.editorconfig

@@ -16,6 +16,10 @@ charset = utf-8
 indent_style = space
 indent_size = 4
 max_line_length = 120
+# for shfmt
+switch_case_indent = true
+binary_next_line = true
+
 
 [*.{yml,yaml}]
 end_of_line = lf
@@ -32,3 +36,6 @@ trim_trailing_whitespace = true
 charset = utf-8
 indent_style = space
 indent_size = 2
+
+[Makefile]
+indent_style = tab

.gitignore

 *~
-archiso-*.tar.gz*
-configs/*/work
-configs/*/out
+*.tar
+*.tar.*
+work/
+out/
+codesigning*
+*.iso
+*.img
+*.cer
+*.crt
+*.key
+*.pem
+user-data
+meta-data
+network-config
+man/version.rst

.gitlab-ci.yml

@@ -2,12 +2,70 @@
 #
 # SPDX-License-Identifier: GPL-3.0-or-later
 
-default:
-  image: archlinux/base
+stages:
+  - check
+  - build
+
+check:
   before_script:
-    - pacman --noconfirm -Syu --needed base-devel shellcheck
+    # NOTE: Install latest archlinux-keyring before upgrading system. In the
+    # future this should not be needed anymore when we can guarantee a valid
+    # keyring for longer:
+    # https://gitlab.archlinux.org/archlinux/archlinux-keyring/-/issues/4
+    - pacman -Sy --needed --noconfirm archlinux-keyring
+    - pacman --noconfirm -Syu --needed make shellcheck
+  script:
+    - make check
+  stage: check
+  interruptible: true
 
-lint:
-  stage: build
+.build:
+  artifacts:
+    reports:
+      metrics: output/metrics.txt
+  before_script:
+    - pacman -Sy --needed --noconfirm archlinux-keyring
+    - pacman -Syu --needed --noconfirm arch-install-scripts bash dosfstools e2fsprogs erofs-utils gnupg grub jq libarchive libisoburn mtools openssl python-docutils squashfs-tools zsync
   script:
-    - make lint
+    - ./.gitlab/ci/build_archiso.sh ${BUILD_SCRIPT_ARGS}
+  stage: build
+  tags:
+    - vm
+
+build_short:
+  extends: .build
+  parallel:
+    matrix:
+      - BUILD_SCRIPT_ARGS: baseline bootstrap
+      - BUILD_SCRIPT_ARGS: releng bootstrap
+  only:
+    refs:
+      - master
+      - merge_requests
+    changes:
+      - archiso/*
+      - configs/**/*
+      - Makefile
+      - .gitlab-ci.yml
+      - .gitlab/ci/*
+  interruptible: true
+
+build_long:
+  extends: .build
+  parallel:
+    matrix:
+      - BUILD_SCRIPT_ARGS: baseline iso
+      - BUILD_SCRIPT_ARGS: baseline netboot
+      - BUILD_SCRIPT_ARGS: releng iso
+      - BUILD_SCRIPT_ARGS: releng netboot
+  only:
+    refs:
+      - master
+      - merge_requests
+    changes:
+      - archiso/*
+      - configs/**/*
+      - Makefile
+      - .gitlab-ci.yml
+      - .gitlab/ci/*
+  interruptible: true

.gitlab/ci/build_archiso.sh

+#!/usr/bin/env bash
+#
+# This script is run within a virtual environment to build the available archiso profiles and their available build
+# modes and create checksum files for the resulting images.
+# The script needs to be run as root and assumes $PWD to be the root of the repository.
+#
+# Dependencies:
+# * all archiso dependencies
+# * coreutils
+# * gnupg
+# * openssl
+# * zsync
+#
+# $1: profile
+# $2: buildmode
+
+set -euo pipefail
+shopt -s extglob
+
+readonly orig_pwd="${PWD}"
+readonly output="${orig_pwd}/output"
+readonly tmpdir_base="${orig_pwd}/tmp"
+readonly profile="${1}"
+readonly buildmode="${2}"
+readonly install_dir="arch"
+
+tmpdir=""
+tmpdir="$(mktemp --dry-run --directory --tmpdir="${tmpdir_base}")"
+gnupg_homedir=""
+codesigning_dir=""
+codesigning_cert=""
+codesigning_key=""
+ca_cert=""
+ca_key=""
+pgp_key_id=""
+
+print_section_start() {
+    # gitlab collapsible sections start: https://docs.gitlab.com/ee/ci/jobs/#custom-collapsible-sections
+    local _section _title
+    _section="${1}"
+    _title="${2}"
+
+    printf "\e[0Ksection_start:%(%s)T:%s\r\e[0K%s\n" '-1' "${_section}" "${_title}"
+}
+
+print_section_end() {
+    # gitlab collapsible sections end: https://docs.gitlab.com/ee/ci/jobs/#custom-collapsible-sections
+    local _section
+    _section="${1}"
+
+    printf "\e[0Ksection_end:%(%s)T:%s\r\e[0K\n" '-1' "${_section}"
+}
+
+cleanup() {
+    # clean up temporary directories
+    print_section_start "cleanup" "Cleaning up temporary directory"
+
+    if [[ -n "${tmpdir_base:-}" ]]; then
+        rm -fr "${tmpdir_base}"
+    fi
+
+    print_section_end "cleanup"
+}
+
+create_checksums() {
+    # create checksums for files
+    # $@: files
+    local _file_path _file_name _current_pwd
+    _current_pwd="${PWD}"
+
+    print_section_start "checksums" "Creating checksums"
+
+    for _file_path in "$@"; do
+        cd "$(dirname "${_file_path}")"
+        _file_name="$(basename "${_file_path}")"
+        b2sum "${_file_name}" >"${_file_name}.b2"
+        md5sum "${_file_name}" >"${_file_name}.md5"
+        sha1sum "${_file_name}" >"${_file_name}.sha1"
+        sha256sum "${_file_name}" >"${_file_name}.sha256"
+        sha512sum "${_file_name}" >"${_file_name}.sha512"
+        ls -lah "${_file_name}."{b2,md5,sha{1,256,512}}
+        cat "${_file_name}."{b2,md5,sha{1,256,512}}
+    done
+    cd "${_current_pwd}"
+
+    print_section_end "checksums"
+}
+
+create_zsync_delta() {
+    # create zsync control files for files
+    # $@: files
+    local _file
+
+    print_section_start "zsync_delta" "Creating zsync delta"
+
+    for _file in "$@"; do
+        if [[ "${buildmode}" == "bootstrap" ]]; then
+            # zsyncmake fails on 'too long between blocks' with default block size on bootstrap image
+            zsyncmake -v -b 512 -C -u "${_file##*/}" -o "${_file}".zsync "${_file}"
+        else
+            zsyncmake -v -C -u "${_file##*/}" -o "${_file}".zsync "${_file}"
+        fi
+    done
+
+    print_section_end "zsync_delta"
+}
+
+create_metrics() {
+    local _metrics="${output}/metrics.txt"
+    # create metrics
+    print_section_start "metrics" "Creating metrics"
+
+    {
+        # create metrics based on buildmode
+        case "${buildmode}" in
+            iso)
+                printf 'image_size_mebibytes{image="%s"} %s\n' \
+                    "${profile}" \
+                    "$(du -m -- "${output}/"*.iso | cut -f1)"
+                printf 'package_count{image="%s"} %s\n' \
+                    "${profile}" \
+                    "$(sort -u -- "${tmpdir}/iso/"*/pkglist.*.txt | wc -l)"
+                if [[ -e "${tmpdir}/efiboot.img" ]]; then
+                    printf 'eltorito_efi_image_size_mebibytes{image="%s"} %s\n' \
+                    "${profile}" \
+                    "$(du -m -- "${tmpdir}/efiboot.img" | cut -f1)"
+                fi
+                # shellcheck disable=SC2046
+                # shellcheck disable=SC2183
+                printf 'initramfs_size_mebibytes{image="%s",initramfs="%s"} %s\n' \
+                    $(
+                        du -m -- "${tmpdir}/iso/"*/boot/**/initramfs*.img \
+                            | awk -v profile="${profile}" \
+                                'function basename(file) {
+                                    sub(".*/", "", file)
+                                    return file
+                                }
+                                { print profile, basename($2), $1 }'
+                    )
+                ;;
+            netboot)
+                printf 'netboot_size_mebibytes{image="%s"} %s\n' \
+                    "${profile}" \
+                    "$(du -m -- "${output}/${install_dir}/" | tail -n1 | cut -f1)"
+                printf 'netboot_package_count{image="%s"} %s\n' \
+                    "${profile}" \
+                    "$(sort -u -- "${tmpdir}/iso/"*/pkglist.*.txt | wc -l)"
+                ;;
+            bootstrap)
+                printf 'bootstrap_size_mebibytes{image="%s"} %s\n' \
+                    "${profile}" \
+                    "$(du -m -- "${output}/"*.tar*(.gz|.xz|.zst) | cut -f1)"
+                printf 'bootstrap_package_count{image="%s"} %s\n' \
+                    "${profile}" \
+                    "$(sort -u -- "${tmpdir}/"*/bootstrap/pkglist.*.txt | wc -l)"
+                ;;
+        esac
+    } >"${_metrics}"
+    ls -lah "${_metrics}"
+    cat "${_metrics}"
+
+    print_section_end "metrics"
+}
+
+create_ephemeral_pgp_key() {
+    # create an ephemeral PGP key for signing the rootfs image
+    print_section_start "ephemeral_pgp_key" "Creating ephemeral PGP key"
+
+    gnupg_homedir="$tmpdir/.gnupg"
+    mkdir -p "${gnupg_homedir}"
+    chmod 700 "${gnupg_homedir}"
+
+    cat <<__EOF__ >"${gnupg_homedir}"/gpg.conf
+quiet
+batch
+no-tty
+no-permission-warning
+export-options no-export-attributes,export-clean
+list-options no-show-keyring
+armor
+no-emit-version
+__EOF__
+
+    gpg --homedir "${gnupg_homedir}" --gen-key <<EOF
+%echo Generating ephemeral Arch Linux release engineering key pair...
+Key-Type: eddsa
+Key-Curve: ed25519
+Key-Usage: sign
+Name-Real: Arch Linux Release Engineering
+Name-Comment: Ephemeral Signing Key
+Name-Email: arch-releng@lists.archlinux.org
+Expire-Date: 0
+%no-protection
+%commit
+%echo Done
+EOF
+
+    pgp_key_id="$(
+        gpg --homedir "${gnupg_homedir}" \
+            --list-secret-keys \
+            --with-colons \
+            | awk -F':' '{if($1 ~ /sec/){ print $5 }}'
+    )"
+
+    pgp_sender="Arch Linux Release Engineering (Ephemeral Signing Key) <arch-releng@lists.archlinux.org>"
+
+    print_section_end "ephemeral_pgp_key"
+}
+
+create_ephemeral_codesigning_keys() {
+    # create ephemeral certificates used for codesigning
+    print_section_start "ephemeral_codesigning_key" "Creating ephemeral codesigning keys"
+
+    # The exact steps in creating a CA with Codesigning being signed was taken from
+    # https://jamielinux.com/docs/openssl-certificate-authority/introduction.html
+    # (slight modifications to the process to not disturb default values of /etc/ssl/openssl.cnf)
+
+    codesigning_dir="${tmpdir}/.codesigning/"
+    local ca_dir="${codesigning_dir}/ca/"
+
+    local ca_conf="${ca_dir}/certificate_authority.cnf"
+    local ca_subj='/C=DE/ST=Berlin/L=Berlin/O=Arch Linux/OU=Release Engineering/emailAddress=arch-releng@lists.archlinux.org/CN=Arch Linux Release Engineering (Ephemeral Certificate Authority)'
+    ca_cert="${ca_dir}/cacert.pem"
+    ca_key="${ca_dir}/private/cakey.pem"
+
+    local codesigning_conf="${codesigning_dir}/code_signing.cnf"
+    local codesigning_subj='/C=DE/ST=Berlin/L=Berlin/O=Arch Linux/OU=Release Engineering/emailAddress=arch-releng@lists.archlinux.org/CN=Arch Linux Release Engineering (Ephemeral Signing Key)'
+    codesigning_cert="${codesigning_dir}/codesign.crt"
+    codesigning_key="${codesigning_dir}/codesign.key"
+
+    mkdir -p "${ca_dir}/"{private,newcerts,crl}
+    mkdir -p "${codesigning_dir}"
+    cp -- /etc/ssl/openssl.cnf "${codesigning_conf}"
+    cp -- /etc/ssl/openssl.cnf "${ca_conf}"
+    touch "${ca_dir}/index.txt"
+    echo "1000" >"${ca_dir}/serial"
+
+    # Prepare the ca configuration for the change in directory
+    sed -i "s#/etc/ssl#${ca_dir}#g" "${ca_conf}"
+
+    # Create the Certificate Authority
+    openssl req \
+        -newkey rsa:4096 \
+        -nodes \
+        -x509 \
+        -new \
+        -sha256 \
+        -keyout "${ca_key}" \
+        -config "${ca_conf}" \
+        -subj "${ca_subj}" \
+        -days 2 \
+        -out "${ca_cert}"
+
+  local extension_text
+  IFS='' read -r -d '' extension_text <<EOF || true
+[codesigning]
+keyUsage=digitalSignature
+extendedKeyUsage=codeSigning, clientAuth, emailProtection
+EOF
+
+    printf '%s' "${extension_text}" >> "${ca_conf}"
+    printf '%s' "${extension_text}" >> "${codesigning_conf}"
+
+    openssl req \
+        -newkey rsa:4096 \
+        -keyout "${codesigning_key}" \
+        -nodes \
+        -sha256 \
+        -out "${codesigning_cert}.csr" \
+        -config "${codesigning_conf}" \
+        -subj "${codesigning_subj}" \
+        -extensions codesigning
+
+    # Sign the code signing certificate with the CA
+    openssl ca \
+        -batch \
+        -config "${ca_conf}" \
+        -extensions codesigning \
+        -days 2 \
+        -notext \
+        -md sha256 \
+        -keyfile "${ca_key}" \
+        -cert "${ca_cert}" \
+        -in "${codesigning_cert}.csr" \
+        -out "${codesigning_cert}"
+
+    print_section_end "ephemeral_codesigning_key"
+}
+
+run_mkarchiso() {
+    # run mkarchiso
+    create_ephemeral_pgp_key
+    create_ephemeral_codesigning_keys
+
+    print_section_start "mkarchiso" "Running mkarchiso"
+    mkdir -p "${output}/" "${tmpdir}/"
+    GNUPGHOME="${gnupg_homedir}" ./archiso/mkarchiso \
+        -D "${install_dir}" \
+        -c "${codesigning_cert} ${codesigning_key} ${ca_cert}" \
+        -g "${pgp_key_id}" \
+        -G "${pgp_sender}" \
+        -o "${output}/" \
+        -w "${tmpdir}/" \
+        -m "${buildmode}" \
+        -v "configs/${profile}"
+
+    print_section_end "mkarchiso"
+
+    if [[ "${buildmode}" =~ "iso" ]]; then
+        create_zsync_delta "${output}/"*.iso
+        create_checksums "${output}/"*.iso
+    fi
+    if [[ "${buildmode}" == "bootstrap" ]]; then
+        create_zsync_delta "${output}/"*.tar*(.gz|.xz|.zst)
+        create_checksums "${output}/"*.tar*(.gz|.xz|.zst)
+    fi
+    create_metrics
+
+    print_section_start "ownership" "Setting ownership on output"
+
+    if [[ -n "${SUDO_UID:-}" ]] && [[ -n "${SUDO_GID:-}" ]]; then
+        chown -Rv "${SUDO_UID}:${SUDO_GID}" -- "${output}"
+    fi
+    print_section_end "ownership"
+}
+
+trap cleanup EXIT
+
+run_mkarchiso

