.github/FUNDING.yml

+# These are supported funding model platforms
+
+custom: ['https://www.archlinux.org/donate/']

.gitignore

@@ -2,3 +2,8 @@ packer_cache/
 *.box
 *.swp
 output-*
+.vscode
+*.SHA256
+*.qcow2
+/tmp/
+/output/

.gitlab-ci.yml

+default:
+  image: "archlinux:latest"
+
+stages:
+  - lint
+  - build
+  - test
+  - publish
+  - cleanup
+  - report
+
+shellcheck:
+  stage: lint
+  before_script:
+    - pacman -Syu --needed --noconfirm shellcheck
+  script:
+    - shopt -s globstar
+    - shellcheck **/*.sh
+
+shfmt:
+  stage: lint
+  before_script:
+    - pacman -Syu --needed --noconfirm shfmt
+  script:
+    - shopt -s globstar
+    - shfmt -i 2 -ci -d **/*.sh
+
+.build:
+  stage: build
+  before_script:
+    - pacman -Syu --needed --noconfirm gptfdisk btrfs-progs dosfstools arch-install-scripts qemu-img jq
+  script:
+    - echo "BUILD_VERSION=$(date +%Y%m%d).$CI_JOB_ID" > build.env
+    - export $(< build.env)
+    - ./build.sh "${BUILD_VERSION}"
+  after_script:
+    - echo "image_size_megabytes{image=\"basic\"} $(du -m output/*basic*qcow2)" > metrics.txt
+    - echo "image_size_megabytes{image=\"cloudimg\"} $(du -m output/*cloudimg*qcow2)" >> metrics.txt
+    - echo "image_size_megabytes{image=\"libvirt\"} $(du -m output/*libvirt*box)" >> metrics.txt
+    - echo "image_size_megabytes{image=\"virtualbox\"} $(du -m output/*virtualbox*box)" >> metrics.txt
+  artifacts:
+    name: "output"
+    paths:
+      - "output/*"
+      # Workaround until https://gitlab.com/gitlab-org/gitlab/-/issues/352644 is sorted
+      - build.env
+    expire_in: 2d
+    reports:
+      metrics: metrics.txt
+      dotenv: build.env
+
+build:
+  extends: .build
+  tags:
+    - vm
+  except:
+    - master@archlinux/arch-boxes
+    - schedules@archlinux/arch-boxes
+
+build:secure:
+  extends: .build
+  tags:
+    - secure
+    - vm
+  only:
+    - master@archlinux/arch-boxes
+    - schedules@archlinux/arch-boxes
+  script:
+    - !reference [.build, script]
+    - gpg --import < <(echo "${GPG_PRIVATE_KEY}")
+    - |
+      for file in output/*; do
+        gpg --detach-sign "${file}"
+      done
+
+test-vagrant-boxes-format:
+  stage: test
+  before_script:
+    - pacman -Syu --needed --noconfirm vagrant
+  script:
+    - vagrant box add output/Arch-Linux-x86_64-virtualbox-*.box --name archlinux-vbox
+    - vagrant box add output/Arch-Linux-x86_64-libvirt-*.box --name archlinux-libvirt
+
+test-basic-qemu-bios:
+  stage: test
+  tags:
+    - fast-single-thread
+  variables:
+    SSHPASS: arch
+  before_script:
+    - pacman -Syu --needed --noconfirm qemu-base sshpass socat jq
+  script:
+    - qemu-system-x86_64
+        -m 512 -net nic -net user,hostfwd=tcp::2222-:22
+        -drive file=$(ls output/Arch-Linux-x86_64-basic-*.qcow2),if=virtio
+        -chardev socket,path=/tmp/qga.sock,server=on,wait=off,id=qga0
+        -device virtio-serial
+        -device virtserialport,chardev=qga0,name=org.qemu.guest_agent.0
+        -nographic &
+    - timeout 15m sh -c "while ! sshpass -e ssh -o ConnectTimeout=2 -o StrictHostKeyChecking=no arch@localhost -p 2222 sudo true; do sleep 1; done"
+    - 'echo "{\"execute\": \"guest-network-get-interfaces\"}" | socat -T0 -,ignoreeof unix-connect:/tmp/qga.sock | jq -e "any(.return.[]; .name == \"lo\")"'
+
+test-cloudimg-qemu-bios:
+  stage: test
+  tags:
+    - fast-single-thread
+  variables:
+    SSHPASS: passw0rd
+  before_script:
+    - pacman -Syu --needed --noconfirm qemu-base cdrtools sshpass socat jq
+  script:
+    - |
+      cat > user-data <<EOF
+      #cloud-config
+      password: '${SSHPASS}'
+      chpasswd: { expire: False }
+      ssh_pwauth: True
+      packages:
+        - tmux
+        - tree
+      runcmd:
+        - [ echo, 'Install more packages using runcmd.' ]
+        - [ pacman, --noconfirm, -Syu, bat ]
+        - [ touch, /runcmd_successful ]
+      EOF
+    - |
+      cat > meta-data <<EOF
+      instance-id: iid-local01
+      local-hostname: cloudimg
+      EOF
+    - cat user-data meta-data
+    - genisoimage -output seed.iso -volid cidata -joliet -rock user-data meta-data
+    - qemu-system-x86_64
+        -m 512 -net nic -net user,hostfwd=tcp::2222-:22
+        -drive file=$(ls output/Arch-Linux-x86_64-cloudimg-*.qcow2),if=virtio
+        -drive file=seed.iso,if=virtio
+        -chardev socket,path=/tmp/qga.sock,server=on,wait=off,id=qga0
+        -device virtio-serial
+        -device virtserialport,chardev=qga0,name=org.qemu.guest_agent.0
+        -nographic &
+    - timeout 15m sh -c "while ! sshpass -e ssh -o ConnectTimeout=2 -o StrictHostKeyChecking=no arch@localhost -p 2222 true; do sleep 1; done"
+    - timeout 15m sh -c "while ! sshpass -e ssh -o ConnectTimeout=2 -o StrictHostKeyChecking=no arch@localhost -p 2222 pacman -Q bat tmux tree; do sleep 1; done"
+    - timeout 15m sh -c "while ! sshpass -e ssh -o ConnectTimeout=2 -o StrictHostKeyChecking=no arch@localhost -p 2222 test -f /runcmd_successful ; do sleep 1; done"
+    - 'echo "{\"execute\": \"guest-network-get-interfaces\"}" | socat -T0 -,ignoreeof unix-connect:/tmp/qga.sock | jq -e "any(.return.[]; .name == \"lo\")"'
+
+test-basic-qemu-uefi-x64:
+  stage: test
+  tags:
+    - fast-single-thread
+  variables:
+    SSHPASS: arch
+  before_script:
+    - pacman -Syu --needed --noconfirm qemu-base edk2-ovmf sshpass socat jq
+  script:
+    - cp /usr/share/edk2/x64/OVMF_VARS.4m.fd ./
+    - qemu-system-x86_64
+        -m 512 -net nic -net user,hostfwd=tcp::2222-:22
+        -drive file=$(ls output/Arch-Linux-x86_64-basic-*.qcow2),if=virtio
+        -drive if=pflash,format=raw,unit=0,file=/usr/share/edk2/x64/OVMF_CODE.4m.fd,read-only=on
+        -drive if=pflash,format=raw,unit=1,file=OVMF_VARS.4m.fd
+        -chardev socket,path=/tmp/qga.sock,server=on,wait=off,id=qga0
+        -device virtio-serial
+        -device virtserialport,chardev=qga0,name=org.qemu.guest_agent.0
+        -nographic &
+    - timeout 15m sh -c "while ! sshpass -e ssh -o ConnectTimeout=2 -o StrictHostKeyChecking=no arch@localhost -p 2222 sudo true; do sleep 1; done"
+    - 'echo "{\"execute\": \"guest-network-get-interfaces\"}" | socat -T0 -,ignoreeof unix-connect:/tmp/qga.sock | jq -e "any(.return.[]; .name == \"lo\")"'
+
+test-cloudimg-qemu-uefi-x64:
+  stage: test
+  tags:
+    - fast-single-thread
+  variables:
+    SSHPASS: passw0rd
+  before_script:
+    - pacman -Syu --needed --noconfirm qemu-base edk2-ovmf cdrtools sshpass socat jq
+  script:
+    - |
+      cat > user-data <<EOF
+      #cloud-config
+      password: '${SSHPASS}'
+      chpasswd: { expire: False }
+      ssh_pwauth: True
+      packages:
+        - tmux
+        - tree
+      runcmd:
+        - [ echo, 'Install more packages using runcmd.' ]
+        - [ pacman, --noconfirm, -Syu, bat ]
+        - [ touch, /runcmd_successful ]
+      EOF
+    - |
+      cat > meta-data <<EOF
+      instance-id: iid-local01
+      local-hostname: cloudimg
+      EOF
+    - cat user-data meta-data
+    - genisoimage -output seed.iso -volid cidata -joliet -rock user-data meta-data
+    - cp /usr/share/edk2/x64/OVMF_VARS.4m.fd ./
+    - qemu-system-x86_64
+        -m 512 -net nic -net user,hostfwd=tcp::2222-:22
+        -drive file=$(ls output/Arch-Linux-x86_64-cloudimg-*.qcow2),if=virtio
+        -drive file=seed.iso,if=virtio
+        -drive if=pflash,format=raw,unit=0,file=/usr/share/edk2/x64/OVMF_CODE.4m.fd,read-only=on
+        -drive if=pflash,format=raw,unit=1,file=OVMF_VARS.4m.fd
+        -chardev socket,path=/tmp/qga.sock,server=on,wait=off,id=qga0
+        -device virtio-serial
+        -device virtserialport,chardev=qga0,name=org.qemu.guest_agent.0
+        -nographic &
+    - timeout 15m sh -c "while ! sshpass -e ssh -o ConnectTimeout=2 -o StrictHostKeyChecking=no arch@localhost -p 2222 true; do sleep 1; done"
+    - timeout 15m sh -c "while ! sshpass -e ssh -o ConnectTimeout=2 -o StrictHostKeyChecking=no arch@localhost -p 2222 pacman -Q bat tmux tree; do sleep 1; done"
+    - timeout 15m sh -c "while ! sshpass -e ssh -o ConnectTimeout=2 -o StrictHostKeyChecking=no arch@localhost -p 2222 test -f /runcmd_successful ; do sleep 1; done"
+    - 'echo "{\"execute\": \"guest-network-get-interfaces\"}" | socat -T0 -,ignoreeof unix-connect:/tmp/qga.sock | jq -e "any(.return.[]; .name == \"lo\")"'
+
+publish:
+  stage: publish
+  tags:
+    - secure
+    - docker
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "schedule" && $SCHEDULED_PUBLISH == "TRUE"
+  before_script:
+    - pacman -Syu --needed --noconfirm vagrant
+  script:
+    - |
+      shopt -s extglob
+      # The libvirt-executor image is not meant for external consumption!
+      for file in output/!(*libvirt-executor*); do
+          base="$(basename "${file}")"
+          curl -sSf --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file "${file}" "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/images/v${BUILD_VERSION}/${base}"
+      done
+    - vagrant cloud auth login --check
+    - vagrant cloud box show archlinux/archlinux
+    - vagrant cloud publish archlinux/archlinux "${BUILD_VERSION}" libvirt output/Arch-Linux-x86_64-libvirt-*.box --release --no-direct-upload -f
+    - vagrant cloud publish archlinux/archlinux "${BUILD_VERSION}" virtualbox output/Arch-Linux-x86_64-virtualbox-*.box --release --no-direct-upload -f
+
+cleanup:
+  stage: cleanup
+  needs: []
+  tags:
+    - secure
+    - docker
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "schedule" && $CLEANUP_PACKAGE_REGISTRY == "TRUE"
+  before_script:
+    - pacman -Syu --noconfirm jq
+  script:
+    - |
+      for id in $(curl --silent --fail --show-error "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages?per_page=100&order_by=created_at&sort=asc" | jq '.[] | select(.created_at | split("T")[0] | . < (now-60*60*24*90|strflocaltime("%Y-%m-%d"))) | .id'); do
+        curl --silent --fail --show-error --request DELETE --header "PRIVATE-TOKEN: ${GITLAB_PROJECT_TOKEN}" "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/${id}"
+      done
+
+issue-bot:
+  stage: report
+  tags:
+    - secure
+    - docker
+  image: registry.gitlab.com/gitlab-org/distribution/issue-bot:latest
+  script: /issue-bot
+  rules:
+    - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
+      when: on_failure

