs/releng/packages.x86_64
View file

@ -4,9 +4,7 @@ arch-install-scripts
archinstall
b43-fwcutter
base
bcachefs-tools
bind
bolt
brltty
broadcom-wl
btrfs-progs
@ -30,8 +28,8 @@ ethtool
exfatprogs
f2fs-tools
fatresize
foot-terminfo
fsarchiver
gnu-netcat
gpart
gpm
gptfdisk
@ -40,12 +38,13 @@ grub
hdparm
hyperv
intel-ucode
ipw2100-fw
ipw2200-fw
irssi
iw
iwd
jfsutils
kitty-terminfo
ldns
less
lftp
libfido2
@ -63,7 +62,6 @@ man-pages
mc
mdadm
memtest86+
memtest86+-efi
mkinitcpio
mkinitcpio-archiso
mkinitcpio-nfs-utils
@ -80,7 +78,6 @@ nvme-cli
open-iscsi
open-vm-tools
openconnect
openpgp-card-tools
openssh
openvpn
partclone
@ -93,12 +90,12 @@ pv
qemu-guest-agent
refind
reflector
reiserfsprogs
rp-pppoe
rsync
rxvt-unicode-terminfo
screen
sdparm
sequoia-sq
sg3_utils
smartmontools
sof-firmware
@ -110,7 +107,6 @@ tcpdump
terminus-font
testdisk
tmux
tpm2-tools
tpm2-tss
udftools
usb_modeswitch

11
configs/releng/pacman.conf
View file

@ -36,8 +36,6 @@ Architecture = auto
#CheckSpace
#VerbosePkgLists
ParallelDownloads = 5
#DownloadUser = alpm
#DisableSandbox
# By default, pacman accepts packages signed by keys that its local keyring
# trusts (see pacman-key and its man page), as well as unsigned packages.
@ -72,16 +70,19 @@ LocalFileSigLevel = Optional
# repo name header and Include lines. You can add preferred servers immediately
# after the header, and they will be used before the default mirrors.
#[core-testing]
#[testing]
#Include = /etc/pacman.d/mirrorlist
[core]
Include = /etc/pacman.d/mirrorlist
#[extra-testing]
[extra]
Include = /etc/pacman.d/mirrorlist
#[community-testing]
#Include = /etc/pacman.d/mirrorlist
[extra]
[community]
Include = /etc/pacman.d/mirrorlist
# If you want to run 32 bit applications on your x86_64 system,

12
configs/releng/profiledef.sh
View file

@ -2,25 +2,23 @@
# shellcheck disable=SC2034
iso_name="archlinux"
iso_label="ARCH_$(date --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +%Y%m)"
iso_label="ARCH_$(date +%Y%m)"
iso_publisher="Arch Linux <https://archlinux.org>"
iso_application="Arch Linux Live/Rescue DVD"
iso_version="$(date --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +%Y.%m.%d)"
iso_application="Arch Linux Live/Rescue CD"
iso_version="$(date +%Y.%m.%d)"
install_dir="arch"
buildmodes=('iso')
bootmodes=('bios.syslinux.mbr' 'bios.syslinux.eltorito'
'uefi-ia32.systemd-boot.esp' 'uefi-x64.systemd-boot.esp'
'uefi-ia32.systemd-boot.eltorito' 'uefi-x64.systemd-boot.eltorito')
'uefi-ia32.grub.esp' 'uefi-x64.grub.esp'
'uefi-ia32.grub.eltorito' 'uefi-x64.grub.eltorito')
arch="x86_64"
pacman_conf="pacman.conf"
airootfs_image_type="squashfs"
airootfs_image_tool_options=('-comp' 'xz' '-Xbcj' 'x86' '-b' '1M' '-Xdict-size' '1M')
bootstrap_tarball_compression=('zstd' '-c' '-T0' '--auto-threads=logical' '--long' '-19')
file_permissions=(
["/etc/shadow"]="0:0:400"
["/root"]="0:0:750"
["/root/.automated_script.sh"]="0:0:755"
["/root/.gnupg"]="0:0:700"
["/usr/local/bin/choose-mirror"]="0:0:755"
["/usr/local/bin/Installation_guide"]="0:0:755"
["/usr/local/bin/livecd-sound"]="0:0:755"

