faerbit/archiso
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add reflector and enable reflector.service

Browse Source 
reflector.service will update pacman's mirrorlist after a network connection is established in the live system.
Fixes https://gitlab.archlinux.org/archlinux/archiso/-/issues/26 .
This commit is contained in:
nl6720 2020-06-30 12:03:29 +03:00
parent b08f1681cf
commit 3c33e84c3e
No known key found for this signature in database
GPG Key ID: 5CE88535E188D369
3 changed files with 44 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/reflector.service Symbolic link
View File

@ -0,0 +1 @@
../reflector.service

42
configs/releng/airootfs/etc/systemd/system/reflector.service Normal file
View File

@ -0,0 +1,42 @@
[Unit]
Description=pacman mirrorlist update
Wants=network-online.target
After=network-online.target nss-lookup.target
ConditionKernelCommandLine=!mirror
[Service]
Type=oneshot
ExecStart=/usr/bin/reflector --protocol https --age 1 --sort rate --save /etc/pacman.d/mirrorlist
Restart=on-failure
RestartSec=10
CacheDirectory=reflector
CapabilityBoundingSet=~CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_CHOWN CAP_FSETID CAP_SETFCAP CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_FOWNER CAP_IPC_OWNER CAP_NET_ADMIN CAP_SYS_TIME CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE CAP_KILL CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYS_RESOURCE CAP_MAC_ADMIN CAP_MAC_OVERRIDE CAP_SYS_BOOT CAP_LINUX_IMMUTABLE CAP_IPC_LOCK CAP_SYS_CHROOT CAP_BLOCK_SUSPEND CAP_LEASE CAP_SYS_PACCT CAP_SYS_TTY_CONFIG CAP_WAKE_ALARM
Environment=XDG_CACHE_HOME=/var/cache/reflector
LockPersonality=true
MemoryDenyWriteExecute=true
NoNewPrivileges=true
PrivateDevices=true
PrivateTmp=true
PrivateUsers=true
ProtectClock=true
ProtectControlGroups=true
ProtectHome=true
ProtectHostname=true
ProtectKernelTunables=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectSystem=strict
ReadWritePaths=/etc/pacman.d/mirrorlist
ReadOnlyPaths=/etc/reflector/reflector.conf
RemoveIPC=true
RestrictAddressFamilies=~AF_AX25 AF_IPX AF_APPLETALK AF_X25 AF_DECnet AF_KEY AF_NETLINK AF_PACKET AF_RDS AF_PPPOX AF_LLC AF_IB AF_MPLS AF_CAN AF_TIPC AF_BLUETOOTH AF_ALG AF_VSOCK AF_KCM AF_UNIX AF_XDP
RestrictNamespaces=true
RestrictRealtime=true
RestrictSUIDSGID=true
SystemCallArchitectures=native
SystemCallFilter=@system-service
SystemCallFilter=~@resources @privileged
UMask=177
[Install]
WantedBy=multi-user.target

1
configs/releng/packages.x86_64
View File

@ -57,6 +57,7 @@ ppp
pptpclient
reiserfsprogs
rp-pppoe
reflector
rsync
sdparm
sg3_utils