Keep the prepared `.conf` files in `work_dir` to avoid having to run
them through `sed` twice.
This makes sure the FAT image size calculation is more correct and also
simplifies copying the files m to both ISO 9660 and the FAT image since
the the whole `loader` directory can copied instead of copying
individual files.
By default systemd-networkd-wait-online.service considers a network
connection to be "online" when it has reached the "degraded" state
(see networkctl(1) for the definitions).
Since "degraded" does not ensure there's a routable address, let's
change the connection's requirement to "routable" instead.
This gives a better chance that the network really is online when
network-online.target is reached.
By Anton Hvornum
* origin/merge-requests/353:
Ensured the correct CA key and CA certificate is used during signing process. It's been working based on default assumptions from the openssl configuration, but it's worth being explicit when doing these operations. Also removed a redundant -sha256
See merge request https://gitlab.archlinux.org/archlinux/archiso/-/merge_requests/353
GnuPG changed their default from RSA to ECC, so Key-Length not
a thing it supports. Instead it asks for the Key-Curve.
Avoid using the default and hardcode ed25519 (which is the current
GnuPG default).
Even if GRUB is not used as a boot loader for the ISO, create a
`/boot/grub/grubenv` file in the ISO 9660 file system. If a
`loopback.cfg` file exists in the profile's `grub` directory, copy it
to `/boot/grub/loopback.cfg` on the ISO.
This ensures the funtionality will not be lost if the used boot loaders
are changed.
Construct a human readable platform identifier from GRUB's built-in
variables and use it in menu item descriptions.
Only add the menu entries for the additional tools (UEFI shell,
Memtest86+) if the files exist.
Modify baseline's `grub.cfg` to closer match releng.
* Do not manually load modules that will get loaded by invoking a command.
* Explicitly load serial modules.
* Move `insmod all_video` after the font is loaded.
The systemd 254.2-1 package ships with IA32 systemd-boot, so it is
possible to use for booting on IA32 UEFI.
Perhaps they will be useful in the future.
At least for now, the baseline and releng profiles are not changed to
use them. When the issues and headaches caused with GRUB reach a
critical point, then we will switch.
bolt can be used to list and authorize Thunderbolt and USB4 devices.
Inspired by https://bbs.archlinux.org/viewtopic.php?id=288731 where a
user needed to install the package in the live environment.
The only changes we make to the default are to enable root login via a
password.
While `PasswordAuthentication yes` is the default, let's set it
explicitly to avoid potential issues in the future.
openssh 9.4p1-2 changed /etc/ssh/sshd_config to add support for
drop-in files in /etc/ssh/sshd_config.d/.
Using drop-in files avoids needing to keep up with changes to the
default /etc/ssh/sshd_config.
Since systemd 245, IPv6PrivacyExtensions can be set not just per
connection, but also globally for all connection with a configuration
file in /etc/systemd/network.conf.d/.
Since tmpfs has a `noswap` option, use it instead of ramfs. Unlike
ramfs, tmpfs has a limit to its size.
This reverts commit 09b0428128 ("configs/releng/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount: use ramfs").
Adjust subject name to more closely match what's used in create_ephemeral_pgp_key.
Reduce the certificate validity to two days. These are just temporary
certificates, they will not be used anywhere.
Fixes#196
Options set in xorriso startup files (~/.xorrisorc) could interfere with the xorriso command run by mkarchiso.
For example, if ~root/.xorrisorc contains -dummy on, then the ISO file will be empty.
Pass -no_rc as the first option to xorriso to prevent interference and unintended behavior.
Fixes#153.
Since `_build_buildmode_netboot` runs `_build_iso_base` which runs
`_prepare_airootfs_image`, the call to `_cms_sign_artifact` in
`_build_buildmode_netboot` can be removed.
Fixes#197
`-r` will instruct to delete the working directory at the end of a
`mkarchiso` run.
If the specified directory already exists, then it will not be deleted
and instead produce a warning.
Implements #211