2
configs/releng/syslinux/archiso_head.cfg
View file

@ -12,7 +12,7 @@ MENU CMDLINEROW 14
MENU HELPMSGROW 16
MENU HELPMSGENDROW 29
# Refer to https://wiki.syslinux.org/wiki/index.php/Comboot/menu.c32
# Refer to http://syslinux.zytor.com/wiki/index.php/Doc/menu
MENU COLOR border 30;44 #40ffffff #a0000000 std
MENU COLOR title 1;36;44 #9033ccff #a0000000 std

12
configs/releng/syslinux/archiso_pxe-linux.cfg
View file

@ -5,8 +5,8 @@ It allows you to install Arch Linux or perform system maintenance.
ENDTEXT
MENU LABEL Arch Linux install medium (x86_64, NBD)
LINUX ::/%INSTALL_DIR%/boot/x86_64/vmlinuz-linux
INITRD ::/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img
APPEND archisobasedir=%INSTALL_DIR% archisosearchuuid=%ARCHISO_UUID% archiso_nbd_srv=${pxeserver} cms_verify=y
INITRD ::/%INSTALL_DIR%/boot/intel-ucode.img,::/%INSTALL_DIR%/boot/amd-ucode.img,::/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img
APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% archiso_nbd_srv=${pxeserver} checksum verify
SYSAPPEND 3
LABEL arch64_nfs
@ -16,8 +16,8 @@ It allows you to install Arch Linux or perform system maintenance.
ENDTEXT
MENU LABEL Arch Linux install medium (x86_64, NFS)
LINUX ::/%INSTALL_DIR%/boot/x86_64/vmlinuz-linux
INITRD ::/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img
APPEND archisobasedir=%INSTALL_DIR% archiso_nfs_srv=${pxeserver}:/run/archiso/bootmnt cms_verify=y
INITRD ::/%INSTALL_DIR%/boot/intel-ucode.img,::/%INSTALL_DIR%/boot/amd-ucode.img,::/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img
APPEND archisobasedir=%INSTALL_DIR% archiso_nfs_srv=${pxeserver}:/run/archiso/bootmnt checksum verify
SYSAPPEND 3
LABEL arch64_http
@ -27,6 +27,6 @@ It allows you to install Arch Linux or perform system maintenance.
ENDTEXT
MENU LABEL Arch Linux install medium (x86_64, HTTP)
LINUX ::/%INSTALL_DIR%/boot/x86_64/vmlinuz-linux
INITRD ::/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img
APPEND archisobasedir=%INSTALL_DIR% archiso_http_srv=http://${pxeserver}/ cms_verify=y
INITRD ::/%INSTALL_DIR%/boot/intel-ucode.img,::/%INSTALL_DIR%/boot/amd-ucode.img,::/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img
APPEND archisobasedir=%INSTALL_DIR% archiso_http_srv=http://${pxeserver}/ checksum verify
SYSAPPEND 3

19
configs/releng/syslinux/archiso_sys-linux.cfg
View file

@ -5,8 +5,8 @@ It allows you to install Arch Linux or perform system maintenance.
ENDTEXT
MENU LABEL Arch Linux install medium (x86_64, BIOS)
LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux
INITRD /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img
APPEND archisobasedir=%INSTALL_DIR% archisosearchuuid=%ARCHISO_UUID%
INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img
APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL%
# Accessibility boot option
LABEL arch64speech
@ -16,5 +16,16 @@ It allows you to install Arch Linux or perform system maintenance with speech fe
ENDTEXT
MENU LABEL Arch Linux install medium (x86_64, BIOS) with ^speech
LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux
INITRD /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img
APPEND archisobasedir=%INSTALL_DIR% archisosearchuuid=%ARCHISO_UUID% accessibility=on
INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img
APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% accessibility=on
# Copy to RAM boot option
LABEL arch64ram
TEXT HELP
Boot the Arch Linux install medium on BIOS with Copy-to-RAM option
It allows you to install Arch Linux or perform system maintenance.
ENDTEXT
MENU LABEL Arch Linux install medium (x86_64, BIOS, Copy to RAM)
LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux
INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img
APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% copytoram

