From 818c3e583007a549333151516502906b571c1a45 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 8 Dec 2021 05:00:38 +0000 Subject: [PATCH 001/347] Add support for booting in UEFI 32bit environments --- archiso/mkarchiso | 60 +++++++++++++++++++++++++++---- configs/baseline/efiboot/grub.cfg | 28 +++++++++++++++ configs/baseline/profiledef.sh | 2 +- configs/releng/efiboot/grub.cfg | 43 ++++++++++++++++++++++ configs/releng/profiledef.sh | 2 +- 5 files changed, 126 insertions(+), 9 deletions(-) create mode 100644 configs/baseline/efiboot/grub.cfg create mode 100644 configs/releng/efiboot/grub.cfg diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 4d7b1bc5..e9859d52 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -39,6 +39,7 @@ airootfs_image_tool_options=() cert_list=() sign_netboot_artifacts="" declare -A file_permissions=() +efiboot_files=() # adapted from GRUB_EARLY_INITRD_LINUX_STOCK in https://git.savannah.gnu.org/cgit/grub.git/tree/util/grub-mkconfig.in readonly ucodes=('intel-uc.img' 'intel-ucode.img' 'amd-uc.img' 'amd-ucode.img' 'early_ucode.cpio' 'microcode.cpio') @@ -516,6 +517,38 @@ _make_efibootimg() { mmd -i "${work_dir}/efiboot.img" ::/EFI ::/EFI/BOOT } +_make_bootmode_uefi-ia32.grub.esp() { + # Fill Grub configuration files + sed "s|%ARCHISO_LABEL%|${iso_label}|g; + s|%INSTALL_DIR%|${install_dir}|g; + s|%ARCH%|${arch}|g" \ + "${profile}/efiboot/grub.cfg" > "${work_dir}/grub.cfg" # | mcopy -i "${work_dir}/efiboot.img" - "::/grub.cfg" + # Create EFI file + grub-mkstandalone -d /usr/lib/grub/i386-efi \ + -O i386-efi \ + --modules="part_gpt part_msdos" \ + --locales="en@quot" \ + --themes="" \ + -o "${work_dir}/BOOTIA32.EFI" "boot/grub/grub.cfg=${work_dir}/grub.cfg" + # Add GRUB to the list of files used to calculate the required FAT image size. + efiboot_files+=("${work_dir}/BOOTIA32.EFI") + # Create a FAT image for the EFI system partition + _run_once _make_bootmode_uefi-x64.systemd-boot.esp + # Copy grub EFI binary to the default/fallback boot path + mcopy -i "${work_dir}/efiboot.img" \ + "${work_dir}/BOOTIA32.EFI" ::/EFI/BOOT/BOOTIA32.EFI + + # Additionally set up system-boot in ISO 9660. This allows creating a medium for the live environment by using + # manual partitioning and simply copying the ISO 9660 file system contents. + # This is not related to El Torito booting and no firmware uses these files. + _msg_info "Preparing an /EFI directory for the ISO 9660 file system..." + install -d -m 0755 -- "${isofs_dir}/EFI/BOOT" + + # Copy GRUB EFI binary to the default/fallback boot path + install -m 0644 -- "${work_dir}/BOOTIA32.EFI" \ + "${isofs_dir}/EFI/BOOT/BOOTIA32.EFI" +} + # Prepare system-boot for booting when written to a disk (isohybrid) _make_bootmode_uefi-x64.systemd-boot.esp() { local _file efiboot_imgsize @@ -528,13 +561,13 @@ _make_bootmode_uefi-x64.systemd-boot.esp() { fi done # Calculate the required FAT image size in bytes - efiboot_imgsize="$(du -bc \ - "${pacstrap_dir}/usr/lib/systemd/boot/efi/systemd-bootx64.efi" \ - "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" \ - "${profile}/efiboot/" \ - "${pacstrap_dir}/boot/vmlinuz-"* \ - "${pacstrap_dir}/boot/initramfs-"*".img" \ - "${_available_ucodes[@]}" \ + efiboot_files+=("${pacstrap_dir}/usr/lib/systemd/boot/efi/systemd-bootx64.efi" + "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" + "${profile}/efiboot/" + "${pacstrap_dir}/boot/vmlinuz-"* + "${pacstrap_dir}/boot/initramfs-"*".img" + "${_available_ucodes[@]}") + efiboot_imgsize="$(du -bc "${efiboot_files[@]}" \ 2>/dev/null | awk 'END { print $1 }')" # Create a FAT image for the EFI system partition _make_efibootimg "$efiboot_imgsize" @@ -688,6 +721,19 @@ _validate_requirements_bootmode_uefi-x64.systemd-boot.eltorito() { _validate_requirements_bootmode_uefi-x64.systemd-boot.esp } +_validate_requirements_bootmode_uefi-ia32.grub.esp() { + if [[ ! " ${bootmodes[*]} " =~ uefi-x64.systemd-boot.esp ]]; then + (( validation_error=validation_error+1 )) + _msg_error "Using 'uefi-ia32.grub.esp' boot mode without 'uefi-x64.systemd-boot.esp' is not supported." 0 + fi + # Check if GRUB is available + if ! command -v grub-install &> /dev/null; then + (( validation_error=validation_error+1 )) + _msg_error "Validating '${bootmode}': grub-install is not available on this host. Install 'grub'!" 0 + fi + _validate_requirements_bootmode_uefi-x64.systemd-boot.esp +} + # Build airootfs filesystem image _prepare_airootfs_image() { _run_once "_mkairootfs_${airootfs_image_type}" diff --git a/configs/baseline/efiboot/grub.cfg b/configs/baseline/efiboot/grub.cfg new file mode 100644 index 00000000..d3a47799 --- /dev/null +++ b/configs/baseline/efiboot/grub.cfg @@ -0,0 +1,28 @@ +insmod part_gpt +insmod part_msdos +insmod fat + +insmod all_video + +insmod font + +if loadfont "${prefix}/fonts/unicode.pf2" ; then + insmod gfxterm + set gfxmode="1024x768x32;auto" + terminal_input console + terminal_output gfxterm +fi + +menuentry "Arch Linux (x86_64, UEFI)" { + set gfxpayload=keep + search --no-floppy --set=root --label %ARCHISO_LABEL% + linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% add_efi_memmap + initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img +} + +menuentry "Arch Linux (x86_64, UEFI) Copy to RAM" { + set gfxpayload=keep + search --no-floppy --set=root --label %ARCHISO_LABEL% + linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% add_efi_memmap copytoram + initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img +} diff --git a/configs/baseline/profiledef.sh b/configs/baseline/profiledef.sh index d3765166..93740850 100644 --- a/configs/baseline/profiledef.sh +++ b/configs/baseline/profiledef.sh @@ -8,7 +8,7 @@ iso_application="Arch Linux baseline" iso_version="$(date +%Y.%m.%d)" install_dir="arch" buildmodes=('iso') -bootmodes=('bios.syslinux.mbr' 'bios.syslinux.eltorito' 'uefi-x64.systemd-boot.esp' 'uefi-x64.systemd-boot.eltorito') +bootmodes=('bios.syslinux.mbr' 'bios.syslinux.eltorito' 'uefi-ia32.grub.esp' 'uefi-x64.systemd-boot.esp' 'uefi-x64.systemd-boot.eltorito') arch="x86_64" pacman_conf="pacman.conf" airootfs_image_type="erofs" diff --git a/configs/releng/efiboot/grub.cfg b/configs/releng/efiboot/grub.cfg new file mode 100644 index 00000000..c36fb298 --- /dev/null +++ b/configs/releng/efiboot/grub.cfg @@ -0,0 +1,43 @@ +insmod part_gpt +insmod part_msdos +insmod fat + +insmod all_video + +insmod font + +if loadfont "${prefix}/fonts/unicode.pf2" ; then + insmod gfxterm + set gfxmode="1024x768x32;auto" + terminal_input console + terminal_output gfxterm +fi + +menuentry "Arch Linux install medium (x86_64, Intel, UEFI)" { + set gfxpayload=keep + search --no-floppy --set=root --label %ARCHISO_LABEL% + linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% add_efi_memmap + initrd /%INSTALL_DIR%/boot/intel-ucode.img /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img +} + +menuentry "Arch Linux install medium (x86_64, AMD, UEFI)" { + set gfxpayload=keep + search --no-floppy --set=root --label %ARCHISO_LABEL% + linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% add_efi_memmap + initrd /%INSTALL_DIR%/boot/amd-ucode.img /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img +} + +menuentry "Arch Linux install medium with speakup screen reader (x86_64, Intel, UEFI)" { + set gfxpayload=keep + search --no-floppy --set=root --label %ARCHISO_LABEL% + linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% add_efi_memmap accessibility=on + initrd /%INSTALL_DIR%/boot/intel-ucode.img /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img +} + +menuentry "Arch Linux install medium with speakup screen reader (x86_64, AMD, UEFI)" { + set gfxpayload=keep + search --no-floppy --set=root --label %ARCHISO_LABEL% + linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% add_efi_memmap accessibility=on + initrd /%INSTALL_DIR%/boot/amd-ucode.img /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img +} + diff --git a/configs/releng/profiledef.sh b/configs/releng/profiledef.sh index 5feb205c..d01aad14 100644 --- a/configs/releng/profiledef.sh +++ b/configs/releng/profiledef.sh @@ -8,7 +8,7 @@ iso_application="Arch Linux Live/Rescue CD" iso_version="$(date +%Y.%m.%d)" install_dir="arch" buildmodes=('iso') -bootmodes=('bios.syslinux.mbr' 'bios.syslinux.eltorito' 'uefi-x64.systemd-boot.esp' 'uefi-x64.systemd-boot.eltorito') +bootmodes=('bios.syslinux.mbr' 'bios.syslinux.eltorito' 'uefi-ia32.grub.esp' 'uefi-x64.systemd-boot.esp' 'uefi-x64.systemd-boot.eltorito') arch="x86_64" pacman_conf="pacman.conf" airootfs_image_type="squashfs" -- GitLab From 94a5977f432e85e4247d51d57564caf113dc80ef Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 8 Dec 2021 06:52:52 +0000 Subject: [PATCH 002/347] Add option to build encrypted isos --- archiso/mkarchiso | 32 ++- configs/baseline/packages.x86_64 | 1 + configs/baseline/profiledef.sh | 1 + configs/encrypted/airootfs/etc/hostname | 1 + configs/encrypted/airootfs/etc/locale.conf | 1 + configs/encrypted/airootfs/etc/localtime | 1 + .../encrypted/airootfs/etc/mkinitcpio.conf | 67 +++++ .../airootfs/etc/mkinitcpio.d/linux.preset | 8 + .../airootfs/etc/modprobe.d/broadcom-wl.conf | 7 + configs/encrypted/airootfs/etc/motd | 10 + .../etc/pacman.d/hooks/40-locale-gen.hook | 13 + .../etc/pacman.d/hooks/uncomment-mirrors.hook | 13 + ...z99-remove-custom-hooks-from-airootfs.hook | 18 ++ configs/encrypted/airootfs/etc/passwd | 1 + configs/encrypted/airootfs/etc/resolv.conf | 1 + configs/encrypted/airootfs/etc/shadow | 1 + .../encrypted/airootfs/etc/ssh/sshd_config | 116 ++++++++ .../journald.conf.d/volatile-storage.conf | 2 + .../systemd/logind.conf.d/do-not-suspend.conf | 4 + .../etc/systemd/network/20-ethernet.network | 18 ++ .../etc/systemd/network/20-wlan.network | 17 ++ .../etc/systemd/network/20-wwan.network | 17 ++ .../etc/systemd/system/choose-mirror.service | 10 + .../cloud-config.service | 1 + .../cloud-final.service | 1 + .../cloud-init-local.service | 1 + .../cloud-init.service | 1 + ...dbus-org.freedesktop.ModemManager1.service | 1 + .../dbus-org.freedesktop.network1.service | 1 + .../dbus-org.freedesktop.resolve1.service | 1 + .../systemd/system/etc-pacman.d-gnupg.mount | 8 + .../getty@tty1.service.d/autologin.conf | 3 + .../system/livecd-alsa-unmuter.service | 13 + .../etc/systemd/system/livecd-talk.service | 20 ++ .../ModemManager.service | 1 + .../choose-mirror.service | 1 + .../multi-user.target.wants/iwd.service | 1 + .../livecd-talk.service | 1 + .../pacman-init.service | 1 + .../qemu-guest-agent.service | 1 + .../multi-user.target.wants/reflector.service | 1 + .../multi-user.target.wants/sshd.service | 1 + .../systemd-networkd.service | 1 + .../systemd-resolved.service | 1 + .../vboxservice.service | 1 + .../systemd-networkd-wait-online.service | 1 + .../etc/systemd/system/pacman-init.service | 13 + .../system/reflector.service.d/archiso.conf | 6 + .../systemd-networkd.socket | 1 + .../livecd-alsa-unmuter.service | 1 + .../wait-for-only-one-interface.conf | 6 + .../airootfs/etc/xdg/reflector/reflector.conf | 6 + .../airootfs/root/.automated_script.sh | 34 +++ configs/encrypted/airootfs/root/.zlogin | 6 + .../airootfs/usr/local/bin/Installation_guide | 5 + .../airootfs/usr/local/bin/choose-mirror | 28 ++ .../airootfs/usr/local/bin/livecd-sound | 248 ++++++++++++++++++ .../local/share/livecd-sound/asound.conf.in | 3 + configs/encrypted/bootstrap_packages.x86_64 | 2 + configs/encrypted/efiboot/grub.cfg | 43 +++ .../entries/01-archiso-x86_64-linux.conf | 6 + .../02-archiso-x86_64-speech-linux.conf | 6 + .../entries/03-archiso-x86_64-ram-linux.conf | 6 + configs/encrypted/efiboot/loader/loader.conf | 2 + configs/encrypted/packages.x86_64 | 120 +++++++++ configs/encrypted/pacman.conf | 101 +++++++ configs/encrypted/profiledef.sh | 24 ++ configs/encrypted/syslinux/archiso_head.cfg | 28 ++ .../encrypted/syslinux/archiso_pxe-linux.cfg | 32 +++ configs/encrypted/syslinux/archiso_pxe.cfg | 5 + .../encrypted/syslinux/archiso_sys-linux.cfg | 31 +++ configs/encrypted/syslinux/archiso_sys.cfg | 8 + configs/encrypted/syslinux/archiso_tail.cfg | 35 +++ configs/encrypted/syslinux/splash.png | Bin 0 -> 45400 bytes configs/encrypted/syslinux/syslinux.cfg | 11 + configs/releng/profiledef.sh | 1 + 76 files changed, 1239 insertions(+), 2 deletions(-) create mode 100644 configs/encrypted/airootfs/etc/hostname create mode 100644 configs/encrypted/airootfs/etc/locale.conf create mode 120000 configs/encrypted/airootfs/etc/localtime create mode 100644 configs/encrypted/airootfs/etc/mkinitcpio.conf create mode 100644 configs/encrypted/airootfs/etc/mkinitcpio.d/linux.preset create mode 100644 configs/encrypted/airootfs/etc/modprobe.d/broadcom-wl.conf create mode 100644 configs/encrypted/airootfs/etc/motd create mode 100644 configs/encrypted/airootfs/etc/pacman.d/hooks/40-locale-gen.hook create mode 100644 configs/encrypted/airootfs/etc/pacman.d/hooks/uncomment-mirrors.hook create mode 100644 configs/encrypted/airootfs/etc/pacman.d/hooks/zzzz99-remove-custom-hooks-from-airootfs.hook create mode 100644 configs/encrypted/airootfs/etc/passwd create mode 120000 configs/encrypted/airootfs/etc/resolv.conf create mode 100644 configs/encrypted/airootfs/etc/shadow create mode 100644 configs/encrypted/airootfs/etc/ssh/sshd_config create mode 100644 configs/encrypted/airootfs/etc/systemd/journald.conf.d/volatile-storage.conf create mode 100644 configs/encrypted/airootfs/etc/systemd/logind.conf.d/do-not-suspend.conf create mode 100644 configs/encrypted/airootfs/etc/systemd/network/20-ethernet.network create mode 100644 configs/encrypted/airootfs/etc/systemd/network/20-wlan.network create mode 100644 configs/encrypted/airootfs/etc/systemd/network/20-wwan.network create mode 100644 configs/encrypted/airootfs/etc/systemd/system/choose-mirror.service create mode 120000 configs/encrypted/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-config.service create mode 120000 configs/encrypted/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-final.service create mode 120000 configs/encrypted/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-init-local.service create mode 120000 configs/encrypted/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-init.service create mode 120000 configs/encrypted/airootfs/etc/systemd/system/dbus-org.freedesktop.ModemManager1.service create mode 120000 configs/encrypted/airootfs/etc/systemd/system/dbus-org.freedesktop.network1.service create mode 120000 configs/encrypted/airootfs/etc/systemd/system/dbus-org.freedesktop.resolve1.service create mode 100644 configs/encrypted/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount create mode 100644 configs/encrypted/airootfs/etc/systemd/system/getty@tty1.service.d/autologin.conf create mode 100644 configs/encrypted/airootfs/etc/systemd/system/livecd-alsa-unmuter.service create mode 100644 configs/encrypted/airootfs/etc/systemd/system/livecd-talk.service create mode 120000 configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/ModemManager.service create mode 120000 configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/choose-mirror.service create mode 120000 configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/iwd.service create mode 120000 configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/livecd-talk.service create mode 120000 configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/pacman-init.service create mode 120000 configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/qemu-guest-agent.service create mode 120000 configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/reflector.service create mode 120000 configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/sshd.service create mode 120000 configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/systemd-networkd.service create mode 120000 configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/systemd-resolved.service create mode 120000 configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/vboxservice.service create mode 120000 configs/encrypted/airootfs/etc/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service create mode 100644 configs/encrypted/airootfs/etc/systemd/system/pacman-init.service create mode 100644 configs/encrypted/airootfs/etc/systemd/system/reflector.service.d/archiso.conf create mode 120000 configs/encrypted/airootfs/etc/systemd/system/sockets.target.wants/systemd-networkd.socket create mode 120000 configs/encrypted/airootfs/etc/systemd/system/sound.target.wants/livecd-alsa-unmuter.service create mode 100644 configs/encrypted/airootfs/etc/systemd/system/systemd-networkd-wait-online.service.d/wait-for-only-one-interface.conf create mode 100644 configs/encrypted/airootfs/etc/xdg/reflector/reflector.conf create mode 100755 configs/encrypted/airootfs/root/.automated_script.sh create mode 100644 configs/encrypted/airootfs/root/.zlogin create mode 100755 configs/encrypted/airootfs/usr/local/bin/Installation_guide create mode 100755 configs/encrypted/airootfs/usr/local/bin/choose-mirror create mode 100755 configs/encrypted/airootfs/usr/local/bin/livecd-sound create mode 100644 configs/encrypted/airootfs/usr/local/share/livecd-sound/asound.conf.in create mode 100644 configs/encrypted/bootstrap_packages.x86_64 create mode 100644 configs/encrypted/efiboot/grub.cfg create mode 100644 configs/encrypted/efiboot/loader/entries/01-archiso-x86_64-linux.conf create mode 100644 configs/encrypted/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf create mode 100644 configs/encrypted/efiboot/loader/entries/03-archiso-x86_64-ram-linux.conf create mode 100644 configs/encrypted/efiboot/loader/loader.conf create mode 100644 configs/encrypted/packages.x86_64 create mode 100644 configs/encrypted/pacman.conf create mode 100644 configs/encrypted/profiledef.sh create mode 100644 configs/encrypted/syslinux/archiso_head.cfg create mode 100644 configs/encrypted/syslinux/archiso_pxe-linux.cfg create mode 100644 configs/encrypted/syslinux/archiso_pxe.cfg create mode 100644 configs/encrypted/syslinux/archiso_sys-linux.cfg create mode 100644 configs/encrypted/syslinux/archiso_sys.cfg create mode 100644 configs/encrypted/syslinux/archiso_tail.cfg create mode 100644 configs/encrypted/syslinux/splash.png create mode 100644 configs/encrypted/syslinux/syslinux.cfg diff --git a/archiso/mkarchiso b/archiso/mkarchiso index e9859d52..8d7208af 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -40,6 +40,7 @@ cert_list=() sign_netboot_artifacts="" declare -A file_permissions=() efiboot_files=() +encryption="" # adapted from GRUB_EARLY_INITRD_LINUX_STOCK in https://git.savannah.gnu.org/cgit/grub.git/tree/util/grub-mkconfig.in readonly ucodes=('intel-uc.img' 'intel-ucode.img' 'amd-uc.img' 'amd-ucode.img' 'early_ucode.cpio' 'microcode.cpio') @@ -214,7 +215,7 @@ _mkairootfs_squashfs() { # Create an EROFS image containing the root file system and saves it on the ISO 9660 file system. _mkairootfs_erofs() { - local fsuuid mkfs_erofs_options=() + local fsuuid mkfs_erofs_options=() image_device="${image_path}" [[ -e "${pacstrap_dir}" ]] || _msg_error "The path '${pacstrap_dir}' does not exist" 1 install -d -m 0755 -- "${isofs_dir}/${install_dir}/${arch}" @@ -223,9 +224,27 @@ _mkairootfs_erofs() { [[ ! "${quiet}" == "y" ]] || mkfs_erofs_options+=('--quiet') # Generate reproducible file system UUID from SOURCE_DATE_EPOCH fsuuid="$(uuidgen --sha1 --namespace 93a870ff-8565-4cf3-a67b-f47299271a96 --name "${SOURCE_DATE_EPOCH}")" + + if [[ $encryption = "true" ]]; then + pacstrap_size=$(du -s "${pacstrap_dir}" | cut -f 1) + image_size=$((pacstrap_size+200000)) + _msg_info "Encryption with cryptsetup (${image_size}KB)" + notify-send "mkarchiso" "LUKS encryption prompt" + fallocate -l "${image_size}K" "${image_path}" + cryptsetup -y luksFormat "${image_path}" + cryptsetup luksOpen "${image_path}" "archiso_mapper" + image_device="/dev/mapper/archiso_mapper" + fi mkfs_erofs_options+=('-U' "${fsuuid}" "${airootfs_image_tool_options[@]}") _msg_info "Creating EROFS image, this may take some time..." - mkfs.erofs "${mkfs_erofs_options[@]}" -- "${image_path}" "${pacstrap_dir}" + mkfs.erofs "${mkfs_erofs_options[@]}" -- "${image_device}" "${pacstrap_dir}" + if [[ $encryption = "true" ]]; then + cryptsetup luksClose "archiso_mapper" + if [ -f "/dev/mapper/archiso_mapper" ]; then + dmsetup remove "archiso_mapper" + fi + sync + fi _msg_info "Done!" } @@ -1134,6 +1153,15 @@ _validate_options() { fi done + # Check if the cryptsetup-encryption package is in the package list + # shellcheck disable=SC2076 + if [[ $encryption = "true" ]]; then + if [[ ! " ${pkg_list[*]} " =~ ' cryptsetup-encryption ' ]]; then + (( validation_error=validation_error+1 )) + _msg_error "Validating '${bootmode}': The 'cryptsetup-encryption' package is missing from the package list!" 0 + fi + fi + if (( validation_error )); then _msg_error "${validation_error} errors were encountered while validating the profile. Aborting." 1 fi diff --git a/configs/baseline/packages.x86_64 b/configs/baseline/packages.x86_64 index 0a641204..f51622ea 100644 --- a/configs/baseline/packages.x86_64 +++ b/configs/baseline/packages.x86_64 @@ -1,5 +1,6 @@ base cloud-init +cryptsetup-encryption linux mkinitcpio mkinitcpio-archiso diff --git a/configs/baseline/profiledef.sh b/configs/baseline/profiledef.sh index 93740850..b366d0e3 100644 --- a/configs/baseline/profiledef.sh +++ b/configs/baseline/profiledef.sh @@ -13,6 +13,7 @@ arch="x86_64" pacman_conf="pacman.conf" airootfs_image_type="erofs" airootfs_image_tool_options=('-zlz4hc,12') +encryption="false" file_permissions=( ["/etc/shadow"]="0:0:400" ) diff --git a/configs/encrypted/airootfs/etc/hostname b/configs/encrypted/airootfs/etc/hostname new file mode 100644 index 00000000..2dbe21eb --- /dev/null +++ b/configs/encrypted/airootfs/etc/hostname @@ -0,0 +1 @@ +archiso diff --git a/configs/encrypted/airootfs/etc/locale.conf b/configs/encrypted/airootfs/etc/locale.conf new file mode 100644 index 00000000..01ec548f --- /dev/null +++ b/configs/encrypted/airootfs/etc/locale.conf @@ -0,0 +1 @@ +LANG=en_US.UTF-8 diff --git a/configs/encrypted/airootfs/etc/localtime b/configs/encrypted/airootfs/etc/localtime new file mode 120000 index 00000000..0e35b576 --- /dev/null +++ b/configs/encrypted/airootfs/etc/localtime @@ -0,0 +1 @@ +/usr/share/zoneinfo/UTC \ No newline at end of file diff --git a/configs/encrypted/airootfs/etc/mkinitcpio.conf b/configs/encrypted/airootfs/etc/mkinitcpio.conf new file mode 100644 index 00000000..399901d2 --- /dev/null +++ b/configs/encrypted/airootfs/etc/mkinitcpio.conf @@ -0,0 +1,67 @@ +# vim:set ft=sh +# MODULES +# The following modules are loaded before any boot hooks are +# run. Advanced users may wish to specify all system modules +# in this array. For instance: +# MODULES=(piix ide_disk reiserfs) +MODULES=() + +# BINARIES +# This setting includes any additional binaries a given user may +# wish into the CPIO image. This is run last, so it may be used to +# override the actual binaries included by a given hook +# BINARIES are dependency parsed, so you may safely ignore libraries +BINARIES=() + +# FILES +# This setting is similar to BINARIES above, however, files are added +# as-is and are not parsed in any way. This is useful for config files. +FILES=() + +# HOOKS +# This is the most important setting in this file. The HOOKS control the +# modules and scripts added to the image, and what happens at boot time. +# Order is important, and it is recommended that you do not change the +# order in which HOOKS are added. Run 'mkinitcpio -H ' for +# help on a given hook. +# 'base' is _required_ unless you know precisely what you are doing. +# 'udev' is _required_ in order to automatically load modules +# 'filesystems' is _required_ unless you specify your fs modules in MODULES +# Examples: +## This setup specifies all modules in the MODULES setting above. +## No raid, lvm2, or encrypted root is needed. +# HOOKS=(base) +# +## This setup will autodetect all modules for your system and should +## work as a sane default +# HOOKS=(base udev autodetect block filesystems) +# +## This setup will generate a 'full' image which supports most systems. +## No autodetection is done. +# HOOKS=(base udev block filesystems) +# +## This setup assembles a pata mdadm array with an encrypted root FS. +## Note: See 'mkinitcpio -H mdadm' for more information on raid devices. +# HOOKS=(base udev block mdadm encrypt filesystems) +# +## This setup loads an lvm2 volume group on a usb device. +# HOOKS=(base udev block lvm2 filesystems) +# +## NOTE: If you have /usr on a separate partition, you MUST include the +# usr, fsck and shutdown hooks. +HOOKS=(base udev modconf keymap keyboard memdisk archiso_shutdown encrypt archiso_loop_mnt archiso_pxe_common archiso_pxe_nbd archiso_pxe_http archiso_pxe_nfs archiso_kms block filesystems) + +# COMPRESSION +# Use this to compress the initramfs image. By default, gzip compression +# is used. Use 'cat' to create an uncompressed image. +#COMPRESSION="gzip" +#COMPRESSION="bzip2" +#COMPRESSION="lzma" +COMPRESSION="xz" +#COMPRESSION="lzop" +#COMPRESSION="lz4" +#COMPRESSION="zstd" + +# COMPRESSION_OPTIONS +# Additional options for the compressor +#COMPRESSION_OPTIONS=() diff --git a/configs/encrypted/airootfs/etc/mkinitcpio.d/linux.preset b/configs/encrypted/airootfs/etc/mkinitcpio.d/linux.preset new file mode 100644 index 00000000..9f67184a --- /dev/null +++ b/configs/encrypted/airootfs/etc/mkinitcpio.d/linux.preset @@ -0,0 +1,8 @@ +# mkinitcpio preset file for the 'linux' package on archiso + +PRESETS=('archiso') + +ALL_kver='/boot/vmlinuz-linux' +ALL_config='/etc/mkinitcpio.conf' + +archiso_image="/boot/initramfs-linux.img" diff --git a/configs/encrypted/airootfs/etc/modprobe.d/broadcom-wl.conf b/configs/encrypted/airootfs/etc/modprobe.d/broadcom-wl.conf new file mode 100644 index 00000000..0eae70c9 --- /dev/null +++ b/configs/encrypted/airootfs/etc/modprobe.d/broadcom-wl.conf @@ -0,0 +1,7 @@ +# The broadcom-wl package requires some modules to be disabled in order to use +# wl. Since the ISO image needs to cover many hardware cases, this file +# overrides the default blacklist in /usr/lib/modprobe.d/ +# +# If you need to use wl, you may need to delete this file, then `rmmod` any +# already-loaded modules that are now blacklisted before proceeding to modprobe +# wl itself. diff --git a/configs/encrypted/airootfs/etc/motd b/configs/encrypted/airootfs/etc/motd new file mode 100644 index 00000000..1ddc9c3e --- /dev/null +++ b/configs/encrypted/airootfs/etc/motd @@ -0,0 +1,10 @@ +To install Arch Linux follow the installation guide: +https://wiki.archlinux.org/title/Installation_guide + +For Wi-Fi, authenticate to the wireless network using the iwctl utility. +For mobile broadband (WWAN) modems, connect with the mmcli utility. +Ethernet, WLAN and WWAN interfaces using DHCP should work automatically. + +After connecting to the internet, the installation guide can be accessed +via the convenience script Installation_guide. + diff --git a/configs/encrypted/airootfs/etc/pacman.d/hooks/40-locale-gen.hook b/configs/encrypted/airootfs/etc/pacman.d/hooks/40-locale-gen.hook new file mode 100644 index 00000000..82dd1994 --- /dev/null +++ b/configs/encrypted/airootfs/etc/pacman.d/hooks/40-locale-gen.hook @@ -0,0 +1,13 @@ +# remove from airootfs! +[Trigger] +Operation = Install +Type = Package +Target = glibc + +[Action] +Description = Uncommenting en_US.UTF-8 locale and running locale-gen... +When = PostTransaction +Depends = glibc +Depends = sed +Depends = sh +Exec = /bin/sh -c "sed -i 's/#\(en_US\.UTF-8\)/\1/' /etc/locale.gen && locale-gen" diff --git a/configs/encrypted/airootfs/etc/pacman.d/hooks/uncomment-mirrors.hook b/configs/encrypted/airootfs/etc/pacman.d/hooks/uncomment-mirrors.hook new file mode 100644 index 00000000..342aa95b --- /dev/null +++ b/configs/encrypted/airootfs/etc/pacman.d/hooks/uncomment-mirrors.hook @@ -0,0 +1,13 @@ +# remove from airootfs! +[Trigger] +Operation = Install +Operation = Upgrade +Type = Package +Target = pacman-mirrorlist + +[Action] +Description = Uncommenting all mirrors in /etc/pacman.d/mirrorlist... +When = PostTransaction +Depends = pacman-mirrorlist +Depends = sed +Exec = /usr/bin/sed -i "s/#Server/Server/g" /etc/pacman.d/mirrorlist diff --git a/configs/encrypted/airootfs/etc/pacman.d/hooks/zzzz99-remove-custom-hooks-from-airootfs.hook b/configs/encrypted/airootfs/etc/pacman.d/hooks/zzzz99-remove-custom-hooks-from-airootfs.hook new file mode 100644 index 00000000..8dfb9435 --- /dev/null +++ b/configs/encrypted/airootfs/etc/pacman.d/hooks/zzzz99-remove-custom-hooks-from-airootfs.hook @@ -0,0 +1,18 @@ +# remove from airootfs! +# As a workaround for https://bugs.archlinux.org/task/49347 , remove pacman hooks specific to the ISO build process. +# If not, they would be used when pacstrap is run in the live environment. + +[Trigger] +Operation = Install +Operation = Upgrade +Operation = Remove +Type = Package +Target = * + +[Action] +Description = Work around FS#49347 by removing custom pacman hooks that are only required during ISO build... +When = PostTransaction +Depends = sh +Depends = coreutils +Depends = grep +Exec = /bin/sh -c "rm -- $(grep -Frl 'remove from airootfs' /etc/pacman.d/hooks/)" diff --git a/configs/encrypted/airootfs/etc/passwd b/configs/encrypted/airootfs/etc/passwd new file mode 100644 index 00000000..2807d5d6 --- /dev/null +++ b/configs/encrypted/airootfs/etc/passwd @@ -0,0 +1 @@ +root:x:0:0:root:/root:/usr/bin/zsh diff --git a/configs/encrypted/airootfs/etc/resolv.conf b/configs/encrypted/airootfs/etc/resolv.conf new file mode 120000 index 00000000..36396629 --- /dev/null +++ b/configs/encrypted/airootfs/etc/resolv.conf @@ -0,0 +1 @@ +/run/systemd/resolve/stub-resolv.conf \ No newline at end of file diff --git a/configs/encrypted/airootfs/etc/shadow b/configs/encrypted/airootfs/etc/shadow new file mode 100644 index 00000000..7edfd69b --- /dev/null +++ b/configs/encrypted/airootfs/etc/shadow @@ -0,0 +1 @@ +root::14871:::::: diff --git a/configs/encrypted/airootfs/etc/ssh/sshd_config b/configs/encrypted/airootfs/etc/ssh/sshd_config new file mode 100644 index 00000000..93f7d63a --- /dev/null +++ b/configs/encrypted/airootfs/etc/ssh/sshd_config @@ -0,0 +1,116 @@ +# $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/bin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options override the +# default value. + +#Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key +#HostKey /etc/ssh/ssh_host_ed25519_key + +# Ciphers and keying +#RekeyLimit default none + +# Logging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +PermitRootLogin yes +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#PubkeyAuthentication yes + +# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 +# but this is overridden so installations will only check .ssh/authorized_keys +AuthorizedKeysFile .ssh/authorized_keys + +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +#PermitEmptyPasswords no + +# Change to no to disable s/key passwords +#KbdInteractiveAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the KbdInteractiveAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via KbdInteractiveAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and KbdInteractiveAuthentication to 'no'. +UsePAM yes + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +#X11Forwarding no +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PermitTTY yes +PrintMotd no # pam does that +#PrintLastLog yes +#TCPKeepAlive yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS no +#PidFile /run/sshd.pid +#MaxStartups 10:30:100 +#PermitTunnel no +#ChrootDirectory none +#VersionAddendum none + +# no default banner path +#Banner none + +# override default of no subsystems +Subsystem sftp /usr/lib/ssh/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# PermitTTY no +# ForceCommand cvs server diff --git a/configs/encrypted/airootfs/etc/systemd/journald.conf.d/volatile-storage.conf b/configs/encrypted/airootfs/etc/systemd/journald.conf.d/volatile-storage.conf new file mode 100644 index 00000000..b69850df --- /dev/null +++ b/configs/encrypted/airootfs/etc/systemd/journald.conf.d/volatile-storage.conf @@ -0,0 +1,2 @@ +[Journal] +Storage=volatile diff --git a/configs/encrypted/airootfs/etc/systemd/logind.conf.d/do-not-suspend.conf b/configs/encrypted/airootfs/etc/systemd/logind.conf.d/do-not-suspend.conf new file mode 100644 index 00000000..f3ecb393 --- /dev/null +++ b/configs/encrypted/airootfs/etc/systemd/logind.conf.d/do-not-suspend.conf @@ -0,0 +1,4 @@ +[Login] +HandleSuspendKey=ignore +HandleHibernateKey=ignore +HandleLidSwitch=ignore diff --git a/configs/encrypted/airootfs/etc/systemd/network/20-ethernet.network b/configs/encrypted/airootfs/etc/systemd/network/20-ethernet.network new file mode 100644 index 00000000..f2a7d602 --- /dev/null +++ b/configs/encrypted/airootfs/etc/systemd/network/20-ethernet.network @@ -0,0 +1,18 @@ +[Match] +Name=en* +Name=eth* + +[Network] +DHCP=yes +IPv6PrivacyExtensions=yes + +# systemd-networkd does not set per-interface-type default route metrics +# https://github.com/systemd/systemd/issues/17698 +# Explicitly set route metric, so that Ethernet is preferred over Wi-Fi and Wi-Fi is preferred over mobile broadband. +# Use values from NetworkManager. From nm_device_get_route_metric_default in +# https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/main/src/core/devices/nm-device.c +[DHCPv4] +RouteMetric=100 + +[IPv6AcceptRA] +RouteMetric=100 diff --git a/configs/encrypted/airootfs/etc/systemd/network/20-wlan.network b/configs/encrypted/airootfs/etc/systemd/network/20-wlan.network new file mode 100644 index 00000000..601d5b8f --- /dev/null +++ b/configs/encrypted/airootfs/etc/systemd/network/20-wlan.network @@ -0,0 +1,17 @@ +[Match] +Name=wl* + +[Network] +DHCP=yes +IPv6PrivacyExtensions=yes + +# systemd-networkd does not set per-interface-type default route metrics +# https://github.com/systemd/systemd/issues/17698 +# Explicitly set route metric, so that Ethernet is preferred over Wi-Fi and Wi-Fi is preferred over mobile broadband. +# Use values from NetworkManager. From nm_device_get_route_metric_default in +# https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/main/src/core/devices/nm-device.c +[DHCPv4] +RouteMetric=600 + +[IPv6AcceptRA] +RouteMetric=600 diff --git a/configs/encrypted/airootfs/etc/systemd/network/20-wwan.network b/configs/encrypted/airootfs/etc/systemd/network/20-wwan.network new file mode 100644 index 00000000..9104c243 --- /dev/null +++ b/configs/encrypted/airootfs/etc/systemd/network/20-wwan.network @@ -0,0 +1,17 @@ +[Match] +Name=ww* + +[Network] +DHCP=yes +IPv6PrivacyExtensions=yes + +# systemd-networkd does not set per-interface-type default route metrics +# https://github.com/systemd/systemd/issues/17698 +# Explicitly set route metric, so that Ethernet is preferred over Wi-Fi and Wi-Fi is preferred over mobile broadband. +# Use values from NetworkManager. From nm_device_get_route_metric_default in +# https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/main/src/core/devices/nm-device.c +[DHCPv4] +RouteMetric=700 + +[IPv6AcceptRA] +RouteMetric=700 diff --git a/configs/encrypted/airootfs/etc/systemd/system/choose-mirror.service b/configs/encrypted/airootfs/etc/systemd/system/choose-mirror.service new file mode 100644 index 00000000..b6a3562a --- /dev/null +++ b/configs/encrypted/airootfs/etc/systemd/system/choose-mirror.service @@ -0,0 +1,10 @@ +[Unit] +Description=Choose mirror from the kernel command line +ConditionKernelCommandLine=mirror + +[Service] +Type=oneshot +ExecStart=/usr/local/bin/choose-mirror + +[Install] +WantedBy=multi-user.target diff --git a/configs/encrypted/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-config.service b/configs/encrypted/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-config.service new file mode 120000 index 00000000..ebc50f0c --- /dev/null +++ b/configs/encrypted/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-config.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/cloud-config.service \ No newline at end of file diff --git a/configs/encrypted/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-final.service b/configs/encrypted/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-final.service new file mode 120000 index 00000000..80fa3c82 --- /dev/null +++ b/configs/encrypted/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-final.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/cloud-final.service \ No newline at end of file diff --git a/configs/encrypted/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-init-local.service b/configs/encrypted/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-init-local.service new file mode 120000 index 00000000..dd8e9f1c --- /dev/null +++ b/configs/encrypted/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-init-local.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/cloud-init-local.service \ No newline at end of file diff --git a/configs/encrypted/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-init.service b/configs/encrypted/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-init.service new file mode 120000 index 00000000..24c7a26f --- /dev/null +++ b/configs/encrypted/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-init.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/cloud-init.service \ No newline at end of file diff --git a/configs/encrypted/airootfs/etc/systemd/system/dbus-org.freedesktop.ModemManager1.service b/configs/encrypted/airootfs/etc/systemd/system/dbus-org.freedesktop.ModemManager1.service new file mode 120000 index 00000000..dcf7c8ed --- /dev/null +++ b/configs/encrypted/airootfs/etc/systemd/system/dbus-org.freedesktop.ModemManager1.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/ModemManager.service \ No newline at end of file diff --git a/configs/encrypted/airootfs/etc/systemd/system/dbus-org.freedesktop.network1.service b/configs/encrypted/airootfs/etc/systemd/system/dbus-org.freedesktop.network1.service new file mode 120000 index 00000000..4c158e62 --- /dev/null +++ b/configs/encrypted/airootfs/etc/systemd/system/dbus-org.freedesktop.network1.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/systemd-networkd.service \ No newline at end of file diff --git a/configs/encrypted/airootfs/etc/systemd/system/dbus-org.freedesktop.resolve1.service b/configs/encrypted/airootfs/etc/systemd/system/dbus-org.freedesktop.resolve1.service new file mode 120000 index 00000000..4f6ae342 --- /dev/null +++ b/configs/encrypted/airootfs/etc/systemd/system/dbus-org.freedesktop.resolve1.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/systemd-resolved.service \ No newline at end of file diff --git a/configs/encrypted/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount b/configs/encrypted/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount new file mode 100644 index 00000000..4eab5513 --- /dev/null +++ b/configs/encrypted/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount @@ -0,0 +1,8 @@ +[Unit] +Description=Temporary /etc/pacman.d/gnupg directory + +[Mount] +What=tmpfs +Where=/etc/pacman.d/gnupg +Type=tmpfs +Options=mode=0755 diff --git a/configs/encrypted/airootfs/etc/systemd/system/getty@tty1.service.d/autologin.conf b/configs/encrypted/airootfs/etc/systemd/system/getty@tty1.service.d/autologin.conf new file mode 100644 index 00000000..d1d8474c --- /dev/null +++ b/configs/encrypted/airootfs/etc/systemd/system/getty@tty1.service.d/autologin.conf @@ -0,0 +1,3 @@ +[Service] +ExecStart= +ExecStart=-/sbin/agetty --autologin root --noclear %I 38400 linux diff --git a/configs/encrypted/airootfs/etc/systemd/system/livecd-alsa-unmuter.service b/configs/encrypted/airootfs/etc/systemd/system/livecd-alsa-unmuter.service new file mode 100644 index 00000000..03db4b95 --- /dev/null +++ b/configs/encrypted/airootfs/etc/systemd/system/livecd-alsa-unmuter.service @@ -0,0 +1,13 @@ +[Unit] +Description=Unmute All Sound Card Controls For Use With The Live Arch Environment +# This needs to run after the audio device becomes available. +Wants=systemd-udev-settle.service +After=systemd-udev-settle.service sound.target +ConditionKernelCommandLine=accessibility=on + +[Service] +Type=oneshot +ExecStart=/usr/local/bin/livecd-sound -u + +[Install] +WantedBy=sound.target diff --git a/configs/encrypted/airootfs/etc/systemd/system/livecd-talk.service b/configs/encrypted/airootfs/etc/systemd/system/livecd-talk.service new file mode 100644 index 00000000..b38df22c --- /dev/null +++ b/configs/encrypted/airootfs/etc/systemd/system/livecd-talk.service @@ -0,0 +1,20 @@ +[Unit] +Description=Screen reader service +After=livecd-alsa-unmuter.service +Before=getty@tty1.service +ConditionKernelCommandLine=accessibility=on + +[Service] +Type=oneshot +TTYPath=/dev/tty13 +ExecStartPre=/usr/bin/chvt 13 +ExecStart=/usr/local/bin/livecd-sound -p +ExecStartPost=/usr/bin/chvt 1 +ExecStartPost=systemctl start espeakup.service +StandardInput=tty +TTYVHangup=yes +TTYVTDisallocate=yes +RemainAfterExit=true + +[Install] +WantedBy=multi-user.target diff --git a/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/ModemManager.service b/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/ModemManager.service new file mode 120000 index 00000000..dcf7c8ed --- /dev/null +++ b/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/ModemManager.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/ModemManager.service \ No newline at end of file diff --git a/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/choose-mirror.service b/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/choose-mirror.service new file mode 120000 index 00000000..2d8d256a --- /dev/null +++ b/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/choose-mirror.service @@ -0,0 +1 @@ +../choose-mirror.service \ No newline at end of file diff --git a/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/iwd.service b/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/iwd.service new file mode 120000 index 00000000..3625abda --- /dev/null +++ b/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/iwd.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/iwd.service \ No newline at end of file diff --git a/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/livecd-talk.service b/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/livecd-talk.service new file mode 120000 index 00000000..b9174818 --- /dev/null +++ b/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/livecd-talk.service @@ -0,0 +1 @@ +/etc/systemd/system/livecd-talk.service \ No newline at end of file diff --git a/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/pacman-init.service b/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/pacman-init.service new file mode 120000 index 00000000..d09eec68 --- /dev/null +++ b/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/pacman-init.service @@ -0,0 +1 @@ +../pacman-init.service \ No newline at end of file diff --git a/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/qemu-guest-agent.service b/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/qemu-guest-agent.service new file mode 120000 index 00000000..8e3ff802 --- /dev/null +++ b/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/qemu-guest-agent.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/qemu-guest-agent.service \ No newline at end of file diff --git a/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/reflector.service b/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/reflector.service new file mode 120000 index 00000000..d3727297 --- /dev/null +++ b/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/reflector.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/reflector.service \ No newline at end of file diff --git a/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/sshd.service b/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/sshd.service new file mode 120000 index 00000000..d21ebd9d --- /dev/null +++ b/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/sshd.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/sshd.service \ No newline at end of file diff --git a/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/systemd-networkd.service b/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/systemd-networkd.service new file mode 120000 index 00000000..4c158e62 --- /dev/null +++ b/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/systemd-networkd.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/systemd-networkd.service \ No newline at end of file diff --git a/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/systemd-resolved.service b/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/systemd-resolved.service new file mode 120000 index 00000000..4f6ae342 --- /dev/null +++ b/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/systemd-resolved.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/systemd-resolved.service \ No newline at end of file diff --git a/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/vboxservice.service b/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/vboxservice.service new file mode 120000 index 00000000..cb2d5604 --- /dev/null +++ b/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/vboxservice.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/vboxservice.service \ No newline at end of file diff --git a/configs/encrypted/airootfs/etc/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service b/configs/encrypted/airootfs/etc/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service new file mode 120000 index 00000000..7d6ad92c --- /dev/null +++ b/configs/encrypted/airootfs/etc/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/systemd-networkd-wait-online.service \ No newline at end of file diff --git a/configs/encrypted/airootfs/etc/systemd/system/pacman-init.service b/configs/encrypted/airootfs/etc/systemd/system/pacman-init.service new file mode 100644 index 00000000..b18f7f83 --- /dev/null +++ b/configs/encrypted/airootfs/etc/systemd/system/pacman-init.service @@ -0,0 +1,13 @@ +[Unit] +Description=Initializes Pacman keyring +Requires=etc-pacman.d-gnupg.mount +After=etc-pacman.d-gnupg.mount + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/bin/pacman-key --init +ExecStart=/usr/bin/pacman-key --populate + +[Install] +WantedBy=multi-user.target diff --git a/configs/encrypted/airootfs/etc/systemd/system/reflector.service.d/archiso.conf b/configs/encrypted/airootfs/etc/systemd/system/reflector.service.d/archiso.conf new file mode 100644 index 00000000..de6664df --- /dev/null +++ b/configs/encrypted/airootfs/etc/systemd/system/reflector.service.d/archiso.conf @@ -0,0 +1,6 @@ +[Unit] +ConditionKernelCommandLine=!mirror + +[Service] +Restart=on-failure +RestartSec=10 diff --git a/configs/encrypted/airootfs/etc/systemd/system/sockets.target.wants/systemd-networkd.socket b/configs/encrypted/airootfs/etc/systemd/system/sockets.target.wants/systemd-networkd.socket new file mode 120000 index 00000000..51942c8e --- /dev/null +++ b/configs/encrypted/airootfs/etc/systemd/system/sockets.target.wants/systemd-networkd.socket @@ -0,0 +1 @@ +/usr/lib/systemd/system/systemd-networkd.socket \ No newline at end of file diff --git a/configs/encrypted/airootfs/etc/systemd/system/sound.target.wants/livecd-alsa-unmuter.service b/configs/encrypted/airootfs/etc/systemd/system/sound.target.wants/livecd-alsa-unmuter.service new file mode 120000 index 00000000..98c0fc87 --- /dev/null +++ b/configs/encrypted/airootfs/etc/systemd/system/sound.target.wants/livecd-alsa-unmuter.service @@ -0,0 +1 @@ +../livecd-alsa-unmuter.service \ No newline at end of file diff --git a/configs/encrypted/airootfs/etc/systemd/system/systemd-networkd-wait-online.service.d/wait-for-only-one-interface.conf b/configs/encrypted/airootfs/etc/systemd/system/systemd-networkd-wait-online.service.d/wait-for-only-one-interface.conf new file mode 100644 index 00000000..c9f9bcea --- /dev/null +++ b/configs/encrypted/airootfs/etc/systemd/system/systemd-networkd-wait-online.service.d/wait-for-only-one-interface.conf @@ -0,0 +1,6 @@ +# Allow systemd-networkd-wait-online to succeed with one interface, otherwise, if multiple network interfaces exist, +# network-online.target gets needlessly delayed. +# See https://wiki.archlinux.org/title/systemd-networkd#systemd-networkd-wait-online +[Service] +ExecStart= +ExecStart=/usr/lib/systemd/systemd-networkd-wait-online --any diff --git a/configs/encrypted/airootfs/etc/xdg/reflector/reflector.conf b/configs/encrypted/airootfs/etc/xdg/reflector/reflector.conf new file mode 100644 index 00000000..9a72b0d8 --- /dev/null +++ b/configs/encrypted/airootfs/etc/xdg/reflector/reflector.conf @@ -0,0 +1,6 @@ +# Reflector configuration file for the systemd service. + +--save /etc/pacman.d/mirrorlist +--protocol https +--latest 20 +--sort rate diff --git a/configs/encrypted/airootfs/root/.automated_script.sh b/configs/encrypted/airootfs/root/.automated_script.sh new file mode 100755 index 00000000..52c47e6a --- /dev/null +++ b/configs/encrypted/airootfs/root/.automated_script.sh @@ -0,0 +1,34 @@ +#!/usr/bin/env bash + +script_cmdline () +{ + local param + for param in $(< /proc/cmdline); do + case "${param}" in + script=*) echo "${param#*=}" ; return 0 ;; + esac + done +} + +automated_script () +{ + local script rt + script="$(script_cmdline)" + if [[ -n "${script}" && ! -x /tmp/startup_script ]]; then + if [[ "${script}" =~ ^((http|https|ftp)://) ]]; then + curl "${script}" --location --retry-connrefused --retry 10 -s -o /tmp/startup_script >/dev/null + rt=$? + else + cp "${script}" /tmp/startup_script + rt=$? + fi + if [[ ${rt} -eq 0 ]]; then + chmod +x /tmp/startup_script + /tmp/startup_script + fi + fi +} + +if [[ $(tty) == "/dev/tty1" ]]; then + automated_script +fi diff --git a/configs/encrypted/airootfs/root/.zlogin b/configs/encrypted/airootfs/root/.zlogin new file mode 100644 index 00000000..0fb119df --- /dev/null +++ b/configs/encrypted/airootfs/root/.zlogin @@ -0,0 +1,6 @@ +# fix for screen readers +if grep -Fq 'accessibility=' /proc/cmdline &> /dev/null; then + setopt SINGLE_LINE_ZLE +fi + +~/.automated_script.sh diff --git a/configs/encrypted/airootfs/usr/local/bin/Installation_guide b/configs/encrypted/airootfs/usr/local/bin/Installation_guide new file mode 100755 index 00000000..42667548 --- /dev/null +++ b/configs/encrypted/airootfs/usr/local/bin/Installation_guide @@ -0,0 +1,5 @@ +#!/bin/sh +# +# SPDX-License-Identifier: GPL-3.0-or-later + +exec lynx 'https://wiki.archlinux.org/title/Installation_guide' diff --git a/configs/encrypted/airootfs/usr/local/bin/choose-mirror b/configs/encrypted/airootfs/usr/local/bin/choose-mirror new file mode 100755 index 00000000..b021945b --- /dev/null +++ b/configs/encrypted/airootfs/usr/local/bin/choose-mirror @@ -0,0 +1,28 @@ +#!/bin/bash +# +# SPDX-License-Identifier: GPL-3.0-or-later + +get_cmdline() { + local param + for param in $(< /proc/cmdline); do + case "${param}" in + $1=*) echo "${param##*=}"; + return 0 + ;; + esac + done +} + +mirror=$(get_cmdline mirror) +[[ $mirror = auto ]] && mirror=$(get_cmdline archiso_http_srv) +[[ $mirror ]] || exit 0 + +mv /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.orig +cat >/etc/pacman.d/mirrorlist << EOF +# +# Arch Linux repository mirrorlist +# Generated by archiso +# + +Server = ${mirror%%/}/\$repo/os/\$arch +EOF diff --git a/configs/encrypted/airootfs/usr/local/bin/livecd-sound b/configs/encrypted/airootfs/usr/local/bin/livecd-sound new file mode 100755 index 00000000..baae0d26 --- /dev/null +++ b/configs/encrypted/airootfs/usr/local/bin/livecd-sound @@ -0,0 +1,248 @@ +#!/usr/bin/env bash +# +# SPDX-License-Identifier: GPL-3.0-or-later + +usage() { + cat <<- _EOF_ + live cd sound helper script. + Usage: livecdsound [OPTION] + OPTIONS + -u, --unmute unmute all sound cards + -p, --pick select a card for speetch output + -h, --help Show this usage message + +_EOF_ +} + +bugout () { + printf "/usr/local/bin/livecdsound: programming error" + stat_fail +} + +echo_card_indices() +{ + if [ -f /proc/asound/cards ] ; then + sed -n -e's/^[[:space:]]*\([0-7]\)[[:space:]].*/\1/p' /proc/asound/cards + fi +} + +# The following functions try to set many controls. +# No card has all the controls and so some of the attempts are bound to fail. +# Because of this, the functions can't return useful status values. + +# $1 +# $2 +# $3 +unmute_and_set_level(){ + { [ "$3" ] &&[ "$2" ] && [ "$1" ] ; } || bugout + systemd-cat -t "livecdsound" printf "Setting: %s on card: %s to %s\n" "$2" "$1" "$3" + systemd-cat -t "livecdsound" amixer -c "$1" set "$2" "$3" unmute + return 0 +} + +# $1 +# $2 +mute_and_zero_level() +{ + { [ "$1" ] && [ "$2" ] ; } || bugout + systemd-cat -t "livecdsound" printf "Muting control: %s on card: %s\n" "$2" "$1" + systemd-cat -t "livecdsound" amixer -c "$1" set "$2" "0%" mute + return 0 +} + +# $1 +# $2 +# $3 "on" | "off" +switch_control() +{ + { [ "$3" ] && [ "$1" ] ; } || bugout + systemd-cat -t "livecdsound" printf "Switching control: %s on card: %s to %s\n" "$2" "$1" "$3" + systemd-cat -t "livecdsound" amixer -c "$1" set "$2" "$3" + return 0 +} + +# $1 +sanify_levels_on_card() +{ + unmute_and_set_level "$1" "Front" "80%" + unmute_and_set_level "$1" "Master" "80%" + unmute_and_set_level "$1" "Master Mono" "80%" + unmute_and_set_level "$1" "Master Digital" "80%" # E.g., cs4237B + unmute_and_set_level "$1" "Playback" "80%" + unmute_and_set_level "$1" "Headphone" "100%" + unmute_and_set_level "$1" "PCM" "80%" + unmute_and_set_level "$1" "PCM,1" "80%" # E.g., ess1969 + unmute_and_set_level "$1" "DAC" "80%" # E.g., envy24, cs46xx + unmute_and_set_level "$1" "DAC,0" "80%" # E.g., envy24 + unmute_and_set_level "$1" "DAC,1" "80%" # E.g., envy24 + unmute_and_set_level "$1" "Synth" "80%" + unmute_and_set_level "$1" "CD" "80%" + unmute_and_set_level "$1" "PC Speaker" "100%" + + mute_and_zero_level "$1" "Mic" + mute_and_zero_level "$1" "IEC958" # Ubuntu #19648 + + # Intel P4P800-MX + switch_control "$1" "Master Playback Switch" on + switch_control "$1" "Master Surround" on + + # Trident/YMFPCI/emu10k1: + unmute_and_set_level "$1" "Wave" "80%" + unmute_and_set_level "$1" "Music" "80%" + unmute_and_set_level "$1" "AC97" "80%" + + # DRC: + unmute_and_set_level "$1" "Dynamic Range Compression" "80%" + + # Required for HDA Intel (hda-intel): + unmute_and_set_level "$1" "Front" "80%" + + # Required for SB Live 7.1/24-bit (ca0106): + unmute_and_set_level "$1" "Analog Front" "80%" + + # Required at least for Via 823x hardware on DFI K8M800-MLVF Motherboard + switch_control "$1" "IEC958 Capture Monitor" off + + # Required for hardware allowing toggles for AC97 through IEC958, + # valid values are 0, 1, 2, 3. Needs to be set to 0 for PCM1. + unmute_and_set_level "$1" "IEC958 Playback AC97-SPSA" "0" + + # Required for newer Via hardware + unmute_and_set_level "$1" "VIA DXS,0" "80%" + unmute_and_set_level "$1" "VIA DXS,1" "80%" + unmute_and_set_level "$1" "VIA DXS,2" "80%" + unmute_and_set_level "$1" "VIA DXS,3" "80%" + + # Required on some notebooks with ICH4: + switch_control "$1" "Headphone Jack Sense" off + switch_control "$1" "Line Jack Sense" off + + # Some machines need one or more of these to be on; + # others need one or more of these to be off: + + switch_control "$1" "Audigy Analog/Digital Output Jack" on + switch_control "$1" "SB Live Analog/Digital Output Jack" on + + # D1984 -- Thinkpad T61/X61 + switch_control "$1" "Speaker" on + switch_control "$1" "Headphone" on + + # HDA-Intel w/ "Digital" capture mixer (See Ubuntu #193823) + unmute_and_set_level "$1" "Digital" "80%" + + return 0 +} + +# $1 | "all" +sanify_levels() +{ + local ttsdml_returnstatus=0 + local card + case "$1" in + all) + for card in $(echo_card_indices) ; do + sanify_levels_on_card "$card" || ttsdml_returnstatus=1 + done + ;; + *) + sanify_levels_on_card "$1" || ttsdml_returnstatus=1 + ;; + esac + return $ttsdml_returnstatus +} + +# List all cards that *should* be usable for PCM audio. In my experience, +# the console speaker (handled by the pcsp driver) isn't a suitable playback +# device, so we'll exclude it. +list_non_pcsp_cards() +{ + for card in $(echo_card_indices); do + local cardfile="/proc/asound/card${card}/id" + if [ -r "$cardfile" ] && [ -f "$cardfile" ] && \ + [ "$(cat "$cardfile")" != pcsp ]; then + echo "$card" + fi + done +} + +# Properly initialize the sound card so that we have audio at boot. +unmute_all_cards() +{ + sanify_levels all +} + +is_numeric() { + local str=$1 + [[ "$str" =~ ^[0-9]+$ ]] +} + +set_default_card() { + local card=$1 + sed -e "s/%card%/$card/g" < /usr/local/share/livecd-sound/asound.conf.in \ + > /etc/asound.conf +} + +play_on_card() { + local card=$1 file=$2 + aplay -q "-Dplughw:$card,0" "$file" +} + +# If there are multiple usable sound cards, prompt the user to choose one, +# using auditory feedback. +pick_a_card() +{ + set -f + usable_cards="$(list_non_pcsp_cards)" + num_usable_cards="$(wc -w <<< "$usable_cards")" + + if [ "$num_usable_cards" -eq 1 ]; then + systemd-cat -t "livecdsound" printf "Only one sound card is detected\n" + exit 0 + fi + systemd-cat -t "livecdsound" printf "multiple sound cards detected\n" + for card in $usable_cards; do + if ! is_numeric "$card"; then + continue + fi + play_on_card "$card" /usr/share/livecd-sounds/pick-a-card.wav& + done + wait + sleep 1 + for card in $usable_cards; do + if ! is_numeric "$card"; then + continue + fi + play_on_card "$card" /usr/share/livecd-sounds/beep.wav + if read -r -t 10; then + systemd-cat -t "livecdsound" printf "Selecting %s sound card as default\n" "$card" + set_default_card "$card" + break + fi +done +} + +if [[ $# -eq 0 ]]; then + echo "error: No argument passed." + exit 1 +fi +while [[ "${1}" != "" ]]; do + case ${1} in + -h|--help) + usage + exit + ;; + -u|--unmute) + systemd-cat -t "livecdsound" printf "Unmuting all cards" + unmute_all_cards + ;; + -p|--pick) + pick_a_card + ;; + *) + echo "error: Unsupported argument" + usage + exit 1 + ;; + esac + shift +done diff --git a/configs/encrypted/airootfs/usr/local/share/livecd-sound/asound.conf.in b/configs/encrypted/airootfs/usr/local/share/livecd-sound/asound.conf.in new file mode 100644 index 00000000..3f9c7aa0 --- /dev/null +++ b/configs/encrypted/airootfs/usr/local/share/livecd-sound/asound.conf.in @@ -0,0 +1,3 @@ +Defaults node +defaults.ctl.card %card%; +defaults.pcm.card %card%; diff --git a/configs/encrypted/bootstrap_packages.x86_64 b/configs/encrypted/bootstrap_packages.x86_64 new file mode 100644 index 00000000..64966d07 --- /dev/null +++ b/configs/encrypted/bootstrap_packages.x86_64 @@ -0,0 +1,2 @@ +arch-install-scripts +base diff --git a/configs/encrypted/efiboot/grub.cfg b/configs/encrypted/efiboot/grub.cfg new file mode 100644 index 00000000..c36fb298 --- /dev/null +++ b/configs/encrypted/efiboot/grub.cfg @@ -0,0 +1,43 @@ +insmod part_gpt +insmod part_msdos +insmod fat + +insmod all_video + +insmod font + +if loadfont "${prefix}/fonts/unicode.pf2" ; then + insmod gfxterm + set gfxmode="1024x768x32;auto" + terminal_input console + terminal_output gfxterm +fi + +menuentry "Arch Linux install medium (x86_64, Intel, UEFI)" { + set gfxpayload=keep + search --no-floppy --set=root --label %ARCHISO_LABEL% + linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% add_efi_memmap + initrd /%INSTALL_DIR%/boot/intel-ucode.img /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img +} + +menuentry "Arch Linux install medium (x86_64, AMD, UEFI)" { + set gfxpayload=keep + search --no-floppy --set=root --label %ARCHISO_LABEL% + linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% add_efi_memmap + initrd /%INSTALL_DIR%/boot/amd-ucode.img /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img +} + +menuentry "Arch Linux install medium with speakup screen reader (x86_64, Intel, UEFI)" { + set gfxpayload=keep + search --no-floppy --set=root --label %ARCHISO_LABEL% + linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% add_efi_memmap accessibility=on + initrd /%INSTALL_DIR%/boot/intel-ucode.img /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img +} + +menuentry "Arch Linux install medium with speakup screen reader (x86_64, AMD, UEFI)" { + set gfxpayload=keep + search --no-floppy --set=root --label %ARCHISO_LABEL% + linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% add_efi_memmap accessibility=on + initrd /%INSTALL_DIR%/boot/amd-ucode.img /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img +} + diff --git a/configs/encrypted/efiboot/loader/entries/01-archiso-x86_64-linux.conf b/configs/encrypted/efiboot/loader/entries/01-archiso-x86_64-linux.conf new file mode 100644 index 00000000..d59262f1 --- /dev/null +++ b/configs/encrypted/efiboot/loader/entries/01-archiso-x86_64-linux.conf @@ -0,0 +1,6 @@ +title Arch Linux install medium (x86_64, UEFI) +linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux +initrd /%INSTALL_DIR%/boot/intel-ucode.img +initrd /%INSTALL_DIR%/boot/amd-ucode.img +initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img +options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% diff --git a/configs/encrypted/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf b/configs/encrypted/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf new file mode 100644 index 00000000..06f5466e --- /dev/null +++ b/configs/encrypted/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf @@ -0,0 +1,6 @@ +title Arch Linux install medium (x86_64, UEFI) with speech +linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux +initrd /%INSTALL_DIR%/boot/intel-ucode.img +initrd /%INSTALL_DIR%/boot/amd-ucode.img +initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img +options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% accessibility=on diff --git a/configs/encrypted/efiboot/loader/entries/03-archiso-x86_64-ram-linux.conf b/configs/encrypted/efiboot/loader/entries/03-archiso-x86_64-ram-linux.conf new file mode 100644 index 00000000..9c7a51ab --- /dev/null +++ b/configs/encrypted/efiboot/loader/entries/03-archiso-x86_64-ram-linux.conf @@ -0,0 +1,6 @@ +title Arch Linux install medium (x86_64, UEFI, Copy to RAM) +linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux +initrd /%INSTALL_DIR%/boot/intel-ucode.img +initrd /%INSTALL_DIR%/boot/amd-ucode.img +initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img +options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% copytoram diff --git a/configs/encrypted/efiboot/loader/loader.conf b/configs/encrypted/efiboot/loader/loader.conf new file mode 100644 index 00000000..ae634870 --- /dev/null +++ b/configs/encrypted/efiboot/loader/loader.conf @@ -0,0 +1,2 @@ +timeout 15 +default 01-archiso-x86_64-linux.conf diff --git a/configs/encrypted/packages.x86_64 b/configs/encrypted/packages.x86_64 new file mode 100644 index 00000000..97f87c5a --- /dev/null +++ b/configs/encrypted/packages.x86_64 @@ -0,0 +1,120 @@ +alsa-utils +amd-ucode +arch-install-scripts +archinstall +b43-fwcutter +base +bind-tools +brltty +broadcom-wl +btrfs-progs +clonezilla +cloud-init +crda +cryptsetup-encryption +darkhttpd +ddrescue +dhclient +dhcpcd +diffutils +dmraid +dnsmasq +dosfstools +e2fsprogs +edk2-shell +efibootmgr +espeakup +ethtool +exfatprogs +f2fs-tools +fatresize +fsarchiver +gnu-netcat +gpart +gpm +gptfdisk +grml-zsh-config +grub +hdparm +intel-ucode +ipw2100-fw +ipw2200-fw +irssi +iw +iwd +jfsutils +kitty-terminfo +less +lftp +libfido2 +libusb-compat +linux +linux-atm +linux-firmware +livecd-sounds +lsscsi +lvm2 +lynx +man-db +man-pages +mc +mdadm +memtest86+ +mkinitcpio +mkinitcpio-archiso +mkinitcpio-nfs-utils +modemmanager +mtools +nano +nbd +ndisc6 +nfs-utils +nilfs-utils +nmap +ntfs-3g +nvme-cli +openconnect +openssh +openvpn +partclone +parted +partimage +pcsclite +ppp +pptpclient +pv +qemu-guest-agent +refind +reflector +reiserfsprogs +rp-pppoe +rsync +rxvt-unicode-terminfo +screen +sdparm +sg3_utils +smartmontools +sof-firmware +squashfs-tools +sudo +syslinux +systemd-resolvconf +tcpdump +terminus-font +testdisk +tmux +tpm2-tss +udftools +usb_modeswitch +usbmuxd +usbutils +vim +virtualbox-guest-utils-nox +vpnc +wireless-regdb +wireless_tools +wpa_supplicant +wvdial +xfsprogs +xl2tpd +zsh diff --git a/configs/encrypted/pacman.conf b/configs/encrypted/pacman.conf new file mode 100644 index 00000000..5ee6c1ee --- /dev/null +++ b/configs/encrypted/pacman.conf @@ -0,0 +1,101 @@ +# +# /etc/pacman.conf +# +# See the pacman.conf(5) manpage for option and repository directives + +# +# GENERAL OPTIONS +# +[options] +# The following paths are commented out with their default values listed. +# If you wish to use different paths, uncomment and update the paths. +#RootDir = / +#DBPath = /var/lib/pacman/ +#CacheDir = /var/cache/pacman/pkg/ +#LogFile = /var/log/pacman.log +#GPGDir = /etc/pacman.d/gnupg/ +#HookDir = /etc/pacman.d/hooks/ +HoldPkg = pacman glibc +#XferCommand = /usr/bin/curl -L -C - -f -o %o %u +#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u +#CleanMethod = KeepInstalled +Architecture = auto + +# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup +#IgnorePkg = +#IgnoreGroup = + +#NoUpgrade = +#NoExtract = + +# Misc options +#UseSyslog +#Color +#NoProgressBar +# We cannot check disk space from within a chroot environment +#CheckSpace +#VerbosePkgLists +ParallelDownloads = 5 + +# By default, pacman accepts packages signed by keys that its local keyring +# trusts (see pacman-key and its man page), as well as unsigned packages. +SigLevel = Required DatabaseOptional +LocalFileSigLevel = Optional +#RemoteFileSigLevel = Required + +# NOTE: You must run `pacman-key --init` before first using pacman; the local +# keyring can then be populated with the keys of all official Arch Linux +# packagers with `pacman-key --populate archlinux`. + +# +# REPOSITORIES +# - can be defined here or included from another file +# - pacman will search repositories in the order defined here +# - local/custom mirrors can be added here or in separate files +# - repositories listed first will take precedence when packages +# have identical names, regardless of version number +# - URLs will have $repo replaced by the name of the current repo +# - URLs will have $arch replaced by the name of the architecture +# +# Repository entries are of the format: +# [repo-name] +# Server = ServerName +# Include = IncludePath +# +# The header [repo-name] is crucial - it must be present and +# uncommented to enable the repo. +# + +# The testing repositories are disabled by default. To enable, uncomment the +# repo name header and Include lines. You can add preferred servers immediately +# after the header, and they will be used before the default mirrors. + +#[testing] +#Include = /etc/pacman.d/mirrorlist + +[core] +Include = /etc/pacman.d/mirrorlist + +[extra] +Include = /etc/pacman.d/mirrorlist + +#[community-testing] +#Include = /etc/pacman.d/mirrorlist + +[community] +Include = /etc/pacman.d/mirrorlist + +# If you want to run 32 bit applications on your x86_64 system, +# enable the multilib repositories as required here. + +#[multilib-testing] +#Include = /etc/pacman.d/mirrorlist + +#[multilib] +#Include = /etc/pacman.d/mirrorlist + +# An example of a custom package repository. See the pacman manpage for +# tips on creating your own repositories. +#[custom] +#SigLevel = Optional TrustAll +#Server = file:///home/custompkgs diff --git a/configs/encrypted/profiledef.sh b/configs/encrypted/profiledef.sh new file mode 100644 index 00000000..3f34119c --- /dev/null +++ b/configs/encrypted/profiledef.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +# shellcheck disable=SC2034 + +iso_name="archlinux" +iso_label="ARCH_$(date +%Y%m)" +iso_publisher="Arch Linux " +iso_application="Arch Linux Live/Rescue CD" +iso_version="$(date +%Y.%m.