.mailmap

+Aaron Griffin <aaron@archlinux.org> <aaronmgriffin@gmail.com>
+Chandan Singh <cks071g2@gmail.com> chandan <cks071g2@gmail.com>
+Charles Vejnar <ce@vejnar.org> Charles <ce@vejnar.org>
+Christopher Brannon <cmbrannon79@gmail.com> <cmbrannon@cox.net>
+David Runge <dvzrv@archlinux.org> <dave@sleepmap.de>
+Eli Schwartz <eschwartz@archlinux.org> Eli Schwartz via arch-releng <arch-releng@archlinux.org>
+Francois Dupoux <fdupoux@users.sourceforge.net> fdupoux <fdupoux@users.sourceforge.net>
+Gerardo Exequiel Pozzi <vmlinuz386@gmail.com> <vmlinuz386@yahoo.com.ar>
+James Sitegen <jamesm.sitegen@gmail.com> jamesm-sitegen <jamesm.sitegen@gmail.com>
+Keshav Amburay <the.ridikulus.rat@gmail.com> Keshav P R <the.ridikulus.rat@gmail.com>
+Martin Damian Fernandez <martin.damian.fernandez@gmail.com> martindamianfernandez <martin.damian.fernandez@gmail.com>
+Michael Vorburger <mike@vorburger.ch> Michael Vorburger.ch <mike@vorburger.ch>
+Sean Enck <enckse@voidedtech.com> Sean Enck via arch-releng <arch-releng@archlinux.org>
+Simo Leone <simo@archlinux.org> <leone.simo@gmail.com>
+Sven-Hendrik Haase <svenstaro@gmail.com> <sh@lutzhaase.com>
+Yu Li-Yu <afg984@gmail.com> Li-Yu Yu via arch-releng <arch-releng@archlinux.org>

.shellcheckrc

+# Suggest explicitly using -n in `[ $var ]`
+enable=avoid-nullary-conditions
+
+# Suggest 'command -v' instead of 'which'
+enable=deprecate-which
+
+# Suggest quoting variables without metacharacters
+enable=quote-safe-variables
+
+# Require [[ and warn about [ in Bash/Ksh
+enable=require-double-brackets

AUTHORS.rst

@@ -2,32 +2,62 @@
 Archiso Authors
 ===============
 
+* 2hexed <2hexed@protonmail.com>
 * Aaron Griffin <aaron@archlinux.org>
 * Adam Purkrt <adam@purkrt.net>
+* Alexander Epaneshnikov <aarnaarn2@gmail.com>
+* Alexander Speshilov <speshuric@gmail.com>
+* Anton Hvornum <anton@hvornum.se>
+* Antonio V <crazysnob@live.it>
 * Chandan Singh <cks071g2@gmail.com>
 * Charles Vejnar <ce@vejnar.org>
 * Christian Hesse <mail@eworm.de>
 * Christopher Brannon <cmbrannon79@gmail.com>
 * Dan McGee <dan@archlinux.org>
+* Dariusz Pelowski <dariusz.pelowski@gmail.com>
+* Darren Ng <un1gfn@gmail.com>
 * David Runge <dvzrv@archlinux.org>
 * David Thurstenson <thurstylark@gmail.com>
 * Dieter Plaetinck <dieter@plaetinck.be>
 * Eli Schwartz <eschwartz@archlinux.org>
+* Eric Toombs <567-ewtoombs@users.noreply.gitlab.archlinux.org>
 * Florian Pritz <bluewind@xinu.at>
+* Francois Dupoux <fdupoux@users.sourceforge.net>
 * Gerardo Exequiel Pozzi <vmlinuz386@gmail.com>
 * Gerhard Brauer <gerbra@archlinux.de>
+* Giancarlo Razzolini <grazzolini@archlinux.org>
+* Howard Hicks <deimosian@gmail.com>
 * James Sitegen <jamesm.sitegen@gmail.com>
+* John Lane <archlinux@jelmail.com>
+* Jonathan Liu <net147@gmail.com>
+* Jonathon Fernyhough <jonathon@m2x.dev>
+* Julian <deadbeef@outlook.de>
 * Justin Kromlinger <hashworks@archlinux.org>
 * Keshav Amburay <the.ridikulus.rat@gmail.com>
+* Kristian Klausen <kristian@klausen.dk>
 * Loui Chang <louipc.ist@gmail.com>
 * Lukas Fleischer <archlinux@cryptocrack.de>
 * Martin Damian Fernandez <martin.damian.fernandez@gmail.com>
+* Michael Gilchrist <michaelgilch@gmail.com>
+* Michael Vorburger <mike@vorburger.ch>
+* Pellegrino Prevete <pellegrinoprevete@gmail.com>
 * Pierre Schmitz <pierre@archlinux.de>
 * Sean Enck <enckse@voidedtech.com>
 * Simo Leone <simo@archlinux.org>
+* Simon Wilper <sxw@chronowerks.de>
+* Sorin Pânca <sorin.panca@gmail.com>
 * Steffen Bönigk <boenki@gmx.de>
-* Sven-Hendrik Haase <sh@lutzhaase.com>
+* Sven-Hendrik Haase <svenstaro@gmail.com>
 * Thomas Bächler <thomas@archlinux.org>
+* Tobias Powalowski <tpowa@archlinux.org>
+* Tom Yan <tom.ty89@gmail.com>
 * Yu Li-Yu <afg984@gmail.com>
+* Zig Globulin <zig@zigsystem.com>
+* hayao <hayao@fascode.net>
+* kojq su <3145-kojqsu@users.noreply.gitlab.archlinux.org>
+* mono wock <aaronleemorrison@protonmail.com>
 * nl6720 <nl6720@gmail.com>
+* plain linen <bcdedit@hotmail.com>
+* shivanandvp <shivanandvp.oss@gmail.com>
+* weltio weltio <weltio@web.de>
 * Øyvind Heggstad <heggstad@gmail.com>

