GitLab

Running the whole script as root is excessive and it tremendously complicates signing the Squashfs image with GPG. It would be better to elevate to root only when it is absolutely necessary.

TODO:

• !58 (merged): Add -rational-rock to xorriso command, so that all files in the ISO (in Rock Ridge, not Squashfs) are owned by root and have sane permissions.
• Launch commands that require root privileges using sudo when the script is run as a regular user.

The things that require root are:

• _make_custom_airootfs: file copying to airootfs and chown.
• _make_packages: pacstrap
• _make_customize_airootfs: /etc/skel copying to airootfs and arch-chroot for customize_airootfs.sh.
• _make_pkglist: pacman --sysroot - to generate packages list.
• _make_boot_uefi-x64.systemd-boot.esp: mount - to mount the FAT file system image.
• _cleanup: find ... -delete on airootfs and workdir. Also the printf that creates an empty /etc/machine-id.
• _mkairootfs_ext4+squashfs, _mount_airootfs, _umount_airootfs: mount and chown with airootfs_image_type="ext4+squashfs".
• _run_mksquashfs: mksquashfs - it needs full access to airootfs to create the squashfs image.