%d)" +install_dir="arch" +buildmodes=('iso') +bootmodes=('bios.syslinux.mbr' 'bios.syslinux.eltorito' 'uefi-ia32.grub.esp' 'uefi-x64.systemd-boot.esp' 'uefi-x64.systemd-boot.eltorito') +arch="x86_64" +pacman_conf="pacman.conf" +airootfs_image_type="erofs" +airootfs_image_tool_options=('-zlz4hc,12') +encryption="true" +file_permissions=( + ["/etc/shadow"]="0:0:400" + ["/root"]="0:0:750" + ["/root/.automated_script.sh"]="0:0:755" + ["/usr/local/bin/choose-mirror"]="0:0:755" + ["/usr/local/bin/Installation_guide"]="0:0:755" + ["/usr/local/bin/livecd-sound"]="0:0:755" +) diff --git a/configs/encrypted/syslinux/archiso_head.cfg b/configs/encrypted/syslinux/archiso_head.cfg new file mode 100644 index 00000000..1154f782 --- /dev/null +++ b/configs/encrypted/syslinux/archiso_head.cfg @@ -0,0 +1,28 @@ +SERIAL 0 115200 +UI vesamenu.c32 +MENU TITLE Arch Linux +MENU BACKGROUND splash.png + +MENU WIDTH 78 +MENU MARGIN 4 +MENU ROWS 7 +MENU VSHIFT 10 +MENU TABMSGROW 14 +MENU CMDLINEROW 14 +MENU HELPMSGROW 16 +MENU HELPMSGENDROW 29 + +# Refer to http://syslinux.zytor.com/wiki/index.php/Doc/menu + +MENU COLOR border 30;44 #40ffffff #a0000000 std +MENU COLOR title 1;36;44 #9033ccff #a0000000 std +MENU COLOR sel 7;37;40 #e0ffffff #20ffffff all +MENU COLOR unsel 37;44 #50ffffff #a0000000 std +MENU COLOR help 37;40 #c0ffffff #a0000000 std +MENU COLOR timeout_msg 37;40 #80ffffff #00000000 std +MENU COLOR timeout 1;37;40 #c0ffffff #00000000 std +MENU COLOR msg07 37;40 #90ffffff #a0000000 std +MENU COLOR tabmsg 31;40 #30ffffff #00000000 std + +MENU CLEAR +MENU IMMEDIATE diff --git a/configs/encrypted/syslinux/archiso_pxe-linux.cfg b/configs/encrypted/syslinux/archiso_pxe-linux.cfg new file mode 100644 index 00000000..e8c9a7b7 --- /dev/null +++ b/configs/encrypted/syslinux/archiso_pxe-linux.cfg @@ -0,0 +1,32 @@ +LABEL arch64_nbd +TEXT HELP +Boot the Arch Linux install medium using NBD. +It allows you to install Arch Linux or perform system maintenance. +ENDTEXT +MENU LABEL Arch Linux install medium (x86_64, NBD) +LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux +INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img +APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% archiso_nbd_srv=${pxeserver} checksum verify +SYSAPPEND 3 + +LABEL arch64_nfs +TEXT HELP +Boot the Arch Linux live medium using NFS. +It allows you to install Arch Linux or perform system maintenance. +ENDTEXT +MENU LABEL Arch Linux install medium (x86_64, NFS) +LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux +INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img +APPEND archisobasedir=%INSTALL_DIR% archiso_nfs_srv=${pxeserver}:/run/archiso/bootmnt checksum verify +SYSAPPEND 3 + +LABEL arch64_http +TEXT HELP +Boot the Arch Linux live medium using HTTP. +It allows you to install Arch Linux or perform system maintenance. +ENDTEXT +MENU LABEL Arch Linux install medium (x86_64, HTTP) +LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux +INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img +APPEND archisobasedir=%INSTALL_DIR% archiso_http_srv=http://${pxeserver}/ checksum verify +SYSAPPEND 3 diff --git a/configs/encrypted/syslinux/archiso_pxe.cfg b/configs/encrypted/syslinux/archiso_pxe.cfg new file mode 100644 index 00000000..b4c9a804 --- /dev/null +++ b/configs/encrypted/syslinux/archiso_pxe.cfg @@ -0,0 +1,5 @@ +INCLUDE archiso_head.cfg + +INCLUDE archiso_pxe-linux.cfg + +INCLUDE archiso_tail.cfg diff --git a/configs/encrypted/syslinux/archiso_sys-linux.cfg b/configs/encrypted/syslinux/archiso_sys-linux.cfg new file mode 100644 index 00000000..0d85fccf --- /dev/null +++ b/configs/encrypted/syslinux/archiso_sys-linux.cfg @@ -0,0 +1,31 @@ +LABEL arch64 +TEXT HELP +Boot the Arch Linux install medium on BIOS. +It allows you to install Arch Linux or perform system maintenance. +ENDTEXT +MENU LABEL Arch Linux install medium (x86_64, BIOS) +LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux +INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img +APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% + +# Accessibility boot option +LABEL arch64speech +TEXT HELP +Boot the Arch Linux install medium on BIOS with speakup screen reader. +It allows you to install Arch Linux or perform system maintenance with speech feedback. +ENDTEXT +MENU LABEL Arch Linux install medium (x86_64, BIOS) with ^speech +LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux +INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img +APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% accessibility=on + +# Copy to RAM boot option +LABEL arch64ram +TEXT HELP +Boot the Arch Linux install medium on BIOS with Copy-to-RAM option +It allows you to install Arch Linux or perform system maintenance. +ENDTEXT +MENU LABEL Arch Linux install medium (x86_64, BIOS, Copy to RAM) +LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux +INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img +APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% copytoram diff --git a/configs/encrypted/syslinux/archiso_sys.cfg b/configs/encrypted/syslinux/archiso_sys.cfg new file mode 100644 index 00000000..d93bcfe6 --- /dev/null +++ b/configs/encrypted/syslinux/archiso_sys.cfg @@ -0,0 +1,8 @@ +INCLUDE archiso_head.cfg + +DEFAULT arch64 +TIMEOUT 150 + +INCLUDE archiso_sys-linux.cfg + +INCLUDE archiso_tail.cfg diff --git a/configs/encrypted/syslinux/archiso_tail.cfg b/configs/encrypted/syslinux/archiso_tail.cfg new file mode 100644 index 00000000..e5339a2c --- /dev/null +++ b/configs/encrypted/syslinux/archiso_tail.cfg @@ -0,0 +1,35 @@ +LABEL existing +TEXT HELP +Boot an existing operating system. +Press TAB to edit the disk and partition number to boot. +ENDTEXT +MENU LABEL Boot existing OS +COM32 chain.c32 +APPEND hd0 0 + +# http://www.memtest.org/ +LABEL memtest +MENU LABEL Run Memtest86+ (RAM test) +LINUX /%INSTALL_DIR%/boot/memtest + +# http://hdt-project.org/ +LABEL hdt +MENU LABEL Hardware Information (HDT) +COM32 hdt.c32 +APPEND modules_alias=hdt/modalias.gz pciids=hdt/pciids.gz + +LABEL reboot +TEXT HELP +Reboot computer. +The computer's firmware must support APM. +ENDTEXT +MENU LABEL Reboot +COM32 reboot.c32 + +LABEL poweroff +TEXT HELP +Power off computer. +The computer's firmware must support APM. +ENDTEXT +MENU LABEL Power Off +COM32 poweroff.c32 diff --git a/configs/encrypted/syslinux/splash.png b/configs/encrypted/syslinux/splash.png new file mode 100644 index 0000000000000000000000000000000000000000..64b959a61efb767a58d484601f122f6d4ead5a8a GIT binary patch literal 45400 zcmXt9by!n>xZg&N9!P^oOLup-ba$t8D&5^(QqmzIjW9q!8brE7N)V)*dw%ym_m6FG zo@Zlx-}uD)o)|S1IZQMXG!O`csUR<{0RlmSK_KuZ6dAa}Gqbu2ynsD4xP1d9*^q5vsKOKABnAAj@7CY#F+XW#kOA(UG|ARdw` zixUD;ppeEw9%#yLc`}=Kgs&HJ@FqSU$K5pXuD3M0oYj9h8D2ytjn`*aps-4zNr#OJ zOwzwQLM^D7>%Py1!r^+7Q)2)x`KIeN_2_<}u*V-8S<+0Q)mg;vG_*Qda z!a%lsgJVU6X?5y~OG-p8WjH-1aa{M=ChxLCuW0;Hg?EV2@Pm!tI-$XK{vWZNAHzqR zQ_SKE%uUQ`;=_v8c@pG#PIX)e?adk`HsTdF`0hHy$I3ydiiSDM;LeQf6~L?kxOGA}(>E0tBnH4~>dq zyO7Gff)jQoR}ShlyGWN`#~2Mu`(4CCX$IhtJ&(;;W;63{OJ0f0xKpaa&5~?1(qzK9 z-a8hdjVHUI^K*fHt{gemebg4k3OyWg0)6p6VFUh?j?I75<2E^ho_Gl!+AE)53vqIp zZcd}|(~(-w7~yIBU@p=I$>AL6pTgbgF6gy}%$P&cB^U7wG28Lb((I7x6jGkXo@|11 z%YMobum=@2L$TuEaK-+1DA@#)QrwZLV*w#EqPu1799x>TI+M0wA>FFwl@vo$@Ewv; z#~G5g@;vNW=E`O3%25<-S^OSUyLmqte{4DmYEaXI`)9Zi5KLn*ZZ{%^51(%f>D-UK z4@gJVH`aPd#K_lA`Q3a@M&w8ef1fT>r*lVzZs&And40j8vszp}TVC>Juw;{O#fG=A zs7~!ji~E`VjY)%KNe)?f<0ORO=tFPgSIw4O7p7)}q>|+&qbG|pq%YG`$2ndDPGvlk zXuf^S<{P*oaue-oJk2V-c2|arr`cXx6K~P=5JT>qG${-JeO>l3rdKH*?x!mva`(8E zo`|Q}Ae4arvFuPA5RkV+)p=)fL|+ zd%r3Toy`J)pv3}DWmHP$@Yhx(knqi3_Ku^WI`mIxY7aClM%gxMs~rLi?QmM5sIKRMQQCjPeMl(}a6 zwqJ=);vhnxCa_PK+l0~m84^C0OoUR{4)T1|`i;uCdpW=W`POgnh!%nLby?D>^%_6d zTt)rKkZ2=E+qgGALR1+Ql-L4u%lViUM!)}RiLZ3s4V=l_* ztIFB0!SC~?TWZ~=vi!@fGuNww=&__1b>8B}8)vZ2e7uniVoytG>}Tb%1f|d)o3?)d zf9|wDqD9LAQ^xd(-Y6D*CE4uuC76b6avR>%(!Y=095Xr@8N3CmbKYS$Q#)ws~({4sa!HZWCU8TDJ^ zUq;$IarTuDgy*YGC1ebUEe%VkA&n%oBefTn?fZ7DLK|qdnX=T}0{dq5oZ;nlYG1y~ zJwX*QI8n&Z>*v>-zC*Zmf=%kNMe_c2aWXZhDhOyDWDXCei@@!8HiC4r<75`t?hbu& z|3s{zIh)I-^(S1w8R=*wRuFrjntE`Cix4-=4@=s=8G9S?>}d)i~7noTSuyac#+&QYf9L0brb127&5LIc( zJif%QH;9WR;)htv3?Mhhdx>U;Z3Wgg=;5L5SnyoA6br?*_Uj)|J!JKE$a5vo4>x(( zRei*z+G%MH_;=GX8{7j$*a;4BVA^EVenXdO1FmbO$hQ7BR#v3Q_ogP8xaMt5%|3bx zl-{$&HRY+@Ku0sw?DWJw#rSTpN3*SlI( z!K-o`6VC~93F#5Tgh!4OjWf4*6l(dRuOLVmRM+8eC_y{HY$cB?yk3;=(^%Ez!g6h> z2uma5StvLO5bYYLE@m?=4%+%NKL7>%FlAMfWG5OCPMj~5GL)gDI3K z!WqS3h~e}_stBQYAQU-qn`B}HeCfq<79CD2P5|h<5$%fkBU^FN`7_0fa)v1gE%h;; zZ0cL_?^CjY2;_X6^*>c%J|T!i+sv18$VcxmPwc-()iQt9T28{ngyQ~oDe>(5&fl+? z&cA45idWgDl4#x9S6l0YgP54mp=ozD!RyFJAlZ+;5@zjyN+bUYb6Dcl; zV67j+xW{IZ@|_V#Lk9t^()I;*Q;HygK!isRGbam-k)lAf&^As-+GXDFssX-Y!RrS7 z@L@fqkO&Jq4xQg0C@Ui-%qR-i>Fc?3ZegV(*)aYiz4@j=2Z@di5Zmwr^xSvl)s`q!ZlT1g}%e_AEnXoV?rjzWj8ssE(+GUZRn@ehxtPjt_zRe_a?oHZ7)Ms*0=o zdv9G!hRrcMRA5uxq*Ea~dm>#`P5jx7fF26vV-J=s3_`89H&a6hCnE#LNbHS@7+#P? zV{&O<%FA8N;LUy8Ly5An0LM{GfAr#JdeGH+>2KQbqP)(Uv(m0lJXK>-De`X)&i82e zpeyCtDIt*L^%zfoAVtLMVVLW1q9Gs5U_&1?lUM%CbXf91Nn! zU`O)IEU>>9Q;HrO7W}IEQ3P@dTBX_iSPLO-Hg4Ot`R*|E#^yk`rZI>C0dC|IOpGC! zis}P0qs=HvBdnbKL=5F22}u5K25YQ0i|*4c8s~@L=qKTA=l39f?Nn#rKq^fJlHo)z zr^5{FQHHjcAI5<^lx~SLF)@+N<4BONQb8-8bdKo(n*>c#F0GkqDPKJ4!R%~o`(!qP z?nuK*W(=L-<|$7~pQI-Rpp*>wnWG*Z$DiNNzjb?#wcBsj3Dr_j>xWl?CT{6NB-icB z-xz(H!W@Haf%rfJ&rrDzO+;F<)=@$Jau&&=W|l;xajQJJRMYzPMgx<9-+Z}EE|azUuG7c(^?lF3r$xMZ|Ej}9;FLc z8Y(uwiF3s;LPP;8z)xkULlK$|KpC_!)?p*QKak|H1Z!5fCS^sV!m0pa$7^KxQ+m-GZ!P5@cUj?crjrxqbQCux7?A|my%%g~ndBCX|49e$8Xi#;OIY{%dFacT&K;v~o>GeO9&~IO_ zxD4|w7=@jmyZZ`%B7&oUnwX_Btrt(Ozrsy>f+_aNQYR8Zmi3R2%HMZq3-9hJ)#$4Z zK=Si^n5^U&LVshzq!22FJM=TKVsfOom_a#{y_L@sSZX{7t_)2<)KdestX+1zh^i8u z5$2rPb}0587!WXjngoOT)H(6wBc}6$JaFn8V*XuX}mj2z5G<9w5vM^zVREjZ9B1;$|IF!N)5pF#z|2><}95;MA z*jsAl4l_?~_;Sw9@R9gOq6Ul(3|b~!jrmkQct4r6Z}wORU$nX~WJTot0{d;yv!{{r zL@GMt&pYJqY))bmreg9rl)w7)xs)SN!Gc|WyKmFX5*7mDL_n5Q#$-ZC|D_rdFd9lv ztzIO~w(+K1JO6X83_sTp3N2@O~La9^js{-xFTZ$a{OdE z@FcWb_qtEK&+)t8l*_AU4LQuGOy{tTKq&*+4G%KEUi)jJM0~fpU?zGPlz z2qgb=Y+5}v<9{m2{OWDH4b}T*R&8Ptv}!^3`94#~4QnIiHncM2_2;9ce#fQWbKrXSUeE>ez4u$>6rYb;NmjNm zxN=A_y7&m{x*UNq5;no&P{b~TPe{6sbzkGB*_lYypv-3Vgtv|TLom9K_ zqg`TBOC16BA-$3fKbT2^b_o^@%()zYH@H}aJSm}p>KtIHbrBhULw)n^#NwbyYweai z{_d4cz1|o&g#r{g!;gycOpfRg2U$X!x~qH=p};pL7j^%QfxdF}MZFXptlapt1wk0R2l5g)yij^tUf z5V0U(?2y6FZXr9E@*pz`Dk%txIp_O&jrOZE*KyANQUGLip#+-cDDhQr)v&Pnd|e&p zFO>wm8+7xd=eD&CLHQTEpy_yI$~$*-%RFIIuvZgeh^$mMaf(r`Vb+0*gBh~d-ZUJI zj*|ihDj~iNRZz?p2!Z@v8j~1O)i%X#y2eSQ=>@<*g)#>{ELqZm9G6ZKj>J)Rje~$V z9@#MIEtc1JTbezNfHARH5Adxe=?QM|#B$@$s32riBymJicn8)leGJdFJTf$tLX@WB7o!GyGDo`p zqP8U5?Cd+y+Bk7@!=1Uf@DX6IXi4a31DZ~%^c_?;Bv=3C8pE+y{Z}IfS9eq35zIT4szvyQ5yt8?!?MZ2( zqHk;Zll4AB*Xo5+4B3Ja+m;KaU9OCf?)ym5F4W((AQ)ayTZm{N$#RJZraL7vWn!u$&-@GZsd~)W9iYW=9S; z2AG?=PHWP3OqI>2vBjG5=vT~(0Pa#nlu(>)qCjCqyF+YJ?4jZlqgkXU&lu{P9b1Gk zy#*K;xLCKekqzVKg!G86=`2QJ@au)XZ~NN49Ksc5&XtdmOmYbHw6wI@?B)yn0(wRmE_^;UQSyDp*iiT`j4k6c@Pm=gQ)A{o7)P$6Ma_i^1rGte=fdF~8df z*EKfcczJpKcald(N9=)*zQ5+?id$O=fQtuz{tSq{T!@wS_P$BicztYdzc-$fE#k*Z zr;;BH5C<)7?L#rFDC)f>1QaZ@i@gcAEBW~f@+1_16ZMCqzG4T?R!c{x|HOOX(6isB z`EV*?z&w1w90LOb{^x4@zrgriGbg?lBGBDaKbQbGGn$A*B*r?NJvTxHU zq(`B3(BU8PYKKiD@HeX};0#oS{~-#KtB!l=XIh>s=wepQl>!-&Wf~~J+WY9f`teVl zUT>htrw@C?;gZGaM>SOrh6V<%r{8XlimIEMIO``3j!sVIB+{?*JQBxPyD<3HeW`86 zvqL&NJJavaGIUKOC}6=9P&c@;5)TiLUXQ=P-b7v$KrFR%bxW(O(LyOc3uA4$5{Zb2 z2zqpWxUe~1Y^1Ii<6_u-&ud6l$_Ry&s}?3Iq|urG{H#z}QxgUx|Aft~)YwQJv8;poWZ;NY<7-DRmYFGZ`Lxpi?jy|NNF5QV+-bh9x${3Zyaa4L&> zOF;wqW4>DO1(EGE$FXhdYN`yj!euuzKa80)$xH@;idH-MgxqxoSw&{h>>b(w!Eu<= zCRP4A?;^6GL=Jbgj8ctU(~YbTqW~8u{j;DffyE2j2LyGim-B(=LlFBcbI}}zB)hz8 z7IQB#9>{joLK%rvc)=g*ngJch_eNjd2?ZbQ@6P8xB?i8^!j`DbgDOJ#b&cB&#!Yb< z1fUos`hD3qP;rUPIQH~WG$$IG%5kQ?Hk5Tk9xEkj(k(eN61B+=7nd!sw!hfy9I*dZ06X%C3 zXnz1(Oxnf8CB6?8G@i|Y;IrmMs8er5T*{eA!+@;j;H7Nc%`HVx$7aMzSpF_A(tfsl zYlzh4d(D@gSfEG{2-!^H&1K~{*&rdHz~_rX%cuJ*dN#IUv8P$Ftz5_Y7@?IBqBzUY zG_c|chBY9+=4d9`VZ*LaWKI$-~EnrQCH(FTWEk zLQGsGaU*|?A(Cc7?UZOU%e z0ukhK$EK`FG0{sPpBzM(K+7$XSz$BowbC-X5gO7GPXkxI5fXSka&s( z3&o`6hQ7@1{rm5>Vh{SYhHY3ucVngv<^#x=H#htFGSJNV;x=>eM^Zwn<0=`2g_zHI zoS1k(xCZY&v`KikU%`?-T|B4_=Je?>qfy)+?HBtUWt=T2D`8z)jB*PS;p0@lm#%EW zS>w_v-TqFXMRq52+%svO)7-Z?#MguLElrmK_}undESNM*0CKY=viVHj!m_0AiwZ)H zRlAZ7XUc<-FT`)&68xCtj9+;)Y)9$bUhc=JelT0}yfks=5|-PL8~MkA$~R@-Tp}yQ z;Whrbnhv_&OyN$0g_x_&0(e@r+B$USubP+iYKX&w)!GS-(L-?A^^wa$&n3{Qi1tCY zMc#y~x~oVJUv+N9{BgDr@~X*-Kz^fP4h`_4z4b1($|MqX;vH+*?)G}@FbQgwwDexWx}CXQe$tM`!>0JopH=&3YYC}OwZ*7r-HU8g;yK%Cj~ zRcw_Fe-7Q{CHrJhK9-xtgrGL7 zKm0>K%inlo>7VKErvB-CuEng#-u(ErKFRs9DIKBM9=*hV?34r}SN@j_YK7m0^K=`# z)(85J_UyU>pPK}u*PI&sR#G`Lso$mKjvSa=So2T$$2VaIy&2fcCH{=J)Y~}t3=Sic z*q0J3sIiUg{_?lywMTuh$F`BkCpI4GeHav62I2OK`4%WR>gF(euK~ zn_J#Tos8k!Fxz^$XLiAWa@qZvFsYFgy^87BW_w5uLV$Th0v>#`-Z9+o+B)*-!?oz> zOt+?iL3NF+M-KNi%@`*M3CUT`l)tQPVWc2amSRt^#p3zgmq7exn~9(LUp>K>FOO3% z2SHgG8UIBf1nZf5h)o;+)b2qMV9h!JnDyQCzB~~*{wZEmt4kDn{+HC~cjGMle7o}> z`fhm&a;+28^^i<29IgKR8G0J@^3c8&Nh-_8Du=8n-GvrT#W2NCLe8PC^;NjuACjnM z|61kCEu=e5>ufmZymqfNeY$wAmt$(iPCuV|yQ*(VNi3;nZxGoxOLD`}$;ut$U{re- zTLtNNeyI)$h$d##bgbegHE+7*93AM8!3xQ1+6Nt%T**!Om(?18J2U{uVSHeiE-^ENz zNW`2c{@#r5`u|-3isjAR4m|wAX9C4jUyQHi#KkOZ#i!UwQhx<%KoW|c$iWozFf&)g zv7+O%p8xnDE07J@=eed0G$m@?3`U1w7Iz z7CkQmw1FN9lmLzp-+H4Z3f3D@3~@J?i$%*M^Q9*1P6;K}?4MT0RXR}sNAdq-xIyyM zI;m0YzxGzr-26)HHg4%l(&^SfSHyF08NEbCI7f_#-+> z!UU3k^_C%OZ*zbA#CBXilw(~e)zBmmNgEILSB^Y5jeO{*OfOuHjkP>2JwNE87iz($ zB}@{BUJh}347I1_hs0s!n|ksg4^1WZPj2xhab!Am@ZD0!OGJlT@ScuT7q^5*`n!=n zyPj}gvi2x-d>8OVUjEs8W)uEr{{YVas~cpz5P+az&jL-&QjboFk3BZ^9%4xglpd63 zi)RRf(e5G}dFYl{8PuFl6%#O()S*J!J4q|N-x@XR!UZf*Azge_4Oi9}-M6p!vo;|6 zt4tsg9xO`#>AyynAPh)c@^>pl%4vP^3OfWOHG`GtXQld3mkZO`bM$QV1-4}&fT_%a zH#cuuA{L+}sUb*CA*#b?=Ijj}d%2DcE*qjEh0-`2KkW@W&3-OMv3c0J8|*_}b;qelOwvtH!G8m9p4DuhG_-F>rfz5FhQ zkh>LYG&gr6yepLxVLW!XOvp-$Yu!wA)!Co^^K6(n*$K_ zsKCy9w)drm!kSip<~GWr)`#`~fJPfD6MbIty zdUK0W(yW7FYBQ0k^DVBddI_6<-$j!xVUd#sms%qs`b4-VPH)l;5xvTmW6Jgw*;XIr zg_%R;F`V;2d7yN*F7lqWJdml+s4ch|e3|-<%X$@Icnde(5APXNDq#%&>sr(dYV>!KurM&6JqsyY*9e8)22E0 zKi>Yak-;3U1i41a+p~1fevv*IW(#)ByZRiu zZ@%VWN*c`)^oax%ca9Kf{gd=$E*Ee?PU31$=ot{;CxSu|8B47CNY0e%B@cdh|0r-O z;zg-k!xtG4fv)0|JkhClXTgKRtAF1B0KZ624;J2W*fMA!3BfjDr$y)gaK6ibt@>b? zO7pd)W$SpU8G!WRyNmsqwY7xxbrZxe3HG7O2G`%ef7{vF!N1ziHh3QXBr^4@ny)G@ z2ETjvZn4e9)Wq8+-vdzR-IqU=pvYl>oE!+aS*r*u_pb_gRR*B-4nW3;9|K>K&Ga*^ z)3dTldwNW4FEpH@c%1>QG!TJK2!kR5rDEQ;vh~kb&CoCo^%dP`k^Qgd#;kxDMgqAFuS`Hj}z z&fNB~xtVVn9~5+xg)vWT7I-p@CI&#|T>K;@_^9L-=`6(P_E+L+MJ!@*Bc(|ligLM+Ot6Y(zbYM}#$I_SQuv6O*!&=;fKIs73%G^_?t?R| zmpWQV!>fev>5aX^KGH;nsF5H%Vi<}@d15;^WNKoozABM}m{%j{F+yD@jF1UpKt?~O zo`_MRYs`{~Bq)f#N){m6dH@54IxEo_5< zjV(z)Y<^=S39w8y;UNh8A1~=yjoO3%{&n{B@*38K^sF zSQ-E6{D6n+K_XTwrmM?KGvL7aJr7_ig`x>+^x+{PU@`%BM3C!A%R)(GBL~xXA%XsP z=e7!wNWePqJ*uj3-Rh4Z>irm_bsI_nKS`ARt}vh2XX&}skMw@A0ql44cW^L{aO>(L z4q5~ZE6QuW4Zs~tOw9Jj^RY(nlVyHnfs9|v%dtOyYOF0-Xl(ts_yMYRGH=E8RMkhd ziMv;<Zzc`%899q|Q=V$qnTmrx`Ohu{y6>h<5A1c55>0$ybe4ZR{fIh&h`C~Y&g z1~>ckv#q3XrHZ%!U2X7Mtn|+)n`{d$S@P&xc-Q3{cITa!I=z!>3fIbeyMUd-CXAlU zIb;isLjk`Pa^LIjYLBtQh9Dadsj!^Rn#^_5zO{dpHE1}LagoQ8V^x!o$gZ7;rH)n3 za_Tp2^sYG(X?3UNX7wMUK4%28*$`Sj*3YQkbN=X z_)FJR+3!TLmCXjg1$qqr8DeTmL zUkGSp#s;;TQc_a$3m2twN!!1(Oo!y&1cWChVi`v`C<9hv`(b(BPn#Fqs~}xn!t2wG zB;zjct??YLgTq6>3z`OdynBafGnpR)6q5y@X*m+hS{}d3GXfrvs>l@{7P&ByC4RnQ zfrfeB!^6YB-Sd0-CeZ?URzc5XrW3mY(`>LGuhOj`2D$Y{vO{h;`G`tFOwyemxT2XuYW4-2QIjVSchA9OamO1!M)5t2Ik>7q z1)z+qT{0Yx$))2m<9EG%-Xw@&i(;J6GGYm8@LNg$?0V@)ib%+6X?aE!WrapF0E-uDQ+ZMgfx#q{)aGG}ykef{KZ{;%_Y zcmB742NK=;_?wN0h$tG|AzSDd&rz%2EbEh$=8Rz_9`mQm=hUS8dfD;zpfm{pK-^Fs zNhsiKMzR>TZu;~-yru(eEK=uoaE(r#q_%bjxsPtm#;mGX0-&tGWaH2lpZ;{s)_nF+G%;M{SnFSpGL%8-u_n83UG-HcD+d?7MJ*oOYEtB9b5i zQA_3*(OUwC8%GRW;(2yzd~fMAv`{?hiBG!I-b;ia#v@xyso$?C1jfwYv}X&KhLeWQ z6uu)_OchLrV+cu-7os%HA@G&yM03S zeS)Zd=M&Omrz+E5>+JleLts*&Jouc$vbz!uHlu6~{=1Y_Vzr%5#K$cAT?R-<@`}N# z=p6>3?}dLznbjk~VQy6O!F&vqM9?wU6-0i9&HB11+dc=3$ETziY$hAnL0N7*R#rVH&nM4-O@e{+p3|vvsyL@LvN3B$39meEhL4 zohWOaF;JtoZNS*$c>S9Y@~T}VN|?kMzOGSm1JvQ5Gd)w_>gm;6mCc3TXP$Kc;P^qA z#q7H9eh`O^C=`26q93l0#epM4uHffuCz#dQV~V=8~yVd|5J?{>^v&v{i% zmbV_GPRw!_cMJ3Lk)}^ay0_~$Jt$dY8Jtk={q4L*k*SV=N`c$RN#_)dP^gnl`_ySv z%>^Q)Www;BDmc2r030lwfRu#wDv|Zi6RDT4$S-}FiTyX`xQwkYs0F`wC^J;mBZs2# z7Z(?!hlXTV{Vyi|Gf@AXzC54ud+aG2e6S*6he^8rT@~=Z$lLh-Z)dnvxry@E@+P+z zumj7-msI&h?D0(M@pf2D*2l+3Igh)Idqk^M7N2FGY&h}t0CwOR!he{CEqn$t3B0ow zz8L3{3hhlfHbSL5I6CV8uXZLURYbH*1^<0anD1I?bsA`OT5%o3*WG;$O0-g^ly`4c zZc!{V7jwAjMeetfd7TfrC1nuO@V4oKfG{2Q>Cs0t_pbQy`(lzcUDL>xu`bdLPz-}m z7+ar!^=@(qB8LOsHhqZCp$O5<^%Mo-g9UR*4&(E{TpD}B89~c{RY3q=x2<~Tg$#as z%|4U`*(~;WW6|tI!vfUY2icpWkVcXzL$8+{`K5$+#YQQ3J6qyTB+^Qx&xaL8iBcj< z946I`gNu&bf=Q(d{%j(PM|kuBhuW_)t8ft*QNrJtLzj`-QRVC>eA7+bY47<&vgV7g z-y5QD07=_^HE+maITW8Q6Tt45q1cn}5nU3U=iG^kkB|S6Y)LCboT@Z>#@{MM9udHe zbgX9$4pw`6`x)(-s&?_2pHXiDqXEmBY|B;8$ESp&t}4(^cKQd=K=YJnoKzInVI;%h z(DOUmZ@1fVA75yMu#y$mS_FN(y>s8UO=u2L$P(jDS>R~pFQeJIJTzcv(523+_L5 zOJam2JGQX{GX~$?6uAaKW52$%M<%5eBKFERT`aJ#>jZ#==J!v8l`X! zwv2Z9VMV=lpQix43%Y0PkVv@h!?cY8-PG%D3O5VcTzpc!o~qp%jy*0ESQG;l=`?7K z=;+vztH+q{#KMC=Z8J7IvScreA+FF58lX{BVb`u0x9;mqvaa#VZ zVH8n>hH?&wOK%Y2&`lR1UtGOH< zkt#)Ac7Hd|rH5EIs@VHBT|+sWowAOTMxp<|)(CJ`TBM*-eVVTxVN#LOq~_~uYipfx zg)`D7BRlIK7X>REa)iiAt#7>g_HGz;iN++xel$Exz8`z^H+`!td)F$~Hy=QUHZ<3B z>hcZqIi~LZqHjovo&EHF@wGrvyZ_xTK7M=Ju0x>S!at9cCoY!&*&~YFy;m)JBwk@0 z)2W^bhmp^yyd=pBXb3D5>`H(}7NTTJhKzNGLM@JB7|}Q!v$H<5>0kp* z=q*v8G+K1JIQwHXhZr7J+33YlfWwb0hvO37UFekG6f#);YOgt@wa{Tg zMxzi)qcAW(QX5B5QDV@$OTmke%wBe_PC4Y2u8?)oZ(*)gu`qdoqTaeA<3(0-u6V6A z;CE;{)Ah)eT%EhkJNK!8t#92+Ltv$9GR5EU)+V=VOirG^*&L-NxYP3-KY{Pu?GxQ> z;9{gvZ~?iNX<(j(`53>rWx)MEM1l^Inu=q*mUv_t$jqWhM$Aq$&#z=+3O6i;y=0=O z?*dj~rD8kDP&~kXMJl0Ce`?b}kwU~F?+PJ=hL~;xOESXV;1={Rk{j22eO*&F<1EUI zr^2_JVcEhTn*JJ2#;f>p@tj5`vXB}kUUvcVr>v~Z9xQ$mZ^9@`*YQ}+$uh3N!j*OG zLKiEqfA)%GfPXJeg!tU})6yyXs|C5)Q`wwTfiqsJo!qU$9?p;CFtXxuC0wXK-0Kpd z9ovb_Yk1d?#V8t>?&u3Kk(DW3*7Dj!UN4-fuHz#(RQ zC?9pmabw2{Czb*hV-ztYu6(kq{t9R{49C}lZ#N?_)my%f-lB%XDK!=u%m^9CAR+Ip zk&#GRxNSC*iKj_Zx0+C0brYoqn@FcG?t|W5Gi4){CebQonw>1SxS@L$m%H-UhQYPO zWPyRZA#24?F+eI3w|$(5QrGPab>L5S%(%-~r4OZ%&a*Lvdxa6MP2dsZGVGU&Sp9P0 z^2!IYI!a#q71a)1Rp`dF%7Fi?d)EHuCnT@B=ppRMiSp0DKpE34r{GB`{re2}P%XNA ziL|kG<+n#0>$YLM-k@Akd}G8j{?CL6$So6vm5{Fu<6dw+SSAN7b1RGAYSPPFMH?zT zb%Xh~1}~gw=PD`8jH18f$hIU{GAp5<7Pnm*O^CKgOPymZzf_F5xSz7b=2`Lb{+9*x!l{ZH%-2{bii(PAIy#w`1uS#lUw=Y!8~lU#t!S$h12ax>IP z>+WFKp+7L)B@lT{_oZh0NX85E)d0vnv56%p_~6gHanJ78Z~too0bF$hXQGMTDi4Xw z=dR9m;TM9Mg+uCR+~Dtjf{QubAQI9#@K0?0K-6XkQ*qKQp9US5U?pC_O=r(h>DF!* z3Vu;lFKKX`Ol#k{x5uFnsFE~Vg*=4^Tq@+eno*0ThvfAaGKG%>?3&D*-(y~J051Pm zA0d+Dm7V~h|3)z1{BBAB>Kypr9>;&q4dD8)u(15MGeW>(fS5OtnbA>w2OTdzd)Efg z_U!3ss#g@QG&>VSq}R%(^~8Pg>0xB(?oP_h4TtO;OPR%uRR1!la)fM;5BL+$>!$kr z4g)rMP;afI*@b&kqIr;}DzlBD$!_2I)nbYJ|609N=Wcg$0QH!$EB`xBAkj|MgmEoL^Fc zSR~o36cH<=L`<6f+h~LvP|s7tK~cZFDJI!A+=T4LA# zXk;(Y>i+$=M+!!lgm#;-sQ`$ME%pclx&F@3-R^n#JMegSAt%!7-m=9JxR}c!S1o$O zxyAc7ZKHu;esWxB-Dp2ge#BA7#%%FH(sLyjwJ?~tcTxaeMoGJGcfLRs#6Nk0g6T`S za%9nZ!##~MJmNIktQCzqn}wbUxPWf6mtnvfVZ!35!Jf_GcSTR|3U_q-tIi7^b_Q=w4Sc1&BN?bB*wgBRT%#5 zb>O9&Q2xb2Wvx`VDO~wvmrnH)h6Id4;b$^v8cHX6yNMutIW6V8lfZ{78_nJ%X7DMG z*QuX6NjP=-#iVE7nDIk|WbxPjB5f@#nv*G`YRP!Z6x9sJa^{D2q{)@vmVH}V?0#&) zKQuDk6Ae7E$9s_7^$QryN{0l-wIksew26G?oK0KTz}R{Vh_g_Ky)3(ehjvc>1F{w& zy`K};Pz!K3%|~jExa=A1q6FMUq~8~(Sn`V-#NT@oK`J*9)1(^SAG{UKu08e*4Bw|0 zG5we(PBzQ)!Iyu+NYELpG@A)@Jl=5qU~l=KpAWbz8xnGIQT52=if8skF&b!q*YUQ{ zA6LlxINE%!mcqAxtKo0FU`F7Vy1Izr9S&_$=EGB#xFS`bmlWG4JK4n)8f42mL=Mz& z`JquBlLdE7ZkF%xe6J$}=6V-@j|ED0>kceZ0bq{7x>u32*z2F5M29MvJBIe#v%kj7 ze6`8TRc9__j8i_efF)|%d5}&`nrQfgDPorpWO0@lF4G&HJWh!_C|7vhO)JW+ojrna zfU0N)G8%JHUsWbzx#8q?29|??oiz@S%fXiU?bOSo>gDydB;FvUc5K*~ZM+1Y3^3f@ z!4A3&BPVgJolA9xx_>yQ;K;3TjqL7_?(lJh%v*qia5f% zeAJ6uS?VgaWfUb>JffV#8W&*_Q@WvzI{I6IgeQs>J2F)IZi@gC7$!kM3kQ~Y07{+T zK_+>TUwhd#)1tt5n5HV)*AwtyA^uMAw`2T9y>Ztif3uA(nCH3*SPL-u!dJ)3X4)hC zM`-80(=K=U+U4JO?ZUCxA}=68!((|$y;3Zc>UbYN!VT1pZWW{;+HzfFhO)6H>;8VEyfEahQA|GuHO?en$nQtYQ*Dgb zz_LHuUzXh02_yxD$6^Pf<6hSwG33pwT|h95+zak+4^Dn~@O%N5IIj6d?;z=i!b%tF zeMX)|HEx0qnI^BAEj1;}8D@C8C5Zim!hmXkBNe)nD`{RB=yShCwiOR|^F*SV-s^x> zuqZJ8kfUkiYpT*Cl=@4r)zbV%sX7?p^lU) zF5hKhMXq3TuF5Ho(PuY--gA+Vsot5d?}XUM>)%Um^c&6@EB(?-y#GeO@{f>T^?iij z6sg1O5>aiGy^UzKr+ogL+%Zd98x$)bUGjl@tm=2|5KT|;3qucF59`sTc|PZgQSF%N z!U~NpOTUR>REvpIo7L0ug0tsBXon73YzFlAt;}fOLWT>>hdUdS8 z7ulgzlWX%T?NC3)QZUQ@Aur_rgegD5NU7Ujz?OqS0AYGBE0DY z1VTrv*3a$1IF5k(OPn@2Jek+>4$mM>B!t6uvyscFnkT=7dgIO`!Hj#rosEq}6Mj4! z0QNCs-HJrElQxQ)dI5gY`0?r}AFXqyA*3T7DgT&s1nG8+_aQ5LOR4Xt-ZHgl8QboO&x*g zjS1A6NqT^-D|J)TLLEDPmUunUHFh99cQ*UN7;ds`ehb@9k_q1*l%DwtCtC|_byY!) z6sxd=U3#Cq{r|<8ez!~#iL9yb9R1a`BFth=T;np{H2`|)t_swQsZ4R5Og-igB=;0C zTC%GwC8&-GjoFSq$DW^(cmO{%@~m4w55>nZ_K~j{@fCzAN!4gAQ`PUY&{4mZWBX4P6Y~G zbSz%RlY4UtL~VuWQ6_XK1+2lS>N(7z_Ze*zh@@CXWbo&|?30+4$mBHG`;SzVP{Je$ z;VX`CEa`{yq*xDW`kX*ebOg9A)1rpfR%5_+Xb8{l^X;=gKF*5P=Fu=iHRe}{BK z{@{RL|L(s%A<=t!@{b3U(9q;$iSelaq3J4vs_MG%rMv6WAPP!INOuX+ARt|Wgd*MD zpdyV3(nu@a-6aBobazR2UA}$ZnQw+ajtb}Qv-e(WJw7wUT=73X4OILe}$1#YF?2MsK z)+{TIClR*zgBgoJ!Fr-s%k2xJpx-M}SX3J$?=!;#0~Zl6fsHq14||AvQbsvrB>ds( z<1x2M-{X}0CrV_HS4n!Obby}EKhEmm0eogRNhS_S@220NQ|6CL@f!D4We!{XSYpgz zBwgYe*eH>;2R5SSEqQ-+^ej^Tz{gZm|IRHV8Hi^tI$Q2(F)5+~L(pM*NLhrmOZ$ql z%tP`X=i^In_&hrTNF$M29OI?(pN7}jqrmb+qUpA$=s+V1!0CdYKUMnQBnaY10`;I9xDvYGCU z4`7Rsk~rED4l2yG)EuCQHMzf@bewmcguai*#k{-g1O8O9Q(x=&Y$4j|COryHh>&goK^@zk5Xs|T?e6m3J zP%o$eop<^@@<3ev+J#erY$%;RsH1Bk+LNo>m&i4rUwm-Rh{~ z1*)_q&7JdP*6q|Q%q*mCT505*P?w(T&jJgQV4KjS@w#>=@)@o_8LqVqXx53!H*x2W)@*6%Coih^4i+tz)L^IZYq3tw%~nWw%YSqxB9L2 zz}W~5n^GLA1}V4wg6QBk0fLJ~e~Bm>p&;|#s4O7g$x_F(tEC3YIY_z~N%>4&LnDiN z~q z!EzQR_1Vz~dRgq?Pv^Rl<6H#k@djkY`qjsjNW(?g{D#vZfs{H$yy-s*jK|*GYe`Z( zp^t8PUMqj{aua@bmU)|FCH3_?SBe6AdiCwzCP9|V4bGN{Uo-AX zwSPXgvce$J@>F+F;HB5n^_Eb?CO(71I7QpQ+i-0g3#R@=Jj@~84{`IQ+q=K5b=$x- zxC$mL8FO>RH@sz=H@a5qL?0YeC}hx`&GP&1d98sY1cS{)m%2BH|CaZ4jmM zRmA-%&|Q!6SpFH(f4gr12|+xLUb7oFd2Dg(3{!u6y>gd9gbJpeU|?tQ*stFlbvlWE z&rm>#l>6WrfG#IETH`~5GziryZ+kt{Pa?aya)OAitp!ICRj9^B*-IU%AGfGhno zDf!wg&3hZ6=kNSy$yWY;Y3QY_zWqy@TIVm`hwc{73`_4&t6E7?)qO8;^j@|tWYXiW zH{ov5)Qn}c-PO_uo~M3Je>3Qa{oDAxLvc*H_V$uDMDd?bTe&jC4tyn+cHv_B<@B=E zaYjsoG~DQN(f{7}_9)u_FCLXHI{VYg@>%APCE!nlBsN7Tvo5&Ok8`fy^8!A`zxUapl^J=tJ`a714QvY-4}zqE5BkZQe=0fkJU7?gj1c-Q&n&7j^^$np!7D6BRhYq%Uj|e%w<=3{$U~ ziCeLoJ{JpeE}=a3Q4==51DqcjAc~ayd0rNwkgUEg<+ci9cxcr3`E0h*ih$1l)^X0E z6Ax5r)#(=xGg>kcfDT>-#Vr)SW%SLDs+KYMxW!#kQFYay;U&PI{Gcw5{2mQA&m*1b z$rz+CRkeIX(t?9!<&ZX8s@kN>A%CAh2LD>ciyb4^jz9{qbkswL(#MvZSzG zI47!RG89Ae#j%@^O4-Pg`X?MZn&$txBI*f#X3yh~cNEK4TlJ4c3R~z>8fXyp@9<3d zJ@p+neRc1)E*!T}?s0VPN)J{BN_}wfPAGD0{^Wl3?aT)gEHKGz+RniEx2Q+Uk&mGoHm93J9sJ5N$-&4#dZopB)EDiDNf2dYtGUue| zif0hq0~RzeJw2T<#}2o90vAD9;n2?8`-XFly|j)Ozu6fw{1KkFVAo6{ z&G%g}Z=Wry-_?Wu;PxoWs5eE*2qmvk{yw_;P3l3Q$HYhMEkhTI z+oIwxe|%iqu{i3=&WjJ#jI)y%ab2=p?ynOlD<3E4dkAkC9osmB8=SQlOsHb#*zRU9 zpyoU^8AU3T72DksEysK0y*T1#(SUow(Lxft)6b3iJliMAzlK83&*YXQa(ZJ zmHE}3NzaOZ6aDW`oE#PYkA3oo>$z@Ud_b!D$SPQ|MSl44NMk9XbIs$THuH{lpnZiA zW>BjJ|LyUc~SUcFCRV2>2Vwn(mVL!4j z8FWfFzrRf5O1wl4u%vU@Ly2SCWgIq6qc|U~IiQ`2vRCq?5M~$23LH=~4t7}nifrjj zR-wFCGjjS1kbk%i{I;UMvNi(FF93sb_|x7OCoL_lpRe@w0ownq4{`#?GkA61A+fUR%hOFHbTn0rwVcX%LEYwITZjEtaxLXJsoN` z@ibZ|v^FYgJqUbAhb)l;>n*hF{~G0rNr zp^AJp4YzfdVJ(!c%SHm)@#Qpc+NUL6aEg*Es@wQ4uppJ{b8U;*o5My2`o$kX5^>fP zi4H%PQkkZzU@g;=vg_5?KXTp+%u&6QkNEgTo~}AX(afVp6o>d6i9s#RO-7C-Gn z7HSoDS6Wd%>?{pFM{M!Sb+xi12?Rl1?>PCiM7)si(566op;fmQ`IHO!s;xx6u5saV z8~Gf}SQsE9ycA5|F{5G#YK;8HC@?xK&d4b}8^?9yA(U}{a=CSbQ9EF*jYk*lThn)% zEIpm}2}fy(S?QPtgRim|z_Rn-o`f25pzMEU@V@%TPlMW(qh5M>d3lT$K>58MXMIGY z$-`H~9re#zyAwa$eCsMj&Y$wW*=m^1=Wf@ecdvFaYSyk15BMvm(~#fRhvUaF=^PsP3Xu%2^pm%;Q5dSH^yjiBcj40T*VBws7$mHlbmsN70 z-lql`EFHd_#v)2t?9K^yI^HP)Rg zaM4Rrgauye2LldS4k@?cm3k}18-x4rjXsQ&!fxiR9=Q9ooUfNE{6B8v+^1F(a?*sZ zPHlvk4++WNU%AnE-Dtzw{s2AD;#FnDCA!1m&sH+t8y%PH)C@Nu=Cx$S_@f2;itE{d z+gDivce+Tz+b3cu+na@DooFR^Dwi7-21vrnXs-xYey}m}{nk9DaB6#9X!=BOmsJqI z8E3ZJTmvRNAXE-61fO*_llC@&r)$1ww&r;eyVz{&POGXkotYuUKNequndnn zHwb?7iX-}in+!lFtmb%rr+zO>o~R-p8d@#5JDl9AJ3T>HL*^1d zFIv)6dM?xdAzJ~-vT7;E-@#f_x*aQlR(lX`?uu3bwBK8^pudqQbPr(ca;l)VeS#hKHs zhJ#1h%e|N|Q~rSYf~6$vx;3Q@oH+91mkhj9((K8&NSFK{4de&Zl5^%Zq?nSd1b zIHKN_m}81C)t%Os+7F3KuaMxfU;~y*3U1cRvr_-hwTph#&`1vC#IJaHc_ZPM0QvXt zRN`z70g60i*qogJo!{kh2&+jC{QCOZ;ri4DNcYhXnod+luiqZ9r1XMz3c8S@=p~{+ zTfh9bP_xeC=m9!9dVDVW&ruv++O(K3mE&JX%A*d&=>2J_5cdu>;)Z@ zN(K8W5GHx-{;Vx~^NSpSA-ioV&Xmt+iiNbiJD0hF+8Kbg@ss-F1dn!_tU<1dxX$K- zGcQf#iVy|UnQ5NH-`TOSF4M)b4sG(Za?k!O#`%aC*#NYF--{^OJQjU{?b!0jcrqzg z{7OUgU6-HLa-91m7_^?bj^w4nkCh4IKEM$pZ&HP8zY`8fc%tQEEWE5@50Q=TwjQS1 z6)%wBb1k_UX^a`@VfxE!;$ONp!kj?kX=0+wQ~lPa#H{U&M-77V<(Wkv842vcj_VqJ z?a_8!3v)uyGj!?4b=b<)@1{}lu8=*<=l7IK@FYgj11vSrc2zT2o(9Z0y%}g6$NelU z2|Mai1!F;Xxqq@b5*c}io6EC~Btx8fODDtB0o(kMQ!)pdIZW@HmdHUYj*qD3${5dv z#c$ZjpBhGhS49er1aNNhrK++3s0n;M&W(A91;i}vri9={L(110yZMjrXKR406^DDB zM0#Xw3`HSs1jzY-oikO~6`MsZy{kW-1vokb9Rz_HR`ekpV3L@q$Xi=mlHT5p_~(#1 z5BwZPIPL>d>^HbuxyR-20{#K&3$$^~b0g!{LzT5(vXC*W%Tn{Y0B;V>*vnLOlMB5IN~rE(&++A_1`C0wFe} z&IaGgYth}+m5~O2SM_`N+f8f!=s-yr_yX)4q@zxLX7%5$1Ro+_Eo0*I+c1=%#Qd6| z7iM)$R;JWj0US%AnR<;>lHE%d7p@)SuE>v!SeCZLaI7vAFwHWqhcZvfQ$*uC36Yx} zPE8~gdNt~Vquc+?;xp24alO_v78Sz4!;oC#vPDTNyQt~(byE`+SK>8}SP=pe>@#Wv z$wG4Rh{Tx_P;i!4=vh6h4`gA&S{J}O?;LNz$i129+<&jBr<>iVu^h4`$MA3sC9#9h z=icAjp3Y)YBlpJ7JHxj~k*`4UQQ}5>+#`ed_tSRZ7<}PC;g_32H@BV3Lzx+z7l_z6 z+Fz%{y*q3^qRI~3NM34*GTqvrMCJV*YG-F6FwAd<>(P-TN>E{$_^|k)cHzcy>K&p$ zxKTCntzhTSU}Ca~+~YRa^C81zZ>y3;W46fwl0Ldck?QW&V%ih>TmFXHxqy8R0S50C zSV}r#I>c+N4Dp%ML#PWgW_w$5byY%ovJrud`K*u5mliJ?fl|?X!K_f2{|X81-I~Ys z_c~mqCTuoiKGzg+;-Qc;HK(QCkZPZ+31s*Y*_dE^Z|(2Pfe4`}Ix(*v-)`6E8X>N`6U#sn3byXon!9O4 z3p4@)opYKgIIWfD>O+0kK4lNw~e?~U7>%b1Fw+dnuy zjbH#cR^V?5LFrF{RW*>0`@~4WHx(ON10>JkLqu@+r|uDMGaImwNRi`zgpNCG6k<4UxVD>;=fBa3(ubQW_jf*UX4RX^>OQ{U z$-s$#5TBBG(eneL+1O#(0O>!W6@rCNGh+T<%S#g_ zRR~cv_c__BOI9p;bK73EC+gSvHS}|98g;uSy#Aw!7TA4E+EY5}{@y8L^!k#`uLtW? zD+b3Y@1>58Krx?tQ8}w8Qkv=g$6p^$Ip;*QVcJK0?UWaZlg8DGBI(^7I(BKErYq_E zFs8Gg@VELQv0I*>+mN^bK#2puiW}*5gfqtMo!rr$Se< zMUks?E>2e6}85 zv8rJF)pX{F&Y7MCmbdUcDfMT1+v2~2P;9t5mPg*QD$7)%>BF(JFyg_OT;rr!7rtYq z$xf{gQO(ISL3*P>RGUQAtuMK}wbSg&=6ITHNzjL<`TK>pOn_z zulrsdusdh2g=z4Zf+kquUNP3b$lK*{PN6ApY?fm2n1|8oml{D#xnXev=`N|fEt6$? zsUV9`bKc;%9+7m%xqL#G0dryPdcRMMTymbXb*?{!h>_%8-#kV0OGOGGM)#Xh(7s%p zk&84GbqmWWY4Rsg#&5>NX{S$Vaaa+g!;qYR!`}ABbd|4f@^{)Xm-CZPiT#>lwnFI& zo8pw(hlQ)~+NxQuqjvU3Z+V`=CZ~G;ZMD+G&`S|+enjwx`D05B9!e(cy-hkaQ`pV$ z&7DJp6k%jvd-a|pj2t*tYRXSYT|4OmOzY^E`-4d=Mvtiv;eL1dLZAPbFg;0>BEAd3_qf=aJ-^5yY(%FPWCu}wQY&fZkQ+Od( zoyGBsffeI#MY|Ib!rG@}NvEDgfjeHsx{B{PUARO8%1&Mgr@?pRUDm3PG?f)Yx_y2T z%XZk(GTsS>JQG>-;rK_u0E0+N9$@$*F>m z&T^j^rr8?>&Rrd(z#cLyj?9~F6kA$gN~y^Ur}a%d5U9obV_=`X9O$ia(WNFAub)Kt zbK1ZCtdFloHL%s`2PSi3@WbbYB&ee_(P3d>MQQ?+_ik8uVmJ-o30k<6U-ki|^RSmM zbG*j29WNhWR$iXvtK|IM6XiWpiwqI>eaiO*skNboDULKbxw((}i}mbg&EVO&xo@Ob zPTx9B41E)@A0P=;{wc(|k#`#KY>ZxsRXijY)ld1Wh%g$5Rc4%~#8WSV5w77EGf7yv zwPUy*J)R+AESg2^vU4LJ+nr0h+O7`drY1vsOngy(-=DVT>`$9Ka6V?>5>>xth`S3v zO0~qbZLw3%)BQv?!dthk+or-kTD0kEU|^uYkkoGx({B-1nY?%u<-YWhtptAes^5}C z^6}%-{(B=_vCvkE0nkMq0w|FR78kFfh!iYM>wnwpADJfN{vgVH&T}&j3r;qZf@@%M zHK0@WcAOPPGAv&5^XGGC=M&0fvg>E{^DB-|B&}(B>(;**lz|ustX7JW!oor+n%+x* z9z`11)uXjpr*}!GnZaK#G3=Wg|nx(R~h$0u%-BnTMMV5vo$OIg4+6eAG)^0{55S5wWe-z{m3 zyC|rsaT{=a8rCfs1*ptukipXB=o7|{mYnlgafZDQ9=06Px{K(`K2xKentoX{9YyjR z)9eZT{i~9gqtUaz_YHYvE^yj4)4JN7Iln{%9sYS9UqQ}!qjJbxcJ-D)6?x}PMt5qy ze_&XzKdvak9QS7frcCkEjzjRDhYiqCS3h003F%~>SBDd&35%NJ?{8n5vDzEwI^{k& zPd`j` zlY@bQ0`_9&Nm$HuT;On;h(I~AFA(D^`~6aLrrQld!--o2n>KC{be*5T8(RsNxLroY zeA1`&BEopCv|s)RsSUDs|#Lz2TO+(yCV9b-VmSudL*2f@}rt>zh&iD0ed>w zlK0|`vC}Z{%}|@drzw_k z(R|>0d3WF+4I)3xJK!#EZY#Sc_g=?~z+2E?$rjnEwQ9(|3f^}a7=j_EK#$4YxQWVN zndb*PYmP78asI$FcwsAetm1CKkM5^@`QjTmQYNZ6Vq_NgY9|e`#S&p2%WqF6Bw)#t zei9AtcBA!OiKnG=i_RQM+!g0>9nsqAwp?z^R(_PY~b1rse4 z2?g@9I)ye$9(;UYJKsPiA4MbO>nmp0a%E}gI7+$raMj z9Oj!mp8={J$5MI7imK&Tnk>i9MJm*=^6i72=``_U~?c5>H~Ouu-f$P=X?xv;ozNNZc8TZxttOOB~D8#4LKX?Ag?C3-O z0u6Re)F_+ALJa{KemG~12#OTM9ksRB(!Jd8g?zc6c$;>;hjDn79goLazuu>)y<6s3 zPkF600HS^(YZtuO99dLrQqsKl>;GFm;5-KCi5Ymib=Nz^C_XwEZA^tG$o1NlX|GE>j+Q7>d z2&_MAPC|wtR|v$%v{z01?pO?Bc=1CV$S+uquSB63EvR&8keUHf@p6TtHNw65or}Md zj0}p~{@e!!Om!WdaFD4$0xP`|van#NQIS&b80RO{fyu=lW&v|7A8VvZ|p}eAY zJ*%`(;A8tQL`%F2e!Aj2R?TfhWH^8fQo!#9d zsJH{*_k$ty*1+-sI@aN4uQsQ!5DPpi{moP_v*AT~v@b4LNkQLhUa$;mk`YE-m<~y1nX;MMLH?6v${DvAq zgX_Lo37AEN9FsrWp4CokF}9xqdr*#o?#b^@e;QZE;KqJ*JNJibeJ<_{H2@yrAoX^3`?9o{?wm52(gif*N)3NkME4F92vKskT}L+l?Q@F795 zBd}s2!RMW8fh7)-JhfxcchMsbF+kI|3KSO|!+z(_fQ#D9+8PsrBmvxbSebE$3xnF1 zRnShgarzy7dNN6{O zM}Yhw2AyFKNFIw8jDqq)MDK4;fMH(-V9l?7=mr9~WqH~vqx*RMSGmm?v(L@!qMW@w zr(NALdJ|wxI-d=T27?m>_?9dHJb*i@ciw&Rb9=iKP^7*FAO}qDqLEh60R|<>qz0@& z*HWqP-a8LqFFypJ=LOg*%9(G9{K&7JSGurn!SRA}7>L2z*J zRI|5$-}P9=3KZ`Jid>+|H~!^si?_^>0y`yz3arm^QE`d1l@&|NN!kGn25!8JfA^xE z#}>!z{C0B@%FOYn=D?f;A`Rrh#p-t)pJ57;3?U=+;Yr3ljeIm+H*m{CGTA5<|M^h*dbG-2jzpqbsxt*lWS^LkcDs z%x6b4qoaD#_&+B#5b#}st0=BXhr-B(DBbURTWgYuLb7Y~#4oqOPYGR;Y`{Y9msTph z%8kDUH@NYtfD*y4J^#4_VW>;S*{9eT4<{l%->CY{a}R(+6TGwzGAq3HCp|b z+z3_L6vv0Gf#kGhZ>S`z#b-%pzx_-Ho?%lE76au0LT?kgRjkrn$w5UBSZ;uPd(`~4 zZSE~6v`r8@2E=2*6viHA9hTQYH`VIG!or6gIGhjf=RrOlP{Bj-f2B>wipX5a%FN{x zk&%(6`*Zbmi0fTPph02!_8S-jI08qdmpW{%$SDk`Kn(-O*yZ?wCEWv=nm+D9M>>KzBFX=X;=i{FnkO;QtF?G6Q2_w~bHwdc-@4NWA4eJ%B$@7sS;*iQ zTi)0xGEE??&7jVxo)2;~k@}=<0FWl%>p>m{)iaQ^i5Ua~WaJvE$J3_9Q10ZnocUn< z-WMJV5=k@NH2C1c8k4;9IoRQ}uDpSHt)@vN5Z~ef5ek`=JVof5t$doIX#Dt?>Q_ov zEDWUM-=9WKq9l6zvR%KP{JobHocbh)NrZovz5iK0j)V`T%N&VuTQA?X@_f6@<<&bh z<=tTOhFuWJ=g^Ku0oK@O<5`A6Hd8Iw)JU*SE?G4-f_)Hy_`|rF3bJ=pza{&^X_79f zBK1K|BcTqnlS}!>bF}BiF}Z>~m4bv>gp4=A^tUi@8_|Q#4&)hryX8+Lvt{n)u0QBL zRz?pG^11R64=e+g&@9jgK^EKgU<{}s1Uobn6oC87==%s9&L+ZW34|aJ-_Y^$^JnMh zTfIVi6*0kK_)IU%!uRv41-sR*Jx#Bb>>~?LXkyLRq08F-KNB z16+BtA$PXjF)z!)$P&b1G!lL^pcm<{o-}k;K_-b`=a|bF-ekG00b8I6l%!tJ-5!EA zf2HYUsPpiU3!=Ed6}@)i2|4LOJre{+h`&)YKx_lV$y2{8X6kq^Io!^OqeMB-IhEU8xAM^?WHi6Jy{)ab?KitSnESHZ8_2~=eI=4Lm|Wb2tu=6uVy*mE5<2@ZqoLZIGz0LRG(=v{xH zt}M&g2RD^GsIEN8xPG8VT>(9v!pj2XS7qJxXV~x2r2;_lw4JHK0v9nOgz1|gj+0;k zprZvGQlQfWvxeVcFg*-DZ{P-6sa0^Bi94Io{G!#pya&iV6vGA$ zEKodH2Si+gWs%J*Tq`augn)!0Wrwaf^02fY$ zMX)mXxsIRgK@arb98D)00d_Q~^H5h@T#N&l zNQmBsT87n73S&ty(?XG}Q0_Bm=%G*((7*|ch>*lgfgv3zP0H;TTTs)X_63YRSzutr zA!nBasN(1Z6zS;$GF{ak7~wq8hbA>}OrU26XAm@R+#r@E-ZuzM-5BViA)Y*uO=ks6 z-eBPGsd)1%uI5=XE{Kv%{;sA6`lBJS3qx>V9~L&Yw9tXz9R;edpd$u{2Lh7-)%xLA zO_??{xI^tDm~OyYLVpXE{IO>XNWt!cpod;=w}XYW@4BGp!U2zd1oHft4R8P)0lJwo zpko8QAv;L9y}P@EN-FS*9|3{JLvMn2U=#v{80x1WJ#Xx9OUIqRPryWH24b6_ixwL5 zz{v2ZWC7rb5GVl)0DlBZ;b$MJ_IGxWVGt$(jw}eg0MCvBT^t~lF5j!_+xI>bbieN? zHhG4vWGI=yn$2nWId&GonOX9OW@}KrBgfu!DEj^ceu`>UC#fxEN;95)Z*-5v^p2BH z)4;uCm6h<=S&t2(b1nfx{eq|k}<^Q33UhfNQSP`UDTem!{e2lou9Rw{j^^O z;Wn2ccLv?ADhrV&w#$uBZw-owDlEIuf+GR!r2k+lsEyCg%R`5BSD<98DVH$}C5U>~ zgnBi&;rK_d!lCud7e9M)yYJrG`L47%Y`3(P&XH#IX7L^o;`MQtqmRo#BsW0*sCk{{ z>eaqjVvUIQqUH6C?U~xyMd3nWq2Cyq=TqeLs%O8o(>yFkuQ6cBd3kxQ>=Zj%lBRYy z84rxT>?$bKQDNk&LvZJCOJi@;c87cT;rCMYd>6(E{?}U_X%V{yJ;Z_-mOadvaj@9A zrZ>>A$dixHv?DG~4u2-j+`w)ou6twq0@(;w^h6@{W7M;6w-+l+5!2n^pyx-UBD9O-|QyBy~Kxi=R!u^&@4gl>UCH^`7j2h5gjm zNdmk5c|1xubFH4JT=xa(LfVRNTDP~{r(Q4NLpAEP)8gkR4*A8LdApi;pW4CHxT=`> zR0Zs##fVsgeWZ%&2PX(5m|U3p#V79=q0^Nr8&j>vYk);Lz3p#y>dC^C4$kuXD{)Qm z^<<~h{ENmQcHqn97?!}Ta@0J}3=Zr+RiW80L%-$mee|C+NP4oHf&VK_Yd1rsWbqk$ zKoPt5n2`wM_KAoD3cKzTd_<6Dc&yOngX~GaXzR&VCTAZ`K;i!EZDY)k@z}xaC^2vA zV^B9BkgZ0?$hE#O(F$I!L|{6?8D|j#){5}ogfDa)Tmv4XA-_kJqNU!_mKT~K{7|%8 zpG&!(!EBp zls<)V>h@r3S1~G(4W_QX?va2U7=J<4VJ$|ZKOPvH(nA7U!a&OH+2JjtE@I=Wu4LwFg2M55(T+?H_P+ z%|w?6BoJDO*W9LBMzYUF%oX8qS9s7K|NLb|_vvqs=OD2lPsoPJLhwHWduH;5s=%;7 zdW2-=L->ygBMY3{X;jarw?+bM+poc$9!T z#}@MEdX+cagT99g7Rpu?$TQX-oW(FQu?6h)VfoakV>3(^9dQiPX9oLXxQ8)#9{gy2 zga}e3)B4Fx&PKd?Ht`?)+s+41EWm}bj4;BCZi&jg_#1NPx|;R4yr$|Ys~_ipzIJ3~ z{{a)ukhI;A5Zw5LKk`SDWc5VX-2Ih_#u#ECL@d$;O{UAfMkezuoHv=ggZDN$j86Z4 zP>SxSzmuc}A3OOX$#2DoH|$l9=$ZKJDV-?hW2hXI-DolF_nvQr-Vp8k<1hDjt|p1ihEYVGxhn^`Fe&ass|m@yOWcyIej)>u~WK;x5#vUp2V|fdc`y>keRZjo5$FsH#w@(a^zZ`4y+ls7;QmhwzkCx~?t0F0L zGSyOry*sqobJ2w)dGI78+*o>}8-s|>53POVGFHp+E7I}RhmujfYc0jru{yc&1Ekjs zfQCT*5XuLqls!NE)JNw>R1bKt*hreTMyad;^=nn3BrR+JWZ!2Q>rH zvLA5r_YU)ao&9<_Kedf2v+bbYmc4T;#In%~d9hlvmNo{?SQzb#3`~-w#(R^&5}CQY=OK z^Wmc$Yolg-0>n7QpBg)qiPqg_YlB*(PT%IKn?9M!^XNc&uoIGc#A;Z5#wO6yCK&ba zPbFAL_O5(Z!r#;9j`foizO`uR7IW{%2uKl1#PB2ip(k%Ff7xS>X>!HUF=qd{_VW?% zGfg!4tuomyyJ8ESqbUzkWaA(~f;Bny${UTp|NKZh**M!qW`1!sT}KzW5k#}=MFWml zcK#Oub30%BueR+m`2GQPvtK6t-mt{y_WiMfv{}QK_qNVxI$qHq7ZnpV6Cag%a62KP zYB#`K4WzX6Y998R8;n}nl$g*SFd4P(ltvHK*T2+Ji#zq)%Z->cemTy7cH_=?GSG>+ z=tC@JvI!p{{by+Iee+UFzos!LpQf{%n>Esa2E`0!LGVxdyzOZu5G7<)Cz)-fzR&SQ z`^91IAW^o=`uCqF^0K6R98H7nP(ca)w9pwWpkd>c=*94Tz(Q25!`c0L(m;SJ4^7Gx zfi)GftAC_|h6_JS@E2>cDm1S5<>ZAm3){%D@#dViw3m56n4&-U$dtc9UuXlf;w^dMVmwz9=;+SM~-}6tQ zWWZ)|BQ@+~>cqrv4jCM~|7g1CjOo;gbxGF9>-vO$EFk~-Lc_F|k|lbLYSY|$6(9F! zEA~|$T8{r9h3YFTE7Z2bQ%BzWS$~<0Q-cqW;IJU+>^)>3^5)Dzq%8qdMRX~nF9giN z%v?o9!@Nt}n;E#5C;`gm=Bp+}0~Zu1m@9B={eZcsXq3-C&G*}%WM;(>l$nmtw&MJ; zzo$!Hylcf&qmv`t>5o{D6c>I_{4Ph`{X1$xT!QS4L#5|7W-)c!I1IYDA?>(A8H^bokX}rK7P@SnISRG1?DgWE`C}&L+B}jd#rY7ehZBPW=~ru#@He zLI&;c@s~dYWAT#C#dq%;lY~z-?qff_{UVDWE%ps2Dfl=1Ulv8o{5^Y6EYceFW_0ip z?xV>Dn(CW$Il+;%zkJ=_#Fp=G9K0g19TG4DZKP9G;cE&E*Npw=+3(nG2d|PQZtNdC z9++_V9;i`X(97{Dwsn6vaK*y`Sr_0PSQ^Lkla6eLem54L$ONp(yvZ^N|<}L3GgK!9CIP zAAugD=I4iI)N|9Y5930pXg;RDB_W(76q8M1HT9?i^i3g%C`64dQy_1Z()b~1;$AC8PJt8H$Rw1^pCt@e^g z{OiABd4rd7{4l19{N$D|1NJ5LS^D`SO!;VA?`!`DCvE=nbr+PVOu_Nzm&xHG3IX}V z$3>x^j>Lj;7`|=`1W;~M+h|vVej{wo^j#4H|I+x7phzsp(sFv2yWdi zj6LD)>Wf{gGevW&R>=D(y4qq6f`#u>YsQu~ylU$z+=6VcZ^He?ICb+^S@&ySz9ujpZhcJn2iH zicV=(dqDHAy{~Cq@;A+z!50SSB3huS?7vxI9l1)uoaw&xZy+mviuQKKRiQXjFCuGK zXQOV*D}4;v^!X=8LG%EMJz1Y4@4(d?B609)>94puH1~3lnH44Y(cNl-vbA&$L+*P# z{&IETcEn0qM7Qu$apN-79@?(yf5~(kj>ingkc*CB8WF+>d>WkjbSch@7}HEuLidL1 zQfjhvrX2eVyB=|V1L5#{8AOU2gP0d8doMgQ zfftsytiHn6(r&Wc!ZnUokBKTjjP!JG&^R%;(3x?P?C87GLFho~Z&UV}M!|pb9TYWd zoIaWd5k=3R?TLwL-f8-l+8-vJ({O9UFSA}rOcf|;M+a6FEcWk(u%hC~*>i~(Fqe!~ z3rMdZtMAyyGx@7*PV(R-fF zvqbJ3Ns+BG@?DAt(nH-V7XxH1F&XORK{B1_ovR#_9v9A~JXIuaB&s}y;qN?O5X+mt z9PRTqzC5&lLv^5C(4e6mY&!6|z*)1dAM42zYO$ZbZz=A0=i9}DO!@96%3r;Bf%=|! zNV&ly`GnK=PI1!S>k+SzSuRNp9%n@tFN|1H?HHNU(Gd8{v93CmA&j zUdd0E+HtAvrmH8ldKo3fgXhBE?mB~0R?MLLe$mCxdS>gIuh2!s8|nMc zablN*BFE$DGZ7@1YtvkLuoPp%PKB#P=6>h^GfsGsV-jkh&0~%yTwlZ3#hHWnv8-M) zs;x8$;IX^hr3C&`-~44CU!Qn`^!qU}8Ft@>GJ-k47!5U#s4J5MbIi6h?v$6mJ%f#l z#gpUku1=uAZ@h|R2Z0=C>Nfs9Ocx zMP|LBFyd_oMkIXKXf&hN^+ggzKTj12*yK6NjOC-hS&_EQ^4O@au89g**EJvAKV+W} zUQ){sa%_LZz8pwklp0XHxgF(ewG`HM{mt12OyQ|Cvh%iX|e zV$ET&svPTP`iR9Uzh?b*QU-WElU9{4NABKa$k9m_auu-kW)T#cZe5R8mTVg`xpZVG zP?UexQy)N<{2=Wtk!f5Uop8~?B2dmosLR2w5G1vM#7p2QY#LQ!a^m$n!7u6D&}EK9 zaf>}(_L~MWD+O-eXN_Wphmx6gpPGgY1M-exJ1G|p3qs$r19Jzx8~o;-?-a*XvPjJg zaj^d+Kb%R(Z9^N0x8193A2(+uSkj7lrNR)FAR3S-acw9>t&3r*h%7U<8@Ok6cO7$_ z`x*vtg3(DZw|Neb-ChGG7$PI{nZQRoP- z{8uk|oQu!~s(3C_Tjl+s6{hgF^!R4hy8BjP&<8cNh; zYQu^!RA$cjt;ns^BdA9--*BegEoX z@>tIlJ@jkxr84n*IvN$}%qp;-+LQX-v;!(R=*?@S=!{xj?i4Y$t7^1EM++0B7ijre-}eEt^CRn&TxF-D4U zBTG4Myo3Bgz1p{o?{2E4WVNKmZX$5hSpI)v6 zCVJ>)?8B6&ivu7v=|>=|)X3?KIV(oyhpV?aO1eSXF(oEg}vt|AAzOfxf``Xi-m#OB8FFAXD(y-PuzV|WlE#=?$wo5G%VykdP#LLku21?Qu zRrLtfrBfngUlkNhj#F(OKjzJ5rKe_TUZ3)Pw{AufeyG`6v+#l&OPV2AdN4StFmwU~ zGa(&a?t;Qa|LXqXIxK-l-laYy`S|%=c$SvwYD+6NlDZR%QLy9_6C1Ea7H2lSsJ<4q zvA=KQO-Ao|b(s^YmVOrg!~`r4E6l>8EPdDGCFW1x21YK9^(AR4xOPQ>`uCEyjCVH( zkD2iF8e8zzXnNyd>MW={JYQKtM`n`t?S+jx5`!|83Qe`-P;PvlmOV91sNyd)4u4ed zXC$$s!s-)VP#ylcsJ8KD2aZw6C(3u$ZxHh%ImNYUBq6mY7;F7p zHJZB6;f4_-zcFGl%f6wb9Ka0w%waKO+KPPV zZ6x92i*8ekvifer?Bf_Jq#sNkGTH{LKl1s}f~N}9zW>A$7N7F``%N$HC$)=A+GlQ_ zsX^IzKf}~g!U88lEsSujlh`jcPU=UT@2^}+pS3iE)E}t*q&qw-5GbU7JbwP@@BCw? z;5X8lA)HD{jOw-7s=MyvL~T#MC`$7DE@!??#t>3idi+PS)7O7vnKNot11Ix<@bMi^ zaBMq*IrfVwnK}R}U$VmGkiTh$&0Sy+?ZPhZrcwMQV{vr7I;`Z-Z)hoh?EKPysZZJ8 zP9F(VHL)~d3LFdLnH`f*xObQ=^nbW*pCm>aN}TdQ102RcNgbx(|CMyzfoy$WJR(Sp zikLMj_A1q?QHms1#4J&*ttg6CjV?10tyWvRW-Im{wOaYM1YM{~toP+y)kn{PQ)UvZsk zYY+3rRh=pbdhYA3ZfxoIWBe^;(!~DY8y{0j3Op)5RVBc5c?@Y8dmAulRwJO8TBy;w zc4INZs2i6KSL{mt%?ZKbx_^1m&2s3^u0ra1{HAcMm;n(Bch}CAopUvsIs1p3!H;X` z+H#LL)A`hry>gvr?$nq`KqDysP_Z9FHh>%m$o`j(I`P5V zu+kwxnP?aWPJcox1J_nfur3xk*edufzRsLu_Glr@Zyr2@#Fj#yZPR39X4Lh$rRtrq zC+GB)g)g~~&=VJ^ZESJao70t-RPKJM+x0~;R9HdbTwlm=4Y=Zj-8=$KAw3`>5kf__LPB zm>W{e5@_sze3t5|xH`Dvh0ED?xR$kj4MDc$jmuPj12K6wU)qCJ-n$a)0vSgZy0*p> z&ebDM2$9d>dRQ2wcl}FzR1D$^c;sb5*+l7(2VBynvyClkeuz(*{HXiIR+BKW&G9`N zjvo&$*;%C6%xuZmsW!JYE#|CnbKWy;;vt5dx%QnJJh125A?lB*W$n#~f+x0%usvtuA+PtQHz6 z6W50(_a*x&KOmcD-f&uD>jz)_Av|H$$#?iC`b~wKSGaqT7#0>I2u4aJ!~G%({nF~M zVm$E?+X3h31z!F6LsVXe^_)lG*=W?=yV!7M?Vt$KBnii2`;adD@ozR7_~71cDcc_5 z(i^KD3y+HO0xVCk`0CLeG@kko0pq2&3Y*wCLuaCa3s%33^AN=LkPIV)NYP3LF|xBF zn?957CCGAV#3eTI%4=OCGSe>L^9~#Ki%!0X!#e{HPWt6lP5{degK$cg#_W#w>Yhee znsHbp?pZB~R(x$A9tvu(@o%bIkFxQ4QeRPySESgz8wKBQY0eg6j=fn+LQC#-yks2O z=EOEZdK@|JPV&kNyW6vf>plgmY~|o;pGPJoex*`~=z*+=mX2pu^s+AS9}61C^r3 zHUCQyJyB(mI_%d=TLvEmT8lC9&g@pj2`_ncTuFxPQCabp8PERs$DvB!WSMHIKQX*?@!x%3N9}p zIZljlWj-aYJnw)Ps?S(5t^ZZ`K@Z&&&#T&JfyLb0IyT*}&rm5LX@z}YgPy%x6Ew&E zgPVXre*M#CD3L7NjAzZ(TIEQ;bMNU;g4^WaTP(<7a;h$U-^f|FWTR?A3p#X=VG2FV z`_OLZp!EbZrR9yh4cp7`{_3-_jY=tvJbdk`C*#$++~0%z_#tP^kWw^Kyiw0u>H0y5 zgt`<9=V1E#VS98Xn~s?4KU&pk{$hf6KGYr19R-0X2O}7u$k%2HxYqGhSGlQlEmB47 znPIbz3b5heK1&cpXLiq?%i%F2gDVD=eStc7@rrqvdeUS2(C55gJBAO{3jS68$vY7` z+ETb@q+PQVc5o@`3|8ml@{e2KC%!5IO;wsvj#jIJLS!I$pfv*cz&cmc~B~S?ikbIUW{L=0gOOG zVLW`=Et=V_*$bPC((yt16|HY?&VYc-x;wsxoiN`_;h>0m-FDl5qB&1ulP z^P3g6$!!WA3d~)Wn1Qtva18aVzlSB4>Fs*U-q?5XIE<*^>b@5U>vT{h3pbv7#?qO8 zK=<8~d9dK-O?4OlI5@|Wjy&>yMIRO*?u4U!LxILo$tR#!0x;p7`FTtDC94U#FaK{# zM@&U}<-Qw+ybqt}{8OU&V#cLRMf8qxRw{cuHzbAicIvdvcTpT8jU^@(e64hxRi`y; zoWFeEZ54(Om54Lj{8sSm@=~6o{E|bf?GHFqdM56Z=~&nZnz6xkIB+i`C z2#ys!Op|YZEda$ZWSD%1%MT36j~inbj%n=-3`n>f{#wM)u}&fB`{Lm*K);OO2_zKU zbuIVlBrImOz`ExFV!Do^i*eRPLuDa3^>z#(-x~;sI?pECXYe{tovSKp^LMeb8jSszU6%9d4W#3-q>I`%4zZMwscq7JDR&+MPz8Hdzx!PIOtA zQEtFRh{FlC7eA~Rjl&rh42!xKwBqD2j^3Q)((w+valEb|#%ZN^MyPhv=>@p(*5iRT zH@j$5r{r|f!xw$gVfS@Kr63d-0U@mY17!V8#A0G+&d#`gg@B~|j1r#udXS^yz$gFX_tJiqXJ*;6RR*Kt1N^ zZ<5nDz@XCRPe%?{3ry14Ht|6mSo5BskraWPME~qSkaoA4E6|l2IM9(N$e|x3e#4Ty zpCijfM~j7pS<%HP!RaKr8AGN0sVxzXI04>)^f-CAypdmVi7s)GIR|=IhJ-t^qO$^@ z1FahQ55Is=7=Q{)q3MO6EnQ^fKqNGBft`Ro2KfrJM4XKCZ!rQCYW}MRrZxpLq)D7y zJwb`v8uIzAsa!jFPB?5NQ)oH6x_9Vfu0^mS3<-<5iu&UFf9~EkBKs>&{Y0E`2tyK(Pt7==-MhE3Wz|-$n1kFN~}WfoT-lF27hh$*atH(0tz=D`HB)s~UZ#qIeu=_MhlMlx(bCB8VUJ~|``sC7O<#%~`m5EZeqnCc zzljJ8;V5%0Gk*1QXdCaIyRBQ$U|^nDuf~?O-E2UKhs8v9<*V!;K3Y=Z`p-q4Q!&&u z7GkQ0t)rN3HKdlE$l$(pB%UhWkq?9;P_He~YG|@(2`O3-HBA&$$OSDCn!u4@tIE_m&rks{h8bUP~Y`07TEY+@%ym@&<+%6tx4CO;kYX& zL_OO+>km5{Q1bUH;?iPx>fo!_l(qh=Tm{`w!&Q#69D(wS(txK9lvgPO@Yv%ZluDT> z2e!_xW;|Q6L5Nf`q+i`MM6!H+9G(mq-=eCvk|h~F&ko6fXiZZ4v|cyL{S9>rS_rZF zkt325d*n!CyfGCl|4|bkFrGGXpq7h4!n?>rh0dq5!SIJ|KX0*O>gBa4?aE`sPiE62#?LRz%n;Y>rg&<0Jq^r+%<$*lzLEt7d*kB#Qc>y z0NS}zOgWHZIG+M!kB6WY`z#Tu$OfD@Tu`Y`RO29y9t+eez99vO*Hfdy0ywoKyj=8z z%S(DI^tQaqTS`Yw&UV#`x(&E1-O=2YAE0Z+-){a9uSKjZZ`VChSA3ae ztD`0tl6grOXyGfvw1UMBOj$iz_av#ic4|?dTkRi4f-v?t3|IiZ=-rXO=po&i?@HH} z`7aETP(AEHo47*^)nz@u)%SY{YYU6zyz%#$e0p6mMG3=d<3l z8H*zxt0w&t31lLy8Lg7ta#5`NemctM4eR}VYtAw0`eA4ns~ zDZz8>+&Gfa@IG4!J8=|jS=*7H?u%oD@*XO)13JH(B?H-mJ=TgP%X;KmA4?-hmS&{) z^L4c}Ssgvht?rjjtvKKwM++PZHsQ23<1YNN)!7(*hVHw0?=!{GO@RA0NsQ{6y;C^-&a8KuDAr!V-1KZ5g(06%f z!fx7-dx4rcrzNA2>(GuBRe}5j_0&Vh(fov=i(qX@BFa(`ox2U8a6U|3ls}5f6|4Zo zNkY@v&uDe#^hO-Mp0sIOFAT_1bMMS=rGn;DqJ<$T2fNJt&TVo{Xh^K*5#B^XqNrfgBKi__-5E`74FIF=TEw z%K-8};kh7m1_-dq25!KIOG@T8;Q8%JAlqT^XQ(FzS#Y5xy#GE3t`w}O4=v8wUl4u9 z5tE7r*fY&z*rw>q|1*s+9`S|Q<{Q^{FIpx+fexxefWw>Bqf|WSYmdA7`;0?(Bn3hpm-aWPP)U`Us7`CUh@z8-frx zqM^|6FVNUF6xlyP27(w0gdN(#Zm6LO-l5<`$!VaLnFhYD*6D5z!U8cIu{ciB%|#ek z5RD`VNcox*T1Llg7LkBM+8se7GC5Qb3?r^j>Q#`hI-jnoj$|?PS2qJ-kzLv74Z=55 z`N1pfXh&o+QZd3B!T6)-KfFVW571Ue94^PUKLXk6LU1fP`N(8j1>wcw8ODYnv_uJ1 z0ryn-Y(DN)vELO-_XQ$4H=yB=RW5+uz)xEUb}aAa0GI1CVH2 zX#o38A%DKIg=(Sly|JEC?0_37aR0~ml1N%OJY9D#QqfKzDQVTSg6_-p4#S&{RudDg@AfaGZwBp>Cwn?EDFkg6UKD87Dt~` zt6u1lB_9EH)ric4nmaRO4rL~T{gu7dB}6)-2(wa&Xt9O1w9kJPxDG)`V7uqTAl>oj zaK)u)O6m$5S}-(ypUET{WK#RzM_9h)Po4S-MC;n0WMF^)#n#|`g!nHobU@Tkn`Rz| z#uT{r7*R~R<*2fNnJv2}At3x)TMZo&+;1bQt@VzBQLc@x;;uJbjM^`EsmbRJEM~Q9 z@;Jy(3{vW<0C*fc?D)l!w!zxCf~Qe&2!X-?wJVNzb?vz!}B?w!&}}Sjt1cYqi57Zz+ag#Hah&Vw+0Zt}VV01Ua0V9TzTtb;5~tf^?2O zn!y!em#!f7#VyvW{y_}g@eF`~)>F3Nc{pSxYAuS@$Q_JvVOMcF_!ARWo)g-laK~B# z6!n05cB#lB3uG?RBzDY-Eq?UH$sDTRzoAHGD@%+ID|yi*8$K`W&1jnY()>2M<7; z5B$#kSk<^&*E=<*a+LG78F}PvnOA)LbI{hAr!;>N7T2h1XF!yS!`wLv3<@6Aov$`zh!p@hI&{gl`Jz@)(~)lDsq zc;HibB*XAfBE3um6ci8aW&7F;;!8vNS81N^+b`)v7TEsmR5OR|&l;5UX3~9oMfoa( zetwH0_;)$y^i19g@Mzu{Y_2-N?(6(6lEvux>a|tgP2ry|dWo6zvN_h%17D%8o$Jz1 zgId_X9}DrH+i1L*G-=6|7ZmIlVpC{r;x7Z;<-Re#25etpLD9y?#g{Gx2kD(NHhHV| z0-0*6-!^$_;qoZdNBJ$c0kw2xpVbO19=dUQw9AxkG4f@0cJ|U7cx{6(1R-UMpu!MiXf#~e#v$t3yw*sV-?d|=Plw4h%&BiB*Sw@)0-49p|bjf z0VLry$WRTP*Ju9xIGechWa-+JubxinuC@ATmjokM2o#PXUrQw2ILA6zop{~za(HHr^l$}2Fj;e|HI)e!uLe z!P-h6-|n*CFLfDI<9GlchsJ1qwptK6D9p^qP`sm$`xKtk#I(;ujt;De)#iVAQ3$Xzqndh`a7L}l4>svr(K(u zWPY8gYI&}xDg}scU-wA=N-ZT`Zn$W1Y=MaEzIe{DC?$MY zv1T%|JoIrOp<_Wvoc-=7Z*yvfR)JNte&tVx)t$jX)AW{LwbvvEMeY1*g8#@&qQ$ol zZ=*a}5&HNPtS!$k9AsdgcXz!JAv4#o%jE9^04F#)qz{{WBoGk>A!)Enhh7 zSBxpT0K2vQ{o5_7_);xnt0K=r%lL2)@mIxD+=Ul@Q)1L_>-V_Eu~^EHQ3pild7-!( z8)5G6U=qY&cLmN|&Ui?l`yhT6Xo0jf(=%{p9b9csx_I7sXY2IhH`UQb^A7&e@mNEr z1Mj{AY-Zxc62#fBPoIpS+^0VI-c~D$hTT(BxeX)iQp#d5iYAkWdbs!}0-S9;D)1YgcuhiC-T7RE^A}pVr-M&y&uU13|aD zw#rXE_V*Yk=}W92n9yia`=#-`r#%%3BdELNih+UoA1{o4P@RMWFE&u&+%v=%eUCDx zj*_yHZ*F+=k|y>ZFetxDsnt|?h$6IuW~j5eASU^bB3A06H6)h z41rW$w5_ZmK+qA@x8=d-WvPx8T$Jy*A9rL)4_N)zyGV_4ui>wYMv5NgVV>n z1 zmQQ}a8*i_4VND_~IDu)RijAirT6#;GEOCRXiV%#UXaCjrHs4N80<&oHptCFl-5*0f zJa`^N8wYv5{F|moo_~sz2!$hp@?D<6$DCi+oV;3$K{~Pev~*y--+C2rv0HVBbkMHT zWH$K*T;dHgYoh&Ij#nU_j-XnD;E=73oYlx@2+(6C4{yv13z`{Omaz+s@qZ;;A(TFX z8be|;8-XoLUF5U#%D^e%FhtNJ{4JBy2<8<7?XI=geHRT?LFN4EmdzD|6r%vLSoqR? z^a9FH4}Vj9tJzFNv?jVXW_hB-VxMr&{x&K+UuDfG*hJaUz^i>#mgMPfRd>t zGa+$vShT!Kl}J9GJOJA*HFyS%C+UC7&|PY7zfR0A0r>&LXeCYI@lLHc@(S5slpO~A zFD$6bVl~+a5bR*-Ezl5;cj?q1TL5`6dX$@3>OqrDIK7g%Pxi%}zz8e>^+11(GoC3L zEZ*`{_P06V#GK2vBL{Bggj2+V3G!Uw6*)Xb<0r&09^}XQ&Qj6Zo^JlCzIrd{hF7Uc zoRT~Aj@?YLST+EswC1bE^0A-JCTA0EGXLw)s#aLLmln&#R<8UCO=9rkDN^vM7rCfY zKDD_(wLJ~xE&9olTBdT{^EuK_FEEFQ79-HKkwtbJ{J}?=pZTR;=|PliNtAF6p*EJR zQV)n%<{b9gF{$269f{u?y1zzu^fOEa8{2)q{S{D?JIU%Fk6_CC1Qd331Gaam-LU_1 zr+DgSflx-s=^DcICbON!K%F$iL~prU=L><$Q0v)zj+*Gz&%e9R7|)FVDFT=n3qK32 zoSI7XnCG2ut<8f)hrH0MiJtXN=&7M<2aq4$a{Vp|On(@J-g8g3VLF9%k>=MGcz8btmG4*9FjT=d970v z3vcpWwv5gj<-}*GrRz#}x~j_W&m+9+dB)Zxrg;}w$^K9co{N7<+Q<6DJFhDFe}?z!B!mvh(t^nhprQ1es*a^5sT{-7utA+A$$dnw3y>s$kln+$kgZ)6PK zk0cv2J+`^8>~nBI%FMfxKa5KQHzug)bx&BR^Tc#V_@_-CW+Vgq$ny51>z;s&zg5`U zvLHFsxyJJlLt=j4hFPaZo3;51GDQ<}V9M^X@iX$L}?)8trUWxG4xK8%iu9OblcQ;55z8uVlh zmkM}NsKZmNbeOrrCkWaQnc(mGN9~?`zu$HRe9tdRhS7S;OjeKrB|^~VK^EEkZF9R` zc7BE*GNwNMm17Ux|`FHVp&Q^ zzj&_GLy3!mc%9xi4Mi_>L0gbCVODZCzQ#e=|9qn-GX?MH!aI{n-tc z&yup1;7t z4@9KvUnaWGm<;2MU#X*$y=-^?G{P#g7};dAc^QUz^mgRGJ(()FA`B(orxycHm+T18 zFz#!a+C7#~TUzV6DAHm@ZxlYP1m>uya(vdu>!rDXW5(xxA+$m6ztE} zHfk_ux)5UGuWbyMg?`r&8u;m&Z{MmurjZ{P)(VY|^V zz#}A_lEkLqr2Ke*yY?cpek8?H&32(~5JSgl8zm49qDDl{1oN?%4%p92;7`JcJv+Zu?GnbU^V>DGuMhG9p z<$K~seiZZ${>4#8a~n($x)?yZJ-S*eyLHJ)W0LW0mL!@PU4}8H>MUE~1q5bv^7?DJ zq6(AV?YHR==N_|j(3qA_Lgq`w-X(oeiMM*ZxVZN~B#4TEB<9#h(pn<-m~@3iDZqX6 zV%!MmWvD%glPEcP!?nR=K+gu=Bng4VEvSJ>7@iXU_NXvXs3U3J3IKFL;14d~Pv7xC z2K?sfB*~8CN5m+Zq1Wq7C{QsctKvrG{Yqx~Tt9{ABfVPUAH`y+p*3~?8Ft-7ioXP>2;PMzyK;ms_SFy4gey+l0NbttviQfXUqz( z>H6h1H2eH3f~FaY$if?Jvv=jRSrVswRYBju5Un1IL@`ewLXm7gVc1OPivrV6^V}^u zt7i@0w6Xs2VE_Wrc~-iap4srxgCiWkrimLHGgSHQX%F?X3ID{8GU^` zA2~nyAhzo6{+$L6&!mGROn!Np{pSf@8w)Sa)9NHw)f=nJa=*-n81~HezsWV9#X9~5 zl0}x@*&QkeD#t$sDQ-7b-%m2=ng8kXD2&SpF5C1SDr8XRH+`3iR~F|W=GXO4%R@T4cb z9&OmkO>h7Fan1XwYw zF+=DX!HeJ2b|MMM@zjseuTQFc96He|Q}MjW}K%>(gOU6?+ ztq~BVMjK!Z>|J2z-F|fS!FY=5b9t!URd>&1K+7iB`J!rw;Ti}C?OD>?2+qsU2>g2b z@T=SI&C4k@tQdIlIH_Y@h=(Y}k`Pt83~1}RDhL6A+4)}}NM5=y+=1dPh&P-Sit__DK0^=eeCYJ?O!Z3xhW*- zAZt8HLT+b9k(t{&Qn;c<2zopIKcx;_X&(dnssO@{dbp1&T;@8~ksME+`zQiuj&ksU zE}a*tE!`nIB&%c90So-PQ-5kXPURp0&%=pMrg`7PAnxIut97jL2I7+252EO66OZt` z2z2s+)cp6iAyKfF-?`1k50G+Jv%<;<`S@T64TuP~B}_hm+Oeav#=(weik6Wo!|-Q2bt ziQxcn6#pnQD(v68yDc@yROzhV{V&kgBee<{5|YU84zVkavR1ahi<42GIx+AoF=LY3 zWzY&@Kf+ok z#-!)8NBd}5*q-p%2>R%uM;B+hUwQx?9^N|D(A?FO^)mm+0Lqq6Vf!C_XJMc{FtKej zMg7vQ_uQqIw&;+^Q9}dmH4x1VzRAN5I|nfmQZ{}nxc_OctTZMiAnrF8ayKh9$;18t z({Z{OI6?8oGBkQQe-JdU0_f=SfQzM0Ej|QLUE0A$QB2BG+}z*=9|NTult+E4y5a%K zXP%zg?>!uw{P-!8u(|TtDc|NdlKjajFVgV%{rLXa1D}6ow>8#-h>Tga8FO(6MpCHR zF8}oO<28}}zQdRKULcW=FEeY6R&! Date: Mon, 13 Dec 2021 11:47:23 +0000 Subject: [PATCH 003/347] Rebase on latest ia32 --- archiso/mkarchiso | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 8d7208af..8d15d738 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -215,11 +215,12 @@ _mkairootfs_squashfs() { # Create an EROFS image containing the root file system and saves it on the ISO 9660 file system. _mkairootfs_erofs() { - local fsuuid mkfs_erofs_options=() image_device="${image_path}" + local fsuuid mkfs_erofs_options=() [[ -e "${pacstrap_dir}" ]] || _msg_error "The path '${pacstrap_dir}' does not exist" 1 install -d -m 0755 -- "${isofs_dir}/${install_dir}/${arch}" local image_path="${isofs_dir}/${install_dir}/${arch}/airootfs.erofs" + local image_device="${image_path}" rm -f -- "${image_path}" [[ ! "${quiet}" == "y" ]] || mkfs_erofs_options+=('--quiet') # Generate reproducible file system UUID from SOURCE_DATE_EPOCH @@ -551,8 +552,16 @@ _make_bootmode_uefi-ia32.grub.esp() { -o "${work_dir}/BOOTIA32.EFI" "boot/grub/grub.cfg=${work_dir}/grub.cfg" # Add GRUB to the list of files used to calculate the required FAT image size. efiboot_files+=("${work_dir}/BOOTIA32.EFI") - # Create a FAT image for the EFI system partition - _run_once _make_bootmode_uefi-x64.systemd-boot.esp + + if [[ ! " ${bootmodes[*]} " =~ uefi-x64.systemd-boot.esp ]]; then + efiboot_imgsize="$(du -bc "${efiboot_files[@]}" \ + 2>/dev/null | awk 'END { print $1 }')" + # Create a FAT image for the EFI system partition + _make_efibootimg "$efiboot_imgsize" + else + _run_once _make_bootmode_uefi-x64.systemd-boot.esp + fi + # Copy grub EFI binary to the default/fallback boot path mcopy -i "${work_dir}/efiboot.img" \ "${work_dir}/BOOTIA32.EFI" ::/EFI/BOOT/BOOTIA32.EFI @@ -741,12 +750,8 @@ _validate_requirements_bootmode_uefi-x64.systemd-boot.eltorito() { } _validate_requirements_bootmode_uefi-ia32.grub.esp() { - if [[ ! " ${bootmodes[*]} " =~ uefi-x64.systemd-boot.esp ]]; then - (( validation_error=validation_error+1 )) - _msg_error "Using 'uefi-ia32.grub.esp' boot mode without 'uefi-x64.systemd-boot.esp' is not supported." 0 - fi # Check if GRUB is available - if ! command -v grub-install &> /dev/null; then + if ! command -v grub-mkstandalone &> /dev/null; then (( validation_error=validation_error+1 )) _msg_error "Validating '${bootmode}': grub-install is not available on this host. Install 'grub'!" 0 fi -- GitLab From 900e9c9cb6b31ef67dcff4cc41c223ddece97d36 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 27 Dec 2021 12:36:29 +0000 Subject: [PATCH 004/347] add a variable for efiboot.img path; set luksFormat parameter pbkdf-memory to 256 for machines with low amount of memory --- archiso/mkarchiso | 113 ++++++++++++++++++++++++++++++++++++---------- 1 file changed, 89 insertions(+), 24 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 8d15d738..2bd06d61 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -232,7 +232,7 @@ _mkairootfs_erofs() { _msg_info "Encryption with cryptsetup (${image_size}KB)" notify-send "mkarchiso" "LUKS encryption prompt" fallocate -l "${image_size}K" "${image_path}" - cryptsetup -y luksFormat "${image_path}" + cryptsetup -y luksFormat --pbkdf-memory 256 "${image_path}" cryptsetup luksOpen "${image_path}" "archiso_mapper" image_device="/dev/mapper/archiso_mapper" fi @@ -495,9 +495,9 @@ _make_bootmode_bios.syslinux.eltorito() { _make_boot_on_fat() { local ucode_image all_ucode_images=() _msg_info "Preparing kernel and initramfs for the FAT file system..." - mmd -i "${work_dir}/efiboot.img" \ + mmd -i "${efibootimg}" \ "::/${install_dir}" "::/${install_dir}/boot" "::/${install_dir}/boot/${arch}" - mcopy -i "${work_dir}/efiboot.img" "${pacstrap_dir}/boot/vmlinuz-"* \ + mcopy -i "${efibootimg}" "${pacstrap_dir}/boot/vmlinuz-"* \ "${pacstrap_dir}/boot/initramfs-"*".img" "::/${install_dir}/boot/${arch}/" for ucode_image in "${ucodes[@]}"; do if [[ -e "${pacstrap_dir}/boot/${ucode_image}" ]]; then @@ -505,7 +505,7 @@ _make_boot_on_fat() { fi done if (( ${#all_ucode_images[@]} )); then - mcopy -i "${work_dir}/efiboot.img" "${all_ucode_images[@]}" "::/${install_dir}/boot/" + mcopy -i "${efibootimg}" "${all_ucode_images[@]}" "::/${install_dir}/boot/" fi _msg_info "Done!" } @@ -523,18 +523,18 @@ _make_efibootimg() { )" # The FAT image must be created with mkfs.fat not mformat, as some systems have issues with mformat made images: # https://lists.gnu.org/archive/html/grub-devel/2019-04/msg00099.html - rm -f -- "${work_dir}/efiboot.img" + rm -f -- "${efibootimg}" _msg_info "Creating FAT image of size: ${imgsize} KiB..." if [[ "${quiet}" == "y" ]]; then # mkfs.fat does not have a -q/--quiet option, so redirect stdout to /dev/null instead # https://github.com/dosfstools/dosfstools/issues/103 - mkfs.fat -C -n ARCHISO_EFI "${work_dir}/efiboot.img" "${imgsize}" > /dev/null + mkfs.fat -C -n ARCHISO_EFI "${efibootimg}" "${imgsize}" > /dev/null else - mkfs.fat -C -n ARCHISO_EFI "${work_dir}/efiboot.img" "${imgsize}" + mkfs.fat -C -n ARCHISO_EFI "${efibootimg}" "${imgsize}" fi # Create the default/fallback boot path in which a boot loaders will be placed later. - mmd -i "${work_dir}/efiboot.img" ::/EFI ::/EFI/BOOT + mmd -i "${efibootimg}" ::/EFI ::/EFI/BOOT } _make_bootmode_uefi-ia32.grub.esp() { @@ -542,16 +542,20 @@ _make_bootmode_uefi-ia32.grub.esp() { sed "s|%ARCHISO_LABEL%|${iso_label}|g; s|%INSTALL_DIR%|${install_dir}|g; s|%ARCH%|${arch}|g" \ - "${profile}/efiboot/grub.cfg" > "${work_dir}/grub.cfg" # | mcopy -i "${work_dir}/efiboot.img" - "::/grub.cfg" + "${profile}/grub/grub.cfg" > "${work_dir}/grub.cfg" + + # shellcheck disable=SC2016 + printf 'configfile ${cmdpath}/grub.cfg\n' > "${work_dir}/grub-embed.cfg" + # Create EFI file - grub-mkstandalone -d /usr/lib/grub/i386-efi \ - -O i386-efi \ - --modules="part_gpt part_msdos" \ + grub-mkstandalone -O i386-efi \ + --modules="part_gpt part_msdos fat iso9660" \ --locales="en@quot" \ --themes="" \ - -o "${work_dir}/BOOTIA32.EFI" "boot/grub/grub.cfg=${work_dir}/grub.cfg" + -o "${work_dir}/BOOTIA32.EFI" "boot/grub/grub.cfg=${work_dir}/grub-embed.cfg" # Add GRUB to the list of files used to calculate the required FAT image size. - efiboot_files+=("${work_dir}/BOOTIA32.EFI") + efiboot_files+=("${work_dir}/BOOTIA32.EFI" + "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi") if [[ ! " ${bootmodes[*]} " =~ uefi-x64.systemd-boot.esp ]]; then efiboot_imgsize="$(du -bc "${efiboot_files[@]}" \ @@ -563,9 +567,30 @@ _make_bootmode_uefi-ia32.grub.esp() { fi # Copy grub EFI binary to the default/fallback boot path - mcopy -i "${work_dir}/efiboot.img" \ + mcopy -i "${efibootimg}" \ "${work_dir}/BOOTIA32.EFI" ::/EFI/BOOT/BOOTIA32.EFI + # Copy GRUB configuration files + mcopy -i "${efibootimg}" \ + "${work_dir}/grub.cfg" ::/EFI/BOOT/grub.cfg + + # shellia32.efi is picked up automatically when on / + if [[ ! " ${bootmodes[*]} " =~ uefi-x64.systemd-boot.esp ]]; then + if [[ -e "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi" ]]; then + mcopy -i "${efibootimg}" \ + "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi" ::/shellia32.efi + fi + fi + + _msg_info "Done! GRUB set up for UEFI booting successfully." +} + +# Prepare GRUB for El Torito booting +_make_bootmode_uefi-ia32.grub.eltorito() { + # El Torito UEFI boot requires an image containing the EFI system partition. + # uefi-ia32.grub.eltorito has the same requirements as uefi-ia32.grub.esp + _run_once _make_bootmode_uefi-ia32.grub.esp + # Additionally set up system-boot in ISO 9660. This allows creating a medium for the live environment by using # manual partitioning and simply copying the ISO 9660 file system contents. # This is not related to El Torito booting and no firmware uses these files. @@ -575,6 +600,19 @@ _make_bootmode_uefi-ia32.grub.esp() { # Copy GRUB EFI binary to the default/fallback boot path install -m 0644 -- "${work_dir}/BOOTIA32.EFI" \ "${isofs_dir}/EFI/BOOT/BOOTIA32.EFI" + + # Copy GRUB configuration files + install -m 0644 -- "${work_dir}/grub.cfg" "${isofs_dir}" + + # edk2-shell based UEFI shell + # shellia32.efi is picked up automatically when on / + if [[ ! " ${bootmodes[*]} " =~ uefi-x64.systemd-boot.eltorito ]]; then + if [[ -e "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi" ]]; then + install -m 0644 -- "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi" "${isofs_dir}/shellia32.efi" + fi + fi + + _msg_info "Done!" } # Prepare system-boot for booting when written to a disk (isohybrid) @@ -601,22 +639,22 @@ _make_bootmode_uefi-x64.systemd-boot.esp() { _make_efibootimg "$efiboot_imgsize" # Copy systemd-boot EFI binary to the default/fallback boot path - mcopy -i "${work_dir}/efiboot.img" \ + mcopy -i "${efibootimg}" \ "${pacstrap_dir}/usr/lib/systemd/boot/efi/systemd-bootx64.efi" ::/EFI/BOOT/BOOTx64.EFI # Copy systemd-boot configuration files - mmd -i "${work_dir}/efiboot.img" ::/loader ::/loader/entries - mcopy -i "${work_dir}/efiboot.img" "${profile}/efiboot/loader/loader.conf" ::/loader/ + mmd -i "${efibootimg}" ::/loader ::/loader/entries + mcopy -i "${efibootimg}" "${profile}/efiboot/loader/loader.conf" ::/loader/ for _conf in "${profile}/efiboot/loader/entries/"*".conf"; do sed "s|%ARCHISO_LABEL%|${iso_label}|g; s|%INSTALL_DIR%|${install_dir}|g; s|%ARCH%|${arch}|g" \ - "${_conf}" | mcopy -i "${work_dir}/efiboot.img" - "::/loader/entries/${_conf##*/}" + "${_conf}" | mcopy -i "${efibootimg}" - "::/loader/entries/${_conf##*/}" done # shellx64.efi is picked up automatically when on / if [[ -e "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" ]]; then - mcopy -i "${work_dir}/efiboot.img" \ + mcopy -i "${efibootimg}" \ "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" ::/shellx64.efi fi @@ -758,6 +796,16 @@ _validate_requirements_bootmode_uefi-ia32.grub.esp() { _validate_requirements_bootmode_uefi-x64.systemd-boot.esp } +_validate_requirements_bootmode_uefi-ia32.grub.eltorito() { + # uefi-ia32.grub.eltorito has the exact same requirements as uefi-ia32.grub.esp + _validate_requirements_bootmode_uefi-ia32.grub.esp +} + +_validate_requirements_bootmode_wii() { + # wii has the exact same requirements as uefi-x64.systemd-boot.esp + _validate_requirements_bootmode_uefi-x64.systemd-boot.esp +} + # Build airootfs filesystem image _prepare_airootfs_image() { _run_once "_mkairootfs_${airootfs_image_type}" @@ -976,6 +1024,22 @@ _add_xorrisofs_options_bios.syslinux.mbr() { ) } +# GRUB in an attached EFI system partition +_add_xorrisofs_options_uefi-ia32.grub.esp() { + # shellcheck disable=SC2076 + if [[ ! " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.esp ' ]]; then + _add_xorrisofs_options_uefi-x64.systemd-boot.esp + fi +} + +# GRUB via El Torito +_add_xorrisofs_options_uefi-ia32.grub.eltorito() { + # shellcheck disable=SC2076 + if [[ ! " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.eltorito ' ]]; then + _add_xorrisofs_options_uefi-x64.systemd-boot.eltorito + fi +} + # systemd-boot in an attached EFI system partition _add_xorrisofs_options_uefi-x64.systemd-boot.esp() { # Move the first partition away from the start of the ISO, otherwise the GPT will not be valid and ISO 9660 @@ -983,14 +1047,14 @@ _add_xorrisofs_options_uefi-x64.systemd-boot.esp() { # shellcheck disable=SC2076 [[ " ${xorrisofs_options[*]} " =~ ' -partition_offset ' ]] || xorrisofs_options+=('-partition_offset' '16') # Attach efiboot.img as a second partition and set its partition type to "EFI system partition" - xorrisofs_options+=('-append_partition' '2' 'C12A7328-F81F-11D2-BA4B-00A0C93EC93B' "${work_dir}/efiboot.img") + xorrisofs_options+=('-append_partition' '2' 'C12A7328-F81F-11D2-BA4B-00A0C93EC93B' "${efibootimg}") # Ensure GPT is used as some systems do not support UEFI booting without it # shellcheck disable=SC2076 if [[ " ${bootmodes[*]} " =~ ' bios.syslinux.mbr ' ]]; then # A valid GPT prevents BIOS booting on some systems, instead use an invalid GPT (without a protective MBR). # The attached partition will have the EFI system partition type code in MBR, but in the invalid GPT it will # have a Microsoft basic partition type code. - if [[ ! " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.eltorito ' ]]; then + if [[ ! " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.eltorito ' && ! " ${bootmodes[*]} " =~ ' uefi-ia32.grub.eltorito ' ]]; then # If '-isohybrid-gpt-basdat' is specified before '-e', then the appended EFI system partition will have the # EFI system partition type ID/GUID in both MBR and GPT. If '-isohybrid-gpt-basdat' is specified after '-e', # the appended EFI system partition will have the Microsoft basic data type GUID in GPT. @@ -1007,7 +1071,7 @@ _add_xorrisofs_options_uefi-x64.systemd-boot.esp() { # systemd-boot via El Torito _add_xorrisofs_options_uefi-x64.systemd-boot.eltorito() { # shellcheck disable=SC2076 - if [[ " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.esp ' ]]; then + if [[ " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.esp ' || " ${bootmodes[*]} " =~ ' uefi-ia32.grub.esp ' ]]; then # systemd-boot in an attached EFI system partition via El Torito xorrisofs_options+=( # Start a new El Torito boot entry for UEFI @@ -1030,7 +1094,7 @@ _add_xorrisofs_options_uefi-x64.systemd-boot.eltorito() { # The ISO will not contain a GPT partition table, so to be able to reference efiboot.img, place it as a # file inside the ISO 9660 file system install -d -m 0755 -- "${isofs_dir}/EFI/archiso" - cp -a -- "${work_dir}/efiboot.img" "${isofs_dir}/EFI/archiso/efiboot.img" + cp -a -- "${efibootimg}" "${isofs_dir}/EFI/archiso/efiboot.img" # systemd-boot in an embedded efiboot.img via El Torito xorrisofs_options+=( # Start a new El Torito boot entry for UEFI @@ -1236,6 +1300,7 @@ _set_overrides() { [[ -n "$arch" ]] || arch="$(uname -m)" [[ -n "$airootfs_image_type" ]] || airootfs_image_type="squashfs" [[ -n "$iso_name" ]] || iso_name="${app_name}" + [[ -n "$efibootimg" ]] || efibootimg="${work_dir}/efiboot.img" } _export_gpg_publickey() { -- GitLab From 18436156c2006dec48c887c3d33e51a3e7d8c94f Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 27 Dec 2021 12:52:28 +0000 Subject: [PATCH 005/347] add a variable for efiboot.img path --- archiso/mkarchiso | 1 + 1 file changed, 1 insertion(+) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 15e7ff06..ab2234f7 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -39,6 +39,7 @@ airootfs_image_tool_options=() cert_list=() sign_netboot_artifacts="" declare -A file_permissions=() +efibootimg="" efiboot_files=() encryption="" # adapted from GRUB_EARLY_INITRD_LINUX_STOCK in https://git.savannah.gnu.org/cgit/grub.git/tree/util/grub-mkconfig.in -- GitLab From 3776f1fbdf38e10ba56b3c3906ad7152a0da86e9 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 27 Dec 2021 18:53:25 +0000 Subject: [PATCH 006/347] forgot kernel --- archiso/mkarchiso | 3 +++ 1 file changed, 3 insertions(+) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index ab2234f7..55ba7968 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -559,6 +559,9 @@ _make_bootmode_uefi-ia32.grub.esp() { "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi") if [[ ! " ${bootmodes[*]} " =~ uefi-x64.systemd-boot.esp ]]; then + efiboot_files+=("${pacstrap_dir}/boot/vmlinuz-"* + "${pacstrap_dir}/boot/initramfs-"*".img") + efiboot_imgsize="$(du -bc "${efiboot_files[@]}" \ 2>/dev/null | awk 'END { print $1 }')" # Create a FAT image for the EFI system partition -- GitLab From 7ef8d6a6ed80aeaafd960ed394af4866e64526ff Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 25 May 2022 14:34:47 +0000 Subject: [PATCH 007/347] fix typo --- archiso/mkarchiso | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 55ba7968..59d39891 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1226,12 +1226,12 @@ _validate_options() { fi done - # Check if the cryptsetup-encryption package is in the package list + # Check if the cryptsetup-archiso package is in the package list # shellcheck disable=SC2076 if [[ $encryption = "true" ]]; then - if [[ ! " ${pkg_list[*]} " =~ ' cryptsetup-encryption ' ]]; then + if [[ ! " ${pkg_list[*]} " =~ ' cryptsetup-archiso ' ]]; then (( validation_error=validation_error+1 )) - _msg_error "Validating '${bootmode}': The 'cryptsetup-encryption' package is missing from the package list!" 0 + _msg_error "Validating '${bootmode}': The 'cryptsetup-archiso' package is missing from the package list!" 0 fi fi -- GitLab From 4c5582272588abe0bf71378ec6cd4e3981d7dcac Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 25 May 2022 15:20:55 +0000 Subject: [PATCH 008/347] Encryption key can now be set from profiledef.sh --- archiso/mkarchiso | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 59d39891..d904cb65 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -42,6 +42,7 @@ declare -A file_permissions=() efibootimg="" efiboot_files=() encryption="" +encryption_key="" # adapted from GRUB_EARLY_INITRD_LINUX_STOCK in https://git.savannah.gnu.org/cgit/grub.git/tree/util/grub-mkconfig.in readonly ucodes=('intel-uc.img' 'intel-ucode.img' 'amd-uc.img' 'amd-ucode.img' 'early_ucode.cpio' 'microcode.cpio') @@ -233,7 +234,10 @@ _mkairootfs_erofs() { _msg_info "Encryption with cryptsetup (${image_size}KB)" notify-send "mkarchiso" "LUKS encryption prompt" fallocate -l "${image_size}K" "${image_path}" - cryptsetup -y luksFormat --pbkdf-memory 256 "${image_path}" + if [[ $encryption_key != "" ]]; then + encryption_key="--key-file ${encryption_key}" + fi + cryptsetup -y luksFormat --pbkdf-memory 256 "${image_path}" "${encryption_key}" cryptsetup luksOpen "${image_path}" "archiso_mapper" image_device="/dev/mapper/archiso_mapper" fi @@ -559,8 +563,8 @@ _make_bootmode_uefi-ia32.grub.esp() { "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi") if [[ ! " ${bootmodes[*]} " =~ uefi-x64.systemd-boot.esp ]]; then - efiboot_files+=("${pacstrap_dir}/boot/vmlinuz-"* - "${pacstrap_dir}/boot/initramfs-"*".img") + efiboot_files+=("${pacstrap_dir}/boot/vmlinuz-"* + "${pacstrap_dir}/boot/initramfs-"*".img") efiboot_imgsize="$(du -bc "${efiboot_files[@]}" \ 2>/dev/null | awk 'END { print $1 }')" @@ -579,11 +583,9 @@ _make_bootmode_uefi-ia32.grub.esp() { "${work_dir}/grub.cfg" ::/EFI/BOOT/grub.cfg # shellia32.efi is picked up automatically when on / - if [[ ! " ${bootmodes[*]} " =~ uefi-x64.systemd-boot.esp ]]; then - if [[ -e "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi" ]]; then - mcopy -i "${efibootimg}" \ - "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi" ::/shellia32.efi - fi + if [[ -e "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi" ]]; then + mcopy -i "${efibootimg}" \ + "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi" ::/shellia32.efi fi _msg_info "Done! GRUB set up for UEFI booting successfully." @@ -606,14 +608,13 @@ _make_bootmode_uefi-ia32.grub.eltorito() { "${isofs_dir}/EFI/BOOT/BOOTIA32.EFI" # Copy GRUB configuration files - install -m 0644 -- "${work_dir}/grub.cfg" "${isofs_dir}" + install -m 0644 -- "${work_dir}/grub.cfg" "${isofs_dir}/EFI/BOOT/grub.cfg" # edk2-shell based UEFI shell # shellia32.efi is picked up automatically when on / - if [[ ! " ${bootmodes[*]} " =~ uefi-x64.systemd-boot.eltorito ]]; then - if [[ -e "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi" ]]; then - install -m 0644 -- "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi" "${isofs_dir}/shellia32.efi" - fi + if [[ -e "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi" ]]; then + install -m 0644 -- "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi" \ + "${isofs_dir}/shellia32.efi" fi _msg_info "Done!" -- GitLab From 852563b5d87dfd7eea6ddb2112d5dd042a62ffd2 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 25 May 2022 15:21:24 +0000 Subject: [PATCH 009/347] Encryption key can now be set from profiledef.sh --- configs/encrypted/profiledef.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/configs/encrypted/profiledef.sh b/configs/encrypted/profiledef.sh index 3f34119c..7735d019 100644 --- a/configs/encrypted/profiledef.sh +++ b/configs/encrypted/profiledef.sh @@ -14,6 +14,7 @@ pacman_conf="pacman.conf" airootfs_image_type="erofs" airootfs_image_tool_options=('-zlz4hc,12') encryption="true" +encryption_key="" file_permissions=( ["/etc/shadow"]="0:0:400" ["/root"]="0:0:750" -- GitLab From 57546ea5e9be687db0983324035ee2a73e9ce258 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 25 May 2022 15:21:58 +0000 Subject: [PATCH 010/347] Encryption key can now be set from profiledef.sh --- configs/baseline/profiledef.sh | 1 + configs/releng/profiledef.sh | 1 + 2 files changed, 2 insertions(+) diff --git a/configs/baseline/profiledef.sh b/configs/baseline/profiledef.sh index b366d0e3..23f7c3c9 100644 --- a/configs/baseline/profiledef.sh +++ b/configs/baseline/profiledef.sh @@ -14,6 +14,7 @@ pacman_conf="pacman.conf" airootfs_image_type="erofs" airootfs_image_tool_options=('-zlz4hc,12') encryption="false" +encryption_key="" file_permissions=( ["/etc/shadow"]="0:0:400" ) diff --git a/configs/releng/profiledef.sh b/configs/releng/profiledef.sh index ef053c09..d814e1f2 100644 --- a/configs/releng/profiledef.sh +++ b/configs/releng/profiledef.sh @@ -14,6 +14,7 @@ pacman_conf="pacman.conf" airootfs_image_type="squashfs" airootfs_image_tool_options=('-comp' 'xz' '-Xbcj' 'x86' '-b' '1M' '-Xdict-size' '1M') encryption="false" +encryption_key="" file_permissions=( ["/etc/shadow"]="0:0:400" ["/root"]="0:0:750" -- GitLab From 9089a33c0322893b5ce1524366c540a19d67134a Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 25 May 2022 16:26:19 +0000 Subject: [PATCH 011/347] fix package name --- archiso/mkarchiso | 3 ++- configs/encrypted/packages.x86_64 | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index d904cb65..21c40692 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -757,6 +757,7 @@ _validate_requirements_bootmode_uefi-x64.systemd-boot.esp() { # Check if mmd and mcopy are available if ! { command -v mmd &> /dev/null && command -v mcopy &> /dev/null; }; then + (( validation_error=validation_error+1 )) _msg_error "Validating '${bootmode}': mmd and/or mcopy are not available on this host. Install 'mtools'!" 0 fi @@ -1186,6 +1187,7 @@ _read_profile() { . "${profile}/profiledef.sh" # Resolve paths of files that are expected to reside in the profile's directory + [[ -n "$arch" ]] || arch="$(uname -m)" [[ -n "$packages" ]] || packages="${profile}/packages.