CHANGELOG.rst

+#########
+Changelog
+#########
+
+[XX] - YYYY-MM-DD
+=================
+
+Added
+-----
+
+Changed
+-------
+
+Deprecated
+----------
+
+Fixed
+-----
+
+Removed
+-------
+
+[83] - 2025-03-24
+=================
+
+Changed
+-------
+
+- Remove the pacstrap directory early to lower the maximum size of the working directory.
+
+Fixed
+-----
+
+- Do not hide ``pacstrap`` errors in non-verbose mode.
+
+Removed
+-------
+
+- Removed deprecated dhclient from packages.
+
+[82] - 2024-11-27
+=================
+
+Fixed
+-----
+
+- Commented out ``DownloadUser`` in ``pacman.conf`` so that the working directory is not restricted to paths to which
+  the ``alpm`` user has access to.
+
+[81] - 2024-10-28
+=================
+
+Fixed
+-----
+
+- Change enabled services in baseline and releng profile to adapt to changes in ``cloud-init`` ≥ 24.3 (renamed
+  ``cloud-init.service`` to ``cloud-init-network.service``, introduced new ``cloud-init-main.service``).
+
+Removed
+-------
+
+- Removed gnu-netcat from releng profile, as cloud-init requires openbsd-netcat and the two netcat versions can not be
+  installed side-by-side.
+
+[80] - 2024-09-26
+=================
+
+Added
+-----
+
+- Support compressing the bootstrap tarball with ``xz``.
+
+Changed
+-------
+
+- Use an empty UUID for the EROFS image file since the file system will never be referenced by it.
+- Do not use ``mkfs.erofs`` extended options ``fragments`` and ``dedupe`` in the baseline profile. This reduces the EROFS
+  image size and compression time.
+- Update profile ``pacman.conf`` to include the new options added to ``/etc/pacman.conf`` in pacman 7.0.0.r3.g7736133-1.
+
+Fixed
+-----
+
+- Show the correct image file name, including the extension, when building a bootstrap image.
+
+Removed
+-------
+
+- Removed reiserfsprogs from packages (EOL)
+
+[79] - 2024-07-25
+=================
+
+Fixed
+-----
+
+- When downloading an automation script fail with non-zero status code instead of returning an HTML document when the
+  remote HTTP server fails to deliver the document.
+
+Removed
+-------
+
+- Remove unneeded workaround for e2fsprogs < 1.47.1.
+
+[78] - 2024-05-23
+=================
+
+Changed
+-------
+
+- Moved the ``pkglist.x86_64.txt`` file outside the bootstrap tarball's ``root.x86_64`` directly to avoid polluting the
+  root file system.
+- Use 4 MiB OVMF files in ``run_archiso`` instead of the old 2 MiB ones.
+- Increase the additional free space of the EFI partition size from 1 MiB to 8 MiB to account for file system overhead
+  when using FAT32 (needs less than 1 MiB) and to give more space for adding custom files when repacking an ISO (e.g.
+  when preparing it for Secure Boot).
+- Remove 300 KiB padding needed for CDs if the ISO exceeds the maximum size of a CD.
+- Use ``xz -9e`` as the releng profile's initramfs compression. Now that mkinitcpio does not decompress the loadable
+  kernel modules and firmware files anymore and moves them to the early uncompressed initramfs, we can compress the main
+  initramfs image with a higher compression without it having much impact on the ISO build time.
+- Format the EFI system partition image as FAT32 if the size allows it (i.e. if it is at least 36 MiB).
+
+Fixed
+-----
+
+- Look for microcode update files in the initramfs images when checking if external microcode images are needed. The
+  existence of a ``early_cpio`` file is not enough since mkinitcpio can and will place other files in the early
+  uncompressed CPIO even when the ``microcode`` hook is not used.
+
+Removed
+-------
+
+- Remove the wezterm-terminfo package from the releng profile as the relevant file is now provided by the ncurses
+  package instead.
+
+[77] - 2024-04-21
+=================
+
+Added
+-----
+
+- Copy Memtest86+ EFI binary to the EFI system partition and ISO 9660 for ``uefi-x86.systemd-boot`` boot modes.
+  Additionally, create a boot entry with it for the releng profile.
+
+Changed
+-------
+
+- Change releng profile's bootstrap tarball compression from gzip to zstd. zstd provides higher and faster compression.
+- Use mkinitcpio's ``microcode`` hook instead of external microcode images to simplify boot loader configuration.
+  Custom PXE setups will need to update their boot loader configuration.
+- Replace ``archisodevice`` boot parameter with ``archisosearchuuid`` in all boot loader configuration. This allows to
+  have "file system transposition" without relaying on GRUB-specific features.
+- Replace GRUB with systemd-boot as the UEFI boot loader for the releng profile. While this increases the ISO size, it
+  avoids all GRUB-specific annoyances and oddities.
+
+Fixed
+-----
+
+- Fix requirement validation logic for the ``uefi-ia32.systemd-boot.eltorito`` boot mode. It incorrectly applied the
+  same requirements as ``uefi-x64.systemd-boot.esp``.
+
+[76] - 2024-03-30
+=================
+
+Added
+-----
+
+- Add a man page for ``mkarchiso``.
+- Implement configurable bootstrap tarball compression. It is configured in ``profiledef.sh`` using a bash array called
+  ``bootstrap_tarball_compression``. baseline tarball now uses zstd compression while releng remains with gzip for now.
+
+Changed
+-------
+
+- Move ``/boot/grub/YYYY-mm-dd-HH-MM-SS-00.uuid`` to ``/boot/YYYY-mm-dd-HH-MM-SS-00.uuid`` and always create the file.
+  Once mkinitcpio-archiso implements searching for the file in early userspace, this file's use will not be limited to
+  just GRUB.
+- Skip including external microcode images in build artifacts if the initramfs file contains ``early_cpio`` (indicating
+  an early uncompressed CPIO archive which should have the microcode update files).
+
+Removed
+-------
+
+- Remove workaround for glibc < 2.39. ``LC_ALL=C.UTF-8`` now overrides ``LANGUAGE``, just like ``LC_ALL=C``.
+
+[75] - 2024-01-24
+=================
+
+Added
+-----
+
+- Explicitly add ldns to releng (as opposed to it only being pulled in as a dependency of another package) to ensure
+  ``drill`` remains available.
+
+Changed
+-------
+
+- Update the releng ISO description to "Arch Linux Live/Rescue DVD" since the ISO size now exceeds the maximum size of
+  a CD (900 MiB).
+
+Fixed
+-----
+
+- Update the location where ``mkarchiso`` looks for the memtest86+ license file.
+
+[74] - 2023-12-21
+=================
+
+Added
+-----
+
+- Add bcachefs-tools to releng for access to bcachefs userspace tools.
+- Add tftp as a valid protocol for downloading automated boot script.
+
+Changed
+-------
+
+- Set ``RequiredForOnline=routable`` in systemd-networkd configuration files to improve the chances that the network
+  really is *online* when ``network-online.target`` is reached.
+
+Fixed
+-----
+
+- Add missing replacement for the UUID variable in systemd-boot configuration files on ISO 9660.
+
+[73] - 2023-09-29
+=================
+
+Added
+-----
+
+- Add bolt to releng for authorizing and otherwise managing Thunderbolt and USB4 devices.
+- Add ``uefi-ia32.systemd-boot.esp`` and ``uefi-ia32.systemd-boot.eltorito`` boot modes that use systemd-boot for IA32
+  UEFI. The boot modes of baseline and releng are not changed.
+- Add GRUB configuration file ``/boot/grub/loopback.cfg`` to the releng and baseline profiles. It sets the necessary
+  boot parameters required for booting the ISO image as a file on a file system.
+
+Fixed
+-----
+
+- Add ``/etc/localtime`` to the baseline profile to ensure the ISO can be booted successfully without triggering
+  questions from systemd-firstboot.
+
+[72] - 2023-08-29
+=================
+
+Added
+-----
+
+- Add tpm2-tools to releng to allow clearing, creating and reading keys on the TPM.
+- Add sequoia-sq and openpgp-card-tools as additional tooling for working with OpenPGP certificates and smartcards.
+
+Changed
+-------
+
+- Moved custom ``mkinitcpio.conf`` files to ``/etc/mkinitcpio.conf.d/archiso.conf``.
+- Mount ``/etc/pacman.d/gnupg`` on tmpfs with option ``noswap`` instead of using ramfs. This ensures there is a limit to
+  the file system size.
+- Enable systemd-networkd's support for IPv6 Privacy Extensions globally instead of per-connection.
+- Moved custom ``sshd_config`` files to ``/ssh/sshd_config.d/10-archiso.conf``
+- Use pcsclite for interfacing with smartcards, since both gnupg and opgpcard support it.
+
+Fixed
+-----
+
+- Sign the root file system image only once.
+- Make sure xorriso does not read its configuration files to prevent interference and unintended behavior.
+
+[71] - 2023-05-28
+=================
+
+Added
+-----
+
+- Added classes for Memtest86+ and UEFI Shell menuentries.
+- Add foot-terminfo and wezterm-terminfo packages to releng to support terminal emulators using them. E.g. when
+  installing via SSH.
+- Add a new ``-r`` option to ``mkarchiso`` that deletes the working directly after the build.
+- Add support for mDNS announce and resolve.
+
+Changed
+-------
+
+- Increase EROFS compression for the baseline profile by using an extreme LZMA compression level and enabling the
+  experimental compressed fragments and data deduplication features.
+- Identify the ISO volume via a UUID instead of a file system label in all boot loader configuration files.
+- Update ``pacman.conf`` to match the one shipped with pacman 6.0.2-7 which removes the community repository.
+
+Fixed
+-----
+
+- Wait for ``network-online.target`` to become active before trying to download the script passed via the ``script=``
+  boot parameter.
+- Subdirectories from ``grub/`` are copied to the ISO.
+- Modify the commandline options to a ``cp`` command in ``mkarchiso`` so that the entire script does not exit with
+  failure when a custom ``.bashrc`` file is supplied with the archiso configuration. This fix was needed after
+  **GNU Coreutils** recently changed the behaviour of the ``-n`` (or ``--no-clobber``) commandline option to the ``cp``
+  command.
+- Ensure ``SOURCE_DATE_EPOCH`` is read from the ``build_date`` file before ``profiledef.sh`` is sourced to ensure the
+  variable has a correct value when used inside ``profiledef.sh``.
+
+[70] - 2023-02-27
+=================
+
+Added
+-----
+
+- Support *file system transposition* to simplify boot medium preparation for UEFI boot via extracting the ISO image
+  contents to a drive. ``grub.cfg`` does not hardcode the ISO volume label anymore, instead GRUB will search for volume
+  with a ``/boot/grub/YYYY-mm-dd-HH-MM-SS-00.uuid`` file on it.
+- Preload GRUB's NTFS modules for UEFI that allegedly have native NTFS support. GRUB's exFAT and UDF modules are also
+  preloaded in case someone finds them useful.
+
+Changed
+-------
+
+- Identify the ISO volume via a UUID instead of a file system label to avoid collisions of multiple ISOs created in the
+  same month.
+- Honor ``SOURCE_DATE_EPOCH`` in the ``date`` command used by ``profiledef.sh`` of the shipped profiles.
+- Do not duplicate ``grub.cfg`` in both ISO 9660 and the EFI system partition / El Torito image. GRUB will search for
+  the ISO volume and load the ``grub.cfg`` from there.
+- Moved GRUB files on ISO 9660 from ``/EFI/BOOT/`` to a boot-platform neutral place ``/boot/grub/``. This does not apply
+  to the EFI binaries that remain in the default/fallback boot path.
+- Move ``grubenv`` to ``/boot/grub/grubenv`` on ISO 9660 so that it is together with the rest of GRUB-specific files.
+  Additionally write more variables in it. The previous ``/${install_dir}/grubenv`` (``/arch/grubenv`` for releng)
+  is deprecated and a future archiso release will not create this file anymore.
+- Moved syslinux directory from ``/syslinux/`` to ``/boot/syslinux/`` to keep most boot loader files in ``/boot/``.
+- Update ``README.transfer`` documentation and convert it to reStructuredText.
+- Use ``console`` as grub's ``terminal_output``, as ``gfxterm`` leads to a blank screen on some hardware.
+
+Removed
+-------
+
+- Do not place memtest86+ in netboot artifacts.
+
+[69] - 2022-12-24
+=================
+
+Added
+-----
+
+- Add Memtest86+ to x86_64 UEFI GRUB boot menu.
+
+Changed
+-------
+
+- Check if the GPG public key file was successfully placed in the work directory before trying to use it.
+- Open the file descriptors for code signing certificates and GPG public key as read only. Nothing from the within the
+  ``pacstrap`` invoked chroot should ever be allowed to write outside of it.
+- Error out early if any of the code signing certificate files passed with option ``-c`` do not exist.
+- Use LZMA compressed EROFS image for the baseline profile. Now that xz 5.4 is out and erofs-utils is built with LZMA
+  support, using a higher compression is possible.
+- Add ``/etc/machine-id`` with special value ``uninitialized``. The final id is generated at boot time, and systemd's
