Custom enhancements

Keep the prepared `.conf` files in `work_dir` to avoid having to run
them through `sed` twice.

This makes sure the FAT image size calculation is more correct and also
simplifies copying the files m to both ISO 9660 and the FAT image since
the the whole `loader` directory can copied instead of copying
individual files.

.gitignore

@@ -1,3 +1,4 @@
+.idea
 *~
 archiso-*.tar.gz*
 work/

.gitlab/ci/build_archiso.sh

@@ -241,7 +241,6 @@ create_ephemeral_codesigning_keys() {
     # Create the Certificate Authority
     openssl req \
         -newkey rsa:4096 \
-        -sha256 \
         -nodes \
         -x509 \
         -new \
@@ -280,6 +279,8 @@ EOF
         -days 2 \
         -notext \
         -md sha256 \
+        -keyfile "${ca_key}" \
+        -cert "${ca_cert}" \
         -in "${codesigning_cert}.csr" \
         -out "${codesigning_cert}"
 

AUTHORS.rst

@@ -27,6 +27,7 @@ Archiso Authors
 * Giancarlo Razzolini <grazzolini@archlinux.org>
 * Howard Hicks <deimosian@gmail.com>
 * James Sitegen <jamesm.sitegen@gmail.com>
+* John Lane <archlinux@jelmail.com>
 * Jonathan Liu <net147@gmail.com>
 * Jonathon Fernyhough <jonathon@m2x.dev>
 * Justin Kromlinger <hashworks@archlinux.org>
@@ -51,6 +52,7 @@ Archiso Authors
 * Yu Li-Yu <afg984@gmail.com>
 * Zig Globulin <zig@zigsystem.com>
 * hayao <hayao@fascode.net>
+* kojq su <3145-kojqsu@users.noreply.gitlab.archlinux.org>
 * mono wock <aaronleemorrison@protonmail.com>
 * nl6720 <nl6720@gmail.com>
 * plain linen <bcdedit@hotmail.com>

CHANGELOG.rst

@@ -8,8 +8,6 @@ Changelog
 Added
 -----
 
-- Add bcachefs-tools to releng for access to bcachefs userspace tools.
-
 Changed
 -------
 
@@ -22,6 +20,26 @@ Fixed
 Removed
 -------
 
+[74] - 2023-12-21
+=================
+
+Added
+-----
+
+- Add bcachefs-tools to releng for access to bcachefs userspace tools.
+- Add tftp as a valid protocol for downloading automated boot script.
+
+Changed
+-------
+
+- Set ``RequiredForOnline=routable`` in systemd-networkd configuration files to improve the chances that the network
+  really is *online* when ``network-online.target`` is reached.
+
+Fixed
+-----
+
+- Add missing replacement for the UUID variable in systemd-boot configuration files on ISO 9660.
+
 [73] - 2023-09-29
 =================
 

archiso/mkarchiso

@@ -550,7 +550,7 @@ _make_efibootimg() {
     fi
 
     # Create the default/fallback boot path in which a boot loaders will be placed later.
-    mmd -i "${efibootimg}" ::/EFI ::/EFI/BOOT
+    mmd -i "${efibootimg}" ::/EFI ::/EFI/BOOT ::/EFI/Linux
 }
 
 # Copy GRUB files to ISO 9660 which is used by both IA32 UEFI and x64 UEFI
@@ -851,56 +851,75 @@ _make_common_bootmode_systemd-boot() {
         efiboot_files+=("${pacstrap_dir}/usr/lib/systemd/boot/efi/systemd-bootia32.efi"
                         "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi")
     fi
-    efiboot_files+=("${profile}/efiboot/"
-                    "${pacstrap_dir}/boot/vmlinuz-"*
-                    "${pacstrap_dir}/boot/initramfs-"*".img"
-                    "${_available_ucodes[@]}")
+    mkdir -p "${pacstrap_dir}/boot/efi"
+    ukify_args=(build)
+    ukify_args+=(--linux "${pacstrap_dir}/boot/vmlinuz-"*)
+    for ucode in "${_available_ucodes[@]}"
+    do
+        ukify_args+=(--initrd "${ucode}")
+    done
+    ukify_args+=(--initrd "${pacstrap_dir}/boot/initramfs-"*".img")
+    ukify_args+=(--cmdline "archisobasedir=${install_dir} archisodevice=UUID=${iso_uuid}")
+    ukify_args+=(--output "${pacstrap_dir}/boot/efi/linux-ukify.efi")
+    # TODO will be moved to /usr/bin (actually already happened)
+    /usr/lib/systemd/ukify "${ukify_args[@]}"
+    sbctl sign "${pacstrap_dir}/boot/efi/linux-ukify.efi"
+    efiboot_files+=("${work_dir}/loader/"
+                    #"${pacstrap_dir}/boot/vmlinuz-"*
+                    #"${pacstrap_dir}/boot/initramfs-"*".img"
+                    "${pacstrap_dir}/boot/efi/linux-ukify.efi"
+                    #"${_available_ucodes[@]}"
+                    )
     efiboot_imgsize="$(du -bcs -- "${efiboot_files[@]}" 2>/dev/null | awk 'END { print $1 }')"
     # Create a FAT image for the EFI system partition
     _make_efibootimg "$efiboot_imgsize"
 }
 