${arch}" packages="$(realpath -- "${packages}")" pacman_conf="$(realpath -- "${pacman_conf}")" @@ -1302,7 +1304,6 @@ _set_overrides() { fi # Set variables that do not have overrides - [[ -n "$arch" ]] || arch="$(uname -m)" [[ -n "$airootfs_image_type" ]] || airootfs_image_type="squashfs" [[ -n "$iso_name" ]] || iso_name="${app_name}" [[ -n "$efibootimg" ]] || efibootimg="${work_dir}/efiboot.img" diff --git a/configs/encrypted/packages.x86_64 b/configs/encrypted/packages.x86_64 index 97f87c5a..4950462a 100644 --- a/configs/encrypted/packages.x86_64 +++ b/configs/encrypted/packages.x86_64 @@ -11,7 +11,7 @@ btrfs-progs clonezilla cloud-init crda -cryptsetup-encryption +cryptsetup-archiso darkhttpd ddrescue dhclient -- GitLab From a415bea26f52bd8895c7a72699227f23ffd17cff Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Thu, 26 May 2022 21:58:24 +0000 Subject: [PATCH 012/347] switch to --- archiso/mkarchiso | 187 +++++++++++++----- configs/baseline/packages.x86_64 | 1 - configs/baseline/profiledef.sh | 2 - .../encrypted/airootfs/etc/mkinitcpio.conf | 2 +- configs/encrypted/packages.x86_64 | 4 +- configs/encrypted/profiledef.sh | 3 +- configs/releng/profiledef.sh | 2 - 7 files changed, 140 insertions(+), 61 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 21c40692..6969d99c 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -41,7 +41,6 @@ sign_netboot_artifacts="" declare -A file_permissions=() efibootimg="" efiboot_files=() -encryption="" encryption_key="" # adapted from GRUB_EARLY_INITRD_LINUX_STOCK in https://git.savannah.gnu.org/cgit/grub.git/tree/util/grub-mkconfig.in readonly ucodes=('intel-uc.img' 'intel-ucode.img' 'amd-uc.img' 'amd-ucode.img' 'early_ucode.cpio' 'microcode.cpio') @@ -166,20 +165,46 @@ _cleanup_pacstrap_dir() { _msg_info "Done!" } -# Create a squashfs image and place it in the ISO 9660 file system. -# $@: options to pass to mksquashfs +# Create and open a LUKS image of the size of the pacstrap directory plus 200MB. +_run_mkluks() { + local _image_path="${1}" + local _pacstrap_size + _pacstrap_size=$(du -s "${pacstrap_dir}" | cut -f 1) + local _image_size=$((_pacstrap_size+200000)) + _msg_info "Encryption with cryptsetup (${_image_size}KB)" + fallocate -l "${_image_size}K" "${_image_path}" + # TODO + # if [[ $encryption_key != "" ]]; then + # encryption_key="--key-file ${encryption_key}" + # fi + cryptsetup -y luksFormat --pbkdf-memory 256 "${_image_path}" # "${encryption_key}" + cryptsetup luksOpen "${_image_path}" "${app_name}_mapper" + image_device="/dev/mapper/${app_name}_mapper" +} + +# Removes the LUKS device +_close_luks_device() { + cryptsetup luksClose "${app_name}_mapper" + if [ -f "${image_device}" ]; then + dmsetup remove "${app_name}_mapper" + fi + sync +} + +# Create a squashfs image from a file system image or directory. _run_mksquashfs() { - local mksquashfs_options=() image_path="${isofs_dir}/${install_dir}/${arch}/airootfs.sfs" - rm -f -- "${image_path}" + local _directory_or_fs="${1}" + local _image_path="${2}" + local mksquashfs_options=() # [[ ! "${quiet}" == "y" ]] || mksquashfs_options+=('-no-progress' '-quiet') - mksquashfs "$@" "${image_path}" -noappend "${airootfs_image_tool_options[@]}" "${mksquashfs_options[@]}" + _msg_info "Creating SQUASHFS image, this may take some time..." + mksquashfs "${_directory_or_fs}" "${_image_path}" -noappend "${airootfs_image_tool_options[@]}" "${mksquashfs_options[@]}" } -# Create an ext4 image containing the root file system and pack it inside a squashfs image. -# Save the squashfs image on the ISO 9660 file system. -_mkairootfs_ext4+squashfs() { +# Create an ext4 image containing the root file system. +_run_mkext4() { + local _image_path="${1}" local ext4_hash_seed mkfs_ext4_options=() - [[ -e "${pacstrap_dir}" ]] || _msg_error "The path '${pacstrap_dir}' does not exist" 1 _msg_info "Creating ext4 image of 32 GiB and copying '${pacstrap_dir}/' to it..." @@ -194,14 +219,53 @@ _mkairootfs_ext4+squashfs() { '-U' 'clear' ) [[ ! "${quiet}" == "y" ]] || mkfs_ext4_options+=('-q') - rm -f -- "${pacstrap_dir}.img" - E2FSPROGS_FAKE_TIME="${SOURCE_DATE_EPOCH}" mkfs.ext4 "${mkfs_ext4_options[@]}" -- "${pacstrap_dir}.img" 32G - tune2fs -c 0 -i 0 -- "${pacstrap_dir}.img" > /dev/null + rm -f -- "${_image_path}" + E2FSPROGS_FAKE_TIME="${SOURCE_DATE_EPOCH}" mkfs.ext4 "${mkfs_ext4_options[@]}" -- "${_image_path}" 32G + tune2fs -c 0 -i 0 -- "${_image_path}" > /dev/null + _msg_info "Done!" +} + + +# Create an EROFS image containing the root file system. +_run_mkerofs() { + local _image_path="${1}" + local fsuuid mkfs_erofs_options=() + [[ ! "${quiet}" == "y" ]] || mkfs_erofs_options+=('--quiet') + # Generate reproducible file system UUID from SOURCE_DATE_EPOCH + fsuuid="$(uuidgen --sha1 --namespace 93a870ff-8565-4cf3-a67b-f47299271a96 --name "${SOURCE_DATE_EPOCH}")" + mkfs_erofs_options+=('-U' "${fsuuid}" "${airootfs_image_tool_options[@]}") + _msg_info "Creating EROFS image, this may take some time..." + mkfs.erofs "${mkfs_erofs_options[@]}" -- "${_image_path}" "${pacstrap_dir}" _msg_info "Done!" +} + +# Create an ext4 image containing the root file system and pack it inside a squashfs image. +# Save the squashfs image on the ISO 9660 file system. +_mkairootfs_ext4+squashfs() { + [[ -e "${pacstrap_dir}" ]] || _msg_error "The path '${pacstrap_dir}' does not exist" 1 install -d -m 0755 -- "${isofs_dir}/${install_dir}/${arch}" - _msg_info "Creating SquashFS image, this may take some time..." - _run_mksquashfs "${pacstrap_dir}.img" + local image_path="${isofs_dir}/${install_dir}/${arch}/airootfs.sfs" + rm -f -- "${image_path}" + + _run_mkext4 "${pacstrap_dir}.img" + _run_mksquashfs "${pacstrap_dir}.img" "${image_path}" + _msg_info "Done!" + rm -- "${pacstrap_dir}.img" +} + +# Create an ext4 image containing the root file system and pack it inside a squashfs image. +# Pack the squash image inside the LUKS image and save it on the ISO 9660 file system. +_mkairootfs_ext4+squashfs+luks() { + [[ -e "${pacstrap_dir}" ]] || _msg_error "The path '${pacstrap_dir}' does not exist" 1 + + install -d -m 0755 -- "${isofs_dir}/${install_dir}/${arch}" + local image_path="${isofs_dir}/${install_dir}/${arch}/airootfs.sfs" + rm -f -- "${image_path}" + _run_mkluks "${image_path}" + _run_mkext4 "${pacstrap_dir}.img" + _run_mksquashfs "${pacstrap_dir}.img" "${image_device}" + _close_luks_device _msg_info "Done!" rm -- "${pacstrap_dir}.img" } @@ -211,46 +275,45 @@ _mkairootfs_squashfs() { [[ -e "${pacstrap_dir}" ]] || _msg_error "The path '${pacstrap_dir}' does not exist" 1 install -d -m 0755 -- "${isofs_dir}/${install_dir}/${arch}" - _msg_info "Creating SquashFS image, this may take some time..." - _run_mksquashfs "${pacstrap_dir}" + local image_path="${isofs_dir}/${install_dir}/${arch}/airootfs.sfs" + rm -f -- "${image_path}" + _run_mksquashfs "${pacstrap_dir}" "${image_path}" +} + +# Create a squashfs image containing the root file system and saves it on the LUKS image. +# Saves the LUKS image on the ISO 9660 file system. +_mkairootfs_squashfs+luks() { + [[ -e "${pacstrap_dir}" ]] || _msg_error "The path '${pacstrap_dir}' does not exist" 1 + + install -d -m 0755 -- "${isofs_dir}/${install_dir}/${arch}" + local image_path="${isofs_dir}/${install_dir}/${arch}/airootfs.sfs" + rm -f -- "${image_path}" + _run_mkluks "${image_path}" + _run_mksquashfs "${pacstrap_dir}" "${image_device}" + _close_luks_device +} + +# Create an EROFS image containing the root file system and saves it on the LUKS image. +# Save the LUKS image on the ISO 9660 file system. +_mkairootfs_erofs+luks() { + [[ -e "${pacstrap_dir}" ]] || _msg_error "The path '${pacstrap_dir}' does not exist" 1 + + install -d -m 0755 -- "${isofs_dir}/${install_dir}/${arch}" + local image_path="${isofs_dir}/${install_dir}/${arch}/airootfs.erofs" + rm -f -- "${image_path}" + _run_mkluks "${image_path}" + _run_mkerofs "${image_device}" + _close_luks_device } # Create an EROFS image containing the root file system and saves it on the ISO 9660 file system. _mkairootfs_erofs() { - local fsuuid mkfs_erofs_options=() [[ -e "${pacstrap_dir}" ]] || _msg_error "The path '${pacstrap_dir}' does not exist" 1 install -d -m 0755 -- "${isofs_dir}/${install_dir}/${arch}" local image_path="${isofs_dir}/${install_dir}/${arch}/airootfs.erofs" - local image_device="${image_path}" rm -f -- "${image_path}" - [[ ! "${quiet}" == "y" ]] || mkfs_erofs_options+=('--quiet') - # Generate reproducible file system UUID from SOURCE_DATE_EPOCH - fsuuid="$(uuidgen --sha1 --namespace 93a870ff-8565-4cf3-a67b-f47299271a96 --name "${SOURCE_DATE_EPOCH}")" - - if [[ $encryption = "true" ]]; then - pacstrap_size=$(du -s "${pacstrap_dir}" | cut -f 1) - image_size=$((pacstrap_size+200000)) - _msg_info "Encryption with cryptsetup (${image_size}KB)" - notify-send "mkarchiso" "LUKS encryption prompt" - fallocate -l "${image_size}K" "${image_path}" - if [[ $encryption_key != "" ]]; then - encryption_key="--key-file ${encryption_key}" - fi - cryptsetup -y luksFormat --pbkdf-memory 256 "${image_path}" "${encryption_key}" - cryptsetup luksOpen "${image_path}" "archiso_mapper" - image_device="/dev/mapper/archiso_mapper" - fi - mkfs_erofs_options+=('-U' "${fsuuid}" "${airootfs_image_tool_options[@]}") - _msg_info "Creating EROFS image, this may take some time..." - mkfs.erofs "${mkfs_erofs_options[@]}" -- "${image_device}" "${pacstrap_dir}" - if [[ $encryption = "true" ]]; then - cryptsetup luksClose "archiso_mapper" - if [ -f "/dev/mapper/archiso_mapper" ]; then - dmsetup remove "archiso_mapper" - fi - sync - fi + _run_mkerofs "${image_path}" _msg_info "Done!" } @@ -862,14 +925,24 @@ _validate_requirements_airootfs_image_type_squashfs() { fi } -_validate_requirements_airootfs_image_type_ext4+squashfs() { +_validate_requirements_airootfs_image_type_ext4() { if ! { command -v mkfs.ext4 &> /dev/null && command -v tune2fs &> /dev/null; }; then (( validation_error=validation_error+1 )) _msg_error "Validating '${airootfs_image_type}': mkfs.ext4 and/or tune2fs is not available on this host. Install 'e2fsprogs'!" 0 fi +} + +_validate_requirements_airootfs_image_type_ext4+squashfs() { + _validate_requirements_airootfs_image_type_ext4 _validate_requirements_airootfs_image_type_squashfs } +_validate_requirements_airootfs_image_type_ext4+squashfs+luks() { + _validate_requirements_airootfs_image_type_luks + _validate_requirements_airootfs_image_type_squashfs + _validate_requirements_airootfs_image_type_ext4 +} + _validate_requirements_airootfs_image_type_erofs() { if ! command -v mkfs.erofs &> /dev/null; then (( validation_error=validation_error+1 )) @@ -877,6 +950,18 @@ _validate_requirements_airootfs_image_type_erofs() { fi } +_validate_requirements_airootfs_image_type_luks() { + if ! command -v cryptsetup &> /dev/null && command -v mkfs.erofs &> /dev/null; then + (( validation_error=validation_error+1 )) + _msg_error "Validating '${airootfs_image_type}': cryptsetup is not available on this host. Install 'cryptsetup'!" 0 + fi +} + +_validate_requirements_airootfs_image_type_erofs+luks() { + _validate_requireemnts_image_type_luks + _validate_requirements_image_type_erofs +} + _validate_common_requirements_buildmode_all() { if ! command -v pacman &> /dev/null; then (( validation_error=validation_error+1 )) @@ -1229,12 +1314,12 @@ _validate_options() { fi done - # Check if the cryptsetup-archiso package is in the package list + # Check if the mkinitcpio-archiso-encryption package is in the package list # shellcheck disable=SC2076 - if [[ $encryption = "true" ]]; then - if [[ ! " ${pkg_list[*]} " =~ ' cryptsetup-archiso ' ]]; then + if [[ "${airootfs_image_type}" == *"luks"* ]]; then + if [[ ! " ${pkg_list[*]} " =~ ' mkinitcpio-archiso-encryption ' ]]; then (( validation_error=validation_error+1 )) - _msg_error "Validating '${bootmode}': The 'cryptsetup-archiso' package is missing from the package list!" 0 + _msg_error "Validating '${bootmode}': The 'mkinitcpio-archiso-encryption' package is missing from the package list!" 0 fi fi diff --git a/configs/baseline/packages.x86_64 b/configs/baseline/packages.x86_64 index f51622ea..0a641204 100644 --- a/configs/baseline/packages.x86_64 +++ b/configs/baseline/packages.x86_64 @@ -1,6 +1,5 @@ base cloud-init -cryptsetup-encryption linux mkinitcpio mkinitcpio-archiso diff --git a/configs/baseline/profiledef.sh b/configs/baseline/profiledef.sh index 23f7c3c9..93740850 100644 --- a/configs/baseline/profiledef.sh +++ b/configs/baseline/profiledef.sh @@ -13,8 +13,6 @@ arch="x86_64" pacman_conf="pacman.conf" airootfs_image_type="erofs" airootfs_image_tool_options=('-zlz4hc,12') -encryption="false" -encryption_key="" file_permissions=( ["/etc/shadow"]="0:0:400" ) diff --git a/configs/encrypted/airootfs/etc/mkinitcpio.conf b/configs/encrypted/airootfs/etc/mkinitcpio.conf index 399901d2..e2e4419b 100644 --- a/configs/encrypted/airootfs/etc/mkinitcpio.conf +++ b/configs/encrypted/airootfs/etc/mkinitcpio.conf @@ -49,7 +49,7 @@ FILES=() # ## NOTE: If you have /usr on a separate partition, you MUST include the # usr, fsck and shutdown hooks. -HOOKS=(base udev modconf keymap keyboard memdisk archiso_shutdown encrypt archiso_loop_mnt archiso_pxe_common archiso_pxe_nbd archiso_pxe_http archiso_pxe_nfs archiso_kms block filesystems) +HOOKS=(base udev modconf keymap keyboard memdisk archiso_shutdown archiso archiso_loop_mnt archiso_pxe_common archiso_pxe_nbd archiso_pxe_http archiso_pxe_nfs archiso_kms block filesystems) # COMPRESSION # Use this to compress the initramfs image. By default, gzip compression diff --git a/configs/encrypted/packages.x86_64 b/configs/encrypted/packages.x86_64 index 4950462a..3acf9959 100644 --- a/configs/encrypted/packages.x86_64 +++ b/configs/encrypted/packages.x86_64 @@ -11,7 +11,7 @@ btrfs-progs clonezilla cloud-init crda -cryptsetup-archiso +cryptsetup darkhttpd ddrescue dhclient @@ -61,7 +61,7 @@ mc mdadm memtest86+ mkinitcpio -mkinitcpio-archiso +mkinitcpio-archiso-encryption mkinitcpio-nfs-utils modemmanager mtools diff --git a/configs/encrypted/profiledef.sh b/configs/encrypted/profiledef.sh index 7735d019..d71c7c93 100644 --- a/configs/encrypted/profiledef.sh +++ b/configs/encrypted/profiledef.sh @@ -11,9 +11,8 @@ buildmodes=('iso') bootmodes=('bios.syslinux.mbr' 'bios.syslinux.eltorito' 'uefi-ia32.grub.esp' 'uefi-x64.systemd-boot.esp' 'uefi-x64.systemd-boot.eltorito') arch="x86_64" pacman_conf="pacman.conf" -airootfs_image_type="erofs" +airootfs_image_type="erofs+luks" airootfs_image_tool_options=('-zlz4hc,12') -encryption="true" encryption_key="" file_permissions=( ["/etc/shadow"]="0:0:400" diff --git a/configs/releng/profiledef.sh b/configs/releng/profiledef.sh index d814e1f2..d01aad14 100644 --- a/configs/releng/profiledef.sh +++ b/configs/releng/profiledef.sh @@ -13,8 +13,6 @@ arch="x86_64" pacman_conf="pacman.conf" airootfs_image_type="squashfs" airootfs_image_tool_options=('-comp' 'xz' '-Xbcj' 'x86' '-b' '1M' '-Xdict-size' '1M') -encryption="false" -encryption_key="" file_permissions=( ["/etc/shadow"]="0:0:400" ["/root"]="0:0:750" -- GitLab From f7332f7e35e5b2fbcdcac84e0aad0718388479d3 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Thu, 26 May 2022 22:07:36 +0000 Subject: [PATCH 013/347] forgot last requirements --- archiso/mkarchiso | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 6969d99c..e14d08ac 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -293,30 +293,31 @@ _mkairootfs_squashfs+luks() { _close_luks_device } -# Create an EROFS image containing the root file system and saves it on the LUKS image. -# Save the LUKS image on the ISO 9660 file system. -_mkairootfs_erofs+luks() { +# Create an EROFS image containing the root file system and saves it on the ISO 9660 file system. +_mkairootfs_erofs() { [[ -e "${pacstrap_dir}" ]] || _msg_error "The path '${pacstrap_dir}' does not exist" 1 install -d -m 0755 -- "${isofs_dir}/${install_dir}/${arch}" local image_path="${isofs_dir}/${install_dir}/${arch}/airootfs.erofs" rm -f -- "${image_path}" - _run_mkluks "${image_path}" - _run_mkerofs "${image_device}" - _close_luks_device + _run_mkerofs "${image_path}" + _msg_info "Done!" } -# Create an EROFS image containing the root file system and saves it on the ISO 9660 file system. -_mkairootfs_erofs() { +# Create an EROFS image containing the root file system and saves it on the LUKS image. +# Save the LUKS image on the ISO 9660 file system. +_mkairootfs_erofs+luks() { [[ -e "${pacstrap_dir}" ]] || _msg_error "The path '${pacstrap_dir}' does not exist" 1 install -d -m 0755 -- "${isofs_dir}/${install_dir}/${arch}" local image_path="${isofs_dir}/${install_dir}/${arch}/airootfs.erofs" rm -f -- "${image_path}" - _run_mkerofs "${image_path}" - _msg_info "Done!" + _run_mkluks "${image_path}" + _run_mkerofs "${image_device}" + _close_luks_device } + # Create checksum file for the rootfs image. _mkchecksum() { _msg_info "Creating checksum file for self-test..." @@ -937,6 +938,11 @@ _validate_requirements_airootfs_image_type_ext4+squashfs() { _validate_requirements_airootfs_image_type_squashfs } +_validate_requirements_airootfs_image_type_squashfs+luks() { + _validate_requirements_airootfs_image_type_luks + _validate_requirements_airootfs_image_type_squashfs +} + _validate_requirements_airootfs_image_type_ext4+squashfs+luks() { _validate_requirements_airootfs_image_type_luks _validate_requirements_airootfs_image_type_squashfs -- GitLab From dc125919f42c35f63891e363d09b0742e44a4705 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Thu, 26 May 2022 23:10:31 +0000 Subject: [PATCH 014/347] forgot last requirements --- archiso/mkarchiso | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index e14d08ac..47224b2a 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -174,10 +174,10 @@ _run_mkluks() { _msg_info "Encryption with cryptsetup (${_image_size}KB)" fallocate -l "${_image_size}K" "${_image_path}" # TODO - # if [[ $encryption_key != "" ]]; then - # encryption_key="--key-file ${encryption_key}" - # fi - cryptsetup -y luksFormat --pbkdf-memory 256 "${_image_path}" # "${encryption_key}" + if [[ $encryption_key != "" ]]; then + encryption_key="--key-file ${encryption_key}" + fi + cryptsetup -y luksFormat --pbkdf-memory 256 "${_image_path} ${encryption_key}" cryptsetup luksOpen "${_image_path}" "${app_name}_mapper" image_device="/dev/mapper/${app_name}_mapper" } -- GitLab From d451395a90c0f145bc81a235c494cee39de0aa53 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Thu, 26 May 2022 23:55:06 +0000 Subject: [PATCH 015/347] fix typo --- archiso/mkarchiso | 3 ++- configs/encrypted/pacman.conf | 7 ++++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 47224b2a..a37ed35f 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -178,6 +178,7 @@ _run_mkluks() { encryption_key="--key-file ${encryption_key}" fi cryptsetup -y luksFormat --pbkdf-memory 256 "${_image_path} ${encryption_key}" + cryptsetup config "${_image_path}" --label "${app_name}.luks" cryptsetup luksOpen "${_image_path}" "${app_name}_mapper" image_device="/dev/mapper/${app_name}_mapper" } @@ -964,7 +965,7 @@ _validate_requirements_airootfs_image_type_luks() { } _validate_requirements_airootfs_image_type_erofs+luks() { - _validate_requireemnts_image_type_luks + _validate_requirements_image_type_luks _validate_requirements_image_type_erofs } diff --git a/configs/encrypted/pacman.conf b/configs/encrypted/pacman.conf index 5ee6c1ee..224bbfcc 100644 --- a/configs/encrypted/pacman.conf +++ b/configs/encrypted/pacman.conf @@ -73,6 +73,10 @@ LocalFileSigLevel = Optional #[testing] #Include = /etc/pacman.d/mirrorlist +[encrypted.any] +SigLevel = Optional TrustAll +Server = file://repo/any + [core] Include = /etc/pacman.d/mirrorlist @@ -96,6 +100,3 @@ Include = /etc/pacman.d/mirrorlist # An example of a custom package repository. See the pacman manpage for # tips on creating your own repositories. -#[custom] -#SigLevel = Optional TrustAll -#Server = file:///home/custompkgs -- GitLab From 9b0803ba681c7528b90b63c74ca257cb333a588d Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Thu, 26 May 2022 23:58:23 +0000 Subject: [PATCH 016/347] forgot word --- archiso/mkarchiso | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index a37ed35f..0d1619fc 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -965,8 +965,8 @@ _validate_requirements_airootfs_image_type_luks() { } _validate_requirements_airootfs_image_type_erofs+luks() { - _validate_requirements_image_type_luks - _validate_requirements_image_type_erofs + _validate_requirements_airootfs_image_type_luks + _validate_requirements_airootfs_image_type_erofs } _validate_common_requirements_buildmode_all() { -- GitLab From 6b4df318202e4298728e1dfeaec5c4fdcb457ddf Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Fri, 27 May 2022 00:05:55 +0000 Subject: [PATCH 017/347] grub goes to its own directory --- configs/encrypted/{efiboot => grub}/grub.cfg | 0 configs/encrypted/pacman.conf | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename configs/encrypted/{efiboot => grub}/grub.cfg (100%) diff --git a/configs/encrypted/efiboot/grub.cfg b/configs/encrypted/grub/grub.cfg similarity index 100% rename from configs/encrypted/efiboot/grub.cfg rename to configs/encrypted/grub/grub.cfg diff --git a/configs/encrypted/pacman.conf b/configs/encrypted/pacman.conf index 224bbfcc..814b0813 100644 --- a/configs/encrypted/pacman.conf +++ b/configs/encrypted/pacman.conf @@ -75,7 +75,7 @@ LocalFileSigLevel = Optional [encrypted.any] SigLevel = Optional TrustAll -Server = file://repo/any +Server = file:///home/dev/archiso/configs/encrypted/repo/any [core] Include = /etc/pacman.d/mirrorlist -- GitLab From 11d172b6cc282886861fe84b393444ed42a180af Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Fri, 27 May 2022 00:06:52 +0000 Subject: [PATCH 018/347] grub goes to its own directory --- configs/releng/{efiboot => grub}/grub.cfg | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename configs/releng/{efiboot => grub}/grub.cfg (100%) diff --git a/configs/releng/efiboot/grub.cfg b/configs/releng/grub/grub.cfg similarity index 100% rename from configs/releng/efiboot/grub.cfg rename to configs/releng/grub/grub.cfg -- GitLab From 98f0228bb07db886c58f19d35715875f983be335 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Fri, 27 May 2022 00:09:03 +0000 Subject: [PATCH 019/347] grub goes to its own directory --- configs/baseline/efiboot/grub.cfg | 28 ---------------------------- 1 file changed, 28 deletions(-) delete mode 100644 configs/baseline/efiboot/grub.cfg diff --git a/configs/baseline/efiboot/grub.cfg b/configs/baseline/efiboot/grub.cfg deleted file mode 100644 index d3a47799..00000000 --- a/configs/baseline/efiboot/grub.cfg +++ /dev/null @@ -1,28 +0,0 @@ -insmod part_gpt -insmod part_msdos -insmod fat - -insmod all_video - -insmod font - -if loadfont "${prefix}/fonts/unicode.pf2" ; then - insmod gfxterm - set gfxmode="1024x768x32;auto" - terminal_input console - terminal_output gfxterm -fi - -menuentry "Arch Linux (x86_64, UEFI)" { - set gfxpayload=keep - search --no-floppy --set=root --label %ARCHISO_LABEL% - linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% add_efi_memmap - initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -} - -menuentry "Arch Linux (x86_64, UEFI) Copy to RAM" { - set gfxpayload=keep - search --no-floppy --set=root --label %ARCHISO_LABEL% - linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% add_efi_memmap copytoram - initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -} -- GitLab From a9258e2f2f1a52db5a9598e0969dd50d80a83c7a Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Fri, 27 May 2022 00:15:33 +0000 Subject: [PATCH 020/347] change label after having been opened? --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 0d1619fc..0e062c98 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -178,8 +178,8 @@ _run_mkluks() { encryption_key="--key-file ${encryption_key}" fi cryptsetup -y luksFormat --pbkdf-memory 256 "${_image_path} ${encryption_key}" - cryptsetup config "${_image_path}" --label "${app_name}.luks" cryptsetup luksOpen "${_image_path}" "${app_name}_mapper" + cryptsetup config "${_image_path}" --label "${app_name}.luks" image_device="/dev/mapper/${app_name}_mapper" } -- GitLab From 86c29fc25cafa75554d107e77865f33cb7297619 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Fri, 27 May 2022 00:22:28 +0000 Subject: [PATCH 021/347] remove label change --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 0e062c98..10c830e1 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -179,7 +179,7 @@ _run_mkluks() { fi cryptsetup -y luksFormat --pbkdf-memory 256 "${_image_path} ${encryption_key}" cryptsetup luksOpen "${_image_path}" "${app_name}_mapper" - cryptsetup config "${_image_path}" --label "${app_name}.luks" + # cryptsetup config "${_image_path}" --label "${app_name}.luks" image_device="/dev/mapper/${app_name}_mapper" } -- GitLab From 3a72e74e4abcb1fb4439f4296d2e6da395192143 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Fri, 27 May 2022 00:28:12 +0000 Subject: [PATCH 022/347] remove label change --- archiso/mkarchiso | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 10c830e1..c55411dc 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -171,7 +171,7 @@ _run_mkluks() { local _pacstrap_size _pacstrap_size=$(du -s "${pacstrap_dir}" | cut -f 1) local _image_size=$((_pacstrap_size+200000)) - _msg_info "Encryption with cryptsetup (${_image_size}KB)" + _msg_info "Creating LUKS image ${_image_path} with cryptsetup (${_image_size}KB)" fallocate -l "${_image_size}K" "${_image_path}" # TODO if [[ $encryption_key != "" ]]; then @@ -181,6 +181,8 @@ _run_mkluks() { cryptsetup luksOpen "${_image_path}" "${app_name}_mapper" # cryptsetup config "${_image_path}" --label "${app_name}.luks" image_device="/dev/mapper/${app_name}_mapper" + + _msg_info "Done!" } # Removes the LUKS device -- GitLab From 76d8ed064a1482d90745f8601816413a344f5bcf Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Fri, 27 May 2022 00:37:59 +0000 Subject: [PATCH 023/347] debugging weird bug --- archiso/mkarchiso | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index c55411dc..c716c8f8 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -175,9 +175,9 @@ _run_mkluks() { fallocate -l "${_image_size}K" "${_image_path}" # TODO if [[ $encryption_key != "" ]]; then - encryption_key="--key-file ${encryption_key}" + encryption_key=" --key-file ${encryption_key}" fi - cryptsetup -y luksFormat --pbkdf-memory 256 "${_image_path} ${encryption_key}" + cryptsetup -y luksFormat --pbkdf-memory 256 "${_image_path}${encryption_key}" cryptsetup luksOpen "${_image_path}" "${app_name}_mapper" # cryptsetup config "${_image_path}" --label "${app_name}.luks" image_device="/dev/mapper/${app_name}_mapper" -- GitLab From 54d4103c9cb9da31100853ae99ffcb9c05a4f366 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Fri, 27 May 2022 00:39:56 +0000 Subject: [PATCH 024/347] fixed weird bug --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index c716c8f8..4f55b126 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -178,8 +178,8 @@ _run_mkluks() { encryption_key=" --key-file ${encryption_key}" fi cryptsetup -y luksFormat --pbkdf-memory 256 "${_image_path}${encryption_key}" + cryptsetup config "${_image_path}" --label "${app_name}.luks" cryptsetup luksOpen "${_image_path}" "${app_name}_mapper" - # cryptsetup config "${_image_path}" --label "${app_name}.luks" image_device="/dev/mapper/${app_name}_mapper" _msg_info "Done!" -- GitLab From bfdc91d37f1bf481657cef1171607fe3ffc7e5f3 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Fri, 27 May 2022 03:31:36 +0000 Subject: [PATCH 025/347] moved encrypted test profile to archiso-profiles package --- configs/encrypted/airootfs/etc/hostname | 1 - configs/encrypted/airootfs/etc/locale.conf | 1 - configs/encrypted/airootfs/etc/localtime | 1 - .../encrypted/airootfs/etc/mkinitcpio.conf | 67 ----- .../airootfs/etc/mkinitcpio.d/linux.preset | 8 - .../airootfs/etc/modprobe.d/broadcom-wl.conf | 7 - configs/encrypted/airootfs/etc/motd | 10 - .../etc/pacman.d/hooks/40-locale-gen.hook | 13 - .../etc/pacman.d/hooks/uncomment-mirrors.hook | 13 - ...z99-remove-custom-hooks-from-airootfs.hook | 18 -- configs/encrypted/airootfs/etc/passwd | 1 - configs/encrypted/airootfs/etc/resolv.conf | 1 - configs/encrypted/airootfs/etc/shadow | 1 - .../encrypted/airootfs/etc/ssh/sshd_config | 116 -------- .../journald.conf.d/volatile-storage.conf | 2 - .../systemd/logind.conf.d/do-not-suspend.conf | 4 - .../etc/systemd/network/20-ethernet.network | 18 -- .../etc/systemd/network/20-wlan.network | 17 -- .../etc/systemd/network/20-wwan.network | 17 -- .../etc/systemd/system/choose-mirror.service | 10 - .../cloud-config.service | 1 - .../cloud-final.service | 1 - .../cloud-init-local.service | 1 - .../cloud-init.service | 1 - ...dbus-org.freedesktop.ModemManager1.service | 1 - .../dbus-org.freedesktop.network1.service | 1 - .../dbus-org.freedesktop.resolve1.service | 1 - .../systemd/system/etc-pacman.d-gnupg.mount | 8 - .../getty@tty1.service.d/autologin.conf | 3 - .../system/livecd-alsa-unmuter.service | 13 - .../etc/systemd/system/livecd-talk.service | 20 -- .../ModemManager.service | 1 - .../choose-mirror.service | 1 - .../multi-user.target.wants/iwd.service | 1 - .../livecd-talk.service | 1 - .../pacman-init.service | 1 - .../qemu-guest-agent.service | 1 - .../multi-user.target.wants/reflector.service | 1 - .../multi-user.target.wants/sshd.service | 1 - .../systemd-networkd.service | 1 - .../systemd-resolved.service | 1 - .../vboxservice.service | 1 - .../systemd-networkd-wait-online.service | 1 - .../etc/systemd/system/pacman-init.service | 13 - .../system/reflector.service.d/archiso.conf | 6 - .../systemd-networkd.socket | 1 - .../livecd-alsa-unmuter.service | 1 - .../wait-for-only-one-interface.conf | 6 - .../airootfs/etc/xdg/reflector/reflector.conf | 6 - .../airootfs/root/.automated_script.sh | 34 --- configs/encrypted/airootfs/root/.zlogin | 6 - .../airootfs/usr/local/bin/Installation_guide | 5 - .../airootfs/usr/local/bin/choose-mirror | 28 -- .../airootfs/usr/local/bin/livecd-sound | 248 ------------------ .../local/share/livecd-sound/asound.conf.in | 3 - configs/encrypted/bootstrap_packages.x86_64 | 2 - .../entries/01-archiso-x86_64-linux.conf | 6 - .../02-archiso-x86_64-speech-linux.conf | 6 - .../entries/03-archiso-x86_64-ram-linux.conf | 6 - configs/encrypted/efiboot/loader/loader.conf | 2 - configs/encrypted/grub/grub.cfg | 43 --- configs/encrypted/packages.x86_64 | 120 --------- configs/encrypted/pacman.conf | 102 ------- configs/encrypted/profiledef.sh | 24 -- configs/encrypted/syslinux/archiso_head.cfg | 28 -- .../encrypted/syslinux/archiso_pxe-linux.cfg | 32 --- configs/encrypted/syslinux/archiso_pxe.cfg | 5 - .../encrypted/syslinux/archiso_sys-linux.cfg | 31 --- configs/encrypted/syslinux/archiso_sys.cfg | 8 - configs/encrypted/syslinux/archiso_tail.cfg | 35 --- configs/encrypted/syslinux/splash.png | Bin 45400 -> 0 bytes configs/encrypted/syslinux/syslinux.cfg | 11 - 72 files changed, 1207 deletions(-) delete mode 100644 configs/encrypted/airootfs/etc/hostname delete mode 100644 configs/encrypted/airootfs/etc/locale.conf delete mode 120000 configs/encrypted/airootfs/etc/localtime delete mode 100644 configs/encrypted/airootfs/etc/mkinitcpio.conf delete mode 100644 configs/encrypted/airootfs/etc/mkinitcpio.d/linux.preset delete mode 100644 configs/encrypted/airootfs/etc/modprobe.d/broadcom-wl.conf delete mode 100644 configs/encrypted/airootfs/etc/motd delete mode 100644 configs/encrypted/airootfs/etc/pacman.d/hooks/40-locale-gen.hook delete mode 100644 configs/encrypted/airootfs/etc/pacman.d/hooks/uncomment-mirrors.hook delete mode 100644 configs/encrypted/airootfs/etc/pacman.d/hooks/zzzz99-remove-custom-hooks-from-airootfs.hook delete mode 100644 configs/encrypted/airootfs/etc/passwd delete mode 120000 configs/encrypted/airootfs/etc/resolv.conf delete mode 100644 configs/encrypted/airootfs/etc/shadow delete mode 100644 configs/encrypted/airootfs/etc/ssh/sshd_config delete mode 100644 configs/encrypted/airootfs/etc/systemd/journald.conf.d/volatile-storage.conf delete mode 100644 configs/encrypted/airootfs/etc/systemd/logind.conf.d/do-not-suspend.conf delete mode 100644 configs/encrypted/airootfs/etc/systemd/network/20-ethernet.network delete mode 100644 configs/encrypted/airootfs/etc/systemd/network/20-wlan.network delete mode 100644 configs/encrypted/airootfs/etc/systemd/network/20-wwan.network delete mode 100644 configs/encrypted/airootfs/etc/systemd/system/choose-mirror.service delete mode 120000 configs/encrypted/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-config.service delete mode 120000 configs/encrypted/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-final.service delete mode 120000 configs/encrypted/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-init-local.service delete mode 120000 configs/encrypted/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-init.service delete mode 120000 configs/encrypted/airootfs/etc/systemd/system/dbus-org.freedesktop.ModemManager1.service delete mode 120000 configs/encrypted/airootfs/etc/systemd/system/dbus-org.freedesktop.network1.service delete mode 120000 configs/encrypted/airootfs/etc/systemd/system/dbus-org.freedesktop.resolve1.service delete mode 100644 configs/encrypted/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount delete mode 100644 configs/encrypted/airootfs/etc/systemd/system/getty@tty1.service.d/autologin.conf delete mode 100644 configs/encrypted/airootfs/etc/systemd/system/livecd-alsa-unmuter.service delete mode 100644 configs/encrypted/airootfs/etc/systemd/system/livecd-talk.service delete mode 120000 configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/ModemManager.service delete mode 120000 configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/choose-mirror.service delete mode 120000 configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/iwd.service delete mode 120000 configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/livecd-talk.service delete mode 120000 configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/pacman-init.service delete mode 120000 configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/qemu-guest-agent.service delete mode 120000 configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/reflector.service delete mode 120000 configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/sshd.service delete mode 120000 configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/systemd-networkd.service delete mode 120000 configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/systemd-resolved.service delete mode 120000 configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/vboxservice.service delete mode 120000 configs/encrypted/airootfs/etc/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service delete mode 100644 configs/encrypted/airootfs/etc/systemd/system/pacman-init.service delete mode 100644 configs/encrypted/airootfs/etc/systemd/system/reflector.service.d/archiso.conf delete mode 120000 configs/encrypted/airootfs/etc/systemd/system/sockets.target.wants/systemd-networkd.socket delete mode 120000 configs/encrypted/airootfs/etc/systemd/system/sound.target.wants/livecd-alsa-unmuter.service delete mode 100644 configs/encrypted/airootfs/etc/systemd/system/systemd-networkd-wait-online.service.d/wait-for-only-one-interface.conf delete mode 100644 configs/encrypted/airootfs/etc/xdg/reflector/reflector.conf delete mode 100755 configs/encrypted/airootfs/root/.automated_script.sh delete mode 100644 configs/encrypted/airootfs/root/.zlogin delete mode 100755 configs/encrypted/airootfs/usr/local/bin/Installation_guide delete mode 100755 configs/encrypted/airootfs/usr/local/bin/choose-mirror delete mode 100755 configs/encrypted/airootfs/usr/local/bin/livecd-sound delete mode 100644 configs/encrypted/airootfs/usr/local/share/livecd-sound/asound.conf.in delete mode 100644 configs/encrypted/bootstrap_packages.x86_64 delete mode 100644 configs/encrypted/efiboot/loader/entries/01-archiso-x86_64-linux.conf delete mode 100644 configs/encrypted/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf delete mode 100644 configs/encrypted/efiboot/loader/entries/03-archiso-x86_64-ram-linux.conf delete mode 100644 configs/encrypted/efiboot/loader/loader.conf delete mode 100644 configs/encrypted/grub/grub.cfg delete mode 100644 configs/encrypted/packages.x86_64 delete mode 100644 configs/encrypted/pacman.conf delete mode 100644 configs/encrypted/profiledef.sh delete mode 100644 configs/encrypted/syslinux/archiso_head.cfg delete mode 100644 configs/encrypted/syslinux/archiso_pxe-linux.cfg delete mode 100644 configs/encrypted/syslinux/archiso_pxe.cfg delete mode 100644 configs/encrypted/syslinux/archiso_sys-linux.cfg delete mode 100644 configs/encrypted/syslinux/archiso_sys.cfg delete mode 100644 configs/encrypted/syslinux/archiso_tail.cfg delete mode 100644 configs/encrypted/syslinux/splash.png delete mode 100644 configs/encrypted/syslinux/syslinux.cfg diff --git a/configs/encrypted/airootfs/etc/hostname b/configs/encrypted/airootfs/etc/hostname deleted file mode 100644 index 2dbe21eb..00000000 --- a/configs/encrypted/airootfs/etc/hostname +++ /dev/null @@ -1 +0,0 @@ -archiso diff --git a/configs/encrypted/airootfs/etc/locale.conf b/configs/encrypted/airootfs/etc/locale.conf deleted file mode 100644 index 01ec548f..00000000 --- a/configs/encrypted/airootfs/etc/locale.conf +++ /dev/null @@ -1 +0,0 @@ -LANG=en_US.UTF-8 diff --git a/configs/encrypted/airootfs/etc/localtime b/configs/encrypted/airootfs/etc/localtime deleted file mode 120000 index 0e35b576..00000000 --- a/configs/encrypted/airootfs/etc/localtime +++ /dev/null @@ -1 +0,0 @@ -/usr/share/zoneinfo/UTC \ No newline at end of file diff --git a/configs/encrypted/airootfs/etc/mkinitcpio.conf b/configs/encrypted/airootfs/etc/mkinitcpio.conf deleted file mode 100644 index e2e4419b..00000000 --- a/configs/encrypted/airootfs/etc/mkinitcpio.conf +++ /dev/null @@ -1,67 +0,0 @@ -# vim:set ft=sh -# MODULES -# The following modules are loaded before any boot hooks are -# run. Advanced users may wish to specify all system modules -# in this array. For instance: -# MODULES=(piix ide_disk reiserfs) -MODULES=() - -# BINARIES -# This setting includes any additional binaries a given user may -# wish into the CPIO image. This is run last, so it may be used to -# override the actual binaries included by a given hook -# BINARIES are dependency parsed, so you may safely ignore libraries -BINARIES=() - -# FILES -# This setting is similar to BINARIES above, however, files are added -# as-is and are not parsed in any way. This is useful for config files. -FILES=() - -# HOOKS -# This is the most important setting in this file. The HOOKS control the -# modules and scripts added to the image, and what happens at boot time. -# Order is important, and it is recommended that you do not change the -# order in which HOOKS are added. Run 'mkinitcpio -H ' for -# help on a given hook. -# 'base' is _required_ unless you know precisely what you are doing. -# 'udev' is _required_ in order to automatically load modules -# 'filesystems' is _required_ unless you specify your fs modules in MODULES -# Examples: -## This setup specifies all modules in the MODULES setting above. -## No raid, lvm2, or encrypted root is needed. -# HOOKS=(base) -# -## This setup will autodetect all modules for your system and should -## work as a sane default -# HOOKS=(base udev autodetect block filesystems) -# -## This setup will generate a 'full' image which supports most systems. -## No autodetection is done. -# HOOKS=(base udev block filesystems) -# -## This setup assembles a pata mdadm array with an encrypted root FS. -## Note: See 'mkinitcpio -H mdadm' for more information on raid devices. -# HOOKS=(base udev block mdadm encrypt filesystems) -# -## This setup loads an lvm2 volume group on a usb device. -# HOOKS=(base udev block lvm2 filesystems) -# -## NOTE: If you have /usr on a separate partition, you MUST include the -# usr, fsck and shutdown hooks. -HOOKS=(base udev modconf keymap keyboard memdisk archiso_shutdown archiso archiso_loop_mnt archiso_pxe_common archiso_pxe_nbd archiso_pxe_http archiso_pxe_nfs archiso_kms block filesystems) - -# COMPRESSION -# Use this to compress the initramfs image. By default, gzip compression -# is used. Use 'cat' to create an uncompressed image. -#COMPRESSION="gzip" -#COMPRESSION="bzip2" -#COMPRESSION="lzma" -COMPRESSION="xz" -#COMPRESSION="lzop" -#COMPRESSION="lz4" -#COMPRESSION="zstd" - -# COMPRESSION_OPTIONS -# Additional options for the compressor -#COMPRESSION_OPTIONS=() diff --git a/configs/encrypted/airootfs/etc/mkinitcpio.d/linux.preset b/configs/encrypted/airootfs/etc/mkinitcpio.d/linux.preset deleted file mode 100644 index 9f67184a..00000000 --- a/configs/encrypted/airootfs/etc/mkinitcpio.d/linux.preset +++ /dev/null @@ -1,8 +0,0 @@ -# mkinitcpio preset file for the 'linux' package on archiso - -PRESETS=('archiso') - -ALL_kver='/boot/vmlinuz-linux' -ALL_config='/etc/mkinitcpio.conf' - -archiso_image="/boot/initramfs-linux.img" diff --git a/configs/encrypted/airootfs/etc/modprobe.d/broadcom-wl.conf b/configs/encrypted/airootfs/etc/modprobe.d/broadcom-wl.conf deleted file mode 100644 index 0eae70c9..00000000 --- a/configs/encrypted/airootfs/etc/modprobe.d/broadcom-wl.conf +++ /dev/null @@ -1,7 +0,0 @@ -# The broadcom-wl package requires some modules to be disabled in order to use -# wl. Since the ISO image needs to cover many hardware cases, this file -# overrides the default blacklist in /usr/lib/modprobe.d/ -# -# If you need to use wl, you may need to delete this file, then `rmmod` any -# already-loaded modules that are now blacklisted before proceeding to modprobe -# wl itself. diff --git a/configs/encrypted/airootfs/etc/motd b/configs/encrypted/airootfs/etc/motd deleted file mode 100644 index 1ddc9c3e..00000000 --- a/configs/encrypted/airootfs/etc/motd +++ /dev/null @@ -1,10 +0,0 @@ -To install Arch Linux follow the installation guide: -https://wiki.archlinux.org/title/Installation_guide - -For Wi-Fi, authenticate to the wireless network using the iwctl utility. -For mobile broadband (WWAN) modems, connect with the mmcli utility. -Ethernet, WLAN and WWAN interfaces using DHCP should work automatically. - -After connecting to the internet, the installation guide can be accessed -via the convenience script Installation_guide. - diff --git a/configs/encrypted/airootfs/etc/pacman.d/hooks/40-locale-gen.hook b/configs/encrypted/airootfs/etc/pacman.d/hooks/40-locale-gen.hook deleted file mode 100644 index 82dd1994..00000000 --- a/configs/encrypted/airootfs/etc/pacman.d/hooks/40-locale-gen.hook +++ /dev/null @@ -1,13 +0,0 @@ -# remove from airootfs! -[Trigger] -Operation = Install -Type = Package -Target = glibc - -[Action] -Description = Uncommenting en_US.UTF-8 locale and running locale-gen... -When = PostTransaction -Depends = glibc -Depends = sed -Depends = sh -Exec = /bin/sh -c "sed -i 's/#\(en_US\.UTF-8\)/\1/' /etc/locale.gen && locale-gen" diff --git a/configs/encrypted/airootfs/etc/pacman.d/hooks/uncomment-mirrors.hook b/configs/encrypted/airootfs/etc/pacman.d/hooks/uncomment-mirrors.hook deleted file mode 100644 index 342aa95b..00000000 --- a/configs/encrypted/airootfs/etc/pacman.d/hooks/uncomment-mirrors.hook +++ /dev/null @@ -1,13 +0,0 @@ -# remove from airootfs! -[Trigger] -Operation = Install -Operation = Upgrade -Type = Package -Target = pacman-mirrorlist - -[Action] -Description = Uncommenting all mirrors in /etc/pacman.d/mirrorlist... -When = PostTransaction -Depends = pacman-mirrorlist -Depends = sed -Exec = /usr/bin/sed -i "s/#Server/Server/g" /etc/pacman.d/mirrorlist diff --git a/configs/encrypted/airootfs/etc/pacman.d/hooks/zzzz99-remove-custom-hooks-from-airootfs.hook b/configs/encrypted/airootfs/etc/pacman.d/hooks/zzzz99-remove-custom-hooks-from-airootfs.hook deleted file mode 100644 index 8dfb9435..00000000 --- a/configs/encrypted/airootfs/etc/pacman.d/hooks/zzzz99-remove-custom-hooks-from-airootfs.hook +++ /dev/null @@ -1,18 +0,0 @@ -# remove from airootfs! -# As a workaround for https://bugs.archlinux.org/task/49347 , remove pacman hooks specific to the ISO build process. -# If not, they would be used when pacstrap is run in the live environment. - -[Trigger] -Operation = Install -Operation = Upgrade -Operation = Remove -Type = Package -Target = * - -[Action] -Description = Work around FS#49347 by removing custom pacman hooks that are only required during ISO build... -When = PostTransaction -Depends = sh -Depends = coreutils -Depends = grep -Exec = /bin/sh -c "rm -- $(grep -Frl 'remove from airootfs' /etc/pacman.d/hooks/)" diff --git a/configs/encrypted/airootfs/etc/passwd b/configs/encrypted/airootfs/etc/passwd deleted file mode 100644 index 2807d5d6..00000000 --- a/configs/encrypted/airootfs/etc/passwd +++ /dev/null @@ -1 +0,0 @@ -root:x:0:0:root:/root:/usr/bin/zsh diff --git a/configs/encrypted/airootfs/etc/resolv.conf b/configs/encrypted/airootfs/etc/resolv.conf deleted file mode 120000 index 36396629..00000000 --- a/configs/encrypted/airootfs/etc/resolv.conf +++ /dev/null @@ -1 +0,0 @@ -/run/systemd/resolve/stub-resolv.conf \ No newline at end of file diff --git a/configs/encrypted/airootfs/etc/shadow b/configs/encrypted/airootfs/etc/shadow deleted file mode 100644 index 7edfd69b..00000000 --- a/configs/encrypted/airootfs/etc/shadow +++ /dev/null @@ -1 +0,0 @@ -root::14871:::::: diff --git a/configs/encrypted/airootfs/etc/ssh/sshd_config b/configs/encrypted/airootfs/etc/ssh/sshd_config deleted file mode 100644 index 93f7d63a..00000000 --- a/configs/encrypted/airootfs/etc/ssh/sshd_config +++ /dev/null @@ -1,116 +0,0 @@ -# $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $ - -# This is the sshd server system-wide configuration file. See -# sshd_config(5) for more information. - -# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/bin - -# The strategy used for options in the default sshd_config shipped with -# OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options override the -# default value. - -#Port 22 -#AddressFamily any -#ListenAddress 0.0.0.0 -#ListenAddress :: - -#HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_ecdsa_key -#HostKey /etc/ssh/ssh_host_ed25519_key - -# Ciphers and keying -#RekeyLimit default none - -# Logging -#SyslogFacility AUTH -#LogLevel INFO - -# Authentication: - -#LoginGraceTime 2m -PermitRootLogin yes -#StrictModes yes -#MaxAuthTries 6 -#MaxSessions 10 - -#PubkeyAuthentication yes - -# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 -# but this is overridden so installations will only check .ssh/authorized_keys -AuthorizedKeysFile .ssh/authorized_keys - -#AuthorizedPrincipalsFile none - -#AuthorizedKeysCommand none -#AuthorizedKeysCommandUser nobody - -# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#HostbasedAuthentication no -# Change to yes if you don't trust ~/.ssh/known_hosts for -# HostbasedAuthentication -#IgnoreUserKnownHosts no -# Don't read the user's ~/.rhosts and ~/.shosts files -#IgnoreRhosts yes - -# To disable tunneled clear text passwords, change to no here! -#PasswordAuthentication yes -#PermitEmptyPasswords no - -# Change to no to disable s/key passwords -#KbdInteractiveAuthentication yes - -# Kerberos options -#KerberosAuthentication no -#KerberosOrLocalPasswd yes -#KerberosTicketCleanup yes -#KerberosGetAFSToken no - -# GSSAPI options -#GSSAPIAuthentication no -#GSSAPICleanupCredentials yes - -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will -# be allowed through the KbdInteractiveAuthentication and -# PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via KbdInteractiveAuthentication may bypass -# the setting of "PermitRootLogin without-password". -# If you just want the PAM account and session checks to run without -# PAM authentication, then enable this but set PasswordAuthentication -# and KbdInteractiveAuthentication to 'no'. -UsePAM yes - -#AllowAgentForwarding yes -#AllowTcpForwarding yes -#GatewayPorts no -#X11Forwarding no -#X11DisplayOffset 10 -#X11UseLocalhost yes -#PermitTTY yes -PrintMotd no # pam does that -#PrintLastLog yes -#TCPKeepAlive yes -#PermitUserEnvironment no -#Compression delayed -#ClientAliveInterval 0 -#ClientAliveCountMax 3 -#UseDNS no -#PidFile /run/sshd.pid -#MaxStartups 10:30:100 -#PermitTunnel no -#ChrootDirectory none -#VersionAddendum none - -# no default banner path -#Banner none - -# override default of no subsystems -Subsystem sftp /usr/lib/ssh/sftp-server - -# Example of overriding settings on a per-user basis -#Match User anoncvs -# X11Forwarding no -# AllowTcpForwarding no -# PermitTTY no -# ForceCommand cvs server diff --git a/configs/encrypted/airootfs/etc/systemd/journald.conf.d/volatile-storage.conf b/configs/encrypted/airootfs/etc/systemd/journald.conf.d/volatile-storage.conf deleted file mode 100644 index b69850df..00000000 --- a/configs/encrypted/airootfs/etc/systemd/journald.conf.d/volatile-storage.conf +++ /dev/null @@ -1,2 +0,0 @@ -[Journal] -Storage=volatile diff --git a/configs/encrypted/airootfs/etc/systemd/logind.conf.d/do-not-suspend.conf b/configs/encrypted/airootfs/etc/systemd/logind.conf.d/do-not-suspend.conf deleted file mode 100644 index f3ecb393..00000000 --- a/configs/encrypted/airootfs/etc/systemd/logind.conf.d/do-not-suspend.conf +++ /dev/null @@ -1,4 +0,0 @@ -[Login] -HandleSuspendKey=ignore -HandleHibernateKey=ignore -HandleLidSwitch=ignore diff --git a/configs/encrypted/airootfs/etc/systemd/network/20-ethernet.network b/configs/encrypted/airootfs/etc/systemd/network/20-ethernet.network deleted file mode 100644 index f2a7d602..00000000 --- a/configs/encrypted/airootfs/etc/systemd/network/20-ethernet.network +++ /dev/null @@ -1,18 +0,0 @@ -[Match] -Name=en* -Name=eth* - -[Network] -DHCP=yes -IPv6PrivacyExtensions=yes - -# systemd-networkd does not set per-interface-type default route metrics -# https://github.com/systemd/systemd/issues/17698 -# Explicitly set route metric, so that Ethernet is preferred over Wi-Fi and Wi-Fi is preferred over mobile broadband. -# Use values from NetworkManager. From nm_device_get_route_metric_default in -# https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/main/src/core/devices/nm-device.c -[DHCPv4] -RouteMetric=100 - -[IPv6AcceptRA] -RouteMetric=100 diff --git a/configs/encrypted/airootfs/etc/systemd/network/20-wlan.network b/configs/encrypted/airootfs/etc/systemd/network/20-wlan.network deleted file mode 100644 index 601d5b8f..00000000 --- a/configs/encrypted/airootfs/etc/systemd/network/20-wlan.network +++ /dev/null @@ -1,17 +0,0 @@ -[Match] -Name=wl* - -[Network] -DHCP=yes -IPv6PrivacyExtensions=yes - -# systemd-networkd does not set per-interface-type default route metrics -# https://github.com/systemd/systemd/issues/17698 -# Explicitly set route metric, so that Ethernet is preferred over Wi-Fi and Wi-Fi is preferred over mobile broadband. -# Use values from NetworkManager. From nm_device_get_route_metric_default in -# https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/main/src/core/devices/nm-device.c -[DHCPv4] -RouteMetric=600 - -[IPv6AcceptRA] -RouteMetric=600 diff --git a/configs/encrypted/airootfs/etc/systemd/network/20-wwan.network b/configs/encrypted/airootfs/etc/systemd/network/20-wwan.network deleted file mode 100644 index 9104c243..00000000 --- a/configs/encrypted/airootfs/etc/systemd/network/20-wwan.network +++ /dev/null @@ -1,17 +0,0 @@ -[Match] -Name=ww* - -[Network] -DHCP=yes -IPv6PrivacyExtensions=yes - -# systemd-networkd does not set per-interface-type default route metrics -# https://github.com/systemd/systemd/issues/17698 -# Explicitly set route metric, so that Ethernet is preferred over Wi-Fi and Wi-Fi is preferred over mobile broadband. -# Use values from NetworkManager. From nm_device_get_route_metric_default in -# https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/main/src/core/devices/nm-device.c -[DHCPv4] -RouteMetric=700 - -[IPv6AcceptRA] -RouteMetric=700 diff --git a/configs/encrypted/airootfs/etc/systemd/system/choose-mirror.service b/configs/encrypted/airootfs/etc/systemd/system/choose-mirror.service deleted file mode 100644 index b6a3562a..00000000 --- a/configs/encrypted/airootfs/etc/systemd/system/choose-mirror.service +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=Choose mirror from the kernel command line -ConditionKernelCommandLine=mirror - -[Service] -Type=oneshot -ExecStart=/usr/local/bin/choose-mirror - -[Install] -WantedBy=multi-user.target diff --git a/configs/encrypted/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-config.service b/configs/encrypted/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-config.service deleted file mode 120000 index ebc50f0c..00000000 --- a/configs/encrypted/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-config.service +++ /dev/null @@ -1 +0,0 @@ -/usr/lib/systemd/system/cloud-config.service \ No newline at end of file diff --git a/configs/encrypted/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-final.service b/configs/encrypted/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-final.service deleted file mode 120000 index 80fa3c82..00000000 --- a/configs/encrypted/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-final.service +++ /dev/null @@ -1 +0,0 @@ -/usr/lib/systemd/system/cloud-final.service \ No newline at end of file diff --git a/configs/encrypted/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-init-local.service b/configs/encrypted/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-init-local.service deleted file mode 120000 index dd8e9f1c..00000000 --- a/configs/encrypted/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-init-local.service +++ /dev/null @@ -1 +0,0 @@ -/usr/lib/systemd/system/cloud-init-local.service \ No newline at end of file diff --git a/configs/encrypted/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-init.service b/configs/encrypted/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-init.service deleted file mode 120000 index 24c7a26f..00000000 --- a/configs/encrypted/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-init.service +++ /dev/null @@ -1 +0,0 @@ -/usr/lib/systemd/system/cloud-init.service \ No newline at end of file diff --git a/configs/encrypted/airootfs/etc/systemd/system/dbus-org.freedesktop.ModemManager1.service b/configs/encrypted/airootfs/etc/systemd/system/dbus-org.freedesktop.ModemManager1.service deleted file mode 120000 index dcf7c8ed..00000000 --- a/configs/encrypted/airootfs/etc/systemd/system/dbus-org.freedesktop.ModemManager1.service +++ /dev/null @@ -1 +0,0 @@ -/usr/lib/systemd/system/ModemManager.service \ No newline at end of file diff --git a/configs/encrypted/airootfs/etc/systemd/system/dbus-org.freedesktop.network1.service b/configs/encrypted/airootfs/etc/systemd/system/dbus-org.freedesktop.network1.service deleted file mode 120000 index 4c158e62..00000000 --- a/configs/encrypted/airootfs/etc/systemd/system/dbus-org.freedesktop.network1.service +++ /dev/null @@ -1 +0,0 @@ -/usr/lib/systemd/system/systemd-networkd.service \ No newline at end of file diff --git a/configs/encrypted/airootfs/etc/systemd/system/dbus-org.freedesktop.resolve1.service b/configs/encrypted/airootfs/etc/systemd/system/dbus-org.freedesktop.resolve1.service deleted file mode 120000 index 4f6ae342..00000000 --- a/configs/encrypted/airootfs/etc/systemd/system/dbus-org.freedesktop.resolve1.service +++ /dev/null @@ -1 +0,0 @@ -/usr/lib/systemd/system/systemd-resolved.service \ No newline at end of file diff --git a/configs/encrypted/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount b/configs/encrypted/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount deleted file mode 100644 index 4eab5513..00000000 --- a/configs/encrypted/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount +++ /dev/null @@ -1,8 +0,0 @@ -[Unit] -Description=Temporary /etc/pacman.d/gnupg directory - -[Mount] -What=tmpfs -Where=/etc/pacman.d/gnupg -Type=tmpfs -Options=mode=0755 diff --git a/configs/encrypted/airootfs/etc/systemd/system/getty@tty1.service.d/autologin.conf b/configs/encrypted/airootfs/etc/systemd/system/getty@tty1.service.d/autologin.conf deleted file mode 100644 index d1d8474c..00000000 --- a/configs/encrypted/airootfs/etc/systemd/system/getty@tty1.service.d/autologin.conf +++ /dev/null @@ -1,3 +0,0 @@ -[Service] -ExecStart= -ExecStart=-/sbin/agetty --autologin root --noclear %I 38400 linux diff --git a/configs/encrypted/airootfs/etc/systemd/system/livecd-alsa-unmuter.service b/configs/encrypted/airootfs/etc/systemd/system/livecd-alsa-unmuter.service deleted file mode 100644 index 03db4b95..00000000 --- a/configs/encrypted/airootfs/etc/systemd/system/livecd-alsa-unmuter.service +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=Unmute All Sound Card Controls For Use With The Live Arch Environment -# This needs to run after the audio device becomes available. -Wants=systemd-udev-settle.service -After=systemd-udev-settle.service sound.target -ConditionKernelCommandLine=accessibility=on - -[Service] -Type=oneshot -ExecStart=/usr/local/bin/livecd-sound -u - -[Install] -WantedBy=sound.target diff --git a/configs/encrypted/airootfs/etc/systemd/system/livecd-talk.service b/configs/encrypted/airootfs/etc/systemd/system/livecd-talk.service deleted file mode 100644 index b38df22c..00000000 --- a/configs/encrypted/airootfs/etc/systemd/system/livecd-talk.service +++ /dev/null @@ -1,20 +0,0 @@ -[Unit] -Description=Screen reader service -After=livecd-alsa-unmuter.service -Before=getty@tty1.service -ConditionKernelCommandLine=accessibility=on - -[Service] -Type=oneshot -TTYPath=/dev/tty13 -ExecStartPre=/usr/bin/chvt 13 -ExecStart=/usr/local/bin/livecd-sound -p -ExecStartPost=/usr/bin/chvt 1 -ExecStartPost=systemctl start espeakup.service -StandardInput=tty -TTYVHangup=yes -TTYVTDisallocate=yes -RemainAfterExit=true - -[Install] -WantedBy=multi-user.target diff --git a/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/ModemManager.service b/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/ModemManager.service deleted file mode 120000 index dcf7c8ed..00000000 --- a/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/ModemManager.service +++ /dev/null @@ -1 +0,0 @@ -/usr/lib/systemd/system/ModemManager.service \ No newline at end of file diff --git a/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/choose-mirror.service b/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/choose-mirror.service deleted file mode 120000 index 2d8d256a..00000000 --- a/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/choose-mirror.service +++ /dev/null @@ -1 +0,0 @@ -../choose-mirror.service \ No newline at end of file diff --git a/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/iwd.service b/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/iwd.service deleted file mode 120000 index 3625abda..00000000 --- a/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/iwd.service +++ /dev/null @@ -1 +0,0 @@ -/usr/lib/systemd/system/iwd.service \ No newline at end of file diff --git a/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/livecd-talk.service b/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/livecd-talk.service deleted file mode 120000 index b9174818..00000000 --- a/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/livecd-talk.service +++ /dev/null @@ -1 +0,0 @@ -/etc/systemd/system/livecd-talk.service \ No newline at end of file diff --git a/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/pacman-init.service b/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/pacman-init.service deleted file mode 120000 index d09eec68..00000000 --- a/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/pacman-init.service +++ /dev/null @@ -1 +0,0 @@ -../pacman-init.service \ No newline at end of file diff --git a/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/qemu-guest-agent.service b/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/qemu-guest-agent.service deleted file mode 120000 index 8e3ff802..00000000 --- a/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/qemu-guest-agent.service +++ /dev/null @@ -1 +0,0 @@ -/usr/lib/systemd/system/qemu-guest-agent.service \ No newline at end of file diff --git a/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/reflector.service b/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/reflector.service deleted file mode 120000 index d3727297..00000000 --- a/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/reflector.service +++ /dev/null @@ -1 +0,0 @@ -/usr/lib/systemd/system/reflector.service \ No newline at end of file diff --git a/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/sshd.service b/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/sshd.service deleted file mode 120000 index d21ebd9d..00000000 --- a/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/sshd.service +++ /dev/null @@ -1 +0,0 @@ -/usr/lib/systemd/system/sshd.service \ No newline at end of file diff --git a/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/systemd-networkd.service b/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/systemd-networkd.service deleted file mode 120000 index 4c158e62..00000000 --- a/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/systemd-networkd.service +++ /dev/null @@ -1 +0,0 @@ -/usr/lib/systemd/system/systemd-networkd.service \ No newline at end of file diff --git a/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/systemd-resolved.service b/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/systemd-resolved.service deleted file mode 120000 index 4f6ae342..00000000 --- a/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/systemd-resolved.service +++ /dev/null @@ -1 +0,0 @@ -/usr/lib/systemd/system/systemd-resolved.service \ No newline at end of file diff --git a/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/vboxservice.service b/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/vboxservice.service deleted file mode 120000 index cb2d5604..00000000 --- a/configs/encrypted/airootfs/etc/systemd/system/multi-user.target.wants/vboxservice.service +++ /dev/null @@ -1 +0,0 @@ -/usr/lib/systemd/system/vboxservice.service \ No newline at end of file diff --git a/configs/encrypted/airootfs/etc/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service b/configs/encrypted/airootfs/etc/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service deleted file mode 120000 index 7d6ad92c..00000000 --- a/configs/encrypted/airootfs/etc/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service +++ /dev/null @@ -1 +0,0 @@ -/usr/lib/systemd/system/systemd-networkd-wait-online.service \ No newline at end of file diff --git a/configs/encrypted/airootfs/etc/systemd/system/pacman-init.service b/configs/encrypted/airootfs/etc/systemd/system/pacman-init.service deleted file mode 100644 index b18f7f83..00000000 --- a/configs/encrypted/airootfs/etc/systemd/system/pacman-init.service +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=Initializes Pacman keyring -Requires=etc-pacman.d-gnupg.mount -After=etc-pacman.d-gnupg.mount - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=/usr/bin/pacman-key --init -ExecStart=/usr/bin/pacman-key --populate - -[Install] -WantedBy=multi-user.target diff --git a/configs/encrypted/airootfs/etc/systemd/system/reflector.service.d/archiso.conf b/configs/encrypted/airootfs/etc/systemd/system/reflector.service.d/archiso.conf deleted file mode 100644 index de6664df..00000000 --- a/configs/encrypted/airootfs/etc/systemd/system/reflector.service.d/archiso.conf +++ /dev/null @@ -1,6 +0,0 @@ -[Unit] -ConditionKernelCommandLine=!mirror - -[Service] -Restart=on-failure -RestartSec=10 diff --git a/configs/encrypted/airootfs/etc/systemd/system/sockets.target.wants/systemd-networkd.socket b/configs/encrypted/airootfs/etc/systemd/system/sockets.target.wants/systemd-networkd.socket deleted file mode 120000 index 51942c8e..00000000 --- a/configs/encrypted/airootfs/etc/systemd/system/sockets.target.wants/systemd-networkd.socket +++ /dev/null @@ -1 +0,0 @@ -/usr/lib/systemd/system/systemd-networkd.socket \ No newline at end of file diff --git a/configs/encrypted/airootfs/etc/systemd/system/sound.target.wants/livecd-alsa-unmuter.service b/configs/encrypted/airootfs/etc/systemd/system/sound.target.wants/livecd-alsa-unmuter.service deleted file mode 120000 index 98c0fc87..00000000 --- a/configs/encrypted/airootfs/etc/systemd/system/sound.target.wants/livecd-alsa-unmuter.service +++ /dev/null @@ -1 +0,0 @@ -../livecd-alsa-unmuter.service \ No newline at end of file diff --git a/configs/encrypted/airootfs/etc/systemd/system/systemd-networkd-wait-online.service.d/wait-for-only-one-interface.conf b/configs/encrypted/airootfs/etc/systemd/system/systemd-networkd-wait-online.service.d/wait-for-only-one-interface.conf deleted file mode 100644 index c9f9bcea..00000000 --- a/configs/encrypted/airootfs/etc/systemd/system/systemd-networkd-wait-online.service.d/wait-for-only-one-interface.conf +++ /dev/null @@ -1,6 +0,0 @@ -# Allow systemd-networkd-wait-online to succeed with one interface, otherwise, if multiple network interfaces exist, -# network-online.target gets needlessly delayed. -# See https://wiki.archlinux.org/title/systemd-networkd#systemd-networkd-wait-online -[Service] -ExecStart= -ExecStart=/usr/lib/systemd/systemd-networkd-wait-online --any diff --git a/configs/encrypted/airootfs/etc/xdg/reflector/reflector.conf b/configs/encrypted/airootfs/etc/xdg/reflector/reflector.conf deleted file mode 100644 index 9a72b0d8..00000000 --- a/configs/encrypted/airootfs/etc/xdg/reflector/reflector.conf +++ /dev/null @@ -1,6 +0,0 @@ -# Reflector configuration file for the systemd service. - ---save /etc/pacman.d/mirrorlist ---protocol https ---latest 20 ---sort rate diff --git a/configs/encrypted/airootfs/root/.automated_script.sh b/configs/encrypted/airootfs/root/.automated_script.sh deleted file mode 100755 index 52c47e6a..00000000 --- a/configs/encrypted/airootfs/root/.automated_script.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/usr/bin/env bash - -script_cmdline () -{ - local param - for param in $(< /proc/cmdline); do - case "${param}" in - script=*) echo "${param#*=}" ; return 0 ;; - esac - done -} - -automated_script () -{ - local script rt - script="$(script_cmdline)" - if [[ -n "${script}" && ! -x /tmp/startup_script ]]; then - if [[ "${script}" =~ ^((http|https|ftp)://) ]]; then - curl "${script}" --location --retry-connrefused --retry 10 -s -o /tmp/startup_script >/dev/null - rt=$? - else - cp "${script}" /tmp/startup_script - rt=$? - fi - if [[ ${rt} -eq 0 ]]; then - chmod +x /tmp/startup_script - /tmp/startup_script - fi - fi -} - -if [[ $(tty) == "/dev/tty1" ]]; then - automated_script -fi diff --git a/configs/encrypted/airootfs/root/.zlogin b/configs/encrypted/airootfs/root/.zlogin deleted file mode 100644 index 0fb119df..00000000 --- a/configs/encrypted/airootfs/root/.zlogin +++ /dev/null @@ -1,6 +0,0 @@ -# fix for screen readers -if grep -Fq 'accessibility=' /proc/cmdline &> /dev/null; then - setopt SINGLE_LINE_ZLE -fi - -~/.automated_script.sh diff --git a/configs/encrypted/airootfs/usr/local/bin/Installation_guide b/configs/encrypted/airootfs/usr/local/bin/Installation_guide deleted file mode 100755 index 42667548..00000000 --- a/configs/encrypted/airootfs/usr/local/bin/Installation_guide +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh -# -# SPDX-License-Identifier: GPL-3.0-or-later - -exec lynx 'https://wiki.archlinux.org/title/Installation_guide' diff --git a/configs/encrypted/airootfs/usr/local/bin/choose-mirror b/configs/encrypted/airootfs/usr/local/bin/choose-mirror deleted file mode 100755 index b021945b..00000000 --- a/configs/encrypted/airootfs/usr/local/bin/choose-mirror +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash -# -# SPDX-License-Identifier: GPL-3.0-or-later - -get_cmdline() { - local param - for param in $(< /proc/cmdline); do - case "${param}" in - $1=*) echo "${param##*=}"; - return 0 - ;; - esac - done -} - -mirror=$(get_cmdline mirror) -[[ $mirror = auto ]] && mirror=$(get_cmdline archiso_http_srv) -[[ $mirror ]] || exit 0 - -mv /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.orig -cat >/etc/pacman.d/mirrorlist << EOF -# -# Arch Linux repository mirrorlist -# Generated by archiso -# - -Server = ${mirror%%/}/\$repo/os/\$arch -EOF diff --git a/configs/encrypted/airootfs/usr/local/bin/livecd-sound b/configs/encrypted/airootfs/usr/local/bin/livecd-sound deleted file mode 100755 index baae0d26..00000000 --- a/configs/encrypted/airootfs/usr/local/bin/livecd-sound +++ /dev/null @@ -1,248 +0,0 @@ -#!/usr/bin/env bash -# -# SPDX-License-Identifier: GPL-3.0-or-later - -usage() { - cat <<- _EOF_ - live cd sound helper script. - Usage: livecdsound [OPTION] - OPTIONS - -u, --unmute unmute all sound cards - -p, --pick select a card for speetch output - -h, --help Show this usage message - -_EOF_ -} - -bugout () { - printf "/usr/local/bin/livecdsound: programming error" - stat_fail -} - -echo_card_indices() -{ - if [ -f /proc/asound/cards ] ; then - sed -n -e's/^[[:space:]]*\([0-7]\)[[:space:]].