+  first-boot mechanim (see ``First Boot Semantics`` in ``machine-id(5)``) applies. No functional change unless that
+  ``ConditionFirstBoot=yes`` is true and passive unit ``first-boot-complete.target`` activates for ordering.
+
+[68] - 2022-10-30
+=================
+
+Changed
+-------
+
+- Do not explicitly enable ``qemu-guest-agent.service`` as it will be started by a udev rule.
+- Remove existing signature (``.sig``) files and do not sign them when signing netboot artifacts. This is mostly
+  applicable when re-running ``mkarchiso``  after a failure.
+- Replace ``archiso_kms`` with ``kms`` in ``mkinitcpio.conf``. The hook is available in mkinitcpio since version 32.
+
+[67] - 2022-09-25
+=================
+
+Added
+-----
+
+- The ability to generate rootfs signatures using openssl CMS module if ``-c`` is given.
+
+Changed
+-------
+
+- Order ``pacman-init.service`` before ``archlinux-keyring-wkd-sync.service`` since
+  ``archlinux-keyring-wkd-sync.service`` needs an initialized pacman keyring.
+- Order ``pacman-init.service`` after ``time-sync.target`` since ``pacman-init.service`` may otherwise create local
+  signatures that are not valid on target systems after installation.
+
+[66] - 2022-08-28
+=================
+
+Added
+-----
+
+- Add ``efibootimg`` to ``mkarchiso`` to abstract the FAT image path.
+- Unset ``LANGUAGE`` since ``LC_ALL=C.UTF-8``, unlike ``LC_ALL=C``, does not override ``LANGUAGE``.
+- Copy all files from the ``grub`` directory to ISO9660 and the FAT image, not just only ``grub.cfg``.
+- Touching ``/usr/lib/clock-epoch`` to to help ``systemd`` with screwed or broken RTC.
+
+Changed
+-------
+
+- Disable GRUB's shim_lock verifier and preload more modules. This allows reusing the GRUB EFI binaries when repacking
+  the ISO to support Secure Boot with custom signatures.
+
+[65] - 2022-06-30
+=================
+
+Added
+-----
+
+- Configure the locale for the baseline profile to ``C.UTF-8`` so that a UTF-8 locale is used.
+- Add ``uefi-x64.grub.esp`` and ``uefi-x64.grub.eltorito`` boot mode to support x86_64 UEFI boot on x86_64 machines.
+- Use ``mkfs.erofs``'s ``ztailpacking`` option in the baseline profile to reduce the image size.
+
+Changed
+-------
+
+- Change the releng profile's locale from ``en_US.UTF-8`` to ``C.UTF-8``.
+- Set ``LC_ALL`` to ``C.UTF-8`` instead of ``C`` in mkarchiso since it is now available and non-UTF-8 locales should be
+  avoided.
+
+Removed
+-------
+
+- Remove the custom pacman hook that ran ``locale-gen`` on glibc install from the releng profile. The used locale now
+  ships with the glibc package itself.
+- Remove "Copy to RAM" boot entries since the ``archiso`` mkinitcpio hook enables it automatically when there is enough
+  free RAM.
+
+[64] - 2022-05-30
+=================
+
+Added
+-----
+
+- Add ``uefi-ia32.grub.esp`` boot mode to support IA32 UEFI boot on x86_64 machines.
+- Add GRUB configuration files to profiles.
+- Add accessible ``copytoram`` entry.
+- Enable beeps in systemd-boot menu.
+
+Changed
+-------
+
+- Fix systemd-boot menu entry sorting by using the ``sort-key`` option.
+
+[63] - 2022-04-30
+=================
+
+Added
+-----
+
+- Add dmidecode to the list of packages in the releng profile.
+- Add open-iscsi to the list of packages in the releng profile to allow installing Arch on an iSCSI target.
+- Add open-vm-tools and hyperv to the list of packages and enable their services to provide better integration with the
+  VMware and Hyper-V hypervisors.
+
+Changed
+-------
+
+- Mount /etc/pacman.d/gnupg on ramfs instead of tmpfs to ensure its contents never land in swap.
+- Configure reflector to return only mirrors that support both IPv4 and IPv6.
+
+
+[62.1] - 2022-04-05
+===================
+
+Removed
+-------
+
+- Easter egg
+
+[62] - 2022-03-31
+=================
+
+Changed
+-------
+
+- Fix the PXE support. PXELINUX was having trouble finding the kernel and initrds. Now, archiso forces syslinux to
+  interpret all TFTP paths as absolute. That seems to have solved the issue.
+- Disable systemd-gpt-auto-generator, which we do not need, in both baseline and releng profiles. It avoids the error
+  message about it failing during boot.
+
+[61] - 2022-01-31
+=================
+
+Added
+-----
+
+- Add linux-firmware-marvell to the list of packages in the releng profile (e.g. for Surface Pro 6 WiFi support)
+- Add documentation to systemd-networkd configuration files
+- Add information about the use of changelog and merge requests to the contributing guidelines
+- Make the CI pipelines more efficient by automatically cancelling running pipelines if they are superseded by a newer
+  commit and by only running build pipelines on code or profile changes
+
+Changed
+-------
+
+- Fix an issue where mkarchiso is failing to raise an error when the ``mmd`` and ``mcopy`` commands are not found
+- Fix an issue where the architecture detection in mkarchiso fails due to an unset ``arch`` variable in the profile
+
+Removed
+-------
+
+[60] - 2021-12-28
+=================
+
+Added
+-----
+
+- Add `BB8E6F1B81CF0BB301D74D1CBF425A01E68B38EF` in the Releases section of the README, giving maintainer power to
+  nl6720.
+
+Changed
+-------
+
+- Show a more descriptive message when no code signing certificate is used
+
+Removed
+-------
+
+- Remove unused archiso_shutdown hook from the releng profile's mkinitcpio config
+
+[59] - 2021-11-30
+=================
+
+Added
+-----
+
+- Add mailmap file for easier author integration with git
+- Add grub and refind to the package list of the releng profile
+
+Changed
+-------
+
+- Replace use of date with printf
+- Silence command output more efficiently when using --quiet
+- Modify curl call to retry up to ten times before giving up on downloading an automated script
+
+Removed
+-------
+
+- Remove requirement on setting a Boot mode when building a netboot image
+
+[58] - 2021-08-25
+=================
+
+Added
+-----
+
+- Add support for ``gpg``'s ``--sender`` option
+
+Changed
+-------
+
+- Change the way ``mkarchiso`` uses ext4 images to copying files to it directly instead of mounting (this action now
+  does not require elevated privileges anymore)
+- Add version files when using ``netboot`` buildmode as well
+- Update the sshd configuration to be compatible with openssh 8.7p1
+- Overhaul the used ``gpg`` options
+- Fix use of potentially unbound variables
+- Refactor the validation functions to have fewer large functions and less code duplication
+
+Removed
+-------
+
+- Remove all files related to ``mkinitcpio`` integration, as they now live in
+  https://gitlab.archlinux.org/archlinux/mkinitcpio/mkinitcpio-archiso
+
+[57] - 2021-07-30
+=================
+
+Added
+-----
+
+- Add a missing line in the systemd-networkd-wait-online.service in the baseline profile
+
+Changed
+-------
+
+- Adapt systemd-networkd configuration to systemd ≥ 249
+- Improve documentation in ``mkarchiso`` and systemd-networkd related configuration files
+- Fix an issue that may prevent continuing an aborted build of the ``netboot`` or ``iso`` buildmode
+
+Removed
+-------
+
+- Remove SPDX license identifier from files that are not eligible for copyright (e.g. configuration files)
+
+[56.1] - 2021-07-11
+===================
+
+Added
+-----
+
+Changed
+-------
+
+- Simplify gitlab CI setup by using ci-scripts (shared amongst several projects)
+- Fix an issue with the unsetting of environment variables before using pacstrap/arch-chroot
+- Remove termite-terminfo from the releng profile's list of packages (it is not in the official repositories anymore)
+- Set LC_ALL instead of LANG
+
+[56] - 2021-07-01
+=================
+
+Added
+-----
+
+- Add pacman >= 6 compatible configuration
+- Add documentation for the `script` boot parameter
+
+Changed
+-------
+
+- Clear environment variables before working in chroot
+- Update Arch Wiki URLs
+- Pass SOURCE_DATE_EPOCH to chroot
+- Enable parallel downloads in profile pacman configurations
+- Generalize the approach of interacting with ucode images
+- Execute the netboot build mode for the baseline profile in CI
+
+[55] - 2021-06-01
+=================
+
+Added
+-----
+
+- Add integration for pv when using the copytoram boot parameter so that progress on copying the image to RAM is shown
+- Add experimental support for EROFS by using it for the rootfs image in the baseline profile
+
+Changed
+-------
+
+- Change information on IRC channel, as Arch Linux moved to Libera Chat
+- Fix a regression, that would prevent network interfaces to be configured under certain circumstances
+
+[54] - 2021-05-13
+=================
+
+Added
+-----
+
+- Add the concept of buildmodes to mkarchiso, which allows for building more than the default .iso artifact
+  (sequentially)
+- Add support to mkarchiso and both baseline and releng profiles for building a bootstrap image (a compressed
+  bootstrapped Arch Linux environment), by using the new buildmode `bootstrap`
+- Add support to mkarchiso and both baseline and releng profiles for building artifacts required for netboot with iPXE
+  (optionally allowing codesigning on the artifacts), by using the new buildmode `netboot`
+- Add qemu-guest-agent and virtualbox-guest-utils-nox to the releng profile and enable their services by default to
+  allow interaction between hypervisor and virtual machine if the installation medium is booted in a virtualized
+  environment
+
+Changed
+-------
+
+- Always use the .sig file extension when signing the rootfs image, as that is how mkinitcpio-archiso expects it
+- Fix for CI and run_archiso scripts to be compatible with QEMU >= 6.0
+- Increase robustness of CI by granting more time to reach the first prompt
+- Change CI to build all available buildmodes of the baseline and releng profiles (baseline's netboot is currently
+  excluded due to a bug)
+- Install all implicitly installed packages explicitly for the releng profile
+- Install keyrings more generically when using pacman-init.service
+- Consolidate CI scripts so that they may be shared between the archiso, arch-boxes and releng project in the future and
+  expose their configuration with the help of environment variables
+
+[53] - 2021-05-01
+=================
+
+Added
+-----
+
+- Add ISO name to grubenv
+- Add further metrics to CI, so that number of packages and further image sizes can be tracked
+- Add IMAGE_ID and IMAGE_VERSION to /etc/os-release
+
+Changed
+-------
+
+- Revert to an invalid GPT for greater hardware compatibility
+- Fix CI scripts and initcpio script to comply with stricter shellcheck
+- Fix an issue where writing to /etc/machine-id might override a file outside of the build directory
+- Change gzip flags, so that compressed files are created reproducibly
+- Increase default serial baud rate to 115200
+- Remove deprecated documentation and format existing documentation
+
+[52] - 2021-04-01
+=================
+
+Added
+-----
+
+- Add usbmuxd support
+- Add EROFS support (as an experimental alternative to squashfs)
+- Add creation of zsync control file for delta downloads
+- Add sof-firmware for additional soundcard support
+- Add support for recursively setting file permissions on folders using profiledef.sh
+- Add support for mobile broadband devices with the help of modemmanager
+- Add information on PGP signatures of tags
+- Add archinstall support
+
+Changed
+-------
+
+- Remove haveged
+- Fix various things in relation to gitlab CI
+- Change systemd-networkd files to more generically setup networkds for devices
+- Fix the behavior of the `script=` kernel commandline parameter to follow redirects
+- Change the amount of mirrors checked by reflector to 20 to speed up availability of the mirrorlist
+
+[51] - 2021-02-01
+=================
+
+Added
+-----
+
+- VNC support for `run_archiso`
+- SSH enabled by default in baseline and releng profiles
+- Add cloud-init support to baseline and releng profiles
+- Add simple port forwarding to `run_archiso` to allow testing of SSH
+- Add support for loading cloud-init user data images to `run_archiso`
+- Add version information to images generated with `mkarchiso`
+- Use pacman hooks for things previously done in `customize_airootfs.sh` (e.g. generating locale, uncommenting mirror
+  list)
+- Add network setup for the baseline profile
+- Add scripts for CI to build the baseline and releng profiles automatically
+
+Changed
+-------
+
+- Change upstream URL in vendored profiles to archlinux.org
+- Reduce the amount of sed calls in mkarchiso
+- Fix typos in `mkarchiso`
+- mkinitcpio-archiso: Remove resolv.conf before copy to circumvent its use
+- Remove `customize_airootfs.sh` from the vendored profiles
+- Support overriding more variables in `profiledef.sh` and refactor their use in `mkarchiso`
+- Cleanup unused code in `run_archiso`

