archiso merge requestshttps://gitlab.archlinux.org/archlinux/archiso/-/merge_requests2024-03-27T09:18:25Zhttps://gitlab.archlinux.org/archlinux/archiso/-/merge_requests/368.gitignore: add more ignored files2024-03-27T09:18:25Znl6720.gitignore: add more ignored files* more tarball matching,
* `network-config` used by cloud-init,
* anything starting with `codesigning`.* more tarball matching,
* `network-config` used by cloud-init,
* anything starting with `codesigning`.v76nl6720nl6720https://gitlab.archlinux.org/archlinux/archiso/-/merge_requests/367mkarchiso: implement configurable bootstrap tarball compression2024-03-27T09:18:08Znl6720mkarchiso: implement configurable bootstrap tarball compression# mkarchiso: implement configurable bootstrap tarball compression
profiledef.sh gains a new option `bootstrap_tarball_compression` which
is a bash array containing the compression program and its arguments.
Related to https://gitlab.ar...# mkarchiso: implement configurable bootstrap tarball compression
profiledef.sh gains a new option `bootstrap_tarball_compression` which
is a bash array containing the compression program and its arguments.
Related to https://gitlab.archlinux.org/archlinux/archiso/-/issues/130.
# configs/*/profiledef.sh: set bootstrap_tarball_compression
* baseline will use .tar.zst with `zstd -c -T0 --long -19`,
* releng will retain .tar.gz with `gzip -cn9` for now.
This will later be changed as part of https://gitlab.archlinux.org/archlinux/archiso/-/issues/130.v76nl6720nl6720https://gitlab.archlinux.org/archlinux/archiso/-/merge_requests/365mkarchiso: skip including external microcode images if the initramfs file con...2024-03-26T13:21:10Znl6720mkarchiso: skip including external microcode images if the initramfs file contains early_cpioThe early uncompressed CPIO archive containing microcode update files
can be part of the initramfs file. To avoid wasting space, first check
if the initramfs file contains `early_cpio` and only copy external
microcode initramfs images if...The early uncompressed CPIO archive containing microcode update files
can be part of the initramfs file. To avoid wasting space, first check
if the initramfs file contains `early_cpio` and only copy external
microcode initramfs images if it does not.
----
This does not change `airootfs/etc/mkinitcpio.conf.d/archiso.conf` and boot loader configuration. Will still use microcode initramfs images as external files. This will most likely change in the future.v76nl6720nl6720https://gitlab.archlinux.org/archlinux/archiso/-/merge_requests/364Add a graphical environment to releng2024-03-18T06:35:39ZdemonkillerrAdd a graphical environment to relengThis MR aims to work on issue no #170 and #187.
This MR has an additional profile for a graphical environment (`releng-gui`), which adds on `releng` by adding a few other things. These are:
1) The XFCE Desktop Environment
2) `networkman...This MR aims to work on issue no #170 and #187.
This MR has an additional profile for a graphical environment (`releng-gui`), which adds on `releng` by adding a few other things. These are:
1) The XFCE Desktop Environment
2) `networkmanager` and applet (working on some of the things mentioned [here](https://gitlab.archlinux.org/archlinux/archiso/-/issues/187#note_73584)) edit-done
3) A simple script to setup keyboard layouts
4) Firefox to launch installation guide
The total size of the ISO is 1.2GB.https://gitlab.archlinux.org/archlinux/archiso/-/merge_requests/349Draft: mkarchiso: sign the ISO and bootstrap tarball with the codesigning cer...2024-03-17T12:47:56Znl6720Draft: mkarchiso: sign the ISO and bootstrap tarball with the codesigning certificateUse `openssl cms` to sign the ISO and bootstrap tarball after they
are built.
Unlike the signature of the root file system image (airootfs.*.cms.sig),
the signature file will contain the signing certificate. This allows
verifing the sign...Use `openssl cms` to sign the ISO and bootstrap tarball after they
are built.
Unlike the signature of the root file system image (airootfs.*.cms.sig),
the signature file will contain the signing certificate. This allows
verifing the signature without needing to provide the certificate
unless it is a self-signed certificate. Only the ISO or tarball, its
signature and CA certificate are needed. For example:
$ openssl cms -verify -binary -noattr -purpose any -in archlinux-2023.11.21-x86_64.iso.cms.sig -content archlinux-2023.11.21-x86_64.iso -inform DER -out /dev/null -CAfile cacert.pemnl6720nl6720https://gitlab.archlinux.org/archlinux/archiso/-/merge_requests/337Draft: Is there some change upstream would like to see merged?2023-08-28T02:55:50ZTallero TalleroDraft: Is there some change upstream would like to see merged?I would gladly see brought over the new functions organization,
because it makes way easier to add support for new file systems,
new bootmodes, new volumes, new buildmodes.
It still includes code which may be preferable to move to user ...I would gladly see brought over the new functions organization,
because it makes way easier to add support for new file systems,
new bootmodes, new volumes, new buildmodes.
It still includes code which may be preferable to move to user scripts
or to a separate package but I think I am near for a complete merge.
#### Complete features:
- Almost complete code overhaul
- more modular, more easily structured, more easily extendable;
- no code redundancy;
- there are almost no lines over 60 characters;
- the code is now split in sections and every function is
documented;
- backup gitlab.com CI;
- LUKS file system support;
- dongle buildmode, to produce a secure setup when no write-once devices
but two writable devices are available, which is what is common nowadays;
- emergency single device boot from root file system clone on dongle
encrypted recovery partition;
- seamless support (both BIOS and UEFI) for loading initrd and kernel from
progressively less secure sources, in the order:
- encrypted dongle boot partition
- dongle encrypted recovery partition
- unencrypted ISO9660 file system on the dongle ISO
- encrypted boot partition on the install media ISO
- unencrypted ISO9660 file system on the install media ISO
- optional boot passphrase;
- optional persistent storage passphrase.
Chain of trust is guaranteed up to dongle boot loader when booting from
a safe dongle.
#### Features with included incomplete branches
- `ext4+raid+luks` and `erofs+raid+luks` image type to be able to read
the root file system from multiple sources;
- `btrfs` image type to have a compressed file system for read-write
partitions.
- runtime user partition creation.https://gitlab.archlinux.org/archlinux/archiso/-/merge_requests/278Draft: configs/releng: Replace systemd-network with networkmanager2022-09-15T08:19:22ZJan Alexander Steffens (heftig)heftig@archlinux.orgDraft: configs/releng: Replace systemd-network with networkmanagerFixes: https://gitlab.archlinux.org/archlinux/archiso/-/issues/187Fixes: https://gitlab.archlinux.org/archlinux/archiso/-/issues/187nl6720nl6720https://gitlab.archlinux.org/archlinux/archiso/-/merge_requests/220Allow cow_spacesize to be set in profile2022-05-30T11:12:04ZYamada Hayaohayao@fascode.netAllow cow_spacesize to be set in profileAllow cow_spacesize to be specified in profiledef.sh.
This eliminates the need to specify kernel options one at a time.
In the future, I think it would be nice to be able to specify the size as an argument of mkarchiso.
I added a cow...Allow cow_spacesize to be specified in profiledef.sh.
This eliminates the need to specify kernel options one at a time.
In the future, I think it would be nice to be able to specify the size as an argument of mkarchiso.
I added a cow_spacesize variable to mkarchiso and set the default value to 256M.
(This is the value specified by mkinitcpio-archiso.)David RungeDavid Runge