*/\1/p' /proc/asound/cards - fi -} - -# The following functions try to set many controls. -# No card has all the controls and so some of the attempts are bound to fail. -# Because of this, the functions can't return useful status values. - -# $1 -# $2 -# $3 -unmute_and_set_level(){ - { [ "$3" ] &&[ "$2" ] && [ "$1" ] ; } || bugout - systemd-cat -t "livecdsound" printf "Setting: %s on card: %s to %s\n" "$2" "$1" "$3" - systemd-cat -t "livecdsound" amixer -c "$1" set "$2" "$3" unmute - return 0 -} - -# $1 -# $2 -mute_and_zero_level() -{ - { [ "$1" ] && [ "$2" ] ; } || bugout - systemd-cat -t "livecdsound" printf "Muting control: %s on card: %s\n" "$2" "$1" - systemd-cat -t "livecdsound" amixer -c "$1" set "$2" "0%" mute - return 0 -} - -# $1 -# $2 -# $3 "on" | "off" -switch_control() -{ - { [ "$3" ] && [ "$1" ] ; } || bugout - systemd-cat -t "livecdsound" printf "Switching control: %s on card: %s to %s\n" "$2" "$1" "$3" - systemd-cat -t "livecdsound" amixer -c "$1" set "$2" "$3" - return 0 -} - -# $1 -sanify_levels_on_card() -{ - unmute_and_set_level "$1" "Front" "80%" - unmute_and_set_level "$1" "Master" "80%" - unmute_and_set_level "$1" "Master Mono" "80%" - unmute_and_set_level "$1" "Master Digital" "80%" # E.g., cs4237B - unmute_and_set_level "$1" "Playback" "80%" - unmute_and_set_level "$1" "Headphone" "100%" - unmute_and_set_level "$1" "PCM" "80%" - unmute_and_set_level "$1" "PCM,1" "80%" # E.g., ess1969 - unmute_and_set_level "$1" "DAC" "80%" # E.g., envy24, cs46xx - unmute_and_set_level "$1" "DAC,0" "80%" # E.g., envy24 - unmute_and_set_level "$1" "DAC,1" "80%" # E.g., envy24 - unmute_and_set_level "$1" "Synth" "80%" - unmute_and_set_level "$1" "CD" "80%" - unmute_and_set_level "$1" "PC Speaker" "100%" - - mute_and_zero_level "$1" "Mic" - mute_and_zero_level "$1" "IEC958" # Ubuntu #19648 - - # Intel P4P800-MX - switch_control "$1" "Master Playback Switch" on - switch_control "$1" "Master Surround" on - - # Trident/YMFPCI/emu10k1: - unmute_and_set_level "$1" "Wave" "80%" - unmute_and_set_level "$1" "Music" "80%" - unmute_and_set_level "$1" "AC97" "80%" - - # DRC: - unmute_and_set_level "$1" "Dynamic Range Compression" "80%" - - # Required for HDA Intel (hda-intel): - unmute_and_set_level "$1" "Front" "80%" - - # Required for SB Live 7.1/24-bit (ca0106): - unmute_and_set_level "$1" "Analog Front" "80%" - - # Required at least for Via 823x hardware on DFI K8M800-MLVF Motherboard - switch_control "$1" "IEC958 Capture Monitor" off - - # Required for hardware allowing toggles for AC97 through IEC958, - # valid values are 0, 1, 2, 3. Needs to be set to 0 for PCM1. - unmute_and_set_level "$1" "IEC958 Playback AC97-SPSA" "0" - - # Required for newer Via hardware - unmute_and_set_level "$1" "VIA DXS,0" "80%" - unmute_and_set_level "$1" "VIA DXS,1" "80%" - unmute_and_set_level "$1" "VIA DXS,2" "80%" - unmute_and_set_level "$1" "VIA DXS,3" "80%" - - # Required on some notebooks with ICH4: - switch_control "$1" "Headphone Jack Sense" off - switch_control "$1" "Line Jack Sense" off - - # Some machines need one or more of these to be on; - # others need one or more of these to be off: - - switch_control "$1" "Audigy Analog/Digital Output Jack" on - switch_control "$1" "SB Live Analog/Digital Output Jack" on - - # D1984 -- Thinkpad T61/X61 - switch_control "$1" "Speaker" on - switch_control "$1" "Headphone" on - - # HDA-Intel w/ "Digital" capture mixer (See Ubuntu #193823) - unmute_and_set_level "$1" "Digital" "80%" - - return 0 -} - -# $1 | "all" -sanify_levels() -{ - local ttsdml_returnstatus=0 - local card - case "$1" in - all) - for card in $(echo_card_indices) ; do - sanify_levels_on_card "$card" || ttsdml_returnstatus=1 - done - ;; - *) - sanify_levels_on_card "$1" || ttsdml_returnstatus=1 - ;; - esac - return $ttsdml_returnstatus -} - -# List all cards that *should* be usable for PCM audio. In my experience, -# the console speaker (handled by the pcsp driver) isn't a suitable playback -# device, so we'll exclude it. -list_non_pcsp_cards() -{ - for card in $(echo_card_indices); do - local cardfile="/proc/asound/card${card}/id" - if [ -r "$cardfile" ] && [ -f "$cardfile" ] && \ - [ "$(cat "$cardfile")" != pcsp ]; then - echo "$card" - fi - done -} - -# Properly initialize the sound card so that we have audio at boot. -unmute_all_cards() -{ - sanify_levels all -} - -is_numeric() { - local str=$1 - [[ "$str" =~ ^[0-9]+$ ]] -} - -set_default_card() { - local card=$1 - sed -e "s/%card%/$card/g" < /usr/local/share/livecd-sound/asound.conf.in \ - > /etc/asound.conf -} - -play_on_card() { - local card=$1 file=$2 - aplay -q "-Dplughw:$card,0" "$file" -} - -# If there are multiple usable sound cards, prompt the user to choose one, -# using auditory feedback. -pick_a_card() -{ - set -f - usable_cards="$(list_non_pcsp_cards)" - num_usable_cards="$(wc -w <<< "$usable_cards")" - - if [ "$num_usable_cards" -eq 1 ]; then - systemd-cat -t "livecdsound" printf "Only one sound card is detected\n" - exit 0 - fi - systemd-cat -t "livecdsound" printf "multiple sound cards detected\n" - for card in $usable_cards; do - if ! is_numeric "$card"; then - continue - fi - play_on_card "$card" /usr/share/livecd-sounds/pick-a-card.wav& - done - wait - sleep 1 - for card in $usable_cards; do - if ! is_numeric "$card"; then - continue - fi - play_on_card "$card" /usr/share/livecd-sounds/beep.wav - if read -r -t 10; then - systemd-cat -t "livecdsound" printf "Selecting %s sound card as default\n" "$card" - set_default_card "$card" - break - fi -done -} - -if [[ $# -eq 0 ]]; then - echo "error: No argument passed." - exit 1 -fi -while [[ "${1}" != "" ]]; do - case ${1} in - -h|--help) - usage - exit - ;; - -u|--unmute) - systemd-cat -t "livecdsound" printf "Unmuting all cards" - unmute_all_cards - ;; - -p|--pick) - pick_a_card - ;; - *) - echo "error: Unsupported argument" - usage - exit 1 - ;; - esac - shift -done diff --git a/configs/encrypted/airootfs/usr/local/share/livecd-sound/asound.conf.in b/configs/encrypted/airootfs/usr/local/share/livecd-sound/asound.conf.in deleted file mode 100644 index 3f9c7aa0..00000000 --- a/configs/encrypted/airootfs/usr/local/share/livecd-sound/asound.conf.in +++ /dev/null @@ -1,3 +0,0 @@ -Defaults node -defaults.ctl.card %card%; -defaults.pcm.card %card%; diff --git a/configs/encrypted/bootstrap_packages.x86_64 b/configs/encrypted/bootstrap_packages.x86_64 deleted file mode 100644 index 64966d07..00000000 --- a/configs/encrypted/bootstrap_packages.x86_64 +++ /dev/null @@ -1,2 +0,0 @@ -arch-install-scripts -base diff --git a/configs/encrypted/efiboot/loader/entries/01-archiso-x86_64-linux.conf b/configs/encrypted/efiboot/loader/entries/01-archiso-x86_64-linux.conf deleted file mode 100644 index d59262f1..00000000 --- a/configs/encrypted/efiboot/loader/entries/01-archiso-x86_64-linux.conf +++ /dev/null @@ -1,6 +0,0 @@ -title Arch Linux install medium (x86_64, UEFI) -linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux -initrd /%INSTALL_DIR%/boot/intel-ucode.img -initrd /%INSTALL_DIR%/boot/amd-ucode.img -initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% diff --git a/configs/encrypted/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf b/configs/encrypted/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf deleted file mode 100644 index 06f5466e..00000000 --- a/configs/encrypted/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf +++ /dev/null @@ -1,6 +0,0 @@ -title Arch Linux install medium (x86_64, UEFI) with speech -linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux -initrd /%INSTALL_DIR%/boot/intel-ucode.img -initrd /%INSTALL_DIR%/boot/amd-ucode.img -initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% accessibility=on diff --git a/configs/encrypted/efiboot/loader/entries/03-archiso-x86_64-ram-linux.conf b/configs/encrypted/efiboot/loader/entries/03-archiso-x86_64-ram-linux.conf deleted file mode 100644 index 9c7a51ab..00000000 --- a/configs/encrypted/efiboot/loader/entries/03-archiso-x86_64-ram-linux.conf +++ /dev/null @@ -1,6 +0,0 @@ -title Arch Linux install medium (x86_64, UEFI, Copy to RAM) -linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux -initrd /%INSTALL_DIR%/boot/intel-ucode.img -initrd /%INSTALL_DIR%/boot/amd-ucode.img -initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% copytoram diff --git a/configs/encrypted/efiboot/loader/loader.conf b/configs/encrypted/efiboot/loader/loader.conf deleted file mode 100644 index ae634870..00000000 --- a/configs/encrypted/efiboot/loader/loader.conf +++ /dev/null @@ -1,2 +0,0 @@ -timeout 15 -default 01-archiso-x86_64-linux.conf diff --git a/configs/encrypted/grub/grub.cfg b/configs/encrypted/grub/grub.cfg deleted file mode 100644 index c36fb298..00000000 --- a/configs/encrypted/grub/grub.cfg +++ /dev/null @@ -1,43 +0,0 @@ -insmod part_gpt -insmod part_msdos -insmod fat - -insmod all_video - -insmod font - -if loadfont "${prefix}/fonts/unicode.pf2" ; then - insmod gfxterm - set gfxmode="1024x768x32;auto" - terminal_input console - terminal_output gfxterm -fi - -menuentry "Arch Linux install medium (x86_64, Intel, UEFI)" { - set gfxpayload=keep - search --no-floppy --set=root --label %ARCHISO_LABEL% - linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% add_efi_memmap - initrd /%INSTALL_DIR%/boot/intel-ucode.img /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -} - -menuentry "Arch Linux install medium (x86_64, AMD, UEFI)" { - set gfxpayload=keep - search --no-floppy --set=root --label %ARCHISO_LABEL% - linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% add_efi_memmap - initrd /%INSTALL_DIR%/boot/amd-ucode.img /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -} - -menuentry "Arch Linux install medium with speakup screen reader (x86_64, Intel, UEFI)" { - set gfxpayload=keep - search --no-floppy --set=root --label %ARCHISO_LABEL% - linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% add_efi_memmap accessibility=on - initrd /%INSTALL_DIR%/boot/intel-ucode.img /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -} - -menuentry "Arch Linux install medium with speakup screen reader (x86_64, AMD, UEFI)" { - set gfxpayload=keep - search --no-floppy --set=root --label %ARCHISO_LABEL% - linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% add_efi_memmap accessibility=on - initrd /%INSTALL_DIR%/boot/amd-ucode.img /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -} - diff --git a/configs/encrypted/packages.x86_64 b/configs/encrypted/packages.x86_64 deleted file mode 100644 index 3acf9959..00000000 --- a/configs/encrypted/packages.x86_64 +++ /dev/null @@ -1,120 +0,0 @@ -alsa-utils -amd-ucode -arch-install-scripts -archinstall -b43-fwcutter -base -bind-tools -brltty -broadcom-wl -btrfs-progs -clonezilla -cloud-init -crda -cryptsetup -darkhttpd -ddrescue -dhclient -dhcpcd -diffutils -dmraid -dnsmasq -dosfstools -e2fsprogs -edk2-shell -efibootmgr -espeakup -ethtool -exfatprogs -f2fs-tools -fatresize -fsarchiver -gnu-netcat -gpart -gpm -gptfdisk -grml-zsh-config -grub -hdparm -intel-ucode -ipw2100-fw -ipw2200-fw -irssi -iw -iwd -jfsutils -kitty-terminfo -less -lftp -libfido2 -libusb-compat -linux -linux-atm -linux-firmware -livecd-sounds -lsscsi -lvm2 -lynx -man-db -man-pages -mc -mdadm -memtest86+ -mkinitcpio -mkinitcpio-archiso-encryption -mkinitcpio-nfs-utils -modemmanager -mtools -nano -nbd -ndisc6 -nfs-utils -nilfs-utils -nmap -ntfs-3g -nvme-cli -openconnect -openssh -openvpn -partclone -parted -partimage -pcsclite -ppp -pptpclient -pv -qemu-guest-agent -refind -reflector -reiserfsprogs -rp-pppoe -rsync -rxvt-unicode-terminfo -screen -sdparm -sg3_utils -smartmontools -sof-firmware -squashfs-tools -sudo -syslinux -systemd-resolvconf -tcpdump -terminus-font -testdisk -tmux -tpm2-tss -udftools -usb_modeswitch -usbmuxd -usbutils -vim -virtualbox-guest-utils-nox -vpnc -wireless-regdb -wireless_tools -wpa_supplicant -wvdial -xfsprogs -xl2tpd -zsh diff --git a/configs/encrypted/pacman.conf b/configs/encrypted/pacman.conf deleted file mode 100644 index 814b0813..00000000 --- a/configs/encrypted/pacman.conf +++ /dev/null @@ -1,102 +0,0 @@ -# -# /etc/pacman.conf -# -# See the pacman.conf(5) manpage for option and repository directives - -# -# GENERAL OPTIONS -# -[options] -# The following paths are commented out with their default values listed. -# If you wish to use different paths, uncomment and update the paths. -#RootDir = / -#DBPath = /var/lib/pacman/ -#CacheDir = /var/cache/pacman/pkg/ -#LogFile = /var/log/pacman.log -#GPGDir = /etc/pacman.d/gnupg/ -#HookDir = /etc/pacman.d/hooks/ -HoldPkg = pacman glibc -#XferCommand = /usr/bin/curl -L -C - -f -o %o %u -#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u -#CleanMethod = KeepInstalled -Architecture = auto - -# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup -#IgnorePkg = -#IgnoreGroup = - -#NoUpgrade = -#NoExtract = - -# Misc options -#UseSyslog -#Color -#NoProgressBar -# We cannot check disk space from within a chroot environment -#CheckSpace -#VerbosePkgLists -ParallelDownloads = 5 - -# By default, pacman accepts packages signed by keys that its local keyring -# trusts (see pacman-key and its man page), as well as unsigned packages. -SigLevel = Required DatabaseOptional -LocalFileSigLevel = Optional -#RemoteFileSigLevel = Required - -# NOTE: You must run `pacman-key --init` before first using pacman; the local -# keyring can then be populated with the keys of all official Arch Linux -# packagers with `pacman-key --populate archlinux`. - -# -# REPOSITORIES -# - can be defined here or included from another file -# - pacman will search repositories in the order defined here -# - local/custom mirrors can be added here or in separate files -# - repositories listed first will take precedence when packages -# have identical names, regardless of version number -# - URLs will have $repo replaced by the name of the current repo -# - URLs will have $arch replaced by the name of the architecture -# -# Repository entries are of the format: -# [repo-name] -# Server = ServerName -# Include = IncludePath -# -# The header [repo-name] is crucial - it must be present and -# uncommented to enable the repo. -# - -# The testing repositories are disabled by default. To enable, uncomment the -# repo name header and Include lines. You can add preferred servers immediately -# after the header, and they will be used before the default mirrors. - -#[testing] -#Include = /etc/pacman.d/mirrorlist - -[encrypted.any] -SigLevel = Optional TrustAll -Server = file:///home/dev/archiso/configs/encrypted/repo/any - -[core] -Include = /etc/pacman.d/mirrorlist - -[extra] -Include = /etc/pacman.d/mirrorlist - -#[community-testing] -#Include = /etc/pacman.d/mirrorlist - -[community] -Include = /etc/pacman.d/mirrorlist - -# If you want to run 32 bit applications on your x86_64 system, -# enable the multilib repositories as required here. - -#[multilib-testing] -#Include = /etc/pacman.d/mirrorlist - -#[multilib] -#Include = /etc/pacman.d/mirrorlist - -# An example of a custom package repository. See the pacman manpage for -# tips on creating your own repositories. diff --git a/configs/encrypted/profiledef.sh b/configs/encrypted/profiledef.sh deleted file mode 100644 index d71c7c93..00000000 --- a/configs/encrypted/profiledef.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/usr/bin/env bash -# shellcheck disable=SC2034 - -iso_name="archlinux" -iso_label="ARCH_$(date +%Y%m)" -iso_publisher="Arch Linux " -iso_application="Arch Linux Live/Rescue CD" -iso_version="$(date +%Y.%m.%d)" -install_dir="arch" -buildmodes=('iso') -bootmodes=('bios.syslinux.mbr' 'bios.syslinux.eltorito' 'uefi-ia32.grub.esp' 'uefi-x64.systemd-boot.esp' 'uefi-x64.systemd-boot.eltorito') -arch="x86_64" -pacman_conf="pacman.conf" -airootfs_image_type="erofs+luks" -airootfs_image_tool_options=('-zlz4hc,12') -encryption_key="" -file_permissions=( - ["/etc/shadow"]="0:0:400" - ["/root"]="0:0:750" - ["/root/.automated_script.sh"]="0:0:755" - ["/usr/local/bin/choose-mirror"]="0:0:755" - ["/usr/local/bin/Installation_guide"]="0:0:755" - ["/usr/local/bin/livecd-sound"]="0:0:755" -) diff --git a/configs/encrypted/syslinux/archiso_head.cfg b/configs/encrypted/syslinux/archiso_head.cfg deleted file mode 100644 index 1154f782..00000000 --- a/configs/encrypted/syslinux/archiso_head.cfg +++ /dev/null @@ -1,28 +0,0 @@ -SERIAL 0 115200 -UI vesamenu.c32 -MENU TITLE Arch Linux -MENU BACKGROUND splash.png - -MENU WIDTH 78 -MENU MARGIN 4 -MENU ROWS 7 -MENU VSHIFT 10 -MENU TABMSGROW 14 -MENU CMDLINEROW 14 -MENU HELPMSGROW 16 -MENU HELPMSGENDROW 29 - -# Refer to http://syslinux.zytor.com/wiki/index.php/Doc/menu - -MENU COLOR border 30;44 #40ffffff #a0000000 std -MENU COLOR title 1;36;44 #9033ccff #a0000000 std -MENU COLOR sel 7;37;40 #e0ffffff #20ffffff all -MENU COLOR unsel 37;44 #50ffffff #a0000000 std -MENU COLOR help 37;40 #c0ffffff #a0000000 std -MENU COLOR timeout_msg 37;40 #80ffffff #00000000 std -MENU COLOR timeout 1;37;40 #c0ffffff #00000000 std -MENU COLOR msg07 37;40 #90ffffff #a0000000 std -MENU COLOR tabmsg 31;40 #30ffffff #00000000 std - -MENU CLEAR -MENU IMMEDIATE diff --git a/configs/encrypted/syslinux/archiso_pxe-linux.cfg b/configs/encrypted/syslinux/archiso_pxe-linux.cfg deleted file mode 100644 index e8c9a7b7..00000000 --- a/configs/encrypted/syslinux/archiso_pxe-linux.cfg +++ /dev/null @@ -1,32 +0,0 @@ -LABEL arch64_nbd -TEXT HELP -Boot the Arch Linux install medium using NBD. -It allows you to install Arch Linux or perform system maintenance. -ENDTEXT -MENU LABEL Arch Linux install medium (x86_64, NBD) -LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux -INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% archiso_nbd_srv=${pxeserver} checksum verify -SYSAPPEND 3 - -LABEL arch64_nfs -TEXT HELP -Boot the Arch Linux live medium using NFS. -It allows you to install Arch Linux or perform system maintenance. -ENDTEXT -MENU LABEL Arch Linux install medium (x86_64, NFS) -LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux -INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archiso_nfs_srv=${pxeserver}:/run/archiso/bootmnt checksum verify -SYSAPPEND 3 - -LABEL arch64_http -TEXT HELP -Boot the Arch Linux live medium using HTTP. -It allows you to install Arch Linux or perform system maintenance. -ENDTEXT -MENU LABEL Arch Linux install medium (x86_64, HTTP) -LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux -INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archiso_http_srv=http://${pxeserver}/ checksum verify -SYSAPPEND 3 diff --git a/configs/encrypted/syslinux/archiso_pxe.cfg b/configs/encrypted/syslinux/archiso_pxe.cfg deleted file mode 100644 index b4c9a804..00000000 --- a/configs/encrypted/syslinux/archiso_pxe.cfg +++ /dev/null @@ -1,5 +0,0 @@ -INCLUDE archiso_head.cfg - -INCLUDE archiso_pxe-linux.cfg - -INCLUDE archiso_tail.cfg diff --git a/configs/encrypted/syslinux/archiso_sys-linux.cfg b/configs/encrypted/syslinux/archiso_sys-linux.cfg deleted file mode 100644 index 0d85fccf..00000000 --- a/configs/encrypted/syslinux/archiso_sys-linux.cfg +++ /dev/null @@ -1,31 +0,0 @@ -LABEL arch64 -TEXT HELP -Boot the Arch Linux install medium on BIOS. -It allows you to install Arch Linux or perform system maintenance. -ENDTEXT -MENU LABEL Arch Linux install medium (x86_64, BIOS) -LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux -INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% - -# Accessibility boot option -LABEL arch64speech -TEXT HELP -Boot the Arch Linux install medium on BIOS with speakup screen reader. -It allows you to install Arch Linux or perform system maintenance with speech feedback. -ENDTEXT -MENU LABEL Arch Linux install medium (x86_64, BIOS) with ^speech -LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux -INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% accessibility=on - -# Copy to RAM boot option -LABEL arch64ram -TEXT HELP -Boot the Arch Linux install medium on BIOS with Copy-to-RAM option -It allows you to install Arch Linux or perform system maintenance. -ENDTEXT -MENU LABEL Arch Linux install medium (x86_64, BIOS, Copy to RAM) -LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux -INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% copytoram diff --git a/configs/encrypted/syslinux/archiso_sys.cfg b/configs/encrypted/syslinux/archiso_sys.cfg deleted file mode 100644 index d93bcfe6..00000000 --- a/configs/encrypted/syslinux/archiso_sys.cfg +++ /dev/null @@ -1,8 +0,0 @@ -INCLUDE archiso_head.cfg - -DEFAULT arch64 -TIMEOUT 150 - -INCLUDE archiso_sys-linux.cfg - -INCLUDE archiso_tail.cfg diff --git a/configs/encrypted/syslinux/archiso_tail.cfg b/configs/encrypted/syslinux/archiso_tail.cfg deleted file mode 100644 index e5339a2c..00000000 --- a/configs/encrypted/syslinux/archiso_tail.cfg +++ /dev/null @@ -1,35 +0,0 @@ -LABEL existing -TEXT HELP -Boot an existing operating system. -Press TAB to edit the disk and partition number to boot. -ENDTEXT -MENU LABEL Boot existing OS -COM32 chain.c32 -APPEND hd0 0 - -# http://www.memtest.org/ -LABEL memtest -MENU LABEL Run Memtest86+ (RAM test) -LINUX /%INSTALL_DIR%/boot/memtest - -# http://hdt-project.org/ -LABEL hdt -MENU LABEL Hardware Information (HDT) -COM32 hdt.c32 -APPEND modules_alias=hdt/modalias.gz pciids=hdt/pciids.gz - -LABEL reboot -TEXT HELP -Reboot computer. -The computer's firmware must support APM. -ENDTEXT -MENU LABEL Reboot -COM32 reboot.c32 - -LABEL poweroff -TEXT HELP -Power off computer. -The computer's firmware must support APM. -ENDTEXT -MENU LABEL Power Off -COM32 poweroff.c32 diff --git a/configs/encrypted/syslinux/splash.png b/configs/encrypted/syslinux/splash.png deleted file mode 100644 index 64b959a61efb767a58d484601f122f6d4ead5a8a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 45400 zcmXt9by!n>xZg&N9!P^oOLup-ba$t8D&5^(QqmzIjW9q!8brE7N)V)*dw%ym_m6FG zo@Zlx-}uD)o)|S1IZQMXG!O`csUR<{0RlmSK_KuZ6dAa}Gqbu2ynsD4xP1d9*^q5vsKOKABnAAj@7CY#F+XW#kOA(UG|ARdw` zixUD;ppeEw9%#yLc`}=Kgs&HJ@FqSU$K5pXuD3M0oYj9h8D2ytjn`*aps-4zNr#OJ zOwzwQLM^D7>%Py1!r^+7Q)2)x`KIeN_2_<}u*V-8S<+0Q)mg;vG_*Qda z!a%lsgJVU6X?5y~OG-p8WjH-1aa{M=ChxLCuW0;Hg?EV2@Pm!tI-$XK{vWZNAHzqR zQ_SKE%uUQ`;=_v8c@pG#PIX)e?adk`HsTdF`0hHy$I3ydiiSDM;LeQf6~L?kxOGA}(>E0tBnH4~>dq zyO7Gff)jQoR}ShlyGWN`#~2Mu`(4CCX$IhtJ&(;;W;63{OJ0f0xKpaa&5~?1(qzK9 z-a8hdjVHUI^K*fHt{gemebg4k3OyWg0)6p6VFUh?j?I75<2E^ho_Gl!+AE)53vqIp zZcd}|(~(-w7~yIBU@p=I$>AL6pTgbgF6gy}%$P&cB^U7wG28Lb((I7x6jGkXo@|11 z%YMobum=@2L$TuEaK-+1DA@#)QrwZLV*w#EqPu1799x>TI+M0wA>FFwl@vo$@Ewv; z#~G5g@;vNW=E`O3%25<-S^OSUyLmqte{4DmYEaXI`)9Zi5KLn*ZZ{%^51(%f>D-UK z4@gJVH`aPd#K_lA`Q3a@M&w8ef1fT>r*lVzZs&And40j8vszp}TVC>Juw;{O#fG=A zs7~!ji~E`VjY)%KNe)?f<0ORO=tFPgSIw4O7p7)}q>|+&qbG|pq%YG`$2ndDPGvlk zXuf^S<{P*oaue-oJk2V-c2|arr`cXx6K~P=5JT>qG${-JeO>l3rdKH*?x!mva`(8E zo`|Q}Ae4arvFuPA5RkV+)p=)fL|+ zd%r3Toy`J)pv3}DWmHP$@Yhx(knqi3_Ku^WI`mIxY7aClM%gxMs~rLi?QmM5sIKRMQQCjPeMl(}a6 zwqJ=);vhnxCa_PK+l0~m84^C0OoUR{4)T1|`i;uCdpW=W`POgnh!%nLby?D>^%_6d zTt)rKkZ2=E+qgGALR1+Ql-L4u%lViUM!)}RiLZ3s4V=l_* ztIFB0!SC~?TWZ~=vi!@fGuNww=&__1b>8B}8)vZ2e7uniVoytG>}Tb%1f|d)o3?)d zf9|wDqD9LAQ^xd(-Y6D*CE4uuC76b6avR>%(!Y=095Xr@8N3CmbKYS$Q#)ws~({4sa!HZWCU8TDJ^ zUq;$IarTuDgy*YGC1ebUEe%VkA&n%oBefTn?fZ7DLK|qdnX=T}0{dq5oZ;nlYG1y~ zJwX*QI8n&Z>*v>-zC*Zmf=%kNMe_c2aWXZhDhOyDWDXCei@@!8HiC4r<75`t?hbu& z|3s{zIh)I-^(S1w8R=*wRuFrjntE`Cix4-=4@=s=8G9S?>}d)i~7noTSuyac#+&QYf9L0brb127&5LIc( zJif%QH;9WR;)htv3?Mhhdx>U;Z3Wgg=;5L5SnyoA6br?*_Uj)|J!JKE$a5vo4>x(( zRei*z+G%MH_;=GX8{7j$*a;4BVA^EVenXdO1FmbO$hQ7BR#v3Q_ogP8xaMt5%|3bx zl-{$&HRY+@Ku0sw?DWJw#rSTpN3*SlI( z!K-o`6VC~93F#5Tgh!4OjWf4*6l(dRuOLVmRM+8eC_y{HY$cB?yk3;=(^%Ez!g6h> z2uma5StvLO5bYYLE@m?=4%+%NKL7>%FlAMfWG5OCPMj~5GL)gDI3K z!WqS3h~e}_stBQYAQU-qn`B}HeCfq<79CD2P5|h<5$%fkBU^FN`7_0fa)v1gE%h;; zZ0cL_?^CjY2;_X6^*>c%J|T!i+sv18$VcxmPwc-()iQt9T28{ngyQ~oDe>(5&fl+? z&cA45idWgDl4#x9S6l0YgP54mp=ozD!RyFJAlZ+;5@zjyN+bUYb6Dcl; zV67j+xW{IZ@|_V#Lk9t^()I;*Q;HygK!isRGbam-k)lAf&^As-+GXDFssX-Y!RrS7 z@L@fqkO&Jq4xQg0C@Ui-%qR-i>Fc?3ZegV(*)aYiz4@j=2Z@di5Zmwr^xSvl)s`q!ZlT1g}%e_AEnXoV?rjzWj8ssE(+GUZRn@ehxtPjt_zRe_a?oHZ7)Ms*0=o zdv9G!hRrcMRA5uxq*Ea~dm>#`P5jx7fF26vV-J=s3_`89H&a6hCnE#LNbHS@7+#P? zV{&O<%FA8N;LUy8Ly5An0LM{GfAr#JdeGH+>2KQbqP)(Uv(m0lJXK>-De`X)&i82e zpeyCtDIt*L^%zfoAVtLMVVLW1q9Gs5U_&1?lUM%CbXf91Nn! zU`O)IEU>>9Q;HrO7W}IEQ3P@dTBX_iSPLO-Hg4Ot`R*|E#^yk`rZI>C0dC|IOpGC! zis}P0qs=HvBdnbKL=5F22}u5K25YQ0i|*4c8s~@L=qKTA=l39f?Nn#rKq^fJlHo)z zr^5{FQHHjcAI5<^lx~SLF)@+N<4BONQb8-8bdKo(n*>c#F0GkqDPKJ4!R%~o`(!qP z?nuK*W(=L-<|$7~pQI-Rpp*>wnWG*Z$DiNNzjb?#wcBsj3Dr_j>xWl?CT{6NB-icB z-xz(H!W@Haf%rfJ&rrDzO+;F<)=@$Jau&&=W|l;xajQJJRMYzPMgx<9-+Z}EE|azUuG7c(^?lF3r$xMZ|Ej}9;FLc z8Y(uwiF3s;LPP;8z)xkULlK$|KpC_!)?p*QKak|H1Z!5fCS^sV!m0pa$7^KxQ+m-GZ!P5@cUj?crjrxqbQCux7?A|my%%g~ndBCX|49e$8Xi#;OIY{%dFacT&K;v~o>GeO9&~IO_ zxD4|w7=@jmyZZ`%B7&oUnwX_Btrt(Ozrsy>f+_aNQYR8Zmi3R2%HMZq3-9hJ)#$4Z zK=Si^n5^U&LVshzq!22FJM=TKVsfOom_a#{y_L@sSZX{7t_)2<)KdestX+1zh^i8u z5$2rPb}0587!WXjngoOT)H(6wBc}6$JaFn8V*XuX}mj2z5G<9w5vM^zVREjZ9B1;$|IF!N)5pF#z|2><}95;MA z*jsAl4l_?~_;Sw9@R9gOq6Ul(3|b~!jrmkQct4r6Z}wORU$nX~WJTot0{d;yv!{{r zL@GMt&pYJqY))bmreg9rl)w7)xs)SN!Gc|WyKmFX5*7mDL_n5Q#$-ZC|D_rdFd9lv ztzIO~w(+K1JO6X83_sTp3N2@O~La9^js{-xFTZ$a{OdE z@FcWb_qtEK&+)t8l*_AU4LQuGOy{tTKq&*+4G%KEUi)jJM0~fpU?zGPlz z2qgb=Y+5}v<9{m2{OWDH4b}T*R&8Ptv}!^3`94#~4QnIiHncM2_2;9ce#fQWbKrXSUeE>ez4u$>6rYb;NmjNm zxN=A_y7&m{x*UNq5;no&P{b~TPe{6sbzkGB*_lYypv-3Vgtv|TLom9K_ zqg`TBOC16BA-$3fKbT2^b_o^@%()zYH@H}aJSm}p>KtIHbrBhULw)n^#NwbyYweai z{_d4cz1|o&g#r{g!;gycOpfRg2U$X!x~qH=p};pL7j^%QfxdF}MZFXptlapt1wk0R2l5g)yij^tUf z5V0U(?2y6FZXr9E@*pz`Dk%txIp_O&jrOZE*KyANQUGLip#+-cDDhQr)v&Pnd|e&p zFO>wm8+7xd=eD&CLHQTEpy_yI$~$*-%RFIIuvZgeh^$mMaf(r`Vb+0*gBh~d-ZUJI zj*|ihDj~iNRZz?p2!Z@v8j~1O)i%X#y2eSQ=>@<*g)#>{ELqZm9G6ZKj>J)Rje~$V z9@#MIEtc1JTbezNfHARH5Adxe=?QM|#B$@$s32riBymJicn8)leGJdFJTf$tLX@WB7o!GyGDo`p zqP8U5?Cd+y+Bk7@!=1Uf@DX6IXi4a31DZ~%^c_?;Bv=3C8pE+y{Z}IfS9eq35zIT4szvyQ5yt8?!?MZ2( zqHk;Zll4AB*Xo5+4B3Ja+m;KaU9OCf?)ym5F4W((AQ)ayTZm{N$#RJZraL7vWn!u$&-@GZsd~)W9iYW=9S; z2AG?=PHWP3OqI>2vBjG5=vT~(0Pa#nlu(>)qCjCqyF+YJ?4jZlqgkXU&lu{P9b1Gk zy#*K;xLCKekqzVKg!G86=`2QJ@au)XZ~NN49Ksc5&XtdmOmYbHw6wI@?B)yn0(wRmE_^;UQSyDp*iiT`j4k6c@Pm=gQ)A{o7)P$6Ma_i^1rGte=fdF~8df z*EKfcczJpKcald(N9=)*zQ5+?id$O=fQtuz{tSq{T!@wS_P$BicztYdzc-$fE#k*Z zr;;BH5C<)7?L#rFDC)f>1QaZ@i@gcAEBW~f@+1_16ZMCqzG4T?R!c{x|HOOX(6isB z`EV*?z&w1w90LOb{^x4@zrgriGbg?lBGBDaKbQbGGn$A*B*r?NJvTxHU zq(`B3(BU8PYKKiD@HeX};0#oS{~-#KtB!l=XIh>s=wepQl>!-&Wf~~J+WY9f`teVl zUT>htrw@C?;gZGaM>SOrh6V<%r{8XlimIEMIO``3j!sVIB+{?*JQBxPyD<3HeW`86 zvqL&NJJavaGIUKOC}6=9P&c@;5)TiLUXQ=P-b7v$KrFR%bxW(O(LyOc3uA4$5{Zb2 z2zqpWxUe~1Y^1Ii<6_u-&ud6l$_Ry&s}?3Iq|urG{H#z}QxgUx|Aft~)YwQJv8;poWZ;NY<7-DRmYFGZ`Lxpi?jy|NNF5QV+-bh9x${3Zyaa4L&> zOF;wqW4>DO1(EGE$FXhdYN`yj!euuzKa80)$xH@;idH-MgxqxoSw&{h>>b(w!Eu<= zCRP4A?;^6GL=Jbgj8ctU(~YbTqW~8u{j;DffyE2j2LyGim-B(=LlFBcbI}}zB)hz8 z7IQB#9>{joLK%rvc)=g*ngJch_eNjd2?ZbQ@6P8xB?i8^!j`DbgDOJ#b&cB&#!Yb< z1fUos`hD3qP;rUPIQH~WG$$IG%5kQ?Hk5Tk9xEkj(k(eN61B+=7nd!sw!hfy9I*dZ06X%C3 zXnz1(Oxnf8CB6?8G@i|Y;IrmMs8er5T*{eA!+@;j;H7Nc%`HVx$7aMzSpF_A(tfsl zYlzh4d(D@gSfEG{2-!^H&1K~{*&rdHz~_rX%cuJ*dN#IUv8P$Ftz5_Y7@?IBqBzUY zG_c|chBY9+=4d9`VZ*LaWKI$-~EnrQCH(FTWEk zLQGsGaU*|?A(Cc7?UZOU%e z0ukhK$EK`FG0{sPpBzM(K+7$XSz$BowbC-X5gO7GPXkxI5fXSka&s( z3&o`6hQ7@1{rm5>Vh{SYhHY3ucVngv<^#x=H#htFGSJNV;x=>eM^Zwn<0=`2g_zHI zoS1k(xCZY&v`KikU%`?-T|B4_=Je?>qfy)+?HBtUWt=T2D`8z)jB*PS;p0@lm#%EW zS>w_v-TqFXMRq52+%svO)7-Z?#MguLElrmK_}undESNM*0CKY=viVHj!m_0AiwZ)H zRlAZ7XUc<-FT`)&68xCtj9+;)Y)9$bUhc=JelT0}yfks=5|-PL8~MkA$~R@-Tp}yQ z;Whrbnhv_&OyN$0g_x_&0(e@r+B$USubP+iYKX&w)!GS-(L-?A^^wa$&n3{Qi1tCY zMc#y~x~oVJUv+N9{BgDr@~X*-Kz^fP4h`_4z4b1($|MqX;vH+*?)G}@FbQgwwDexWx}CXQe$tM`!>0JopH=&3YYC}OwZ*7r-HU8g;yK%Cj~ zRcw_Fe-7Q{CHrJhK9-xtgrGL7 zKm0>K%inlo>7VKErvB-CuEng#-u(ErKFRs9DIKBM9=*hV?34r}SN@j_YK7m0^K=`# z)(85J_UyU>pPK}u*PI&sR#G`Lso$mKjvSa=So2T$$2VaIy&2fcCH{=J)Y~}t3=Sic z*q0J3sIiUg{_?lywMTuh$F`BkCpI4GeHav62I2OK`4%WR>gF(euK~ zn_J#Tos8k!Fxz^$XLiAWa@qZvFsYFgy^87BW_w5uLV$Th0v>#`-Z9+o+B)*-!?oz> zOt+?iL3NF+M-KNi%@`*M3CUT`l)tQPVWc2amSRt^#p3zgmq7exn~9(LUp>K>FOO3% z2SHgG8UIBf1nZf5h)o;+)b2qMV9h!JnDyQCzB~~*{wZEmt4kDn{+HC~cjGMle7o}> z`fhm&a;+28^^i<29IgKR8G0J@^3c8&Nh-_8Du=8n-GvrT#W2NCLe8PC^;NjuACjnM z|61kCEu=e5>ufmZymqfNeY$wAmt$(iPCuV|yQ*(VNi3;nZxGoxOLD`}$;ut$U{re- zTLtNNeyI)$h$d##bgbegHE+7*93AM8!3xQ1+6Nt%T**!Om(?18J2U{uVSHeiE-^ENz zNW`2c{@#r5`u|-3isjAR4m|wAX9C4jUyQHi#KkOZ#i!UwQhx<%KoW|c$iWozFf&)g zv7+O%p8xnDE07J@=eed0G$m@?3`U1w7Iz z7CkQmw1FN9lmLzp-+H4Z3f3D@3~@J?i$%*M^Q9*1P6;K}?4MT0RXR}sNAdq-xIyyM zI;m0YzxGzr-26)HHg4%l(&^SfSHyF08NEbCI7f_#-+> z!UU3k^_C%OZ*zbA#CBXilw(~e)zBmmNgEILSB^Y5jeO{*OfOuHjkP>2JwNE87iz($ zB}@{BUJh}347I1_hs0s!n|ksg4^1WZPj2xhab!Am@ZD0!OGJlT@ScuT7q^5*`n!=n zyPj}gvi2x-d>8OVUjEs8W)uEr{{YVas~cpz5P+az&jL-&QjboFk3BZ^9%4xglpd63 zi)RRf(e5G}dFYl{8PuFl6%#O()S*J!J4q|N-x@XR!UZf*Azge_4Oi9}-M6p!vo;|6 zt4tsg9xO`#>AyynAPh)c@^>pl%4vP^3OfWOHG`GtXQld3mkZO`bM$QV1-4}&fT_%a zH#cuuA{L+}sUb*CA*#b?=Ijj}d%2DcE*qjEh0-`2KkW@W&3-OMv3c0J8|*_}b;qelOwvtH!G8m9p4DuhG_-F>rfz5FhQ zkh>LYG&gr6yepLxVLW!XOvp-$Yu!wA)!Co^^K6(n*$K_ zsKCy9w)drm!kSip<~GWr)`#`~fJPfD6MbIty zdUK0W(yW7FYBQ0k^DVBddI_6<-$j!xVUd#sms%qs`b4-VPH)l;5xvTmW6Jgw*;XIr zg_%R;F`V;2d7yN*F7lqWJdml+s4ch|e3|-<%X$@Icnde(5APXNDq#%&>sr(dYV>!KurM&6JqsyY*9e8)22E0 zKi>Yak-;3U1i41a+p~1fevv*IW(#)ByZRiu zZ@%VWN*c`)^oax%ca9Kf{gd=$E*Ee?PU31$=ot{;CxSu|8B47CNY0e%B@cdh|0r-O z;zg-k!xtG4fv)0|JkhClXTgKRtAF1B0KZ624;J2W*fMA!3BfjDr$y)gaK6ibt@>b? zO7pd)W$SpU8G!WRyNmsqwY7xxbrZxe3HG7O2G`%ef7{vF!N1ziHh3QXBr^4@ny)G@ z2ETjvZn4e9)Wq8+-vdzR-IqU=pvYl>oE!+aS*r*u_pb_gRR*B-4nW3;9|K>K&Ga*^ z)3dTldwNW4FEpH@c%1>QG!TJK2!kR5rDEQ;vh~kb&CoCo^%dP`k^Qgd#;kxDMgqAFuS`Hj}z z&fNB~xtVVn9~5+xg)vWT7I-p@CI&#|T>K;@_^9L-=`6(P_E+L+MJ!@*Bc(|ligLM+Ot6Y(zbYM}#$I_SQuv6O*!&=;fKIs73%G^_?t?R| zmpWQV!>fev>5aX^KGH;nsF5H%Vi<}@d15;^WNKoozABM}m{%j{F+yD@jF1UpKt?~O zo`_MRYs`{~Bq)f#N){m6dH@54IxEo_5< zjV(z)Y<^=S39w8y;UNh8A1~=yjoO3%{&n{B@*38K^sF zSQ-E6{D6n+K_XTwrmM?KGvL7aJr7_ig`x>+^x+{PU@`%BM3C!A%R)(GBL~xXA%XsP z=e7!wNWePqJ*uj3-Rh4Z>irm_bsI_nKS`ARt}vh2XX&}skMw@A0ql44cW^L{aO>(L z4q5~ZE6QuW4Zs~tOw9Jj^RY(nlVyHnfs9|v%dtOyYOF0-Xl(ts_yMYRGH=E8RMkhd ziMv;<Zzc`%899q|Q=V$qnTmrx`Ohu{y6>h<5A1c55>0$ybe4ZR{fIh&h`C~Y&g z1~>ckv#q3XrHZ%!U2X7Mtn|+)n`{d$S@P&xc-Q3{cITa!I=z!>3fIbeyMUd-CXAlU zIb;isLjk`Pa^LIjYLBtQh9Dadsj!^Rn#^_5zO{dpHE1}LagoQ8V^x!o$gZ7;rH)n3 za_Tp2^sYG(X?3UNX7wMUK4%28*$`Sj*3YQkbN=X z_)FJR+3!TLmCXjg1$qqr8DeTmL zUkGSp#s;;TQc_a$3m2twN!!1(Oo!y&1cWChVi`v`C<9hv`(b(BPn#Fqs~}xn!t2wG zB;zjct??YLgTq6>3z`OdynBafGnpR)6q5y@X*m+hS{}d3GXfrvs>l@{7P&ByC4RnQ zfrfeB!^6YB-Sd0-CeZ?URzc5XrW3mY(`>LGuhOj`2D$Y{vO{h;`G`tFOwyemxT2XuYW4-2QIjVSchA9OamO1!M)5t2Ik>7q z1)z+qT{0Yx$))2m<9EG%-Xw@&i(;J6GGYm8@LNg$?0V@)ib%+6X?aE!WrapF0E-uDQ+ZMgfx#q{)aGG}ykef{KZ{;%_Y zcmB742NK=;_?wN0h$tG|AzSDd&rz%2EbEh$=8Rz_9`mQm=hUS8dfD;zpfm{pK-^Fs zNhsiKMzR>TZu;~-yru(eEK=uoaE(r#q_%bjxsPtm#;mGX0-&tGWaH2lpZ;{s)_nF+G%;M{SnFSpGL%8-u_n83UG-HcD+d?7MJ*oOYEtB9b5i zQA_3*(OUwC8%GRW;(2yzd~fMAv`{?hiBG!I-b;ia#v@xyso$?C1jfwYv}X&KhLeWQ z6uu)_OchLrV+cu-7os%HA@G&yM03S zeS)Zd=M&Omrz+E5>+JleLts*&Jouc$vbz!uHlu6~{=1Y_Vzr%5#K$cAT?R-<@`}N# z=p6>3?}dLznbjk~VQy6O!F&vqM9?wU6-0i9&HB11+dc=3$ETziY$hAnL0N7*R#rVH&nM4-O@e{+p3|vvsyL@LvN3B$39meEhL4 zohWOaF;JtoZNS*$c>S9Y@~T}VN|?kMzOGSm1JvQ5Gd)w_>gm;6mCc3TXP$Kc;P^qA z#q7H9eh`O^C=`26q93l0#epM4uHffuCz#dQV~V=8~yVd|5J?{>^v&v{i% zmbV_GPRw!_cMJ3Lk)}^ay0_~$Jt$dY8Jtk={q4L*k*SV=N`c$RN#_)dP^gnl`_ySv z%>^Q)Www;BDmc2r030lwfRu#wDv|Zi6RDT4$S-}FiTyX`xQwkYs0F`wC^J;mBZs2# z7Z(?!hlXTV{Vyi|Gf@AXzC54ud+aG2e6S*6he^8rT@~=Z$lLh-Z)dnvxry@E@+P+z zumj7-msI&h?D0(M@pf2D*2l+3Igh)Idqk^M7N2FGY&h}t0CwOR!he{CEqn$t3B0ow zz8L3{3hhlfHbSL5I6CV8uXZLURYbH*1^<0anD1I?bsA`OT5%o3*WG;$O0-g^ly`4c zZc!{V7jwAjMeetfd7TfrC1nuO@V4oKfG{2Q>Cs0t_pbQy`(lzcUDL>xu`bdLPz-}m z7+ar!^=@(qB8LOsHhqZCp$O5<^%Mo-g9UR*4&(E{TpD}B89~c{RY3q=x2<~Tg$#as z%|4U`*(~;WW6|tI!vfUY2icpWkVcXzL$8+{`K5$+#YQQ3J6qyTB+^Qx&xaL8iBcj< z946I`gNu&bf=Q(d{%j(PM|kuBhuW_)t8ft*QNrJtLzj`-QRVC>eA7+bY47<&vgV7g z-y5QD07=_^HE+maITW8Q6Tt45q1cn}5nU3U=iG^kkB|S6Y)LCboT@Z>#@{MM9udHe zbgX9$4pw`6`x)(-s&?_2pHXiDqXEmBY|B;8$ESp&t}4(^cKQd=K=YJnoKzInVI;%h z(DOUmZ@1fVA75yMu#y$mS_FN(y>s8UO=u2L$P(jDS>R~pFQeJIJTzcv(523+_L5 zOJam2JGQX{GX~$?6uAaKW52$%M<%5eBKFERT`aJ#>jZ#==J!v8l`X! zwv2Z9VMV=lpQix43%Y0PkVv@h!?cY8-PG%D3O5VcTzpc!o~qp%jy*0ESQG;l=`?7K z=;+vztH+q{#KMC=Z8J7IvScreA+FF58lX{BVb`u0x9;mqvaa#VZ zVH8n>hH?&wOK%Y2&`lR1UtGOH< zkt#)Ac7Hd|rH5EIs@VHBT|+sWowAOTMxp<|)(CJ`TBM*-eVVTxVN#LOq~_~uYipfx zg)`D7BRlIK7X>REa)iiAt#7>g_HGz;iN++xel$Exz8`z^H+`!td)F$~Hy=QUHZ<3B z>hcZqIi~LZqHjovo&EHF@wGrvyZ_xTK7M=Ju0x>S!at9cCoY!&*&~YFy;m)JBwk@0 z)2W^bhmp^yyd=pBXb3D5>`H(}7NTTJhKzNGLM@JB7|}Q!v$H<5>0kp* z=q*v8G+K1JIQwHXhZr7J+33YlfWwb0hvO37UFekG6f#);YOgt@wa{Tg zMxzi)qcAW(QX5B5QDV@$OTmke%wBe_PC4Y2u8?)oZ(*)gu`qdoqTaeA<3(0-u6V6A z;CE;{)Ah)eT%EhkJNK!8t#92+Ltv$9GR5EU)+V=VOirG^*&L-NxYP3-KY{Pu?GxQ> z;9{gvZ~?iNX<(j(`53>rWx)MEM1l^Inu=q*mUv_t$jqWhM$Aq$&#z=+3O6i;y=0=O z?*dj~rD8kDP&~kXMJl0Ce`?b}kwU~F?+PJ=hL~;xOESXV;1={Rk{j22eO*&F<1EUI zr^2_JVcEhTn*JJ2#;f>p@tj5`vXB}kUUvcVr>v~Z9xQ$mZ^9@`*YQ}+$uh3N!j*OG zLKiEqfA)%GfPXJeg!tU})6yyXs|C5)Q`wwTfiqsJo!qU$9?p;CFtXxuC0wXK-0Kpd z9ovb_Yk1d?#V8t>?&u3Kk(DW3*7Dj!UN4-fuHz#(RQ zC?9pmabw2{Czb*hV-ztYu6(kq{t9R{49C}lZ#N?_)my%f-lB%XDK!=u%m^9CAR+Ip zk&#GRxNSC*iKj_Zx0+C0brYoqn@FcG?t|W5Gi4){CebQonw>1SxS@L$m%H-UhQYPO zWPyRZA#24?F+eI3w|$(5QrGPab>L5S%(%-~r4OZ%&a*Lvdxa6MP2dsZGVGU&Sp9P0 z^2!IYI!a#q71a)1Rp`dF%7Fi?d)EHuCnT@B=ppRMiSp0DKpE34r{GB`{re2}P%XNA ziL|kG<+n#0>$YLM-k@Akd}G8j{?CL6$So6vm5{Fu<6dw+SSAN7b1RGAYSPPFMH?zT zb%Xh~1}~gw=PD`8jH18f$hIU{GAp5<7Pnm*O^CKgOPymZzf_F5xSz7b=2`Lb{+9*x!l{ZH%-2{bii(PAIy#w`1uS#lUw=Y!8~lU#t!S$h12ax>IP z>+WFKp+7L)B@lT{_oZh0NX85E)d0vnv56%p_~6gHanJ78Z~too0bF$hXQGMTDi4Xw z=dR9m;TM9Mg+uCR+~Dtjf{QubAQI9#@K0?0K-6XkQ*qKQp9US5U?pC_O=r(h>DF!* z3Vu;lFKKX`Ol#k{x5uFnsFE~Vg*=4^Tq@+eno*0ThvfAaGKG%>?3&D*-(y~J051Pm zA0d+Dm7V~h|3)z1{BBAB>Kypr9>;&q4dD8)u(15MGeW>(fS5OtnbA>w2OTdzd)Efg z_U!3ss#g@QG&>VSq}R%(^~8Pg>0xB(?oP_h4TtO;OPR%uRR1!la)fM;5BL+$>!$kr z4g)rMP;afI*@b&kqIr;}DzlBD$!_2I)nbYJ|609N=Wcg$0QH!$EB`xBAkj|MgmEoL^Fc zSR~o36cH<=L`<6f+h~LvP|s7tK~cZFDJI!A+=T4LA# zXk;(Y>i+$=M+!!lgm#;-sQ`$ME%pclx&F@3-R^n#JMegSAt%!7-m=9JxR}c!S1o$O zxyAc7ZKHu;esWxB-Dp2ge#BA7#%%FH(sLyjwJ?~tcTxaeMoGJGcfLRs#6Nk0g6T`S za%9nZ!##~MJmNIktQCzqn}wbUxPWf6mtnvfVZ!35!Jf_GcSTR|3U_q-tIi7^b_Q=w4Sc1&BN?bB*wgBRT%#5 zb>O9&Q2xb2Wvx`VDO~wvmrnH)h6Id4;b$^v8cHX6yNMutIW6V8lfZ{78_nJ%X7DMG z*QuX6NjP=-#iVE7nDIk|WbxPjB5f@#nv*G`YRP!Z6x9sJa^{D2q{)@vmVH}V?0#&) zKQuDk6Ae7E$9s_7^$QryN{0l-wIksew26G?oK0KTz}R{Vh_g_Ky)3(ehjvc>1F{w& zy`K};Pz!K3%|~jExa=A1q6FMUq~8~(Sn`V-#NT@oK`J*9)1(^SAG{UKu08e*4Bw|0 zG5we(PBzQ)!Iyu+NYELpG@A)@Jl=5qU~l=KpAWbz8xnGIQT52=if8skF&b!q*YUQ{ zA6LlxINE%!mcqAxtKo0FU`F7Vy1Izr9S&_$=EGB#xFS`bmlWG4JK4n)8f42mL=Mz& z`JquBlLdE7ZkF%xe6J$}=6V-@j|ED0>kceZ0bq{7x>u32*z2F5M29MvJBIe#v%kj7 ze6`8TRc9__j8i_efF)|%d5}&`nrQfgDPorpWO0@lF4G&HJWh!_C|7vhO)JW+ojrna zfU0N)G8%JHUsWbzx#8q?29|??oiz@S%fXiU?bOSo>gDydB;FvUc5K*~ZM+1Y3^3f@ z!4A3&BPVgJolA9xx_>yQ;K;3TjqL7_?(lJh%v*qia5f% zeAJ6uS?VgaWfUb>JffV#8W&*_Q@WvzI{I6IgeQs>J2F)IZi@gC7$!kM3kQ~Y07{+T zK_+>TUwhd#)1tt5n5HV)*AwtyA^uMAw`2T9y>Ztif3uA(nCH3*SPL-u!dJ)3X4)hC zM`-80(=K=U+U4JO?ZUCxA}=68!((|$y;3Zc>UbYN!VT1pZWW{;+HzfFhO)6H>;8VEyfEahQA|GuHO?en$nQtYQ*Dgb zz_LHuUzXh02_yxD$6^Pf<6hSwG33pwT|h95+zak+4^Dn~@O%N5IIj6d?;z=i!b%tF zeMX)|HEx0qnI^BAEj1;}8D@C8C5Zim!hmXkBNe)nD`{RB=yShCwiOR|^F*SV-s^x> zuqZJ8kfUkiYpT*Cl=@4r)zbV%sX7?p^lU) zF5hKhMXq3TuF5Ho(PuY--gA+Vsot5d?}XUM>)%Um^c&6@EB(?-y#GeO@{f>T^?iij z6sg1O5>aiGy^UzKr+ogL+%Zd98x$)bUGjl@tm=2|5KT|;3qucF59`sTc|PZgQSF%N z!U~NpOTUR>REvpIo7L0ug0tsBXon73YzFlAt;}fOLWT>>hdUdS8 z7ulgzlWX%T?NC3)QZUQ@Aur_rgegD5NU7Ujz?OqS0AYGBE0DY z1VTrv*3a$1IF5k(OPn@2Jek+>4$mM>B!t6uvyscFnkT=7dgIO`!Hj#rosEq}6Mj4! z0QNCs-HJrElQxQ)dI5gY`0?r}AFXqyA*3T7DgT&s1nG8+_aQ5LOR4Xt-ZHgl8QboO&x*g zjS1A6NqT^-D|J)TLLEDPmUunUHFh99cQ*UN7;ds`ehb@9k_q1*l%DwtCtC|_byY!) z6sxd=U3#Cq{r|<8ez!~#iL9yb9R1a`BFth=T;np{H2`|)t_swQsZ4R5Og-igB=;0C zTC%GwC8&-GjoFSq$DW^(cmO{%@~m4w55>nZ_K~j{@fCzAN!4gAQ`PUY&{4mZWBX4P6Y~G zbSz%RlY4UtL~VuWQ6_XK1+2lS>N(7z_Ze*zh@@CXWbo&|?30+4$mBHG`;SzVP{Je$ z;VX`CEa`{yq*xDW`kX*ebOg9A)1rpfR%5_+Xb8{l^X;=gKF*5P=Fu=iHRe}{BK z{@{RL|L(s%A<=t!@{b3U(9q;$iSelaq3J4vs_MG%rMv6WAPP!INOuX+ARt|Wgd*MD zpdyV3(nu@a-6aBobazR2UA}$ZnQw+ajtb}Qv-e(WJw7wUT=73X4OILe}$1#YF?2MsK z)+{TIClR*zgBgoJ!Fr-s%k2xJpx-M}SX3J$?=!;#0~Zl6fsHq14||AvQbsvrB>ds( z<1x2M-{X}0CrV_HS4n!Obby}EKhEmm0eogRNhS_S@220NQ|6CL@f!D4We!{XSYpgz zBwgYe*eH>;2R5SSEqQ-+^ej^Tz{gZm|IRHV8Hi^tI$Q2(F)5+~L(pM*NLhrmOZ$ql z%tP`X=i^In_&hrTNF$M29OI?(pN7}jqrmb+qUpA$=s+V1!0CdYKUMnQBnaY10`;I9xDvYGCU z4`7Rsk~rED4l2yG)EuCQHMzf@bewmcguai*#k{-g1O8O9Q(x=&Y$4j|COryHh>&goK^@zk5Xs|T?e6m3J zP%o$eop<^@@<3ev+J#erY$%;RsH1Bk+LNo>m&i4rUwm-Rh{~ z1*)_q&7JdP*6q|Q%q*mCT505*P?w(T&jJgQV4KjS@w#>=@)@o_8LqVqXx53!H*x2W)@*6%Coih^4i+tz)L^IZYq3tw%~nWw%YSqxB9L2 zz}W~5n^GLA1}V4wg6QBk0fLJ~e~Bm>p&;|#s4O7g$x_F(tEC3YIY_z~N%>4&LnDiN z~q z!EzQR_1Vz~dRgq?Pv^Rl<6H#k@djkY`qjsjNW(?g{D#vZfs{H$yy-s*jK|*GYe`Z( zp^t8PUMqj{aua@bmU)|FCH3_?SBe6AdiCwzCP9|V4bGN{Uo-AX zwSPXgvce$J@>F+F;HB5n^_Eb?CO(71I7QpQ+i-0g3#R@=Jj@~84{`IQ+q=K5b=$x- zxC$mL8FO>RH@sz=H@a5qL?0YeC}hx`&GP&1d98sY1cS{)m%2BH|CaZ4jmM zRmA-%&|Q!6SpFH(f4gr12|+xLUb7oFd2Dg(3{!u6y>gd9gbJpeU|?tQ*stFlbvlWE z&rm>#l>6WrfG#IETH`~5GziryZ+kt{Pa?aya)OAitp!ICRj9^B*-IU%AGfGhno zDf!wg&3hZ6=kNSy$yWY;Y3QY_zWqy@TIVm`hwc{73`_4&t6E7?)qO8;^j@|tWYXiW zH{ov5)Qn}c-PO_uo~M3Je>3Qa{oDAxLvc*H_V$uDMDd?bTe&jC4tyn+cHv_B<@B=E zaYjsoG~DQN(f{7}_9)u_FCLXHI{VYg@>%APCE!nlBsN7Tvo5&Ok8`fy^8!A`zxUapl^J=tJ`a714QvY-4}zqE5BkZQe=0fkJU7?gj1c-Q&n&7j^^$np!7D6BRhYq%Uj|e%w<=3{$U~ ziCeLoJ{JpeE}=a3Q4==51DqcjAc~ayd0rNwkgUEg<+ci9cxcr3`E0h*ih$1l)^X0E z6Ax5r)#(=xGg>kcfDT>-#Vr)SW%SLDs+KYMxW!#kQFYay;U&PI{Gcw5{2mQA&m*1b z$rz+CRkeIX(t?9!<&ZX8s@kN>A%CAh2LD>ciyb4^jz9{qbkswL(#MvZSzG zI47!RG89Ae#j%@^O4-Pg`X?MZn&$txBI*f#X3yh~cNEK4TlJ4c3R~z>8fXyp@9<3d zJ@p+neRc1)E*!T}?s0VPN)J{BN_}wfPAGD0{^Wl3?aT)gEHKGz+RniEx2Q+Uk&mGoHm93J9sJ5N$-&4#dZopB)EDiDNf2dYtGUue| zif0hq0~RzeJw2T<#}2o90vAD9;n2?8`-XFly|j)Ozu6fw{1KkFVAo6{ z&G%g}Z=Wry-_?Wu;PxoWs5eE*2qmvk{yw_;P3l3Q$HYhMEkhTI z+oIwxe|%iqu{i3=&WjJ#jI)y%ab2=p?ynOlD<3E4dkAkC9osmB8=SQlOsHb#*zRU9 zpyoU^8AU3T72DksEysK0y*T1#(SUow(Lxft)6b3iJliMAzlK83&*YXQa(ZJ zmHE}3NzaOZ6aDW`oE#PYkA3oo>$z@Ud_b!D$SPQ|MSl44NMk9XbIs$THuH{lpnZiA zW>BjJ|LyUc~SUcFCRV2>2Vwn(mVL!4j z8FWfFzrRf5O1wl4u%vU@Ly2SCWgIq6qc|U~IiQ`2vRCq?5M~$23LH=~4t7}nifrjj zR-wFCGjjS1kbk%i{I;UMvNi(FF93sb_|x7OCoL_lpRe@w0ownq4{`#?GkA61A+fUR%hOFHbTn0rwVcX%LEYwITZjEtaxLXJsoN` z@ibZ|v^FYgJqUbAhb)l;>n*hF{~G0rNr zp^AJp4YzfdVJ(!c%SHm)@#Qpc+NUL6aEg*Es@wQ4uppJ{b8U;*o5My2`o$kX5^>fP zi4H%PQkkZzU@g;=vg_5?KXTp+%u&6QkNEgTo~}AX(afVp6o>d6i9s#RO-7C-Gn z7HSoDS6Wd%>?{pFM{M!Sb+xi12?Rl1?>PCiM7)si(566op;fmQ`IHO!s;xx6u5saV z8~Gf}SQsE9ycA5|F{5G#YK;8HC@?xK&d4b}8^?9yA(U}{a=CSbQ9EF*jYk*lThn)% zEIpm}2}fy(S?QPtgRim|z_Rn-o`f25pzMEU@V@%TPlMW(qh5M>d3lT$K>58MXMIGY z$-`H~9re#zyAwa$eCsMj&Y$wW*=m^1=Wf@ecdvFaYSyk15BMvm(~#fRhvUaF=^PsP3Xu%2^pm%;Q5dSH^yjiBcj40T*VBws7$mHlbmsN70 z-lql`EFHd_#v)2t?9K^yI^HP)Rg zaM4Rrgauye2LldS4k@?cm3k}18-x4rjXsQ&!fxiR9=Q9ooUfNE{6B8v+^1F(a?*sZ zPHlvk4++WNU%AnE-Dtzw{s2AD;#FnDCA!1m&sH+t8y%PH)C@Nu=Cx$S_@f2;itE{d z+gDivce+Tz+b3cu+na@DooFR^Dwi7-21vrnXs-xYey}m}{nk9DaB6#9X!=BOmsJqI z8E3ZJTmvRNAXE-61fO*_llC@&r)$1ww&r;eyVz{&POGXkotYuUKNequndnn zHwb?7iX-}in+!lFtmb%rr+zO>o~R-p8d@#5JDl9AJ3T>HL*^1d zFIv)6dM?xdAzJ~-vT7;E-@#f_x*aQlR(lX`?uu3bwBK8^pudqQbPr(ca;l)VeS#hKHs zhJ#1h%e|N|Q~rSYf~6$vx;3Q@oH+91mkhj9((K8&NSFK{4de&Zl5^%Zq?nSd1b zIHKN_m}81C)t%Os+7F3KuaMxfU;~y*3U1cRvr_-hwTph#&`1vC#IJaHc_ZPM0QvXt zRN`z70g60i*qogJo!{kh2&+jC{QCOZ;ri4DNcYhXnod+luiqZ9r1XMz3c8S@=p~{+ zTfh9bP_xeC=m9!9dVDVW&ruv++O(K3mE&JX%A*d&=>2J_5cdu>;)Z@ zN(K8W5GHx-{;Vx~^NSpSA-ioV&Xmt+iiNbiJD0hF+8Kbg@ss-F1dn!_tU<1dxX$K- zGcQf#iVy|UnQ5NH-`TOSF4M)b4sG(Za?k!O#`%aC*#NYF--{^OJQjU{?b!0jcrqzg z{7OUgU6-HLa-91m7_^?bj^w4nkCh4IKEM$pZ&HP8zY`8fc%tQEEWE5@50Q=TwjQS1 z6)%wBb1k_UX^a`@VfxE!;$ONp!kj?kX=0+wQ~lPa#H{U&M-77V<(Wkv842vcj_VqJ z?a_8!3v)uyGj!?4b=b<)@1{}lu8=*<=l7IK@FYgj11vSrc2zT2o(9Z0y%}g6$NelU z2|Mai1!F;Xxqq@b5*c}io6EC~Btx8fODDtB0o(kMQ!)pdIZW@HmdHUYj*qD3${5dv z#c$ZjpBhGhS49er1aNNhrK++3s0n;M&W(A91;i}vri9={L(110yZMjrXKR406^DDB zM0#Xw3`HSs1jzY-oikO~6`MsZy{kW-1vokb9Rz_HR`ekpV3L@q$Xi=mlHT5p_~(#1 z5BwZPIPL>d>^HbuxyR-20{#K&3$$^~b0g!{LzT5(vXC*W%Tn{Y0B;V>*vnLOlMB5IN~rE(&++A_1`C0wFe} z&IaGgYth}+m5~O2SM_`N+f8f!=s-yr_yX)4q@zxLX7%5$1Ro+_Eo0*I+c1=%#Qd6| z7iM)$R;JWj0US%AnR<;>lHE%d7p@)SuE>v!SeCZLaI7vAFwHWqhcZvfQ$*uC36Yx} zPE8~gdNt~Vquc+?;xp24alO_v78Sz4!;oC#vPDTNyQt~(byE`+SK>8}SP=pe>@#Wv z$wG4Rh{Tx_P;i!4=vh6h4`gA&S{J}O?;LNz$i129+<&jBr<>iVu^h4`$MA3sC9#9h z=icAjp3Y)YBlpJ7JHxj~k*`4UQQ}5>+#`ed_tSRZ7<}PC;g_32H@BV3Lzx+z7l_z6 z+Fz%{y*q3^qRI~3NM34*GTqvrMCJV*YG-F6FwAd<>(P-TN>E{$_^|k)cHzcy>K&p$ zxKTCntzhTSU}Ca~+~YRa^C81zZ>y3;W46fwl0Ldck?QW&V%ih>TmFXHxqy8R0S50C zSV}r#I>c+N4Dp%ML#PWgW_w$5byY%ovJrud`K*u5mliJ?fl|?X!K_f2{|X81-I~Ys z_c~mqCTuoiKGzg+;-Qc;HK(QCkZPZ+31s*Y*_dE^Z|(2Pfe4`}Ix(*v-)`6E8X>N`6U#sn3byXon!9O4 z3p4@)opYKgIIWfD>O+0kK4lNw~e?~U7>%b1Fw+dnuy zjbH#cR^V?5LFrF{RW*>0`@~4WHx(ON10>JkLqu@+r|uDMGaImwNRi`zgpNCG6k<4UxVD>;=fBa3(ubQW_jf*UX4RX^>OQ{U z$-s$#5TBBG(eneL+1O#(0O>!W6@rCNGh+T<%S#g_ zRR~cv_c__BOI9p;bK73EC+gSvHS}|98g;uSy#Aw!7TA4E+EY5}{@y8L^!k#`uLtW? zD+b3Y@1>58Krx?tQ8}w8Qkv=g$6p^$Ip;*QVcJK0?UWaZlg8DGBI(^7I(BKErYq_E zFs8Gg@VELQv0I*>+mN^bK#2puiW}*5gfqtMo!rr$Se< zMUks?E>2e6}85 zv8rJF)pX{F&Y7MCmbdUcDfMT1+v2~2P;9t5mPg*QD$7)%>BF(JFyg_OT;rr!7rtYq z$xf{gQO(ISL3*P>RGUQAtuMK}wbSg&=6ITHNzjL<`TK>pOn_z zulrsdusdh2g=z4Zf+kquUNP3b$lK*{PN6ApY?fm2n1|8oml{D#xnXev=`N|fEt6$? zsUV9`bKc;%9+7m%xqL#G0dryPdcRMMTymbXb*?{!h>_%8-#kV0OGOGGM)#Xh(7s%p zk&84GbqmWWY4Rsg#&5>NX{S$Vaaa+g!;qYR!`}ABbd|4f@^{)Xm-CZPiT#>lwnFI& zo8pw(hlQ)~+NxQuqjvU3Z+V`=CZ~G;ZMD+G&`S|+enjwx`D05B9!e(cy-hkaQ`pV$ z&7DJp6k%jvd-a|pj2t*tYRXSYT|4OmOzY^E`-4d=Mvtiv;eL1dLZAPbFg;0>BEAd3_qf=aJ-^5yY(%FPWCu}wQY&fZkQ+Od( zoyGBsffeI#MY|Ib!rG@}NvEDgfjeHsx{B{PUARO8%1&Mgr@?pRUDm3PG?f)Yx_y2T z%XZk(GTsS>JQG>-;rK_u0E0+N9$@$*F>m z&T^j^rr8?>&Rrd(z#cLyj?9~F6kA$gN~y^Ur}a%d5U9obV_=`X9O$ia(WNFAub)Kt zbK1ZCtdFloHL%s`2PSi3@WbbYB&ee_(P3d>MQQ?+_ik8uVmJ-o30k<6U-ki|^RSmM zbG*j29WNhWR$iXvtK|IM6XiWpiwqI>eaiO*skNboDULKbxw((}i}mbg&EVO&xo@Ob zPTx9B41E)@A0P=;{wc(|k#`#KY>ZxsRXijY)ld1Wh%g$5Rc4%~#8WSV5w77EGf7yv zwPUy*J)R+AESg2^vU4LJ+nr0h+O7`drY1vsOngy(-=DVT>`$9Ka6V?>5>>xth`S3v zO0~qbZLw3%)BQv?!dthk+or-kTD0kEU|^uYkkoGx({B-1nY?%u<-YWhtptAes^5}C z^6}%-{(B=_vCvkE0nkMq0w|FR78kFfh!iYM>wnwpADJfN{vgVH&T}&j3r;qZf@@%M zHK0@WcAOPPGAv&5^XGGC=M&0fvg>E{^DB-|B&}(B>(;**lz|ustX7JW!oor+n%+x* z9z`11)uXjpr*}!GnZaK#G3=Wg|nx(R~h$0u%-BnTMMV5vo$OIg4+6eAG)^0{55S5wWe-z{m3 zyC|rsaT{=a8rCfs1*ptukipXB=o7|{mYnlgafZDQ9=06Px{K(`K2xKentoX{9YyjR z)9eZT{i~9gqtUaz_YHYvE^yj4)4JN7Iln{%9sYS9UqQ}!qjJbxcJ-D)6?x}PMt5qy ze_&XzKdvak9QS7frcCkEjzjRDhYiqCS3h003F%~>SBDd&35%NJ?{8n5vDzEwI^{k& zPd`j` zlY@bQ0`_9&Nm$HuT;On;h(I~AFA(D^`~6aLrrQld!--o2n>KC{be*5T8(RsNxLroY zeA1`&BEopCv|s)RsSUDs|#Lz2TO+(yCV9b-VmSudL*2f@}rt>zh&iD0ed>w zlK0|`vC}Z{%}|@drzw_k z(R|>0d3WF+4I)3xJK!#EZY#Sc_g=?~z+2E?$rjnEwQ9(|3f^}a7=j_EK#$4YxQWVN zndb*PYmP78asI$FcwsAetm1CKkM5^@`QjTmQYNZ6Vq_NgY9|e`#S&p2%WqF6Bw)#t zei9AtcBA!OiKnG=i_RQM+!g0>9nsqAwp?z^R(_PY~b1rse4 z2?g@9I)ye$9(;UYJKsPiA4MbO>nmp0a%E}gI7+$raMj z9Oj!mp8={J$5MI7imK&Tnk>i9MJm*=^6i72=``_U~?c5>H~Ouu-f$P=X?xv;ozNNZc8TZxttOOB~D8#4LKX?Ag?C3-O z0u6Re)F_+ALJa{KemG~12#OTM9ksRB(!Jd8g?zc6c$;>;hjDn79goLazuu>)y<6s3 zPkF600HS^(YZtuO99dLrQqsKl>;GFm;5-KCi5Ymib=Nz^C_XwEZA^tG$o1NlX|GE>j+Q7>d z2&_MAPC|wtR|v$%v{z01?pO?Bc=1CV$S+uquSB63EvR&8keUHf@p6TtHNw65or}Md zj0}p~{@e!!Om!WdaFD4$0xP`|van#NQIS&b80RO{fyu=lW&v|7A8VvZ|p}eAY zJ*%`(;A8tQL`%F2e!Aj2R?TfhWH^8fQo!#9d zsJH{*_k$ty*1+-sI@aN4uQsQ!5DPpi{moP_v*AT~v@b4LNkQLhUa$;mk`YE-m<~y1nX;MMLH?6v${DvAq zgX_Lo37AEN9FsrWp4CokF}9xqdr*#o?#b^@e;QZE;KqJ*JNJibeJ<_{H2@yrAoX^3`?9o{?wm52(gif*N)3NkME4F92vKskT}L+l?Q@F795 zBd}s2!RMW8fh7)-JhfxcchMsbF+kI|3KSO|!+z(_fQ#D9+8PsrBmvxbSebE$3xnF1 zRnShgarzy7dNN6{O zM}Yhw2AyFKNFIw8jDqq)MDK4;fMH(-V9l?7=mr9~WqH~vqx*RMSGmm?v(L@!qMW@w zr(NALdJ|wxI-d=T27?m>_?9dHJb*i@ciw&Rb9=iKP^7*FAO}qDqLEh60R|<>qz0@& z*HWqP-a8LqFFypJ=LOg*%9(G9{K&7JSGurn!SRA}7>L2z*J zRI|5$-}P9=3KZ`Jid>+|H~!^si?_^>0y`yz3arm^QE`d1l@&|NN!kGn25!8JfA^xE z#}>!z{C0B@%FOYn=D?f;A`Rrh#p-t)pJ57;3?U=+;Yr3ljeIm+H*m{CGTA5<|M^h*dbG-2jzpqbsxt*lWS^LkcDs z%x6b4qoaD#_&+B#5b#}st0=BXhr-B(DBbURTWgYuLb7Y~#4oqOPYGR;Y`{Y9msTph z%8kDUH@NYtfD*y4J^#4_VW>;S*{9eT4<{l%->CY{a}R(+6TGwzGAq3HCp|b z+z3_L6vv0Gf#kGhZ>S`z#b-%pzx_-Ho?%lE76au0LT?kgRjkrn$w5UBSZ;uPd(`~4 zZSE~6v`r8@2E=2*6viHA9hTQYH`VIG!or6gIGhjf=RrOlP{Bj-f2B>wipX5a%FN{x zk&%(6`*Zbmi0fTPph02!_8S-jI08qdmpW{%$SDk`Kn(-O*yZ?wCEWv=nm+D9M>>KzBFX=X;=i{FnkO;QtF?G6Q2_w~bHwdc-@4NWA4eJ%B$@7sS;*iQ zTi)0xGEE??&7jVxo)2;~k@}=<0FWl%>p>m{)iaQ^i5Ua~WaJvE$J3_9Q10ZnocUn< z-WMJV5=k@NH2C1c8k4;9IoRQ}uDpSHt)@vN5Z~ef5ek`=JVof5t$doIX#Dt?>Q_ov zEDWUM-=9WKq9l6zvR%KP{JobHocbh)NrZovz5iK0j)V`T%N&VuTQA?X@_f6@<<&bh z<=tTOhFuWJ=g^Ku0oK@O<5`A6Hd8Iw)JU*SE?G4-f_)Hy_`|rF3bJ=pza{&^X_79f zBK1K|BcTqnlS}!>bF}BiF}Z>~m4bv>gp4=A^tUi@8_|Q#4&)hryX8+Lvt{n)u0QBL zRz?pG^11R64=e+g&@9jgK^EKgU<{}s1Uobn6oC87==%s9&L+ZW34|aJ-_Y^$^JnMh zTfIVi6*0kK_)IU%!uRv41-sR*Jx#Bb>>~?LXkyLRq08F-KNB z16+BtA$PXjF)z!)$P&b1G!lL^pcm<{o-}k;K_-b`=a|bF-ekG00b8I6l%!tJ-5!EA zf2HYUsPpiU3!=Ed6}@)i2|4LOJre{+h`&)YKx_lV$y2{8X6kq^Io!^OqeMB-IhEU8xAM^?WHi6Jy{)ab?KitSnESHZ8_2~=eI=4Lm|Wb2tu=6uVy*mE5<2@ZqoLZIGz0LRG(=v{xH zt}M&g2RD^GsIEN8xPG8VT>(9v!pj2XS7qJxXV~x2r2;_lw4JHK0v9nOgz1|gj+0;k zprZvGQlQfWvxeVcFg*-DZ{P-6sa0^Bi94Io{G!#pya&iV6vGA$ zEKodH2Si+gWs%J*Tq`augn)!0Wrwaf^02fY$ zMX)mXxsIRgK@arb98D)00d_Q~^H5h@T#N&l zNQmBsT87n73S&ty(?XG}Q0_Bm=%G*((7*|ch>*lgfgv3zP0H;TTTs)X_63YRSzutr zA!nBasN(1Z6zS;$GF{ak7~wq8hbA>}OrU26XAm@R+#r@E-ZuzM-5BViA)Y*uO=ks6 z-eBPGsd)1%uI5=XE{Kv%{;sA6`lBJS3qx>V9~L&Yw9tXz9R;edpd$u{2Lh7-)%xLA zO_??{xI^tDm~OyYLVpXE{IO>XNWt!cpod;=w}XYW@4BGp!U2zd1oHft4R8P)0lJwo zpko8QAv;L9y}P@EN-FS*9|3{JLvMn2U=#v{80x1WJ#Xx9OUIqRPryWH24b6_ixwL5 zz{v2ZWC7rb5GVl)0DlBZ;b$MJ_IGxWVGt$(jw}eg0MCvBT^t~lF5j!_+xI>bbieN? zHhG4vWGI=yn$2nWId&GonOX9OW@}KrBgfu!DEj^ceu`>UC#fxEN;95)Z*-5v^p2BH z)4;uCm6h<=S&t2(b1nfx{eq|k}<^Q33UhfNQSP`UDTem!{e2lou9Rw{j^^O z;Wn2ccLv?ADhrV&w#$uBZw-owDlEIuf+GR!r2k+lsEyCg%R`5BSD<98DVH$}C5U>~ zgnBi&;rK_d!lCud7e9M)yYJrG`L47%Y`3(P&XH#IX7L^o;`MQtqmRo#BsW0*sCk{{ z>eaqjVvUIQqUH6C?U~xyMd3nWq2Cyq=TqeLs%O8o(>yFkuQ6cBd3kxQ>=Zj%lBRYy z84rxT>?$bKQDNk&LvZJCOJi@;c87cT;rCMYd>6(E{?}U_X%V{yJ;Z_-mOadvaj@9A zrZ>>A$dixHv?DG~4u2-j+`w)ou6twq0@(;w^h6@{W7M;6w-+l+5!2n^pyx-UBD9O-|QyBy~Kxi=R!u^&@4gl>UCH^`7j2h5gjm zNdmk5c|1xubFH4JT=xa(LfVRNTDP~{r(Q4NLpAEP)8gkR4*A8LdApi;pW4CHxT=`> zR0Zs##fVsgeWZ%&2PX(5m|U3p#V79=q0^Nr8&j>vYk);Lz3p#y>dC^C4$kuXD{)Qm z^<<~h{ENmQcHqn97?!}Ta@0J}3=Zr+RiW80L%-$mee|C+NP4oHf&VK_Yd1rsWbqk$ zKoPt5n2`wM_KAoD3cKzTd_<6Dc&yOngX~GaXzR&VCTAZ`K;i!EZDY)k@z}xaC^2vA zV^B9BkgZ0?$hE#O(F$I!L|{6?8D|j#){5}ogfDa)Tmv4XA-_kJqNU!_mKT~K{7|%8 zpG&!(!EBp zls<)V>h@r3S1~G(4W_QX?va2U7=J<4VJ$|ZKOPvH(nA7U!a&OH+2JjtE@I=Wu4LwFg2M55(T+?H_P+ z%|w?6BoJDO*W9LBMzYUF%oX8qS9s7K|NLb|_vvqs=OD2lPsoPJLhwHWduH;5s=%;7 zdW2-=L->ygBMY3{X;jarw?+bM+poc$9!T z#}@MEdX+cagT99g7Rpu?$TQX-oW(FQu?6h)VfoakV>3(^9dQiPX9oLXxQ8)#9{gy2 zga}e3)B4Fx&PKd?Ht`?)+s+41EWm}bj4;BCZi&jg_#1NPx|;R4yr$|Ys~_ipzIJ3~ z{{a)ukhI;A5Zw5LKk`SDWc5VX-2Ih_#u#ECL@d$;O{UAfMkezuoHv=ggZDN$j86Z4 zP>SxSzmuc}A3OOX$#2DoH|$l9=$ZKJDV-?hW2hXI-DolF_nvQr-Vp8k<1hDjt|p1ihEYVGxhn^`Fe&ass|m@yOWcyIej)>u~WK;x5#vUp2V|fdc`y>keRZjo5$FsH#w@(a^zZ`4y+ls7;QmhwzkCx~?t0F0L zGSyOry*sqobJ2w)dGI78+*o>}8-s|>53POVGFHp+E7I}RhmujfYc0jru{yc&1Ekjs zfQCT*5XuLqls!NE)JNw>R1bKt*hreTMyad;^=nn3BrR+JWZ!2Q>rH zvLA5r_YU)ao&9<_Kedf2v+bbYmc4T;#In%~d9hlvmNo{?SQzb#3`~-w#(R^&5}CQY=OK z^Wmc$Yolg-0>n7QpBg)qiPqg_YlB*(PT%IKn?9M!^XNc&uoIGc#A;Z5#wO6yCK&ba zPbFAL_O5(Z!r#;9j`foizO`uR7IW{%2uKl1#PB2ip(k%Ff7xS>X>!HUF=qd{_VW?% zGfg!4tuomyyJ8ESqbUzkWaA(~f;Bny${UTp|NKZh**M!qW`1!sT}KzW5k#}=MFWml zcK#Oub30%BueR+m`2GQPvtK6t-mt{y_WiMfv{}QK_qNVxI$qHq7ZnpV6Cag%a62KP zYB#`K4WzX6Y998R8;n}nl$g*SFd4P(ltvHK*T2+Ji#zq)%Z->cemTy7cH_=?GSG>+ z=tC@JvI!p{{by+Iee+UFzos!LpQf{%n>Esa2E`0!LGVxdyzOZu5G7<)Cz)-fzR&SQ z`^91IAW^o=`uCqF^0K6R98H7nP(ca)w9pwWpkd>c=*94Tz(Q25!`c0L(m;SJ4^7Gx zfi)GftAC_|h6_JS@E2>cDm1S5<>ZAm3){%D@#dViw3m56n4&-U$dtc9UuXlf;w^dMVmwz9=;+SM~-}6tQ zWWZ)|BQ@+~>cqrv4jCM~|7g1CjOo;gbxGF9>-vO$EFk~-Lc_F|k|lbLYSY|$6(9F! zEA~|$T8{r9h3YFTE7Z2bQ%BzWS$~<0Q-cqW;IJU+>^)>3^5)Dzq%8qdMRX~nF9giN z%v?o9!@Nt}n;E#5C;`gm=Bp+}0~Zu1m@9B={eZcsXq3-C&G*}%WM;(>l$nmtw&MJ; zzo$!Hylcf&qmv`t>5o{D6c>I_{4Ph`{X1$xT!QS4L#5|7W-)c!I1IYDA?>(A8H^bokX}rK7P@SnISRG1?DgWE`C}&L+B}jd#rY7ehZBPW=~ru#@He zLI&;c@s~dYWAT#C#dq%;lY~z-?qff_{UVDWE%ps2Dfl=1Ulv8o{5^Y6EYceFW_0ip z?xV>Dn(CW$Il+;%zkJ=_#Fp=G9K0g19TG4DZKP9G;cE&E*Npw=+3(nG2d|PQZtNdC z9++_V9;i`X(97{Dwsn6vaK*y`Sr_0PSQ^Lkla6eLem54L$ONp(yvZ^N|<}L3GgK!9CIP zAAugD=I4iI)N|9Y5930pXg;RDB_W(76q8M1HT9?i^i3g%C`64dQy_1Z()b~1;$AC8PJt8H$Rw1^pCt@e^g z{OiABd4rd7{4l19{N$D|1NJ5LS^D`SO!;VA?`!`DCvE=nbr+PVOu_Nzm&xHG3IX}V z$3>x^j>Lj;7`|=`1W;~M+h|vVej{wo^j#4H|I+x7phzsp(sFv2yWdi zj6LD)>Wf{gGevW&R>=D(y4qq6f`#u>YsQu~ylU$z+=6VcZ^He?ICb+^S@&ySz9ujpZhcJn2iH zicV=(dqDHAy{~Cq@;A+z!50SSB3huS?7vxI9l1)uoaw&xZy+mviuQKKRiQXjFCuGK zXQOV*D}4;v^!X=8LG%EMJz1Y4@4(d?B609)>94puH1~3lnH44Y(cNl-vbA&$L+*P# z{&IETcEn0qM7Qu$apN-79@?(yf5~(kj>ingkc*CB8WF+>d>WkjbSch@7}HEuLidL1 zQfjhvrX2eVyB=|V1L5#{8AOU2gP0d8doMgQ zfftsytiHn6(r&Wc!ZnUokBKTjjP!JG&^R%;(3x?P?C87GLFho~Z&UV}M!|pb9TYWd zoIaWd5k=3R?TLwL-f8-l+8-vJ({O9UFSA}rOcf|;M+a6FEcWk(u%hC~*>i~(Fqe!~ z3rMdZtMAyyGx@7*PV(R-fF zvqbJ3Ns+BG@?DAt(nH-V7XxH1F&XORK{B1_ovR#_9v9A~JXIuaB&s}y;qN?O5X+mt z9PRTqzC5&lLv^5C(4e6mY&!6|z*)1dAM42zYO$ZbZz=A0=i9}DO!@96%3r;Bf%=|! zNV&ly`GnK=PI1!S>k+SzSuRNp9%n@tFN|1H?HHNU(Gd8{v93CmA&j zUdd0E+HtAvrmH8ldKo3fgXhBE?mB~0R?MLLe$mCxdS>gIuh2!s8|nMc zablN*BFE$DGZ7@1YtvkLuoPp%PKB#P=6>h^GfsGsV-jkh&0~%yTwlZ3#hHWnv8-M) zs;x8$;IX^hr3C&`-~44CU!Qn`^!qU}8Ft@>GJ-k47!5U#s4J5MbIi6h?v$6mJ%f#l z#gpUku1=uAZ@h|R2Z0=C>Nfs9Ocx zMP|LBFyd_oMkIXKXf&hN^+ggzKTj12*yK6NjOC-hS&_EQ^4O@au89g**EJvAKV+W} zUQ){sa%_LZz8pwklp0XHxgF(ewG`HM{mt12OyQ|Cvh%iX|e zV$ET&svPTP`iR9Uzh?b*QU-WElU9{4NABKa$k9m_auu-kW)T#cZe5R8mTVg`xpZVG zP?UexQy)N<{2=Wtk!f5Uop8~?B2dmosLR2w5G1vM#7p2QY#LQ!a^m$n!7u6D&}EK9 zaf>}(_L~MWD+O-eXN_Wphmx6gpPGgY1M-exJ1G|p3qs$r19Jzx8~o;-?-a*XvPjJg zaj^d+Kb%R(Z9^N0x8193A2(+uSkj7lrNR)FAR3S-acw9>t&3r*h%7U<8@Ok6cO7$_ z`x*vtg3(DZw|Neb-ChGG7$PI{nZQRoP- z{8uk|oQu!~s(3C_Tjl+s6{hgF^!R4hy8BjP&<8cNh; zYQu^!RA$cjt;ns^BdA9--*BegEoX z@>tIlJ@jkxr84n*IvN$}%qp;-+LQX-v;!(R=*?@S=!{xj?i4Y$t7^1EM++0B7ijre-}eEt^CRn&TxF-D4U zBTG4Myo3Bgz1p{o?{2E4WVNKmZX$5hSpI)v6 zCVJ>)?8B6&ivu7v=|>=|)X3?KIV(oyhpV?aO1eSXF(oEg}vt|AAzOfxf``Xi-m#OB8FFAXD(y-PuzV|WlE#=?$wo5G%VykdP#LLku21?Qu zRrLtfrBfngUlkNhj#F(OKjzJ5rKe_TUZ3)Pw{AufeyG`6v+#l&OPV2AdN4StFmwU~ zGa(&a?t;Qa|LXqXIxK-l-laYy`S|%=c$SvwYD+6NlDZR%QLy9_6C1Ea7H2lSsJ<4q zvA=KQO-Ao|b(s^YmVOrg!~`r4E6l>8EPdDGCFW1x21YK9^(AR4xOPQ>`uCEyjCVH( zkD2iF8e8zzXnNyd>MW={JYQKtM`n`t?S+jx5`!|83Qe`-P;PvlmOV91sNyd)4u4ed zXC$$s!s-)VP#ylcsJ8KD2aZw6C(3u$ZxHh%ImNYUBq6mY7;F7p zHJZB6;f4_-zcFGl%f6wb9Ka0w%waKO+KPPV zZ6x92i*8ekvifer?Bf_Jq#sNkGTH{LKl1s}f~N}9zW>A$7N7F``%N$HC$)=A+GlQ_ zsX^IzKf}~g!U88lEsSujlh`jcPU=UT@2^}+pS3iE)E}t*q&qw-5GbU7JbwP@@BCw? z;5X8lA)HD{jOw-7s=MyvL~T#MC`$7DE@!??#t>3idi+PS)7O7vnKNot11Ix<@bMi^ zaBMq*IrfVwnK}R}U$VmGkiTh$&0Sy+?ZPhZrcwMQV{vr7I;`Z-Z)hoh?EKPysZZJ8 zP9F(VHL)~d3LFdLnH`f*xObQ=^nbW*pCm>aN}TdQ102RcNgbx(|CMyzfoy$WJR(Sp zikLMj_A1q?QHms1#4J&*ttg6CjV?10tyWvRW-Im{wOaYM1YM{~toP+y)kn{PQ)UvZsk zYY+3rRh=pbdhYA3ZfxoIWBe^;(!~DY8y{0j3Op)5RVBc5c?@Y8dmAulRwJO8TBy;w zc4INZs2i6KSL{mt%?ZKbx_^1m&2s3^u0ra1{HAcMm;n(Bch}CAopUvsIs1p3!H;X` z+H#LL)A`hry>gvr?$nq`KqDysP_Z9FHh>%m$o`j(I`P5V zu+kwxnP?aWPJcox1J_nfur3xk*edufzRsLu_Glr@Zyr2@#Fj#yZPR39X4Lh$rRtrq zC+GB)g)g~~&=VJ^ZESJao70t-RPKJM+x0~;R9HdbTwlm=4Y=Zj-8=$KAw3`>5kf__LPB zm>W{e5@_sze3t5|xH`Dvh0ED?xR$kj4MDc$jmuPj12K6wU)qCJ-n$a)0vSgZy0*p> z&ebDM2$9d>dRQ2wcl}FzR1D$^c;sb5*+l7(2VBynvyClkeuz(*{HXiIR+BKW&G9`N zjvo&$*;%C6%xuZmsW!JYE#|CnbKWy;;vt5dx%QnJJh125A?lB*W$n#~f+x0%usvtuA+PtQHz6 z6W50(_a*x&KOmcD-f&uD>jz)_Av|H$$#?iC`b~wKSGaqT7#0>I2u4aJ!~G%({nF~M zVm$E?+X3h31z!F6LsVXe^_)lG*=W?=yV!7M?Vt$KBnii2`;adD@ozR7_~71cDcc_5 z(i^KD3y+HO0xVCk`0CLeG@kko0pq2&3Y*wCLuaCa3s%33^AN=LkPIV)NYP3LF|xBF zn?957CCGAV#3eTI%4=OCGSe>L^9~#Ki%!0X!#e{HPWt6lP5{degK$cg#_W#w>Yhee znsHbp?pZB~R(x$A9tvu(@o%bIkFxQ4QeRPySESgz8wKBQY0eg6j=fn+LQC#-yks2O z=EOEZdK@|JPV&kNyW6vf>plgmY~|o;pGPJoex*`~=z*+=mX2pu^s+AS9}61C^r3 zHUCQyJyB(mI_%d=TLvEmT8lC9&g@pj2`_ncTuFxPQCabp8PERs$DvB!WSMHIKQX*?@!x%3N9}p zIZljlWj-aYJnw)Ps?S(5t^ZZ`K@Z&&&#T&JfyLb0IyT*}&rm5LX@z}YgPy%x6Ew&E zgPVXre*M#CD3L7NjAzZ(TIEQ;bMNU;g4^WaTP(<7a;h$U-^f|FWTR?A3p#X=VG2FV z`_OLZp!EbZrR9yh4cp7`{_3-_jY=tvJbdk`C*#$++~0%z_#tP^kWw^Kyiw0u>H0y5 zgt`<9=V1E#VS98Xn~s?4KU&pk{$hf6KGYr19R-0X2O}7u$k%2HxYqGhSGlQlEmB47 znPIbz3b5heK1&cpXLiq?%i%F2gDVD=eStc7@rrqvdeUS2(C55gJBAO{3jS68$vY7` z+ETb@q+PQVc5o@`3|8ml@{e2KC%!5IO;wsvj#jIJLS!I$pfv*cz&cmc~B~S?ikbIUW{L=0gOOG zVLW`=Et=V_*$bPC((yt16|HY?&VYc-x;wsxoiN`_;h>0m-FDl5qB&1ulP z^P3g6$!!WA3d~)Wn1Qtva18aVzlSB4>Fs*U-q?5XIE<*^>b@5U>vT{h3pbv7#?qO8 zK=<8~d9dK-O?4OlI5@|Wjy&>yMIRO*?u4U!LxILo$tR#!0x;p7`FTtDC94U#FaK{# zM@&U}<-Qw+ybqt}{8OU&V#cLRMf8qxRw{cuHzbAicIvdvcTpT8jU^@(e64hxRi`y; zoWFeEZ54(Om54Lj{8sSm@=~6o{E|bf?GHFqdM56Z=~&nZnz6xkIB+i`C z2#ys!Op|YZEda$ZWSD%1%MT36j~inbj%n=-3`n>f{#wM)u}&fB`{Lm*K);OO2_zKU zbuIVlBrImOz`ExFV!Do^i*eRPLuDa3^>z#(-x~;sI?pECXYe{tovSKp^LMeb8jSszU6%9d4W#3-q>I`%4zZMwscq7JDR&+MPz8Hdzx!PIOtA zQEtFRh{FlC7eA~Rjl&rh42!xKwBqD2j^3Q)((w+valEb|#%ZN^MyPhv=>@p(*5iRT zH@j$5r{r|f!xw$gVfS@Kr63d-0U@mY17!V8#A0G+&d#`gg@B~|j1r#udXS^yz$gFX_tJiqXJ*;6RR*Kt1N^ zZ<5nDz@XCRPe%?{3ry14Ht|6mSo5BskraWPME~qSkaoA4E6|l2IM9(N$e|x3e#4Ty zpCijfM~j7pS<%HP!RaKr8AGN0sVxzXI04>)^f-CAypdmVi7s)GIR|=IhJ-t^qO$^@ z1FahQ55Is=7=Q{)q3MO6EnQ^fKqNGBft`Ro2KfrJM4XKCZ!rQCYW}MRrZxpLq)D7y zJwb`v8uIzAsa!jFPB?5NQ)oH6x_9Vfu0^mS3<-<5iu&UFf9~EkBKs>&{Y0E`2tyK(Pt7==-MhE3Wz|-$n1kFN~}WfoT-lF27hh$*atH(0tz=D`HB)s~UZ#qIeu=_MhlMlx(bCB8VUJ~|``sC7O<#%~`m5EZeqnCc zzljJ8;V5%0Gk*1QXdCaIyRBQ$U|^nDuf~?O-E2UKhs8v9<*V!;K3Y=Z`p-q4Q!&&u z7GkQ0t)rN3HKdlE$l$(pB%UhWkq?9;P_He~YG|@(2`O3-HBA&$$OSDCn!u4@tIE_m&rks{h8bUP~Y`07TEY+@%ym@&<+%6tx4CO;kYX& zL_OO+>km5{Q1bUH;?iPx>fo!_l(qh=Tm{`w!&Q#69D(wS(txK9lvgPO@Yv%ZluDT> z2e!_xW;|Q6L5Nf`q+i`MM6!H+9G(mq-=eCvk|h~F&ko6fXiZZ4v|cyL{S9>rS_rZF zkt325d*n!CyfGCl|4|bkFrGGXpq7h4!n?>rh0dq5!SIJ|KX0*O>gBa4?aE`sPiE62#?LRz%n;Y>rg&<0Jq^r+%<$*lzLEt7d*kB#Qc>y z0NS}zOgWHZIG+M!kB6WY`z#Tu$OfD@Tu`Y`RO29y9t+eez99vO*Hfdy0ywoKyj=8z z%S(DI^tQaqTS`Yw&UV#`x(&E1-O=2YAE0Z+-){a9uSKjZZ`VChSA3ae ztD`0tl6grOXyGfvw1UMBOj$iz_av#ic4|?dTkRi4f-v?t3|IiZ=-rXO=po&i?@HH} z`7aETP(AEHo47*^)nz@u)%SY{YYU6zyz%#$e0p6mMG3=d<3l z8H*zxt0w&t31lLy8Lg7ta#5`NemctM4eR}VYtAw0`eA4ns~ zDZz8>+&Gfa@IG4!J8=|jS=*7H?u%oD@*XO)13JH(B?H-mJ=TgP%X;KmA4?-hmS&{) z^L4c}Ssgvht?rjjtvKKwM++PZHsQ23<1YNN)!7(*hVHw0?=!{GO@RA0NsQ{6y;C^-&a8KuDAr!V-1KZ5g(06%f z!fx7-dx4rcrzNA2>(GuBRe}5j_0&Vh(fov=i(qX@BFa(`ox2U8a6U|3ls}5f6|4Zo zNkY@v&uDe#^hO-Mp0sIOFAT_1bMMS=rGn;DqJ<$T2fNJt&TVo{Xh^K*5#B^XqNrfgBKi__-5E`74FIF=TEw z%K-8};kh7m1_-dq25!KIOG@T8;Q8%JAlqT^XQ(FzS#Y5xy#GE3t`w}O4=v8wUl4u9 z5tE7r*fY&z*rw>q|1*s+9`S|Q<{Q^{FIpx+fexxefWw>Bqf|WSYmdA7`;0?(Bn3hpm-aWPP)U`Us7`CUh@z8-frx zqM^|6FVNUF6xlyP27(w0gdN(#Zm6LO-l5<`$!VaLnFhYD*6D5z!U8cIu{ciB%|#ek z5RD`VNcox*T1Llg7LkBM+8se7GC5Qb3?r^j>Q#`hI-jnoj$|?PS2qJ-kzLv74Z=55 z`N1pfXh&o+QZd3B!T6)-KfFVW571Ue94^PUKLXk6LU1fP`N(8j1>wcw8ODYnv_uJ1 z0ryn-Y(DN)vELO-_XQ$4H=yB=RW5+uz)xEUb}aAa0GI1CVH2 zX#o38A%DKIg=(Sly|JEC?0_37aR0~ml1N%OJY9D#QqfKzDQVTSg6_-p4#S&{RudDg@AfaGZwBp>Cwn?EDFkg6UKD87Dt~` zt6u1lB_9EH)ric4nmaRO4rL~T{gu7dB}6)-2(wa&Xt9O1w9kJPxDG)`V7uqTAl>oj zaK)u)O6m$5S}-(ypUET{WK#RzM_9h)Po4S-MC;n0WMF^)#n#|`g!nHobU@Tkn`Rz| z#uT{r7*R~R<*2fNnJv2}At3x)TMZo&+;1bQt@VzBQLc@x;;uJbjM^`EsmbRJEM~Q9 z@;Jy(3{vW<0C*fc?D)l!w!zxCf~Qe&2!X-?wJVNzb?vz!}B?w!&}}Sjt1cYqi57Zz+ag#Hah&Vw+0Zt}VV01Ua0V9TzTtb;5~tf^?2O zn!y!em#!f7#VyvW{y_}g@eF`~)>F3Nc{pSxYAuS@$Q_JvVOMcF_!ARWo)g-laK~B# z6!n05cB#lB3uG?RBzDY-Eq?UH$sDTRzoAHGD@%+ID|yi*8$K`W&1jnY()>2M<7; z5B$#kSk<^&*E=<*a+LG78F}PvnOA)LbI{hAr!;>N7T2h1XF!yS!`wLv3<@6Aov$`zh!p@hI&{gl`Jz@)(~)lDsq zc;HibB*XAfBE3um6ci8aW&7F;;!8vNS81N^+b`)v7TEsmR5OR|&l;5UX3~9oMfoa( zetwH0_;)$y^i19g@Mzu{Y_2-N?(6(6lEvux>a|tgP2ry|dWo6zvN_h%17D%8o$Jz1 zgId_X9}DrH+i1L*G-=6|7ZmIlVpC{r;x7Z;<-Re#25etpLD9y?#g{Gx2kD(NHhHV| z0-0*6-!^$_;qoZdNBJ$c0kw2xpVbO19=dUQw9AxkG4f@0cJ|U7cx{6(1R-UMpu!MiXf#~e#v$t3yw*sV-?d|=Plw4h%&BiB*Sw@)0-49p|bjf z0VLry$WRTP*Ju9xIGechWa-+JubxinuC@ATmjokM2o#PXUrQw2ILA6zop{~za(HHr^l$}2Fj;e|HI)e!uLe z!P-h6-|n*CFLfDI<9GlchsJ1qwptK6D9p^qP`sm$`xKtk#I(;ujt;De)#iVAQ3$Xzqndh`a7L}l4>svr(K(u zWPY8gYI&}xDg}scU-wA=N-ZT`Zn$W1Y=MaEzIe{DC?$MY zv1T%|JoIrOp<_Wvoc-=7Z*yvfR)JNte&tVx)t$jX)AW{LwbvvEMeY1*g8#@&qQ$ol zZ=*a}5&HNPtS!$k9AsdgcXz!JAv4#o%jE9^04F#)qz{{WBoGk>A!)Enhh7 zSBxpT0K2vQ{o5_7_);xnt0K=r%lL2)@mIxD+=Ul@Q)1L_>-V_Eu~^EHQ3pild7-!( z8)5G6U=qY&cLmN|&Ui?l`yhT6Xo0jf(=%{p9b9csx_I7sXY2IhH`UQb^A7&e@mNEr z1Mj{AY-Zxc62#fBPoIpS+^0VI-c~D$hTT(BxeX)iQp#d5iYAkWdbs!}0-S9;D)1YgcuhiC-T7RE^A}pVr-M&y&uU13|aD zw#rXE_V*Yk=}W92n9yia`=#-`r#%%3BdELNih+UoA1{o4P@RMWFE&u&+%v=%eUCDx zj*_yHZ*F+=k|y>ZFetxDsnt|?h$6IuW~j5eASU^bB3A06H6)h z41rW$w5_ZmK+qA@x8=d-WvPx8T$Jy*A9rL)4_N)zyGV_4ui>wYMv5NgVV>n z1 zmQQ}a8*i_4VND_~IDu)RijAirT6#;GEOCRXiV%#UXaCjrHs4N80<&oHptCFl-5*0f zJa`^N8wYv5{F|moo_~sz2!$hp@?D<6$DCi+oV;3$K{~Pev~*y--+C2rv0HVBbkMHT zWH$K*T;dHgYoh&Ij#nU_j-XnD;E=73oYlx@2+(6C4{yv13z`{Omaz+s@qZ;;A(TFX z8be|;8-XoLUF5U#%D^e%FhtNJ{4JBy2<8<7?XI=geHRT?LFN4EmdzD|6r%vLSoqR? z^a9FH4}Vj9tJzFNv?jVXW_hB-VxMr&{x&K+UuDfG*hJaUz^i>#mgMPfRd>t zGa+$vShT!Kl}J9GJOJA*HFyS%C+UC7&|PY7zfR0A0r>&LXeCYI@lLHc@(S5slpO~A zFD$6bVl~+a5bR*-Ezl5;cj?q1TL5`6dX$@3>OqrDIK7g%Pxi%}zz8e>^+11(GoC3L zEZ*`{_P06V#GK2vBL{Bggj2+V3G!Uw6*)Xb<0r&09^}XQ&Qj6Zo^JlCzIrd{hF7Uc zoRT~Aj@?YLST+EswC1bE^0A-JCTA0EGXLw)s#aLLmln&#R<8UCO=9rkDN^vM7rCfY zKDD_(wLJ~xE&9olTBdT{^EuK_FEEFQ79-HKkwtbJ{J}?=pZTR;=|PliNtAF6p*EJR zQV)n%<{b9gF{$269f{u?y1zzu^fOEa8{2)q{S{D?JIU%Fk6_CC1Qd331Gaam-LU_1 zr+DgSflx-s=^DcICbON!K%F$iL~prU=L><$Q0v)zj+*Gz&%e9R7|)FVDFT=n3qK32 zoSI7XnCG2ut<8f)hrH0MiJtXN=&7M<2aq4$a{Vp|On(@J-g8g3VLF9%k>=MGcz8btmG4*9FjT=d970v z3vcpWwv5gj<-}*GrRz#}x~j_W&m+9+dB)Zxrg;}w$^K9co{N7<+Q<6DJFhDFe}?z!B!mvh(t^nhprQ1es*a^5sT{-7utA+A$$dnw3y>s$kln+$kgZ)6PK zk0cv2J+`^8>~nBI%FMfxKa5KQHzug)bx&BR^Tc#V_@_-CW+Vgq$ny51>z;s&zg5`U zvLHFsxyJJlLt=j4hFPaZo3;51GDQ<}V9M^X@iX$L}?)8trUWxG4xK8%iu9OblcQ;55z8uVlh zmkM}NsKZmNbeOrrCkWaQnc(mGN9~?`zu$HRe9tdRhS7S;OjeKrB|^~VK^EEkZF9R` zc7BE*GNwNMm17Ux|`FHVp&Q^ zzj&_GLy3!mc%9xi4Mi_>L0gbCVODZCzQ#e=|9qn-GX?MH!aI{n-tc z&yup1;7t z4@9KvUnaWGm<;2MU#X*$y=-^?G{P#g7};dAc^QUz^mgRGJ(()FA`B(orxycHm+T18 zFz#!a+C7#~TUzV6DAHm@ZxlYP1m>uya(vdu>!rDXW5(xxA+$m6ztE} zHfk_ux)5UGuWbyMg?`r&8u;m&Z{MmurjZ{P)(VY|^V zz#}A_lEkLqr2Ke*yY?cpek8?H&32(~5JSgl8zm49qDDl{1oN?%4%p92;7`JcJv+Zu?GnbU^V>DGuMhG9p z<$K~seiZZ${>4#8a~n($x)?yZJ-S*eyLHJ)W0LW0mL!@PU4}8H>MUE~1q5bv^7?DJ zq6(AV?YHR==N_|j(3qA_Lgq`w-X(oeiMM*ZxVZN~B#4TEB<9#h(pn<-m~@3iDZqX6 zV%!MmWvD%glPEcP!?nR=K+gu=Bng4VEvSJ>7@iXU_NXvXs3U3J3IKFL;14d~Pv7xC z2K?sfB*~8CN5m+Zq1Wq7C{QsctKvrG{Yqx~Tt9{ABfVPUAH`y+p*3~?8Ft-7ioXP>2;PMzyK;ms_SFy4gey+l0NbttviQfXUqz( z>H6h1H2eH3f~FaY$if?Jvv=jRSrVswRYBju5Un1IL@`ewLXm7gVc1OPivrV6^V}^u zt7i@0w6Xs2VE_Wrc~-iap4srxgCiWkrimLHGgSHQX%F?X3ID{8GU^` zA2~nyAhzo6{+$L6&!mGROn!Np{pSf@8w)Sa)9NHw)f=nJa=*-n81~HezsWV9#X9~5 zl0}x@*&QkeD#t$sDQ-7b-%m2=ng8kXD2&SpF5C1SDr8XRH+`3iR~F|W=GXO4%R@T4cb z9&OmkO>h7Fan1XwYw zF+=DX!HeJ2b|MMM@zjseuTQFc96He|Q}MjW}K%>(gOU6?+ ztq~BVMjK!Z>|J2z-F|fS!FY=5b9t!URd>&1K+7iB`J!rw;Ti}C?OD>?2+qsU2>g2b z@T=SI&C4k@tQdIlIH_Y@h=(Y}k`Pt83~1}RDhL6A+4)}}NM5=y+=1dPh&P-Sit__DK0^=eeCYJ?O!Z3xhW*- zAZt8HLT+b9k(t{&Qn;c<2zopIKcx;_X&(dnssO@{dbp1&T;@8~ksME+`zQiuj&ksU zE}a*tE!`nIB&%c90So-PQ-5kXPURp0&%=pMrg`7PAnxIut97jL2I7+252EO66OZt` z2z2s+)cp6iAyKfF-?`1k50G+Jv%<;<`S@T64TuP~B}_hm+Oeav#=(weik6Wo!|-Q2bt ziQxcn6#pnQD(v68yDc@yROzhV{V&kgBee<{5|YU84zVkavR1ahi<42GIx+AoF=LY3 zWzY&@Kf+ok z#-!)8NBd}5*q-p%2>R%uM;B+hUwQx?9^N|D(A?FO^)mm+0Lqq6Vf!C_XJMc{FtKej zMg7vQ_uQqIw&;+^Q9}dmH4x1VzRAN5I|nfmQZ{}nxc_OctTZMiAnrF8ayKh9$;18t z({Z{OI6?8oGBkQQe-JdU0_f=SfQzM0Ej|QLUE0A$QB2BG+}z*=9|NTult+E4y5a%K zXP%zg?>!uw{P-!8u(|TtDc|NdlKjajFVgV%{rLXa1D}6ow>8#-h>Tga8FO(6MpCHR zF8}oO<28}}zQdRKULcW=FEeY6R&! Date: Fri, 27 May 2022 03:34:46 +0000 Subject: [PATCH 026/347] forgot grub.cfg --- configs/baseline/grub/grub.cfg | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 configs/baseline/grub/grub.cfg diff --git a/configs/baseline/grub/grub.cfg b/configs/baseline/grub/grub.cfg new file mode 100644 index 00000000..d3a47799 --- /dev/null +++ b/configs/baseline/grub/grub.cfg @@ -0,0 +1,28 @@ +insmod part_gpt +insmod part_msdos +insmod fat + +insmod all_video + +insmod font + +if loadfont "${prefix}/fonts/unicode.pf2" ; then + insmod gfxterm + set gfxmode="1024x768x32;auto" + terminal_input console + terminal_output gfxterm +fi + +menuentry "Arch Linux (x86_64, UEFI)" { + set gfxpayload=keep + search --no-floppy --set=root --label %ARCHISO_LABEL% + linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% add_efi_memmap + initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img +} + +menuentry "Arch Linux (x86_64, UEFI) Copy to RAM" { + set gfxpayload=keep + search --no-floppy --set=root --label %ARCHISO_LABEL% + linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% add_efi_memmap copytoram + initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img +} -- GitLab From b0eb7c2df8daf97d2844a7f2957c8b86eb92da08 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Fri, 27 May 2022 03:38:59 +0000 Subject: [PATCH 027/347] fix typo --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 4f55b126..632be98a 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -198,7 +198,7 @@ _close_luks_device() { _run_mksquashfs() { local _directory_or_fs="${1}" local _image_path="${2}" - local mksquashfs_options=() # + local mksquashfs_options=() [[ ! "${quiet}" == "y" ]] || mksquashfs_options+=('-no-progress' '-quiet') _msg_info "Creating SQUASHFS image, this may take some time..." mksquashfs "${_directory_or_fs}" "${_image_path}" -noappend "${airootfs_image_tool_options[@]}" "${mksquashfs_options[@]}" -- GitLab From 13368f100669a4b93dd45c603e52f4df2a7a635f Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Fri, 27 May 2022 04:47:43 +0000 Subject: [PATCH 028/347] remove reference to aur package --- archiso/mkarchiso | 9 --------- 1 file changed, 9 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 632be98a..fa5379a3 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1323,15 +1323,6 @@ _validate_options() { fi done - # Check if the mkinitcpio-archiso-encryption package is in the package list - # shellcheck disable=SC2076 - if [[ "${airootfs_image_type}" == *"luks"* ]]; then - if [[ ! " ${pkg_list[*]} " =~ ' mkinitcpio-archiso-encryption ' ]]; then - (( validation_error=validation_error+1 )) - _msg_error "Validating '${bootmode}': The 'mkinitcpio-archiso-encryption' package is missing from the package list!" 0 - fi - fi - if (( validation_error )); then _msg_error "${validation_error} errors were encountered while validating the profile. Aborting." 1 fi -- GitLab From 7e6093bc962326a4b1df09547e47384389cfb3cc Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Fri, 27 May 2022 15:48:59 +0000 Subject: [PATCH 029/347] bind instead of bind-tools --- configs/releng/packages.x86_64 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configs/releng/packages.x86_64 b/configs/releng/packages.x86_64 index 9079c06d..a933bcee 100644 --- a/configs/releng/packages.x86_64 +++ b/configs/releng/packages.x86_64 @@ -4,7 +4,7 @@ arch-install-scripts archinstall b43-fwcutter base -bind-tools +bind brltty broadcom-wl btrfs-progs -- GitLab From f4f510d2502298b4c84a8f555ef1be2f06e44819 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Fri, 27 May 2022 19:15:41 +0000 Subject: [PATCH 030/347] rebase --- .gitlab-ci.yml | 28 ++++++ CHANGELOG.rst | 93 +++++++++++++++++++ CONTRIBUTING.rst | 22 +++++ README.rst | 17 +++- .../systemd/system/etc-pacman.d-gnupg.mount | 4 +- .../getty@tty1.service.d/autologin.conf | 2 +- .../hv_fcopy_daemon.service | 1 + .../hv_kvp_daemon.service | 1 + .../hv_vss_daemon.service | 1 + .../multi-user.target.wants/vmtoolsd.service | 1 + .../vmware-vmblock-fuse.service | 1 + .../airootfs/etc/xdg/reflector/reflector.conf | 2 + configs/releng/grub/grub.cfg | 43 +++++---- configs/releng/packages.x86_64 | 6 +- configs/releng/profiledef.sh | 4 +- configs/releng/syslinux/archiso_pxe-linux.cfg | 12 +-- docs/README.profile.rst | 13 ++- 17 files changed, 215 insertions(+), 36 deletions(-) create mode 120000 configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/hv_fcopy_daemon.service create mode 120000 configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/hv_kvp_daemon.service create mode 120000 configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/hv_vss_daemon.service create mode 120000 configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/vmtoolsd.service create mode 120000 configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/vmware-vmblock-fuse.service diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index c6742942..628c28f6 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -22,10 +22,16 @@ stages: check: before_script: + # NOTE: Install latest archlinux-keyring before upgrading system. In the + # future this should not be needed anymore when we can guarantee a valid + # keyring for longer: + # https://gitlab.archlinux.org/archlinux/archlinux-keyring/-/issues/4 + - pacman -Sy --needed --noconfirm archlinux-keyring - pacman --noconfirm -Syu --needed make shellcheck script: - make check stage: check + interruptible: true build_short: extends: .build @@ -33,6 +39,17 @@ build_short: matrix: - BUILD_SCRIPT_ARGS: baseline bootstrap - BUILD_SCRIPT_ARGS: releng bootstrap + only: + refs: + - master + - merge_requests + changes: + - archiso/* + - configs/**/* + - Makefile + - .gitlab-ci.yml + - .gitlab/ci/* + interruptible: true build_long: extends: .build @@ -44,3 +61,14 @@ build_long: - BUILD_SCRIPT_ARGS: releng netboot tags: - fast-single-thread + only: + refs: + - master + - merge_requests + changes: + - archiso/* + - configs/**/* + - Makefile + - .gitlab-ci.yml + - .gitlab/ci/* + interruptible: true diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 9e78a0ba..5fafa56b 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -2,6 +2,99 @@ Changelog ######### +[XX] - YYYY-MM-DD +================= + +Added +----- + +- Add ``uefi-ia32.grub.esp`` boot mode to support IA32 UEFI boot on x86_64 machines. +- Add GRUB configuration files to profiles. +- Add support for LUKS2 image disks. + +Changed +------- + +Removed +------- + +[63] - 2022-04-30 +================= + +Added +----- + +- Add dmidecode to the list of packages in the releng profile. +- Add open-iscsi to the list of packages in the releng profile to allow installing Arch on an iSCSI target. +- Add open-vm-tools and hyperv to the list of packages and enable their services to provide better integration with the + VMware and Hyper-V hypervisors. + +Changed +------- + +- Mount /etc/pacman.d/gnupg on ramfs instead of tmpfs to ensure its contents never land in swap. +- Configure reflector to return only mirrors that support both IPv4 and IPv6. + + +[62.1] - 2022-04-05 +=================== + +Removed +------- + +- Easter egg + +[62] - 2022-03-31 +================= + +Changed +------- + +- Fix the PXE support. PXELINUX was having trouble finding the kernel and initrds. Now, archiso forces syslinux to + interpret all TFTP paths as absolute. That seems to have solved the issue. +- Disable systemd-gpt-auto-generator, which we do not need, in both baseline and releng profiles. It avoids the error + message about it failing during boot. + +[61] - 2022-01-31 +================= + +Added +----- + +- Add linux-firmware-marvell to the list of packages in the releng profile (e.g. for Surface Pro 6 WiFi support) +- Add documentation to systemd-networkd configuration files +- Add information about the use of changelog and merge requests to the contributing guidelines +- Make the CI pipelines more efficient by automatically cancelling running pipelines if they are superseded by a newer + commit and by only running build pipelines on code or profile changes + +Changed +------- + +- Fix an issue where mkarchiso is failing to raise an error when the ``mmd`` and ``mcopy`` commands are not found +- Fix an issue where the architecture detection in mkarchiso fails due to an unset ``arch`` variable in the profile + +Removed +------- + +[60] - 2021-12-28 +================= + +Added +----- + +- Add `BB8E6F1B81CF0BB301D74D1CBF425A01E68B38EF` in the Releases section of the README, giving maintainer power to + nl6720. + +Changed +------- + +- Show a more descriptive message when no code signing certificate is used + +Removed +------- + +- Remove unused archiso_shutdown hook from the releng profile's mkinitcpio config + [59] - 2021-11-30 ================= diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst index bffc49d6..ba8bf4a6 100644 --- a/CONTRIBUTING.rst +++ b/CONTRIBUTING.rst @@ -19,6 +19,28 @@ All ash and bash scripts are linted using shellcheck: make lint +Changelog +========= + +When adding, changing or removing something in a merge request, add a sentence to the `CHANGELOG.rst `_ +explaining it. +The changelog entry needs to be added to the unreleased section at the top, as that section is used for the next +release. + +Merge requests and signed commits +================================= + +Merge requests are not required to contain signed commits (using ``git commit -S`` - see `man 1 git-commit +`_). +The project maintainers may rebase a given merge request branch at their discretion (if possible), which may remove +signed commits. + +The tip of the project's default branch is required to be a signed commit by the project maintainers. +For external contributors this means, that their merge request will be merged using ``--no-ff`` (see `man 1 git-merge +`_) in a signed merge commit, while contributions by the project maintainers +may be merged using ``--ff`` when the top-most commit of the source branch is signed by a valid PGP key of the given +maintainer. + Testing ======= diff --git a/README.rst b/README.rst index bc6c69e7..6ac74342 100644 --- a/README.rst +++ b/README.rst @@ -17,6 +17,7 @@ The following packages need to be installed to be able to create an image with t * e2fsprogs * erofs-utils (optional) * findutils +* grub * gzip * libarchive * libisoburn @@ -153,16 +154,24 @@ All past and present authors of archiso are listed in `AUTHORS `_. Releases ======== -`Releases of archiso `_ are created by its current maintainer -`David Runge `_. Tags are signed using the PGP key with the ID -``C7E7849466FE2358343588377258734B41C31549``. +`Releases of archiso `_ are created by their current maintainers -To verify a tag, first import the relevant PGP key: +- `David Runge `_ (``C7E7849466FE2358343588377258734B41C31549``) +- `nl6720 `_ (``BB8E6F1B81CF0BB301D74D1CBF425A01E68B38EF``) + +Tags are signed using respective PGP keys. + +To verify a tag, first import the relevant PGP key(s): .. code:: sh gpg --auto-key-locate wkd --search-keys dvzrv@archlinux.org +or + +.. code:: sh + + gpg --auto-key-locate keyserver --recv-keys BB8E6F1B81CF0BB301D74D1CBF425A01E68B38EF Afterwards a tag can be verified from a clone of this repository: diff --git a/configs/releng/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount b/configs/releng/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount index 4eab5513..0ba0e674 100644 --- a/configs/releng/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount +++ b/configs/releng/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount @@ -2,7 +2,7 @@ Description=Temporary /etc/pacman.d/gnupg directory [Mount] -What=tmpfs +What=ramfs Where=/etc/pacman.d/gnupg -Type=tmpfs +Type=ramfs Options=mode=0755 diff --git a/configs/releng/airootfs/etc/systemd/system/getty@tty1.service.d/autologin.conf b/configs/releng/airootfs/etc/systemd/system/getty@tty1.service.d/autologin.conf index d1d8474c..b9d22eb8 100644 --- a/configs/releng/airootfs/etc/systemd/system/getty@tty1.service.d/autologin.conf +++ b/configs/releng/airootfs/etc/systemd/system/getty@tty1.service.d/autologin.conf @@ -1,3 +1,3 @@ [Service] ExecStart= -ExecStart=-/sbin/agetty --autologin root --noclear %I 38400 linux +ExecStart=-/sbin/agetty -o '-p -f -- \\u' --noclear --autologin root - $TERM diff --git a/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/hv_fcopy_daemon.service b/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/hv_fcopy_daemon.service new file mode 120000 index 00000000..20ac7b28 --- /dev/null +++ b/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/hv_fcopy_daemon.