CONTRIBUTING.rst

@@ -19,6 +19,28 @@ All ash and bash scripts are linted using shellcheck:
 
     make lint
 
+Changelog
+=========
+
+When adding, changing or removing something in a merge request, add a sentence to the `CHANGELOG.rst <CHANGELOG.rst>`_
+explaining it.
+The changelog entry needs to be added to the unreleased section at the top, as that section is used for the next
+release.
+
+Merge requests and signed commits
+=================================
+
+Merge requests are not required to contain signed commits (using ``git commit -S`` - see `man 1 git-commit
+<https://man.archlinux.org/man/git-commit.1>`_).
+The project maintainers may rebase a given merge request branch at their discretion (if possible), which may remove
+signed commits.
+
+The tip of the project's default branch is required to be a signed commit by the project maintainers.
+For external contributors this means, that their merge request will be merged using ``--no-ff`` (see `man 1 git-merge
+<https://man.archlinux.org/man/git-merge.1>`_) in a signed merge commit, while contributions by the project maintainers
+may be merged using ``--ff`` when the top-most commit of the source branch is signed by a valid PGP key of the given
+maintainer.
+
 Testing
 =======
 

Makefile

 #
 # SPDX-License-Identifier: GPL-3.0-or-later
 
-INSTALL_FILES=$(wildcard archiso/initcpio/install/*)
-HOOKS_FILES=$(wildcard archiso/initcpio/hooks/*)
-SCRIPT_FILES=$(wildcard archiso/initcpio/script/*)
-
-INSTALL_DIR=$(DESTDIR)/usr/lib/initcpio/install
-HOOKS_DIR=$(DESTDIR)/usr/lib/initcpio/hooks
-SCRIPT_DIR=$(DESTDIR)/usr/lib/initcpio
+PREFIX ?= /usr/local
+BIN_DIR=$(DESTDIR)$(PREFIX)/bin
+DOC_DIR=$(DESTDIR)$(PREFIX)/share/doc/archiso
+MAN_DIR?=$(DESTDIR)$(PREFIX)/share/man
+PROFILE_DIR=$(DESTDIR)$(PREFIX)/share/archiso
 
 DOC_FILES=$(wildcard docs/*) $(wildcard *.rst)
-
-DOC_DIR=$(DESTDIR)/usr/share/doc/archiso
-
+SCRIPT_FILES=$(wildcard archiso/*) $(wildcard scripts/*.sh) $(wildcard .gitlab/ci/*.sh) \
+             $(wildcard configs/*/profiledef.sh) $(wildcard configs/*/airootfs/usr/local/bin/*)
+VERSION?=$(shell git describe --long --abbrev=7 | sed 's/^v//;s/\([^-]*-g\)/r\1/;s/-/./g;s/\.r0\.g.*//')
 
 all:
 
-check: lint
+check: shellcheck
 
-lint:
-	shellcheck -s bash archiso/mkarchiso \
-	                   scripts/run_archiso.sh \
-	                   $(INSTALL_FILES) \
-	                   $(wildcard configs/*/build.sh) \
-	                   configs/releng/airootfs/root/.automated_script.sh \
-	                   configs/releng/airootfs/usr/local/bin/choose-mirror
-	shellcheck -s dash $(HOOKS_FILES) $(SCRIPT_FILES)
+shellcheck:
+	shellcheck -s bash $(SCRIPT_FILES)
 
-install: install-program install-examples install-doc
+install: install-scripts install-profiles install-doc install-man
 
-install-program:
-	install -vDm 755 archiso/mkarchiso -t "$(DESTDIR)/usr/bin/"
-	install -vDm 755 scripts/run_archiso.sh "$(DESTDIR)/usr/bin/run_archiso"
+install-scripts:
+	install -vDm 755 archiso/mkarchiso -t "$(BIN_DIR)/"
+	install -vDm 755 scripts/run_archiso.sh "$(BIN_DIR)/run_archiso"
 
-install-initcpio:
-	install -d $(SCRIPT_DIR) $(HOOKS_DIR) $(INSTALL_DIR)
-	install -m 755 -t $(SCRIPT_DIR) $(SCRIPT_FILES)
-	install -m 644 -t $(HOOKS_DIR) $(HOOKS_FILES)
-	install -m 644 -t $(INSTALL_DIR) $(INSTALL_FILES)
-
-install-examples:
-	install -d -m 755 $(DESTDIR)/usr/share/archiso/
-	cp -a --no-preserve=ownership configs $(DESTDIR)/usr/share/archiso/
+install-profiles:
+	install -d -m 755 $(PROFILE_DIR)
+	cp -a --no-preserve=ownership configs $(PROFILE_DIR)/
 
 install-doc:
 	install -vDm 644 $(DOC_FILES) -t $(DOC_DIR)
 
-.PHONY: check install install-program install-initcpio install-examples install-doc lint
+install-man:
+	@printf '.. |version| replace:: %s\n' '$(VERSION)' > man/version.rst
+	install -d -m 755 $(MAN_DIR)/man1
+	rst2man man/mkarchiso.1.rst $(MAN_DIR)/man1/mkarchiso.1
+
+.PHONY: check install install-doc install-man install-profiles install-scripts shellcheck

README.rst

@@ -2,9 +2,9 @@
 archiso
 =======
 
-The archiso project features scripts and configuration templates to build installation media (*.iso* images) for BIOS
-and UEFI based systems on the x86_64 architecture.
-Currently creating the images is only supported on Arch Linux.
+The archiso project features scripts and configuration templates to build installation media (*.iso* images and
+*.tar bootstrap images) as well as netboot artifacts for BIOS and UEFI based systems on the x86_64 architecture.
+Currently creating the images is only supported on Arch Linux but may work on other operating systems as well.
 