6
configs/releng/syslinux/archiso_tail.cfg
View file

@ -7,12 +7,12 @@ MENU LABEL Boot existing OS
COM32 chain.c32
APPEND hd0 0
# https://www.memtest.org/
# http://www.memtest.org/
LABEL memtest
MENU LABEL Run Memtest86+ (RAM test)
LINUX /boot/memtest86+/memtest
LINUX /%INSTALL_DIR%/boot/memtest
# https://wiki.syslinux.org/wiki/index.php/Hdt_(Hardware_Detection_Tool)
# http://hdt-project.org/
LABEL hdt
MENU LABEL Hardware Information (HDT)
COM32 hdt.c32

20
docs/README.profile.rst
View file

@ -48,12 +48,10 @@ The image file is constructed from some of the variables in ``profiledef.sh``: `
- ``bios.syslinux.eltorito``: Syslinux for x86 BIOS booting from an optical disc
- ``uefi-ia32.grub.esp``: GRUB for IA32 UEFI booting from a disk
- ``uefi-ia32.grub.eltorito``: GRUB for IA32 UEFI booting from an optical disc
- ``uefi-x64.grub.esp``: GRUB for x64 UEFI booting from a disk
- ``uefi-x64.grub.eltorito``: GRUB for x64 UEFI booting from an optical disc
- ``uefi-ia32.systemd-boot.esp``: systemd-boot for IA32 UEFI booting from a disk
- ``uefi-ia32.systemd-boot.eltorito``: systemd-boot for IA32UEFI booting from an optical disc
- ``uefi-x64.systemd-boot.esp``: systemd-boot for x64 UEFI booting from a disk
- ``uefi-x64.systemd-boot.eltorito``: systemd-boot for x64 UEFI booting from an optical disc
- ``uefi-x64.grub.esp``: GRUB for x86_64 UEFI booting from a disk
- ``uefi-x64.grub.eltorito``: GRUB for x86_64 UEFI booting from an optical disc
- ``uefi-x64.systemd-boot.esp``: systemd-boot for x86_64 UEFI booting from a disk
- ``uefi-x64.systemd-boot.eltorito``: systemd-boot for x86_64 UEFI booting from an optical disc
Note that BIOS El Torito boot mode must always be listed before UEFI El Torito boot mode.
* ``arch``: The architecture (e.g. ``x86_64``) to build the image for. This is also used to resolve the name of the packages
file (e.g. ``packages.x86_64``)
@ -66,8 +64,6 @@ The image file is constructed from some of the variables in ``profiledef.sh``: `
- ``erofs``: Create an EROFS image for the airootfs work directory
* ``airootfs_image_tool_options``: An array of options to pass to the tool to create the airootfs image. ``mksquashfs`` and
``mkfs.erofs`` are supported. See ``mksquashfs --help`` or ``mkfs.erofs --help`` for all possible options
* ``bootstrap_tarball_compression``: An array containing the compression program and arguments passed to it for
compressing the bootstrap tarball (defaults to ``cat``). For example: ``bootstrap_tarball_compression=(zstd -c -T0 --long -19)``.
* ``file_permissions``: An associative array that lists files and/or directories who need specific ownership or
permissions. The array's keys contain the path and the value is a colon separated list of owner UID, owner GID and
access mode. E.g. ``file_permissions=(["/etc/shadow"]="0:0:400")``. When directories are listed with a trailing backslash (``/``) **all** files and directories contained within the listed directory will have the same owner UID, owner GID, and access mode applied recursively.
@ -141,15 +137,9 @@ The following *custom template identifiers* are understood and will be replaced
respective variables in ``profiledef.sh``:
* ``%ARCHISO_LABEL%``: Set this using the ``iso_label`` variable in ``profiledef.sh``.
* ``%INSTALL_DIR%``: Set this using the ``install_dir`` variable in ``profiledef.sh``.
* ``%INSTALL_DIR%``: Set this using the ``iso_label`` variable in ``profiledef.sh``.
* ``%ARCH%``: Set this using the ``arch`` variable in ``profiledef.sh``.
Additionally there are also *custom template identifiers* have harcoded values set by ``mkarchiso`` that cannot be
overridden:
* ``%ARCHISO_UUID%``: the ISO 9660 modification date in UTC, i.e. its "UUID",
* ``%ARCHISO_SEARCH_FILENAME%``: file path on ISO 9660 that can be used by GRUB to find the ISO volume
(**for GRUB ``.cfg`` files only**).
efiboot
-------