.travis.yml

-language: generic
-dist: trusty
-sudo: false
-
-env:
-  matrix:
-  - DIST=trusty
-  global:
-    # 20170821: as of writing there is no 'latest' (hashicorp/packer/issues/5265)
-  - PACKER_CURRENT_VERSION="$(curl -s https://checkpoint-api.hashicorp.com/v1/check/packer | jq -r -M '.current_version')"
-  - PACKER_URL="https://releases.hashicorp.com/packer/$PACKER_CURRENT_VERSION/packer_${PACKER_CURRENT_VERSION}_linux_amd64.zip"
-  - PACKER_SHA256="https://releases.hashicorp.com/packer/$PACKER_CURRENT_VERSION/packer_${PACKER_CURRENT_VERSION}_SHA256SUMS"
-  - PACKER_SHA256_SIG="https://releases.hashicorp.com/packer/$PACKER_CURRENT_VERSION/packer_${PACKER_CURRENT_VERSION}_SHA256SUMS.sig"
-  - HASHICORP_FINGERPRINT=91a6e7f85d05c65630bef18951852d87348ffc4c
-  - HASHICORP_KEY="https://keybase.io/hashicorp/pgp_keys.asc?fingerprint=${HASHICORP_FINGERPRINT}"
-
-install:
-- wget ${PACKER_URL}
-- wget ${PACKER_SHA256}
-- wget ${PACKER_SHA256_SIG}
-- wget -O hashicorp.key ${HASHICORP_KEY}
-- gpg --with-fingerprint --with-colons hashicorp.key | grep ${HASHICORP_FINGERPRINT^^}
-- gpg --import hashicorp.key
-- gpg --verify packer_${PACKER_CURRENT_VERSION}_SHA256SUMS.sig packer_${PACKER_CURRENT_VERSION}_SHA256SUMS
-- grep linux_amd64 packer_${PACKER_CURRENT_VERSION}_SHA256SUMS > packer_SHA256SUM_linux_amd64
-- sha256sum --check --status packer_SHA256SUM_linux_amd64
-- unzip packer_${PACKER_CURRENT_VERSION}_linux_amd64.zip
-
-script:
-- ./packer --version
-- ./packer validate  -var "iso_url=https://downloads.archlinux.de/iso/$(date +'%Y.%m').01/archlinux-$(date +'%Y.%m').01-x86_64.iso" -var "iso_checksum_url=https://downloads.archlinux.de/iso/$(date +'%Y.%m').01/sha1sums.txt"  vagrant.json
-
-notifications:
-  - email: false