 Requirements
 ============
@@ -12,9 +12,19 @@ Requirements
 The following packages need to be installed to be able to create an image with the included scripts:
 
 * arch-install-scripts
+* awk
 * dosfstools
 * e2fsprogs
+* erofs-utils (optional)
+* findutils
+* grub
+* gzip
+* libarchive
 * libisoburn
+* mtools
+* openssl
+* pacman
+* sed
 * squashfs-tools
 
 For running the images in a virtualized test environment the following packages are required:
@@ -26,14 +36,19 @@ For linting the shell scripts the following package is required:
 
 * shellcheck
 
+For generating the man pages:
+
+* python-docutils
+
 Profiles
 ========
 
 Archiso comes with two profiles: **baseline** and **releng**. While both can serve as starting points for creating
 custom live media, **releng** is used to create the monthly installation medium.
 They can be found below `configs/baseline/ <configs/baseline/>`_  and `configs/releng/ <configs/releng/>`_
-(respectively). Both profiles are defined by files to be placed into overlays (e.g. *airootfs* -> *the image's /*) and
-dynamic actions (i.e. *build.sh* scripts).
+(respectively). Both profiles are defined by files to be placed into overlays (e.g. airootfs ‎→‎ the image's ``/``).
+
+Read `README.profile.rst <docs/README.profile.rst>`_ to learn more about how to create profiles.
 
 Create images
 =============
@@ -45,77 +60,128 @@ As filesystems are created and various mount actions have to be done when creati
 the scripts.
 
 When archiso is installed system-wide and the modification of a profile is desired, it is necessary to copy it to a
-writeable location, as */usr/share/archiso* is tracked by the package manager and only writeable by root (changes will
+writeable location, as ``/usr/share/archiso`` is tracked by the package manager and only writeable by root (changes will
 be lost on update).
 
 The examples below will assume an unmodified profile in a system location (unless noted otherwise).
 
-It is advised to check the help information of the **build.sh** scripts in the profiles:
+It is advised to consult the help output of **mkarchiso**:
 
-  .. code:: bash
+.. code:: sh
 
-    /usr/share/archiso/configs/releng/build.sh --help
+   mkarchiso -h
 
 Create images with packaged archiso
 -----------------------------------
 
-  .. code:: bash
+.. code:: sh
 
-    /usr/share/archiso/configs/releng/build.sh -w path/to/work_dir -o path/to/out_dir
+   mkarchiso -w path/to/work_dir -o path/to/out_dir path/to/profile
 
 Create images with local clone
 ------------------------------
 
-Clone this repository and make sure to run with the local `mkarchiso <archiso/mkarchiso>`_  script in *PATH* (if it has
-been modified):
+Clone this repository and run:
 
-  .. code:: bash
+.. code:: sh
 
-    PATH="archiso:$PATH" ./configs/releng/build.sh -w path/to/work_dir -o path/to/out_dir
+   ./archiso/mkarchiso -w path/to/work_dir -o path/to/out_dir path/to/profile
 
 Testing
 =======
 
 The convenience script **run_archiso** is provided to boot into the medium using qemu.
-It is advised to read its help information:
+It is advised to consult its help output:
 
-  .. code:: bash
+.. code:: sh
 
-    run_archiso -h
+   run_archiso -h
 
 Run the following to boot the iso using BIOS:
 
-  .. code:: bash
+.. code:: sh
 
-    run_archiso -i path/to/an/arch.iso
+   run_archiso -i path/to/an/arch.iso
 
 Run the following to boot the iso using UEFI:
 
-  .. code:: bash
+.. code:: sh
 
-    run_archiso -i path/to/an/arch.iso -u
+   run_archiso -u -i path/to/an/arch.iso
 
 The script can of course also be executed from this repository:
 
 
-  .. code:: bash
+.. code:: sh
 
-    ./scripts/run_archiso.sh -i path/to/an/arch.iso
+   ./scripts/run_archiso.sh -i path/to/an/arch.iso
 
 Installation
 ============
 
-To install archiso system-wide use the included **Makefile**:
+To install archiso system-wide use the included ``Makefile``:
+
+.. code:: sh
+
+   make install
+
+Optional features
+
+The iso image contains a GRUB environment block holding the iso name and version. This allows to
+boot the iso image from GRUB with a version specific cow directory to mitigate overlay clashes.
+
+.. code:: sh
+
+   loopback loop archlinux.iso
+   load_env -f (loop)/boot/grub/grubenv
+   linux (loop)/arch/boot/x86_64/vmlinuz-linux ... \
+       cow_directory=${NAME}/${VERSION} ...
+   initrd (loop)/arch/boot/x86_64/initramfs-linux-lts.img
+
+Contribute
+==========
+
+Development of archiso takes place on Arch Linux' Gitlab: https://gitlab.archlinux.org/archlinux/archiso.
+
+Please read our distribution-wide `Code of Conduct <https://terms.archlinux.org/docs/code-of-conduct/>`_ before
+contributing, to understand what actions will and will not be tolerated.
+
+Read our `contributing guide <CONTRIBUTING.rst>`_ to learn more about how to provide fixes or improvements for the code
+base.
+
+Discussion around archiso takes place on the `arch-releng mailing list
+<https://lists.archlinux.org/mailman3/lists/arch-releng.lists.archlinux.org/>`_ and in `#archlinux-releng
+<ircs://irc.libera.chat/archlinux-releng>`_ on `Libera Chat <https://libera.chat/>`_.
+
+All past and present authors of archiso are listed in `AUTHORS <AUTHORS.rst>`_.
+
+Releases
+========
+
+`Releases of archiso <https://gitlab.archlinux.org/archlinux/archiso/-/tags>`_ are created by their current maintainers
+
+- `David Runge <https://gitlab.archlinux.org/dvzrv>`_ (``991F6E3F0765CF6295888586139B09DA5BF0D338``)
+- `nl6720 <https://gitlab.archlinux.org/nl6720>`_ (``BB8E6F1B81CF0BB301D74D1CBF425A01E68B38EF``)
+
+Tags are signed using respective PGP keys.
+
+To verify a tag, first import the relevant PGP key(s):
+
+.. code:: sh
+
+  gpg --auto-key-locate wkd --search-keys dvzrv@archlinux.org
+
+or
 
-  .. code:: bash
+.. code:: sh
 
-    make install
+  gpg --auto-key-locate keyserver --recv-keys BB8E6F1B81CF0BB301D74D1CBF425A01E68B38EF
 
-Optionally install archiso's mkinitcpio hooks:
+Afterwards a tag can be verified from a clone of this repository:
 