-_make_common_bootmode_systemd-boot_conf.isofs() {
+_make_common_bootmode_systemd-boot_conf() {
     local _conf
 
-    # Copy systemd-boot configuration files
-    install -d -m 0755 -- "${isofs_dir}/loader/entries"
-    install -m 0644 -- "${profile}/efiboot/loader/loader.conf" "${isofs_dir}/loader/"
-    for _conf in "${profile}/efiboot/loader/entries/"*".conf"; do
-        sed "s|%ARCHISO_LABEL%|${iso_label}|g;
-             s|%INSTALL_DIR%|${install_dir}|g;
-             s|%ARCH%|${arch}|g" \
-            "${_conf}" >"${isofs_dir}/loader/entries/${_conf##*/}"
-    done
-}
+    install -d -m 0755 -- "${work_dir}/loader" "${work_dir}/loader/entries"
 
-_make_common_bootmode_systemd-boot_conf.esp() {
-    local _conf
-
-    # Copy systemd-boot configuration files
-    mmd -i "${efibootimg}" ::/loader ::/loader/entries
-    mcopy -i "${efibootimg}" "${profile}/efiboot/loader/loader.conf" ::/loader/
+    install -m 0644 -- "${profile}/efiboot/loader/loader.conf" "${work_dir}/loader"
     for _conf in "${profile}/efiboot/loader/entries/"*".conf"; do
         sed "s|%ARCHISO_LABEL%|${iso_label}|g;
              s|%ARCHISO_UUID%|${iso_uuid}|g;
              s|%INSTALL_DIR%|${install_dir}|g;
              s|%ARCH%|${arch}|g" \
-            "${_conf}" | mcopy -i "${efibootimg}" - "::/loader/entries/${_conf##*/}"
+            "${_conf}" >"${work_dir}/loader/entries/${_conf##*/}"
     done
 }
 
+# Copy systemd-boot configuration files to ISO 9660
+_make_common_bootmode_systemd-boot_conf.isofs() {
+    cp -r --remove-destination -- "${work_dir}/loader" "${isofs_dir}/"
+}
+
+# Copy systemd-boot configuration files to FAT image
+_make_common_bootmode_systemd-boot_conf.esp() {
+    mcopy -i "${efibootimg}" -s "${work_dir}/loader" ::/
+}
+
 # Prepare systemd-boot for booting when written to a disk (isohybrid)
 _make_bootmode_uefi-x64.systemd-boot.esp() {
     _msg_info "Setting up systemd-boot for x64 UEFI booting..."
 
+    # Prepare configuration files
+    #_run_once _make_common_bootmode_systemd-boot_conf
+
+    # Prepare a FAT image for the EFI system partition
     _run_once _make_common_bootmode_systemd-boot
 
     # Copy systemd-boot EFI binary to the default/fallback boot path
+    sbctl sign "${pacstrap_dir}/usr/lib/systemd/boot/efi/systemd-bootx64.efi"
     mcopy -i "${efibootimg}" \
         "${pacstrap_dir}/usr/lib/systemd/boot/efi/systemd-bootx64.efi" ::/EFI/BOOT/BOOTx64.EFI
 
+    mcopy -i "${efibootimg}" \
+        "${pacstrap_dir}/boot/efi/linux-ukify.efi" ::/EFI/Linux/linux-ukify.efi
+
     # Copy systemd-boot configuration files
-    _run_once _make_common_bootmode_systemd-boot_conf.esp
+    #_run_once _make_common_bootmode_systemd-boot_conf.esp
 
     # shellx64.efi is picked up automatically when on /
     if [[ -e "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" ]]; then
@@ -910,13 +929,16 @@ _make_bootmode_uefi-x64.systemd-boot.esp() {
 
     # Copy kernel and initramfs to FAT image.
     # systemd-boot can only access files from the EFI system partition it was launched from.
-    _run_once _make_boot_on_fat
+    #_run_once _make_boot_on_fat
 
     _msg_info "Done! systemd-boot set up for x64 UEFI booting successfully."
 }
 
 # Prepare systemd-boot for El Torito booting
 _make_bootmode_uefi-x64.systemd-boot.eltorito() {
+    # Prepare configuration files
+    _run_once _make_common_bootmode_systemd-boot_conf
+
     # El Torito UEFI boot requires an image containing the EFI system partition.
     # uefi-x64.systemd-boot.eltorito has the same requirements as uefi-x64.systemd-boot.esp
     _run_once _make_bootmode_uefi-x64.systemd-boot.esp
@@ -946,6 +968,10 @@ _make_bootmode_uefi-x64.systemd-boot.eltorito() {
 _make_bootmode_uefi-ia32.systemd-boot.esp() {
     _msg_info "Setting up systemd-boot for IA32 UEFI booting..."
 