README.md

 # arch-boxes
-[![Build Status](https://travis-ci.org/archlinux/arch-boxes.svg?branch=master)](https://travis-ci.org/archlinux/arch-boxes)
+[![CI Status](https://gitlab.archlinux.org/archlinux/arch-boxes/badges/master/pipeline.svg)](https://gitlab.archlinux.org/archlinux/arch-boxes/-/pipelines)
 
-Arch-boxes provides automated builds of the Arch Linux releases for
-different providers and post-processors. Check the providers or post-processor sections if you want to know
-which are currently supported.
+Arch-boxes provides several different VM images.
 
-## Dependencies
+The images are built daily and released fortnightly (via [GitLab CI schedule](https://gitlab.archlinux.org/archlinux/arch-boxes/-/pipeline_schedules)) and synced to the mirrors.
 
-You'll need the following dependencies:
-
-* packer (for basic usage)
-* vagrant (for vagrant images)
-* qemu (for libvirt provider support)
-* virtualbox (for virtualbox support)
-* VMware Workstation Pro (for vmware support)
-
-## variables
-Here is an overview over all variables you can set in `vagrant.json` or
-`local.json`:
-
-* `iso_url`: the url to the ISO. This can be an url or a filepath
-  beginning with `file://`
-* `iso_checksum_url`: the url to the checksum file. This can be an url
-  or a filepath beginning with `file://`
-* `iso_checksum_type`: this specifies the hashing algorithm for the
-  checksum.
-* `disk_size`: this specifices the disk size in bytes.
-* `memory`: this specifies the size of the RAM in bytes.
-* `cpus`: this specifies the number of cores for your VM.
-* `headless`: this sets GUI on or off.
-* `vagrant_cloud_token`: here you can specify the vagrant cloud token for 
-  uploading your box to the vagrantcloud. If you don't have a vagrant cloud 
-  token you can ignore this variable. Without a token the boxes will be
-  built, but the upload step step will fail.
-* `write_zeroes`: this variable is empty. if you set any string in this
-  variable it will fill the box with zeros to reduce the size. **DO NOT
-  use this if you are running a SSD. It will harm your SSDs lifetime**
-* `boot_wait`: this specifies the time packer should wait for booting up
-  the ISO before entering any command.
-
-## how to start the build process locally
-Edit the `local.json` before you start the build. set the right
-`iso_url` and the right `iso_checksum_url`. Then you can start the build
-for virtualbox only with the following command:
+## Images
 
-`packer build -only=virtualbox-iso -var-file=local.json vagrant.json`
+### Vagrant
+Vagrant images for the VirtualBox and Libvirt provider are released to [Vagrant Cloud](https://app.vagrantup.com/archlinux/boxes/archlinux).
 
-## how to start the build process for official builds
-The official builds are done on our Arch Linux Buildserver.
+### QCOW2 images
+At the time of writing we offer two different QCOW2 images. The images are synced to the mirrors under the `images` directory, e.g.: https://geo.mirror.pkgbuild.com/images/.
 
-`packer build vagrant.json`
+#### Basic image
+The basic image is meant for local usage and comes preconfigured with the user `arch` (password: `arch`) and sshd running.
 
-## providers
+#### Cloud image
+The cloud image is meant to be used in "the cloud" and comes with [`cloud-init`](https://cloud-init.io/) preinstalled. For tested cloud providers and instructions please see the [ArchWiki's Arch Linux on a VPS page](https://wiki.archlinux.org/title/Arch_Linux_on_a_VPS#Official_Arch_Linux_cloud_image).
 
-* virtualbox-iso
-* qemu/libvirt
-* vmware-iso
+## Development
 
-## post-processors
-
-* vagrant
-
-## Troubleshooting
-
-### Parallel build fails
-If the parallel build fails this is mostly because the KVM device is
-already occupied by a different provider. You can use the build option
-`parallel=false` for building the images in a queue instead of parallel.
-But don't be surprised that that the build process will take longer. Any
-other option is to disable KVM support for all other providers except
-one.
-
-Start `packer` with `-parallel=false`:
+### Dependencies
+You'll need the following dependencies:
 
-`packer build -parallel=false vagrant.json`
+* qemu
+* libisoburn
+
+### How to build this
+The official builds are done in our Arch Linux GitLab CI and can be built locally by running (as root):
+
+    ./build.sh
+
+# Releases
+
+Every release is signed by our CI with the following key:
+```
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEYpOJrBYJKwYBBAHaRw8BAQdAcSZilBvR58s6aD2qgsDE7WpvHQR2R5exQhNQ
+yuILsTq0JWFyY2gtYm94ZXMgPGFyY2gtYm94ZXNAYXJjaGxpbnV4Lm9yZz6IkAQT
+FggAOBYhBBuaFphKToy0SHEtKuC3i/QybG+PBQJik4msAhsBBQsJCAcCBhUKCQgL
+AgQWAgMBAh4BAheAAAoJEOC3i/QybG+P81YA/A7HUftMGpzlJrPYBFPqW0nFIh7m
+sIZ5yXxh7cTgqtJ7AQDFKSrulrsDa6hsqmEC11PWhv1VN6i9wfRvb1FwQPF6D7gz
+BGKTiecWCSsGAQQB2kcPAQEHQBzLxT2+CwumKUtfi9UEXMMx/oGgpjsgp2ehYPBM
+N8ejiPUEGBYIACYWIQQbmhaYSk6MtEhxLSrgt4v0MmxvjwUCYpOJ5wIbAgUJCWYB
+gACBCRDgt4v0Mmxvj3YgBBkWCAAdFiEEZW5MWsHMO4blOdl+NDY1poWakXQFAmKT
+iecACgkQNDY1poWakXTwaQEAwymt4PgXltHUH8GVUB6Xu7Gb5o6LwV9fNQJc1CMl
+7CABAJw0We0w1q78cJ8uWiomE1MHdRxsuqbuqtsCn2Dn6/0Cj+4A/Apcqm7uzFam
+pA5u9yvz1VJBWZY1PRBICBFSkuRtacUCAQC7YNurPPoWDyjiJPrf0Vzaz8UtKp0q
+BSF/a3EoocLnCA==
+=APeC
+-----END PGP PUBLIC KEY BLOCK-----
+```