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/hv_fcopy_daemon.service \ No newline at end of file diff --git a/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/hv_kvp_daemon.service b/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/hv_kvp_daemon.service new file mode 120000 index 00000000..a7eac4a8 --- /dev/null +++ b/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/hv_kvp_daemon.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/hv_kvp_daemon.service \ No newline at end of file diff --git a/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/hv_vss_daemon.service b/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/hv_vss_daemon.service new file mode 120000 index 00000000..eae19ef9 --- /dev/null +++ b/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/hv_vss_daemon.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/hv_vss_daemon.service \ No newline at end of file diff --git a/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/vmtoolsd.service b/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/vmtoolsd.service new file mode 120000 index 00000000..e0a11a77 --- /dev/null +++ b/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/vmtoolsd.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/vmtoolsd.service \ No newline at end of file diff --git a/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/vmware-vmblock-fuse.service b/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/vmware-vmblock-fuse.service new file mode 120000 index 00000000..173f306c --- /dev/null +++ b/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/vmware-vmblock-fuse.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/vmware-vmblock-fuse.service \ No newline at end of file diff --git a/configs/releng/airootfs/etc/xdg/reflector/reflector.conf b/configs/releng/airootfs/etc/xdg/reflector/reflector.conf index 9a72b0d8..7c830d2d 100644 --- a/configs/releng/airootfs/etc/xdg/reflector/reflector.conf +++ b/configs/releng/airootfs/etc/xdg/reflector/reflector.conf @@ -1,6 +1,8 @@ # Reflector configuration file for the systemd service. --save /etc/pacman.d/mirrorlist +--ipv4 +--ipv6 --protocol https --latest 20 --sort rate diff --git a/configs/releng/grub/grub.cfg b/configs/releng/grub/grub.cfg index c36fb298..4a707b9e 100644 --- a/configs/releng/grub/grub.cfg +++ b/configs/releng/grub/grub.cfg @@ -1,6 +1,7 @@ insmod part_gpt insmod part_msdos insmod fat +insmod iso9660 insmod all_video @@ -8,36 +9,38 @@ insmod font if loadfont "${prefix}/fonts/unicode.pf2" ; then insmod gfxterm - set gfxmode="1024x768x32;auto" + set gfxmode="auto" terminal_input console terminal_output gfxterm fi -menuentry "Arch Linux install medium (x86_64, Intel, UEFI)" { +# GRUB init tune for accessibility +# +# Morse translation table: +# "." is "500 1 300 1" +# "-" is "600 3 300 1" +# " " is "100 2" +# "/" is "100 5" +# +# Message: "s for blind" +play 500 500 1 300 1 500 1 300 1 500 1 300 1 100 5 500 1 300 1 500 1 300 1 100 2 500 1 300 1 500 1 300 1 600 3 300 1 500 1 300 1 100 5 600 3 300 1 500 1 300 1 500 1 300 1 500 1 300 1 100 2 500 1 300 1 600 3 300 1 500 1 300 1 500 1 300 1 100 2 500 1 300 1 500 1 300 1 100 2 500 1 300 1 500 1 300 1 100 2 600 3 300 1 500 1 300 1 100 2 600 3 300 1 500 1 300 1 500 1 300 1 + +menuentry "Arch Linux install medium (x86_64, UEFI)" { set gfxpayload=keep search --no-floppy --set=root --label %ARCHISO_LABEL% - linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% add_efi_memmap - initrd /%INSTALL_DIR%/boot/intel-ucode.img /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img + linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% + initrd /%INSTALL_DIR%/boot/intel-ucode.img /%INSTALL_DIR%/boot/amd-ucode.img /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img } -menuentry "Arch Linux install medium (x86_64, AMD, UEFI)" { +menuentry "Arch Linux install medium with speakup screen reader (x86_64, UEFI)" --hotkey=s { set gfxpayload=keep search --no-floppy --set=root --label %ARCHISO_LABEL% - linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% add_efi_memmap - initrd /%INSTALL_DIR%/boot/amd-ucode.img /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img + linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% accessibility=on + initrd /%INSTALL_DIR%/boot/intel-ucode.img /%INSTALL_DIR%/boot/amd-ucode.img /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img } -menuentry "Arch Linux install medium with speakup screen reader (x86_64, Intel, UEFI)" { - set gfxpayload=keep - search --no-floppy --set=root --label %ARCHISO_LABEL% - linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% add_efi_memmap accessibility=on - initrd /%INSTALL_DIR%/boot/intel-ucode.img /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img +menuentry "UEFI Shell" { + insmod chain + search --no-floppy --set=root --label %ARCHISO_LABEL% + chainloader /shellia32.efi } - -menuentry "Arch Linux install medium with speakup screen reader (x86_64, AMD, UEFI)" { - set gfxpayload=keep - search --no-floppy --set=root --label %ARCHISO_LABEL% - linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% add_efi_memmap accessibility=on - initrd /%INSTALL_DIR%/boot/amd-ucode.img /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -} - diff --git a/configs/releng/packages.x86_64 b/configs/releng/packages.x86_64 index a933bcee..8a0c80db 100644 --- a/configs/releng/packages.x86_64 +++ b/configs/releng/packages.x86_64 @@ -10,13 +10,13 @@ broadcom-wl btrfs-progs clonezilla cloud-init -crda cryptsetup darkhttpd ddrescue dhclient dhcpcd diffutils +dmidecode dmraid dnsmasq dosfstools @@ -36,6 +36,7 @@ gptfdisk grml-zsh-config grub hdparm +hyperv intel-ucode ipw2100-fw ipw2200-fw @@ -51,6 +52,7 @@ libusb-compat linux linux-atm linux-firmware +linux-firmware-marvell livecd-sounds lsscsi lvm2 @@ -73,6 +75,8 @@ nilfs-utils nmap ntfs-3g nvme-cli +open-iscsi +open-vm-tools openconnect openssh openvpn diff --git a/configs/releng/profiledef.sh b/configs/releng/profiledef.sh index d01aad14..f3bbe111 100644 --- a/configs/releng/profiledef.sh +++ b/configs/releng/profiledef.sh @@ -8,7 +8,9 @@ iso_application="Arch Linux Live/Rescue CD" iso_version="$(date +%Y.%m.%d)" install_dir="arch" buildmodes=('iso') -bootmodes=('bios.syslinux.mbr' 'bios.syslinux.eltorito' 'uefi-ia32.grub.esp' 'uefi-x64.systemd-boot.esp' 'uefi-x64.systemd-boot.eltorito') +bootmodes=('bios.syslinux.mbr' 'bios.syslinux.eltorito' + 'uefi-ia32.grub.esp' 'uefi-x64.systemd-boot.esp' + 'uefi-ia32.grub.eltorito' 'uefi-x64.systemd-boot.eltorito') arch="x86_64" pacman_conf="pacman.conf" airootfs_image_type="squashfs" diff --git a/configs/releng/syslinux/archiso_pxe-linux.cfg b/configs/releng/syslinux/archiso_pxe-linux.cfg index e8c9a7b7..d812402a 100644 --- a/configs/releng/syslinux/archiso_pxe-linux.cfg +++ b/configs/releng/syslinux/archiso_pxe-linux.cfg @@ -4,8 +4,8 @@ Boot the Arch Linux install medium using NBD. It allows you to install Arch Linux or perform system maintenance. ENDTEXT MENU LABEL Arch Linux install medium (x86_64, NBD) -LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux -INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img +LINUX ::/%INSTALL_DIR%/boot/x86_64/vmlinuz-linux +INITRD ::/%INSTALL_DIR%/boot/intel-ucode.img,::/%INSTALL_DIR%/boot/amd-ucode.img,::/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% archiso_nbd_srv=${pxeserver} checksum verify SYSAPPEND 3 @@ -15,8 +15,8 @@ Boot the Arch Linux live medium using NFS. It allows you to install Arch Linux or perform system maintenance. ENDTEXT MENU LABEL Arch Linux install medium (x86_64, NFS) -LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux -INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img +LINUX ::/%INSTALL_DIR%/boot/x86_64/vmlinuz-linux +INITRD ::/%INSTALL_DIR%/boot/intel-ucode.img,::/%INSTALL_DIR%/boot/amd-ucode.img,::/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img APPEND archisobasedir=%INSTALL_DIR% archiso_nfs_srv=${pxeserver}:/run/archiso/bootmnt checksum verify SYSAPPEND 3 @@ -26,7 +26,7 @@ Boot the Arch Linux live medium using HTTP. It allows you to install Arch Linux or perform system maintenance. ENDTEXT MENU LABEL Arch Linux install medium (x86_64, HTTP) -LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux -INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img +LINUX ::/%INSTALL_DIR%/boot/x86_64/vmlinuz-linux +INITRD ::/%INSTALL_DIR%/boot/intel-ucode.img,::/%INSTALL_DIR%/boot/amd-ucode.img,::/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img APPEND archisobasedir=%INSTALL_DIR% archiso_http_srv=http://${pxeserver}/ checksum verify SYSAPPEND 3 diff --git a/docs/README.profile.rst b/docs/README.profile.rst index c93228d5..a3d43093 100644 --- a/docs/README.profile.rst +++ b/docs/README.profile.rst @@ -10,6 +10,7 @@ An archiso profile consists of several configuration files and a directory for f ├── airootfs/ ├── efiboot/ ├── syslinux/ + ├── grub/ ├── bootstrap_packages.arch ├── packages.arch ├── pacman.conf @@ -45,6 +46,8 @@ The image file is constructed from some of the variables in ``profiledef.sh``: ` - ``bios.syslinux.mbr``: Syslinux for x86 BIOS booting from a disk - ``bios.syslinux.eltorito``: Syslinux for x86 BIOS booting from an optical disc + - ``uefi-ia32.grub.esp``: GRUB for IA32 UEFI booting from a disk + - ``uefi-ia32.grub.eltorito``: GRUB for IA32 UEFI booting from an optical disc - ``uefi-x64.systemd-boot.esp``: systemd-boot for x86_64 UEFI booting from a disk - ``uefi-x64.systemd-boot.eltorito``: systemd-boot for x86_64 UEFI booting from an optical disc Note that BIOS El Torito boot mode must always be listed before UEFI El Torito boot mode. @@ -158,6 +161,14 @@ This directory is mandatory when the ``bios.syslinux.mbr`` or the ``bios.syslinu ``profiledef.sh``. It contains configuration files for `syslinux `_ or `isolinux `_ , or `pxelinux -`_ used in the resuling image. +`_ used in the resulting image. The *custom template identifiers* are understood in all `.cfg` files in this directory. + +grub +---- + +This directory is mandatory when the ``uefi-ia32.grub.esp`` or ``uefi-ia32.grub.eltorito`` bootmodes are selected in +``profiledef.sh``. +It contains configuration files for `GRUB `_ +used in the resulting image. -- GitLab From 26c80d8648f0e22c5caf6dd522528dd9e1f93625 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Fri, 27 May 2022 19:55:38 +0000 Subject: [PATCH 031/347] rebase --- .../system/multi-user.target.wants/hv_fcopy_daemon.service | 1 + .../system/multi-user.target.wants/hv_kvp_daemon.service | 1 + .../system/multi-user.target.wants/hv_vss_daemon.service | 1 + .../system/multi-user.target.wants/vmtoolsd.service | 1 + .../multi-user.target.wants/vmware-vmblock-fuse.service | 1 + .../system/system-generators/systemd-gpt-auto-generator | 0 configs/baseline/grub/grub.cfg | 7 ++++--- configs/baseline/packages.x86_64 | 2 ++ configs/baseline/profiledef.sh | 4 +++- configs/releng/airootfs/etc/motd | 1 + .../airootfs/etc/systemd/network/20-ethernet.network | 3 +++ .../systemd/system-generators/systemd-gpt-auto-generator | 1 + 12 files changed, 19 insertions(+), 4 deletions(-) create mode 120000 configs/baseline/airootfs/etc/systemd/system/multi-user.target.wants/hv_fcopy_daemon.service create mode 120000 configs/baseline/airootfs/etc/systemd/system/multi-user.target.wants/hv_kvp_daemon.service create mode 120000 configs/baseline/airootfs/etc/systemd/system/multi-user.target.wants/hv_vss_daemon.service create mode 120000 configs/baseline/airootfs/etc/systemd/system/multi-user.target.wants/vmtoolsd.service create mode 120000 configs/baseline/airootfs/etc/systemd/system/multi-user.target.wants/vmware-vmblock-fuse.service create mode 100644 configs/baseline/airootfs/etc/systemd/system/system-generators/systemd-gpt-auto-generator create mode 120000 configs/releng/airootfs/etc/systemd/system-generators/systemd-gpt-auto-generator diff --git a/configs/baseline/airootfs/etc/systemd/system/multi-user.target.wants/hv_fcopy_daemon.service b/configs/baseline/airootfs/etc/systemd/system/multi-user.target.wants/hv_fcopy_daemon.service new file mode 120000 index 00000000..20ac7b28 --- /dev/null +++ b/configs/baseline/airootfs/etc/systemd/system/multi-user.target.wants/hv_fcopy_daemon.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/hv_fcopy_daemon.service \ No newline at end of file diff --git a/configs/baseline/airootfs/etc/systemd/system/multi-user.target.wants/hv_kvp_daemon.service b/configs/baseline/airootfs/etc/systemd/system/multi-user.target.wants/hv_kvp_daemon.service new file mode 120000 index 00000000..a7eac4a8 --- /dev/null +++ b/configs/baseline/airootfs/etc/systemd/system/multi-user.target.wants/hv_kvp_daemon.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/hv_kvp_daemon.service \ No newline at end of file diff --git a/configs/baseline/airootfs/etc/systemd/system/multi-user.target.wants/hv_vss_daemon.service b/configs/baseline/airootfs/etc/systemd/system/multi-user.target.wants/hv_vss_daemon.service new file mode 120000 index 00000000..eae19ef9 --- /dev/null +++ b/configs/baseline/airootfs/etc/systemd/system/multi-user.target.wants/hv_vss_daemon.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/hv_vss_daemon.service \ No newline at end of file diff --git a/configs/baseline/airootfs/etc/systemd/system/multi-user.target.wants/vmtoolsd.service b/configs/baseline/airootfs/etc/systemd/system/multi-user.target.wants/vmtoolsd.service new file mode 120000 index 00000000..e0a11a77 --- /dev/null +++ b/configs/baseline/airootfs/etc/systemd/system/multi-user.target.wants/vmtoolsd.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/vmtoolsd.service \ No newline at end of file diff --git a/configs/baseline/airootfs/etc/systemd/system/multi-user.target.wants/vmware-vmblock-fuse.service b/configs/baseline/airootfs/etc/systemd/system/multi-user.target.wants/vmware-vmblock-fuse.service new file mode 120000 index 00000000..173f306c --- /dev/null +++ b/configs/baseline/airootfs/etc/systemd/system/multi-user.target.wants/vmware-vmblock-fuse.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/vmware-vmblock-fuse.service \ No newline at end of file diff --git a/configs/baseline/airootfs/etc/systemd/system/system-generators/systemd-gpt-auto-generator b/configs/baseline/airootfs/etc/systemd/system/system-generators/systemd-gpt-auto-generator new file mode 100644 index 00000000..e69de29b diff --git a/configs/baseline/grub/grub.cfg b/configs/baseline/grub/grub.cfg index d3a47799..0e5db493 100644 --- a/configs/baseline/grub/grub.cfg +++ b/configs/baseline/grub/grub.cfg @@ -1,6 +1,7 @@ insmod part_gpt insmod part_msdos insmod fat +insmod iso9660 insmod all_video @@ -8,7 +9,7 @@ insmod font if loadfont "${prefix}/fonts/unicode.pf2" ; then insmod gfxterm - set gfxmode="1024x768x32;auto" + set gfxmode="auto" terminal_input console terminal_output gfxterm fi @@ -16,13 +17,13 @@ fi menuentry "Arch Linux (x86_64, UEFI)" { set gfxpayload=keep search --no-floppy --set=root --label %ARCHISO_LABEL% - linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% add_efi_memmap + linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img } menuentry "Arch Linux (x86_64, UEFI) Copy to RAM" { set gfxpayload=keep search --no-floppy --set=root --label %ARCHISO_LABEL% - linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% add_efi_memmap copytoram + linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% copytoram initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img } diff --git a/configs/baseline/packages.x86_64 b/configs/baseline/packages.x86_64 index 0a641204..cbb93b03 100644 --- a/configs/baseline/packages.x86_64 +++ b/configs/baseline/packages.x86_64 @@ -1,8 +1,10 @@ base cloud-init +hyperv linux mkinitcpio mkinitcpio-archiso +open-vm-tools openssh pv qemu-guest-agent diff --git a/configs/baseline/profiledef.sh b/configs/baseline/profiledef.sh index 93740850..34060f2e 100644 --- a/configs/baseline/profiledef.sh +++ b/configs/baseline/profiledef.sh @@ -8,7 +8,9 @@ iso_application="Arch Linux baseline" iso_version="$(date +%Y.%m.%d)" install_dir="arch" buildmodes=('iso') -bootmodes=('bios.syslinux.mbr' 'bios.syslinux.eltorito' 'uefi-ia32.grub.esp' 'uefi-x64.systemd-boot.esp' 'uefi-x64.systemd-boot.eltorito') +bootmodes=('bios.syslinux.mbr' 'bios.syslinux.eltorito' + 'uefi-ia32.grub.esp' 'uefi-x64.systemd-boot.esp' + 'uefi-ia32.grub.eltorito' 'uefi-x64.systemd-boot.eltorito') arch="x86_64" pacman_conf="pacman.conf" airootfs_image_type="erofs" diff --git a/configs/releng/airootfs/etc/motd b/configs/releng/airootfs/etc/motd index 1ddc9c3e..4d9eda1e 100644 --- a/configs/releng/airootfs/etc/motd +++ b/configs/releng/airootfs/etc/motd @@ -8,3 +8,4 @@ Ethernet, WLAN and WWAN interfaces using DHCP should work automatically. After connecting to the internet, the installation guide can be accessed via the convenience script Installation_guide. +                                           diff --git a/configs/releng/airootfs/etc/systemd/network/20-ethernet.network b/configs/releng/airootfs/etc/systemd/network/20-ethernet.network index f2a7d602..9ada7782 100644 --- a/configs/releng/airootfs/etc/systemd/network/20-ethernet.network +++ b/configs/releng/airootfs/etc/systemd/network/20-ethernet.network @@ -1,4 +1,7 @@ [Match] +# Matching with "Type=ether" causes issues with containers because it also matches virtual Ethernet interfaces (veth*). +# See https://bugs.archlinux.org/task/70892 +# Instead match by globbing the network interface name. Name=en* Name=eth* diff --git a/configs/releng/airootfs/etc/systemd/system-generators/systemd-gpt-auto-generator b/configs/releng/airootfs/etc/systemd/system-generators/systemd-gpt-auto-generator new file mode 120000 index 00000000..dc1dc0cd --- /dev/null +++ b/configs/releng/airootfs/etc/systemd/system-generators/systemd-gpt-auto-generator @@ -0,0 +1 @@ +/dev/null \ No newline at end of file -- GitLab From 5de055f9e01892e9d5dc36eb43f515786879038a Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Fri, 27 May 2022 20:01:55 +0000 Subject: [PATCH 032/347] rebase --- .../baseline/airootfs/etc/systemd/network/20-ethernet.network | 3 +++ .../etc/systemd/system-generators/systemd-gpt-auto-generator | 1 + 2 files changed, 4 insertions(+) create mode 120000 configs/baseline/airootfs/etc/systemd/system-generators/systemd-gpt-auto-generator diff --git a/configs/baseline/airootfs/etc/systemd/network/20-ethernet.network b/configs/baseline/airootfs/etc/systemd/network/20-ethernet.network index e8842f20..4b6a2ab0 100644 --- a/configs/baseline/airootfs/etc/systemd/network/20-ethernet.network +++ b/configs/baseline/airootfs/etc/systemd/network/20-ethernet.network @@ -1,4 +1,7 @@ [Match] +# Matching with "Type=ether" causes issues with containers because it also matches virtual Ethernet interfaces (veth*). +# See https://bugs.archlinux.org/task/70892 +# Instead match by globbing the network interface name. Name=en* Name=eth* diff --git a/configs/baseline/airootfs/etc/systemd/system-generators/systemd-gpt-auto-generator b/configs/baseline/airootfs/etc/systemd/system-generators/systemd-gpt-auto-generator new file mode 120000 index 00000000..dc1dc0cd --- /dev/null +++ b/configs/baseline/airootfs/etc/systemd/system-generators/systemd-gpt-auto-generator @@ -0,0 +1 @@ +/dev/null \ No newline at end of file -- GitLab From 8034edbcb3ee23e1438d35f320ca924368a7f706 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Fri, 27 May 2022 20:04:47 +0000 Subject: [PATCH 033/347] Update README --- docs/README.profile.rst | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/README.profile.rst b/docs/README.profile.rst index a3d43093..49fde9bb 100644 --- a/docs/README.profile.rst +++ b/docs/README.profile.rst @@ -58,8 +58,11 @@ The image file is constructed from some of the variables in ``profiledef.sh``: ` * ``airootfs_image_type``: The image type to create. The following options are understood (defaults to ``squashfs``): - ``squashfs``: Create a squashfs image directly from the airootfs work directory + - ``squashfs+luks``: Create a LUKS image containing a squashfs generated directly from the airootfs work directory - ``ext4+squashfs``: Create an ext4 partition, copy the airootfs work directory to it and create a squashfs image from it + - ``ext4+squashfs+luks``: Create an ext4 partition, copy the airootfs work directory to it and create a LUKS containing a squashfs image generated from it - ``erofs``: Create an EROFS image for the airootfs work directory + - ``erofs+luks``: Create a LUKS image containing an EROFS image for the airootfs work directory * ``airootfs_image_tool_options``: An array of options to pass to the tool to create the airootfs image. ``mksquashfs`` and ``mkfs.erofs`` are supported. See ``mksquashfs --help`` or ``mkfs.erofs --help`` for all possible options * ``file_permissions``: An associative array that lists files and/or directories who need specific ownership or -- GitLab From d0b8e832c6f5e3b03f38db6f8f62f1add0f78c9b Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 30 May 2022 18:50:11 +0000 Subject: [PATCH 034/347] display encryption key --- archiso/mkarchiso | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 62a87a50..acf2f0ac 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -128,6 +128,7 @@ _show_config() { _msg_info " Build modes: ${buildmodes[*]}" _msg_info " GPG key: ${gpg_key:-None}" _msg_info " GPG signer: ${gpg_sender:-None}" + _msg_info " Encryption Key: ${encryption_key:-None}" _msg_info "Code signing certificates: ${cert_list[*]:-None}" _msg_info " Profile: ${profile}" _msg_info "Pacman configuration file: ${pacman_conf}" @@ -720,16 +721,16 @@ _make_bootmode_uefi-ia32.grub.esp() { fi # Copy grub EFI binary to the default/fallback boot path - mcopy -i "${work_dir}/efiboot.img" \ + mcopy -i "${efibootimg}" \ "${work_dir}/BOOTIA32.EFI" ::/EFI/BOOT/BOOTIA32.EFI # Copy GRUB configuration files - mcopy -i "${work_dir}/efiboot.img" \ + mcopy -i "${efibootimg}" \ "${work_dir}/grub.cfg" ::/EFI/BOOT/grub.cfg # shellia32.efi is picked up automatically when on / if [[ -e "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi" ]]; then - mcopy -i "${work_dir}/efiboot.img" \ + mcopy -i "${efibootimg}" \ "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi" ::/shellia32.efi fi -- GitLab From 589d4c7a07b83de10ed5f221b6f06cda18af0d99 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 1 Jun 2022 23:48:49 +0000 Subject: [PATCH 035/347] add \'keys\' buildmode --- archiso/mkarchiso | 119 +++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 108 insertions(+), 11 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index acf2f0ac..40aaf334 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -32,6 +32,7 @@ pacman_conf="" packages="" bootstrap_packages="" pacstrap_dir="" +keys_dir="" buildmodes=() bootmodes=() airootfs_image_type="" @@ -169,16 +170,17 @@ _cleanup_pacstrap_dir() { # Create and open a LUKS image of the size of the pacstrap directory plus 200MB. _run_mkluks() { local _image_path="${1}" + local _encryption_key="${2}" local _pacstrap_size _pacstrap_size=$(du -s "${pacstrap_dir}" | cut -f 1) local _image_size=$((_pacstrap_size+200000)) _msg_info "Creating LUKS image ${_image_path} with cryptsetup (${_image_size}KB)" fallocate -l "${_image_size}K" "${_image_path}" # TODO - if [[ $encryption_key != "" ]]; then - encryption_key=" --key-file ${encryption_key}" + if [[ $_encryption_key != "" ]]; then + _encryption_key=" --key-file ${_encryption_key}" fi - cryptsetup -y luksFormat --pbkdf-memory 256 "${_image_path}${encryption_key}" + cryptsetup -y luksFormat --pbkdf-memory 256 "${_image_path}${_encryption_key}" cryptsetup config "${_image_path}" --label "${app_name}.luks" cryptsetup luksOpen "${_image_path}" "${app_name}_mapper" image_device="/dev/mapper/${app_name}_mapper" @@ -207,15 +209,16 @@ _run_mksquashfs() { # Create an ext4 image containing the root file system. _run_mkext4() { - local _image_path="${1}" + local _dir="${1}" + local _image_path="${1}.img" local ext4_hash_seed mkfs_ext4_options=() - _msg_info "Creating ext4 image of 32 GiB and copying '${pacstrap_dir}/' to it..." + _msg_info "Creating ext4 image of 1 MB and copying '${_dir}/' to it..." ext4_hash_seed="$(uuidgen --sha1 --namespace 93a870ff-8565-4cf3-a67b-f47299271a96 \ --name "${SOURCE_DATE_EPOCH} ext4 hash seed")" mkfs_ext4_options=( - '-d' "${pacstrap_dir}" + '-d' "${_dir}" '-O' '^has_journal,^resize_inode' '-E' "lazy_itable_init=0,root_owner=0:0,hash_seed=${ext4_hash_seed}" '-m' '0' @@ -252,7 +255,7 @@ _mkairootfs_ext4+squashfs() { local image_path="${isofs_dir}/${install_dir}/${arch}/airootfs.sfs" rm -f -- "${image_path}" - _run_mkext4 "${pacstrap_dir}.img" + _run_mkext4 "${pacstrap_dir}" _run_mksquashfs "${pacstrap_dir}.img" "${image_path}" _msg_info "Done!" rm -- "${pacstrap_dir}.img" @@ -266,8 +269,8 @@ _mkairootfs_ext4+squashfs+luks() { install -d -m 0755 -- "${isofs_dir}/${install_dir}/${arch}" local image_path="${isofs_dir}/${install_dir}/${arch}/airootfs.sfs" rm -f -- "${image_path}" - _run_mkluks "${image_path}" - _run_mkext4 "${pacstrap_dir}.img" + _run_mkluks "${image_path}" "${encryption_key}" + _run_mkext4 "${pacstrap_dir}" _run_mksquashfs "${pacstrap_dir}.img" "${image_device}" _close_luks_device _msg_info "Done!" @@ -292,7 +295,7 @@ _mkairootfs_squashfs+luks() { install -d -m 0755 -- "${isofs_dir}/${install_dir}/${arch}" local image_path="${isofs_dir}/${install_dir}/${arch}/airootfs.sfs" rm -f -- "${image_path}" - _run_mkluks "${image_path}" + _run_mkluks "${image_path}" "${encryption_key}" _run_mksquashfs "${pacstrap_dir}" "${image_device}" _close_luks_device } @@ -316,11 +319,38 @@ _mkairootfs_erofs+luks() { install -d -m 0755 -- "${isofs_dir}/${install_dir}/${arch}" local image_path="${isofs_dir}/${install_dir}/${arch}/airootfs.erofs" rm -f -- "${image_path}" - _run_mkluks "${image_path}" + _run_mkluks "${image_path}" "${encryption_key}" + _run_mkerofs "${image_device}" + _close_luks_device +} + +_mkkeysfs_ext4+squashfs+luks() { + local image_path="${keys_iso_dir}/keys.sfs" + rm -f -- "${image_path}" + _run_mkluks "${image_path}" "" + _run_mkext4 "${keys_dir}" + _run_mksquashfs "${keys_dir}.img" "${image_device}" + _close_luks_device + _msg_info "Done!" + rm -- "${keys_dir}.img" +} + +_mkkeysfs_erofs+luks() { + local image_path="${keys_iso_dir}/keys.erofs" + rm -f -- "${image_path}" + _run_mkluks "${image_path}" "" _run_mkerofs "${image_device}" _close_luks_device } +# Create a squashfs image containing the keys file system and saves it on the ISO 9660 file system. +_mkkeysfs_squashfs() { + local image_path="${keys_iso_dir}/keys.sfs" + rm -f -- "${image_path}" + _run_mkluks "${image_path}" "" + _run_mksquashfs "${keys_dir}" "${image_device}" + _close_luks_device +} # Create checksum file for the rootfs image. _mkchecksum() { @@ -962,6 +992,10 @@ _prepare_airootfs_image() { fi } +_prepare_keysfs_image() { + _run_once "_mkkeysfs_${airootfs_image_type}" +} + # export build artifacts for netboot _export_netboot_artifacts() { _msg_info "Exporting netboot artifacts..." @@ -1300,6 +1334,45 @@ _build_bootstrap_image() { cd -- "${OLDPWD}" } +_build_keys_image() { + local xorriso_options=() xorrisofs_options=() + local bootmode + + keys_iso_dir="${work_dir}/keys_iso" + + # Add required xorrisofs options for each boot mode + for bootmode in "${bootmodes[@]}"; do + typeset -f "_add_xorrisofs_options_${bootmode}" &> /dev/null && "_add_xorrisofs_options_${bootmode}" + done + + [[ -d "${out_dir}" ]] || install -d -- "${out_dir}" + + if [[ "${quiet}" == "y" ]]; then + # The when xorriso is run in mkisofs compatibility mode (xorrisofs), the mkisofs option -quiet is interpreted + # too late (e.g. messages about SOURCE_DATE_EPOCH still get shown). + # Instead use native xorriso option to silence the output. + xorriso_options=('-report_about' 'SORRY' "${xorriso_options[@]}") + fi + + rm -f -- "${out_dir}/${image_name}" + _msg_info "Creating ISO image..." + xorriso "${xorriso_options[@]}" -as mkisofs \ + -iso-level 3 \ + -full-iso9660-filenames \ + -joliet \ + -joliet-long \ + -rational-rock \ + -volid "${iso_label}_KEYS" \ + -appid "${iso_application} keys CD" \ + -publisher "${iso_publisher}" \ + -preparer "prepared by ${app_name}" \ + "${xorrisofs_options[@]}" \ + -output "${out_dir}/${image_name}" \ + "${keys_iso_dir}/" + _msg_info "Done!" + du -h -- "${out_dir}/${image_name}" +} + # Build ISO _build_iso_image() { local xorriso_options=() xorrisofs_options=() @@ -1519,6 +1592,23 @@ _make_pkglist() { _msg_info "Done!" } +# build the base for an ISO and/or a netboot target +_build_keys_base() { + local run_once_mode="base" + + # Set up essential directory paths + keys_dir="${work_dir}/keys" + keys_iso_dir="${work_dir}/keys_iso" + + [[ -d "${keys_dir}" ]] || install -d -- "${keys_dir}" + [[ -d "${keys_iso_dir}" ]] || install -d -- "${keys_iso_dir}" + + cp "${encryption_key}" "${keys_dir}" + + _run_once _prepare_keysfs_image +} + + # build the base for an ISO and/or a netboot target _build_iso_base() { local run_once_mode="base" @@ -1596,6 +1686,13 @@ _build_buildmode_iso() { _run_once _build_iso_image } +# Build the encryption keys ISO buildmode +_build_buildmode_keys() { + local image_name="${iso_name}-keys-${iso_version}-${arch}.iso" + local run_once_mode="${buildmode}" + _build_keys_base + _run_once _build_keys_image +} # build all buildmodes _build() { local buildmode -- GitLab From 04481c681fd3a417b52c6191917aacedbcc75b9c Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 1 Jun 2022 23:59:05 +0000 Subject: [PATCH 036/347] ready for test --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 40aaf334..8f5e40f5 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1603,7 +1603,7 @@ _build_keys_base() { [[ -d "${keys_dir}" ]] || install -d -- "${keys_dir}" [[ -d "${keys_iso_dir}" ]] || install -d -- "${keys_iso_dir}" - cp "${encryption_key}" "${keys_dir}" + cp "${encryption_key}" "${keys_dir}/${iso_label}.key" _run_once _prepare_keysfs_image } -- GitLab From ab99466fab9b96a90281796a427a5492e2e0554a Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Thu, 2 Jun 2022 17:31:12 +0000 Subject: [PATCH 037/347] run_mkext4 has now a size --- archiso/mkarchiso | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 8f5e40f5..597a8db4 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -207,13 +207,14 @@ _run_mksquashfs() { mksquashfs "${_directory_or_fs}" "${_image_path}" -noappend "${airootfs_image_tool_options[@]}" "${mksquashfs_options[@]}" } -# Create an ext4 image containing the root file system. +# Create an ext4 image of a given size (in MB) from a directory. _run_mkext4() { local _dir="${1}" local _image_path="${1}.img" + local _size="${2}" local ext4_hash_seed mkfs_ext4_options=() - _msg_info "Creating ext4 image of 1 MB and copying '${_dir}/' to it..." + _msg_info "Creating ext4 image of ${_size} MB and copying '${_dir}/' to it..." ext4_hash_seed="$(uuidgen --sha1 --namespace 93a870ff-8565-4cf3-a67b-f47299271a96 \ --name "${SOURCE_DATE_EPOCH} ext4 hash seed")" @@ -227,7 +228,7 @@ _run_mkext4() { ) [[ ! "${quiet}" == "y" ]] || mkfs_ext4_options+=('-q') rm -f -- "${_image_path}" - E2FSPROGS_FAKE_TIME="${SOURCE_DATE_EPOCH}" mkfs.ext4 "${mkfs_ext4_options[@]}" -- "${_image_path}" 32G + E2FSPROGS_FAKE_TIME="${SOURCE_DATE_EPOCH}" mkfs.ext4 "${mkfs_ext4_options[@]}" -- "${_image_path}" "${_size}M" tune2fs -c 0 -i 0 -- "${_image_path}" > /dev/null _msg_info "Done!" } @@ -255,7 +256,7 @@ _mkairootfs_ext4+squashfs() { local image_path="${isofs_dir}/${install_dir}/${arch}/airootfs.sfs" rm -f -- "${image_path}" - _run_mkext4 "${pacstrap_dir}" + _run_mkext4 "${pacstrap_dir}" "32000" _run_mksquashfs "${pacstrap_dir}.img" "${image_path}" _msg_info "Done!" rm -- "${pacstrap_dir}.img" @@ -270,7 +271,7 @@ _mkairootfs_ext4+squashfs+luks() { local image_path="${isofs_dir}/${install_dir}/${arch}/airootfs.sfs" rm -f -- "${image_path}" _run_mkluks "${image_path}" "${encryption_key}" - _run_mkext4 "${pacstrap_dir}" + _run_mkext4 "${pacstrap_dir}" "32000" _run_mksquashfs "${pacstrap_dir}.img" "${image_device}" _close_luks_device _msg_info "Done!" @@ -328,7 +329,7 @@ _mkkeysfs_ext4+squashfs+luks() { local image_path="${keys_iso_dir}/keys.sfs" rm -f -- "${image_path}" _run_mkluks "${image_path}" "" - _run_mkext4 "${keys_dir}" + _run_mkext4 "${keys_dir}" "100" _run_mksquashfs "${keys_dir}.img" "${image_device}" _close_luks_device _msg_info "Done!" -- GitLab From fa4bbb738efa40fe50eb50ae719fce3c43899b9b Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Thu, 2 Jun 2022 19:24:45 +0000 Subject: [PATCH 038/347] comments? --- archiso/mkarchiso | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 597a8db4..eacd06c1 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -37,6 +37,7 @@ buildmodes=() bootmodes=() airootfs_image_type="" airootfs_image_tool_options=() +keysfs_image_type="" cert_list=() sign_netboot_artifacts="" declare -A file_permissions=() @@ -994,7 +995,7 @@ _prepare_airootfs_image() { } _prepare_keysfs_image() { - _run_once "_mkkeysfs_${airootfs_image_type}" + _run_once "_mkkeysfs_${keysfs_image_type}" } # export build artifacts for netboot @@ -1339,12 +1340,12 @@ _build_keys_image() { local xorriso_options=() xorrisofs_options=() local bootmode - keys_iso_dir="${work_dir}/keys_iso" + local keys_iso_dir="${work_dir}/keys_iso" # Add required xorrisofs options for each boot mode - for bootmode in "${bootmodes[@]}"; do - typeset -f "_add_xorrisofs_options_${bootmode}" &> /dev/null && "_add_xorrisofs_options_${bootmode}" - done + # for bootmode in "${bootmodes[@]}"; do + # typeset -f "_add_xorrisofs_options_${bootmode}" &> /dev/null && "_add_xorrisofs_options_${bootmode}" + # done [[ -d "${out_dir}" ]] || install -d -- "${out_dir}" @@ -1359,8 +1360,7 @@ _build_keys_image() { _msg_info "Creating ISO image..." xorriso "${xorriso_options[@]}" -as mkisofs \ -iso-level 3 \ - -full-iso9660-filenames \ - -joliet \ + -full-iso9660-filenames \ -joliet \ -joliet-long \ -rational-rock \ -volid "${iso_label}_KEYS" \ @@ -1538,6 +1538,7 @@ _set_overrides() { # Set variables that do not have overrides [[ -n "$airootfs_image_type" ]] || airootfs_image_type="squashfs" + [[ -n "$keysfs_image_type" ]] || keysfs_image_type="squashfs" [[ -n "$iso_name" ]] || iso_name="${app_name}" [[ -n "$efibootimg" ]] || efibootimg="${work_dir}/efiboot.img" } -- GitLab From afd81c09fc9a76af87943be230d83dafde126faf Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sat, 4 Jun 2022 13:55:31 +0000 Subject: [PATCH 039/347] cryptsetup has problems accessing original file --- archiso/mkarchiso | 29 +++++++++++++++++++++-------- 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index eacd06c1..940c0252 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -337,6 +337,8 @@ _mkkeysfs_ext4+squashfs+luks() { rm -- "${keys_dir}.img" } +# Create an EROFS image containing the keys file system and saves it on the LUKS image. +# Save the LUKS image on the ISO 9660 file system. _mkkeysfs_erofs+luks() { local image_path="${keys_iso_dir}/keys.erofs" rm -f -- "${image_path}" @@ -354,16 +356,26 @@ _mkkeysfs_squashfs() { _close_luks_device } -# Create checksum file for the rootfs image. _mkchecksum() { - _msg_info "Creating checksum file for self-test..." - cd -- "${isofs_dir}/${install_dir}/${arch}" - if [[ -e "${isofs_dir}/${install_dir}/${arch}/airootfs.sfs" ]]; then - sha512sum airootfs.sfs > airootfs.sha512 - elif [[ -e "${isofs_dir}/${install_dir}/${arch}/airootfs.erofs" ]]; then - sha512sum airootfs.erofs > airootfs.sha512 + local _file + local _dir + local _name + _file="${1}" + _dir=$(dirname "${_file}") + _name=$(basename "${_file%.*}") + + cd -- "${_dir}" + if [[ -e "${_file}" ]]; then + sha512sum "$(basename "${_file}")" > "${_name}.sha512" fi cd -- "${OLDPWD}" +} + +# Create checksum file for the rootfs image. +_mkchecksum_airootfs() { + _msg_info "Creating checksum file for self-test..." + _mkchecksum "${isofs_dir}/${install_dir}/${arch}/airootfs.sfs" + _mkchecksum "${isofs_dir}/${install_dir}/${arch}/airootfs.erofs" _msg_info "Done!" } @@ -988,7 +1000,7 @@ _validate_requirements_bootmode_uefi-ia32.grub.eltorito() { # Build airootfs filesystem image _prepare_airootfs_image() { _run_once "_mkairootfs_${airootfs_image_type}" - _mkchecksum + _mkchecksum_airootfs if [[ -n "${gpg_key}" ]]; then _mksignature fi @@ -1606,6 +1618,7 @@ _build_keys_base() { [[ -d "${keys_iso_dir}" ]] || install -d -- "${keys_iso_dir}" cp "${encryption_key}" "${keys_dir}/${iso_label}.key" + encryption_key="${keys_dir}/${iso_label}.key" _run_once _prepare_keysfs_image } -- GitLab From 5cc9d427df238a3bcbc6645d7192a228a40cc846 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sat, 4 Jun 2022 14:03:13 +0000 Subject: [PATCH 040/347] cryptsetup has problems accessing original file --- archiso/mkarchiso | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 940c0252..595f505e 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -999,6 +999,9 @@ _validate_requirements_bootmode_uefi-ia32.grub.eltorito() { # Build airootfs filesystem image _prepare_airootfs_image() { + cp "${encryption_key}" "${keys_dir}/${iso_label}.key" + encryption_key="${keys_dir}/${iso_label}.key" + _run_once "_mkairootfs_${airootfs_image_type}" _mkchecksum_airootfs if [[ -n "${gpg_key}" ]]; then @@ -1007,6 +1010,9 @@ _prepare_airootfs_image() { } _prepare_keysfs_image() { + cp "${encryption_key}" "${keys_dir}/${iso_label}.key" + encryption_key="${keys_dir}/${iso_label}.key" + _run_once "_mkkeysfs_${keysfs_image_type}" } @@ -1617,9 +1623,6 @@ _build_keys_base() { [[ -d "${keys_dir}" ]] || install -d -- "${keys_dir}" [[ -d "${keys_iso_dir}" ]] || install -d -- "${keys_iso_dir}" - cp "${encryption_key}" "${keys_dir}/${iso_label}.key" - encryption_key="${keys_dir}/${iso_label}.key" - _run_once _prepare_keysfs_image } -- GitLab From fdeb6d31d9a178b3f17d8544cbe553a96a905cde Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sat, 4 Jun 2022 14:05:46 +0000 Subject: [PATCH 041/347] cryptsetup has problems accessing original file --- archiso/mkarchiso | 1 + 1 file changed, 1 insertion(+) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 595f505e..4fda245c 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1636,6 +1636,7 @@ _build_iso_base() { # Set up essential directory paths pacstrap_dir="${work_dir}/${arch}/airootfs" isofs_dir="${work_dir}/iso" + keys_dir="${work_dir}/keys" # Create working directory [[ -d "${work_dir}" ]] || install -d -- "${work_dir}" -- GitLab From 70d4e8b7e7e68da91eb1edd71d9c21fb2851e849 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sat, 4 Jun 2022 14:12:30 +0000 Subject: [PATCH 042/347] cryptsetup has problems accessing original file --- archiso/mkarchiso | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 4fda245c..6a40965a 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -179,9 +179,9 @@ _run_mkluks() { fallocate -l "${_image_size}K" "${_image_path}" # TODO if [[ $_encryption_key != "" ]]; then - _encryption_key=" --key-file ${_encryption_key}" + _encryption_key="--key-file ${_encryption_key}" fi - cryptsetup -y luksFormat --pbkdf-memory 256 "${_image_path}${_encryption_key}" + cryptsetup -y luksFormat --pbkdf-memory 256 "${_encryption_key}" "${_image_path}" cryptsetup config "${_image_path}" --label "${app_name}.luks" cryptsetup luksOpen "${_image_path}" "${app_name}_mapper" image_device="/dev/mapper/${app_name}_mapper" -- GitLab From a537612048c8ccd98b269809ec96d88c17c49b49 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sat, 4 Jun 2022 14:15:17 +0000 Subject: [PATCH 043/347] cryptsetup has problems accessing original file --- archiso/mkarchiso | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 6a40965a..a5266272 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -999,8 +999,8 @@ _validate_requirements_bootmode_uefi-ia32.grub.eltorito() { # Build airootfs filesystem image _prepare_airootfs_image() { - cp "${encryption_key}" "${keys_dir}/${iso_label}.key" - encryption_key="${keys_dir}/${iso_label}.key" + cp "${encryption_key}" "${work_dir}/${iso_label}.key" + encryption_key="${work_dir}/${iso_label}.key" _run_once "_mkairootfs_${airootfs_image_type}" _mkchecksum_airootfs -- GitLab From 07967d3af8c4092ba876beabda67f9712a335a41 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sat, 4 Jun 2022 14:16:47 +0000 Subject: [PATCH 044/347] cryptsetup has problems accessing original file --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index a5266272..2e2b7401 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -179,7 +179,7 @@ _run_mkluks() { fallocate -l "${_image_size}K" "${_image_path}" # TODO if [[ $_encryption_key != "" ]]; then - _encryption_key="--key-file ${_encryption_key}" + _encryption_key="--key-file=\"${_encryption_key}\"" fi cryptsetup -y luksFormat --pbkdf-memory 256 "${_encryption_key}" "${_image_path}" cryptsetup config "${_image_path}" --label "${app_name}.luks" -- GitLab From 5ad944efe6b7739c4097ddb1e51b3f693edc1d2a Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sat, 4 Jun 2022 14:19:56 +0000 Subject: [PATCH 045/347] cryptsetup has problems accessing original file --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 2e2b7401..a59deae0 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -179,7 +179,7 @@ _run_mkluks() { fallocate -l "${_image_size}K" "${_image_path}" # TODO if [[ $_encryption_key != "" ]]; then - _encryption_key="--key-file=\"${_encryption_key}\"" + _encryption_key="--key-file=${_encryption_key}" fi cryptsetup -y luksFormat --pbkdf-memory 256 "${_encryption_key}" "${_image_path}" cryptsetup config "${_image_path}" --label "${app_name}.luks" -- GitLab From d73c45a57e9afc7a7db42f77be3ffd434554949c Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sat, 4 Jun 2022 14:22:53 +0000 Subject: [PATCH 046/347] make cryptsetup use the key file to open the device --- archiso/mkarchiso | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index a59deae0..ee71abf2 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -182,8 +182,8 @@ _run_mkluks() { _encryption_key="--key-file=${_encryption_key}" fi cryptsetup -y luksFormat --pbkdf-memory 256 "${_encryption_key}" "${_image_path}" - cryptsetup config "${_image_path}" --label "${app_name}.luks" - cryptsetup luksOpen "${_image_path}" "${app_name}_mapper" + cryptsetup config "${_encryption_key}" "${_image_path}" --label "${app_name}.luks" + cryptsetup luksOpen "${_encryption_key}" "${_image_path}" "${app_name}_mapper" image_device="/dev/mapper/${app_name}_mapper" _msg_info "Done!" -- GitLab From b5944437494f8d52368c33119ff4dfe2957f4060 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sat, 4 Jun 2022 14:34:47 +0000 Subject: [PATCH 047/347] make cryptsetup use the key file to open the device --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index ee71abf2..55362d5b 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -183,7 +183,7 @@ _run_mkluks() { fi cryptsetup -y luksFormat --pbkdf-memory 256 "${_encryption_key}" "${_image_path}" cryptsetup config "${_encryption_key}" "${_image_path}" --label "${app_name}.luks" - cryptsetup luksOpen "${_encryption_key}" "${_image_path}" "${app_name}_mapper" + cryptsetup luksOpen "${_image_path}" "${app_name}_mapper" "${_encryption_key}" image_device="/dev/mapper/${app_name}_mapper" _msg_info "Done!" -- GitLab From 1c607f3bcf35353c0b17a04323889c002e486a63 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 6 Jun 2022 15:57:13 +0000 Subject: [PATCH 048/347] add check for encryption key --- archiso/mkarchiso | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 55362d5b..06adc20c 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -999,8 +999,10 @@ _validate_requirements_bootmode_uefi-ia32.grub.eltorito() { # Build airootfs filesystem image _prepare_airootfs_image() { - cp "${encryption_key}" "${work_dir}/${iso_label}.key" - encryption_key="${work_dir}/${iso_label}.key" + if [ -z "${encryption_key}" ]; then + cp "${encryption_key}" "${work_dir}/${iso_label}.key" + encryption_key="${work_dir}/${iso_label}.key" + fi _run_once "_mkairootfs_${airootfs_image_type}" _mkchecksum_airootfs -- GitLab From 1a985d2c1748f758f8c89a6fe9371e61554be945 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 6 Jun 2022 16:41:07 +0000 Subject: [PATCH 049/347] add airootfs_dir variable --- archiso/mkarchiso | 69 ++++++++++++++++++++++++++--------------------- 1 file changed, 39 insertions(+), 30 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 06adc20c..4dc4a9c9 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -172,18 +172,20 @@ _cleanup_pacstrap_dir() { _run_mkluks() { local _image_path="${1}" local _encryption_key="${2}" - local _pacstrap_size - _pacstrap_size=$(du -s "${pacstrap_dir}" | cut -f 1) - local _image_size=$((_pacstrap_size+200000)) - _msg_info "Creating LUKS image ${_image_path} with cryptsetup (${_image_size}KB)" - fallocate -l "${_image_size}K" "${_image_path}" - # TODO - if [[ $_encryption_key != "" ]]; then - _encryption_key="--key-file=${_encryption_key}" - fi - cryptsetup -y luksFormat --pbkdf-memory 256 "${_encryption_key}" "${_image_path}" + local _size="${3}" + local _cryptsetup_options=('--pbkdf-memory' 256) + + [[ -n "${_encryption_key}" ]] || _cryptsetup_options+=("--key-file=${_encryption_key}") + + _msg_info "Creating LUKS image ${_image_path} with cryptsetup (${_size}KB)" + fallocate -l "${_size}K" "${_image_path}" + cryptsetup -y luksFormat "${_cryptsetup_options[@]}" "${_image_path}" + + _msg_info "Setting label ${app_name}.luks" cryptsetup config "${_encryption_key}" "${_image_path}" --label "${app_name}.luks" - cryptsetup luksOpen "${_image_path}" "${app_name}_mapper" "${_encryption_key}" + + _msg_info "Opening ${_image_path} on ${app_name}_mapper" + cryptsetup open --type luks2 "${_image_path}" "${app_name}_mapper" "${_encryption_key}" image_device="/dev/mapper/${app_name}_mapper" _msg_info "Done!" @@ -253,8 +255,8 @@ _run_mkerofs() { _mkairootfs_ext4+squashfs() { [[ -e "${pacstrap_dir}" ]] || _msg_error "The path '${pacstrap_dir}' does not exist" 1 - install -d -m 0755 -- "${isofs_dir}/${install_dir}/${arch}" - local image_path="${isofs_dir}/${install_dir}/${arch}/airootfs.sfs" + install -d -m 0755 -- "${airootfs_dir}" + local image_path="${airootfs_dir}/airootfs.sfs" rm -f -- "${image_path}" _run_mkext4 "${pacstrap_dir}" "32000" @@ -268,10 +270,11 @@ _mkairootfs_ext4+squashfs() { _mkairootfs_ext4+squashfs+luks() { [[ -e "${pacstrap_dir}" ]] || _msg_error "The path '${pacstrap_dir}' does not exist" 1 - install -d -m 0755 -- "${isofs_dir}/${install_dir}/${arch}" - local image_path="${isofs_dir}/${install_dir}/${arch}/airootfs.sfs" + install -d -m 0755 -- "${airootfs_dir}" + local image_path="${airootfs_dir}/airootfs.sfs" rm -f -- "${image_path}" - _run_mkluks "${image_path}" "${encryption_key}" + + _run_mkluks "${image_path}" "${encryption_key}" "${airootfs_size}" _run_mkext4 "${pacstrap_dir}" "32000" _run_mksquashfs "${pacstrap_dir}.img" "${image_device}" _close_luks_device @@ -283,8 +286,8 @@ _mkairootfs_ext4+squashfs+luks() { _mkairootfs_squashfs() { [[ -e "${pacstrap_dir}" ]] || _msg_error "The path '${pacstrap_dir}' does not exist" 1 - install -d -m 0755 -- "${isofs_dir}/${install_dir}/${arch}" - local image_path="${isofs_dir}/${install_dir}/${arch}/airootfs.sfs" + install -d -m 0755 -- "${airootfs_dir}" + local image_path="${airootfs_dir}/airootfs.sfs" rm -f -- "${image_path}" _run_mksquashfs "${pacstrap_dir}" "${image_path}" } @@ -294,8 +297,8 @@ _mkairootfs_squashfs() { _mkairootfs_squashfs+luks() { [[ -e "${pacstrap_dir}" ]] || _msg_error "The path '${pacstrap_dir}' does not exist" 1 - install -d -m 0755 -- "${isofs_dir}/${install_dir}/${arch}" - local image_path="${isofs_dir}/${install_dir}/${arch}/airootfs.sfs" + install -d -m 0755 -- "${airootfs_dir}" + local image_path="${airootfs_dir}/airootfs.sfs" rm -f -- "${image_path}" _run_mkluks "${image_path}" "${encryption_key}" _run_mksquashfs "${pacstrap_dir}" "${image_device}" @@ -306,8 +309,8 @@ _mkairootfs_squashfs+luks() { _mkairootfs_erofs() { [[ -e "${pacstrap_dir}" ]] || _msg_error "The path '${pacstrap_dir}' does not exist" 1 - install -d -m 0755 -- "${isofs_dir}/${install_dir}/${arch}" - local image_path="${isofs_dir}/${install_dir}/${arch}/airootfs.erofs" + install -d -m 0755 -- "${airootfs_dir}" + local image_path="${airootfs}/airootfs.erofs" rm -f -- "${image_path}" _run_mkerofs "${image_path}" _msg_info "Done!" @@ -318,8 +321,8 @@ _mkairootfs_erofs() { _mkairootfs_erofs+luks() { [[ -e "${pacstrap_dir}" ]] || _msg_error "The path '${pacstrap_dir}' does not exist" 1 - install -d -m 0755 -- "${isofs_dir}/${install_dir}/${arch}" - local image_path="${isofs_dir}/${install_dir}/${arch}/airootfs.erofs" + install -d -m 0755 -- "${airootfs_dir}" + local image_path="${airootfs_dir}/airootfs.erofs" rm -f -- "${image_path}" _run_mkluks "${image_path}" "${encryption_key}" _run_mkerofs "${image_device}" @@ -374,8 +377,8 @@ _mkchecksum() { # Create checksum file for the rootfs image. _mkchecksum_airootfs() { _msg_info "Creating checksum file for self-test..." - _mkchecksum "${isofs_dir}/${install_dir}/${arch}/airootfs.sfs" - _mkchecksum "${isofs_dir}/${install_dir}/${arch}/airootfs.erofs" + _mkchecksum "${airootfs_dir}/airootfs.sfs" + _mkchecksum "${airootfs_dir}/airootfs.erofs" _msg_info "Done!" } @@ -383,10 +386,10 @@ _mkchecksum_airootfs() { _mksignature() { local airootfs_image_filename gpg_options=() _msg_info "Signing rootfs image..." - if [[ -e "${isofs_dir}/${install_dir}/${arch}/airootfs.sfs" ]]; then - airootfs_image_filename="${isofs_dir}/${install_dir}/${arch}/airootfs.sfs" - elif [[ -e "${isofs_dir}/${install_dir}/${arch}/airootfs.erofs" ]]; then - airootfs_image_filename="${isofs_dir}/${install_dir}/${arch}/airootfs.erofs" + if [[ -e "${airootfs_dir}/airootfs.sfs" ]]; then + airootfs_image_filename="${airootfs_dir}/airootfs.sfs" + elif [[ -e "${airootfs_dir}/airootfs.erofs" ]]; then + airootfs_image_filename="${airootfs_dir}/airootfs.erofs" fi rm -f -- "${airootfs_image_filename}.sig" # Add gpg sender option if the value is provided @@ -999,11 +1002,17 @@ _validate_requirements_bootmode_uefi-ia32.grub.eltorito() { # Build airootfs filesystem image _prepare_airootfs_image() { + local airootfs_dir airootfs_size pacstrap_size + if [ -z "${encryption_key}" ]; then cp "${encryption_key}" "${work_dir}/${iso_label}.key" encryption_key="${work_dir}/${iso_label}.key" fi + pacstrap_size=$(du -s "${pacstrap_dir}" | cut -f 1) + airootfs_size=$((pacstrap_size+200000)) + airootfs_dir="${isofs_dir}/${install_dir}/${arch}" + _run_once "_mkairootfs_${airootfs_image_type}" _mkchecksum_airootfs if [[ -n "${gpg_key}" ]]; then -- GitLab From 784290b66d375bd3d693d67c9e9ee7da7c677562 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 6 Jun 2022 17:41:17 +0000 Subject: [PATCH 050/347] reduce mkairootfs functions --- archiso/mkarchiso | 48 ++++++++++++++++++----------------------------- 1 file changed, 18 insertions(+), 30 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 4dc4a9c9..129e10a0 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -250,15 +250,17 @@ _run_mkerofs() { _msg_info "Done!" } -# Create an ext4 image containing the root file system and pack it inside a squashfs image. -# Save the squashfs image on the ISO 9660 file system. -_mkairootfs_ext4+squashfs() { +_mkairootfs_common() { [[ -e "${pacstrap_dir}" ]] || _msg_error "The path '${pacstrap_dir}' does not exist" 1 - install -d -m 0755 -- "${airootfs_dir}" - local image_path="${airootfs_dir}/airootfs.sfs" rm -f -- "${image_path}" +} +# Create an ext4 image containing the root file system and pack it inside a squashfs image. +# Save the squashfs image on the ISO 9660 file system. +_mkairootfs_ext4+squashfs() { + local image_path="${airootfs_dir}/airootfs.sfs" + _mkairootfs_common _run_mkext4 "${pacstrap_dir}" "32000" _run_mksquashfs "${pacstrap_dir}.img" "${image_path}" _msg_info "Done!" @@ -268,12 +270,8 @@ _mkairootfs_ext4+squashfs() { # Create an ext4 image containing the root file system and pack it inside a squashfs image. # Pack the squash image inside the LUKS image and save it on the ISO 9660 file system. _mkairootfs_ext4+squashfs+luks() { - [[ -e "${pacstrap_dir}" ]] || _msg_error "The path '${pacstrap_dir}' does not exist" 1 - - install -d -m 0755 -- "${airootfs_dir}" local image_path="${airootfs_dir}/airootfs.sfs" - rm -f -- "${image_path}" - + _mkairootfs_common _run_mkluks "${image_path}" "${encryption_key}" "${airootfs_size}" _run_mkext4 "${pacstrap_dir}" "32000" _run_mksquashfs "${pacstrap_dir}.img" "${image_device}" @@ -284,22 +282,16 @@ _mkairootfs_ext4+squashfs+luks() { # Create a squashfs image containing the root file system and saves it on the ISO 9660 file system. _mkairootfs_squashfs() { - [[ -e "${pacstrap_dir}" ]] || _msg_error "The path '${pacstrap_dir}' does not exist" 1 - - install -d -m 0755 -- "${airootfs_dir}" local image_path="${airootfs_dir}/airootfs.sfs" - rm -f -- "${image_path}" + _mkairootfs_common _run_mksquashfs "${pacstrap_dir}" "${image_path}" } # Create a squashfs image containing the root file system and saves it on the LUKS image. # Saves the LUKS image on the ISO 9660 file system. _mkairootfs_squashfs+luks() { - [[ -e "${pacstrap_dir}" ]] || _msg_error "The path '${pacstrap_dir}' does not exist" 1 - - install -d -m 0755 -- "${airootfs_dir}" local image_path="${airootfs_dir}/airootfs.sfs" - rm -f -- "${image_path}" + _mkairootfs_common _run_mkluks "${image_path}" "${encryption_key}" _run_mksquashfs "${pacstrap_dir}" "${image_device}" _close_luks_device @@ -307,11 +299,8 @@ _mkairootfs_squashfs+luks() { # Create an EROFS image containing the root file system and saves it on the ISO 9660 file system. _mkairootfs_erofs() { - [[ -e "${pacstrap_dir}" ]] || _msg_error "The path '${pacstrap_dir}' does not exist" 1 - - install -d -m 0755 -- "${airootfs_dir}" - local image_path="${airootfs}/airootfs.erofs" - rm -f -- "${image_path}" + local image_path="${airootfs_dir}/airootfs.erofs" + _mkairootfs_common _run_mkerofs "${image_path}" _msg_info "Done!" } @@ -319,11 +308,8 @@ _mkairootfs_erofs() { # Create an EROFS image containing the root file system and saves it on the LUKS image. # Save the LUKS image on the ISO 9660 file system. _mkairootfs_erofs+luks() { - [[ -e "${pacstrap_dir}" ]] || _msg_error "The path '${pacstrap_dir}' does not exist" 1 - - install -d -m 0755 -- "${airootfs_dir}" local image_path="${airootfs_dir}/airootfs.erofs" - rm -f -- "${image_path}" + _mkairootfs_common _run_mkluks "${image_path}" "${encryption_key}" _run_mkerofs "${image_device}" _close_luks_device @@ -1002,7 +988,7 @@ _validate_requirements_bootmode_uefi-ia32.grub.eltorito() { # Build airootfs filesystem image _prepare_airootfs_image() { - local airootfs_dir airootfs_size pacstrap_size + local airootfs_size pacstrap_size if [ -z "${encryption_key}" ]; then cp "${encryption_key}" "${work_dir}/${iso_label}.key" @@ -1011,7 +997,6 @@ _prepare_airootfs_image() { pacstrap_size=$(du -s "${pacstrap_dir}" | cut -f 1) airootfs_size=$((pacstrap_size+200000)) - airootfs_dir="${isofs_dir}/${install_dir}/${arch}" _run_once "_mkairootfs_${airootfs_image_type}" _mkchecksum_airootfs @@ -1648,9 +1633,12 @@ _build_iso_base() { pacstrap_dir="${work_dir}/${arch}/airootfs" isofs_dir="${work_dir}/iso" keys_dir="${work_dir}/keys" + airootfs_dir="${isofs_dir}/${install_dir}/${arch}" # Create working directory - [[ -d "${work_dir}" ]] || install -d -- "${work_dir}" + [[ -d "${airootfs_dir}" ]] || install -d -- "${airootfs_dir}" + [[ -d "${keys_dir}" ]] || install -d -- "${keys_dir}" + # Write build date to file or if the file exists, read it from there if [[ -e "${work_dir}/build_date" ]]; then SOURCE_DATE_EPOCH="$(<"${work_dir}/build_date")" -- GitLab From bca05c1a0647b49754dd41d382dd5dde9da1c625 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 6 Jun 2022 18:56:04 +0000 Subject: [PATCH 051/347] modularize more functions --- archiso/mkarchiso | 96 +++++++++++++++++++++++++++++------------------ 1 file changed, 60 insertions(+), 36 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 129e10a0..7dcdec0c 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -37,7 +37,7 @@ buildmodes=() bootmodes=() airootfs_image_type="" airootfs_image_tool_options=() -keysfs_image_type="" +keys_image_type="" cert_list=() sign_netboot_artifacts="" declare -A file_permissions=() @@ -171,8 +171,8 @@ _cleanup_pacstrap_dir() { # Create and open a LUKS image of the size of the pacstrap directory plus 200MB. _run_mkluks() { local _image_path="${1}" - local _encryption_key="${2}" - local _size="${3}" + local _size="${2}" + local _encryption_key="${3}" local _cryptsetup_options=('--pbkdf-memory' 256) [[ -n "${_encryption_key}" ]] || _cryptsetup_options+=("--key-file=${_encryption_key}") @@ -210,7 +210,7 @@ _run_mksquashfs() { mksquashfs "${_directory_or_fs}" "${_image_path}" -noappend "${airootfs_image_tool_options[@]}" "${mksquashfs_options[@]}" } -# Create an ext4 image of a given size (in MB) from a directory. +# Create an ext4 image of given size (in KB) from a directory. _run_mkext4() { local _dir="${1}" local _image_path="${1}.img" @@ -231,7 +231,7 @@ _run_mkext4() { ) [[ ! "${quiet}" == "y" ]] || mkfs_ext4_options+=('-q') rm -f -- "${_image_path}" - E2FSPROGS_FAKE_TIME="${SOURCE_DATE_EPOCH}" mkfs.ext4 "${mkfs_ext4_options[@]}" -- "${_image_path}" "${_size}M" + E2FSPROGS_FAKE_TIME="${SOURCE_DATE_EPOCH}" mkfs.ext4 "${mkfs_ext4_options[@]}" -- "${_image_path}" "${_size}K" tune2fs -c 0 -i 0 -- "${_image_path}" > /dev/null _msg_info "Done!" } @@ -261,7 +261,7 @@ _mkairootfs_common() { _mkairootfs_ext4+squashfs() { local image_path="${airootfs_dir}/airootfs.sfs" _mkairootfs_common - _run_mkext4 "${pacstrap_dir}" "32000" + _run_mkext4 "${pacstrap_dir}" $((airootfs_size/1000-50)) _run_mksquashfs "${pacstrap_dir}.img" "${image_path}" _msg_info "Done!" rm -- "${pacstrap_dir}.img" @@ -272,8 +272,8 @@ _mkairootfs_ext4+squashfs() { _mkairootfs_ext4+squashfs+luks() { local image_path="${airootfs_dir}/airootfs.sfs" _mkairootfs_common - _run_mkluks "${image_path}" "${encryption_key}" "${airootfs_size}" - _run_mkext4 "${pacstrap_dir}" "32000" + _run_mkluks "${image_path}" "${airootfs_size}" "${encryption_key}" + _run_mkext4 "${pacstrap_dir}" $((airootfs_size - 50000)) _run_mksquashfs "${pacstrap_dir}.img" "${image_device}" _close_luks_device _msg_info "Done!" @@ -292,7 +292,7 @@ _mkairootfs_squashfs() { _mkairootfs_squashfs+luks() { local image_path="${airootfs_dir}/airootfs.sfs" _mkairootfs_common - _run_mkluks "${image_path}" "${encryption_key}" + _run_mkluks "${image_path}" "${airootfs_size}" "${encryption_key}" _run_mksquashfs "${pacstrap_dir}" "${image_device}" _close_luks_device } @@ -310,16 +310,16 @@ _mkairootfs_erofs() { _mkairootfs_erofs+luks() { local image_path="${airootfs_dir}/airootfs.erofs" _mkairootfs_common - _run_mkluks "${image_path}" "${encryption_key}" + _run_mkluks "${image_path}" "${airootfs_size}" "${encryption_key}" _run_mkerofs "${image_device}" _close_luks_device } -_mkkeysfs_ext4+squashfs+luks() { +_mkkeys_ext4+squashfs+luks() { local image_path="${keys_iso_dir}/keys.sfs" rm -f -- "${image_path}" - _run_mkluks "${image_path}" "" - _run_mkext4 "${keys_dir}" "100" + _run_mkluks "${image_path}" "${keys_size}" + _run_mkext4 "${keys_dir}" $((keys_size - 50000)) _run_mksquashfs "${keys_dir}.img" "${image_device}" _close_luks_device _msg_info "Done!" @@ -328,19 +328,19 @@ _mkkeysfs_ext4+squashfs+luks() { # Create an EROFS image containing the keys file system and saves it on the LUKS image. # Save the LUKS image on the ISO 9660 file system. -_mkkeysfs_erofs+luks() { +_mkkeys_erofs+luks() { local image_path="${keys_iso_dir}/keys.erofs" rm -f -- "${image_path}" - _run_mkluks "${image_path}" "" + _run_mkluks "${image_path}" "${keys_size}" _run_mkerofs "${image_device}" _close_luks_device } # Create a squashfs image containing the keys file system and saves it on the ISO 9660 file system. -_mkkeysfs_squashfs() { +_mkkeys_squashfs() { local image_path="${keys_iso_dir}/keys.sfs" rm -f -- "${image_path}" - _run_mkluks "${image_path}" "" + _run_mkluks "${image_path}" "${keys_size}" _run_mksquashfs "${keys_dir}" "${image_device}" _close_luks_device } @@ -368,24 +368,44 @@ _mkchecksum_airootfs() { _msg_info "Done!" } -# GPG sign the root file system image. +# Create checksum file for the keys image. +_mkchecksum_keys() { + _msg_info "Creating checksum file for self-test..." + _mkchecksum "${keys_dir}/keys.sfs" + _mkchecksum "${keys_dir}/keys.erofs" + _msg_info "Done!" +} +# GPG sign a file. _mksignature() { - local airootfs_image_filename gpg_options=() - _msg_info "Signing rootfs image..." - if [[ -e "${airootfs_dir}/airootfs.sfs" ]]; then - airootfs_image_filename="${airootfs_dir}/airootfs.sfs" - elif [[ -e "${airootfs_dir}/airootfs.erofs" ]]; then - airootfs_image_filename="${airootfs_dir}/airootfs.erofs" - fi - rm -f -- "${airootfs_image_filename}.sig" - # Add gpg sender option if the value is provided + local _file="${1}" + local gpg_options=() + rm -f -- "${_file}.sig" [[ -z "${gpg_sender}" ]] || gpg_options+=('--sender' "${gpg_sender}") - # always use the .sig file extension, as that is what mkinitcpio-archiso's hooks expect - gpg --batch --no-armor --no-include-key-block --output "${airootfs_image_filename}.sig" --detach-sign \ - --default-key "${gpg_key}" "${gpg_options[@]}" "${airootfs_image_filename}" + if [ -e "${_file}" ]; then + _msg_info "Signing ${1}..." + # always use the .sig file extension, as that is what + # mkinitcpio-archiso's hooks expect + gpg --batch --no-armor --no-include-key-block \ + --output "${_file}.sig" --detach-sign \ + --default-key "${gpg_key}" "${gpg_options[@]}" "${_file}" + fi _msg_info "Done!" } +# GPG sign the root file system image. +_mksignature_airootfs() { + _msg_info "Signing rootfs image..." + _mksignature "${airootfs_dir}/airootfs.sfs" + _mksignature "${airootfs_dir}/airootfs.erofs" +} + +# GPG sign the root file system image. +_mksignature_keys() { + _msg_info "Signing keys image..." + _mksignature "${keys_iso_dir}/keys.sfs" + _mksignature "${keys_iso_dir}/keys.erofs" +} + # Helper function to run functions only one time. # $1: function name _run_once() { @@ -1001,15 +1021,19 @@ _prepare_airootfs_image() { _run_once "_mkairootfs_${airootfs_image_type}" _mkchecksum_airootfs if [[ -n "${gpg_key}" ]]; then - _mksignature + _mksignature_airootfs fi } -_prepare_keysfs_image() { +_prepare_keys_image() { cp "${encryption_key}" "${keys_dir}/${iso_label}.key" encryption_key="${keys_dir}/${iso_label}.key" - - _run_once "_mkkeysfs_${keysfs_image_type}" + keys_size=200000 + _run_once "_mkkeys_${keys_image_type}" + _mkchecksum_keys + if [[ -n "${gpg_key}" ]]; then + _mksignature_keys + fi } # export build artifacts for netboot @@ -1552,7 +1576,7 @@ _set_overrides() { # Set variables that do not have overrides [[ -n "$airootfs_image_type" ]] || airootfs_image_type="squashfs" - [[ -n "$keysfs_image_type" ]] || keysfs_image_type="squashfs" + [[ -n "$keys_image_type" ]] || keys_image_type="squashfs" [[ -n "$iso_name" ]] || iso_name="${app_name}" [[ -n "$efibootimg" ]] || efibootimg="${work_dir}/efiboot.img" } @@ -1619,7 +1643,7 @@ _build_keys_base() { [[ -d "${keys_dir}" ]] || install -d -- "${keys_dir}" [[ -d "${keys_iso_dir}" ]] || install -d -- "${keys_iso_dir}" - _run_once _prepare_keysfs_image + _run_once _prepare_keys_image } -- GitLab From 7c421c373711f1696fa0d715a8608de2a3ca8c3b Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 6 Jun 2022 20:44:44 +0000 Subject: [PATCH 052/347] add comments --- archiso/mkarchiso | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 7dcdec0c..4ff19c53 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -337,7 +337,7 @@ _mkkeys_erofs+luks() { } # Create a squashfs image containing the keys file system and saves it on the ISO 9660 file system. -_mkkeys_squashfs() { +_mkkeys_squashfs+luks() { local image_path="${keys_iso_dir}/keys.sfs" rm -f -- "${image_path}" _run_mkluks "${image_path}" "${keys_size}" @@ -345,6 +345,7 @@ _mkkeys_squashfs() { _close_luks_device } +# Create checksum for a given file. _mkchecksum() { local _file local _dir @@ -399,7 +400,7 @@ _mksignature_airootfs() { _mksignature "${airootfs_dir}/airootfs.erofs" } -# GPG sign the root file system image. +# GPG sign the keys file system image. _mksignature_keys() { _msg_info "Signing keys image..." _mksignature "${keys_iso_dir}/keys.sfs" @@ -1025,6 +1026,7 @@ _prepare_airootfs_image() { fi } +# Build keys filesystem image _prepare_keys_image() { cp "${encryption_key}" "${keys_dir}/${iso_label}.key" encryption_key="${keys_dir}/${iso_label}.key" -- GitLab From e740e9fff180bbea1dd72fdfae750f7d33cde1f2 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Tue, 7 Jun 2022 00:57:46 +0000 Subject: [PATCH 053/347] squashfs+luks as default image type for keys drive --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 4ff19c53..22db7dbc 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1578,7 +1578,7 @@ _set_overrides() { # Set variables that do not have overrides [[ -n "$airootfs_image_type" ]] || airootfs_image_type="squashfs" - [[ -n "$keys_image_type" ]] || keys_image_type="squashfs" + [[ -n "$keys_image_type" ]] || keys_image_type="squashfs+luks" [[ -n "$iso_name" ]] || iso_name="${app_name}" [[ -n "$efibootimg" ]] || efibootimg="${work_dir}/efiboot.img" } -- GitLab From 4e3936c7de9852c05b13fb14a74dd6689ec47425 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Tue, 7 Jun 2022 01:42:14 +0000 Subject: [PATCH 054/347] fix mkluks args --- archiso/mkarchiso | 36 ++++++++++++++++++++++++------------ 1 file changed, 24 insertions(+), 12 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 22db7dbc..9b96e29a 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -172,20 +172,26 @@ _cleanup_pacstrap_dir() { _run_mkluks() { local _image_path="${1}" local _size="${2}" - local _encryption_key="${3}" + local _label="${3}" + local _encryption_key="${4}" local _cryptsetup_options=('--pbkdf-memory' 256) + local _key_msg _mapper + _mapper=$(basename _image_path)".map" - [[ -n "${_encryption_key}" ]] || _cryptsetup_options+=("--key-file=${_encryption_key}") + if [[ -n "${_encryption_key}" ]]; then + _key_options=("--key-file=${_encryption_key}") + _cryptsetup_options+=("${_key_options[@]}") + _key_msg="with key ${_encryption_key}" + fi - _msg_info "Creating LUKS image ${_image_path} with cryptsetup (${_size}KB)" + _msg_info "Creating LUKS image ${_image_path} with cryptsetup (${_size}KB) ${_key_msg}" fallocate -l "${_size}K" "${_image_path}" cryptsetup -y luksFormat "${_cryptsetup_options[@]}" "${_image_path}" - _msg_info "Setting label ${app_name}.luks" - cryptsetup config "${_encryption_key}" "${_image_path}" --label "${app_name}.luks" + _msg_info "Setting label ${_label}" + cryptsetup config "${_key_options[@]}" "${_image_path}" --label "${_label}" - _msg_info "Opening ${_image_path} on ${app_name}_mapper" - cryptsetup open --type luks2 "${_image_path}" "${app_name}_mapper" "${_encryption_key}" + cryptsetup open --type luks2 "${_image_path}" "${_mapper}" "${_key_options[@]}" image_device="/dev/mapper/${app_name}_mapper" _msg_info "Done!" @@ -272,7 +278,8 @@ _mkairootfs_ext4+squashfs() { _mkairootfs_ext4+squashfs+luks() { local image_path="${airootfs_dir}/airootfs.sfs" _mkairootfs_common - _run_mkluks "${image_path}" "${airootfs_size}" "${encryption_key}" + _run_mkluks "${image_path}" "${airootfs_size}" \ + "${app_name}" "${encryption_key}" _run_mkext4 "${pacstrap_dir}" $((airootfs_size - 50000)) _run_mksquashfs "${pacstrap_dir}.img" "${image_device}" _close_luks_device @@ -292,7 +299,8 @@ _mkairootfs_squashfs() { _mkairootfs_squashfs+luks() { local