+    # Prepare configuration files
+    _run_once _make_common_bootmode_systemd-boot_conf
+
+    # Prepare a FAT image for the EFI system partition
     _run_once _make_common_bootmode_systemd-boot
 
     # Copy systemd-boot EFI binary to the default/fallback boot path
@@ -969,6 +995,9 @@ _make_bootmode_uefi-ia32.systemd-boot.esp() {
 }
 
 _make_bootmode_uefi-ia32.systemd-boot.eltorito() {
+    # Prepare configuration files
+    _run_once _make_common_bootmode_systemd-boot_conf
+
     # El Torito UEFI boot requires an image containing the EFI system partition.
     # uefi-ia32.systemd-boot.eltorito has the same requirements as uefi-ia32.systemd-boot.esp
     _run_once _make_bootmode_uefi-ia32.systemd-boot.esp

configs/baseline/airootfs/etc/systemd/network/20-ethernet.network

@@ -5,6 +5,9 @@
 Name=en*
 Name=eth*
 
+[Link]
+RequiredForOnline=routable
+
 [Network]
 DHCP=yes
 MulticastDNS=yes

configs/releng/airootfs/etc/mkinitcpio.conf.d/archiso.conf

@@ -1,2 +1,2 @@
 HOOKS=(base udev modconf kms memdisk archiso archiso_loop_mnt archiso_pxe_common archiso_pxe_nbd archiso_pxe_http archiso_pxe_nfs block filesystems keyboard)
-COMPRESSION="xz"
+COMPRESSION="zstd"

configs/releng/airootfs/etc/systemd/network/20-ethernet.network

@@ -5,6 +5,9 @@
 Name=en*
 Name=eth*
 
+[Link]
+RequiredForOnline=routable
+
 [Network]
 DHCP=yes
 MulticastDNS=yes

configs/releng/airootfs/etc/systemd/network/20-wlan.network

@@ -1,6 +1,9 @@
 [Match]
 Name=wl*
 
+[Link]
+RequiredForOnline=routable
+
 [Network]
 DHCP=yes
 MulticastDNS=yes

configs/releng/airootfs/etc/systemd/network/20-wwan.network

@@ -1,6 +1,9 @@
 [Match]
 Name=ww*
 
+[Link]
+RequiredForOnline=routable
+
 [Network]
 DHCP=yes
 

configs/releng/airootfs/etc/xdg/reflector/reflector.conf

@@ -4,5 +4,5 @@
 --ipv4
 --ipv6
 --protocol https
---latest 20
+--latest 5
 --sort rate

configs/releng/airootfs/root/.automated_script.sh

@@ -16,7 +16,7 @@ automated_script() {
     local script rt
     script="$(script_cmdline)"
     if [[ -n "${script}" && ! -x /tmp/startup_script ]]; then
-        if [[ "${script}" =~ ^((http|https|ftp)://) ]]; then
+        if [[ "${script}" =~ ^((http|https|ftp|tftp)://) ]]; then
             # there's no synchronization for network availability before executing this script
             printf '%s: waiting for network-online.target\n' "$0"
             until systemctl --quiet is-active network-online.target; do

configs/releng/airootfs/usr/local/bin/mnt.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+set -euxo pipefail
+
+loadkeys de
+cryptsetup open /dev/disk/by-uuid/bb5f4eb8-dd2a-445b-9452-23eb44368170 luks-root
+sleep 1
+mount /dev/mapper/rootvg-rootvol /mnt
+arch-chroot /mnt /bin/bash -c "mount -a"
+arch-chroot /mnt /bin/zsh

configs/releng/packages.x86_64

@@ -128,3 +128,4 @@ wvdial
 xfsprogs
 xl2tpd
 zsh
+systemd-ukify

configs/releng/profiledef.sh

@@ -8,9 +8,7 @@ iso_application="Arch Linux Live/Rescue CD"
 iso_version="$(date --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +%Y.%m.%d)"
 install_dir="arch"
 buildmodes=('iso')
-bootmodes=('bios.syslinux.mbr' 'bios.syslinux.eltorito'
-           'uefi-ia32.grub.esp' 'uefi-x64.grub.esp'
-           'uefi-ia32.grub.eltorito' 'uefi-x64.grub.eltorito')
+bootmodes=('uefi-x64.systemd-boot.esp')
 arch="x86_64"
 pacman_conf="pacman.conf"
 airootfs_image_type="squashfs"
@@ -23,4 +21,5 @@ file_permissions=(
   ["/usr/local/bin/choose-mirror"]="0:0:755"
   ["/usr/local/bin/Installation_guide"]="0:0:755"
   ["/usr/local/bin/livecd-sound"]="0:0:755"
+  ["/usr/local/bin/mnt.sh"]="0:0:755"
 )