STYLEGUIDE.md

+# Styleguide
+
+## Python
+
+All python scripts must be formatted with `yapf` and checked for errors and pep8 with `flake8`.
+
+## Bash
+
+All shell scripts must be formatted with `shfmt -i2 -ci` and be syntax checked via `shellcheck`.

box.ovf

+<?xml version="1.0"?>
+<Envelope ovf:version="1.0" xml:lang="en-US" xmlns="http://schemas.dmtf.org/ovf/envelope/1" xmlns:ovf="http://schemas.dmtf.org/ovf/envelope/1" xmlns:rasd="http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_ResourceAllocationSettingData" xmlns:vssd="http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_VirtualSystemSettingData" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:vbox="http://www.virtualbox.org/ovf/machine">
+  <References>
+    <File ovf:id="file1" ovf:href="packer-virtualbox.vmdk"/>
+  </References>
+  <DiskSection>
+    <Info>List of the virtual disks used in the package</Info>
+    <Disk ovf:capacity="DISK_CAPACITY" ovf:diskId="vmdisk1" ovf:fileRef="file1" ovf:format="http://www.vmware.com/interfaces/specifications/vmdk.html#streamOptimized" vbox:uuid="DISK_UUID"/>
+  </DiskSection>
+  <NetworkSection>
+    <Info>Logical networks used in the package</Info>
+    <Network ovf:name="NAT">
+      <Description>Logical network used by this appliance.</Description>
+    </Network>
+  </NetworkSection>
+  <VirtualSystem ovf:id="packer-virtualbox-UNIX">
+    <Info>A virtual machine</Info>
+    <OperatingSystemSection ovf:id="100">
+      <Info>The kind of installed guest operating system</Info>
+      <Description>Linux26_64</Description>
+      <vbox:OSType ovf:required="false">ArchLinux_64</vbox:OSType>
+    </OperatingSystemSection>
+    <VirtualHardwareSection>
+      <Info>Virtual hardware requirements for a virtual machine</Info>
+      <System>
+        <vssd:ElementName>Virtual Hardware Family</vssd:ElementName>
+        <vssd:InstanceID>0</vssd:InstanceID>
+        <vssd:VirtualSystemIdentifier>packer-virtualbox-UNIX</vssd:VirtualSystemIdentifier>
+        <vssd:VirtualSystemType>virtualbox-2.2</vssd:VirtualSystemType>
+      </System>
+      <Item>
+        <rasd:Caption>2 virtual CPU</rasd:Caption>
+        <rasd:Description>Number of virtual CPUs</rasd:Description>
+        <rasd:ElementName>2 virtual CPU</rasd:ElementName>
+        <rasd:InstanceID>1</rasd:InstanceID>
+        <rasd:ResourceType>3</rasd:ResourceType>
+        <rasd:VirtualQuantity>2</rasd:VirtualQuantity>
+      </Item>
+      <Item>
+        <rasd:AllocationUnits>MegaBytes</rasd:AllocationUnits>
+        <rasd:Caption>1024 MB of memory</rasd:Caption>
+        <rasd:Description>Memory Size</rasd:Description>
+        <rasd:ElementName>1024 MB of memory</rasd:ElementName>
+        <rasd:InstanceID>2</rasd:InstanceID>
+        <rasd:ResourceType>4</rasd:ResourceType>
+        <rasd:VirtualQuantity>1024</rasd:VirtualQuantity>
+      </Item>
+      <Item>
+        <rasd:Address>0</rasd:Address>
+        <rasd:Caption>ideController0</rasd:Caption>
+        <rasd:Description>IDE Controller</rasd:Description>
+        <rasd:ElementName>ideController0</rasd:ElementName>
+        <rasd:InstanceID>3</rasd:InstanceID>
+        <rasd:ResourceSubType>PIIX4</rasd:ResourceSubType>
+        <rasd:ResourceType>5</rasd:ResourceType>
+      </Item>
+      <Item>
+        <rasd:Address>1</rasd:Address>
+        <rasd:Caption>ideController1</rasd:Caption>
+        <rasd:Description>IDE Controller</rasd:Description>
+        <rasd:ElementName>ideController1</rasd:ElementName>
+        <rasd:InstanceID>4</rasd:InstanceID>
+        <rasd:ResourceSubType>PIIX4</rasd:ResourceSubType>
+        <rasd:ResourceType>5</rasd:ResourceType>
+      </Item>
+      <Item>
+        <rasd:AddressOnParent>0</rasd:AddressOnParent>
+        <rasd:Caption>disk1</rasd:Caption>
+        <rasd:Description>Disk Image</rasd:Description>
+        <rasd:ElementName>disk1</rasd:ElementName>
+        <rasd:HostResource>/disk/vmdisk1</rasd:HostResource>
+        <rasd:InstanceID>5</rasd:InstanceID>
+        <rasd:Parent>3</rasd:Parent>
+        <rasd:ResourceType>17</rasd:ResourceType>
+      </Item>
+      <Item>
+        <rasd:AutomaticAllocation>true</rasd:AutomaticAllocation>
+        <rasd:Caption>Ethernet adapter on 'NAT'</rasd:Caption>
+        <rasd:Connection>NAT</rasd:Connection>
+        <rasd:ElementName>Ethernet adapter on 'NAT'</rasd:ElementName>
+        <rasd:InstanceID>6</rasd:InstanceID>
+        <rasd:ResourceSubType>E1000</rasd:ResourceSubType>
+        <rasd:ResourceType>10</rasd:ResourceType>
+      </Item>
+    </VirtualHardwareSection>
+    <vbox:Machine ovf:required="false" version="1.16-linux" uuid="{MACHINE_UUID}" name="packer-virtualbox-UNIX" OSType="ArchLinux_64" snapshotFolder="Snapshots">
+      <ovf:Info>Complete VirtualBox machine configuration in VirtualBox format</ovf:Info>
+      <Hardware>
+        <CPU count="2">
+          <PAE enabled="true"/>
+          <LongMode enabled="true"/>
+          <X2APIC enabled="true"/>
+          <HardwareVirtExLargePages enabled="false"/>
+        </CPU>
+        <Memory RAMSize="1024"/>
+        <Boot>
+          <Order position="1" device="HardDisk"/>
+          <Order position="2" device="DVD"/>
+          <Order position="3" device="None"/>
+          <Order position="4" device="None"/>
+        </Boot>
+        <VideoCapture file="." fps="25"/>
+        <RemoteDisplay enabled="true">
+          <VRDEProperties>
+            <Property name="TCP/Address" value="127.0.0.1"/>
+            <Property name="TCP/Ports" value="5912"/>
+          </VRDEProperties>
+        </RemoteDisplay>
+        <BIOS>
+          <IOAPIC enabled="true"/>
+          <SmbiosUuidLittleEndian enabled="true"/>
+        </BIOS>
+        <Network>
+          <Adapter slot="0" enabled="true" MACAddress="MAC_ADDRESS" type="82540EM">
+            <NAT/>
+          </Adapter>
+        </Network>
+        <AudioAdapter driver="OSS" enabledIn="false" enabledOut="false"/>
+        <Clipboard/>
+      </Hardware>
+      <StorageControllers>
+        <StorageController name="IDE Controller" type="PIIX4" PortCount="2" useHostIOCache="true" Bootable="true">
+          <AttachedDevice type="HardDisk" hotpluggable="false" port="0" device="0">
+            <Image uuid="{DISK_UUID}"/>
+          </AttachedDevice>
+        </StorageController>
+      </StorageControllers>
+    </vbox:Machine>
+  </VirtualSystem>
+</Envelope>