image_path="${airootfs_dir}/airootfs.sfs" _mkairootfs_common - _run_mkluks "${image_path}" "${airootfs_size}" "${encryption_key}" + _run_mkluks "${image_path}" "${airootfs_size}" \ + "${app_name}" "${encryption_key}" _run_mksquashfs "${pacstrap_dir}" "${image_device}" _close_luks_device } @@ -310,7 +318,8 @@ _mkairootfs_erofs() { _mkairootfs_erofs+luks() { local image_path="${airootfs_dir}/airootfs.erofs" _mkairootfs_common - _run_mkluks "${image_path}" "${airootfs_size}" "${encryption_key}" + _run_mkluks "${image_path}" "${airootfs_size}" \ + "${app_name}" "${encryption_key}" _run_mkerofs "${image_device}" _close_luks_device } @@ -319,6 +328,7 @@ _mkkeys_ext4+squashfs+luks() { local image_path="${keys_iso_dir}/keys.sfs" rm -f -- "${image_path}" _run_mkluks "${image_path}" "${keys_size}" + "${app_name}_KEYS" _run_mkext4 "${keys_dir}" $((keys_size - 50000)) _run_mksquashfs "${keys_dir}.img" "${image_device}" _close_luks_device @@ -331,7 +341,8 @@ _mkkeys_ext4+squashfs+luks() { _mkkeys_erofs+luks() { local image_path="${keys_iso_dir}/keys.erofs" rm -f -- "${image_path}" - _run_mkluks "${image_path}" "${keys_size}" + _run_mkluks "${image_path}" "${keys_size}" \ + "${app_name}_KEYS" _run_mkerofs "${image_device}" _close_luks_device } @@ -340,7 +351,8 @@ _mkkeys_erofs+luks() { _mkkeys_squashfs+luks() { local image_path="${keys_iso_dir}/keys.sfs" rm -f -- "${image_path}" - _run_mkluks "${image_path}" "${keys_size}" + _run_mkluks "${image_path}" "${keys_size}" \ + "${app_name}_KEYS" _run_mksquashfs "${keys_dir}" "${image_device}" _close_luks_device } -- GitLab From 44cbc16ecd39ff5c79daf54f78ac2d1903347fe5 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Tue, 7 Jun 2022 01:45:33 +0000 Subject: [PATCH 055/347] stub for validate keys image requirements --- archiso/mkarchiso | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 9b96e29a..cf3b74b5 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1202,6 +1202,10 @@ _validate_common_requirements_buildmode_iso_netboot() { fi } +_validate_requirements_buildmode_keys() { + echo "TODO" +} + _validate_requirements_buildmode_iso() { _validate_common_requirements_buildmode_iso_netboot _validate_common_requirements_buildmode_all -- GitLab From 45ea9cf62d05e758cac91a57a4745a6f9bb098e4 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Tue, 7 Jun 2022 02:01:33 +0000 Subject: [PATCH 056/347] typo in mkluks --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index cf3b74b5..dcefad59 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -192,7 +192,7 @@ _run_mkluks() { cryptsetup config "${_key_options[@]}" "${_image_path}" --label "${_label}" cryptsetup open --type luks2 "${_image_path}" "${_mapper}" "${_key_options[@]}" - image_device="/dev/mapper/${app_name}_mapper" + image_device="/dev/mapper/${_mapper}" _msg_info "Done!" } -- GitLab From 8e8342038daef93e6000aace614dce7c7c9d2b2b Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Tue, 7 Jun 2022 02:03:28 +0000 Subject: [PATCH 057/347] typo in mkluks --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index dcefad59..ac6d91fc 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -176,7 +176,7 @@ _run_mkluks() { local _encryption_key="${4}" local _cryptsetup_options=('--pbkdf-memory' 256) local _key_msg _mapper - _mapper=$(basename _image_path)".map" + _mapper=$(basename "${_image_path}")".map" if [[ -n "${_encryption_key}" ]]; then _key_options=("--key-file=${_encryption_key}") -- GitLab From 9b012d9c23c10b36479ff1a363aa4654cc0c37a2 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Tue, 7 Jun 2022 02:10:55 +0000 Subject: [PATCH 058/347] typo in mkluks --- archiso/mkarchiso | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index ac6d91fc..6fba28b9 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -197,11 +197,13 @@ _run_mkluks() { _msg_info "Done!" } -# Removes the LUKS device +# Close a LUKS device mapper _close_luks_device() { - cryptsetup luksClose "${app_name}_mapper" + local _device + _device=$(basename "${1}") + cryptsetup luksClose "${_device}.map" if [ -f "${image_device}" ]; then - dmsetup remove "${app_name}_mapper" + dmsetup remove "${_device}.map" fi sync } @@ -279,10 +281,10 @@ _mkairootfs_ext4+squashfs+luks() { local image_path="${airootfs_dir}/airootfs.sfs" _mkairootfs_common _run_mkluks "${image_path}" "${airootfs_size}" \ - "${app_name}" "${encryption_key}" + "${iso_label}" "${encryption_key}" _run_mkext4 "${pacstrap_dir}" $((airootfs_size - 50000)) _run_mksquashfs "${pacstrap_dir}.img" "${image_device}" - _close_luks_device + _close_luks_device "${image_device}" _msg_info "Done!" rm -- "${pacstrap_dir}.img" } @@ -300,9 +302,9 @@ _mkairootfs_squashfs+luks() { local image_path="${airootfs_dir}/airootfs.sfs" _mkairootfs_common _run_mkluks "${image_path}" "${airootfs_size}" \ - "${app_name}" "${encryption_key}" + "${iso_label}" "${encryption_key}" _run_mksquashfs "${pacstrap_dir}" "${image_device}" - _close_luks_device + _close_luks_device "${image_device}" } # Create an EROFS image containing the root file system and saves it on the ISO 9660 file system. @@ -319,19 +321,19 @@ _mkairootfs_erofs+luks() { local image_path="${airootfs_dir}/airootfs.erofs" _mkairootfs_common _run_mkluks "${image_path}" "${airootfs_size}" \ - "${app_name}" "${encryption_key}" + "${iso_label}" "${encryption_key}" _run_mkerofs "${image_device}" - _close_luks_device + _close_luks_device "${image_device}" } _mkkeys_ext4+squashfs+luks() { local image_path="${keys_iso_dir}/keys.sfs" rm -f -- "${image_path}" _run_mkluks "${image_path}" "${keys_size}" - "${app_name}_KEYS" + "${iso_label}_KEYS" _run_mkext4 "${keys_dir}" $((keys_size - 50000)) _run_mksquashfs "${keys_dir}.img" "${image_device}" - _close_luks_device + _close_luks_device "${image_device}" _msg_info "Done!" rm -- "${keys_dir}.img" } @@ -342,9 +344,9 @@ _mkkeys_erofs+luks() { local image_path="${keys_iso_dir}/keys.erofs" rm -f -- "${image_path}" _run_mkluks "${image_path}" "${keys_size}" \ - "${app_name}_KEYS" + "${iso_label}_KEYS" _run_mkerofs "${image_device}" - _close_luks_device + _close_luks_device "${image_device}" } # Create a squashfs image containing the keys file system and saves it on the ISO 9660 file system. @@ -352,7 +354,7 @@ _mkkeys_squashfs+luks() { local image_path="${keys_iso_dir}/keys.sfs" rm -f -- "${image_path}" _run_mkluks "${image_path}" "${keys_size}" \ - "${app_name}_KEYS" + "${iso_label}_KEYS" _run_mksquashfs "${keys_dir}" "${image_device}" _close_luks_device } -- GitLab From 1411747b6e2bddb9d495fef40e9584dd43d3ba4c Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Tue, 7 Jun 2022 02:19:53 +0000 Subject: [PATCH 059/347] typo in mkluks --- archiso/mkarchiso | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 6fba28b9..575394d4 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -201,9 +201,9 @@ _run_mkluks() { _close_luks_device() { local _device _device=$(basename "${1}") - cryptsetup luksClose "${_device}.map" + cryptsetup luksClose "${_device}" if [ -f "${image_device}" ]; then - dmsetup remove "${_device}.map" + dmsetup remove "${_device}" fi sync } @@ -356,7 +356,7 @@ _mkkeys_squashfs+luks() { _run_mkluks "${image_path}" "${keys_size}" \ "${iso_label}_KEYS" _run_mksquashfs "${keys_dir}" "${image_device}" - _close_luks_device + _close_luks_device "${image_device}" } # Create checksum for a given file. -- GitLab From 71ad0240a15017c8f75e26382078f0857895cb08 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Tue, 7 Jun 2022 02:31:48 +0000 Subject: [PATCH 060/347] typo in mkluks --- archiso/mkarchiso | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 575394d4..1fdb37d5 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -170,18 +170,19 @@ _cleanup_pacstrap_dir() { # Create and open a LUKS image of the size of the pacstrap directory plus 200MB. _run_mkluks() { + local _encryption_key local _image_path="${1}" local _size="${2}" local _label="${3}" local _encryption_key="${4}" local _cryptsetup_options=('--pbkdf-memory' 256) - local _key_msg _mapper + local _key_msg="" _mapper _mapper=$(basename "${_image_path}")".map" if [[ -n "${_encryption_key}" ]]; then - _key_options=("--key-file=${_encryption_key}") - _cryptsetup_options+=("${_key_options[@]}") - _key_msg="with key ${_encryption_key}" + _key_options=("--key-file=${_encryption_key}") + _cryptsetup_options+=("${_key_options[@]}") + _key_msg="with key ${_encryption_key}" fi _msg_info "Creating LUKS image ${_image_path} with cryptsetup (${_size}KB) ${_key_msg}" -- GitLab From 11454a49286f4f24b6d7739346e5bd279e2aef38 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Tue, 7 Jun 2022 02:36:32 +0000 Subject: [PATCH 061/347] modularized run_mkerofs --- archiso/mkarchiso | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 1fdb37d5..4f8d63bd 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -249,13 +249,14 @@ _run_mkext4() { # Create an EROFS image containing the root file system. _run_mkerofs() { local _image_path="${1}" + local _dir="${2}" local fsuuid mkfs_erofs_options=() [[ ! "${quiet}" == "y" ]] || mkfs_erofs_options+=('--quiet') # Generate reproducible file system UUID from SOURCE_DATE_EPOCH fsuuid="$(uuidgen --sha1 --namespace 93a870ff-8565-4cf3-a67b-f47299271a96 --name "${SOURCE_DATE_EPOCH}")" mkfs_erofs_options+=('-U' "${fsuuid}" "${airootfs_image_tool_options[@]}") _msg_info "Creating EROFS image, this may take some time..." - mkfs.erofs "${mkfs_erofs_options[@]}" -- "${_image_path}" "${pacstrap_dir}" + mkfs.erofs "${mkfs_erofs_options[@]}" -- "${_image_path}" "${_dir}" _msg_info "Done!" } @@ -282,7 +283,7 @@ _mkairootfs_ext4+squashfs+luks() { local image_path="${airootfs_dir}/airootfs.sfs" _mkairootfs_common _run_mkluks "${image_path}" "${airootfs_size}" \ - "${iso_label}" "${encryption_key}" + "${iso_label}" "${encryption_key}" _run_mkext4 "${pacstrap_dir}" $((airootfs_size - 50000)) _run_mksquashfs "${pacstrap_dir}.img" "${image_device}" _close_luks_device "${image_device}" @@ -303,7 +304,7 @@ _mkairootfs_squashfs+luks() { local image_path="${airootfs_dir}/airootfs.sfs" _mkairootfs_common _run_mkluks "${image_path}" "${airootfs_size}" \ - "${iso_label}" "${encryption_key}" + "${iso_label}" "${encryption_key}" _run_mksquashfs "${pacstrap_dir}" "${image_device}" _close_luks_device "${image_device}" } @@ -312,7 +313,7 @@ _mkairootfs_squashfs+luks() { _mkairootfs_erofs() { local image_path="${airootfs_dir}/airootfs.erofs" _mkairootfs_common - _run_mkerofs "${image_path}" + _run_mkerofs "${image_path}" "${pacstrap_dir}" _msg_info "Done!" } @@ -322,16 +323,16 @@ _mkairootfs_erofs+luks() { local image_path="${airootfs_dir}/airootfs.erofs" _mkairootfs_common _run_mkluks "${image_path}" "${airootfs_size}" \ - "${iso_label}" "${encryption_key}" - _run_mkerofs "${image_device}" + "${iso_label}" "${encryption_key}" + _run_mkerofs "${image_device}" "${pacstrap_dir}" _close_luks_device "${image_device}" } _mkkeys_ext4+squashfs+luks() { local image_path="${keys_iso_dir}/keys.sfs" rm -f -- "${image_path}" - _run_mkluks "${image_path}" "${keys_size}" - "${iso_label}_KEYS" + _run_mkluks "${image_path}" "${keys_size}" \ + "${iso_label}_KEYS" "" _run_mkext4 "${keys_dir}" $((keys_size - 50000)) _run_mksquashfs "${keys_dir}.img" "${image_device}" _close_luks_device "${image_device}" @@ -345,8 +346,8 @@ _mkkeys_erofs+luks() { local image_path="${keys_iso_dir}/keys.erofs" rm -f -- "${image_path}" _run_mkluks "${image_path}" "${keys_size}" \ - "${iso_label}_KEYS" - _run_mkerofs "${image_device}" + "${iso_label}_KEYS" "" + _run_mkerofs "${image_device}" "${keys_iso_dir}" _close_luks_device "${image_device}" } @@ -355,7 +356,7 @@ _mkkeys_squashfs+luks() { local image_path="${keys_iso_dir}/keys.sfs" rm -f -- "${image_path}" _run_mkluks "${image_path}" "${keys_size}" \ - "${iso_label}_KEYS" + "${iso_label}_KEYS" "" _run_mksquashfs "${keys_dir}" "${image_device}" _close_luks_device "${image_device}" } -- GitLab From 3d865d532f92c486832984a48c514035ded38915 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Tue, 7 Jun 2022 02:36:55 +0000 Subject: [PATCH 062/347] modularized run_mkerofs --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 4f8d63bd..7ec50ed0 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -246,7 +246,7 @@ _run_mkext4() { } -# Create an EROFS image containing the root file system. +# Create an EROFS image given a directory. _run_mkerofs() { local _image_path="${1}" local _dir="${2}" -- GitLab From 1a344bebba6c0282d167cf2efedb0ffd17cf2bfd Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Tue, 7 Jun 2022 13:28:02 +0000 Subject: [PATCH 063/347] typo in build_keys_image --- archiso/mkarchiso | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 7ec50ed0..c5ab54d9 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1420,7 +1420,8 @@ _build_keys_image() { _msg_info "Creating ISO image..." xorriso "${xorriso_options[@]}" -as mkisofs \ -iso-level 3 \ - -full-iso9660-filenames \ -joliet \ + -full-iso9660-filenames \ + -joliet \ -joliet-long \ -rational-rock \ -volid "${iso_label}_KEYS" \ -- GitLab From 89960b4ecc87ad96cfcd0060724ce4f55aa374b1 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Tue, 7 Jun 2022 17:09:38 +0000 Subject: [PATCH 064/347] reduced mkairootfs and mkkeys functions --- archiso/mkarchiso | 47 +++++++++++++++++++++++++++++++---------------- 1 file changed, 31 insertions(+), 16 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index c5ab54d9..24367179 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -264,12 +264,12 @@ _mkairootfs_common() { [[ -e "${pacstrap_dir}" ]] || _msg_error "The path '${pacstrap_dir}' does not exist" 1 install -d -m 0755 -- "${airootfs_dir}" rm -f -- "${image_path}" + image_path="${airootfs_dir}/airootfs."$(_get_fs_ext "airootfs") } # Create an ext4 image containing the root file system and pack it inside a squashfs image. # Save the squashfs image on the ISO 9660 file system. _mkairootfs_ext4+squashfs() { - local image_path="${airootfs_dir}/airootfs.sfs" _mkairootfs_common _run_mkext4 "${pacstrap_dir}" $((airootfs_size/1000-50)) _run_mksquashfs "${pacstrap_dir}.img" "${image_path}" @@ -280,7 +280,6 @@ _mkairootfs_ext4+squashfs() { # Create an ext4 image containing the root file system and pack it inside a squashfs image. # Pack the squash image inside the LUKS image and save it on the ISO 9660 file system. _mkairootfs_ext4+squashfs+luks() { - local image_path="${airootfs_dir}/airootfs.sfs" _mkairootfs_common _run_mkluks "${image_path}" "${airootfs_size}" \ "${iso_label}" "${encryption_key}" @@ -293,7 +292,6 @@ _mkairootfs_ext4+squashfs+luks() { # Create a squashfs image containing the root file system and saves it on the ISO 9660 file system. _mkairootfs_squashfs() { - local image_path="${airootfs_dir}/airootfs.sfs" _mkairootfs_common _run_mksquashfs "${pacstrap_dir}" "${image_path}" } @@ -301,7 +299,6 @@ _mkairootfs_squashfs() { # Create a squashfs image containing the root file system and saves it on the LUKS image. # Saves the LUKS image on the ISO 9660 file system. _mkairootfs_squashfs+luks() { - local image_path="${airootfs_dir}/airootfs.sfs" _mkairootfs_common _run_mkluks "${image_path}" "${airootfs_size}" \ "${iso_label}" "${encryption_key}" @@ -311,7 +308,6 @@ _mkairootfs_squashfs+luks() { # Create an EROFS image containing the root file system and saves it on the ISO 9660 file system. _mkairootfs_erofs() { - local image_path="${airootfs_dir}/airootfs.erofs" _mkairootfs_common _run_mkerofs "${image_path}" "${pacstrap_dir}" _msg_info "Done!" @@ -320,7 +316,6 @@ _mkairootfs_erofs() { # Create an EROFS image containing the root file system and saves it on the LUKS image. # Save the LUKS image on the ISO 9660 file system. _mkairootfs_erofs+luks() { - local image_path="${airootfs_dir}/airootfs.erofs" _mkairootfs_common _run_mkluks "${image_path}" "${airootfs_size}" \ "${iso_label}" "${encryption_key}" @@ -328,11 +323,15 @@ _mkairootfs_erofs+luks() { _close_luks_device "${image_device}" } -_mkkeys_ext4+squashfs+luks() { - local image_path="${keys_iso_dir}/keys.sfs" +_mkkeys_common() { + image_path="${keys_iso_dir}/keys."$(_get_fs_ext "keys") rm -f -- "${image_path}" _run_mkluks "${image_path}" "${keys_size}" \ "${iso_label}_KEYS" "" +} + +_mkkeys_ext4+squashfs+luks() { + _mkkeys_common _run_mkext4 "${keys_dir}" $((keys_size - 50000)) _run_mksquashfs "${keys_dir}.img" "${image_device}" _close_luks_device "${image_device}" @@ -343,20 +342,14 @@ _mkkeys_ext4+squashfs+luks() { # Create an EROFS image containing the keys file system and saves it on the LUKS image. # Save the LUKS image on the ISO 9660 file system. _mkkeys_erofs+luks() { - local image_path="${keys_iso_dir}/keys.erofs" - rm -f -- "${image_path}" - _run_mkluks "${image_path}" "${keys_size}" \ - "${iso_label}_KEYS" "" + _mkkeys_common _run_mkerofs "${image_device}" "${keys_iso_dir}" _close_luks_device "${image_device}" } # Create a squashfs image containing the keys file system and saves it on the ISO 9660 file system. _mkkeys_squashfs+luks() { - local image_path="${keys_iso_dir}/keys.sfs" - rm -f -- "${image_path}" - _run_mkluks "${image_path}" "${keys_size}" \ - "${iso_label}_KEYS" "" + _mkkeys_common _run_mksquashfs "${keys_dir}" "${image_device}" _close_luks_device "${image_device}" } @@ -392,6 +385,7 @@ _mkchecksum_keys() { _mkchecksum "${keys_dir}/keys.erofs" _msg_info "Done!" } + # GPG sign a file. _mksignature() { local _file="${1}" @@ -423,6 +417,26 @@ _mksignature_keys() { _mksignature "${keys_iso_dir}/keys.erofs" } +# Get image extension. +_get_fs_ext() { + local _image="${1}" + local _fs_type + _fs_type=$(_get_fs_type "${_image}") + if [ "${_fs_type}" = "squashfs" ]; then + echo "sfs" + else + echo "${_fs_type}" + fi +} + +# Get image extension. +_get_fs_type() { + local _image="${1}" + local _no_luks + _no_luks=$(eval echo \$"{${_image}_image_type%%+luks}") + echo "${_no_luks##*"+"}" +} + # Helper function to run functions only one time. # $1: function name _run_once() { @@ -588,6 +602,7 @@ _make_bootmode_bios.syslinux.mbr() { for _cfg in "${profile}/syslinux/"*.cfg; do sed "s|%ARCHISO_LABEL%|${iso_label}|g; s|%INSTALL_DIR%|${install_dir}|g; + s|%KEYS_IMAGE_TYPE%|${keys_image_type}|g; s|%ARCH%|${arch}|g" \ "${_cfg}" > "${isofs_dir}/syslinux/${_cfg##*/}" done -- GitLab From 0b4c281b82044627e54f2f3cc7c7b8e0c9ca84c5 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Tue, 7 Jun 2022 17:11:37 +0000 Subject: [PATCH 065/347] Add missing comment --- archiso/mkarchiso | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 24367179..87823f3c 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -260,6 +260,7 @@ _run_mkerofs() { _msg_info "Done!" } +# Steps shared by _mkairootfs+fs_type functions _mkairootfs_common() { [[ -e "${pacstrap_dir}" ]] || _msg_error "The path '${pacstrap_dir}' does not exist" 1 install -d -m 0755 -- "${airootfs_dir}" @@ -323,6 +324,7 @@ _mkairootfs_erofs+luks() { _close_luks_device "${image_device}" } +# Steps shared by _mkkeys+fs_type functions _mkkeys_common() { image_path="${keys_iso_dir}/keys."$(_get_fs_ext "keys") rm -f -- "${image_path}" @@ -330,6 +332,8 @@ _mkkeys_common() { "${iso_label}_KEYS" "" } +# Create an ext4 image containing the keys file system and pack it inside a squashfs image. +# Pack the squash image inside the LUKS image and save it on the ISO 9660 file system. _mkkeys_ext4+squashfs+luks() { _mkkeys_common _run_mkext4 "${keys_dir}" $((keys_size - 50000)) -- GitLab From 1f6b4089bf57067508376886778c8c2643862328 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Tue, 7 Jun 2022 17:15:39 +0000 Subject: [PATCH 066/347] Forgot conversion in KB --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 87823f3c..ac5f1107 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -272,7 +272,7 @@ _mkairootfs_common() { # Save the squashfs image on the ISO 9660 file system. _mkairootfs_ext4+squashfs() { _mkairootfs_common - _run_mkext4 "${pacstrap_dir}" $((airootfs_size/1000-50)) + _run_mkext4 "${pacstrap_dir}" $((airootfs_size - 50000)) _run_mksquashfs "${pacstrap_dir}.img" "${image_path}" _msg_info "Done!" rm -- "${pacstrap_dir}.img" -- GitLab From 704a4c5961ab0d9f0de31a3c7ca83741db956903 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Tue, 7 Jun 2022 17:16:50 +0000 Subject: [PATCH 067/347] Forgot conversion in KB --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index ac5f1107..46e452a7 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -226,7 +226,7 @@ _run_mkext4() { local _size="${2}" local ext4_hash_seed mkfs_ext4_options=() - _msg_info "Creating ext4 image of ${_size} MB and copying '${_dir}/' to it..." + _msg_info "Creating ext4 image of ${_size} KB and copying '${_dir}/' to it..." ext4_hash_seed="$(uuidgen --sha1 --namespace 93a870ff-8565-4cf3-a67b-f47299271a96 \ --name "${SOURCE_DATE_EPOCH} ext4 hash seed")" -- GitLab From 20261f1006e228b5e816dbd509a2e8a40ae97b88 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Tue, 7 Jun 2022 17:31:51 +0000 Subject: [PATCH 068/347] Removed hardcoded extensions --- archiso/mkarchiso | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 46e452a7..bf316866 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -283,7 +283,7 @@ _mkairootfs_ext4+squashfs() { _mkairootfs_ext4+squashfs+luks() { _mkairootfs_common _run_mkluks "${image_path}" "${airootfs_size}" \ - "${iso_label}" "${encryption_key}" + "${iso_label}" "${encryption_key}" _run_mkext4 "${pacstrap_dir}" $((airootfs_size - 50000)) _run_mksquashfs "${pacstrap_dir}.img" "${image_device}" _close_luks_device "${image_device}" @@ -302,7 +302,7 @@ _mkairootfs_squashfs() { _mkairootfs_squashfs+luks() { _mkairootfs_common _run_mkluks "${image_path}" "${airootfs_size}" \ - "${iso_label}" "${encryption_key}" + "${iso_label}" "${encryption_key}" _run_mksquashfs "${pacstrap_dir}" "${image_device}" _close_luks_device "${image_device}" } @@ -319,7 +319,7 @@ _mkairootfs_erofs() { _mkairootfs_erofs+luks() { _mkairootfs_common _run_mkluks "${image_path}" "${airootfs_size}" \ - "${iso_label}" "${encryption_key}" + "${iso_label}" "${encryption_key}" _run_mkerofs "${image_device}" "${pacstrap_dir}" _close_luks_device "${image_device}" } @@ -329,7 +329,7 @@ _mkkeys_common() { image_path="${keys_iso_dir}/keys."$(_get_fs_ext "keys") rm -f -- "${image_path}" _run_mkluks "${image_path}" "${keys_size}" \ - "${iso_label}_KEYS" "" + "${iso_label}_KEYS" "" } # Create an ext4 image containing the keys file system and pack it inside a squashfs image. @@ -377,16 +377,14 @@ _mkchecksum() { # Create checksum file for the rootfs image. _mkchecksum_airootfs() { _msg_info "Creating checksum file for self-test..." - _mkchecksum "${airootfs_dir}/airootfs.sfs" - _mkchecksum "${airootfs_dir}/airootfs.erofs" + _mkchecksum "${airootfs_dir}/airootfs.$(_get_fs_ext "airootfs")" _msg_info "Done!" } # Create checksum file for the keys image. _mkchecksum_keys() { _msg_info "Creating checksum file for self-test..." - _mkchecksum "${keys_dir}/keys.sfs" - _mkchecksum "${keys_dir}/keys.erofs" + _mkchecksum "${keys_dir}/keys.$(_get_fs_ext "keys")" _msg_info "Done!" } @@ -410,15 +408,13 @@ _mksignature() { # GPG sign the root file system image. _mksignature_airootfs() { _msg_info "Signing rootfs image..." - _mksignature "${airootfs_dir}/airootfs.sfs" - _mksignature "${airootfs_dir}/airootfs.erofs" + _mksignature "${airootfs_dir}/airootfs.$(_get_fs_ext "airootfs")" } # GPG sign the keys file system image. _mksignature_keys() { _msg_info "Signing keys image..." - _mksignature "${keys_iso_dir}/keys.sfs" - _mksignature "${keys_iso_dir}/keys.erofs" + _mksignature "${keys_iso_dir}/keys.$(_get_fs_ext "keys")" } # Get image extension. -- GitLab From bc55ead0eccbd9ace79bb176ecc4925ab4dda1d9 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Tue, 7 Jun 2022 17:52:11 +0000 Subject: [PATCH 069/347] reduced mksignature and mkchecksum occurences --- archiso/mkarchiso | 48 +++++++++++------------------------------------ 1 file changed, 11 insertions(+), 37 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index bf316866..7803b5d1 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -326,7 +326,7 @@ _mkairootfs_erofs+luks() { # Steps shared by _mkkeys+fs_type functions _mkkeys_common() { - image_path="${keys_iso_dir}/keys."$(_get_fs_ext "keys") + image_path="${keys_isofs_dir}/keys."$(_get_fs_ext "keys") rm -f -- "${image_path}" _run_mkluks "${image_path}" "${keys_size}" \ "${iso_label}_KEYS" "" @@ -347,7 +347,7 @@ _mkkeys_ext4+squashfs+luks() { # Save the LUKS image on the ISO 9660 file system. _mkkeys_erofs+luks() { _mkkeys_common - _run_mkerofs "${image_device}" "${keys_iso_dir}" + _run_mkerofs "${image_device}" "${keys_isofs_dir}" _close_luks_device "${image_device}" } @@ -369,25 +369,12 @@ _mkchecksum() { cd -- "${_dir}" if [[ -e "${_file}" ]]; then + _msg_info "Creating checksum of ${_file} for self-test..." sha512sum "$(basename "${_file}")" > "${_name}.sha512" fi cd -- "${OLDPWD}" } -# Create checksum file for the rootfs image. -_mkchecksum_airootfs() { - _msg_info "Creating checksum file for self-test..." - _mkchecksum "${airootfs_dir}/airootfs.$(_get_fs_ext "airootfs")" - _msg_info "Done!" -} - -# Create checksum file for the keys image. -_mkchecksum_keys() { - _msg_info "Creating checksum file for self-test..." - _mkchecksum "${keys_dir}/keys.$(_get_fs_ext "keys")" - _msg_info "Done!" -} - # GPG sign a file. _mksignature() { local _file="${1}" @@ -405,18 +392,6 @@ _mksignature() { _msg_info "Done!" } -# GPG sign the root file system image. -_mksignature_airootfs() { - _msg_info "Signing rootfs image..." - _mksignature "${airootfs_dir}/airootfs.$(_get_fs_ext "airootfs")" -} - -# GPG sign the keys file system image. -_mksignature_keys() { - _msg_info "Signing keys image..." - _mksignature "${keys_iso_dir}/keys.$(_get_fs_ext "keys")" -} - # Get image extension. _get_fs_ext() { local _image="${1}" @@ -1051,9 +1026,9 @@ _prepare_airootfs_image() { airootfs_size=$((pacstrap_size+200000)) _run_once "_mkairootfs_${airootfs_image_type}" - _mkchecksum_airootfs + _mkchecksum "${airootfs_dir}/airootfs.$(_get_fs_ext "airootfs")" if [[ -n "${gpg_key}" ]]; then - _mksignature_airootfs + _mksignature "${airootfs_dir}/airootfs.$(_get_fs_ext "airootfs")" fi } @@ -1063,9 +1038,10 @@ _prepare_keys_image() { encryption_key="${keys_dir}/${iso_label}.key" keys_size=200000 _run_once "_mkkeys_${keys_image_type}" - _mkchecksum_keys + + _mkchecksum "${keys_dir}/keys.$(_get_fs_ext "keys")" if [[ -n "${gpg_key}" ]]; then - _mksignature_keys + _mksignature "${keys_isofs_dir}/keys.$(_get_fs_ext "keys")" fi } @@ -1415,8 +1391,6 @@ _build_keys_image() { local xorriso_options=() xorrisofs_options=() local bootmode - local keys_iso_dir="${work_dir}/keys_iso" - # Add required xorrisofs options for each boot mode # for bootmode in "${bootmodes[@]}"; do # typeset -f "_add_xorrisofs_options_${bootmode}" &> /dev/null && "_add_xorrisofs_options_${bootmode}" @@ -1445,7 +1419,7 @@ _build_keys_image() { -preparer "prepared by ${app_name}" \ "${xorrisofs_options[@]}" \ -output "${out_dir}/${image_name}" \ - "${keys_iso_dir}/" + "${keys_isofs_dir}/" _msg_info "Done!" du -h -- "${out_dir}/${image_name}" } @@ -1676,10 +1650,10 @@ _build_keys_base() { # Set up essential directory paths keys_dir="${work_dir}/keys" - keys_iso_dir="${work_dir}/keys_iso" + keys_isofs_dir="${work_dir}/keys_iso" [[ -d "${keys_dir}" ]] || install -d -- "${keys_dir}" - [[ -d "${keys_iso_dir}" ]] || install -d -- "${keys_iso_dir}" + [[ -d "${keys_isofs_dir}" ]] || install -d -- "${keys_isofs_dir}" _run_once _prepare_keys_image } -- GitLab From cc0f47a4695d6a7b536e2d7b140a5eb71cf57346 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Tue, 7 Jun 2022 17:55:10 +0000 Subject: [PATCH 070/347] use variable --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 7803b5d1..e32fd1b4 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -382,7 +382,7 @@ _mksignature() { rm -f -- "${_file}.sig" [[ -z "${gpg_sender}" ]] || gpg_options+=('--sender' "${gpg_sender}") if [ -e "${_file}" ]; then - _msg_info "Signing ${1}..." + _msg_info "Signing ${_file}..." # always use the .sig file extension, as that is what # mkinitcpio-archiso's hooks expect gpg --batch --no-armor --no-include-key-block \ -- GitLab From 02160e0bac1b8e6ccfb2e7ca01477dce433d4190 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Tue, 7 Jun 2022 18:12:03 +0000 Subject: [PATCH 071/347] Update profile documentation --- docs/README.profile.rst | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/README.profile.rst b/docs/README.profile.rst index 49fde9bb..0797b435 100644 --- a/docs/README.profile.rst +++ b/docs/README.profile.rst @@ -39,6 +39,7 @@ The image file is constructed from some of the variables in ``profiledef.sh``: ` understood: - ``bootstrap``: Build a compressed file containing a minimal system to bootstrap from + - ``keys``: Build a "keys" ISO that is able to boot encrypted bootable ISO images. - ``iso``: Build a bootable ISO image (implicit default, if no ``buildmodes`` are set) - ``netboot``: Build artifacts required for netboot using iPXE * ``bootmodes``: A list of strings, that state the supported boot modes of the resulting image. Only the following are @@ -65,6 +66,7 @@ The image file is constructed from some of the variables in ``profiledef.sh``: ` - ``erofs+luks``: Create a LUKS image containing an EROFS image for the airootfs work directory * ``airootfs_image_tool_options``: An array of options to pass to the tool to create the airootfs image. ``mksquashfs`` and ``mkfs.erofs`` are supported. See ``mksquashfs --help`` or ``mkfs.erofs --help`` for all possible options +* ``keys_image_type``: Same as ``airootfs_image_type`` for the "keys" ISO. * ``file_permissions``: An associative array that lists files and/or directories who need specific ownership or permissions. The array's keys contain the path and the value is a colon separated list of owner UID, owner GID and access mode. E.g. ``file_permissions=(["/etc/shadow"]="0:0:400")``. When directories are listed with a trailing backslash (``/``) **all** files and directories contained within the listed directory will have the same owner UID, owner GID, and access mode applied recursively. @@ -140,7 +142,7 @@ respective variables in ``profiledef.sh``: * ``%ARCHISO_LABEL%``: Set this using the ``iso_label`` variable in ``profiledef.sh``. * ``%INSTALL_DIR%``: Set this using the ``iso_label`` variable in ``profiledef.sh``. * ``%ARCH%``: Set this using the ``arch`` variable in ``profiledef.sh``. - +* ``%KEYS_IMAGE_TYPE%``: Set this using the ``keys_image_type`` variable in ``profiledef.sh``. efiboot ------- -- GitLab From c309443418e91e64e59fb5ff1991ed5e98e675d7 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Tue, 7 Jun 2022 18:37:05 +0000 Subject: [PATCH 072/347] Typo --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index e32fd1b4..4151ebe9 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -264,8 +264,8 @@ _run_mkerofs() { _mkairootfs_common() { [[ -e "${pacstrap_dir}" ]] || _msg_error "The path '${pacstrap_dir}' does not exist" 1 install -d -m 0755 -- "${airootfs_dir}" - rm -f -- "${image_path}" image_path="${airootfs_dir}/airootfs."$(_get_fs_ext "airootfs") + rm -f -- "${image_path}" } # Create an ext4 image containing the root file system and pack it inside a squashfs image. -- GitLab From 05c4a6ad8ebb632c902a65720c88e2b79e769b77 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Tue, 7 Jun 2022 18:47:41 +0000 Subject: [PATCH 073/347] cleaner message --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 4151ebe9..44b3372e 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -185,7 +185,7 @@ _run_mkluks() { _key_msg="with key ${_encryption_key}" fi - _msg_info "Creating LUKS image ${_image_path} with cryptsetup (${_size}KB) ${_key_msg}" + _msg_info "Creating LUKS image $(basename ${_image_path}) with cryptsetup (${_size}KB) ${_key_msg}" fallocate -l "${_size}K" "${_image_path}" cryptsetup -y luksFormat "${_cryptsetup_options[@]}" "${_image_path}" -- GitLab From 550504ac3073f9ecd366844bd9f3f590a1afbb4a Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Tue, 7 Jun 2022 18:49:28 +0000 Subject: [PATCH 074/347] cleaner message --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 44b3372e..ce86a486 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -382,7 +382,7 @@ _mksignature() { rm -f -- "${_file}.sig" [[ -z "${gpg_sender}" ]] || gpg_options+=('--sender' "${gpg_sender}") if [ -e "${_file}" ]; then - _msg_info "Signing ${_file}..." + _msg_info "Signing $(basename "${_file}")..." # always use the .sig file extension, as that is what # mkinitcpio-archiso's hooks expect gpg --batch --no-armor --no-include-key-block \ -- GitLab From cb9d71c15849d7cc395127ddb310c89756e43884 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Tue, 7 Jun 2022 19:25:35 +0000 Subject: [PATCH 075/347] -n instead of -z --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index ce86a486..b0131ee3 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1017,7 +1017,7 @@ _validate_requirements_bootmode_uefi-ia32.grub.eltorito() { _prepare_airootfs_image() { local airootfs_size pacstrap_size - if [ -z "${encryption_key}" ]; then + if [ -n "${encryption_key}" ]; then cp "${encryption_key}" "${work_dir}/${iso_label}.key" encryption_key="${work_dir}/${iso_label}.key" fi -- GitLab From 95f9b3e33557660c99e4c2cd70345b760c18f951 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Tue, 7 Jun 2022 19:28:51 +0000 Subject: [PATCH 076/347] let's just check if != --- archiso/mkarchiso | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index b0131ee3..e79bc8da 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -179,7 +179,7 @@ _run_mkluks() { local _key_msg="" _mapper _mapper=$(basename "${_image_path}")".map" - if [[ -n "${_encryption_key}" ]]; then + if [[ "${_encryption_key}" != "" ]]; then _key_options=("--key-file=${_encryption_key}") _cryptsetup_options+=("${_key_options[@]}") _key_msg="with key ${_encryption_key}" @@ -1017,7 +1017,7 @@ _validate_requirements_bootmode_uefi-ia32.grub.eltorito() { _prepare_airootfs_image() { local airootfs_size pacstrap_size - if [ -n "${encryption_key}" ]; then + if [ "${encryption_key}" != "" ]; then cp "${encryption_key}" "${work_dir}/${iso_label}.key" encryption_key="${work_dir}/${iso_label}.key" fi -- GitLab From 6e3b52462ca958ebb97de875ed87d085ff7e24a1 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Tue, 7 Jun 2022 19:37:40 +0000 Subject: [PATCH 077/347] shellcheck --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index e79bc8da..0d699bfc 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -185,7 +185,7 @@ _run_mkluks() { _key_msg="with key ${_encryption_key}" fi - _msg_info "Creating LUKS image $(basename ${_image_path}) with cryptsetup (${_size}KB) ${_key_msg}" + _msg_info "Creating LUKS image $(basename "${_image_path}") with cryptsetup (${_size}KB) ${_key_msg}" fallocate -l "${_size}K" "${_image_path}" cryptsetup -y luksFormat "${_cryptsetup_options[@]}" "${_image_path}" -- GitLab From 3a032a52c99868920413723ce9acb1a7b3146da7 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Tue, 7 Jun 2022 23:13:57 +0000 Subject: [PATCH 078/347] loop if wrong passphrase when opening --- archiso/mkarchiso | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 0d699bfc..217cae25 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -192,7 +192,10 @@ _run_mkluks() { _msg_info "Setting label ${_label}" cryptsetup config "${_key_options[@]}" "${_image_path}" --label "${_label}" - cryptsetup open --type luks2 "${_image_path}" "${_mapper}" "${_key_options[@]}" + while ! cryptsetup open --type luks2 "${_image_path}" "${_mapper}" "${_key_options[@]}"; do + _close_luks_device "${_mapper}" + done + image_device="/dev/mapper/${_mapper}" _msg_info "Done!" -- GitLab From b55bcf84375ff2b4b41aeff4fd11ccba31eaa8c9 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Tue, 7 Jun 2022 23:17:59 +0000 Subject: [PATCH 079/347] fix luks_close_device --- archiso/mkarchiso | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 217cae25..fa18c097 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -178,6 +178,7 @@ _run_mkluks() { local _cryptsetup_options=('--pbkdf-memory' 256) local _key_msg="" _mapper _mapper=$(basename "${_image_path}")".map" + image_device="/dev/mapper/${_mapper}" if [[ "${_encryption_key}" != "" ]]; then _key_options=("--key-file=${_encryption_key}") @@ -193,20 +194,19 @@ _run_mkluks() { cryptsetup config "${_key_options[@]}" "${_image_path}" --label "${_label}" while ! cryptsetup open --type luks2 "${_image_path}" "${_mapper}" "${_key_options[@]}"; do - _close_luks_device "${_mapper}" + _close_luks_device "${_image_device}" done - image_device="/dev/mapper/${_mapper}" - _msg_info "Done!" } # Close a LUKS device mapper _close_luks_device() { - local _device - _device=$(basename "${1}") - cryptsetup luksClose "${_device}" - if [ -f "${image_device}" ]; then + local _device="${1}" + local _mapper + _mapper=$(basename "${_device}") + cryptsetup luksClose "${_mapper}" + if [ -f "${_device}" ]; then dmsetup remove "${_device}" fi sync -- GitLab From 6ed8a6c76afa801dd3d77ac6ce6ff97375bf6ff8 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Tue, 7 Jun 2022 23:19:29 +0000 Subject: [PATCH 080/347] typo --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index fa18c097..9430941f 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -194,7 +194,7 @@ _run_mkluks() { cryptsetup config "${_key_options[@]}" "${_image_path}" --label "${_label}" while ! cryptsetup open --type luks2 "${_image_path}" "${_mapper}" "${_key_options[@]}"; do - _close_luks_device "${_image_device}" + _close_luks_device "${image_device}" done _msg_info "Done!" -- GitLab From bf6e611501181fc59c4a64e0a8cd0f7f79da89cf Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 8 Jun 2022 00:33:02 +0000 Subject: [PATCH 081/347] forgot keys_image_tool_options --- archiso/mkarchiso | 37 ++++++++++++++++++++++++------------- docs/README.profile.rst | 1 + 2 files changed, 25 insertions(+), 13 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 9430941f..b5f0049c 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -38,6 +38,7 @@ bootmodes=() airootfs_image_type="" airootfs_image_tool_options=() keys_image_type="" +keys_image_tool_options=() cert_list=() sign_netboot_artifacts="" declare -A file_permissions=() @@ -216,10 +217,10 @@ _close_luks_device() { _run_mksquashfs() { local _directory_or_fs="${1}" local _image_path="${2}" - local mksquashfs_options=() + local _options=${3} [[ ! "${quiet}" == "y" ]] || mksquashfs_options+=('-no-progress' '-quiet') _msg_info "Creating SQUASHFS image, this may take some time..." - mksquashfs "${_directory_or_fs}" "${_image_path}" -noappend "${airootfs_image_tool_options[@]}" "${mksquashfs_options[@]}" + mksquashfs "${_directory_or_fs}" "${_image_path}" -noappend "${_options[@]}" } # Create an ext4 image of given size (in KB) from a directory. @@ -253,11 +254,12 @@ _run_mkext4() { _run_mkerofs() { local _image_path="${1}" local _dir="${2}" - local fsuuid mkfs_erofs_options=() + local _options="${3}" + local fsuuid [[ ! "${quiet}" == "y" ]] || mkfs_erofs_options+=('--quiet') # Generate reproducible file system UUID from SOURCE_DATE_EPOCH fsuuid="$(uuidgen --sha1 --namespace 93a870ff-8565-4cf3-a67b-f47299271a96 --name "${SOURCE_DATE_EPOCH}")" - mkfs_erofs_options+=('-U' "${fsuuid}" "${airootfs_image_tool_options[@]}") + mkfs_erofs_options+=('-U' "${fsuuid}" "${_options[@]}") _msg_info "Creating EROFS image, this may take some time..." mkfs.erofs "${mkfs_erofs_options[@]}" -- "${_image_path}" "${_dir}" _msg_info "Done!" @@ -276,7 +278,8 @@ _mkairootfs_common() { _mkairootfs_ext4+squashfs() { _mkairootfs_common _run_mkext4 "${pacstrap_dir}" $((airootfs_size - 50000)) - _run_mksquashfs "${pacstrap_dir}.img" "${image_path}" + _run_mksquashfs "${pacstrap_dir}.img" "${image_path}" \ + "${airootfs_image_tool_options[@]}" _msg_info "Done!" rm -- "${pacstrap_dir}.img" } @@ -288,7 +291,8 @@ _mkairootfs_ext4+squashfs+luks() { _run_mkluks "${image_path}" "${airootfs_size}" \ "${iso_label}" "${encryption_key}" _run_mkext4 "${pacstrap_dir}" $((airootfs_size - 50000)) - _run_mksquashfs "${pacstrap_dir}.img" "${image_device}" + _run_mksquashfs "${pacstrap_dir}.img" "${image_device}" \ + "${airootfs_image_tool_options[@]}" _close_luks_device "${image_device}" _msg_info "Done!" rm -- "${pacstrap_dir}.img" @@ -297,7 +301,8 @@ _mkairootfs_ext4+squashfs+luks() { # Create a squashfs image containing the root file system and saves it on the ISO 9660 file system. _mkairootfs_squashfs() { _mkairootfs_common - _run_mksquashfs "${pacstrap_dir}" "${image_path}" + _run_mksquashfs "${pacstrap_dir}" "${image_path}" \ + "${airootfs_image_tool_options[@]}" } # Create a squashfs image containing the root file system and saves it on the LUKS image. @@ -306,14 +311,16 @@ _mkairootfs_squashfs+luks() { _mkairootfs_common _run_mkluks "${image_path}" "${airootfs_size}" \ "${iso_label}" "${encryption_key}" - _run_mksquashfs "${pacstrap_dir}" "${image_device}" + _run_mksquashfs "${pacstrap_dir}" "${image_device}" \ + "${airootfs_image_tool_options[@]}" _close_luks_device "${image_device}" } # Create an EROFS image containing the root file system and saves it on the ISO 9660 file system. _mkairootfs_erofs() { _mkairootfs_common - _run_mkerofs "${image_path}" "${pacstrap_dir}" + _run_mkerofs "${image_path}" "${pacstrap_dir}" \ + "${airootfs_image_tool_options[@]}" _msg_info "Done!" } @@ -323,7 +330,8 @@ _mkairootfs_erofs+luks() { _mkairootfs_common _run_mkluks "${image_path}" "${airootfs_size}" \ "${iso_label}" "${encryption_key}" - _run_mkerofs "${image_device}" "${pacstrap_dir}" + _run_mkerofs "${image_device}" "${pacstrap_dir}" \ + "${airootfs_image_tool_options[@]}" _close_luks_device "${image_device}" } @@ -340,7 +348,8 @@ _mkkeys_common() { _mkkeys_ext4+squashfs+luks() { _mkkeys_common _run_mkext4 "${keys_dir}" $((keys_size - 50000)) - _run_mksquashfs "${keys_dir}.img" "${image_device}" + _run_mksquashfs "${keys_dir}.img" "${image_device}" \ + "${keys_image_tool_options[@]}" _close_luks_device "${image_device}" _msg_info "Done!" rm -- "${keys_dir}.img" @@ -350,14 +359,16 @@ _mkkeys_ext4+squashfs+luks() { # Save the LUKS image on the ISO 9660 file system. _mkkeys_erofs+luks() { _mkkeys_common - _run_mkerofs "${image_device}" "${keys_isofs_dir}" + _run_mkerofs "${image_device}" "${keys_isofs_dir}" \ + "${keys_image_tool_options[@]}" _close_luks_device "${image_device}" } # Create a squashfs image containing the keys file system and saves it on the ISO 9660 file system. _mkkeys_squashfs+luks() { _mkkeys_common - _run_mksquashfs "${keys_dir}" "${image_device}" + _run_mksquashfs "${keys_dir}" "${image_device}" \ + "${keys_image_tool_options[@]}" _close_luks_device "${image_device}" } diff --git a/docs/README.profile.rst b/docs/README.profile.rst index 0797b435..3d7b4206 100644 --- a/docs/README.profile.rst +++ b/docs/README.profile.rst @@ -67,6 +67,7 @@ The image file is constructed from some of the variables in ``profiledef.sh``: ` * ``airootfs_image_tool_options``: An array of options to pass to the tool to create the airootfs image. ``mksquashfs`` and ``mkfs.erofs`` are supported. See ``mksquashfs --help`` or ``mkfs.erofs --help`` for all possible options * ``keys_image_type``: Same as ``airootfs_image_type`` for the "keys" ISO. +* ``keys_image_tool_options``: Same as ``airootfs_image_tool_options`` for the "keys" ISO. * ``file_permissions``: An associative array that lists files and/or directories who need specific ownership or permissions. The array's keys contain the path and the value is a colon separated list of owner UID, owner GID and access mode. E.g. ``file_permissions=(["/etc/shadow"]="0:0:400")``. When directories are listed with a trailing backslash (``/``) **all** files and directories contained within the listed directory will have the same owner UID, owner GID, and access mode applied recursively. -- GitLab From 37594fca86e5ebf613a1c27b636b7346694e7265 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 8 Jun 2022 00:51:22 +0000 Subject: [PATCH 082/347] forgot keys_image_tool_options --- archiso/mkarchiso | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index b5f0049c..1e8979da 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -217,7 +217,8 @@ _close_luks_device() { _run_mksquashfs() { local _directory_or_fs="${1}" local _image_path="${2}" - local _options=${3} + shift 2 + declare -a _options=$* [[ ! "${quiet}" == "y" ]] || mksquashfs_options+=('-no-progress' '-quiet') _msg_info "Creating SQUASHFS image, this may take some time..." mksquashfs "${_directory_or_fs}" "${_image_path}" -noappend "${_options[@]}" @@ -254,7 +255,8 @@ _run_mkext4() { _run_mkerofs() { local _image_path="${1}" local _dir="${2}" - local _options="${3}" + shift 2 + declare -a _options=$* local fsuuid [[ ! "${quiet}" == "y" ]] || mkfs_erofs_options+=('--quiet') # Generate reproducible file system UUID from SOURCE_DATE_EPOCH -- GitLab From 3a82f3cf7b2677530574789e2fa1174e3c380b00 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 8 Jun 2022 00:56:53 +0000 Subject: [PATCH 083/347] I did something wrong with array --- archiso/mkarchiso | 37 +++++++++++++------------------------ 1 file changed, 13 insertions(+), 24 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 1e8979da..d65d22ca 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -217,11 +217,9 @@ _close_luks_device() { _run_mksquashfs() { local _directory_or_fs="${1}" local _image_path="${2}" - shift 2 - declare -a _options=$* [[ ! "${quiet}" == "y" ]] || mksquashfs_options+=('-no-progress' '-quiet') _msg_info "Creating SQUASHFS image, this may take some time..." - mksquashfs "${_directory_or_fs}" "${_image_path}" -noappend "${_options[@]}" + mksquashfs "${_directory_or_fs}" "${_image_path}" -noappend "${_mkfs_options[@]}" } # Create an ext4 image of given size (in KB) from a directory. @@ -255,13 +253,11 @@ _run_mkext4() { _run_mkerofs() { local _image_path="${1}" local _dir="${2}" - shift 2 - declare -a _options=$* local fsuuid [[ ! "${quiet}" == "y" ]] || mkfs_erofs_options+=('--quiet') # Generate reproducible file system UUID from SOURCE_DATE_EPOCH fsuuid="$(uuidgen --sha1 --namespace 93a870ff-8565-4cf3-a67b-f47299271a96 --name "${SOURCE_DATE_EPOCH}")" - mkfs_erofs_options+=('-U' "${fsuuid}" "${_options[@]}") + mkfs_erofs_options+=('-U' "${fsuuid}" "${_mkfs_options[@]}") _msg_info "Creating EROFS image, this may take some time..." mkfs.erofs "${mkfs_erofs_options[@]}" -- "${_image_path}" "${_dir}" _msg_info "Done!" @@ -273,6 +269,7 @@ _mkairootfs_common() { install -d -m 0755 -- "${airootfs_dir}" image_path="${airootfs_dir}/airootfs."$(_get_fs_ext "airootfs") rm -f -- "${image_path}" + _mkfs_options=$airootfs_image_tool_options } # Create an ext4 image containing the root file system and pack it inside a squashfs image. @@ -280,8 +277,7 @@ _mkairootfs_common() { _mkairootfs_ext4+squashfs() { _mkairootfs_common _run_mkext4 "${pacstrap_dir}" $((airootfs_size - 50000)) - _run_mksquashfs "${pacstrap_dir}.img" "${image_path}" \ - "${airootfs_image_tool_options[@]}" + _run_mksquashfs "${pacstrap_dir}.img" "${image_path}" _msg_info "Done!" rm -- "${pacstrap_dir}.img" } @@ -293,8 +289,7 @@ _mkairootfs_ext4+squashfs+luks() { _run_mkluks "${image_path}" "${airootfs_size}" \ "${iso_label}" "${encryption_key}" _run_mkext4 "${pacstrap_dir}" $((airootfs_size - 50000)) - _run_mksquashfs "${pacstrap_dir}.img" "${image_device}" \ - "${airootfs_image_tool_options[@]}" + _run_mksquashfs "${pacstrap_dir}.img" "${image_device}" _close_luks_device "${image_device}" _msg_info "Done!" rm -- "${pacstrap_dir}.img" @@ -303,8 +298,7 @@ _mkairootfs_ext4+squashfs+luks() { # Create a squashfs image containing the root file system and saves it on the ISO 9660 file system. _mkairootfs_squashfs() { _mkairootfs_common - _run_mksquashfs "${pacstrap_dir}" "${image_path}" \ - "${airootfs_image_tool_options[@]}" + _run_mksquashfs "${pacstrap_dir}" "${image_path}" } # Create a squashfs image containing the root file system and saves it on the LUKS image. @@ -313,16 +307,14 @@ _mkairootfs_squashfs+luks() { _mkairootfs_common _run_mkluks "${image_path}" "${airootfs_size}" \ "${iso_label}" "${encryption_key}" - _run_mksquashfs "${pacstrap_dir}" "${image_device}" \ - "${airootfs_image_tool_options[@]}" + _run_mksquashfs "${pacstrap_dir}" "${image_device}" _close_luks_device "${image_device}" } # Create an EROFS image containing the root file system and saves it on the ISO 9660 file system. _mkairootfs_erofs() { _mkairootfs_common - _run_mkerofs "${image_path}" "${pacstrap_dir}" \ - "${airootfs_image_tool_options[@]}" + _run_mkerofs "${image_path}" "${pacstrap_dir}" _msg_info "Done!" } @@ -332,8 +324,7 @@ _mkairootfs_erofs+luks() { _mkairootfs_common _run_mkluks "${image_path}" "${airootfs_size}" \ "${iso_label}" "${encryption_key}" - _run_mkerofs "${image_device}" "${pacstrap_dir}" \ - "${airootfs_image_tool_options[@]}" + _run_mkerofs "${image_device}" "${pacstrap_dir}" _close_luks_device "${image_device}" } @@ -343,6 +334,7 @@ _mkkeys_common() { rm -f -- "${image_path}" _run_mkluks "${image_path}" "${keys_size}" \ "${iso_label}_KEYS" "" + _mkfs_options=$keys_image_tool_options } # Create an ext4 image containing the keys file system and pack it inside a squashfs image. @@ -350,8 +342,7 @@ _mkkeys_common() { _mkkeys_ext4+squashfs+luks() { _mkkeys_common _run_mkext4 "${keys_dir}" $((keys_size - 50000)) - _run_mksquashfs "${keys_dir}.img" "${image_device}" \ - "${keys_image_tool_options[@]}" + _run_mksquashfs "${keys_dir}.img" "${image_device}" _close_luks_device "${image_device}" _msg_info "Done!" rm -- "${keys_dir}.img" @@ -361,16 +352,14 @@ _mkkeys_ext4+squashfs+luks() { # Save the LUKS image on the ISO 9660 file system. _mkkeys_erofs+luks() { _mkkeys_common - _run_mkerofs "${image_device}" "${keys_isofs_dir}" \ - "${keys_image_tool_options[@]}" + _run_mkerofs "${image_device}" "${keys_isofs_dir}" _close_luks_device "${image_device}" } # Create a squashfs image containing the keys file system and saves it on the ISO 9660 file system. _mkkeys_squashfs+luks() { _mkkeys_common - _run_mksquashfs "${keys_dir}" "${image_device}" \ - "${keys_image_tool_options[@]}" + _run_mksquashfs "${keys_dir}" "${image_device}" _close_luks_device "${image_device}" } -- GitLab From ed01b779223c115a1f8c59632670e9194c979c10 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 8 Jun 2022 00:59:02 +0000 Subject: [PATCH 084/347] I did something wrong with array --- archiso/mkarchiso | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index d65d22ca..d2f6d4c7 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -269,7 +269,7 @@ _mkairootfs_common() { install -d -m 0755 -- "${airootfs_dir}" image_path="${airootfs_dir}/airootfs."$(_get_fs_ext "airootfs") rm -f -- "${image_path}" - _mkfs_options=$airootfs_image_tool_options + _mkfs_options=("${airootfs_image_tool_options[@]}") } # Create an ext4 image containing the root file system and pack it inside a squashfs image. @@ -334,7 +334,7 @@ _mkkeys_common() { rm -f -- "${image_path}" _run_mkluks "${image_path}" "${keys_size}" \ "${iso_label}_KEYS" "" - _mkfs_options=$keys_image_tool_options + _mkfs_options=("${keys_image_tool_options[@]}") } # Create an ext4 image containing the keys file system and pack it inside a squashfs image. -- GitLab From 47699a87a25bf1465d7cb67effc228344db8dec3 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 8 Jun 2022 01:58:44 +0000 Subject: [PATCH 085/347] never fail for wrong input passphrase --- archiso/mkarchiso | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index d2f6d4c7..70d8a191 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -189,11 +189,16 @@ _run_mkluks() { _msg_info "Creating LUKS image $(basename "${_image_path}") with cryptsetup (${_size}KB) ${_key_msg}" fallocate -l "${_size}K" "${_image_path}" - cryptsetup -y luksFormat "${_cryptsetup_options[@]}" "${_image_path}" + while ! cryptsetup -y luksFormat "${_cryptsetup_options[@]}" "${_image_path}"; do + sleep 1 + done _msg_info "Setting label ${_label}" - cryptsetup config "${_key_options[@]}" "${_image_path}" --label "${_label}" - + while ! cryptsetup config "${_key_options[@]}" "${_image_path}" --label "${_label}"; do + _close_luks_device "${image_device}" + done + + _msg_info "Opening device on mapper ${_mapper}" while ! cryptsetup open --type luks2 "${_image_path}" "${_mapper}" "${_key_options[@]}"; do _close_luks_device "${image_device}" done -- GitLab From c7aa259f2192eca4de13017295cdecc3fcbfcdb6 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 8 Jun 2022 03:22:03 +0000 Subject: [PATCH 086/347] update profiles --- archiso/mkarchiso | 20 ++++++++++++++++++- configs/baseline/grub/grub.cfg | 4 ++-- configs/releng/grub/grub.cfg | 4 ++-- configs/releng/syslinux/archiso_sys-linux.cfg | 6 +++--- docs/README.profile.rst | 1 - 5 files changed, 26 insertions(+), 9 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 70d8a191..a563f850 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -580,6 +580,23 @@ _make_boot_on_iso9660() { _msg_info "Done!" } +# Produce the 'encrypt' hook's kernel parameters needed to boot an encrypted ISO. +_get_crypto_params() { + declare -a _cparams + local _airootfs_path _keys_ext _keys_path + _airootfs_path="${install_dir}/airootfs.$(_get_fs_ext "airootfs")" + _keys_type="$(_get_fs_type "keys")" + _keys_path="/keys.$(_get_fs_ext "keys")" + _cparams=("root=/dev/mapper/root" + "cryptdevice=LABEL=${iso_label},${_airootfs_path}:root" + "cryptkey=LABEL=${iso_label}_KEYS:iso9660,${_keys_type}:${_keys_path},airootfs.key") + if [ "${encryption_key}" != "" ]; then + echo "${_cparams[@]}" + else + echo "" + fi +} + # Prepare syslinux for booting from MBR (isohybrid) _make_bootmode_bios.syslinux.mbr() { _msg_info "Setting up SYSLINUX for BIOS booting from a disk..." @@ -587,7 +604,7 @@ _make_bootmode_bios.syslinux.mbr() { for _cfg in "${profile}/syslinux/"*.cfg; do sed "s|%ARCHISO_LABEL%|${iso_label}|g; s|%INSTALL_DIR%|${install_dir}|g; - s|%KEYS_IMAGE_TYPE%|${keys_image_type}|g; + s|%CRYPTO_PARAMS%|$(_get_crypto_params)|g; s|%ARCH%|${arch}|g" \ "${_cfg}" > "${isofs_dir}/syslinux/${_cfg##*/}" done @@ -684,6 +701,7 @@ _make_bootmode_uefi-ia32.grub.esp() { # Fill Grub configuration files sed "s|%ARCHISO_LABEL%|${iso_label}|g; s|%INSTALL_DIR%|${install_dir}|g; + s|%CRYPTO_PARAMS%|$(_get_crypto_params)|g; s|%ARCH%|${arch}|g" \ "${profile}/grub/grub.cfg" > "${work_dir}/grub.cfg" diff --git a/configs/baseline/grub/grub.cfg b/configs/baseline/grub/grub.cfg index 0e5db493..4249c898 100644 --- a/configs/baseline/grub/grub.cfg +++ b/configs/baseline/grub/grub.cfg @@ -17,13 +17,13 @@ fi menuentry "Arch Linux (x86_64, UEFI)" { set gfxpayload=keep search --no-floppy --set=root --label %ARCHISO_LABEL% - linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% + linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% %CRYPTO_PARAMS% initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img } menuentry "Arch Linux (x86_64, UEFI) Copy to RAM" { set gfxpayload=keep search --no-floppy --set=root --label %ARCHISO_LABEL% - linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% copytoram + linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% %CRYPTO_PARAMS% copytoram initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img } diff --git a/configs/releng/grub/grub.cfg b/configs/releng/grub/grub.cfg index 4a707b9e..57b0c195 100644 --- a/configs/releng/grub/grub.cfg +++ b/configs/releng/grub/grub.cfg @@ -28,14 +28,14 @@ play 500 500 1 300 1 500 1 300 1 500 1 300 1 100 5 500 1 300 1 500 1 300 1 100 2 menuentry "Arch Linux install medium (x86_64, UEFI)" { set gfxpayload=keep search --no-floppy --set=root --label %ARCHISO_LABEL% - linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% + linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% %CRYPTO_PARAMS% initrd /%INSTALL_DIR%/boot/intel-ucode.img /%INSTALL_DIR%/boot/amd-ucode.img /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img } menuentry "Arch Linux install medium with speakup screen reader (x86_64, UEFI)" --hotkey=s { set gfxpayload=keep search --no-floppy --set=root --label %ARCHISO_LABEL% - linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% accessibility=on + linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% %CRYPTO_PARAMS% accessibility=on initrd /%INSTALL_DIR%/boot/intel-ucode.img /%INSTALL_DIR%/boot/amd-ucode.img /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img } diff --git a/configs/releng/syslinux/archiso_sys-linux.cfg b/configs/releng/syslinux/archiso_sys-linux.cfg index 0d85fccf..cb3dabfd 100644 --- a/configs/releng/syslinux/archiso_sys-linux.cfg +++ b/configs/releng/syslinux/archiso_sys-linux.cfg @@ -6,7 +6,7 @@ ENDTEXT MENU LABEL Arch Linux install medium (x86_64, BIOS) LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% +APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% %CRYPTO_PARAMS% # Accessibility boot option LABEL arch64speech @@ -17,7 +17,7 @@ ENDTEXT MENU LABEL Arch Linux install medium (x86_64, BIOS) with ^speech LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% accessibility=on +APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% %CRYPTO_PARAMS% accessibility=on # Copy to RAM boot option LABEL arch64ram @@ -28,4 +28,4 @@ ENDTEXT MENU LABEL Arch Linux install medium (x86_64, BIOS, Copy to RAM) LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% copytoram +APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% %CRYPTO_PARAMS% copytoram diff --git a/docs/README.profile.rst b/docs/README.profile.rst index 3d7b4206..e87d9cf6 100644 --- a/docs/README.profile.rst +++ b/docs/README.profile.rst @@ -143,7 +143,6 @@ respective variables in ``profiledef.sh``: * ``%ARCHISO_LABEL%``: Set this using the ``iso_label`` variable in ``profiledef.sh``. * ``%INSTALL_DIR%``: Set this using the ``iso_label`` variable in ``profiledef.sh``. * ``%ARCH%``: Set this using the ``arch`` variable in ``profiledef.sh``. -* ``%KEYS_IMAGE_TYPE%``: Set this using the ``keys_image_type`` variable in ``profiledef.sh``. efiboot ------- -- GitLab From efb78cb836c1aea1b1c425391ad253f5ab23b209 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 8 Jun 2022 05:15:20 +0000 Subject: [PATCH 087/347] edit systemd-boot entries --- CHANGELOG.rst | 19 ++++++++++++++++--- .../entries/01-archiso-x86_64-linux.conf | 2 +- .../02-archiso-x86_64-speech-linux.conf | 2 +- .../entries/03-archiso-x86_64-ram-linux.conf | 2 +- configs/releng/efiboot/loader/loader.conf | 1 + configs/releng/grub/grub.cfg | 7 +++++++ 6 files changed, 27 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 5fafa56b..6daa829c 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -7,9 +7,6 @@ Changelog Added ----- - -- Add ``uefi-ia32.grub.esp`` boot mode to support IA32 UEFI boot on x86_64 machines. -- Add GRUB configuration files to profiles. - Add support for LUKS2 image disks. Changed @@ -18,6 +15,22 @@ Changed Removed ------- +[64] - 2022-05-30 +================= + +Added +----- + +- Add ``uefi-ia32.grub.esp`` boot mode to support IA32 UEFI boot on x86_64 machines. +- Add GRUB configuration files to profiles. +- Add accessible ``copytoram`` entry. +- Enable beeps in systemd-boot menu. + +Changed +------- + +- Fix systemd-boot menu entry sorting by using the ``sort-key`` option. + [63] - 2022-04-30 ================= diff --git a/configs/releng/efiboot/loader/entries/01-archiso-x86_64-linux.conf b/configs/releng/efiboot/loader/entries/01-archiso-x86_64-linux.conf index d59262f1..e3c40463 100644 --- a/configs/releng/efiboot/loader/entries/01-archiso-x86_64-linux.conf +++ b/configs/releng/efiboot/loader/entries/01-archiso-x86_64-linux.conf @@ -3,4 +3,4 @@ linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux initrd /%INSTALL_DIR%/boot/intel-ucode.img initrd /%INSTALL_DIR%/boot/amd-ucode.img initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% +options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% %CRYPTO_PARAMS% diff --git a/configs/releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf b/configs/releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf index 06f5466e..c757dcc9 100644 --- a/configs/releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf +++ b/configs/releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf @@ -3,4 +3,4 @@ linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux initrd /%INSTALL_DIR%/boot/intel-ucode.img initrd /%INSTALL_DIR%/boot/amd-ucode.img initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% accessibility=on +options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% %CRYPTO_PARAMS% accessibility=on diff --git a/configs/releng/efiboot/loader/entries/03-archiso-x86_64-ram-linux.conf b/configs/releng/efiboot/loader/entries/03-archiso-x86_64-ram-linux.conf index 9c7a51ab..37934b83 100644 --- a/configs/releng/efiboot/loader/entries/03-archiso-x86_64-ram-linux.conf +++ b/configs/releng/efiboot/loader/entries/03-archiso-x86_64-ram-linux.conf @@ -3,4 +3,4 @@ linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux initrd /%INSTALL_DIR%/boot/intel-ucode.img initrd /%INSTALL_DIR%/boot/amd-ucode.img initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% copytoram +options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% %CRYPTO_PARAMS% copytoram diff --git a/configs/releng/efiboot/loader/loader.conf b/configs/releng/efiboot/loader/loader.conf index ae634870..2d137aa9 100644 --- a/configs/releng/efiboot/loader/loader.conf +++ b/configs/releng/efiboot/loader/loader.conf @@ -1,2 +1,3 @@ timeout 15 default 01-archiso-x86_64-linux.conf +beep on diff --git a/configs/releng/grub/grub.cfg b/configs/releng/grub/grub.cfg index 57b0c195..447bbeb5 100644 --- a/configs/releng/grub/grub.cfg +++ b/configs/releng/grub/grub.cfg @@ -39,6 +39,13 @@ menuentry "Arch Linux install medium with speakup screen reader (x86_64, UEFI)" initrd /%INSTALL_DIR%/boot/intel-ucode.img /%INSTALL_DIR%/boot/amd-ucode.img /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img } +menuentry "Arch Linux install medium with speakup screen reader (x86_64, AMD, UEFI)" { + set gfxpayload=keep + search --no-floppy --set=root --label %ARCHISO_LABEL% + linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% add_efi_memmap accessibility=on + initrd /%INSTALL_DIR%/boot/amd-ucode.img /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img +} + menuentry "UEFI Shell" { insmod chain search --no-floppy --set=root --label %ARCHISO_LABEL% -- GitLab From 1c7b1cd814353489bf63cf621715c4c3717bd1ca Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 8 Jun 2022 05:15:55 +0000 Subject: [PATCH 088/347] edit systemd-boot entries --- .../loader/entries/04-archiso-x86_64-ram-speech-linux.conf | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 configs/releng/efiboot/loader/entries/04-archiso-x86_64-ram-speech-linux.conf diff --git a/configs/releng/efiboot/loader/entries/04-archiso-x86_64-ram-speech-linux.conf b/configs/releng/efiboot/loader/entries/04-archiso-x86_64-ram-speech-linux.conf new file mode 100644 index 00000000..d2901709 --- /dev/null +++ b/configs/releng/efiboot/loader/entries/04-archiso-x86_64-ram-speech-linux.conf @@ -0,0 +1,7 @@ +title Arch Linux install medium (x86_64, UEFI, Copy to RAM) with speech +sort-key 04 +linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux +initrd /%INSTALL_DIR%/boot/intel-ucode.img +initrd /%INSTALL_DIR%/boot/amd-ucode.img +initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img +options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% %CRYPTO_PARAMS% copytoram accessibility=on -- GitLab From b6c81fd93f5b962143d3c86eb6b401098f1ced9a Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 8 Jun 2022 06:29:36 +0000 Subject: [PATCH 089/347] edit systemd-boot entries --- .../loader/entries/01-archiso-x86_64-linux.conf | 13 +++++++------ .../entries/02-archiso-x86_64-speech-linux.conf | 1 + .../loader/entries/03-archiso-x86_64-ram-linux.conf | 1 + 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/configs/releng/efiboot/loader/entries/01-archiso-x86_64-linux.conf b/configs/releng/efiboot/loader/entries/01-archiso-x86_64-linux.conf index e3c40463..f0fbc1ae 100644 --- a/configs/releng/efiboot/loader/entries/01-archiso-x86_64-linux.conf +++ b/configs/releng/efiboot/loader/entries/01-archiso-x86_64-linux.conf @@ -1,6 +1,7 @@ -title Arch Linux install medium (x86_64, UEFI) -linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux -initrd /%INSTALL_DIR%/boot/intel-ucode.img -initrd /%INSTALL_DIR%/boot/amd-ucode.img -initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% %CRYPTO_PARAMS% +title Arch Linux install medium (x86_64, UEFI) +sort-key 01 +linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux +initrd /%INSTALL_DIR%/boot/intel-ucode.img +initrd /%INSTALL_DIR%/boot/amd-ucode.img +initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img +options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% %CRYPTO_PARAMS% diff --git a/configs/releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf b/configs/releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf index c757dcc9..d874d15e 100644 --- a/configs/releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf +++ b/configs/releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf @@ -1,4 +1,5 @@ title Arch Linux install medium (x86_64, UEFI) with speech +sort-key 02 linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux initrd /%INSTALL_DIR%/boot/intel-ucode.img initrd /%INSTALL_DIR%/boot/amd-ucode.img diff --git a/configs/releng/efiboot/loader/entries/03-archiso-x86_64-ram-linux.conf b/configs/releng/efiboot/loader/entries/03-archiso-x86_64-ram-linux.conf index 37934b83..e27bb0c2 100644 --- a/configs/releng/efiboot/loader/entries/03-archiso-x86_64-ram-linux.conf +++ b/configs/releng/efiboot/loader/entries/03-archiso-x86_64-ram-linux.conf @@ -1,4 +1,5 @@ title Arch Linux install medium (x86_64, UEFI, Copy to RAM) +sort-key 03 linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux initrd /%INSTALL_DIR%/boot/intel-ucode.img initrd /%INSTALL_DIR%/boot/amd-ucode.img -- GitLab From ffa977967feaa0140359f96618f12bde1a8efaa3 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 8 Jun 2022 06:36:06 +0000 Subject: [PATCH 090/347] edit grub entries --- .../loader/entries/03-archiso-x86_64-ram-linux.conf | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/configs/releng/efiboot/loader/entries/03-archiso-x86_64-ram-linux.conf b/configs/releng/efiboot/loader/entries/03-archiso-x86_64-ram-linux.conf index e27bb0c2..ac5ec398 100644 --- a/configs/releng/efiboot/loader/entries/03-archiso-x86_64-ram-linux.conf +++ b/configs/releng/efiboot/loader/entries/03-archiso-x86_64-ram-linux.conf @@ -1,7 +1,7 @@ -title Arch Linux install medium (x86_64, UEFI, Copy to RAM) +title Arch Linux install medium (x86_64, UEFI, Copy to RAM) sort-key 03 -linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux -initrd /%INSTALL_DIR%/boot/intel-ucode.img -initrd /%INSTALL_DIR%/boot/amd-ucode.img -initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% %CRYPTO_PARAMS% copytoram +linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux +initrd /%INSTALL_DIR%/boot/intel-ucode.img +initrd /%INSTALL_DIR%/boot/amd-ucode.img +initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img +options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% %CRYPTO_PARAMS% copytoram -- GitLab From fc5ccc3b1cc3b17e7e91455cdea4d6a4981623c1 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 8 Jun 2022 06:36:50 +0000 Subject: [PATCH 091/347] edit grub entries --- configs/releng/grub/grub.cfg | 7 ------- 1 file changed, 7 deletions(-) diff --git a/configs/releng/grub/grub.cfg b/configs/releng/grub/grub.cfg index 447bbeb5..57b0c195 100644 --- a/configs/releng/grub/grub.cfg +++ b/configs/releng/grub/grub.cfg @@ -39,13 +39,6 @@ menuentry "Arch Linux install medium with speakup screen reader (x86_64, UEFI)" initrd /%INSTALL_DIR%/boot/intel-ucode.img /%INSTALL_DIR%/boot/amd-ucode.img /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img } -menuentry "Arch Linux install medium with speakup screen reader (x86_64, AMD, UEFI)" { - set gfxpayload=keep - search --no-floppy --set=root --label %ARCHISO_LABEL% - linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% add_efi_memmap accessibility=on - initrd /%INSTALL_DIR%/boot/amd-ucode.img /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -} - menuentry "UEFI Shell" { insmod chain search --no-floppy --set=root --label %ARCHISO_LABEL% -- GitLab From c6c303ec667f9a1701514e3a7989b4b50460ac71 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 8 Jun 2022 06:37:37 +0000 Subject: [PATCH 092/347] edit systemd-boot entries --- .../entries/02-archiso-x86_64-speech-linux.conf | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/configs/releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf b/configs/releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf index d874d15e..efe1bd41 100644 --- a/configs/releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf +++ b/configs/releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf @@ -1,7 +1,7 @@ -title Arch Linux install medium (x86_64, UEFI) with speech +title Arch Linux install medium (x86_64, UEFI) with speech sort-key 02 -linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux -initrd /%INSTALL_DIR%/boot/intel-ucode.img -initrd /%INSTALL_DIR%/boot/amd-ucode.img -initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% %CRYPTO_PARAMS% accessibility=on +linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux +initrd /%INSTALL_DIR%/boot/intel-ucode.img +initrd /%INSTALL_DIR%/boot/amd-ucode.img +initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img +options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% %CRYPTO_PARAMS% accessibility=on -- GitLab From fce802c5ce7ad1e798d62f1237f4dcca1e2f4c49 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 8 Jun 2022 07:14:01 +0000 Subject: [PATCH 093/347] updated profiledef.sh --- configs/releng/profiledef.sh | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/configs/releng/profiledef.sh b/configs/releng/profiledef.sh index f3bbe111..0768fca9 100644 --- a/configs/releng/profiledef.sh +++ b/configs/releng/profiledef.sh @@ -8,17 +8,26 @@ iso_application="Arch Linux Live/Rescue CD" iso_version="$(date +%Y.