133
docs/README.transfer Normal file
View file

@ -0,0 +1,133 @@
INDEX
-----
* Transfer ISO file to target medium (configs/releng)
* To -> CD / DVD / BD
* To -> USB-key / SD / HDD / SSD
* PC-BIOS (MBR)
* PC-BIOS (ISOHYBRID-MBR)
* PC-EFI (GPT) [x86_64 only]
* PC-EFI (ISOHYBRID-GPT) [x86_64 only]
*** Transfer ISO image to target medium (configs/releng)
ISO images names consist of: archlinux-<YYYY>.<MM>.<DD>-x86_64.iso
Where:
<YYYY> Year
<MM> Month
<DD> Day
** To -> CD / DVD / BD
Note: All ISO images are booteable on a PC-BIOS via "El Torito" in no-emulation mode,
All x86_64 ISO images are booteable on a PC-EFI via "El Torito" in no-emulation mode.
Nomeclature:
<B> scsibus number
<T> target number
<L> lun number
(Note: see cdrecord -scanbus, for these numbers)
1) Write it directly using your favorite recording program.
# cdrecord dev=<B>,<T>,<L> -dao archlinux-<YYYY>.<MM>.<DD>-x86_64.iso
** To -> USB Flash Drive (USB-key) / Memory card (SD) /
Hard-Disk Drive (HDD) / Solid-State Drive (SSD)
Note: These steps are the general workflow, you can skip some of them,
using another filesystem if your bootloader supports it,
installing to another directory than "arch/" or using more than
one partition. Just ensure that main boot params options
(archisolabel= and archisobasedir=) are set correctly according to your setup.
Nomeclature:
<DEV-TARGET>: Device node of the drive where ISO contents should be copied
(example: /dev/sdx)
<DEV-TARGET-N>: Device node of the partition on <DEV-TARGET>
(example: /dev/sdx1)
<MNT-TARGET-N>: Mount point path where <DEV-TARGET-N> is mounted
(example: /mnt/sdx/1)
<ISO-SOURCE>: Path to the ISO file archlinux-<YYYY>.<MM>.<DD>-x86_64.iso
(example: ~/archlinux-2017.03.01-x86_64.iso)
<FS-LABEL>: Represents the filesystem label of the <ISO-SOURCE>
(example: ARCH_201703)
* PC-BIOS (MBR):
Note: Using here a MBR partition mode as example, but GPT should also works
if machine firmware is not broken.
Just ensure that partition is set with attribute "2: legacy BIOS bootable"
and use gptmbr.bin instead of mbr.bin for syslinux.