-  .. code:: bash
+.. code:: sh
 
-    make install-initcpio
+  git verify-tag <tag>
 
 License
 =======

archiso/initcpio/hooks/archiso

-#!/bin/ash
-#
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-# args: source, newroot, mountpoint
-_mnt_dmsnapshot() {
-    local img="${1}"
-    local newroot="${2}"
-    local mnt="${3}"
-    local img_fullname="${img##*/}";
-    local img_name="${img_fullname%%.*}"
-    local dm_snap_name="${dm_snap_prefix}_${img_name}"
-    local ro_dev ro_dev_size rw_dev
-
-    ro_dev="$(losetup --find --show --read-only -- "${img}")"
-    echo "${ro_dev}" >> /run/archiso/used_block_devices
-    ro_dev_size="$(blockdev --getsz -- "${ro_dev}")"
-
-    if [ "${cow_persistent}" = "P" ]; then
-        if [ -f "/run/archiso/cowspace/${cow_directory}/${img_name}.cow" ]; then
-            msg ":: Found '/run/archiso/cowspace/${cow_directory}/${img_name}.cow', using as persistent."
-        else
-            msg ":: Creating '/run/archiso/cowspace/${cow_directory}/${img_name}.cow' as persistent."
-            truncate -s "${cow_spacesize}" "/run/archiso/cowspace/${cow_directory}/${img_name}.cow"
-        fi
-    else
-        if [ -f "/run/archiso/cowspace/${cow_directory}/${img_name}.cow" ]; then
-            msg ":: Found '/run/archiso/cowspace/${cow_directory}/${img_name}.cow' but non-persistent requested, removing."
-            rm -f "/run/archiso/cowspace/${cow_directory}/${img_name}.cow"
-        fi
-        msg ":: Creating '/run/archiso/cowspace/${cow_directory}/${img_name}.cow' as non-persistent."
-        truncate -s "${cow_spacesize}" "/run/archiso/cowspace/${cow_directory}/${img_name}.cow"
-    fi
-
-    rw_dev="$(losetup --find --show "/run/archiso/cowspace/${cow_directory}/${img_name}.cow")"
-    echo "${rw_dev}" >> /run/archiso/used_block_devices
-
-    dmsetup create "${dm_snap_name}" --table \
-        "0 ${ro_dev_size} snapshot ${ro_dev} ${rw_dev} ${cow_persistent} ${cow_chunksize}"
-
-    if [ "${cow_persistent}" != "P" ]; then
-        rm -f "/run/archiso/cowspace/${cow_directory}/${img_name}.cow"
-    fi
-
-    _mnt_dev "/dev/mapper/${dm_snap_name}" "${newroot}${mnt}" "-w" "defaults"
-    readlink -f "/dev/mapper/${dm_snap_name}" >> /run/archiso/used_block_devices
-}
-
-# args: source, newroot, mountpoint
-_mnt_overlayfs() {
-    local src="${1}"
-    local newroot="${2}"
-    local mnt="${3}"
-    mkdir -p "/run/archiso/cowspace/${cow_directory}/upperdir" "/run/archiso/cowspace/${cow_directory}/workdir"
-    mount -t overlay -o \
-    "lowerdir=${src},upperdir=/run/archiso/cowspace/${cow_directory}/upperdir,workdir=/run/archiso/cowspace/${cow_directory}/workdir" \
-    airootfs "${newroot}${mnt}"
-}
-
-
-# args: /path/to/image_file, mountpoint
-_mnt_sfs() {
-    local img="${1}"
-    local mnt="${2}"
-    local img_fullname="${img##*/}"
-    local sfs_dev
-
-    # shellcheck disable=SC2154
-    # defined via initcpio's parse_cmdline()
-    if [ "${copytoram}" = "y" ]; then
-        msg -n ":: Copying squashfs image to RAM..."
-        if ! cp -- "${img}" "/run/archiso/copytoram/${img_fullname}" ; then
-            echo "ERROR: while copy '${img}' to '/run/archiso/copytoram/${img_fullname}'"
-            launch_interactive_shell
-        fi
-        img="/run/archiso/copytoram/${img_fullname}"
-        msg "done."
-    fi
-    sfs_dev="$(losetup --find --show --read-only -- "${img}")"
-    echo "${sfs_dev}" >> /run/archiso/used_block_devices
-    _mnt_dev "${sfs_dev}" "${mnt}" "-r" "defaults"
-}
-
-# args: device, mountpoint, flags, opts
-_mnt_dev() {
-    local dev="${1}"
-    local mnt="${2}"
-    local flg="${3}"
-    local opts="${4}"
-
-    mkdir -p "${mnt}"
-
-    msg ":: Mounting '${dev}' to '${mnt}'"
-
-    while ! poll_device "${dev}" 30; do
-        echo "ERROR: '${dev}' device did not show up after 30 seconds..."
-        echo "   Falling back to interactive prompt"
-        echo "   You can try to fix the problem manually, log out when you are finished"
-        launch_interactive_shell
-    done
-
-    if mount -o "${opts}" "${flg}" "${dev}" "${mnt}"; then
-        msg ":: Device '${dev}' mounted successfully."
-    else
-        echo "ERROR; Failed to mount '${dev}'"
-        echo "   Falling back to interactive prompt"
-        echo "   You can try to fix the problem manually, log out when you are finished"
-        launch_interactive_shell
-    fi
-}
-
-_verify_checksum() {
-    local _status
-    cd "/run/archiso/bootmnt/${archisobasedir}/${arch}" || exit 1
-    sha512sum -c airootfs.sha512 > /tmp/checksum.log 2>&1
-    _status=$?
-    cd -- "${OLDPWD}" || exit 1
-    return "${_status}"
-}
-
-_verify_signature() {
-    local _status
-    cd "/run/archiso/bootmnt/${archisobasedir}/${arch}" || exit 1
-    gpg --homedir /gpg --status-fd 1 --verify airootfs.sfs.sig 2>/dev/null | grep -qE '^\[GNUPG:\] GOODSIG'
-    _status=$?
-    cd -- "${OLDPWD}" || exit 1
-    return ${_status}
-}
-
-run_hook() {
-    [ -z "${arch}" ] && arch="$(uname -m)"
-    [ -z "${copytoram_size}" ] && copytoram_size="75%"
-    [ -z "${archisobasedir}" ] && archisobasedir="arch"
-    [ -z "${dm_snap_prefix}" ] && dm_snap_prefix="arch"
-    # shellcheck disable=SC2154
-    # defined via initcpio's parse_cmdline()
-    [ -z "${archisodevice}" ] && archisodevice="/dev/disk/by-label/${archisolabel}"
-    [ -z "${cow_spacesize}" ] && cow_spacesize="256M"
-    # shellcheck disable=SC2154
-    # defined via initcpio's parse_cmdline()
-    if [ -n "${cow_label}" ]; then
-        cow_device="/dev/disk/by-label/${cow_label}"
-        [ -z "${cow_persistent}" ] && cow_persistent="P"
-    elif [ -n "${cow_device}" ]; then
-        [ -z "${cow_persistent}" ] && cow_persistent="P"
-    else
-        cow_persistent="N"
-    fi
-
-    [ -z "${cow_flags}" ] && cow_flags="defaults"
-    [ -z "${cow_directory}" ] && cow_directory="persistent_${archisolabel}/${arch}"
-    [ -z "${cow_chunksize}" ] && cow_chunksize="8"
-
-    # set mount handler for archiso
-    export mount_handler="archiso_mount_handler"
-}
-
-# This function is called normally from init script, but it can be called
-# as chain from other mount handlers.
-# args: /path/to/newroot
-archiso_mount_handler() {
-    local newroot="${1}"
-
-    if ! mountpoint -q "/run/archiso/bootmnt"; then
-        _mnt_dev "${archisodevice}" "/run/archiso/bootmnt" "-r" "defaults"
-        if [ "${copytoram}" != "y" ]; then
-            readlink -f "${archisodevice}" >> /run/archiso/used_block_devices
-        fi
-    fi
-
-    # shellcheck disable=SC2154
-    # defined via initcpio's parse_cmdline()
-    if [ "${checksum}" = "y" ]; then
-        if [ -f "/run/archiso/bootmnt/${archisobasedir}/${arch}/airootfs.sha512" ]; then
-            msg -n ":: Self-test requested, please wait..."
-            if _verify_checksum; then
-                msg "done. Checksum is OK, continue booting."
-            else
-                echo "ERROR: one or more files are corrupted"
-                echo "see /tmp/checksum.log for details"
-                launch_interactive_shell
-            fi
-        else
-            echo "ERROR: checksum=y option specified but ${archisobasedir}/${arch}/airootfs.sha512 not found"
-            launch_interactive_shell
-        fi
-    fi
-
-    # shellcheck disable=SC2154
-    # defined via initcpio's parse_cmdline()
-    if [ "${verify}" = "y" ]; then
-        if [ -f "/run/archiso/bootmnt/${archisobasedir}/${arch}/airootfs.sfs.sig" ]; then
-            msg -n ":: Signature verification requested, please wait..."
-            if _verify_signature; then
-                msg "done. Signature is OK, continue booting."
-            else
-                echo "ERROR: one or more files are corrupted"
-                launch_interactive_shell
-            fi
-        else
-            echo "ERROR: verify=y option specified but ${archisobasedir}/${arch}/airootfs.sfs.sig not found"
-            launch_interactive_shell
-        fi
-    fi
-
-    if [ "${copytoram}" = "y" ]; then
-        msg ":: Mounting /run/archiso/copytoram (tmpfs) filesystem, size=${copytoram_size}"
-        mkdir -p /run/archiso/copytoram
-        mount -t tmpfs -o "size=${copytoram_size}",mode=0755 copytoram /run/archiso/copytoram
-    fi
-
-    if [ -n "${cow_device}" ]; then
-        _mnt_dev "${cow_device}" "/run/archiso/cowspace" "-r" "${cow_flags}"
-        readlink -f "${cow_device}" >> /run/archiso/used_block_devices
-        mount -o remount,rw "/run/archiso/cowspace"
-    else
-        msg ":: Mounting /run/archiso/cowspace (tmpfs) filesystem, size=${cow_spacesize}..."
-        mkdir -p /run/archiso/cowspace
-        mount -t tmpfs -o "size=${cow_spacesize}",mode=0755 cowspace /run/archiso/cowspace
-    fi
-    mkdir -p "/run/archiso/cowspace/${cow_directory}"
-    chmod 0700 "/run/archiso/cowspace/${cow_directory}"
-
-    _mnt_sfs "/run/archiso/bootmnt/${archisobasedir}/${arch}/airootfs.sfs" "/run/archiso/sfs/airootfs"
-    if [ -f "/run/archiso/sfs/airootfs/airootfs.img" ]; then
-        _mnt_dmsnapshot "/run/archiso/sfs/airootfs/airootfs.img" "${newroot}" "/"
-    else
-        _mnt_overlayfs "/run/archiso/sfs/airootfs" "${newroot}" "/"
-    fi
-
-    if [ "${copytoram}" = "y" ]; then
-        umount -d /run/archiso/bootmnt
-    fi
-}
-
-# vim: set ft=sh:

archiso/initcpio/hooks/archiso_loop_mnt

-#!/bin/ash
-#
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-run_hook () {
-    # shellcheck disable=SC2154
-    # defined via initcpio's parse_cmdline()
-    [ -n "${img_label}" ] && img_dev="/dev/disk/by-label/${img_label}"
-    [ -z "${img_flags}" ] && img_flags="defaults"
-    # shellcheck disable=SC2154
-    # defined via initcpio's parse_cmdline()
-    if [ -n "${img_dev}" ] && [ -n "${img_loop}" ]; then
-        export mount_handler="archiso_loop_mount_handler"
-    fi
-}
-
-archiso_loop_mount_handler () {
-    newroot="${1}"
-
-    local _dev_loop
-
-    msg ":: Setup a loop device from ${img_loop} located at device ${img_dev}"
-    _mnt_dev "${img_dev}" "/run/archiso/img_dev" "-r" "${img_flags}"
-    # shellcheck disable=SC2154
-    # defined via initcpio's parse_cmdline()
-    if [ "${copytoram}" != "y" ]; then
-        readlink -f "${img_dev}" >> /run/archiso/used_block_devices
-    fi
-
-    if _dev_loop=$(losetup --find --show --read-only "/run/archiso/img_dev/${img_loop}"); then
-        export archisodevice="${_dev_loop}"
-    else
-        echo "ERROR: Setting loopback device for file '/run/archiso/img_dev/${img_loop}'"
-        launch_interactive_shell
-    fi
-
-    archiso_mount_handler "${newroot}"
-
-    if [ "${copytoram}" = "y" ]; then
-        losetup -d "${_dev_loop}" 2>/dev/null
-        umount /run/archiso/img_dev
-    fi
-}
-
-# vim: set ft=sh:

archiso/initcpio/hooks/archiso_pxe_common

-#!/bin/ash
-#
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-run_hook () {
-    # Do *not* declare 'bootif_dev' local! We need it in run_latehook().
-    local i net_mac bootif_mac
-    local DNSDOMAIN HOSTNAME IPV4DNS0 IPV4DNS1 ROOTSERVER
-    # These variables will be parsed from /tmp/net-*.conf generated by ipconfig
-    # shellcheck disable=SC2034
-    local DEVICE IPV4ADDR IPV4BROADCAST IPV4NETMASK IPV4GATEWAY NISDOMAIN ROOTPATH filename
-
-    if [ -n "${ip}" ]; then
-        if [ -n "${BOOTIF}" ]; then
-            bootif_mac="${BOOTIF#01-}"
-            # shellcheck disable=SC2169
-            # ash supports bash-like string replacment
-            bootif_mac="${bootif_mac//-/:}"
-            for i in /sys/class/net/*/address; do
-                read -r net_mac < "${i}"
-                if [ "${bootif_mac}" = "${net_mac}" ]; then
-                    bootif_dev=${i#/sys/class/net/}
-                    bootif_dev=${bootif_dev%/address}
-                    break
-                fi
-            done
-            if [ "${ip}" = "dhcp" ]; then
-                ip=":::::${bootif_dev}:dhcp"
-            else
-                ip="${ip}::${bootif_dev}"
-            fi
-        fi
-
-        # setup network and save some values
-        if ! ipconfig -t 20 "ip=${ip}"; then
-            echo "ERROR; Failed to configure network"
-            echo "   Falling back to interactive prompt"
-            echo "   You can try to fix the problem manually, log out when you are finished"
-            launch_interactive_shell
-        fi
-
-        # shellcheck disable=SC1090
-        # ipconfig generates these files
-        . /tmp/net-*.conf
-
-        export pxeserver="${ROOTSERVER}"
-
-        # setup DNS resolver
-        if [ "${IPV4DNS0}" != "0.0.0.0" ]; then
-            echo "# added by archiso_pxe_common hook" > /etc/resolv.conf
-            echo "nameserver ${IPV4DNS0}" >> /etc/resolv.conf
-        fi
-        if [ "${IPV4DNS1}" != "0.0.0.0" ]; then
-            echo "nameserver ${IPV4DNS1}" >> /etc/resolv.conf
-        fi
-        if [ -n "${DNSDOMAIN}" ]; then
-            echo "search ${DNSDOMAIN}" >> /etc/resolv.conf
-            echo "domain ${DNSDOMAIN}" >> /etc/resolv.conf
-        fi
-    fi
-}
-
-run_latehook () {
-    if [ -n "${ip}" ]; then
-        [ -z "${copy_resolvconf}" ] && copy_resolvconf="y"
-
-        # shellcheck disable=SC2154
-        # defined via initcpio's parse_cmdline()
-        if [ "${copytoram}" = "y" ]; then
-            if [ -n "${bootif_dev}" ]; then
-                ip addr flush dev "${bootif_dev}"
-                ip link set "${bootif_dev}" down
-            fi
-        elif [ "${copy_resolvconf}" != "n" ] && [ -f /etc/resolv.conf ]; then
-            cp /etc/resolv.conf /new_root/etc/resolv.conf
-        fi
-    fi
-}
-
-# vim: set ft=sh:

archiso/initcpio/hooks/archiso_pxe_http

-#!/bin/ash
-#
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-run_hook() {
-    # shellcheck disable=SC2154
-    # defined via initcpio's parse_cmdline()
-    if [ -n "${ip}" ] && [ -n "${archiso_http_srv}" ]; then
-
-        # booting with http is always copy-to-ram, so set here to make sure
-        # addresses are flushed and interface is set down
-        export copytoram="y"
-
-        archiso_http_srv=$(eval echo "${archiso_http_srv}")
-        [ -z "${archiso_http_spc}" ] && archiso_http_spc="75%"
-
-        export mount_handler="archiso_pxe_http_mount_handler"
-    fi
-}
-
-# Fetch a file with CURL
-#
-# $1 URL
-# $2 Destination directory inside httpspace/${archisobasedir}
-_curl_get() {
-    local _url="${1}"
-    local _dst="${2}"
-
-    msg ":: Downloading '${_url}'"
-    # shellcheck disable=SC2154
-    # defined via initcpio's parse_cmdline()
-    if ! curl -L -f -o "/run/archiso/httpspace/${archisobasedir}${_dst}/${_url##*/}" --create-dirs "${_url}"; then
-        echo "ERROR: Downloading '${_url}'"
-        echo "   Falling back to interactive prompt"
-        echo "   You can try to fix the problem manually, log out when you are finished"
-        launch_interactive_shell
-    fi
-}
-
-archiso_pxe_http_mount_handler () {
-    newroot="${1}"
-
-    msg ":: Mounting /run/archiso/httpspace (tmpfs) filesystem, size='${archiso_http_spc}'"
-    mkdir -p "/run/archiso/httpspace"
-    mount -t tmpfs -o size="${archiso_http_spc}",mode=0755 httpspace "/run/archiso/httpspace"
-
-    # shellcheck disable=SC2154
-    # defined via initcpio's parse_cmdline()
-    _curl_get "${archiso_http_srv}${archisobasedir}/${arch}/airootfs.sfs" "/${arch}"
-
-    # shellcheck disable=SC2154
-    # defined via initcpio's parse_cmdline()
-    if [ "${checksum}" = "y" ]; then
-        _curl_get "${archiso_http_srv}${archisobasedir}/${arch}/airootfs.sha512" "/${arch}"
-    fi
-    # shellcheck disable=SC2154
-    # defined via initcpio's parse_cmdline()
-    if [ "${verify}" = "y" ]; then
-        _curl_get "${archiso_http_srv}${archisobasedir}/${arch}/airootfs.sfs.sig" "/${arch}"
-    fi
-
-    mkdir -p "/run/archiso/bootmnt"
-    mount -o bind /run/archiso/httpspace /run/archiso/bootmnt
-
-    archiso_mount_handler "${newroot}"
-}
-
-# vim: set ft=sh:

archiso/initcpio/hooks/archiso_pxe_nbd

-#!/bin/ash
-#
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-run_earlyhook() {
-    # shellcheck disable=SC2154
-    # defined via initcpio's parse_cmdline()
-    if [ -n "${ip}" ] && [ -n "${archiso_nbd_srv}" ]; then
-        # Module autoloading like with loop devices does not work, doing manually...
-        modprobe nbd 2> /dev/null
-    fi
-}
-
-run_hook() {
-    if [ -n "${ip}" ] && [ -n "${archiso_nbd_srv}" ]; then
-
-        archiso_nbd_srv=$(eval echo "${archiso_nbd_srv}")
-        [ -z "${archiso_nbd_name}" ] && archiso_nbd_name="archiso"
-
-        export mount_handler="archiso_pxe_nbd_mount_handler"
-    fi
-}
-
-archiso_pxe_nbd_mount_handler () {
-    newroot="${1}"
-
-    msg ":: Waiting for boot device..."
-    while ! poll_device /dev/nbd0 30; do
-        echo "ERROR: boot device didn't show up after 30 seconds..."
-        echo "   Falling back to interactive prompt"
-        echo "   You can try to fix the problem manually, log out when you are finished"
-        launch_interactive_shell
-    done
-
-    msg ":: Setup NBD from ${archiso_nbd_srv} at /dev/nbd0"
-    if [ "${copytoram}" != "n" ]; then
-        nbd-client "${archiso_nbd_srv}" -N "${archiso_nbd_name}" /dev/nbd0
-        copytoram="y"
-    else
-        nbd-client "${archiso_nbd_srv}" -N "${archiso_nbd_name}" -systemd-mark -persist /dev/nbd0
-    fi
-
-    export archisodevice=/dev/nbd0
-
-    archiso_mount_handler "${newroot}"
-
-    if [ "${copytoram}" = "y" ]; then
-        msg ":: Disconnect NBD from ${archiso_nbd_srv} at /dev/nbd0"
-        nbd-client -d /dev/nbd0
-    fi
-}
-
-# vim: set ft=sh:

archiso/initcpio/hooks/archiso_pxe_nfs

-#!/bin/ash
-#
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-run_hook() {
-    # shellcheck disable=SC2154
-    # defined via initcpio's parse_cmdline()
-    if [ -n "${ip}" ] && [ -n "${archiso_nfs_srv}" ]; then
-
-        archiso_nfs_srv=$(eval echo "${archiso_nfs_srv}")
-
-        export mount_handler="archiso_nfs_mount_handler"
-    fi
-}
-
-archiso_nfs_mount_handler() {
-    local mount_status
-    newroot="${1}"
-    mkdir -p "/run/archiso/bootmnt"
-    msg ":: Mounting '${archiso_nfs_srv}'"
-    # shellcheck disable=SC2154
-    # defined via initcpio's parse_cmdline()
-    if [ -n "${archiso_nfs_opt}" ]; then
-        nfsmount -o "${archiso_nfs_opt}" "${archiso_nfs_srv}" "/run/archiso/bootmnt"
-        mount_status=$?
-    else
-        nfsmount "${archiso_nfs_srv}" "/run/archiso/bootmnt"
-        mount_status=$?
-    fi
-    if [ $mount_status -gt 0 ]; then
-        echo "ERROR: Mounting '${archiso_nfs_srv}'"
-        echo "   Falling back to interactive prompt"
-        echo "   You can try to fix the problem manually, log out when you are finished"
-        launch_interactive_shell
-    fi
-
-    if [ "${copytoram}" != "n" ]; then
-        copytoram="y"
-    fi
-
-    archiso_mount_handler "${newroot}"
-}
-
-# vim: set ft=sh:

archiso/initcpio/hooks/archiso_shutdown

-#!/bin/ash
-#
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-run_cleanuphook() {
-    rm -rf /usr/lib/modules
-    cp -ax / /run/initramfs
-}
-
-# vim: set ft=sh:

archiso/initcpio/install/archiso

-#!/usr/bin/env bash
-#
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-build() {
-    add_module "cdrom"
-    add_module "loop"
-    add_module "dm-snapshot"
-    add_module "overlay"
-
-    add_runscript
-
-    add_binary /usr/lib/udev/cdrom_id
-    add_binary blockdev
-    add_binary dmsetup
-    add_binary losetup
-    add_binary mountpoint
-    add_binary truncate
-    add_binary gpg
-    add_binary grep
-
-    add_file /usr/lib/udev/rules.d/60-cdrom_id.rules
-    add_file /usr/lib/udev/rules.d/10-dm.rules
-    add_file /usr/lib/udev/rules.d/95-dm-notify.rules
-    add_file /usr/lib/initcpio/udev/11-dm-initramfs.rules /usr/lib/udev/rules.d/11-dm-initramfs.rules
-    if [[ $ARCHISO_GNUPG_FD ]]; then
-        mkdir -m 0700 -- "$BUILDROOT/gpg"
-        gpg --homedir "$BUILDROOT/gpg" --import <& "$ARCHISO_GNUPG_FD"
-    fi
-}

archiso/initcpio/install/archiso_kms

-#!/usr/bin/env bash
-#
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-build() {
-    add_module "amdgpu"
-    add_module "radeon"
-    add_module "nouveau"
-    add_module "i915"
-    add_module "mgag200"
-    add_module "via-agp"
-    add_module "sis-agp"
-    add_module "intel-agp"
-
-    if [[ $(uname -m) == i686 ]]; then
-        add_module "amd64-agp"
-        add_module "ati-agp"
-        add_module "sworks-agp"
-        add_module "ali-agp"
-        add_module "amd-k7-agp"
-        add_module "nvidia-agp"
-        add_module "efficeon-agp"
-    fi
-}
-
-help() {
-    cat << HELPEOF
-Adds all common KMS drivers to the initramfs image.
-HELPEOF
-}