build.sh

+#!/bin/bash
+# Build virtual machine images (cloud image, vagrant boxes)
+
+# nounset: "Treat unset variables and parameters [...] as an error when performing parameter expansion."
+# errexit: "Exit immediately if [...] command exits with a non-zero status."
+set -o nounset -o errexit
+shopt -s extglob
+readonly DEFAULT_DISK_SIZE="2G"
+readonly IMAGE="image.img"
+# shellcheck disable=SC2016
+readonly MIRROR='https://geo.mirror.pkgbuild.com/$repo/os/$arch'
+
+function init() {
+  readonly ORIG_PWD="${PWD}"
+  readonly OUTPUT="${PWD}/output"
+  local tmpdir
+  tmpdir="$(mktemp --dry-run --directory --tmpdir="${PWD}/tmp")"
+  readonly TMPDIR="${tmpdir}"
+  mkdir -p "${OUTPUT}" "${TMPDIR}"
+  if [ -n "${SUDO_UID:-}" ] && [[ -n "${SUDO_GID:-}" ]]; then
+    chown "${SUDO_UID}:${SUDO_GID}" "${OUTPUT}" "${TMPDIR}"
+  fi
+  cd "${TMPDIR}"
+
+  readonly MOUNT="${PWD}/mount"
+  mkdir "${MOUNT}"
+}
+
+# Do some cleanup when the script exits
+function cleanup() {
+  # We want all the commands to run, even if one of them fails.
+  set +o errexit
+  if [ -n "${LOOPDEV:-}" ]; then
+    losetup -d "${LOOPDEV}"
+  fi
+  if [ -n "${MOUNT:-}" ] && mountpoint -q "${MOUNT}"; then
+    # We do not want risking deleting ex: the package cache
+    umount --recursive "${MOUNT}" || exit 1
+  fi
+  if [ -n "${TMPDIR:-}" ]; then
+    rm -rf "${TMPDIR}"
+  fi
+}
+trap cleanup EXIT
+
+# Create the disk, partitions it, format the partition and mount the filesystem
+function setup_disk() {
+  truncate -s "${DEFAULT_DISK_SIZE}" "${IMAGE}"
+  sgdisk --align-end \
+    --clear \
+    --new 0:0:+1M --typecode=0:ef02 --change-name=0:'BIOS boot partition' \
+    --new 0:0:+300M --typecode=0:ef00 --change-name=0:'EFI system partition' \
+    --new 0:0:0 --typecode=0:8304 --change-name=0:'Arch Linux root' \
+    "${IMAGE}"
+
+  LOOPDEV=$(losetup --find --partscan --show "${IMAGE}")
+  # Partscan is racy
+  wait_until_settled "${LOOPDEV}"
+  mkfs.fat -F 32 -S 4096 "${LOOPDEV}p2"
+  mkfs.btrfs "${LOOPDEV}p3"
+  mount -o compress-force=zstd "${LOOPDEV}p3" "${MOUNT}"
+  mount --mkdir "${LOOPDEV}p2" "${MOUNT}/efi"
+}
+
+# Install Arch Linux to the filesystem (bootstrap)
+function bootstrap() {
+  cat <<EOF >pacman.conf
+[options]
+Architecture = auto
+
+[core]
+Include = mirrorlist
+
+[extra]
+Include = mirrorlist
+EOF
+  echo "Server = ${MIRROR}" >mirrorlist
+
+  # We use the hosts package cache
+  pacstrap -c -C pacman.conf -K -M "${MOUNT}" base linux grub openssh sudo btrfs-progs dosfstools efibootmgr qemu-guest-agent
+  # Workaround for https://gitlab.archlinux.org/archlinux/arch-install-scripts/-/issues/56
+  gpgconf --homedir "${MOUNT}/etc/pacman.d/gnupg" --kill gpg-agent
+  cp mirrorlist "${MOUNT}/etc/pacman.d/"
+}
+
+# Cleanup the image and trim it
+function image_cleanup() {
+  # Remove pacman key ring for re-initialization
+  rm -rf "${MOUNT}/etc/pacman.d/gnupg/"
+
+  # The mkinitcpio autodetect hook removes modules not needed by the
+  # running system from the initramfs. This make the image non-bootable
+  # on some systems as initramfs lacks the relevant kernel modules.
+  # Ex: Some systems need the virtio-scsi kernel module and not the
+  # "autodetected" virtio-blk kernel module for disk access.
+  #
+  # So for the initial install we use the fallback initramfs, and
+  # "autodetect" should add the relevant modules to the initramfs when
+  # the user updates the kernel.
+  cp --reflink=always -a "${MOUNT}/boot/"{initramfs-linux-fallback.img,initramfs-linux.img}
+
+  sync -f "${MOUNT}/etc/os-release"
+  fstrim --verbose "${MOUNT}"
+  fstrim --verbose "${MOUNT}/efi"
+}
+
+# Helper function: wait until a given loop device has settled
+# ${1} - loop device
+function wait_until_settled() {
+  udevadm settle
+  blockdev --flushbufs --rereadpt "${1}"
+  until test -e "${1}p3"; do
+    echo "${1}p3 doesn't exist yet..."
+    sleep 1
+  done
+}
+
+# Mount image helper (loop device + mount)
+function mount_image() {
+  LOOPDEV=$(losetup --find --partscan --show "${1:-${IMAGE}}")
+  # Partscan is racy
+  wait_until_settled "${LOOPDEV}"
+  mount -o compress-force=zstd "${LOOPDEV}p3" "${MOUNT}"
+  # Setup bind mount to package cache
+  mount --bind "/var/cache/pacman/pkg" "${MOUNT}/var/cache/pacman/pkg"
+}
+
+# Unmount image helper (umount + detach loop device)
+function unmount_image() {
+  umount --recursive "${MOUNT}"
+  losetup -d "${LOOPDEV}"
+  LOOPDEV=""
+}
+
+# Compute SHA256, adjust owner to $SUDO_UID:$SUDO_UID and move to output/
+function mv_to_output() {
+  sha256sum "${1}" >"${1}.SHA256"
+  if [ -n "${SUDO_UID:-}" ]; then
+    chown "${SUDO_UID}:${SUDO_GID}" "${1}"{,.SHA256}
+  fi
+  mv "${1}"{,.SHA256} "${OUTPUT}/"
+}
+
+# Helper function: create a new image from the "base" image
+# ${1} - final file
+# ${2} - pre
+# ${3} - post
+function create_image() {
+  local tmp_image
+  tmp_image="$(basename "$(mktemp -u)")"
+  cp -a "${IMAGE}" "${tmp_image}"
+  if [ -n "${DISK_SIZE}" ]; then
+    truncate -s "${DISK_SIZE}" "${tmp_image}"
+    sgdisk --align-end --delete 3 "${tmp_image}"
+    sgdisk --align-end --move-second-header \
+      --new 0:0:0 --typecode=0:8304 --change-name=0:'Arch Linux root' \
+      "${tmp_image}"
+  fi
+  mount_image "${tmp_image}"
+  if [ -n "${DISK_SIZE}" ]; then
+    btrfs filesystem resize max "${MOUNT}"
+  fi
+
+  if [ 0 -lt "${#PACKAGES[@]}" ]; then
+    arch-chroot "${MOUNT}" /usr/bin/pacman -S --noconfirm "${PACKAGES[@]}"
+  fi
+  if [ 0 -lt "${#SERVICES[@]}" ]; then
+    arch-chroot "${MOUNT}" /usr/bin/systemctl enable "${SERVICES[@]}"
+  fi
+  "${2}"
+  image_cleanup
+  unmount_image
+  "${3}" "${tmp_image}" "${1}"
+  mv_to_output "${1}"
+}
+
+# ${1} - Optional build version. If not set, will generate a default based on date.
+function main() {
+  if [ "$(id -u)" -ne 0 ]; then
+    echo "root is required"
+    exit 1
+  fi
+  init
+
+  setup_disk
+  bootstrap
+  # shellcheck source=images/base.sh
+  source "${ORIG_PWD}/images/base.sh"
+  pre
+  unmount_image
+
+  local build_version
+  if [ -z "${1:-}" ]; then
+    build_version="$(date +%Y%m%d).0"
+    echo "WARNING: BUILD_VERSION wasn't set!"
+    echo "Falling back to $build_version"
+  else
+    build_version="${1}"
+  fi
+
+  # shellcheck source=images/common.sh
+  source "${ORIG_PWD}/images/common.sh"
+  for image in "${ORIG_PWD}/images/"!(base|common).sh; do
+    # shellcheck source=/dev/null
+    source "${image}"
+    create_image "${IMAGE_NAME}" pre post
+  done
+}
+main "$@"