1) Create one partition entry in MBR and mark it as "active" (booteable).
Note: Type "b" for FAT32, "83" for EXTFS or "7" for NTFS.
# fdisk <DEV-TARGET>
2) Create a FAT32, EXTFS or NTFS filesystem on such partition and setup a label.
Note: COW is not supported on NTFS.
# mkfs.fat -F 32 -n <FS-LABEL> <DEV-TARGET-N>
# mkfs.ext4 -L <FS-LABEL> <DEV-TARGET-N>
# mkfs.ntfs -L <FS-LABEL> <DEV-TARGET-N>
3) Mount target filesystem.
# mount <DEV-TARGET-N> <MNT-TARGET-N>
4) Extract ISO image on target filesystem.
# bsdtar -x --exclude=isolinux/ --exclude=EFI/ --exclude=loader/ -f <ISO-SOURCE> -C <MNT-TARGET-N>
5) Install syslinux bootloader on target filesystem.
# extlinux -i <MNT-TARGET-N>/arch/boot/syslinux
6) Unmount target filesystem.
# umount <MNT-TARGET-N>
7) Install syslinux MBR boot code on target drive.
# dd bs=440 count=1 conv=notrunc if=/usr/lib/syslinux/bios/mbr.bin of=<DEV-TARGET>
* PC-BIOS (ISOHYBRID-MBR):
Note: This method is the most easily, quick and dirty, but is the most limited
if you want to use your target medium for other purposes.
If using this does not work, use PC-BIOS (MBR) method instead.
1) Dump ISO file to target medium.
# dd if=<ISO-SOURCE> of=<DEV-TARGET>
* PC-EFI (GPT) [x86_64 only]
Note: Using here a GPT partition mode as example, but MBR should also works
if machine firmware is not broken.
1) Create one partition entry in GPT (of type "ef00")
# gdisk <DEV-TARGET>
2) Create a FAT32 filesystem on such partition and setup a label.
# mkfs.fat -F 32 -n <FS-LABEL> <DEV-TARGET-N>
3) Mount target filesystem.
# mount <DEV-TARGET-N> <MNT-TARGET-N>
4) Extract ISO image on target filesystem.
# bsdtar -x --exclude=isolinux/ --exclude=EFI/archiso/ --exclude=arch/boot/syslinux/ -f <ISO-SOURCE> -C <MNT-TARGET-N>
5) Unmount target filesystem.
# umount <MNT-TARGET-N>
* PC-EFI (ISOHYBRID-GPT) [x86_64 only]
Note: This method is the most easily, quick and dirty, but is the most limited
if you want to use your target medium for other purposes.
If using this does not work, use PC-EFI (GPT) method instead.
1) Dump ISO file to target medium.
# dd if=<ISO-SOURCE> of=<DEV-TARGET>