%m.%d)" install_dir="arch" buildmodes=('iso') -bootmodes=('bios.syslinux.mbr' 'bios.syslinux.eltorito' - 'uefi-ia32.grub.esp' 'uefi-x64.systemd-boot.esp' - 'uefi-ia32.grub.eltorito' 'uefi-x64.systemd-boot.eltorito') +bootmodes=('bios.syslinux.mbr' + 'bios.syslinux.eltorito' + 'uefi-ia32.grub.esp' + 'uefi-ia32.grub.eltorito' + 'uefi-x64.systemd-boot.esp' + 'uefi-x64.systemd-boot.eltorito') arch="x86_64" pacman_conf="pacman.conf" airootfs_image_type="squashfs" -airootfs_image_tool_options=('-comp' 'xz' '-Xbcj' 'x86' '-b' '1M' '-Xdict-size' '1M') +airootfs_image_tool_options=('-comp' 'xz' '-Xbcj' 'x86' + '-b' '1M' '-Xdict-size' '1M') +encryption_key="" +keys_image_type="squashfs+luks" +keys_image_tool_options=('-comp' 'xz' '-Xbcj' 'x86' + '-b' '1M' '-Xdict-size' '1M') file_permissions=( ["/etc/shadow"]="0:0:400" ["/root"]="0:0:750" ["/root/.automated_script.sh"]="0:0:755" + ["/run/archiso/keys"]="0:0:700" ["/usr/local/bin/choose-mirror"]="0:0:755" ["/usr/local/bin/Installation_guide"]="0:0:755" ["/usr/local/bin/livecd-sound"]="0:0:755" -- GitLab From cd9bde75fbf188d9f91f5e363c4834b6acc2d278 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 8 Jun 2022 13:17:18 +0000 Subject: [PATCH 094/347] better exception handling --- archiso/mkarchiso | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index a563f850..14e03fb1 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -195,12 +195,12 @@ _run_mkluks() { _msg_info "Setting label ${_label}" while ! cryptsetup config "${_key_options[@]}" "${_image_path}" --label "${_label}"; do - _close_luks_device "${image_device}" + _close_luks_device "${image_device}" || true done _msg_info "Opening device on mapper ${_mapper}" while ! cryptsetup open --type luks2 "${_image_path}" "${_mapper}" "${_key_options[@]}"; do - _close_luks_device "${image_device}" + _close_luks_device "${image_device}" || true done _msg_info "Done!" -- GitLab From f5b15f42461a14eb7be30d8a3635eefc742b68f8 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 8 Jun 2022 13:22:52 +0000 Subject: [PATCH 095/347] fix cmdline --- archiso/mkarchiso | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 14e03fb1..477fec97 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -585,11 +585,11 @@ _get_crypto_params() { declare -a _cparams local _airootfs_path _keys_ext _keys_path _airootfs_path="${install_dir}/airootfs.$(_get_fs_ext "airootfs")" - _keys_type="$(_get_fs_type "keys")" - _keys_path="/keys.$(_get_fs_ext "keys")" + _keys_fs_type="$(_get_fs_type "keys")" + _keys_path="keys.$(_get_fs_ext "keys")" _cparams=("root=/dev/mapper/root" "cryptdevice=LABEL=${iso_label},${_airootfs_path}:root" - "cryptkey=LABEL=${iso_label}_KEYS:iso9660,${_keys_type}:${_keys_path},airootfs.key") + "cryptkey=LABEL=${iso_label}_KEYS:iso9660,${_keys_fs_type}:${_keys_path},airootfs.key") if [ "${encryption_key}" != "" ]; then echo "${_cparams[@]}" else -- GitLab From ae2fdfdb3bd7eb730add42388afe234ded3d4acd Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 8 Jun 2022 13:52:08 +0000 Subject: [PATCH 096/347] fix key name --- archiso/mkarchiso | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 477fec97..c74ddbf9 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1062,8 +1062,8 @@ _prepare_airootfs_image() { # Build keys filesystem image _prepare_keys_image() { - cp "${encryption_key}" "${keys_dir}/${iso_label}.key" - encryption_key="${keys_dir}/${iso_label}.key" + cp "${encryption_key}" "${keys_dir}/airootfs.key" + encryption_key="${keys_dir}/airootfs.key" keys_size=200000 _run_once "_mkkeys_${keys_image_type}" -- GitLab From 625425bfc1a438297c86c7731b1ca2b27597d549 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 8 Jun 2022 14:13:01 +0000 Subject: [PATCH 097/347] add delay --- archiso/mkarchiso | 2 ++ 1 file changed, 2 insertions(+) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index c74ddbf9..cdeb2fe0 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -196,11 +196,13 @@ _run_mkluks() { _msg_info "Setting label ${_label}" while ! cryptsetup config "${_key_options[@]}" "${_image_path}" --label "${_label}"; do _close_luks_device "${image_device}" || true + sleep 1 done _msg_info "Opening device on mapper ${_mapper}" while ! cryptsetup open --type luks2 "${_image_path}" "${_mapper}" "${_key_options[@]}"; do _close_luks_device "${image_device}" || true + sleep 1 done _msg_info "Done!" -- GitLab From 5d2c42ebf0d58f4e9d4da6dcd122f9c70462fff4 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 8 Jun 2022 14:15:59 +0000 Subject: [PATCH 098/347] no YES dialog --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index cdeb2fe0..8faba7cb 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -189,7 +189,7 @@ _run_mkluks() { _msg_info "Creating LUKS image $(basename "${_image_path}") with cryptsetup (${_size}KB) ${_key_msg}" fallocate -l "${_size}K" "${_image_path}" - while ! cryptsetup -y luksFormat "${_cryptsetup_options[@]}" "${_image_path}"; do + while ! cryptsetup -q -y luksFormat "${_cryptsetup_options[@]}" "${_image_path}"; do sleep 1 done -- GitLab From 050de2767248b66ebe0865bf0c6290aea12e3fb2 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 8 Jun 2022 17:35:47 +0000 Subject: [PATCH 099/347] fix cryptdev param path --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 8faba7cb..d0070443 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -586,7 +586,7 @@ _make_boot_on_iso9660() { _get_crypto_params() { declare -a _cparams local _airootfs_path _keys_ext _keys_path - _airootfs_path="${install_dir}/airootfs.$(_get_fs_ext "airootfs")" + _airootfs_path="${install_dir}/${arch}/airootfs.$(_get_fs_ext "airootfs")" _keys_fs_type="$(_get_fs_type "keys")" _keys_path="keys.$(_get_fs_ext "keys")" _cparams=("root=/dev/mapper/root" -- GitLab From 4974214e2c4008a6b76a7b21df69cad5c7369817 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 8 Jun 2022 19:11:32 +0000 Subject: [PATCH 100/347] fix opening --- archiso/mkarchiso | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index d0070443..301b3d04 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -184,7 +184,7 @@ _run_mkluks() { if [[ "${_encryption_key}" != "" ]]; then _key_options=("--key-file=${_encryption_key}") _cryptsetup_options+=("${_key_options[@]}") - _key_msg="with key ${_encryption_key}" + _key_msg="with key $(basename ${_encryption_key})" fi _msg_info "Creating LUKS image $(basename "${_image_path}") with cryptsetup (${_size}KB) ${_key_msg}" @@ -200,7 +200,7 @@ _run_mkluks() { done _msg_info "Opening device on mapper ${_mapper}" - while ! cryptsetup open --type luks2 "${_image_path}" "${_mapper}" "${_key_options[@]}"; do + while ! cryptsetup "${_key_options[@]}" open --type luks2 "${_image_path}" "${_mapper}"; do _close_luks_device "${image_device}" || true sleep 1 done -- GitLab From 059b2c69981404ad5ce003a6eebdbc7443f5ee30 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 8 Jun 2022 19:38:15 +0000 Subject: [PATCH 101/347] shellcheck typo --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 301b3d04..f877fd3d 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -184,7 +184,7 @@ _run_mkluks() { if [[ "${_encryption_key}" != "" ]]; then _key_options=("--key-file=${_encryption_key}") _cryptsetup_options+=("${_key_options[@]}") - _key_msg="with key $(basename ${_encryption_key})" + _key_msg="with key $(basename "${_encryption_key}")" fi _msg_info "Creating LUKS image $(basename "${_image_path}") with cryptsetup (${_size}KB) ${_key_msg}" -- GitLab From b6d2b6112acb4c1dd6e36cddf0eb0229b16ffaad Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 8 Jun 2022 19:43:53 +0000 Subject: [PATCH 102/347] trying to fix prompt --- archiso/mkarchiso | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index f877fd3d..1dda03aa 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -195,13 +195,13 @@ _run_mkluks() { _msg_info "Setting label ${_label}" while ! cryptsetup config "${_key_options[@]}" "${_image_path}" --label "${_label}"; do - _close_luks_device "${image_device}" || true + _close_luks_device "${image_device}" sleep 1 done _msg_info "Opening device on mapper ${_mapper}" while ! cryptsetup "${_key_options[@]}" open --type luks2 "${_image_path}" "${_mapper}"; do - _close_luks_device "${image_device}" || true + _close_luks_device "${image_device}" sleep 1 done @@ -213,9 +213,9 @@ _close_luks_device() { local _device="${1}" local _mapper _mapper=$(basename "${_device}") - cryptsetup luksClose "${_mapper}" + cryptsetup luksClose "${_mapper}" || true if [ -f "${_device}" ]; then - dmsetup remove "${_device}" + dmsetup remove "${_device}" || true fi sync } -- GitLab From 5679600813112dcc70f46867801eeb01da4fa8ca Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 8 Jun 2022 21:39:19 +0000 Subject: [PATCH 103/347] shellcheck --- archiso/mkarchiso | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 1dda03aa..69eb84df 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -189,20 +189,18 @@ _run_mkluks() { _msg_info "Creating LUKS image $(basename "${_image_path}") with cryptsetup (${_size}KB) ${_key_msg}" fallocate -l "${_size}K" "${_image_path}" - while ! cryptsetup -q -y luksFormat "${_cryptsetup_options[@]}" "${_image_path}"; do + while ! eval "cryptsetup -q -y luksFormat ${_cryptsetup_options[*]} ${_image_path}"; do sleep 1 done _msg_info "Setting label ${_label}" - while ! cryptsetup config "${_key_options[@]}" "${_image_path}" --label "${_label}"; do + while ! eval "cryptsetup config ${_key_options[*]} ${_image_path} --label ${_label}"; do _close_luks_device "${image_device}" - sleep 1 done _msg_info "Opening device on mapper ${_mapper}" - while ! cryptsetup "${_key_options[@]}" open --type luks2 "${_image_path}" "${_mapper}"; do + while ! eval "cryptsetup ${_key_options[*]} open --type luks2 ${_image_path} ${_mapper}"; do _close_luks_device "${image_device}" - sleep 1 done _msg_info "Done!" -- GitLab From 988a83e5b14e5e0aa0653c89292022c837e69156 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 8 Jun 2022 22:06:37 +0000 Subject: [PATCH 104/347] change -f in -e --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 69eb84df..c535c26d 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -212,7 +212,7 @@ _close_luks_device() { local _mapper _mapper=$(basename "${_device}") cryptsetup luksClose "${_mapper}" || true - if [ -f "${_device}" ]; then + if [ -e "${_device}" ]; then dmsetup remove "${_device}" || true fi sync -- GitLab From 4da9b62ffcf9b51305540d7b00b57ba56d3248bb Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 8 Jun 2022 22:21:18 +0000 Subject: [PATCH 105/347] debug print --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index c535c26d..80764b09 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -198,7 +198,7 @@ _run_mkluks() { _close_luks_device "${image_device}" done - _msg_info "Opening device on mapper ${_mapper}" + _msg_info "Opening device on mapper ${_mapper} with options ${_key_options[*]}" while ! eval "cryptsetup ${_key_options[*]} open --type luks2 ${_image_path} ${_mapper}"; do _close_luks_device "${image_device}" done -- GitLab From 3e9601a44527b5e3ffd06f6550f15f8b75a3e1dc Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 8 Jun 2022 22:37:53 +0000 Subject: [PATCH 106/347] fix cryptsetup loop --- archiso/mkarchiso | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 80764b09..928b5afd 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -180,10 +180,11 @@ _run_mkluks() { local _key_msg="" _mapper _mapper=$(basename "${_image_path}")".map" image_device="/dev/mapper/${_mapper}" + _key_opts=() if [[ "${_encryption_key}" != "" ]]; then - _key_options=("--key-file=${_encryption_key}") - _cryptsetup_options+=("${_key_options[@]}") + _key_opts=("--key-file=${_encryption_key}") + _cryptsetup_options+=("${_key_opts[@]}") _key_msg="with key $(basename "${_encryption_key}")" fi @@ -194,12 +195,12 @@ _run_mkluks() { done _msg_info "Setting label ${_label}" - while ! eval "cryptsetup config ${_key_options[*]} ${_image_path} --label ${_label}"; do + while ! eval "cryptsetup config ${_key_opts[*]} ${_image_path} --label ${_label}"; do _close_luks_device "${image_device}" done - _msg_info "Opening device on mapper ${_mapper} with options ${_key_options[*]}" - while ! eval "cryptsetup ${_key_options[*]} open --type luks2 ${_image_path} ${_mapper}"; do + _msg_info "Opening device on mapper ${_mapper} with options ${_key_opts[*]}" + while ! eval "cryptsetup ${_key_opts[*]} open --type luks2 ${_image_path} ${_mapper}"; do _close_luks_device "${image_device}" done -- GitLab From ca30b57a77935045768c52cb6a5ebb0b31b8b060 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 8 Jun 2022 23:51:27 +0000 Subject: [PATCH 107/347] remove extra msg --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 928b5afd..9d381991 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -199,7 +199,7 @@ _run_mkluks() { _close_luks_device "${image_device}" done - _msg_info "Opening device on mapper ${_mapper} with options ${_key_opts[*]}" + _msg_info "Opening device on mapper ${_mapper}" while ! eval "cryptsetup ${_key_opts[*]} open --type luks2 ${_image_path} ${_mapper}"; do _close_luks_device "${image_device}" done -- GitLab From cb0dd20fec1a9ddee8a9c917b783f18dd1893150 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Thu, 16 Jun 2022 05:25:39 +0000 Subject: [PATCH 108/347] sync to 64 --- .gitignore | 5 +++++ CHANGELOG.rst | 18 +++++++----------- 2 files changed, 12 insertions(+), 11 deletions(-) diff --git a/.gitignore b/.gitignore index d38ed9ba..74a0a522 100644 --- a/.gitignore +++ b/.gitignore @@ -3,5 +3,10 @@ archiso-*.tar.gz* work/ out/ *.iso +*.img +*.cer +*.crt +*.key +*.pem user-data meta-data diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 07ebb757..78a9c906 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -8,25 +8,21 @@ Changelog Added ----- - Add support for LUKS2 image disks. +- Configure the locale for the baseline profile to ``C.UTF-8`` so that a UTF-8 locale is used. Changed ------- -Removed -------- - -[64] - 2022-05-30 -================= - -Added ------ - -Changed -------- +- Change the releng profile's locale from ``en_US.UTF-8`` to ``C.UTF-8``. +- Set ``LC_ALL`` to ``C.UTF-8`` instead of ``C`` in mkarchiso since it is now available and non-UTF-8 locales should be + avoided. Removed ------- +- Remove the custom pacman hook that ran ``locale-gen`` on glibc install from the releng profile. The used locale now + ships with the glibc package itself. + [64] - 2022-05-30 ================= -- GitLab From 33e7437096d361fa3eeaf3bb80dca235af7db121 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Thu, 16 Jun 2022 05:34:16 +0000 Subject: [PATCH 109/347] switch to airootfs_img_dir --- archiso/mkarchiso | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 9d381991..6935fa75 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -6,7 +6,7 @@ set -e -u # Control the environment umask 0022 -export LC_ALL="C" +export LC_ALL="C.UTF-8" [[ -v SOURCE_DATE_EPOCH ]] || printf -v SOURCE_DATE_EPOCH '%(%s)T' -1 export SOURCE_DATE_EPOCH @@ -272,8 +272,8 @@ _run_mkerofs() { # Steps shared by _mkairootfs+fs_type functions _mkairootfs_common() { [[ -e "${pacstrap_dir}" ]] || _msg_error "The path '${pacstrap_dir}' does not exist" 1 - install -d -m 0755 -- "${airootfs_dir}" - image_path="${airootfs_dir}/airootfs."$(_get_fs_ext "airootfs") + install -d -m 0755 -- "${airootfs_img_dir}" + image_path="${airootfs_img_dir}/airootfs."$(_get_fs_ext "airootfs") rm -f -- "${image_path}" _mkfs_options=("${airootfs_image_tool_options[@]}") } @@ -1055,9 +1055,9 @@ _prepare_airootfs_image() { airootfs_size=$((pacstrap_size+200000)) _run_once "_mkairootfs_${airootfs_image_type}" - _mkchecksum "${airootfs_dir}/airootfs.$(_get_fs_ext "airootfs")" + _mkchecksum "${airootfs_img_dir}/airootfs.$(_get_fs_ext "airootfs")" if [[ -n "${gpg_key}" ]]; then - _mksignature "${airootfs_dir}/airootfs.$(_get_fs_ext "airootfs")" + _mksignature "${airootfs_img_dir}/airootfs.$(_get_fs_ext "airootfs")" fi } @@ -1698,10 +1698,10 @@ _build_iso_base() { pacstrap_dir="${work_dir}/${arch}/airootfs" isofs_dir="${work_dir}/iso" keys_dir="${work_dir}/keys" - airootfs_dir="${isofs_dir}/${install_dir}/${arch}" + airootfs_img_dir="${isofs_dir}/${install_dir}/${arch}" # Create working directory - [[ -d "${airootfs_dir}" ]] || install -d -- "${airootfs_dir}" + [[ -d "${airootfs_img_dir}" ]] || install -d -- "${airootfs_img_dir}" [[ -d "${keys_dir}" ]] || install -d -- "${keys_dir}" # Write build date to file or if the file exists, read it from there -- GitLab From 0b876c4f16f572013365c0a72612f87b7c6e1ece Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Thu, 16 Jun 2022 06:15:05 +0000 Subject: [PATCH 110/347] upgrade to v64 --- configs/releng/airootfs/etc/locale.conf | 2 +- .../airootfs/etc/pacman.d/hooks/40-locale-gen.hook | 13 ------------- docs/README.profile.rst | 1 + 3 files changed, 2 insertions(+), 14 deletions(-) delete mode 100644 configs/releng/airootfs/etc/pacman.d/hooks/40-locale-gen.hook diff --git a/configs/releng/airootfs/etc/locale.conf b/configs/releng/airootfs/etc/locale.conf index 01ec548f..f9c983cc 100644 --- a/configs/releng/airootfs/etc/locale.conf +++ b/configs/releng/airootfs/etc/locale.conf @@ -1 +1 @@ -LANG=en_US.UTF-8 +LANG=C.UTF-8 diff --git a/configs/releng/airootfs/etc/pacman.d/hooks/40-locale-gen.hook b/configs/releng/airootfs/etc/pacman.d/hooks/40-locale-gen.hook deleted file mode 100644 index 82dd1994..00000000 --- a/configs/releng/airootfs/etc/pacman.d/hooks/40-locale-gen.hook +++ /dev/null @@ -1,13 +0,0 @@ -# remove from airootfs! -[Trigger] -Operation = Install -Type = Package -Target = glibc - -[Action] -Description = Uncommenting en_US.UTF-8 locale and running locale-gen... -When = PostTransaction -Depends = glibc -Depends = sed -Depends = sh -Exec = /bin/sh -c "sed -i 's/#\(en_US\.UTF-8\)/\1/' /etc/locale.gen && locale-gen" diff --git a/docs/README.profile.rst b/docs/README.profile.rst index e87d9cf6..d84cccad 100644 --- a/docs/README.profile.rst +++ b/docs/README.profile.rst @@ -144,6 +144,7 @@ respective variables in ``profiledef.sh``: * ``%INSTALL_DIR%``: Set this using the ``iso_label`` variable in ``profiledef.sh``. * ``%ARCH%``: Set this using the ``arch`` variable in ``profiledef.sh``. + efiboot ------- -- GitLab From 85e42d076ab14c2b2f947ea847565a3f787ab336 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Thu, 16 Jun 2022 06:15:41 +0000 Subject: [PATCH 111/347] upgrade to v64 --- configs/baseline/airootfs/etc/locale.conf | 1 + 1 file changed, 1 insertion(+) create mode 100644 configs/baseline/airootfs/etc/locale.conf diff --git a/configs/baseline/airootfs/etc/locale.conf b/configs/baseline/airootfs/etc/locale.conf new file mode 100644 index 00000000..f9c983cc --- /dev/null +++ b/configs/baseline/airootfs/etc/locale.conf @@ -0,0 +1 @@ +LANG=C.UTF-8 -- GitLab From 73d66df0cc2d58d96bf06ec5ca577897db1ecfce Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Fri, 17 Jun 2022 19:14:02 +0000 Subject: [PATCH 112/347] use uuid instead of label --- archiso/mkarchiso | 12 ++++++------ .../loader/entries/01-archiso-x86_64-linux.conf | 2 +- .../loader/entries/02-archiso-x86_64-ram-linux.conf | 2 +- configs/baseline/grub/grub.cfg | 8 ++++---- configs/baseline/syslinux/syslinux-linux.cfg | 4 ++-- configs/releng/syslinux/archiso_pxe-linux.cfg | 2 +- configs/releng/syslinux/archiso_sys-linux.cfg | 6 +++--- 7 files changed, 18 insertions(+), 18 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 6935fa75..23b37c1b 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -589,7 +589,7 @@ _get_crypto_params() { _keys_fs_type="$(_get_fs_type "keys")" _keys_path="keys.$(_get_fs_ext "keys")" _cparams=("root=/dev/mapper/root" - "cryptdevice=LABEL=${iso_label},${_airootfs_path}:root" + "cryptdevice=UUID=${SOURCE_DATE_EPOCH},${_airootfs_path}:root" "cryptkey=LABEL=${iso_label}_KEYS:iso9660,${_keys_fs_type}:${_keys_path},airootfs.key") if [ "${encryption_key}" != "" ]; then echo "${_cparams[@]}" @@ -603,7 +603,7 @@ _make_bootmode_bios.syslinux.mbr() { _msg_info "Setting up SYSLINUX for BIOS booting from a disk..." install -d -m 0755 -- "${isofs_dir}/syslinux" for _cfg in "${profile}/syslinux/"*.cfg; do - sed "s|%ARCHISO_LABEL%|${iso_label}|g; + sed "s|%ARCHISO_UUID%|${SOURCE_DATE_EPOCH}|g; s|%INSTALL_DIR%|${install_dir}|g; s|%CRYPTO_PARAMS%|$(_get_crypto_params)|g; s|%ARCH%|${arch}|g" \ @@ -700,7 +700,7 @@ _make_efibootimg() { _make_bootmode_uefi-ia32.grub.esp() { # Fill Grub configuration files - sed "s|%ARCHISO_LABEL%|${iso_label}|g; + sed "s|%ARCHISO_UUID%|${SOURCE_DATE_EPOCH}${iso_label}|g; s|%INSTALL_DIR%|${install_dir}|g; s|%CRYPTO_PARAMS%|$(_get_crypto_params)|g; s|%ARCH%|${arch}|g" \ @@ -779,7 +779,7 @@ _make_bootmode_uefi-ia32.grub.eltorito() { _make_bootmode_uefi-ia32.grub.esp() { # Fill Grub configuration files - sed "s|%ARCHISO_LABEL%|${iso_label}|g; + sed "s|%ARCHISO_UUID%|${SOURCE_DATE_EPOCH}|g; s|%INSTALL_DIR%|${install_dir}|g; s|%ARCH%|${arch}|g" \ "${profile}/grub/grub.cfg" > "${work_dir}/grub.cfg" @@ -886,7 +886,7 @@ _make_bootmode_uefi-x64.systemd-boot.esp() { mmd -i "${efibootimg}" ::/loader ::/loader/entries mcopy -i "${efibootimg}" "${profile}/efiboot/loader/loader.conf" ::/loader/ for _conf in "${profile}/efiboot/loader/entries/"*".conf"; do - sed "s|%ARCHISO_LABEL%|${iso_label}|g; + sed "s|%ARCHISO_UUID%|${SOURCE_DATE_EPOCH}|g; s|%INSTALL_DIR%|${install_dir}|g; s|%ARCH%|${arch}|g" \ "${_conf}" | mcopy -i "${efibootimg}" - "::/loader/entries/${_conf##*/}" @@ -925,7 +925,7 @@ _make_bootmode_uefi-x64.systemd-boot.eltorito() { install -d -m 0755 -- "${isofs_dir}/loader/entries" install -m 0644 -- "${profile}/efiboot/loader/loader.conf" "${isofs_dir}/loader/" for _conf in "${profile}/efiboot/loader/entries/"*".conf"; do - sed "s|%ARCHISO_LABEL%|${iso_label}|g; + sed "s|%ARCHISO_UUID%|${SOURCE_DATE_EPOCH}|g; s|%INSTALL_DIR%|${install_dir}|g; s|%ARCH%|${arch}|g" \ "${_conf}" > "${isofs_dir}/loader/entries/${_conf##*/}" diff --git a/configs/baseline/efiboot/loader/entries/01-archiso-x86_64-linux.conf b/configs/baseline/efiboot/loader/entries/01-archiso-x86_64-linux.conf index 11624b65..1da02d29 100644 --- a/configs/baseline/efiboot/loader/entries/01-archiso-x86_64-linux.conf +++ b/configs/baseline/efiboot/loader/entries/01-archiso-x86_64-linux.conf @@ -1,4 +1,4 @@ title Arch Linux (x86_64, UEFI) linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% +options archisobasedir=%INSTALL_DIR% archisouuid=%ARCHISO_UUID% diff --git a/configs/baseline/efiboot/loader/entries/02-archiso-x86_64-ram-linux.conf b/configs/baseline/efiboot/loader/entries/02-archiso-x86_64-ram-linux.conf index d66f5a6b..e0609cf7 100644 --- a/configs/baseline/efiboot/loader/entries/02-archiso-x86_64-ram-linux.conf +++ b/configs/baseline/efiboot/loader/entries/02-archiso-x86_64-ram-linux.conf @@ -1,4 +1,4 @@ title Arch Linux (x86_64, UEFI) Copy to RAM linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% copytoram +options archisobasedir=%INSTALL_DIR% archisouuid=%ARCHISO_UUID% copytoram diff --git a/configs/baseline/grub/grub.cfg b/configs/baseline/grub/grub.cfg index 4249c898..01d96812 100644 --- a/configs/baseline/grub/grub.cfg +++ b/configs/baseline/grub/grub.cfg @@ -16,14 +16,14 @@ fi menuentry "Arch Linux (x86_64, UEFI)" { set gfxpayload=keep - search --no-floppy --set=root --label %ARCHISO_LABEL% - linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% %CRYPTO_PARAMS% + search --no-floppy --set=root --fs-uuid %ARCHISO_UUID% + linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisouuid=%ARCHISO_UUID% %CRYPTO_PARAMS% initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img } menuentry "Arch Linux (x86_64, UEFI) Copy to RAM" { set gfxpayload=keep - search --no-floppy --set=root --label %ARCHISO_LABEL% - linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% %CRYPTO_PARAMS% copytoram + search --no-floppy --set=root --label %ARCHISO_UUID% + linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisouuid=%ARCHISO_UUID% %CRYPTO_PARAMS% copytoram initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img } diff --git a/configs/baseline/syslinux/syslinux-linux.cfg b/configs/baseline/syslinux/syslinux-linux.cfg index 6bfd0c30..f3edd3d5 100644 --- a/configs/baseline/syslinux/syslinux-linux.cfg +++ b/configs/baseline/syslinux/syslinux-linux.cfg @@ -2,10 +2,10 @@ LABEL arch MENU LABEL Arch Linux (x86_64, BIOS) LINUX /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux INITRD /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% +APPEND archisobasedir=%INSTALL_DIR% archisouuid=%ARCHISO_UUID% LABEL arch-ram MENU LABEL Arch Linux (x86_64, BIOS) Copy to RAM LINUX /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux INITRD /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% copytoram +APPEND archisobasedir=%INSTALL_DIR% archisouuid=%ARCHISO_UUID% copytoram diff --git a/configs/releng/syslinux/archiso_pxe-linux.cfg b/configs/releng/syslinux/archiso_pxe-linux.cfg index d812402a..1435341e 100644 --- a/configs/releng/syslinux/archiso_pxe-linux.cfg +++ b/configs/releng/syslinux/archiso_pxe-linux.cfg @@ -6,7 +6,7 @@ ENDTEXT MENU LABEL Arch Linux install medium (x86_64, NBD) LINUX ::/%INSTALL_DIR%/boot/x86_64/vmlinuz-linux INITRD ::/%INSTALL_DIR%/boot/intel-ucode.img,::/%INSTALL_DIR%/boot/amd-ucode.img,::/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% archiso_nbd_srv=${pxeserver} checksum verify +APPEND archisobasedir=%INSTALL_DIR% archisouuid=%ARCHISO_UUID% archiso_nbd_srv=${pxeserver} checksum verify SYSAPPEND 3 LABEL arch64_nfs diff --git a/configs/releng/syslinux/archiso_sys-linux.cfg b/configs/releng/syslinux/archiso_sys-linux.cfg index cb3dabfd..f1d24f39 100644 --- a/configs/releng/syslinux/archiso_sys-linux.cfg +++ b/configs/releng/syslinux/archiso_sys-linux.cfg @@ -6,7 +6,7 @@ ENDTEXT MENU LABEL Arch Linux install medium (x86_64, BIOS) LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% %CRYPTO_PARAMS% +APPEND archisobasedir=%INSTALL_DIR% archisouuid=%ARCHISO_UUID% %CRYPTO_PARAMS% # Accessibility boot option LABEL arch64speech @@ -17,7 +17,7 @@ ENDTEXT MENU LABEL Arch Linux install medium (x86_64, BIOS) with ^speech LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% %CRYPTO_PARAMS% accessibility=on +APPEND archisobasedir=%INSTALL_DIR% archisouuid=%ARCHISO_UUID% %CRYPTO_PARAMS% accessibility=on # Copy to RAM boot option LABEL arch64ram @@ -28,4 +28,4 @@ ENDTEXT MENU LABEL Arch Linux install medium (x86_64, BIOS, Copy to RAM) LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% %CRYPTO_PARAMS% copytoram +APPEND archisobasedir=%INSTALL_DIR% archisouuid=%ARCHISO_UUID% %CRYPTO_PARAMS% copytoram -- GitLab From bf1356045187c9f7145d83866a8889d7a9b9927d Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Fri, 17 Jun 2022 21:27:25 +0000 Subject: [PATCH 113/347] we still need label --- archiso/mkarchiso | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 23b37c1b..b84f287c 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -603,7 +603,8 @@ _make_bootmode_bios.syslinux.mbr() { _msg_info "Setting up SYSLINUX for BIOS booting from a disk..." install -d -m 0755 -- "${isofs_dir}/syslinux" for _cfg in "${profile}/syslinux/"*.cfg; do - sed "s|%ARCHISO_UUID%|${SOURCE_DATE_EPOCH}|g; + sed "s|%ARCHISO_LABEL%|${iso_label}|g + s|%ARCHISO_UUID%|${SOURCE_DATE_EPOCH}|g; s|%INSTALL_DIR%|${install_dir}|g; s|%CRYPTO_PARAMS%|$(_get_crypto_params)|g; s|%ARCH%|${arch}|g" \ @@ -700,7 +701,8 @@ _make_efibootimg() { _make_bootmode_uefi-ia32.grub.esp() { # Fill Grub configuration files - sed "s|%ARCHISO_UUID%|${SOURCE_DATE_EPOCH}${iso_label}|g; + sed "s|%ARCHISO_LABEL%|${iso_label}|g; + s|%ARCHISO_UUID%|${SOURCE_DATE_EPOCH}|g; s|%INSTALL_DIR%|${install_dir}|g; s|%CRYPTO_PARAMS%|$(_get_crypto_params)|g; s|%ARCH%|${arch}|g" \ @@ -779,7 +781,8 @@ _make_bootmode_uefi-ia32.grub.eltorito() { _make_bootmode_uefi-ia32.grub.esp() { # Fill Grub configuration files - sed "s|%ARCHISO_UUID%|${SOURCE_DATE_EPOCH}|g; + sed "s|%ARCHISO_LABEL%|${iso_label}|g; + s|%ARCHISO_UUID%|${SOURCE_DATE_EPOCH}|g; s|%INSTALL_DIR%|${install_dir}|g; s|%ARCH%|${arch}|g" \ "${profile}/grub/grub.cfg" > "${work_dir}/grub.cfg" @@ -886,7 +889,8 @@ _make_bootmode_uefi-x64.systemd-boot.esp() { mmd -i "${efibootimg}" ::/loader ::/loader/entries mcopy -i "${efibootimg}" "${profile}/efiboot/loader/loader.conf" ::/loader/ for _conf in "${profile}/efiboot/loader/entries/"*".conf"; do - sed "s|%ARCHISO_UUID%|${SOURCE_DATE_EPOCH}|g; + sed "s|%ARCHISO_LABEL%|${iso_label}|g; + s|%ARCHISO_UUID%|${SOURCE_DATE_EPOCH}|g; s|%INSTALL_DIR%|${install_dir}|g; s|%ARCH%|${arch}|g" \ "${_conf}" | mcopy -i "${efibootimg}" - "::/loader/entries/${_conf##*/}" @@ -925,7 +929,8 @@ _make_bootmode_uefi-x64.systemd-boot.eltorito() { install -d -m 0755 -- "${isofs_dir}/loader/entries" install -m 0644 -- "${profile}/efiboot/loader/loader.conf" "${isofs_dir}/loader/" for _conf in "${profile}/efiboot/loader/entries/"*".conf"; do - sed "s|%ARCHISO_UUID%|${SOURCE_DATE_EPOCH}|g; + sed "s|%ARCHISO_LABEL%|${iso_label}|g; + s|%ARCHISO_UUID%|${SOURCE_DATE_EPOCH}|g; s|%INSTALL_DIR%|${install_dir}|g; s|%ARCH%|${arch}|g" \ "${_conf}" > "${isofs_dir}/loader/entries/${_conf##*/}" -- GitLab From 02da0e616d911f31655b21c738e42d58197214a4 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Fri, 17 Jun 2022 21:43:17 +0000 Subject: [PATCH 114/347] we still need label --- .../efiboot/loader/entries/01-archiso-x86_64-linux.conf | 2 +- .../efiboot/loader/entries/02-archiso-x86_64-ram-linux.conf | 2 +- configs/baseline/grub/grub.cfg | 6 +++--- configs/baseline/syslinux/syslinux-linux.cfg | 4 ++-- .../efiboot/loader/entries/01-archiso-x86_64-linux.conf | 2 +- .../loader/entries/02-archiso-x86_64-speech-linux.conf | 2 +- .../efiboot/loader/entries/03-archiso-x86_64-ram-linux.conf | 2 +- .../loader/entries/04-archiso-x86_64-ram-speech-linux.conf | 2 +- 8 files changed, 11 insertions(+), 11 deletions(-) diff --git a/configs/baseline/efiboot/loader/entries/01-archiso-x86_64-linux.conf b/configs/baseline/efiboot/loader/entries/01-archiso-x86_64-linux.conf index 1da02d29..61077f19 100644 --- a/configs/baseline/efiboot/loader/entries/01-archiso-x86_64-linux.conf +++ b/configs/baseline/efiboot/loader/entries/01-archiso-x86_64-linux.conf @@ -1,4 +1,4 @@ title Arch Linux (x86_64, UEFI) linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -options archisobasedir=%INSTALL_DIR% archisouuid=%ARCHISO_UUID% +options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% archisouuid=%ARCHISO_UUID% %CRYPTO_PARAMS% diff --git a/configs/baseline/efiboot/loader/entries/02-archiso-x86_64-ram-linux.conf b/configs/baseline/efiboot/loader/entries/02-archiso-x86_64-ram-linux.conf index e0609cf7..7c4376ad 100644 --- a/configs/baseline/efiboot/loader/entries/02-archiso-x86_64-ram-linux.conf +++ b/configs/baseline/efiboot/loader/entries/02-archiso-x86_64-ram-linux.conf @@ -1,4 +1,4 @@ title Arch Linux (x86_64, UEFI) Copy to RAM linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -options archisobasedir=%INSTALL_DIR% archisouuid=%ARCHISO_UUID% copytoram +options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% archisouuid=%ARCHISO_UUID% %CRYPTO_PARAMS% copytoram diff --git a/configs/baseline/grub/grub.cfg b/configs/baseline/grub/grub.cfg index 01d96812..c2086429 100644 --- a/configs/baseline/grub/grub.cfg +++ b/configs/baseline/grub/grub.cfg @@ -17,13 +17,13 @@ fi menuentry "Arch Linux (x86_64, UEFI)" { set gfxpayload=keep search --no-floppy --set=root --fs-uuid %ARCHISO_UUID% - linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisouuid=%ARCHISO_UUID% %CRYPTO_PARAMS% + linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% archisouuid=%ARCHISO_UUID% %CRYPTO_PARAMS% initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img } menuentry "Arch Linux (x86_64, UEFI) Copy to RAM" { set gfxpayload=keep - search --no-floppy --set=root --label %ARCHISO_UUID% - linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisouuid=%ARCHISO_UUID% %CRYPTO_PARAMS% copytoram + search --no-floppy --set=root --fs-uuid %ARCHISO_UUID% + linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% archisouuid=%ARCHISO_UUID% %CRYPTO_PARAMS% copytoram initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img } diff --git a/configs/baseline/syslinux/syslinux-linux.cfg b/configs/baseline/syslinux/syslinux-linux.cfg index f3edd3d5..22a8240d 100644 --- a/configs/baseline/syslinux/syslinux-linux.cfg +++ b/configs/baseline/syslinux/syslinux-linux.cfg @@ -2,10 +2,10 @@ LABEL arch MENU LABEL Arch Linux (x86_64, BIOS) LINUX /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux INITRD /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archisouuid=%ARCHISO_UUID% +APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% archisouuid=%ARCHISO_UUID% %CRYPTO_PARAMS% LABEL arch-ram MENU LABEL Arch Linux (x86_64, BIOS) Copy to RAM LINUX /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux INITRD /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archisouuid=%ARCHISO_UUID% copytoram +APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% archisouuid=%ARCHISO_UUID% %CRYPTO_PARAMS% copytoram diff --git a/configs/releng/efiboot/loader/entries/01-archiso-x86_64-linux.conf b/configs/releng/efiboot/loader/entries/01-archiso-x86_64-linux.conf index f0fbc1ae..553243e7 100644 --- a/configs/releng/efiboot/loader/entries/01-archiso-x86_64-linux.conf +++ b/configs/releng/efiboot/loader/entries/01-archiso-x86_64-linux.conf @@ -4,4 +4,4 @@ linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux initrd /%INSTALL_DIR%/boot/intel-ucode.img initrd /%INSTALL_DIR%/boot/amd-ucode.img initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% %CRYPTO_PARAMS% +options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% archisouuid=%ARCHISO_UUID% %CRYPTO_PARAMS% diff --git a/configs/releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf b/configs/releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf index efe1bd41..41cd3ffe 100644 --- a/configs/releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf +++ b/configs/releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf @@ -4,4 +4,4 @@ linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux initrd /%INSTALL_DIR%/boot/intel-ucode.img initrd /%INSTALL_DIR%/boot/amd-ucode.img initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% %CRYPTO_PARAMS% accessibility=on +options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% archisouuid=%ARCHISO_UUID% %CRYPTO_PARAMS% accessibility=on diff --git a/configs/releng/efiboot/loader/entries/03-archiso-x86_64-ram-linux.conf b/configs/releng/efiboot/loader/entries/03-archiso-x86_64-ram-linux.conf index ac5ec398..7c0c8b63 100644 --- a/configs/releng/efiboot/loader/entries/03-archiso-x86_64-ram-linux.conf +++ b/configs/releng/efiboot/loader/entries/03-archiso-x86_64-ram-linux.conf @@ -4,4 +4,4 @@ linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux initrd /%INSTALL_DIR%/boot/intel-ucode.img initrd /%INSTALL_DIR%/boot/amd-ucode.img initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% %CRYPTO_PARAMS% copytoram +options archisobasedir=%INSTALL_DIR% archisouuid=%ARCHISO_UUID% archisolabel=%ARCHISO_LABEL% %CRYPTO_PARAMS% copytoram diff --git a/configs/releng/efiboot/loader/entries/04-archiso-x86_64-ram-speech-linux.conf b/configs/releng/efiboot/loader/entries/04-archiso-x86_64-ram-speech-linux.conf index d2901709..28fb65d7 100644 --- a/configs/releng/efiboot/loader/entries/04-archiso-x86_64-ram-speech-linux.conf +++ b/configs/releng/efiboot/loader/entries/04-archiso-x86_64-ram-speech-linux.conf @@ -4,4 +4,4 @@ linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux initrd /%INSTALL_DIR%/boot/intel-ucode.img initrd /%INSTALL_DIR%/boot/amd-ucode.img initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% %CRYPTO_PARAMS% copytoram accessibility=on +options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% archisouuid=%ARCHISO_UUID% %CRYPTO_PARAMS% copytoram accessibility=on -- GitLab From aa0b691ae89c2dc802457b751e5601b4f4c0958e Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sat, 18 Jun 2022 01:18:39 +0000 Subject: [PATCH 115/347] we still need label --- configs/releng/grub/grub.cfg | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/configs/releng/grub/grub.cfg b/configs/releng/grub/grub.cfg index 57b0c195..b573ceb3 100644 --- a/configs/releng/grub/grub.cfg +++ b/configs/releng/grub/grub.cfg @@ -27,20 +27,20 @@ play 500 500 1 300 1 500 1 300 1 500 1 300 1 100 5 500 1 300 1 500 1 300 1 100 2 menuentry "Arch Linux install medium (x86_64, UEFI)" { set gfxpayload=keep - search --no-floppy --set=root --label %ARCHISO_LABEL% - linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% %CRYPTO_PARAMS% + search --no-floppy --set=root --fs-uuid %ARCHISO_UUID% + linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% archisouuid=%ARCHISO_UUID% %CRYPTO_PARAMS% initrd /%INSTALL_DIR%/boot/intel-ucode.img /%INSTALL_DIR%/boot/amd-ucode.img /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img } menuentry "Arch Linux install medium with speakup screen reader (x86_64, UEFI)" --hotkey=s { set gfxpayload=keep - search --no-floppy --set=root --label %ARCHISO_LABEL% - linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% %CRYPTO_PARAMS% accessibility=on + search --no-floppy --set=root --fs-uuid %ARCHISO_UUID% + linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% archisouuid=%ARCHISO_UUID% %CRYPTO_PARAMS% accessibility=on initrd /%INSTALL_DIR%/boot/intel-ucode.img /%INSTALL_DIR%/boot/amd-ucode.img /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img } menuentry "UEFI Shell" { insmod chain - search --no-floppy --set=root --label %ARCHISO_LABEL% + search --no-floppy --set=root --fs-uuid %ARCHISO_UUID% chainloader /shellia32.efi } -- GitLab From 335bcb90c1396293c29b188ad38fcc05c51d6a3f Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sat, 18 Jun 2022 01:20:26 +0000 Subject: [PATCH 116/347] we still need label --- configs/releng/syslinux/archiso_sys-linux.cfg | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/configs/releng/syslinux/archiso_sys-linux.cfg b/configs/releng/syslinux/archiso_sys-linux.cfg index f1d24f39..ad29e447 100644 --- a/configs/releng/syslinux/archiso_sys-linux.cfg +++ b/configs/releng/syslinux/archiso_sys-linux.cfg @@ -6,7 +6,7 @@ ENDTEXT MENU LABEL Arch Linux install medium (x86_64, BIOS) LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archisouuid=%ARCHISO_UUID% %CRYPTO_PARAMS% +APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% archisouuid=%ARCHISO_UUID% %CRYPTO_PARAMS% # Accessibility boot option LABEL arch64speech @@ -17,7 +17,7 @@ ENDTEXT MENU LABEL Arch Linux install medium (x86_64, BIOS) with ^speech LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archisouuid=%ARCHISO_UUID% %CRYPTO_PARAMS% accessibility=on +APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% archisouuid=%ARCHISO_UUID% %CRYPTO_PARAMS% accessibility=on # Copy to RAM boot option LABEL arch64ram @@ -28,4 +28,4 @@ ENDTEXT MENU LABEL Arch Linux install medium (x86_64, BIOS, Copy to RAM) LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archisouuid=%ARCHISO_UUID% %CRYPTO_PARAMS% copytoram +APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% archisouuid=%ARCHISO_UUID% %CRYPTO_PARAMS% copytoram -- GitLab From d74651120a7a989605c231c74c854efeba39e195 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 19 Jun 2022 11:36:44 +0000 Subject: [PATCH 117/347] so there were two functions duplicated --- archiso/mkarchiso | 98 ++++++++--------------------------------------- 1 file changed, 15 insertions(+), 83 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index b84f287c..6243fccc 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -121,6 +121,7 @@ ENDUSAGETEXT _show_config() { local build_date printf -v build_date '%(%FT%R%z)T' "${SOURCE_DATE_EPOCH}" + printf -v build_date '%(%FT%R%z)T' "${SOURCE_DATE_EPOCH}" _msg_info "${app_name} configuration settings" _msg_info " Architecture: ${arch}" _msg_info " Working directory: ${work_dir}" @@ -602,9 +603,11 @@ _get_crypto_params() { _make_bootmode_bios.syslinux.mbr() { _msg_info "Setting up SYSLINUX for BIOS booting from a disk..." install -d -m 0755 -- "${isofs_dir}/syslinux" + local archiso_uuid + printf -v archiso_uuid '%(%F-%H-%M-%S-00)T' "${SOURCE_DATE_EPOCH}" for _cfg in "${profile}/syslinux/"*.cfg; do sed "s|%ARCHISO_LABEL%|${iso_label}|g - s|%ARCHISO_UUID%|${SOURCE_DATE_EPOCH}|g; + s|%ARCHISO_UUID%|${archiso_uuid}|g; s|%INSTALL_DIR%|${install_dir}|g; s|%CRYPTO_PARAMS%|$(_get_crypto_params)|g; s|%ARCH%|${arch}|g" \ @@ -700,9 +703,11 @@ _make_efibootimg() { } _make_bootmode_uefi-ia32.grub.esp() { + local archiso_uuid + printf -v archiso_uuid '%(%F-%H-%M-%S-00)T' "${SOURCE_DATE_EPOCH}" # Fill Grub configuration files sed "s|%ARCHISO_LABEL%|${iso_label}|g; - s|%ARCHISO_UUID%|${SOURCE_DATE_EPOCH}|g; + s|%ARCHISO_UUID%|${archiso_uuid}|g; s|%INSTALL_DIR%|${install_dir}|g; s|%CRYPTO_PARAMS%|$(_get_crypto_params)|g; s|%ARCH%|${arch}|g" \ @@ -779,85 +784,6 @@ _make_bootmode_uefi-ia32.grub.eltorito() { _msg_info "Done!" } -_make_bootmode_uefi-ia32.grub.esp() { - # Fill Grub configuration files - sed "s|%ARCHISO_LABEL%|${iso_label}|g; - s|%ARCHISO_UUID%|${SOURCE_DATE_EPOCH}|g; - s|%INSTALL_DIR%|${install_dir}|g; - s|%ARCH%|${arch}|g" \ - "${profile}/grub/grub.cfg" > "${work_dir}/grub.cfg" - - # shellcheck disable=SC2016 - printf 'configfile ${cmdpath}/grub.cfg\n' > "${work_dir}/grub-embed.cfg" - - # Create EFI file - grub-mkstandalone -O i386-efi \ - --modules="part_gpt part_msdos fat iso9660" \ - --locales="en@quot" \ - --themes="" \ - -o "${work_dir}/BOOTIA32.EFI" "boot/grub/grub.cfg=${work_dir}/grub-embed.cfg" - # Add GRUB to the list of files used to calculate the required FAT image size. - efiboot_files+=("${work_dir}/BOOTIA32.EFI" - "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi") - - if [[ ! " ${bootmodes[*]} " =~ uefi-x64.systemd-boot.esp ]]; then - efiboot_files+=("${pacstrap_dir}/boot/vmlinuz-"* - "${pacstrap_dir}/boot/initramfs-"*".img") - - efiboot_imgsize="$(du -bc "${efiboot_files[@]}" \ - 2>/dev/null | awk 'END { print $1 }')" - # Create a FAT image for the EFI system partition - _make_efibootimg "$efiboot_imgsize" - else - _run_once _make_bootmode_uefi-x64.systemd-boot.esp - fi - - # Copy grub EFI binary to the default/fallback boot path - mcopy -i "${efibootimg}" \ - "${work_dir}/BOOTIA32.EFI" ::/EFI/BOOT/BOOTIA32.EFI - - # Copy GRUB configuration files - mcopy -i "${efibootimg}" \ - "${work_dir}/grub.cfg" ::/EFI/BOOT/grub.cfg - - # shellia32.efi is picked up automatically when on / - if [[ -e "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi" ]]; then - mcopy -i "${efibootimg}" \ - "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi" ::/shellia32.efi - fi - - _msg_info "Done! GRUB set up for UEFI booting successfully." -} - -# Prepare GRUB for El Torito booting -_make_bootmode_uefi-ia32.grub.eltorito() { - # El Torito UEFI boot requires an image containing the EFI system partition. - # uefi-ia32.grub.eltorito has the same requirements as uefi-ia32.grub.esp - _run_once _make_bootmode_uefi-ia32.grub.esp - - # Additionally set up system-boot in ISO 9660. This allows creating a medium for the live environment by using - # manual partitioning and simply copying the ISO 9660 file system contents. - # This is not related to El Torito booting and no firmware uses these files. - _msg_info "Preparing an /EFI directory for the ISO 9660 file system..." - install -d -m 0755 -- "${isofs_dir}/EFI/BOOT" - - # Copy GRUB EFI binary to the default/fallback boot path - install -m 0644 -- "${work_dir}/BOOTIA32.EFI" \ - "${isofs_dir}/EFI/BOOT/BOOTIA32.EFI" - - # Copy GRUB configuration files - install -m 0644 -- "${work_dir}/grub.cfg" "${isofs_dir}/EFI/BOOT/grub.cfg" - - # edk2-shell based UEFI shell - # shellia32.efi is picked up automatically when on / - if [[ -e "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi" ]]; then - install -m 0644 -- "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi" \ - "${isofs_dir}/shellia32.efi" - fi - - _msg_info "Done!" -} - # Prepare system-boot for booting when written to a disk (isohybrid) _make_bootmode_uefi-x64.systemd-boot.esp() { local _file efiboot_imgsize @@ -888,10 +814,13 @@ _make_bootmode_uefi-x64.systemd-boot.esp() { # Copy systemd-boot configuration files mmd -i "${efibootimg}" ::/loader ::/loader/entries mcopy -i "${efibootimg}" "${profile}/efiboot/loader/loader.conf" ::/loader/ + local archiso_uuid + printf -v archiso_uuid '%(%F-%H-%M-%S-00)T' "${SOURCE_DATE_EPOCH}" for _conf in "${profile}/efiboot/loader/entries/"*".conf"; do sed "s|%ARCHISO_LABEL%|${iso_label}|g; - s|%ARCHISO_UUID%|${SOURCE_DATE_EPOCH}|g; + s|%ARCHISO_UUID%|${archiso_uuid}|g; s|%INSTALL_DIR%|${install_dir}|g; + s|%CRYPTO_PARAMS%|$(_get_crypto_params)|g; s|%ARCH%|${arch}|g" \ "${_conf}" | mcopy -i "${efibootimg}" - "::/loader/entries/${_conf##*/}" done @@ -928,10 +857,13 @@ _make_bootmode_uefi-x64.systemd-boot.eltorito() { # Copy systemd-boot configuration files install -d -m 0755 -- "${isofs_dir}/loader/entries" install -m 0644 -- "${profile}/efiboot/loader/loader.conf" "${isofs_dir}/loader/" + local archiso_uuid + printf -v archiso_uuid '%(%F-%H-%M-%S-00)T' "${SOURCE_DATE_EPOCH}" for _conf in "${profile}/efiboot/loader/entries/"*".conf"; do sed "s|%ARCHISO_LABEL%|${iso_label}|g; - s|%ARCHISO_UUID%|${SOURCE_DATE_EPOCH}|g; + s|%ARCHISO_UUID%|${archiso_uuid}|g; s|%INSTALL_DIR%|${install_dir}|g; + s|%CRYPTO_PARAMS%|$(_get_crypto_params)|g; s|%ARCH%|${arch}|g" \ "${_conf}" > "${isofs_dir}/loader/entries/${_conf##*/}" done -- GitLab From 00595575f2777aac927b245c3a433866d662890e Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 19 Jun 2022 12:00:14 +0000 Subject: [PATCH 118/347] typo --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 6243fccc..2e1149c4 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -606,7 +606,7 @@ _make_bootmode_bios.syslinux.mbr() { local archiso_uuid printf -v archiso_uuid '%(%F-%H-%M-%S-00)T' "${SOURCE_DATE_EPOCH}" for _cfg in "${profile}/syslinux/"*.cfg; do - sed "s|%ARCHISO_LABEL%|${iso_label}|g + sed "s|%ARCHISO_LABEL%|${iso_label}|g; s|%ARCHISO_UUID%|${archiso_uuid}|g; s|%INSTALL_DIR%|${install_dir}|g; s|%CRYPTO_PARAMS%|$(_get_crypto_params)|g; -- GitLab From 5fb251228122fc0a32671cfa382c8419e52afce9 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 19 Jun 2022 13:50:57 +0000 Subject: [PATCH 119/347] typo --- archiso/mkarchiso | 1 - 1 file changed, 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 2e1149c4..91405f2d 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -121,7 +121,6 @@ ENDUSAGETEXT _show_config() { local build_date printf -v build_date '%(%FT%R%z)T' "${SOURCE_DATE_EPOCH}" - printf -v build_date '%(%FT%R%z)T' "${SOURCE_DATE_EPOCH}" _msg_info "${app_name} configuration settings" _msg_info " Architecture: ${arch}" _msg_info " Working directory: ${work_dir}" -- GitLab From 9023a4175f9d69b2bedb72a5dcc444e95bf5bb73 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 19 Jun 2022 14:10:51 +0000 Subject: [PATCH 120/347] fix uuid for cryptkey --- archiso/mkarchiso | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 91405f2d..256865cc 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -584,12 +584,13 @@ _make_boot_on_iso9660() { # Produce the 'encrypt' hook's kernel parameters needed to boot an encrypted ISO. _get_crypto_params() { declare -a _cparams - local _airootfs_path _keys_ext _keys_path + local _airootfs_path _archiso_uuid _keys_ext _keys_path _airootfs_path="${install_dir}/${arch}/airootfs.$(_get_fs_ext "airootfs")" _keys_fs_type="$(_get_fs_type "keys")" _keys_path="keys.$(_get_fs_ext "keys")" + printf -v archiso_uuid '%(%F-%H-%M-%S-00)T' "${SOURCE_DATE_EPOCH}" _cparams=("root=/dev/mapper/root" - "cryptdevice=UUID=${SOURCE_DATE_EPOCH},${_airootfs_path}:root" + "cryptdevice=UUID=${archiso_uuid},${_airootfs_path}:root" "cryptkey=LABEL=${iso_label}_KEYS:iso9660,${_keys_fs_type}:${_keys_path},airootfs.key") if [ "${encryption_key}" != "" ]; then echo "${_cparams[@]}" -- GitLab From 759b5e36fa999ee331621eea01151f4037a7f347 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 19 Jun 2022 16:43:34 +0200 Subject: [PATCH 121/347] more verbose output for file system creation --- archiso/mkarchiso | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 256865cc..f9a18764 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -234,8 +234,15 @@ _run_mkext4() { local _image_path="${1}.img" local _size="${2}" local ext4_hash_seed mkfs_ext4_options=() + local archiso_uuid + printf -v archiso_uuid '%(%F-%H-%M-%S-00)T' "${SOURCE_DATE_EPOCH}" - _msg_info "Creating ext4 image of ${_size} KB and copying '${_dir}/' to it..." + _msg_info "Creating ext4 image" + _msg_info "Size: ${_size} KB" + _msg_info "Directory: ${_dir}" + _msg_info "Image path: ${_image_path}" + _msg_info "UUID: ${archiso_uuid}" + _msg_info "this may take a while..." ext4_hash_seed="$(uuidgen --sha1 --namespace 93a870ff-8565-4cf3-a67b-f47299271a96 \ --name "${SOURCE_DATE_EPOCH} ext4 hash seed")" @@ -264,7 +271,11 @@ _run_mkerofs() { # Generate reproducible file system UUID from SOURCE_DATE_EPOCH fsuuid="$(uuidgen --sha1 --namespace 93a870ff-8565-4cf3-a67b-f47299271a96 --name "${SOURCE_DATE_EPOCH}")" mkfs_erofs_options+=('-U' "${fsuuid}" "${_mkfs_options[@]}") - _msg_info "Creating EROFS image, this may take some time..." + _msg_info "Creating EROFS image" + _msg_info "Directory: ${_dir}" + _msg_info "Image path: ${_image_path}" + _msg_info "UUID: ${fsuuid}" + _msg_info "this may take a while..." mkfs.erofs "${mkfs_erofs_options[@]}" -- "${_image_path}" "${_dir}" _msg_info "Done!" } -- GitLab From 041aaac4b075eaf459b3058fb84a350ab34f6368 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 19 Jun 2022 18:28:56 +0200 Subject: [PATCH 122/347] why I have so much problems with time --- archiso/mkarchiso | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index f9a18764..cacdf4e5 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -235,7 +235,7 @@ _run_mkext4() { local _size="${2}" local ext4_hash_seed mkfs_ext4_options=() local archiso_uuid - printf -v archiso_uuid '%(%F-%H-%M-%S-00)T' "${SOURCE_DATE_EPOCH}" + TZ=UTC printf -v archiso_uuid '%(%F-%H-%M-%S-00)T' "${SOURCE_DATE_EPOCH}" _msg_info "Creating ext4 image" _msg_info "Size: ${_size} KB" @@ -599,7 +599,7 @@ _get_crypto_params() { _airootfs_path="${install_dir}/${arch}/airootfs.$(_get_fs_ext "airootfs")" _keys_fs_type="$(_get_fs_type "keys")" _keys_path="keys.$(_get_fs_ext "keys")" - printf -v archiso_uuid '%(%F-%H-%M-%S-00)T' "${SOURCE_DATE_EPOCH}" + TZ=UTC printf -v archiso_uuid '%(%F-%H-%M-%S-00)T' "${SOURCE_DATE_EPOCH}" _cparams=("root=/dev/mapper/root" "cryptdevice=UUID=${archiso_uuid},${_airootfs_path}:root" "cryptkey=LABEL=${iso_label}_KEYS:iso9660,${_keys_fs_type}:${_keys_path},airootfs.key") @@ -615,7 +615,7 @@ _make_bootmode_bios.syslinux.mbr() { _msg_info "Setting up SYSLINUX for BIOS booting from a disk..." install -d -m 0755 -- "${isofs_dir}/syslinux" local archiso_uuid - printf -v archiso_uuid '%(%F-%H-%M-%S-00)T' "${SOURCE_DATE_EPOCH}" + TZ=UTC printf -v archiso_uuid '%(%F-%H-%M-%S-00)T' "${SOURCE_DATE_EPOCH}" for _cfg in "${profile}/syslinux/"*.cfg; do sed "s|%ARCHISO_LABEL%|${iso_label}|g; s|%ARCHISO_UUID%|${archiso_uuid}|g; @@ -715,7 +715,7 @@ _make_efibootimg() { _make_bootmode_uefi-ia32.grub.esp() { local archiso_uuid - printf -v archiso_uuid '%(%F-%H-%M-%S-00)T' "${SOURCE_DATE_EPOCH}" + TZ=UTC printf -v archiso_uuid '%(%F-%H-%M-%S-00)T' "${SOURCE_DATE_EPOCH}" # Fill Grub configuration files sed "s|%ARCHISO_LABEL%|${iso_label}|g; s|%ARCHISO_UUID%|${archiso_uuid}|g; @@ -826,7 +826,7 @@ _make_bootmode_uefi-x64.systemd-boot.esp() { mmd -i "${efibootimg}" ::/loader ::/loader/entries mcopy -i "${efibootimg}" "${profile}/efiboot/loader/loader.conf" ::/loader/ local archiso_uuid - printf -v archiso_uuid '%(%F-%H-%M-%S-00)T' "${SOURCE_DATE_EPOCH}" + TZ=UTC printf -v archiso_uuid '%(%F-%H-%M-%S-00)T' "${SOURCE_DATE_EPOCH}" for _conf in "${profile}/efiboot/loader/entries/"*".conf"; do sed "s|%ARCHISO_LABEL%|${iso_label}|g; s|%ARCHISO_UUID%|${archiso_uuid}|g; @@ -869,7 +869,7 @@ _make_bootmode_uefi-x64.systemd-boot.eltorito() { install -d -m 0755 -- "${isofs_dir}/loader/entries" install -m 0644 -- "${profile}/efiboot/loader/loader.conf" "${isofs_dir}/loader/" local archiso_uuid - printf -v archiso_uuid '%(%F-%H-%M-%S-00)T' "${SOURCE_DATE_EPOCH}" + TZ=UTC printf -v archiso_uuid '%(%F-%H-%M-%S-00)T' "${SOURCE_DATE_EPOCH}" for _conf in "${profile}/efiboot/loader/entries/"*".conf"; do sed "s|%ARCHISO_LABEL%|${iso_label}|g; s|%ARCHISO_UUID%|${archiso_uuid}|g; -- GitLab From 804eee747aab5aa2ab49280055e07875e90959a2 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 19 Jun 2022 18:50:59 +0200 Subject: [PATCH 123/347] a silly error --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index cacdf4e5..18b7e159 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -369,7 +369,7 @@ _mkkeys_ext4+squashfs+luks() { # Save the LUKS image on the ISO 9660 file system. _mkkeys_erofs+luks() { _mkkeys_common - _run_mkerofs "${image_device}" "${keys_isofs_dir}" + _run_mkerofs "${image_device}" "${keys_dir}" _close_luks_device "${image_device}" } -- GitLab From 08151c43a2e51ad7f856c16b7c106f750972eefc Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 19 Jun 2022 18:52:55 +0200 Subject: [PATCH 124/347] switch build date to UTC --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 18b7e159..cd1836d2 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -120,7 +120,7 @@ ENDUSAGETEXT # Shows configuration options. _show_config() { local build_date - printf -v build_date '%(%FT%R%z)T' "${SOURCE_DATE_EPOCH}" + TZ=UTC printf -v build_date '%(%FT%R%z)T' "${SOURCE_DATE_EPOCH}" _msg_info "${app_name} configuration settings" _msg_info " Architecture: ${arch}" _msg_info " Working directory: ${work_dir}" -- GitLab From 160fb82a215dec9f2c4808639c2db8f19f7b7728 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 19 Jun 2022 19:14:37 +0200 Subject: [PATCH 125/347] add keys_image_type: erofs, squashfs --- archiso/mkarchiso | 29 +++++++++++++++++++++++------ 1 file changed, 23 insertions(+), 6 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index cd1836d2..48c90705 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -266,7 +266,7 @@ _run_mkext4() { _run_mkerofs() { local _image_path="${1}" local _dir="${2}" - local fsuuid + local fsuuid="${3}" [[ ! "${quiet}" == "y" ]] || mkfs_erofs_options+=('--quiet') # Generate reproducible file system UUID from SOURCE_DATE_EPOCH fsuuid="$(uuidgen --sha1 --namespace 93a870ff-8565-4cf3-a67b-f47299271a96 --name "${SOURCE_DATE_EPOCH}")" @@ -287,6 +287,7 @@ _mkairootfs_common() { image_path="${airootfs_img_dir}/airootfs."$(_get_fs_ext "airootfs") rm -f -- "${image_path}" _mkfs_options=("${airootfs_image_tool_options[@]}") + erofs_uuid="$(uuidgen --sha1 --namespace 93a870ff-8565-4cf3-a67b-f47299271a96 --name "${SOURCE_DATE_EPOCH}")" } # Create an ext4 image containing the root file system and pack it inside a squashfs image. @@ -331,7 +332,7 @@ _mkairootfs_squashfs+luks() { # Create an EROFS image containing the root file system and saves it on the ISO 9660 file system. _mkairootfs_erofs() { _mkairootfs_common - _run_mkerofs "${image_path}" "${pacstrap_dir}" + _run_mkerofs "${image_path}" "${pacstrap_dir}" "${erofs_uuid}" _msg_info "Done!" } @@ -341,7 +342,7 @@ _mkairootfs_erofs+luks() { _mkairootfs_common _run_mkluks "${image_path}" "${airootfs_size}" \ "${iso_label}" "${encryption_key}" - _run_mkerofs "${image_device}" "${pacstrap_dir}" + _run_mkerofs "${image_device}" "${pacstrap_dir}" "${erofs_uuid}" _close_luks_device "${image_device}" } @@ -349,9 +350,8 @@ _mkairootfs_erofs+luks() { _mkkeys_common() { image_path="${keys_isofs_dir}/keys."$(_get_fs_ext "keys") rm -f -- "${image_path}" - _run_mkluks "${image_path}" "${keys_size}" \ - "${iso_label}_KEYS" "" _mkfs_options=("${keys_image_tool_options[@]}") + erofs_uuid="$(uuidgen --sha1 --namespace 93a870ff-8565-4cf3-a67b-f47299271a96 --name "$(( SOURCE_DATE_EPOCH + 42 * 69 ))")" } # Create an ext4 image containing the keys file system and pack it inside a squashfs image. @@ -365,17 +365,34 @@ _mkkeys_ext4+squashfs+luks() { rm -- "${keys_dir}.img" } +# Create an EROFS image containing the keys file system and saves it on the ISO 9660 file system. +_mkkeys_erofs() { + _mkkeys_common + _run_mkerofs "${image_path}" "${keys_dir}" "${erofs_uuid}" + _msg_info "Done!" +} + # Create an EROFS image containing the keys file system and saves it on the LUKS image. # Save the LUKS image on the ISO 9660 file system. _mkkeys_erofs+luks() { _mkkeys_common - _run_mkerofs "${image_device}" "${keys_dir}" + _run_mkluks "${image_path}" "${keys_size}" \ + "${iso_label}_KEYS" "" + _run_mkerofs "${image_device}" "${keys_dir}" "${erofs_uuid}" _close_luks_device "${image_device}" } +# Create a squashfs image containing the root file system and saves it on the ISO 9660 file system. +_mkkeys_squashfs() { + _mkkeys_common + _run_mksquashfs "${keys_dir}" "${image_path}" +} + # Create a squashfs image containing the keys file system and saves it on the ISO 9660 file system. _mkkeys_squashfs+luks() { _mkkeys_common + _run_mkluks "${image_path}" "${keys_size}" \ + "${iso_label}_KEYS" "" _run_mksquashfs "${keys_dir}" "${image_device}" _close_luks_device "${image_device}" } -- GitLab From 934a1c798af6ce506c9d4f526deac02c08e7d83b Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 19 Jun 2022 19:27:51 +0200 Subject: [PATCH 126/347] add last image types, move uuid setting out of run_mkfs functions --- archiso/mkarchiso | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 48c90705..f93ef745 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -233,9 +233,10 @@ _run_mkext4() { local _dir="${1}" local _image_path="${1}.img" local _size="${2}" + local _time="${3}" local ext4_hash_seed mkfs_ext4_options=() local archiso_uuid - TZ=UTC printf -v archiso_uuid '%(%F-%H-%M-%S-00)T' "${SOURCE_DATE_EPOCH}" + TZ=UTC printf -v archiso_uuid '%(%F-%H-%M-%S-%Z)T' "${_time}" _msg_info "Creating ext4 image" _msg_info "Size: ${_size} KB" @@ -245,7 +246,7 @@ _run_mkext4() { _msg_info "this may take a while..." ext4_hash_seed="$(uuidgen --sha1 --namespace 93a870ff-8565-4cf3-a67b-f47299271a96 \ - --name "${SOURCE_DATE_EPOCH} ext4 hash seed")" + --name "${_time} ext4 hash seed")" mkfs_ext4_options=( '-d' "${_dir}" '-O' '^has_journal,^resize_inode' @@ -256,7 +257,7 @@ _run_mkext4() { ) [[ ! "${quiet}" == "y" ]] || mkfs_ext4_options+=('-q') rm -f -- "${_image_path}" - E2FSPROGS_FAKE_TIME="${SOURCE_DATE_EPOCH}" mkfs.ext4 "${mkfs_ext4_options[@]}" -- "${_image_path}" "${_size}K" + E2FSPROGS_FAKE_TIME="${_time}" mkfs.ext4 "${mkfs_ext4_options[@]}" -- "${_image_path}" "${_size}K" tune2fs -c 0 -i 0 -- "${_image_path}" > /dev/null _msg_info "Done!" } @@ -268,14 +269,12 @@ _run_mkerofs() { local _dir="${2}" local fsuuid="${3}" [[ ! "${quiet}" == "y" ]] || mkfs_erofs_options+=('--quiet') - # Generate reproducible file system UUID from SOURCE_DATE_EPOCH - fsuuid="$(uuidgen --sha1 --namespace 93a870ff-8565-4cf3-a67b-f47299271a96 --name "${SOURCE_DATE_EPOCH}")" - mkfs_erofs_options+=('-U' "${fsuuid}" "${_mkfs_options[@]}") _msg_info "Creating EROFS image" _msg_info "Directory: ${_dir}" _msg_info "Image path: ${_image_path}" _msg_info "UUID: ${fsuuid}" _msg_info "this may take a while..." + mkfs_erofs_options+=('-U' "${fsuuid}" "${_mkfs_options[@]}") mkfs.erofs "${mkfs_erofs_options[@]}" -- "${_image_path}" "${_dir}" _msg_info "Done!" } @@ -287,6 +286,7 @@ _mkairootfs_common() { image_path="${airootfs_img_dir}/airootfs."$(_get_fs_ext "airootfs") rm -f -- "${image_path}" _mkfs_options=("${airootfs_image_tool_options[@]}") + # Generate reproducible file system UUID from SOURCE_DATE_EPOCH erofs_uuid="$(uuidgen --sha1 --namespace 93a870ff-8565-4cf3-a67b-f47299271a96 --name "${SOURCE_DATE_EPOCH}")" } @@ -294,7 +294,7 @@ _mkairootfs_common() { # Save the squashfs image on the ISO 9660 file system. _mkairootfs_ext4+squashfs() { _mkairootfs_common - _run_mkext4 "${pacstrap_dir}" $((airootfs_size - 50000)) + _run_mkext4 "${pacstrap_dir}" $((airootfs_size - 50000)) "${SOURCE_DATE_EPOCH}" _run_mksquashfs "${pacstrap_dir}.img" "${image_path}" _msg_info "Done!" rm -- "${pacstrap_dir}.img" @@ -306,7 +306,7 @@ _mkairootfs_ext4+squashfs+luks() { _mkairootfs_common _run_mkluks "${image_path}" "${airootfs_size}" \ "${iso_label}" "${encryption_key}" - _run_mkext4 "${pacstrap_dir}" $((airootfs_size - 50000)) + _run_mkext4 "${pacstrap_dir}" $((airootfs_size - 50000)) "${SOURCE_DATE_EPOCH}" _run_mksquashfs "${pacstrap_dir}.img" "${image_device}" _close_luks_device "${image_device}" _msg_info "Done!" @@ -351,14 +351,15 @@ _mkkeys_common() { image_path="${keys_isofs_dir}/keys."$(_get_fs_ext "keys") rm -f -- "${image_path}" _mkfs_options=("${keys_image_tool_options[@]}") - erofs_uuid="$(uuidgen --sha1 --namespace 93a870ff-8565-4cf3-a67b-f47299271a96 --name "$(( SOURCE_DATE_EPOCH + 42 * 69 ))")" + keys_epoch=$((SOURCE_DATE_EPOCH + 42 * 69)) + erofs_uuid="$(uuidgen --sha1 --namespace 93a870ff-8565-4cf3-a67b-f47299271a96 --name "${keys_epoch}")" } # Create an ext4 image containing the keys file system and pack it inside a squashfs image. # Pack the squash image inside the LUKS image and save it on the ISO 9660 file system. _mkkeys_ext4+squashfs+luks() { _mkkeys_common - _run_mkext4 "${keys_dir}" $((keys_size - 50000)) + _run_mkext4 "${keys_dir}" $((keys_size - 50000)) "${keys_epoch}" _run_mksquashfs "${keys_dir}.img" "${image_device}" _close_luks_device "${image_device}" _msg_info "Done!" -- GitLab From 024033fcf878f08624bcd7065b3cf46032d2c4a8 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 19 Jun 2022 19:54:18 +0200 Subject: [PATCH 127/347] stable uuid for keys too --- archiso/mkarchiso | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index f93ef745..f85c8307 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -613,14 +613,16 @@ _make_boot_on_iso9660() { # Produce the 'encrypt' hook's kernel parameters needed to boot an encrypted ISO. _get_crypto_params() { declare -a _cparams - local _airootfs_path _archiso_uuid _keys_ext _keys_path + local _airootfs_path _archiso_uuid _keys_epoch _keys_ext _keys_path _keys_uuid _airootfs_path="${install_dir}/${arch}/airootfs.$(_get_fs_ext "airootfs")" _keys_fs_type="$(_get_fs_type "keys")" _keys_path="keys.$(_get_fs_ext "keys")" - TZ=UTC printf -v archiso_uuid '%(%F-%H-%M-%S-00)T' "${SOURCE_DATE_EPOCH}" + _keys_epoch=$((SOURCE_DATE_EPOCH + 42 * 69)) + TZ=UTC printf -v _keys_uuid '%(%F-%H-%M-%S-00)T' "${_keys_epoch}" + TZ=UTC printf -v _archiso_uuid '%(%F-%H-%M-%S-00)T' "${SOURCE_DATE_EPOCH}" _cparams=("root=/dev/mapper/root" - "cryptdevice=UUID=${archiso_uuid},${_airootfs_path}:root" - "cryptkey=LABEL=${iso_label}_KEYS:iso9660,${_keys_fs_type}:${_keys_path},airootfs.key") + "cryptdevice=UUID=${_archiso_uuid},${_airootfs_path}:root" + "cryptkey=UUID=${_keys_uuid}:iso9660,${_keys_fs_type}:${_keys_path},airootfs.key") if [ "${encryption_key}" != "" ]; then echo "${_cparams[@]}" else -- GitLab From ff544411afc5f74696ebfe0a1a9ff0f85c53d52e Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 19 Jun 2022 20:18:34 +0200 Subject: [PATCH 128/347] stable uuid for keys too --- archiso/mkarchiso | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index f85c8307..0b69b51d 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -236,7 +236,7 @@ _run_mkext4() { local _time="${3}" local ext4_hash_seed mkfs_ext4_options=() local archiso_uuid - TZ=UTC printf -v archiso_uuid '%(%F-%H-%M-%S-%Z)T' "${_time}" + TZ=UTC printf -v archiso_uuid '%(%F-%H-%M-%S-00)T' "${_time}" _msg_info "Creating ext4 image" _msg_info "Size: ${_size} KB" @@ -287,7 +287,7 @@ _mkairootfs_common() { rm -f -- "${image_path}" _mkfs_options=("${airootfs_image_tool_options[@]}") # Generate reproducible file system UUID from SOURCE_DATE_EPOCH - erofs_uuid="$(uuidgen --sha1 --namespace 93a870ff-8565-4cf3-a67b-f47299271a96 --name "${SOURCE_DATE_EPOCH}")" + TZ=UTC erofs_uuid="$(uuidgen --sha1 --namespace 93a870ff-8565-4cf3-a67b-f47299271a96 --name "${SOURCE_DATE_EPOCH}")" } # Create an ext4 image containing the root file system and pack it inside a squashfs image. @@ -352,7 +352,7 @@ _mkkeys_common() { rm -f -- "${image_path}" _mkfs_options=("${keys_image_tool_options[@]}") keys_epoch=$((SOURCE_DATE_EPOCH + 42 * 69)) - erofs_uuid="$(uuidgen --sha1 --namespace 93a870ff-8565-4cf3-a67b-f47299271a96 --name "${keys_epoch}")" + TZ=UTC erofs_uuid="$(uuidgen --sha1 --namespace 93a870ff-8565-4cf3-a67b-f47299271a96 --name "${keys_epoch}")" } # Create an ext4 image containing the keys file system and pack it inside a squashfs image. -- GitLab From 5b514cf111d1b20eecf8c17fa1168ab4443d8fd6 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 19 Jun 2022 20:58:30 +0200 Subject: [PATCH 129/347] removed squashfs support for lack of UUIDs --- archiso/mkarchiso | 25 ++++++++++--------------- configs/baseline/profiledef.sh | 12 +++++++++--- configs/releng/profiledef.sh | 10 ++++------ 3 files changed, 23 insertions(+), 24 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 0b69b51d..9b6fde49 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -355,6 +355,16 @@ _mkkeys_common() { TZ=UTC erofs_uuid="$(uuidgen --sha1 --namespace 93a870ff-8565-4cf3-a67b-f47299271a96 --name "${keys_epoch}")" } +# Create an ext4 image containing the root file system and pack it inside a squashfs image. +# Save the squashfs image on the ISO 9660 file system. +_mkairootfs_ext4+squashfs() { + _mkkeys_common + _run_mkext4 "${keys_dir}" $((keys_size - 50000)) "${keys_epoch}" + _run_mksquashfs "${keys_dir}.img" "${image_path}" + _msg_info "Done!" + rm -- "${keys_dir}.img" +} + # Create an ext4 image containing the keys file system and pack it inside a squashfs image. # Pack the squash image inside the LUKS image and save it on the ISO 9660 file system. _mkkeys_ext4+squashfs+luks() { @@ -383,21 +393,6 @@ _mkkeys_erofs+luks() { _close_luks_device "${image_device}" } -# Create a squashfs image containing the root file system and saves it on the ISO 9660 file system. -_mkkeys_squashfs() { - _mkkeys_common - _run_mksquashfs "${keys_dir}" "${image_path}" -} - -# Create a squashfs image containing the keys file system and saves it on the ISO 9660 file system. -_mkkeys_squashfs+luks() { - _mkkeys_common - _run_mkluks "${image_path}" "${keys_size}" \ - "${iso_label}_KEYS" "" - _run_mksquashfs "${keys_dir}" "${image_device}" - _close_luks_device "${image_device}" -} - # Create checksum for a given file. _mkchecksum() { local _file diff --git a/configs/baseline/profiledef.sh b/configs/baseline/profiledef.sh index 34060f2e..10b567d5 100644 --- a/configs/baseline/profiledef.sh +++ b/configs/baseline/profiledef.sh @@ -8,13 +8,19 @@ iso_application="Arch Linux baseline" iso_version="$(date +%Y.