http/install-chroot.sh

-#!/bin/bash
-
-set -e
-set -x
-
-ln -sf /usr/share/zoneinfo/UTC /etc/localtime
-sed -i -e 's/^#\(en_US.UTF-8\)/\1/' /etc/locale.gen
-locale-gen
-echo 'LANG=en_US.UTF-8' > /etc/locale.conf
-
-# setting vagrant user credentials
-echo -e 'vagrant\nvagrant' | passwd
-useradd -m -U vagrant
-echo -e 'vagrant\nvagrant' | passwd vagrant
-
-# setting automatic authentication for any action requiring admin rights via Polkit
-cat <<EOF > /etc/polkit-1/rules.d/49-nopasswd_global.rules
-polkit.addRule(function(action, subject) {
-    if (subject.isInGroup("vagrant")) {
-        return polkit.Result.YES;
-    }
-});
-EOF
-
-# setting sudo for vagrant user
-cat <<EOF > /etc/sudoers.d/vagrant
-Defaults:vagrant !requiretty
-vagrant ALL=(ALL) NOPASSWD: ALL
-EOF
-chmod 440 /etc/sudoers.d/vagrant
-
-# install vagrant ssh key
-install --directory --owner=vagrant --group=vagrant --mode=0700 /home/vagrant/.ssh
-curl --output /home/vagrant/.ssh/authorized_keys --location https://raw.github.com/mitchellh/vagrant/master/keys/vagrant.pub
-chown vagrant:vagrant /home/vagrant/.ssh/authorized_keys
-chmod 0600 /home/vagrant/.ssh/authorized_keys
-
-# setup unpredictable kernel names
-ln -s /dev/null /etc/systemd/network/99-default.link
-
-# setup network
-cat <<EOF > /etc/systemd/network/eth0.network
-[Match]
-Name=eth0
-
-[Network]
-DHCP=ipv4
-EOF
-
-# Setup pacman-init.service for clean pacman keyring initialization
-cat <<EOF > /etc/systemd/system/pacman-init.service
-[Unit]
-Description=Initializes Pacman keyring
-Wants=haveged.service
-After=haveged.service
-ConditionFirstBoot=yes
-
-[Service]
-Type=oneshot
-RemainAfterExit=yes
-ExecStart=/usr/bin/pacman-key --init
-ExecStart=/usr/bin/pacman-key --populate archlinux
-
-[Install]
-WantedBy=multi-user.target
-EOF
-
-# enabling important services
-systemctl daemon-reload
-systemctl enable sshd
-systemctl enable haveged
-systemctl enable systemd-networkd
-systemctl enable systemd-resolved
-systemctl enable pacman-init.service
-
-grub-install "$device"
-sed -i -e 's/^GRUB_TIMEOUT=.*$/GRUB_TIMEOUT=1/' /etc/default/grub
-grub-mkconfig -o /boot/grub/grub.cfg

http/install.sh

-#!/bin/bash
-
-set -e
-set -x
-
-if [ -e /dev/vda ]; then
-  device=/dev/vda
-elif [ -e /dev/sda ]; then
-  device=/dev/sda
-else
-  echo "ERROR: There is no disk available for installation" >&2
-  exit 1
-fi
-export device
-
-memory_size_in_kilobytes=$(free | awk '/^Mem:/ { print $2 }')
-swap_size_in_kilobytes=$((memory_size_in_kilobytes * 2))
-sfdisk "$device" <<EOF
-label: dos
-size=${swap_size_in_kilobytes}KiB, type=82
-                                   type=83, bootable
-EOF
-
-mkswap "${device}1"
-mkfs.btrfs -L "rootfs" "${device}2"
-mount "${device}2" /mnt
-
-pacstrap /mnt base grub openssh sudo polkit btrfs-progs haveged
-swapon "${device}1"
-genfstab -p /mnt >> /mnt/etc/fstab
-swapoff "${device}1"
-
-arch-chroot /mnt /bin/bash