165
docs/README.transfer.rst
View file

@ -1,165 +0,0 @@
==============================================
Transfer ISO to target medium (configs/releng)
==============================================
ISO images names consist of: ``archlinux-YYYY.MM.DD-x86_64.iso``.
Where: ``YYYY`` is the year, ``MM`` the month and ``DD`` the day.
.. contents::
Burn to an optical disc
=======================
.. note::
All ISO images are BIOS and UEFI bootable via "El Torito" in no-emulation mode.
Burn the ISO using your favorite disc burning program.
For example:
.. code:: sh
xorriso -as cdrecord -v -sao dev=/dev/sr0 archlinux-YYYY.MM.DD-x86_64.iso
Write to an USB flash drive / memory card / hard disk drive / solid state drive / etc.
======================================================================================
.. tip::
See https://wiki.archlinux.org/title/USB_flash_installation_medium for more detailed instructions.
Nomeclature:
``<DEV-TARGET>``
Device node of the drive where ISO contents should be copied (example: ``/dev/sdx``).
``<DEV-TARGET-N>``
Device node of the partition on ``<DEV-TARGET>`` (example: ``/dev/sdx1``).
``<FS-LABEL>``
Represents the file system label of the ``archlinux-YYYY.MM.DD-x86_64.iso`` (example: ``ARCH_201703``).
ISOHYBRID (BIOS and UEFI)
-------------------------
.. note::
This method is the most easily, quick and dirty, but is the most limited if you want to use your target medium
for other purposes. If using this does not work, use the `File system transposition (UEFI only)`_ method instead.
Directly write the ISO file to the target medium:
.. code:: sh
dd bs=4M if=archlinux-YYYY.MM.DD-x86_64.iso of=<DEV-TARGET> conv=fsync oflag=direct status=progress
File system transposition (UEFI only)
--------------------------------
This method extracts the contents of the ISO onto a prepared UEFI-bootable volume.
If your drive is already partitioned and formatted, skip to the "Mount the target file system" step.
.. note::
Using MBR with one FAT formatted active partition is the most compatible method.
1. Partition the drive with *fdisk*.
.. code:: sh
fdisk <DEV-TARGET>
1) Create a new MBR partition table with command ``o``.
.. warning::
This will destroy all data on the drive.
2) Create a new primary partition with command ``n`` and set its type code to ``0c`` with command ``t``.
3) Mark the partition as bootable with the ``a`` command.
4) Write the changes and exit with ``w``.
2. Format the newly created partition to FAT32
.. code:: sh
mkfs.fat -F 32 /dev/disk/by-id/<TARGET-DEVICE>-part1
3. Mount the target file system
.. code:: sh
mount <DEV-TARGET-N> /mnt
4. Extract the ISO image on the target file system.
.. code:: sh
bsdtar -x --exclude=boot/syslinux/ -f archlinux-YYYY.MM.DD-x86_64.iso -C /mnt
5. Unmount the target file system.
.. code:: sh
umount /mnt
Manual formatting (BIOS only)
-----------------------------
.. note::
These steps are the general workflow, you can skip some of them, using another file system if your boot loader
supports it, installing to another directory than ``arch/`` or using more than one partition. Just ensure that
main boot parameters (``archisolabel=`` and ``archisobasedir=``) are set correctly according to your setup.
Using here a MBR partition mode as example, but GPT should also work if the machine firmware is not broken. Just
ensure that partition is set with attribute ``2: legacy BIOS bootable`` and use ``gptmbr.bin`` instead of
``mbr.bin`` for syslinux.
1) Create one partition entry in MBR and mark it as "active" (bootable).
.. note::
Type ``b`` for FAT32, ``83`` for EXTFS or ``7`` for NTFS.
.. code:: sh
fdisk <DEV-TARGET>
2) Create a FAT32, EXTFS or NTFS file system on such partition and setup a label.
.. note::
COW is not supported on NTFS.
.. code:: sh
mkfs.fat -F 32 -n <FS-LABEL> <DEV-TARGET-N>
mkfs.ext4 -L <FS-LABEL> <DEV-TARGET-N>
mkfs.ntfs -L <FS-LABEL> <DEV-TARGET-N>
3) Mount the target file system.
.. code:: sh
mount <DEV-TARGET-N> /mnt
4) Extract the ISO image on the target file system.
.. code:: sh
bsdtar -x --exclude=boot/grub/ --exclude=EFI/ -f archlinux-YYYY.MM.DD-x86_64.iso -C /mnt
5) Install the syslinux boot loader on the target file system.
.. code:: sh
extlinux -i /mnt/boot/syslinux
6) Unmount the target file system.
.. code:: sh
umount /mnt
7) Install syslinux MBR boot code on the target drive.
.. code:: sh
dd bs=440 count=1 conv=notrunc if=/usr/lib/syslinux/bios/mbr.bin of=<DEV-TARGET>

80
man/mkarchiso.1.rst
View file

@ -1,80 +0,0 @@
=========
mkarchiso
=========
------------------------
Arch Linux ISO generator
------------------------
:Version: archiso |version|
:Manual section: 1
Synopsis
========
**mkarchiso** [options] *profile_directory*
Description
===========
**mkarchiso** creates an ISO, netboot artifacts and a bootstrap tarball and optionally signs them.
Options
=======
-A application | Set an application name for the ISO.
| Default: |iso_application|.
-C file | pacman configuration file.
| Default: |pacman_conf|.
-D install_dir | Set an install_dir. All files will be located here.
| Default: |install_dir|.
| NOTE: Max 8 characters, use only *a-z0-9*.
-L label | Set the ISO volume label.
| Default: |iso_label|.
-P publisher | Set the ISO publisher.
| Default: |iso_publisher|.
-c cert_and_key | Provide certificates for codesigning of netboot artifacts as well as the rootfs artifact.
| Multiple files are provided as quoted, space delimited list.
| The first file is considered as the signing certificate, the second as the key and the third as the optional certificate authority.
-g gpg_key | Set the PGP key ID to be used for signing the rootfs image. Passed to gpg as the value for **--default-key**.
-G mbox | Set the PGP signer (must include an email address). Passed to gpg as the value for **--sender**.
-h | Help message.
-m mode | Build mode(s) to use (valid modes are: *bootstrap*, *iso* and *netboot*). Multiple build modes are provided as quoted, space delimited list.
-o out_dir | Set the output directory.
| Default: |out_dir|.
-p packages | Package(s) to install.
| Multiple packages are provided as quoted, space delimited list.
-r | Delete the working directory at the end.
-v | Enable verbose output.
-w work_dir | Set the working directory.
| Default: |work_dir|.
Examples
========
Build the releng profile
------------------------
mkarchiso |profile_dir|/configs/releng
Bugs
====
https://gitlab.archlinux.org/archlinux/archiso/-/issues
Authors
=======
archiso is maintained by the Arch Linux community. Refer to the *AUTHORS* file for a full list of contributors.
Copyright
=========
Copyright 🄯 archiso contributors. GPL-3.0-or-later.
See also
========
* /usr/share/doc/archiso/README.profile.rst
.. include:: variables.rst

10
man/variables.rst
View file

@ -1,10 +0,0 @@
.. |iso_application| replace:: '*mkarchiso iso*'
.. |pacman_conf| replace:: */etc/pacman.conf*
.. |install_dir| replace:: *arch*
.. |iso_label| replace:: *MKARCHISO*
.. |iso_publisher| replace:: *mkarchiso*
.. |out_dir| replace:: *./out*
.. |work_dir| replace:: *./work*
.. |profile_dir| replace:: /usr/share/archiso
.. include:: version.rst

13
scripts/run_archiso.sh
View file

@ -11,6 +11,7 @@
# - qemu
# - edk2-ovmf (when UEFI booting)
set -eu
print_help() {
@ -44,11 +45,11 @@ cleanup_working_dir() {
}
copy_ovmf_vars() {
if [[ ! -f '/usr/share/edk2/x64/OVMF_VARS.4m.fd' ]]; then
printf 'ERROR: %s\n' "OVMF_VARS.4m.fd not found. Install edk2-ovmf."
if [[ ! -f '/usr/share/edk2-ovmf/x64/OVMF_VARS.fd' ]]; then
printf 'ERROR: %s\n' "OVMF_VARS.fd not found. Install edk2-ovmf."
exit 1
fi
cp -av -- '/usr/share/edk2/x64/OVMF_VARS.4m.fd' "${working_dir}/"
cp -av -- '/usr/share/edk2-ovmf/x64/OVMF_VARS.fd' "${working_dir}/"
}
check_image() {
@ -67,13 +68,13 @@ run_image() {
copy_ovmf_vars
if [[ "${secure_boot}" == 'on' ]]; then
printf '%s\n' 'Using Secure Boot'
local ovmf_code='/usr/share/edk2/x64/OVMF_CODE.secboot.4m.fd'
local ovmf_code='/usr/share/edk2-ovmf/x64/OVMF_CODE.secboot.fd'
else
local ovmf_code='/usr/share/edk2/x64/OVMF_CODE.4m.fd'
local ovmf_code='/usr/share/edk2-ovmf/x64/OVMF_CODE.fd'
fi
qemu_options+=(
'-drive' "if=pflash,format=raw,unit=0,file=${ovmf_code},read-only=on"
'-drive' "if=pflash,format=raw,unit=1,file=${working_dir}/OVMF_VARS.4m.fd"
'-drive' "if=pflash,format=raw,unit=1,file=${working_dir}/OVMF_VARS.fd"
'-global' "driver=cfi.pflash01,property=secure,value=${secure_boot}"
)
fi