images/base.sh

+#!/bin/bash
+
+# Misc "tweaks" done after bootstrapping
+function pre() {
+  # Remove machine-id see:
+  # https://gitlab.archlinux.org/archlinux/arch-boxes/-/issues/25
+  # https://gitlab.archlinux.org/archlinux/arch-boxes/-/issues/117
+  rm "${MOUNT}/etc/machine-id"
+
+  # Swap
+  arch-chroot "${MOUNT}" /usr/bin/btrfs subvolume create /swap
+  chattr +C "${MOUNT}/swap"
+  chmod 0700 "${MOUNT}/swap"
+  arch-chroot "${MOUNT}" /usr/bin/btrfs filesystem mkswapfile --size 512m --uuid clear /swap/swapfile
+  echo -e "/swap/swapfile none swap defaults 0 0" >>"${MOUNT}/etc/fstab"
+
+  arch-chroot "${MOUNT}" /usr/bin/systemd-firstboot --locale=C.UTF-8 --timezone=UTC --hostname=archlinux --keymap=us
+  ln -sf /run/systemd/resolve/stub-resolv.conf "${MOUNT}/etc/resolv.conf"
+
+  # Setup pacman-init.service for clean pacman keyring initialization
+  cat <<EOF >"${MOUNT}/etc/systemd/system/pacman-init.service"
+[Unit]
+Description=Initializes Pacman keyring
+Before=sshd.service cloud-final.service archlinux-keyring-wkd-sync.service
+After=time-sync.target
+ConditionFirstBoot=yes
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/bin/pacman-key --init
+ExecStart=/usr/bin/pacman-key --populate
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+  # Setup mirror list to Geo IP mirrors
+  cat <<EOF >"${MOUNT}/etc/pacman.d/mirrorlist"
+Server = https://geo.mirror.pkgbuild.com/\$repo/os/\$arch
+Server = https://mirror.rackspace.com/archlinux/\$repo/os/\$arch
+Server = https://mirror.leaseweb.net/archlinux/\$repo/os/\$arch
+EOF
+
+  # enabling important services
+  arch-chroot "${MOUNT}" /bin/bash -e <<EOF
+source /etc/profile
+systemctl enable sshd
+systemctl enable systemd-networkd
+systemctl enable systemd-resolved
+systemctl enable systemd-timesyncd
+systemctl enable systemd-time-wait-sync
+systemctl enable pacman-init.service
+EOF
+
+  # GRUB
+  arch-chroot "${MOUNT}" /usr/bin/grub-install --target=i386-pc "${LOOPDEV}"
+  arch-chroot "${MOUNT}" /usr/bin/grub-install --target=x86_64-efi --efi-directory=/efi --removable
+  sed -i 's/^GRUB_TIMEOUT=.*$/GRUB_TIMEOUT=1/' "${MOUNT}/etc/default/grub"
+  # setup unpredictable kernel names
+  sed -i 's/^GRUB_CMDLINE_LINUX=.*$/GRUB_CMDLINE_LINUX="net.ifnames=0"/' "${MOUNT}/etc/default/grub"
+  sed -i 's/^GRUB_CMDLINE_LINUX_DEFAULT=.*/GRUB_CMDLINE_LINUX_DEFAULT=\"rootflags=compress-force=zstd\"/' "${MOUNT}/etc/default/grub"
+  arch-chroot "${MOUNT}" /usr/bin/grub-mkconfig -o /boot/grub/grub.cfg
+}

images/basic.sh

+#!/bin/bash
+# shellcheck disable=SC2034,SC2154
+IMAGE_NAME="Arch-Linux-x86_64-basic-${build_version}.qcow2"
+# It is meant for local usage so the disk should be "big enough".
+DISK_SIZE="40G"
+PACKAGES=()
+SERVICES=()
+
+function pre() {
+  local NEWUSER="arch"
+  arch-chroot "${MOUNT}" /usr/bin/useradd -m -U "${NEWUSER}"
+  echo -e "${NEWUSER}\n${NEWUSER}" | arch-chroot "${MOUNT}" /usr/bin/passwd "${NEWUSER}"
+  echo "${NEWUSER} ALL=(ALL) NOPASSWD: ALL" >"${MOUNT}/etc/sudoers.d/${NEWUSER}"
+
+  cat <<EOF >"${MOUNT}/etc/systemd/network/80-dhcp.network"
+[Match]
+Name=en*
+Name=eth*
+
+[Link]
+RequiredForOnline=routable
+
+[Network]
+DHCP=yes
+EOF
+}
+
+function post() {
+  qemu-img convert -c -f raw -O qcow2 "${1}" "${2}"
+  rm "${1}"
+}

images/cloud-image.sh

+#!/bin/bash
+# shellcheck disable=SC2034,SC2154
+IMAGE_NAME="Arch-Linux-x86_64-cloudimg-${build_version}.qcow2"
+DISK_SIZE=""
+# The growpart module[1] requires the growpart program, provided by the
+# cloud-guest-utils package
+# [1] https://cloudinit.readthedocs.io/en/latest/topics/modules.html#growpart
+PACKAGES=(cloud-init cloud-guest-utils)
+SERVICES=(cloud-init-main.service cloud-init-local.service cloud-init-network.service cloud-config.service cloud-final.service)
+
+function pre() {
+  sed -Ei 's/^(GRUB_CMDLINE_LINUX_DEFAULT=.*)"$/\1 console=tty0 console=ttyS0,115200"/' "${MOUNT}/etc/default/grub"
+  echo 'GRUB_TERMINAL="serial console"' >>"${MOUNT}/etc/default/grub"
+  echo 'GRUB_SERIAL_COMMAND="serial --speed=115200"' >>"${MOUNT}/etc/default/grub"
+  arch-chroot "${MOUNT}" /usr/bin/grub-mkconfig -o /boot/grub/grub.cfg
+}
+
+function post() {
+  qemu-img convert -c -f raw -O qcow2 "${1}" "${2}"
+  rm "${1}"
+}

images/common.sh

+#!/bin/bash
+
+function vagrant_common() {
+  local NEWUSER="vagrant"
+  # setting the user credentials
+  arch-chroot "${MOUNT}" /usr/bin/useradd -m -U "${NEWUSER}"
+  echo -e "${NEWUSER}\n${NEWUSER}" | arch-chroot "${MOUNT}" /usr/bin/passwd "${NEWUSER}"
+
+  # setting sudo for the user
+  cat <<EOF >"${MOUNT}/etc/sudoers.d/${NEWUSER}"
+Defaults:${NEWUSER} !requiretty
+${NEWUSER} ALL=(ALL) NOPASSWD: ALL
+EOF
+  chmod 440 "${MOUNT}/etc/sudoers.d/${NEWUSER}"
+
+  # setup network
+  cat <<EOF >"${MOUNT}/etc/systemd/network/80-dhcp.network"
+[Match]
+Name=en*
+Name=eth*
+
+[Link]
+RequiredForOnline=routable
+
+[Network]
+DHCP=yes
+EOF
+
+  # install vagrant ssh key
+  arch-chroot "${MOUNT}" /bin/bash -e <<EOF
+install --directory --owner=vagrant --group=vagrant --mode=0700 /home/vagrant/.ssh
+curl --output /home/vagrant/.ssh/authorized_keys --location https://github.com/hashicorp/vagrant/raw/main/keys/vagrant.pub
+# WARNING: Please only update the hash if you are 100% sure it was intentionally updated by upstream.
+sha256sum -c <<< "55009a554ba2d409565018498f1ad5946854bf90fa8d13fd3fdc2faa102c1122 /home/vagrant/.ssh/authorized_keys"
+chown vagrant:vagrant /home/vagrant/.ssh/authorized_keys
+chmod 0600 /home/vagrant/.ssh/authorized_keys
+EOF
+}

images/libvirt-executor.sh

+#!/bin/bash
+# shellcheck disable=SC2034,SC2154
+IMAGE_NAME="Arch-Linux-x86_64-libvirt-executor-${build_version}.qcow2"
+DISK_SIZE="40G"
+# https://docs.gitlab.com/runner/executors/custom.html#prerequisite-software-for-running-a-job
+PACKAGES=(git git-lfs gitlab-runner)
+SERVICES=()
+
+function pre() {
+  # The service is a bit slow and it is not needed for our use-case as
+  # the "hardware" clock is always in UTC.
+  # https://gitlab.archlinux.org/archlinux/arch-boxes/-/merge_requests/183
+  arch-chroot "${MOUNT}" /usr/bin/systemctl disable systemd-time-wait-sync
+  # Jobs often upgrade all the packages as the first thing, but we don't
+  # want the linux package to be upgraded as that would mean that
+  # relevant kernel modules cannot be loaded.
+  # https://gitlab.archlinux.org/archlinux/packaging/packages/linux/-/issues/10
+  sed -E 's/^#(IgnorePkg *=)/\1 linux/' -i "${MOUNT}/etc/pacman.conf"
+  # https://gitlab.archlinux.org/archlinux/infrastructure/-/commit/ab612463a7ea119d4f0a34e9f2730b6c79cd7691
+  sed 's/^\(GRUB_CMDLINE_LINUX=".*\)"$/\1 lockdown=confidentiality"/' -i "${MOUNT}/etc/default/grub"
+  arch-chroot "${MOUNT}" /usr/bin/grub-mkconfig -o /boot/grub/grub.cfg
+  # This is needed for our injected hostname to be used, which only
+  # happens if a static hostname is not configured.
+  # https://gitlab.archlinux.org/archlinux/infrastructure/-/commit/001300ff54d826696f2d7438063c09d2e8c9afd8
+  # https://github.com/systemd/systemd/pull/30814
+  rm -f "${MOUNT}/etc/hostname"
+
+  cat <<EOF >"${MOUNT}/etc/systemd/network/80-dhcp.network"
+[Match]
+Name=en*
+Name=eth*
+
+[Network]
+DHCP=yes
+EOF
+}
+
+function post() {
+  qemu-img convert -c -f raw -O qcow2 "${1}" "${2}"
+  rm "${1}"
+}

images/vagrant-libvirt.sh

+#!/bin/bash
+# shellcheck disable=SC2034,SC2154
+IMAGE_NAME="Arch-Linux-x86_64-libvirt-${build_version}.box"
+# https://gitlab.archlinux.org/archlinux/arch-boxes/-/issues/116
+DISK_SIZE="20G"
+PACKAGES=()
+SERVICES=()
+
+function pre() {
+  vagrant_common
+}
+
+function post() {
+  # Create vagrant box
+  cat <<EOF >Vagrantfile
+Vagrant.configure("2") do |config|
+  config.vm.provider :libvirt do |libvirt|
+    libvirt.driver = "kvm"
+  end
+end
+EOF
+  local virtual_size
+  virtual_size="$(grep -o "^[0-9]*" <<<"${DISK_SIZE}")"
+  echo '{"format":"qcow2","provider":"libvirt","virtual_size":'"${virtual_size}"'}' >metadata.json
+  qemu-img convert -f raw -O qcow2 "${1}" box.img
+  rm "${1}"
+
+  tar -czf "${2}" Vagrantfile metadata.json box.img
+  rm Vagrantfile metadata.json box.img
+}

images/vagrant-virtualbox.sh

+#!/bin/bash
+# shellcheck disable=SC2034,SC2154
+IMAGE_NAME="Arch-Linux-x86_64-virtualbox-${build_version}.box"
+# https://gitlab.archlinux.org/archlinux/arch-boxes/-/issues/116
+DISK_SIZE="20G"
+PACKAGES=(virtualbox-guest-utils-nox)
+SERVICES=(vboxservice)
+
+function pre() {
+  vagrant_common
+}
+
+function post() {
+  # Create vagrant box
+  # VirtualBox-6.1.12 src/VBox/NetworkServices/Dhcpd/Config.cpp line 276
+  local mac_address
+  mac_address="080027$(openssl rand -hex 3 | tr '[:lower:]' '[:upper:]')"
+  cat <<EOF >Vagrantfile
+Vagrant.configure("2") do |config|
+  config.vm.base_mac = "${mac_address}"
+end
+EOF
+  echo '{"provider":"virtualbox"}' >metadata.json
+  qemu-img convert -f raw -O vmdk "${1}" "packer-virtualbox.vmdk"
+  rm "${1}"
+
+  cp "${ORIG_PWD}/box.ovf" .
+  sed -e "s/MACHINE_UUID/$(uuidgen)/" \
+    -e "s/DISK_UUID/$(uuidgen)/" \
+    -e "s/DISK_CAPACITY/$(qemu-img info --output=json "packer-virtualbox.vmdk" | jq '."virtual-size"')/" \
+    -e "s/UNIX/$(date +%s)/" \
+    -e "s/MAC_ADDRESS/${mac_address}/" \
+    -i box.ovf
+
+  tar -czf "${2}" Vagrantfile metadata.json packer-virtualbox.vmdk box.ovf
+  rm Vagrantfile metadata.json packer-virtualbox.vmdk box.ovf
+}

local.json

-{
-    "iso_url": "https://mirror.rackspace.com/archlinux/iso/latest/archlinux-2018.10.01-x86_64.iso",
-    "iso_checksum_url": "https://mirror.rackspace.com/archlinux/iso/latest/sha1sums.txt",
-    "iso_checksum_type": "sha1",
-    "disk_size": "20480",
-    "memory": "1024",
-    "cpus": "2",
-    "headless": "true",
-    "vagrant_cloud_token": "PLACEHOLDER",
-    "write_zeroes": "",
-    "boot_wait": "60s"
-
-}

provision/cleanup.sh

-#!/bin/bash
-
-set -e
-set -x
-
-# clear package cache
-yes | sudo pacman -Scc
-# Remove machine-id: see https://github.com/archlinux/arch-boxes/issues/25
-rm /etc/machine-id
-# Remove pacman key ring for re-initialization
-rm -rf /etc/pacman.d/gnupg/

provision/postinstall.sh

-#!/bin/bash
-
-set -e
-set -x
-
-# setting hostname, locales, etc
-hostnamectl set-hostname "archlinux"
-localectl set-keymap "us"
-timedatectl set-ntp true
-
-#setting link to systemd-resolved
-ln -sf /var/run/systemd/resolve/resolv.conf /etc/resolv.conf