%m.%d)" install_dir="arch" buildmodes=('iso') -bootmodes=('bios.syslinux.mbr' 'bios.syslinux.eltorito' - 'uefi-ia32.grub.esp' 'uefi-x64.systemd-boot.esp' - 'uefi-ia32.grub.eltorito' 'uefi-x64.systemd-boot.eltorito') +bootmodes=('bios.syslinux.mbr' + 'bios.syslinux.eltorito' + 'uefi-ia32.grub.esp' + 'uefi-ia32.grub.eltorito' + 'uefi-x64.systemd-boot.esp' + 'uefi-x64.systemd-boot.eltorito') arch="x86_64" pacman_conf="pacman.conf" airootfs_image_type="erofs" airootfs_image_tool_options=('-zlz4hc,12') +encryption_key="" +keys_image_type="erofs" +keys_image_tool_options=('-zlz4hc,12') file_permissions=( ["/etc/shadow"]="0:0:400" ) diff --git a/configs/releng/profiledef.sh b/configs/releng/profiledef.sh index 0768fca9..56e02b1b 100644 --- a/configs/releng/profiledef.sh +++ b/configs/releng/profiledef.sh @@ -16,13 +16,11 @@ bootmodes=('bios.syslinux.mbr' 'uefi-x64.systemd-boot.eltorito') arch="x86_64" pacman_conf="pacman.conf" -airootfs_image_type="squashfs" -airootfs_image_tool_options=('-comp' 'xz' '-Xbcj' 'x86' - '-b' '1M' '-Xdict-size' '1M') +airootfs_image_type="erofs" +airootfs_image_tool_options=('-zlz4hc,12') encryption_key="" -keys_image_type="squashfs+luks" -keys_image_tool_options=('-comp' 'xz' '-Xbcj' 'x86' - '-b' '1M' '-Xdict-size' '1M') +keys_image_type="erofs" +keys_image_tool_options=('-zlz4hc,12') file_permissions=( ["/etc/shadow"]="0:0:400" ["/root"]="0:0:750" -- GitLab From a33db129f3270b87b4a4d7691c3374bde8d7e8e7 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 19 Jun 2022 21:04:27 +0200 Subject: [PATCH 130/347] test ext4+squashfs+luks --- archiso/mkarchiso | 2 ++ 1 file changed, 2 insertions(+) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 9b6fde49..c2478792 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -369,6 +369,8 @@ _mkairootfs_ext4+squashfs() { # Pack the squash image inside the LUKS image and save it on the ISO 9660 file system. _mkkeys_ext4+squashfs+luks() { _mkkeys_common + _run_mkluks "${image_path}" "${keys_size}" \ + "${iso_label}_KEYS" "" _run_mkext4 "${keys_dir}" $((keys_size - 50000)) "${keys_epoch}" _run_mksquashfs "${keys_dir}.img" "${image_device}" _close_luks_device "${image_device}" -- GitLab From a82f3baec0af8dc4e2ffcd08cffa0af3e5f14357 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 19 Jun 2022 21:13:19 +0200 Subject: [PATCH 131/347] test ext4+squashfs+luks --- archiso/mkarchiso | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index c2478792..7b4b238a 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -287,7 +287,7 @@ _mkairootfs_common() { rm -f -- "${image_path}" _mkfs_options=("${airootfs_image_tool_options[@]}") # Generate reproducible file system UUID from SOURCE_DATE_EPOCH - TZ=UTC erofs_uuid="$(uuidgen --sha1 --namespace 93a870ff-8565-4cf3-a67b-f47299271a96 --name "${SOURCE_DATE_EPOCH}")" + erofs_uuid="$(uuidgen --sha1 --namespace 93a870ff-8565-4cf3-a67b-f47299271a96 --name "${SOURCE_DATE_EPOCH}")" } # Create an ext4 image containing the root file system and pack it inside a squashfs image. @@ -352,7 +352,7 @@ _mkkeys_common() { rm -f -- "${image_path}" _mkfs_options=("${keys_image_tool_options[@]}") keys_epoch=$((SOURCE_DATE_EPOCH + 42 * 69)) - TZ=UTC erofs_uuid="$(uuidgen --sha1 --namespace 93a870ff-8565-4cf3-a67b-f47299271a96 --name "${keys_epoch}")" + erofs_uuid="$(uuidgen --sha1 --namespace 93a870ff-8565-4cf3-a67b-f47299271a96 --name "${keys_epoch}")" } # Create an ext4 image containing the root file system and pack it inside a squashfs image. -- GitLab From 86ab7833abb8437dd161824f84b96453a51ac053 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 19 Jun 2022 21:28:07 +0200 Subject: [PATCH 132/347] test ext4+squashfs+luks --- archiso/mkarchiso | 3 +++ 1 file changed, 3 insertions(+) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 7b4b238a..7ce4c673 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1399,6 +1399,9 @@ _build_keys_image() { xorriso_options=('-report_about' 'SORRY' "${xorriso_options[@]}") fi + # Update SORCE_DATE_EPOCH for keys ISO UUID + SOURCE_DATE_EPOCH=$(($SOURCE_DATE_EPOCH + 69 * 42)) + rm -f -- "${out_dir}/${image_name}" _msg_info "Creating ISO image..." xorriso "${xorriso_options[@]}" -as mkisofs \ -- GitLab From 3b4701c41fe7bc36da09b09b7be24105f4f354a9 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 19 Jun 2022 21:28:56 +0200 Subject: [PATCH 133/347] test ext4+squashfs+luks --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 7ce4c673..848a1345 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1400,7 +1400,7 @@ _build_keys_image() { fi # Update SORCE_DATE_EPOCH for keys ISO UUID - SOURCE_DATE_EPOCH=$(($SOURCE_DATE_EPOCH + 69 * 42)) + SOURCE_DATE_EPOCH=$((SOURCE_DATE_EPOCH + 69 * 42)) rm -f -- "${out_dir}/${image_name}" _msg_info "Creating ISO image..." -- GitLab From 6f8a71a800c58e49cf7a72ae57cfc7454ea0a8cf Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 19 Jun 2022 21:55:12 +0200 Subject: [PATCH 134/347] ext4+squashfs+luks needs additional modification in cryptsetup; enable again squahsfs and erofs clean for keys image --- archiso/mkarchiso | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 848a1345..87256f40 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -378,6 +378,12 @@ _mkkeys_ext4+squashfs+luks() { rm -- "${keys_dir}.img" } +# Create a squashfs image containing the root file system and saves it on the ISO 9660 file system. +_mkkeys_squashfs() { + _mkkeys_common + _run_mksquashfs "${keys_dir}" "${image_path}" +} + # Create an EROFS image containing the keys file system and saves it on the ISO 9660 file system. _mkkeys_erofs() { _mkkeys_common -- GitLab From 8c33831b464b30608c3d821a4704ff7ec4beab3f Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 19 Jun 2022 22:12:37 +0200 Subject: [PATCH 135/347] forgot squashfs+luks --- archiso/mkarchiso | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 87256f40..6cbc6726 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -378,6 +378,16 @@ _mkkeys_ext4+squashfs+luks() { rm -- "${keys_dir}.img" } +# Create a squashfs image containing the keys file system and saves it on the LUKS image. +# Saves the LUKS image on the ISO 9660 file system. +_mkkeys_squashfs+luks() { + _mkkeys_common + _run_mkluks "${image_path}" "${airootfs_size}" \ + "${iso_label}" "${encryption_key}" + _run_mksquashfs "${keys_dir}" "${image_device}" + _close_luks_device "${image_device}" +} + # Create a squashfs image containing the root file system and saves it on the ISO 9660 file system. _mkkeys_squashfs() { _mkkeys_common -- GitLab From 7ac3925abe585126b0361626dccae663b575ee6e Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 19 Jun 2022 22:23:40 +0200 Subject: [PATCH 136/347] switch back to label at bootloader level for squashfs --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 6cbc6726..1b99bcc7 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -635,7 +635,7 @@ _get_crypto_params() { TZ=UTC printf -v _archiso_uuid '%(%F-%H-%M-%S-00)T' "${SOURCE_DATE_EPOCH}" _cparams=("root=/dev/mapper/root" "cryptdevice=UUID=${_archiso_uuid},${_airootfs_path}:root" - "cryptkey=UUID=${_keys_uuid}:iso9660,${_keys_fs_type}:${_keys_path},airootfs.key") + "cryptkey=LABEL=${iso_label}_KEYS:iso9660,${_keys_fs_type}:${_keys_path},airootfs.key") if [ "${encryption_key}" != "" ]; then echo "${_cparams[@]}" else -- GitLab From ee08b3c97344ef7a3ea293456a64cd97b9b85262 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 19 Jun 2022 22:55:19 +0200 Subject: [PATCH 137/347] switch to erofs for good --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 1b99bcc7..6cbc6726 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -635,7 +635,7 @@ _get_crypto_params() { TZ=UTC printf -v _archiso_uuid '%(%F-%H-%M-%S-00)T' "${SOURCE_DATE_EPOCH}" _cparams=("root=/dev/mapper/root" "cryptdevice=UUID=${_archiso_uuid},${_airootfs_path}:root" - "cryptkey=LABEL=${iso_label}_KEYS:iso9660,${_keys_fs_type}:${_keys_path},airootfs.key") + "cryptkey=UUID=${_keys_uuid}:iso9660,${_keys_fs_type}:${_keys_path},airootfs.key") if [ "${encryption_key}" != "" ]; then echo "${_cparams[@]}" else -- GitLab From 7d56e01bbc5dec510f8b58738812c95fef533338 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Thu, 23 Jun 2022 15:53:15 +0000 Subject: [PATCH 138/347] why shouldn't we want authenticated encryption? --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 6cbc6726..af6f0db3 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -176,7 +176,7 @@ _run_mkluks() { local _size="${2}" local _label="${3}" local _encryption_key="${4}" - local _cryptsetup_options=('--pbkdf-memory' 256) + local _cryptsetup_options=('--integrity' 'hmac-sha256' '--pbkdf-memory' 256) local _key_msg="" _mapper _mapper=$(basename "${_image_path}")".map" image_device="/dev/mapper/${_mapper}" -- GitLab From 3c34814f5b0f7cb386cb4a688221b4b0980122d4 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Thu, 23 Jun 2022 23:45:37 +0000 Subject: [PATCH 139/347] test persistent partition --- archiso/mkarchiso | 56 +++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 54 insertions(+), 2 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index af6f0db3..a5a87a8a 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -45,6 +45,8 @@ declare -A file_permissions=() efibootimg="" efiboot_files=() encryption_key="" +persistent_size="" +persistent_image_type="" # adapted from GRUB_EARLY_INITRD_LINUX_STOCK in https://git.savannah.gnu.org/cgit/grub.git/tree/util/grub-mkconfig.in readonly ucodes=('intel-uc.img' 'intel-ucode.img' 'amd-uc.img' 'amd-ucode.img' 'early_ucode.cpio' 'microcode.cpio') @@ -355,9 +357,9 @@ _mkkeys_common() { erofs_uuid="$(uuidgen --sha1 --namespace 93a870ff-8565-4cf3-a67b-f47299271a96 --name "${keys_epoch}")" } -# Create an ext4 image containing the root file system and pack it inside a squashfs image. +# Create an ext4 image containing the keys file system and pack it inside a squashfs image. # Save the squashfs image on the ISO 9660 file system. -_mkairootfs_ext4+squashfs() { +_mkkeys_ext4+squashfs() { _mkkeys_common _run_mkext4 "${keys_dir}" $((keys_size - 50000)) "${keys_epoch}" _run_mksquashfs "${keys_dir}.img" "${image_path}" @@ -411,6 +413,33 @@ _mkkeys_erofs+luks() { _close_luks_device "${image_device}" } +# Steps shared by _mkpersistent+fs_type functions +_mkpersistent_common() { + image_path="${persistentimg}" + rm -f -- "${image_path}" + persistent_epoch=$((SOURCE_DATE_EPOCH + 3 * 1415)) +} + +# Create an ext4 image to be used as the persistent ISO partition. +_mkpersistent_ext4() { + _mkpersistent_common + _run_mkext4 "${persistent_dir}" "${persistent_size}" "${persistent_epoch}" + mv "${persistent_dir}.img" "${image_device}" + _msg_info "Done!" +} + +# Create an ext4 fs inside a LUKS container to be used as the persistent ISO partition. +_mkpersistent_ext4+luks() { + _mkpersistent_common + _run_mkluks "${image_path}" "${persistent_size}" \ + "${iso_label}_PERSISTENT" "${encryption_key}" + _run_mkext4 "${persistent_dir}" $((persistent_size - 50000)) "${persistent_epoch}" + dd if="${persistent_dir}.img" of="${image_device}" + _close_luks_device "${image_device}" + _msg_info "Done!" + rm -- "${persistent_dir}.img" +} + # Create checksum for a given file. _mkchecksum() { local _file @@ -1055,6 +1084,21 @@ _prepare_keys_image() { fi } +# Build persistent filesystem image +_prepare_persistent_image() { + local persistent_dir_size + + if [ -d "${profile}/persistent" ]; then + cp -af --no-preserve=ownership,mode -- "${profile}/persistent/." "${persistent_dir}" + persistent_dir_size=$(du -s "${persistent_dir}" | cut -f 1) + persistent_size=$(( persistent_dir_size > persistent_size ? persistent_dir_size : persistent_size )) + fi + + if [ "${persistent_size}" != "" ]; then + _run_once "_mkpersistent_${persistent_image_type}" + fi +} + # export build artifacts for netboot _export_netboot_artifacts() { _msg_info "Exporting netboot artifacts..." @@ -1319,6 +1363,9 @@ _add_xorrisofs_options_uefi-x64.systemd-boot.esp() { [[ " ${xorrisofs_options[*]} " =~ ' -partition_offset ' ]] || xorrisofs_options+=('-partition_offset' '16') # Attach efiboot.img as a second partition and set its partition type to "EFI system partition" xorrisofs_options+=('-append_partition' '2' 'C12A7328-F81F-11D2-BA4B-00A0C93EC93B' "${efibootimg}") + if [ "${persistent_size}" != "" ]; then + xorrisofs_options+=('-append_partition' '3' '0x83' "${persistentimg}") + fi # Ensure GPT is used as some systems do not support UEFI booting without it # shellcheck disable=SC2076 if [[ " ${bootmodes[*]} " =~ ' bios.syslinux.mbr ' ]]; then @@ -1602,8 +1649,10 @@ _set_overrides() { # Set variables that do not have overrides [[ -n "$airootfs_image_type" ]] || airootfs_image_type="squashfs" [[ -n "$keys_image_type" ]] || keys_image_type="squashfs+luks" + [[ -n "$persistent_image_type" ]] || persistent_image_type="ext4+luks" [[ -n "$iso_name" ]] || iso_name="${app_name}" [[ -n "$efibootimg" ]] || efibootimg="${work_dir}/efiboot.img" + [[ -n "$persistentimg" ]] || persistentimg="${work_dir}/persistent."$(_get_fs_ext "persistent") } _export_gpg_publickey() { @@ -1683,10 +1732,12 @@ _build_iso_base() { isofs_dir="${work_dir}/iso" keys_dir="${work_dir}/keys" airootfs_img_dir="${isofs_dir}/${install_dir}/${arch}" + persistent_dir="${work_dir}/persistent" # Create working directory [[ -d "${airootfs_img_dir}" ]] || install -d -- "${airootfs_img_dir}" [[ -d "${keys_dir}" ]] || install -d -- "${keys_dir}" + [[ -d "${persistent_dir}" ]] || install -d -- "${persistent_dir}" # Write build date to file or if the file exists, read it from there if [[ -e "${work_dir}/build_date" ]]; then @@ -1703,6 +1754,7 @@ _build_iso_base() { _run_once _make_version _run_once _make_customize_airootfs _run_once _make_pkglist + _run_once _prepare_persistent_image if [[ "${buildmode}" == 'netboot' ]]; then _run_once _make_boot_on_iso9660 else -- GitLab From a3609197530fa707a8136e619d3d3106c06ec2d1 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Fri, 24 Jun 2022 00:55:54 +0000 Subject: [PATCH 140/347] forgot declaration --- archiso/mkarchiso | 1 + 1 file changed, 1 insertion(+) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index a5a87a8a..a0673310 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -47,6 +47,7 @@ efiboot_files=() encryption_key="" persistent_size="" persistent_image_type="" +persistentimg="" # adapted from GRUB_EARLY_INITRD_LINUX_STOCK in https://git.savannah.gnu.org/cgit/grub.git/tree/util/grub-mkconfig.in readonly ucodes=('intel-uc.img' 'intel-ucode.img' 'amd-uc.img' 'amd-ucode.img' 'early_ucode.cpio' 'microcode.cpio') -- GitLab From ffb771339cb1bc333f99dee5206bb2b3a3b8aaa7 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Fri, 24 Jun 2022 01:36:27 +0000 Subject: [PATCH 141/347] try to fix problem with uuids --- archiso/mkarchiso | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index a0673310..0114f899 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -179,11 +179,13 @@ _run_mkluks() { local _size="${2}" local _label="${3}" local _encryption_key="${4}" + local _epoch="${5}" local _cryptsetup_options=('--integrity' 'hmac-sha256' '--pbkdf-memory' 256) - local _key_msg="" _mapper + local _key_msg="" _mapper _uuid _mapper=$(basename "${_image_path}")".map" image_device="/dev/mapper/${_mapper}" _key_opts=() + _uuid="$(uuidgen --sha1 --namespace 93a870ff-8565-4cf3-a67b-f47299271a96 --name "${_epoch}")" if [[ "${_encryption_key}" != "" ]]; then _key_opts=("--key-file=${_encryption_key}") @@ -201,6 +203,11 @@ _run_mkluks() { while ! eval "cryptsetup config ${_key_opts[*]} ${_image_path} --label ${_label}"; do _close_luks_device "${image_device}" done + + _msg_info "Setting UUID ${_uuid}" + while ! eval "cryptsetup luksUUID --uuid ${_uuid} ${_image_path}"; do + _close_luks_device "${image_device}" + done _msg_info "Opening device on mapper ${_mapper}" while ! eval "cryptsetup ${_key_opts[*]} open --type luks2 ${_image_path} ${_mapper}"; do @@ -291,6 +298,7 @@ _mkairootfs_common() { _mkfs_options=("${airootfs_image_tool_options[@]}") # Generate reproducible file system UUID from SOURCE_DATE_EPOCH erofs_uuid="$(uuidgen --sha1 --namespace 93a870ff-8565-4cf3-a67b-f47299271a96 --name "${SOURCE_DATE_EPOCH}")" + luks_uuid="${erofs_uuid}" } # Create an ext4 image containing the root file system and pack it inside a squashfs image. @@ -308,7 +316,7 @@ _mkairootfs_ext4+squashfs() { _mkairootfs_ext4+squashfs+luks() { _mkairootfs_common _run_mkluks "${image_path}" "${airootfs_size}" \ - "${iso_label}" "${encryption_key}" + "${iso_label}" "${encryption_key}" "${luks_uuid}" _run_mkext4 "${pacstrap_dir}" $((airootfs_size - 50000)) "${SOURCE_DATE_EPOCH}" _run_mksquashfs "${pacstrap_dir}.img" "${image_device}" _close_luks_device "${image_device}" @@ -327,7 +335,7 @@ _mkairootfs_squashfs() { _mkairootfs_squashfs+luks() { _mkairootfs_common _run_mkluks "${image_path}" "${airootfs_size}" \ - "${iso_label}" "${encryption_key}" + "${iso_label}" "${encryption_key}" "${luks_uuid}" _run_mksquashfs "${pacstrap_dir}" "${image_device}" _close_luks_device "${image_device}" } @@ -344,7 +352,7 @@ _mkairootfs_erofs() { _mkairootfs_erofs+luks() { _mkairootfs_common _run_mkluks "${image_path}" "${airootfs_size}" \ - "${iso_label}" "${encryption_key}" + "${iso_label}" "${encryption_key}" "${luks_uuid}" _run_mkerofs "${image_device}" "${pacstrap_dir}" "${erofs_uuid}" _close_luks_device "${image_device}" } @@ -356,6 +364,7 @@ _mkkeys_common() { _mkfs_options=("${keys_image_tool_options[@]}") keys_epoch=$((SOURCE_DATE_EPOCH + 42 * 69)) erofs_uuid="$(uuidgen --sha1 --namespace 93a870ff-8565-4cf3-a67b-f47299271a96 --name "${keys_epoch}")" + luks_uuid="${erofs_uuid}" } # Create an ext4 image containing the keys file system and pack it inside a squashfs image. @@ -373,7 +382,7 @@ _mkkeys_ext4+squashfs() { _mkkeys_ext4+squashfs+luks() { _mkkeys_common _run_mkluks "${image_path}" "${keys_size}" \ - "${iso_label}_KEYS" "" + "${iso_label}_KEYS" "" "${luks_uuid}" _run_mkext4 "${keys_dir}" $((keys_size - 50000)) "${keys_epoch}" _run_mksquashfs "${keys_dir}.img" "${image_device}" _close_luks_device "${image_device}" @@ -386,7 +395,7 @@ _mkkeys_ext4+squashfs+luks() { _mkkeys_squashfs+luks() { _mkkeys_common _run_mkluks "${image_path}" "${airootfs_size}" \ - "${iso_label}" "${encryption_key}" + "${iso_label}" "${encryption_key}" "${luks_uuid}" _run_mksquashfs "${keys_dir}" "${image_device}" _close_luks_device "${image_device}" } @@ -409,7 +418,7 @@ _mkkeys_erofs() { _mkkeys_erofs+luks() { _mkkeys_common _run_mkluks "${image_path}" "${keys_size}" \ - "${iso_label}_KEYS" "" + "${iso_label}_KEYS" "" "${luks_uuid}" _run_mkerofs "${image_device}" "${keys_dir}" "${erofs_uuid}" _close_luks_device "${image_device}" } @@ -419,6 +428,7 @@ _mkpersistent_common() { image_path="${persistentimg}" rm -f -- "${image_path}" persistent_epoch=$((SOURCE_DATE_EPOCH + 3 * 1415)) + luks_uuid="$(uuidgen --sha1 --namespace 93a870ff-8565-4cf3-a67b-f47299271a96 --name "${persistent_epoch}")" } # Create an ext4 image to be used as the persistent ISO partition. @@ -433,7 +443,7 @@ _mkpersistent_ext4() { _mkpersistent_ext4+luks() { _mkpersistent_common _run_mkluks "${image_path}" "${persistent_size}" \ - "${iso_label}_PERSISTENT" "${encryption_key}" + "${iso_label}_PERSISTENT" "${encryption_key}" "${luks_uuid}" _run_mkext4 "${persistent_dir}" $((persistent_size - 50000)) "${persistent_epoch}" dd if="${persistent_dir}.img" of="${image_device}" _close_luks_device "${image_device}" -- GitLab From ccf00d801e8dedff1253a9a5409388fbb7759c0b Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Fri, 24 Jun 2022 01:39:43 +0000 Subject: [PATCH 142/347] no confirm for uuid change (luks) --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 0114f899..315e4dc0 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -205,7 +205,7 @@ _run_mkluks() { done _msg_info "Setting UUID ${_uuid}" - while ! eval "cryptsetup luksUUID --uuid ${_uuid} ${_image_path}"; do + while ! eval "cryptsetup -q -y luksUUID --uuid ${_uuid} ${_image_path}"; do _close_luks_device "${image_device}" done -- GitLab From c5a0a01e5087325eb6720afc3e6fe515fcd3a5f2 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Fri, 24 Jun 2022 01:49:18 +0000 Subject: [PATCH 143/347] set correct guids --- archiso/mkarchiso | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 315e4dc0..4a46b62d 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -434,6 +434,7 @@ _mkpersistent_common() { # Create an ext4 image to be used as the persistent ISO partition. _mkpersistent_ext4() { _mkpersistent_common + persistent_guid="0FC63DAF-8483-4772-8E79-3D69D8477DE4" _run_mkext4 "${persistent_dir}" "${persistent_size}" "${persistent_epoch}" mv "${persistent_dir}.img" "${image_device}" _msg_info "Done!" @@ -442,6 +443,7 @@ _mkpersistent_ext4() { # Create an ext4 fs inside a LUKS container to be used as the persistent ISO partition. _mkpersistent_ext4+luks() { _mkpersistent_common + persistent_guid="CA7D7CCB-63ED-4C53-861C-1742536059CC" _run_mkluks "${image_path}" "${persistent_size}" \ "${iso_label}_PERSISTENT" "${encryption_key}" "${luks_uuid}" _run_mkext4 "${persistent_dir}" $((persistent_size - 50000)) "${persistent_epoch}" @@ -1375,7 +1377,7 @@ _add_xorrisofs_options_uefi-x64.systemd-boot.esp() { # Attach efiboot.img as a second partition and set its partition type to "EFI system partition" xorrisofs_options+=('-append_partition' '2' 'C12A7328-F81F-11D2-BA4B-00A0C93EC93B' "${efibootimg}") if [ "${persistent_size}" != "" ]; then - xorrisofs_options+=('-append_partition' '3' '0x83' "${persistentimg}") + xorrisofs_options+=('-append_partition' '3' "${persistent_guid}" "${persistentimg}") fi # Ensure GPT is used as some systems do not support UEFI booting without it # shellcheck disable=SC2076 -- GitLab From 5cf40262c713aac0b3c6f14087e014ff22d8b7eb Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Fri, 24 Jun 2022 01:53:43 +0000 Subject: [PATCH 144/347] add a sync because device-mapper: remove ioctl on persistent.ext4.map failed: Device or resource busy --- archiso/mkarchiso | 1 + 1 file changed, 1 insertion(+) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 4a46b62d..a042c32c 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -448,6 +448,7 @@ _mkpersistent_ext4+luks() { "${iso_label}_PERSISTENT" "${encryption_key}" "${luks_uuid}" _run_mkext4 "${persistent_dir}" $((persistent_size - 50000)) "${persistent_epoch}" dd if="${persistent_dir}.img" of="${image_device}" + sync _close_luks_device "${image_device}" _msg_info "Done!" rm -- "${persistent_dir}.img" -- GitLab From d6893961d606c9fd0994eeb357569d628aff525d Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Fri, 24 Jun 2022 02:07:39 +0000 Subject: [PATCH 145/347] add more syncs but I don't think this is the issue --- archiso/mkarchiso | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index a042c32c..29e530d5 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -319,6 +319,7 @@ _mkairootfs_ext4+squashfs+luks() { "${iso_label}" "${encryption_key}" "${luks_uuid}" _run_mkext4 "${pacstrap_dir}" $((airootfs_size - 50000)) "${SOURCE_DATE_EPOCH}" _run_mksquashfs "${pacstrap_dir}.img" "${image_device}" + sync _close_luks_device "${image_device}" _msg_info "Done!" rm -- "${pacstrap_dir}.img" @@ -337,6 +338,7 @@ _mkairootfs_squashfs+luks() { _run_mkluks "${image_path}" "${airootfs_size}" \ "${iso_label}" "${encryption_key}" "${luks_uuid}" _run_mksquashfs "${pacstrap_dir}" "${image_device}" + sync _close_luks_device "${image_device}" } @@ -354,6 +356,7 @@ _mkairootfs_erofs+luks() { _run_mkluks "${image_path}" "${airootfs_size}" \ "${iso_label}" "${encryption_key}" "${luks_uuid}" _run_mkerofs "${image_device}" "${pacstrap_dir}" "${erofs_uuid}" + sync _close_luks_device "${image_device}" } @@ -385,6 +388,7 @@ _mkkeys_ext4+squashfs+luks() { "${iso_label}_KEYS" "" "${luks_uuid}" _run_mkext4 "${keys_dir}" $((keys_size - 50000)) "${keys_epoch}" _run_mksquashfs "${keys_dir}.img" "${image_device}" + sync _close_luks_device "${image_device}" _msg_info "Done!" rm -- "${keys_dir}.img" @@ -397,6 +401,7 @@ _mkkeys_squashfs+luks() { _run_mkluks "${image_path}" "${airootfs_size}" \ "${iso_label}" "${encryption_key}" "${luks_uuid}" _run_mksquashfs "${keys_dir}" "${image_device}" + sync _close_luks_device "${image_device}" } @@ -420,6 +425,7 @@ _mkkeys_erofs+luks() { _run_mkluks "${image_path}" "${keys_size}" \ "${iso_label}_KEYS" "" "${luks_uuid}" _run_mkerofs "${image_device}" "${keys_dir}" "${erofs_uuid}" + sync _close_luks_device "${image_device}" } -- GitLab From dd3ec2e498d2b823896e271759c0a7f894ee0f99 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Fri, 24 Jun 2022 10:42:48 +0000 Subject: [PATCH 146/347] fix the weird error --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 29e530d5..44e1b23c 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1380,7 +1380,7 @@ _add_xorrisofs_options_uefi-x64.systemd-boot.esp() { # Move the first partition away from the start of the ISO, otherwise the GPT will not be valid and ISO 9660 # partition will not be mountable # shellcheck disable=SC2076 - [[ " ${xorrisofs_options[*]} " =~ ' -partition_offset ' ]] || xorrisofs_options+=('-partition_offset' '16') + [[ " ${xorrisofs_options[*]} " =~ ' -partition_offset ' ]] || xorrisofs_options+=('-partition_offset' '32') # Attach efiboot.img as a second partition and set its partition type to "EFI system partition" xorrisofs_options+=('-append_partition' '2' 'C12A7328-F81F-11D2-BA4B-00A0C93EC93B' "${efibootimg}") if [ "${persistent_size}" != "" ]; then -- GitLab From 10d3ae5c3e570c1d06ddacda6b6ce40a4ef50686 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 29 Jun 2022 07:53:22 +0000 Subject: [PATCH 147/347] update with authenticated encryption --- archiso/mkarchiso | 105 +++++++++++++++++++++++++++++++++------------- 1 file changed, 76 insertions(+), 29 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 44e1b23c..dea1ea2e 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -179,9 +179,10 @@ _run_mkluks() { local _size="${2}" local _label="${3}" local _encryption_key="${4}" - local _epoch="${5}" - local _cryptsetup_options=('--integrity' 'hmac-sha256' '--pbkdf-memory' 256) - local _key_msg="" _mapper _uuid + local _read_only="${5}" + local _epoch="${6}" + local _activation_opts=() _format_opts=() _key_msg="" _mapper + local _cryptsetup_opts=('--type' 'luks2') _mapper=$(basename "${_image_path}")".map" image_device="/dev/mapper/${_mapper}" _key_opts=() @@ -189,18 +190,29 @@ _run_mkluks() { if [[ "${_encryption_key}" != "" ]]; then _key_opts=("--key-file=${_encryption_key}") - _cryptsetup_options+=("${_key_opts[@]}") + _cryptsetup_opts+=("${_key_opts[@]}") _key_msg="with key $(basename "${_encryption_key}")" fi + _activation_opts+=("${_cryptsetup_opts[@]}") + _format_opts+=("${_cryptsetup_opts[@]}" \ + '--integrity' 'cmac-aes' \ + '--sector-size' '4096' \ + '--pbkdf-memory' 256) + + if [ "${_read_only}" = "true" ]; then + _msg_info "Integrity journal disabled" + _activation_opts+=('--persistent' '--integrity-no-journal') + fi + _msg_info "Creating LUKS image $(basename "${_image_path}") with cryptsetup (${_size}KB) ${_key_msg}" fallocate -l "${_size}K" "${_image_path}" - while ! eval "cryptsetup -q -y luksFormat ${_cryptsetup_options[*]} ${_image_path}"; do + while ! eval "cryptsetup -q -y luksFormat ${_format_opts[*]} ${_image_path}"; do sleep 1 done _msg_info "Setting label ${_label}" - while ! eval "cryptsetup config ${_key_opts[*]} ${_image_path} --label ${_label}"; do + while ! eval "cryptsetup config ${_cryptsetup_opts[*]} ${_image_path} --label ${_label}"; do _close_luks_device "${image_device}" done @@ -209,8 +221,10 @@ _run_mkluks() { _close_luks_device "${image_device}" done + _close_luks_device "${image_device}" + _msg_info "Opening device on mapper ${_mapper}" - while ! eval "cryptsetup ${_key_opts[*]} open --type luks2 ${_image_path} ${_mapper}"; do + while ! eval "cryptsetup ${_activation_opts[*]} open ${_image_path} ${_mapper}"; do _close_luks_device "${image_device}" done @@ -222,6 +236,7 @@ _close_luks_device() { local _device="${1}" local _mapper _mapper=$(basename "${_device}") + blockdev --flushbufs "${_device}" cryptsetup luksClose "${_mapper}" || true if [ -e "${_device}" ]; then dmsetup remove "${_device}" || true @@ -289,7 +304,18 @@ _run_mkerofs() { _msg_info "Done!" } -# Steps shared by _mkairootfs+fs_type functions +# Ask the user for a passphrase if not specified +_mkluks_common() { + local _out="${work_dir}/${iso_label}.key" + if [ "${encryption_key}" = "" ]; then + echo -n Airootfs password: + read -rs password + echo "${password}" > "${_out}" + encryption_key="${_out}" + fi +} + +# Steps shared by _mkairootfs_fs_type functions _mkairootfs_common() { [[ -e "${pacstrap_dir}" ]] || _msg_error "The path '${pacstrap_dir}' does not exist" 1 install -d -m 0755 -- "${airootfs_img_dir}" @@ -315,8 +341,9 @@ _mkairootfs_ext4+squashfs() { # Pack the squash image inside the LUKS image and save it on the ISO 9660 file system. _mkairootfs_ext4+squashfs+luks() { _mkairootfs_common + _mkluks_common _run_mkluks "${image_path}" "${airootfs_size}" \ - "${iso_label}" "${encryption_key}" "${luks_uuid}" + "${iso_label}" "${encryption_key}" "true" "${luks_uuid}" _run_mkext4 "${pacstrap_dir}" $((airootfs_size - 50000)) "${SOURCE_DATE_EPOCH}" _run_mksquashfs "${pacstrap_dir}.img" "${image_device}" sync @@ -335,8 +362,9 @@ _mkairootfs_squashfs() { # Saves the LUKS image on the ISO 9660 file system. _mkairootfs_squashfs+luks() { _mkairootfs_common + _mkluks_common _run_mkluks "${image_path}" "${airootfs_size}" \ - "${iso_label}" "${encryption_key}" "${luks_uuid}" + "${iso_label}" "${encryption_key}" "true" "${luks_uuid}" _run_mksquashfs "${pacstrap_dir}" "${image_device}" sync _close_luks_device "${image_device}" @@ -353,8 +381,9 @@ _mkairootfs_erofs() { # Save the LUKS image on the ISO 9660 file system. _mkairootfs_erofs+luks() { _mkairootfs_common + _mkluks_common _run_mkluks "${image_path}" "${airootfs_size}" \ - "${iso_label}" "${encryption_key}" "${luks_uuid}" + "${iso_label}" "${encryption_key}" "true" "${luks_uuid}" _run_mkerofs "${image_device}" "${pacstrap_dir}" "${erofs_uuid}" sync _close_luks_device "${image_device}" @@ -385,7 +414,7 @@ _mkkeys_ext4+squashfs() { _mkkeys_ext4+squashfs+luks() { _mkkeys_common _run_mkluks "${image_path}" "${keys_size}" \ - "${iso_label}_KEYS" "" "${luks_uuid}" + "${iso_label}_KEYS" "" "true" "${luks_uuid}" _run_mkext4 "${keys_dir}" $((keys_size - 50000)) "${keys_epoch}" _run_mksquashfs "${keys_dir}.img" "${image_device}" sync @@ -399,7 +428,7 @@ _mkkeys_ext4+squashfs+luks() { _mkkeys_squashfs+luks() { _mkkeys_common _run_mkluks "${image_path}" "${airootfs_size}" \ - "${iso_label}" "${encryption_key}" "${luks_uuid}" + "${iso_label}" "${encryption_key}" "true" "${luks_uuid}" _run_mksquashfs "${keys_dir}" "${image_device}" sync _close_luks_device "${image_device}" @@ -423,7 +452,7 @@ _mkkeys_erofs() { _mkkeys_erofs+luks() { _mkkeys_common _run_mkluks "${image_path}" "${keys_size}" \ - "${iso_label}_KEYS" "" "${luks_uuid}" + "${iso_label}_KEYS" "" "true" "${luks_uuid}" _run_mkerofs "${image_device}" "${keys_dir}" "${erofs_uuid}" sync _close_luks_device "${image_device}" @@ -443,6 +472,7 @@ _mkpersistent_ext4() { persistent_guid="0FC63DAF-8483-4772-8E79-3D69D8477DE4" _run_mkext4 "${persistent_dir}" "${persistent_size}" "${persistent_epoch}" mv "${persistent_dir}.img" "${image_device}" + sync _msg_info "Done!" } @@ -451,7 +481,7 @@ _mkpersistent_ext4+luks() { _mkpersistent_common persistent_guid="CA7D7CCB-63ED-4C53-861C-1742536059CC" _run_mkluks "${image_path}" "${persistent_size}" \ - "${iso_label}_PERSISTENT" "${encryption_key}" "${luks_uuid}" + "${iso_label}_PERSISTENT" "${encryption_key}" "false" "${luks_uuid}" _run_mkext4 "${persistent_dir}" $((persistent_size - 50000)) "${persistent_epoch}" dd if="${persistent_dir}.img" of="${image_device}" sync @@ -682,10 +712,12 @@ _get_crypto_params() { _keys_epoch=$((SOURCE_DATE_EPOCH + 42 * 69)) TZ=UTC printf -v _keys_uuid '%(%F-%H-%M-%S-00)T' "${_keys_epoch}" TZ=UTC printf -v _archiso_uuid '%(%F-%H-%M-%S-00)T' "${SOURCE_DATE_EPOCH}" - _cparams=("root=/dev/mapper/root" - "cryptdevice=UUID=${_archiso_uuid},${_airootfs_path}:root" - "cryptkey=UUID=${_keys_uuid}:iso9660,${_keys_fs_type}:${_keys_path},airootfs.key") - if [ "${encryption_key}" != "" ]; then + if [[ "${airootfs_image_type}" == *luks ]]; then + _cparams=("root=/dev/mapper/root" + "cryptdevice=UUID=${_archiso_uuid},${_airootfs_path}:root:readonly") + if [ "${encryption_key}" != "" ]; then + _cparams+=("cryptkey=UUID=${_keys_uuid}:iso9660,${_keys_fs_type}:${_keys_path},airootfs.key") + fi echo "${_cparams[@]}" else echo "" @@ -1076,11 +1108,6 @@ _validate_requirements_bootmode_uefi-ia32.grub.eltorito() { _prepare_airootfs_image() { local airootfs_size pacstrap_size - if [ "${encryption_key}" != "" ]; then - cp "${encryption_key}" "${work_dir}/${iso_label}.key" - encryption_key="${work_dir}/${iso_label}.key" - fi - pacstrap_size=$(du -s "${pacstrap_dir}" | cut -f 1) airootfs_size=$((pacstrap_size+200000)) @@ -1093,8 +1120,6 @@ _prepare_airootfs_image() { # Build keys filesystem image _prepare_keys_image() { - cp "${encryption_key}" "${keys_dir}/airootfs.key" - encryption_key="${keys_dir}/airootfs.key" keys_size=200000 _run_once "_mkkeys_${keys_image_type}" @@ -1172,6 +1197,19 @@ _validate_requirements_airootfs_image_type_ext4+squashfs() { _validate_requirements_airootfs_image_type_squashfs } +# +_resolve_encryption_key(){ + if [ ! -f "${encryption_key}" ]; then + if [ "${encryption_key}" = 'auto' ]; then + encryption_key="${work_dir}/${iso_label}.key" + [ ! -d "${work_dir}" ] && install -d "${work_dir}" + dd if=/dev/random bs=32 count=1 of="${encryption_key}" + elif [ "${encryption_key}" != 'auto' ]; then + _msg_error "File '${encryption_key}' does not exist." 0 + fi + fi +} + _validate_requirements_airootfs_image_type_squashfs+luks() { _validate_requirements_airootfs_image_type_luks _validate_requirements_airootfs_image_type_squashfs @@ -1195,6 +1233,7 @@ _validate_requirements_airootfs_image_type_luks() { (( validation_error=validation_error+1 )) _msg_error "Validating '${airootfs_image_type}': cryptsetup is not available on this host. Install 'cryptsetup'!" 0 fi + [[ -n "$encryption_key" ]] && _resolve_encryption_key } _validate_requirements_airootfs_image_type_erofs+luks() { @@ -1272,7 +1311,7 @@ _validate_common_requirements_buildmode_iso_netboot() { } _validate_requirements_buildmode_keys() { - echo "TODO" + [[ -n "$encryption_key" ]] && _resolve_encryption_key } _validate_requirements_buildmode_iso() { @@ -1380,7 +1419,7 @@ _add_xorrisofs_options_uefi-x64.systemd-boot.esp() { # Move the first partition away from the start of the ISO, otherwise the GPT will not be valid and ISO 9660 # partition will not be mountable # shellcheck disable=SC2076 - [[ " ${xorrisofs_options[*]} " =~ ' -partition_offset ' ]] || xorrisofs_options+=('-partition_offset' '32') + [[ " ${xorrisofs_options[*]} " =~ ' -partition_offset ' ]] || xorrisofs_options+=('-partition_offset' '16') # Attach efiboot.img as a second partition and set its partition type to "EFI system partition" xorrisofs_options+=('-append_partition' '2' 'C12A7328-F81F-11D2-BA4B-00A0C93EC93B' "${efibootimg}") if [ "${persistent_size}" != "" ]; then @@ -1540,6 +1579,11 @@ _build_iso_image() { "${isofs_dir}/" _msg_info "Done!" du -h -- "${out_dir}/${image_name}" + + if [[ ! " ${buildmodes[*]} " =~ ' keys ' ]]; then + cp "${encryption_key}" "${out_dir}" + fi + } # Read profile's values from profiledef.sh @@ -1561,6 +1605,7 @@ _read_profile() { # Resolve paths of files that are expected to reside in the profile's directory [[ -n "$arch" ]] || arch="$(uname -m)" [[ -n "$packages" ]] || packages="${profile}/packages.${arch}" + packages="$(realpath -- "${packages}")" pacman_conf="$(realpath -- "${pacman_conf}")" @@ -1731,12 +1776,14 @@ _build_keys_base() { local run_once_mode="base" # Set up essential directory paths - keys_dir="${work_dir}/keys" keys_isofs_dir="${work_dir}/keys_iso" + keys_dir="${work_dir}/keys" [[ -d "${keys_dir}" ]] || install -d -- "${keys_dir}" [[ -d "${keys_isofs_dir}" ]] || install -d -- "${keys_isofs_dir}" + cp "${encryption_key}" "${keys_dir}/airootfs.key" + _run_once _prepare_keys_image } -- GitLab From f200746586b94c08cf583a1757ea64b52ef0dd78 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Thu, 30 Jun 2022 10:37:43 +0000 Subject: [PATCH 148/347] add a runtime persistent storage creation script (incomplete) --- archiso/mkarchiso | 2 +- .../usr/local/bin/setup-persistent-storage | 91 +++++++++++++++++++ configs/releng/packages.x86_64 | 1 + 3 files changed, 93 insertions(+), 1 deletion(-) create mode 100755 configs/releng/airootfs/usr/local/bin/setup-persistent-storage diff --git a/archiso/mkarchiso b/archiso/mkarchiso index dea1ea2e..40e411fa 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -308,7 +308,7 @@ _run_mkerofs() { _mkluks_common() { local _out="${work_dir}/${iso_label}.key" if [ "${encryption_key}" = "" ]; then - echo -n Airootfs password: + echo -n "Airootfs password:" read -rs password echo "${password}" > "${_out}" encryption_key="${_out}" diff --git a/configs/releng/airootfs/usr/local/bin/setup-persistent-storage b/configs/releng/airootfs/usr/local/bin/setup-persistent-storage new file mode 100755 index 00000000..0b6f3b26 --- /dev/null +++ b/configs/releng/airootfs/usr/local/bin/setup-persistent-storage @@ -0,0 +1,91 @@ +#!/bin/sh + +grub_cfg="/run/archiso/bootmnt/EFI/BOOT/grub.cfg" +archisouuid="$(grep "archisouuid=" < "${grub_cfg}" | head -1 | awk '{print $5}' | sed 's/archisouuid=//g')" +guid="0FC63DAF-8483-4772-8E79-3D69D8477DE4" + +_find_iso() { + for disk in /dev/disk/by-diskseq/*; do + disk_uuid=$(blkid -o value -s UUID "${disk}") + disk_type=$(blkid -o value -s TYPE "${disk}") + #shellcheck disable=SC2154 + if [ "${disk_uuid}" = "${archisouuid}" ] && [ "${disk_type}" = "iso9660" ]; then + break + fi + done +} + +_get_avail_space() { + disk_avail="$(parted "${disk}" unit MB print free | grep 'Free Space' | tail -n1 | awk '{print $3}' | sed 's/MB//g')" + mem_avail=$(( $(grep MemAvailable <"/proc/meminfo" | awk '{print $2}') / 1000)) + avail=$(( disk_avail < mem_avail ? disk_avail : mem_avail )) +} + +_resolve_encryption_key() { + if [ "${encryption_key}" = "" ]; then + echo -n "Enter a new password for the persistent partition:" + read -rs password + echo "${password}" > "${passwd_path}" + encryption_key="${passwd_path}" + elif [ ! -f "${encryption_key}" ]; then + if [ "${encryption_key}" = "auto" ]; then + encryption_key="${passwd_path}" + dd if="/dev/random" bs=32 count=1 of="${encryption_key}" + elif [ "${encryption_key}" != "auto" ]; then + echo "File ${encryption_key} does not exist." + exit + fi + fi +} + +_luks_format(){ + mapper=$(basename "${image_path}")".map" + image_device="/dev/mapper/${mapper}" + cryptsetup_opts=('--type' 'luks2') + if [ "${encryption_key}" != "" ]; then + cryptsetup_opts+=("--key-file=${encryption_key}") + fi + cryptsetup_opts+=('--integrity' 'cmac-aes' \ + '--sector-size' '4096' \ + '--pbkdf-memory' 256) + while ! eval "cryptsetup -q -y luksFormat ${cryptsetup_opts[*]} ${image_path}"; do + sleep 1 + done + while ! eval "cryptsetup open ${image_path} ${mapper}"; do + _close_luks_device "${image_device}" + done +} + +_close_luks_device() { + local device="${1}" + local mapper + mapper=$(basename "${device}") + blockdev --flushbufs "${device}" + cryptsetup luksClose "${mapper}" || true + if [ -e "${device}" ]; then + dmsetup remove "${device}" || true + fi + sync +} + +_make_persistent() { + encryption_key="${1}" + image_path="/tmp/persistent.img" + passwd_path="/tmp/persistent.passwd" + mount -o remount,rw,size=1E "/run/archiso/cowspace" + fallocate -l "${avail}M" "${image_path}" + losetup "/dev/loop314" "${image_path}" + resolve_encryption_key + luks_format + mkfs.ext4 -O '^has_journal,^resize_inode' \ + -E 'lazy_itable_init=0,root_owner=0:0' \ + -m '0' -F -U 'clear' -- "${image_device}" + tune2fs -c 0 -i 0 - "${image_device}" > /dev/null + sync + _close_luks_device "${image_device}" + losetup -d "/dev/loop314" +} + +_add_persistent() { + xorriso -indev "${disk}" -outdev "${disk}" -append_partition 3 "${guid}" "${image_path}" -boot_image any replay +} diff --git a/configs/releng/packages.x86_64 b/configs/releng/packages.x86_64 index 8a0c80db..fc0d3e7c 100644 --- a/configs/releng/packages.x86_64 +++ b/configs/releng/packages.x86_64 @@ -121,4 +121,5 @@ wpa_supplicant wvdial xfsprogs xl2tpd +xorriso zsh -- GitLab From fdb355f6afe8039542c94a59a76dcd0a2d145f37 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Thu, 30 Jun 2022 11:02:31 +0000 Subject: [PATCH 149/347] add a runtime persistent storage creation script (incomplete) --- .../usr/local/bin/setup-persistent-storage | 22 ++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/configs/releng/airootfs/usr/local/bin/setup-persistent-storage b/configs/releng/airootfs/usr/local/bin/setup-persistent-storage index 0b6f3b26..0a15b51a 100755 --- a/configs/releng/airootfs/usr/local/bin/setup-persistent-storage +++ b/configs/releng/airootfs/usr/local/bin/setup-persistent-storage @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash grub_cfg="/run/archiso/bootmnt/EFI/BOOT/grub.cfg" archisouuid="$(grep "archisouuid=" < "${grub_cfg}" | head -1 | awk '{print $5}' | sed 's/archisouuid=//g')" @@ -31,9 +31,10 @@ _resolve_encryption_key() { if [ "${encryption_key}" = "auto" ]; then encryption_key="${passwd_path}" dd if="/dev/random" bs=32 count=1 of="${encryption_key}" + echo "The encryption key has been saved to ${encryption_key}" elif [ "${encryption_key}" != "auto" ]; then echo "File ${encryption_key} does not exist." - exit + exit 0 fi fi } @@ -75,7 +76,6 @@ _make_persistent() { mount -o remount,rw,size=1E "/run/archiso/cowspace" fallocate -l "${avail}M" "${image_path}" losetup "/dev/loop314" "${image_path}" - resolve_encryption_key luks_format mkfs.ext4 -O '^has_journal,^resize_inode' \ -E 'lazy_itable_init=0,root_owner=0:0' \ @@ -89,3 +89,19 @@ _make_persistent() { _add_persistent() { xorriso -indev "${disk}" -outdev "${disk}" -append_partition 3 "${guid}" "${image_path}" -boot_image any replay } + +_validate_requirements() { + partitions=$(partx -g "${disk}" | wl -l) + if [ "${partitions}" -gt 2 ]; then + exit 0 + fi + _resolve_encryption_key +} + +_start() { + _find_iso + _validate_requirements + _get_avail_space + _make_persistent "auto" + _add_persistent +} -- GitLab From d66ef709e4ff0e01bd9d3d7110ad85e74c3bf95a Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Tue, 5 Jul 2022 08:49:03 +0000 Subject: [PATCH 150/347] test --- configs/releng/airootfs/usr/local/bin/setup-persistent-storage | 3 +++ 1 file changed, 3 insertions(+) diff --git a/configs/releng/airootfs/usr/local/bin/setup-persistent-storage b/configs/releng/airootfs/usr/local/bin/setup-persistent-storage index 0a15b51a..19bc5c0f 100755 --- a/configs/releng/airootfs/usr/local/bin/setup-persistent-storage +++ b/configs/releng/airootfs/usr/local/bin/setup-persistent-storage @@ -2,6 +2,7 @@ grub_cfg="/run/archiso/bootmnt/EFI/BOOT/grub.cfg" archisouuid="$(grep "archisouuid=" < "${grub_cfg}" | head -1 | awk '{print $5}' | sed 's/archisouuid=//g')" +archisolabel="$(grep "archisolabel=" < "${grub_cfg}" | head -1 | awk '{print $5}' | sed 's/archisouuid=//g')" guid="0FC63DAF-8483-4772-8E79-3D69D8477DE4" _find_iso() { @@ -105,3 +106,5 @@ _start() { _make_persistent "auto" _add_persistent } + +_start -- GitLab From 39a7180cf5cfcbcea3440a3ff360ea995da87080 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Tue, 5 Jul 2022 08:50:26 +0000 Subject: [PATCH 151/347] test --- .../setup-persistent-storage.service | 1 + .../etc/systemd/system/setup-persistent-storage.service | 9 +++++++++ 2 files changed, 10 insertions(+) create mode 120000 configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/setup-persistent-storage.service create mode 100644 configs/releng/airootfs/etc/systemd/system/setup-persistent-storage.service diff --git a/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/setup-persistent-storage.service b/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/setup-persistent-storage.service new file mode 120000 index 00000000..875f8620 --- /dev/null +++ b/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/setup-persistent-storage.service @@ -0,0 +1 @@ +/etc/systemd/system/setup-persistent-storage.service \ No newline at end of file diff --git a/configs/releng/airootfs/etc/systemd/system/setup-persistent-storage.service b/configs/releng/airootfs/etc/systemd/system/setup-persistent-storage.service new file mode 100644 index 00000000..823cb1ee --- /dev/null +++ b/configs/releng/airootfs/etc/systemd/system/setup-persistent-storage.service @@ -0,0 +1,9 @@ +[Unit] +Description=Setup an encrypted persistent storage on the USB drive + +[Service] +Type=oneshot +ExecStart=/usr/local/bin/setup-persistent-storage + +[Install] +WantedBy=multi-user.target -- GitLab From bbd4e025240bf89c671f161ea5d4ba1538c694c7 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Tue, 5 Jul 2022 10:05:32 +0000 Subject: [PATCH 152/347] add persistence test --- .../system/setup-persistent-storage.service | 2 +- .../usr/local/bin/setup-persistent-storage | 32 ++++++++++++++++--- 2 files changed, 29 insertions(+), 5 deletions(-) diff --git a/configs/releng/airootfs/etc/systemd/system/setup-persistent-storage.service b/configs/releng/airootfs/etc/systemd/system/setup-persistent-storage.service index 823cb1ee..a2009c4a 100644 --- a/configs/releng/airootfs/etc/systemd/system/setup-persistent-storage.service +++ b/configs/releng/airootfs/etc/systemd/system/setup-persistent-storage.service @@ -3,7 +3,7 @@ Description=Setup an encrypted persistent storage on the USB drive [Service] Type=oneshot -ExecStart=/usr/local/bin/setup-persistent-storage +ExecStart=/usr/local/bin/setup-persistent-storage airootfs [Install] WantedBy=multi-user.target diff --git a/configs/releng/airootfs/usr/local/bin/setup-persistent-storage b/configs/releng/airootfs/usr/local/bin/setup-persistent-storage index 19bc5c0f..f97eb8b1 100755 --- a/configs/releng/airootfs/usr/local/bin/setup-persistent-storage +++ b/configs/releng/airootfs/usr/local/bin/setup-persistent-storage @@ -22,7 +22,23 @@ _get_avail_space() { avail=$(( disk_avail < mem_avail ? disk_avail : mem_avail )) } +_mount_keys_device() { + keys_device="/dev/disk/by-label/${archisolabel}_KEYS" + mkdir /ckey /ckey2 + chmod 700 /ckey /ckey2 + mount "${keys_device}" "/ckey" + cryptsetup --type luks2 open "/ckey/keys.erofs" "keys.map" + mount -t erofs "/dev/mapper/keys.map" "/ckey2" +} + +_unmount_keys_device() { + umount "/ckey2" + _close_luks_device "/dev/mapper/keys.map" + umount "/ckey" +} + _resolve_encryption_key() { + local passwd_path="/tmp/persistent.passwd" if [ "${encryption_key}" = "" ]; then echo -n "Enter a new password for the persistent partition:" read -rs password @@ -33,10 +49,16 @@ _resolve_encryption_key() { encryption_key="${passwd_path}" dd if="/dev/random" bs=32 count=1 of="${encryption_key}" echo "The encryption key has been saved to ${encryption_key}" - elif [ "${encryption_key}" != "auto" ]; then + elif [ "${encryption_key}" = "airootfs" ]; then + _mount_keys_device + mkdir /tmp/keys + chmod 700 /tmp/keys + cp /ckey2/airootfs.key /tmp/keys/storage.key + encryption_key="/tmp/keys/storage.key" + else echo "File ${encryption_key} does not exist." exit 0 - fi + fi fi } @@ -85,6 +107,7 @@ _make_persistent() { sync _close_luks_device "${image_device}" losetup -d "/dev/loop314" + # rm "${encryption_key}" } _add_persistent() { @@ -100,11 +123,12 @@ _validate_requirements() { } _start() { + local encryption_key="${1}" _find_iso _validate_requirements _get_avail_space - _make_persistent "auto" + _make_persistent "${encryption_key}" _add_persistent } -_start +_start "${1}" -- GitLab From 4ac770785cebdcaccbe7d42b660d77cb766959b5 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Tue, 5 Jul 2022 10:06:12 +0000 Subject: [PATCH 153/347] plain text password for releng --- .../etc/systemd/system/setup-persistent-storage.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configs/releng/airootfs/etc/systemd/system/setup-persistent-storage.service b/configs/releng/airootfs/etc/systemd/system/setup-persistent-storage.service index a2009c4a..823cb1ee 100644 --- a/configs/releng/airootfs/etc/systemd/system/setup-persistent-storage.service +++ b/configs/releng/airootfs/etc/systemd/system/setup-persistent-storage.service @@ -3,7 +3,7 @@ Description=Setup an encrypted persistent storage on the USB drive [Service] Type=oneshot -ExecStart=/usr/local/bin/setup-persistent-storage airootfs +ExecStart=/usr/local/bin/setup-persistent-storage [Install] WantedBy=multi-user.target -- GitLab From 47237cd2162b9b1c100395257545a3f11e7ac1fe Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Tue, 5 Jul 2022 10:15:25 +0000 Subject: [PATCH 154/347] increase key size --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 40e411fa..b6803c85 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1203,7 +1203,7 @@ _resolve_encryption_key(){ if [ "${encryption_key}" = 'auto' ]; then encryption_key="${work_dir}/${iso_label}.key" [ ! -d "${work_dir}" ] && install -d "${work_dir}" - dd if=/dev/random bs=32 count=1 of="${encryption_key}" + dd if=/dev/random bs=32 count=5 of="${encryption_key}" elif [ "${encryption_key}" != 'auto' ]; then _msg_error "File '${encryption_key}' does not exist." 0 fi -- GitLab From fceb608ec57ce17dea3223a9969e48d02e957109 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Tue, 5 Jul 2022 10:17:52 +0000 Subject: [PATCH 155/347] increase key size --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index b6803c85..b672f599 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1203,7 +1203,7 @@ _resolve_encryption_key(){ if [ "${encryption_key}" = 'auto' ]; then encryption_key="${work_dir}/${iso_label}.key" [ ! -d "${work_dir}" ] && install -d "${work_dir}" - dd if=/dev/random bs=32 count=5 of="${encryption_key}" + dd if=/dev/random bs=512 count=1 of="${encryption_key}" elif [ "${encryption_key}" != 'auto' ]; then _msg_error "File '${encryption_key}' does not exist." 0 fi -- GitLab From 6f67a5b9920a73f1663cb28d2e0bb0a83560bfea Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Tue, 5 Jul 2022 10:20:12 +0000 Subject: [PATCH 156/347] increase key size --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index b672f599..79ce09b1 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1203,7 +1203,7 @@ _resolve_encryption_key(){ if [ "${encryption_key}" = 'auto' ]; then encryption_key="${work_dir}/${iso_label}.key" [ ! -d "${work_dir}" ] && install -d "${work_dir}" - dd if=/dev/random bs=512 count=1 of="${encryption_key}" + dd if=/dev/random bs=4096 count=1 of="${encryption_key}" elif [ "${encryption_key}" != 'auto' ]; then _msg_error "File '${encryption_key}' does not exist." 0 fi -- GitLab From 83ccf66158fa0898fda513a2243ee87713432b04 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Tue, 5 Jul 2022 10:24:37 +0000 Subject: [PATCH 157/347] increase key size --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 79ce09b1..37d92490 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1203,7 +1203,7 @@ _resolve_encryption_key(){ if [ "${encryption_key}" = 'auto' ]; then encryption_key="${work_dir}/${iso_label}.key" [ ! -d "${work_dir}" ] && install -d "${work_dir}" - dd if=/dev/random bs=4096 count=1 of="${encryption_key}" + dd if=/dev/random bs=40960 count=1 of="${encryption_key}" elif [ "${encryption_key}" != 'auto' ]; then _msg_error "File '${encryption_key}' does not exist." 0 fi -- GitLab From 463f950e0241d2a07a6495ef1c5924fcef694528 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Tue, 5 Jul 2022 10:26:58 +0000 Subject: [PATCH 158/347] increase key size --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 37d92490..66b225ec 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1203,7 +1203,7 @@ _resolve_encryption_key(){ if [ "${encryption_key}" = 'auto' ]; then encryption_key="${work_dir}/${iso_label}.key" [ ! -d "${work_dir}" ] && install -d "${work_dir}" - dd if=/dev/random bs=40960 count=1 of="${encryption_key}" + dd if=/dev/random bs=409600 count=1 of="${encryption_key}" elif [ "${encryption_key}" != 'auto' ]; then _msg_error "File '${encryption_key}' does not exist." 0 fi -- GitLab From 9cb953fe1f265f2d46748fd3dc19cfb427759711 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Tue, 5 Jul 2022 10:43:47 +0000 Subject: [PATCH 159/347] try adding key size? --- archiso/mkarchiso | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 66b225ec..46d9fdc1 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -189,7 +189,8 @@ _run_mkluks() { _uuid="$(uuidgen --sha1 --namespace 93a870ff-8565-4cf3-a67b-f47299271a96 --name "${_epoch}")" if [[ "${_encryption_key}" != "" ]]; then - _key_opts=("--key-file=${_encryption_key}") + _key_opts=("--key-file=${_encryption_key}" \ + "--key-size=512") _cryptsetup_opts+=("${_key_opts[@]}") _key_msg="with key $(basename "${_encryption_key}")" fi @@ -1203,7 +1204,7 @@ _resolve_encryption_key(){ if [ "${encryption_key}" = 'auto' ]; then encryption_key="${work_dir}/${iso_label}.key" [ ! -d "${work_dir}" ] && install -d "${work_dir}" - dd if=/dev/random bs=409600 count=1 of="${encryption_key}" + dd if=/dev/random bs=512 count=1 of="${encryption_key}" elif [ "${encryption_key}" != 'auto' ]; then _msg_error "File '${encryption_key}' does not exist." 0 fi -- GitLab From 3f8ce250805cad3e06143e13d4efd52c900369b6 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Tue, 5 Jul 2022 11:09:27 +0000 Subject: [PATCH 160/347] we keep those options I guess --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 46d9fdc1..27929d01 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -197,7 +197,7 @@ _run_mkluks() { _activation_opts+=("${_cryptsetup_opts[@]}") _format_opts+=("${_cryptsetup_opts[@]}" \ - '--integrity' 'cmac-aes' \ + '--integrity' 'hmac-sha512' \ '--sector-size' '4096' \ '--pbkdf-memory' 256) -- GitLab From 2591ed6cb0b0feb9a9a37a5440727c2e377d52e9 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Tue, 5 Jul 2022 11:15:59 +0000 Subject: [PATCH 161/347] sily blockdev, you don't have to crash --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 27929d01..2cd78cb2 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -237,7 +237,7 @@ _close_luks_device() { local _device="${1}" local _mapper _mapper=$(basename "${_device}") - blockdev --flushbufs "${_device}" + blockdev --flushbufs "${_device}" || true cryptsetup luksClose "${_mapper}" || true if [ -e "${_device}" ]; then dmsetup remove "${_device}" || true -- GitLab From b0a2ff3477a5ea09fad1ace927f199060bb04c52 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Tue, 5 Jul 2022 11:19:53 +0000 Subject: [PATCH 162/347] key-size set to 512 --- archiso/mkarchiso | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 2cd78cb2..b3cdb667 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -189,8 +189,7 @@ _run_mkluks() { _uuid="$(uuidgen --sha1 --namespace 93a870ff-8565-4cf3-a67b-f47299271a96 --name "${_epoch}")" if [[ "${_encryption_key}" != "" ]]; then - _key_opts=("--key-file=${_encryption_key}" \ - "--key-size=512") + _key_opts=("--key-file=${_encryption_key}") _cryptsetup_opts+=("${_key_opts[@]}") _key_msg="with key $(basename "${_encryption_key}")" fi @@ -199,11 +198,14 @@ _run_mkluks() { _format_opts+=("${_cryptsetup_opts[@]}" \ '--integrity' 'hmac-sha512' \ '--sector-size' '4096' \ + '--key-size' '512' \ '--pbkdf-memory' 256) if [ "${_read_only}" = "true" ]; then _msg_info "Integrity journal disabled" - _activation_opts+=('--persistent' '--integrity-no-journal') + _activation_opts+=('--persistent' \ + '--integrity-no-journal' \ + '--key-size' '512') fi _msg_info "Creating LUKS image $(basename "${_image_path}") with cryptsetup (${_size}KB) ${_key_msg}" -- GitLab From d5f81a1b8018cf7d3a37a6292cbb34c53cfbbad2 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Tue, 5 Jul 2022 11:24:39 +0000 Subject: [PATCH 163/347] forgot to refresh --- .../releng/airootfs/usr/local/bin/setup-persistent-storage | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/configs/releng/airootfs/usr/local/bin/setup-persistent-storage b/configs/releng/airootfs/usr/local/bin/setup-persistent-storage index f97eb8b1..743f9595 100755 --- a/configs/releng/airootfs/usr/local/bin/setup-persistent-storage +++ b/configs/releng/airootfs/usr/local/bin/setup-persistent-storage @@ -122,6 +122,10 @@ _validate_requirements() { _resolve_encryption_key } +_refresh_partitions() { + partprobe "${disk}" +} + _start() { local encryption_key="${1}" _find_iso @@ -129,6 +133,7 @@ _start() { _get_avail_space _make_persistent "${encryption_key}" _add_persistent + _refresh_partitions } _start "${1}" -- GitLab From ed0757d523825ee37b837716a3ce796d62c9a83b Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Tue, 5 Jul 2022 11:28:16 +0000 Subject: [PATCH 164/347] set permissions --- configs/releng/profiledef.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/configs/releng/profiledef.sh b/configs/releng/profiledef.sh index 56e02b1b..cd7a7218 100644 --- a/configs/releng/profiledef.sh +++ b/configs/releng/profiledef.sh @@ -29,4 +29,5 @@ file_permissions=( ["/usr/local/bin/choose-mirror"]="0:0:755" ["/usr/local/bin/Installation_guide"]="0:0:755" ["/usr/local/bin/livecd-sound"]="0:0:755" + ["/usr/local/bin/setup-persistent-storage"]="0:0:755" ) -- GitLab From d22fe010ed8e8166da3d18e0a754acc19674af8b Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 6 Jul 2022 13:51:25 +0000 Subject: [PATCH 165/347] Update CHANGELOG.rst --- CHANGELOG.rst | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 78a9c906..9030a027 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -7,7 +7,12 @@ Changelog Added ----- -- Add support for LUKS2 image disks. +- Add support for LUKS2 image disks: + - ``+luks`` airootfs image types; + - ``keys`` buildmode; + - ``encryption_key`` parameter; +- Add support for persistent partition on ISO: + - ''persistent_size'' parameter; - Configure the locale for the baseline profile to ``C.UTF-8`` so that a UTF-8 locale is used. Changed -- GitLab From 9e2c5bcf1e5e14d445c4415857eec391c14ace9f Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 6 Jul 2022 13:56:34 +0000 Subject: [PATCH 166/347] Update CHANGELOG.rst --- docs/README.profile.rst | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/README.profile.rst b/docs/README.profile.rst index d84cccad..f650a4dd 100644 --- a/docs/README.profile.rst +++ b/docs/README.profile.rst @@ -66,6 +66,12 @@ The image file is constructed from some of the variables in ``profiledef.sh``: ` - ``erofs+luks``: Create a LUKS image containing an EROFS image for the airootfs work directory * ``airootfs_image_tool_options``: An array of options to pass to the tool to create the airootfs image. ``mksquashfs`` and ``mkfs.erofs`` are supported. See ``mksquashfs --help`` or ``mkfs.erofs --help`` for all possible options +* ``encryption_key``: If pointing to a file, it will use as encryption key for the airootfs; if "auto" will generate a key + at build time; if empty, will prompt for password. +* ``persistent_size``: Size in KB of the persistent partition. +* ``persistent_image_type``: The type of the persistent portion of the ISO. + - ``ext4``: Create an ext4 partition. + - ``ext4+luks``: Create a LUKS container with an ext4 partition inside. * ``keys_image_type``: Same as ``airootfs_image_type`` for the "keys" ISO. * ``keys_image_tool_options``: Same as ``airootfs_image_tool_options`` for the "keys" ISO. * ``file_permissions``: An associative array that lists files and/or directories who need specific ownership or -- GitLab From b9d6e6f18c78136c427bacd4a37be3d4fb38df1c Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 6 Jul 2022 13:58:37 +0000 Subject: [PATCH 167/347] remove public pkglist if encryption is enabled --- archiso/mkarchiso | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index b3cdb667..cc2887c0 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1766,7 +1766,13 @@ _make_pkglist() { "bootstrap") pacman -Q --sysroot "${pacstrap_dir}" > "${pacstrap_dir}/pkglist.${arch}.txt" ;; - "iso"|"netboot") + "iso") + install -d -m 0755 -- "${isofs_dir}/${install_dir}" + if [[ ! "${airootfs_image_type}" == *"luks"* ]]; then + pacman -Q --sysroot "${pacstrap_dir}" > "${isofs_dir}/${install_dir}/pkglist.${arch}.txt" + fi + ;; + "netboot") install -d -m 0755 -- "${isofs_dir}/${install_dir}" pacman -Q --sysroot "${pacstrap_dir}" > "${isofs_dir}/${install_dir}/pkglist.${arch}.txt" ;; -- GitLab From 41808d4217c2293f164f1b05407a99106fd1a213 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 6 Jul 2022 13:59:48 +0000 Subject: [PATCH 168/347] update baseline profile --- configs/baseline/profiledef.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configs/baseline/profiledef.sh b/configs/baseline/profiledef.sh index 10b567d5..653eac2a 100644 --- a/configs/baseline/profiledef.sh +++ b/configs/baseline/profiledef.sh @@ -18,7 +18,7 @@ arch="x86_64" pacman_conf="pacman.conf" airootfs_image_type="erofs" airootfs_image_tool_options=('-zlz4hc,12') -encryption_key="" +encryption_key="auto" keys_image_type="erofs" keys_image_tool_options=('-zlz4hc,12') file_permissions=( -- GitLab From d33c8e002950549e472c6a806cf2a706dacb063b Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 6 Jul 2022 14:01:33 +0000 Subject: [PATCH 169/347] gitkeep for keys directory --- configs/baseline/run/archiso/keys/.gitkeep | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 configs/baseline/run/archiso/keys/.gitkeep diff --git a/configs/baseline/run/archiso/keys/.gitkeep b/configs/baseline/run/archiso/keys/.gitkeep new file mode 100644 index 00000000..e69de29b -- GitLab From 555286de197f2a6a0b5baf5848178819eac157a0 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 6 Jul 2022 14:02:27 +0000 Subject: [PATCH 170/347] gitkeep for keys directory --- docs/README.profile.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/README.profile.rst b/docs/README.profile.rst index f650a4dd..e1fec7ba 100644 --- a/docs/README.profile.rst +++ b/docs/README.profile.rst @@ -66,7 +66,7 @@ The image file is constructed from some of the variables in ``profiledef.sh``: ` - ``erofs+luks``: Create a LUKS image containing an EROFS image for the airootfs work directory * ``airootfs_image_tool_options``: An array of options to pass to the tool to create the airootfs image. ``mksquashfs`` and ``mkfs.erofs`` are supported. See ``mksquashfs --help`` or ``mkfs.erofs --help`` for all possible options -* ``encryption_key``: If pointing to a file, it will use as encryption key for the airootfs; if "auto" will generate a key +* ``encryption_key``: If pointing to a file, it will use as encryption key for the airootfs; if "auto" will generate a key at build time; if empty, will prompt for password. * ``persistent_size``: Size in KB of the persistent partition. * ``persistent_image_type``: The type of the persistent portion of the ISO. -- GitLab From 710abd873609e5d983d51be2987f45d20332f5c1 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 6 Jul 2022 14:04:32 +0000 Subject: [PATCH 171/347] fix point --- configs/releng/profiledef.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configs/releng/profiledef.sh b/configs/releng/profiledef.sh index cd7a7218..4bfa8cf0 100644 --- a/configs/releng/profiledef.sh +++ b/configs/releng/profiledef.sh @@ -18,7 +18,7 @@ arch="x86_64" pacman_conf="pacman.conf" airootfs_image_type="erofs" airootfs_image_tool_options=('-zlz4hc,12') -encryption_key="" +encryption_key="auto" keys_image_type="erofs" keys_image_tool_options=('-zlz4hc,12') file_permissions=( -- GitLab From 3ab16618e1e64e4a1cc106ec03a32e98f21a944b Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 6 Jul 2022 20:08:22 +0000 Subject: [PATCH 172/347] update --- configs/baseline/profiledef.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configs/baseline/profiledef.sh b/configs/baseline/profiledef.sh index 653eac2a..d97a92b6 100644 --- a/configs/baseline/profiledef.sh +++ b/configs/baseline/profiledef.sh @@ -17,7 +17,7 @@ bootmodes=('bios.syslinux.mbr' arch="x86_64" pacman_conf="pacman.conf" airootfs_image_type="erofs" -airootfs_image_tool_options=('-zlz4hc,12') +airootfs_image_tool_options=('-zlz4hc,12' -E ztailpacking) encryption_key="auto" keys_image_type="erofs" keys_image_tool_options=('-zlz4hc,12') -- GitLab From 44abfee2ccc083c5c39d371191948f3518e59ade Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 6 Jul 2022 20:22:42 +0000 Subject: [PATCH 173/347] update --- archiso/mkarchiso | 2 +- configs/baseline/profiledef.sh | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index cc2887c0..0a353631 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -485,7 +485,7 @@ _mkpersistent_ext4+luks() { persistent_guid="CA7D7CCB-63ED-4C53-861C-1742536059CC" _run_mkluks "${image_path}" "${persistent_size}" \ "${iso_label}_PERSISTENT" "${encryption_key}" "false" "${luks_uuid}" - _run_mkext4 "${persistent_dir}" $((persistent_size - 50000)) "${persistent_epoch}" + _run_mkext4 "${persistent_dir}" $((persistent_size - 1000)) "${persistent_epoch}" dd if="${persistent_dir}.img" of="${image_device}" sync _close_luks_device "${image_device}" diff --git a/configs/baseline/profiledef.sh b/configs/baseline/profiledef.sh index d97a92b6..2ee220fc 100644 --- a/configs/baseline/profiledef.sh +++ b/configs/baseline/profiledef.sh @@ -19,6 +19,7 @@ pacman_conf="pacman.conf" airootfs_image_type="erofs" airootfs_image_tool_options=('-zlz4hc,12' -E ztailpacking) encryption_key="auto" +persistent_size=20000 keys_image_type="erofs" keys_image_tool_options=('-zlz4hc,12') file_permissions=( -- GitLab From e57eb6f67ec4ca7cdb33f6b7793dea5763fb31b4 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 6 Jul 2022 20:39:43 +0000 Subject: [PATCH 174/347] update authors --- AUTHORS.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/AUTHORS.rst b/AUTHORS.rst index 3a03c0e3..16527a2c 100644 --- a/AUTHORS.rst +++ b/AUTHORS.rst @@ -34,3 +34,4 @@ Archiso Authors * Yu Li-Yu * nl6720 * Øyvind Heggstad +* Pellegrino Prevete -- GitLab From f26cb70c831fa0aa6a5ae2d1763e987f39be50f3 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 6 Jul 2022 20:58:38 +0000 Subject: [PATCH 175/347] update --- .gitlab-ci.yml | 2 +- AUTHORS.rst | 1 + CHANGELOG.rst | 20 +++ archiso/mkarchiso | 303 ++++++++++++++++++++++++++++++--- configs/baseline/grub/grub.cfg | 22 ++- configs/baseline/profiledef.sh | 4 +- configs/releng/grub/grub.cfg | 65 +++++-- configs/releng/profiledef.sh | 2 +- docs/README.profile.rst | 11 +- 9 files changed, 374 insertions(+), 56 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 628c28f6..cb89eb56 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -10,7 +10,7 @@ include: variables: BUILD_SCRIPT: ./.gitlab/ci/build_archiso.sh - PACKAGE_LIST: dosfstools e2fsprogs erofs-utils jq libisoburn mtools openssl qemu-headless squashfs-tools zsync + PACKAGE_LIST: arch-install-scripts bash dosfstools e2fsprogs erofs-utils gnupg grub jq libarchive libisoburn mtools openssl qemu-headless squashfs-tools zsync QEMU_BUILD_TIMEOUT: 2400 QEMU_COPY_ARTIFACTS_TIMEOUT: 120 QEMU_VM_MEMORY: 3072 diff --git a/AUTHORS.rst b/AUTHORS.rst index 16527a2c..b03b91e6 100644 --- a/AUTHORS.rst +++ b/AUTHORS.rst @@ -34,4 +34,5 @@ Archiso Authors * Yu Li-Yu * nl6720 * Øyvind Heggstad +* plain linen * Pellegrino Prevete diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 9030a027..df9ae066 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -25,6 +25,26 @@ Changed Removed ------- +[65] - 2022-06-30 +================= + +Added +----- + +- Configure the locale for the baseline profile to ``C.UTF-8`` so that a UTF-8 locale is used. +- Add ``uefi-x64.grub.esp`` and ``uefi-x64.grub.eltorito`` boot mode to support x86_64 UEFI boot on x86_64 machines. +- Use ``mkfs.erofs``'s ``ztailpacking`` option in the baseline profile to reduce the image size. + +Changed +------- + +- Change the releng profile's locale from ``en_US.UTF-8`` to ``C.UTF-8``. +- Set ``LC_ALL`` to ``C.UTF-8`` instead of ``C`` in mkarchiso since it is now available and non-UTF-8 locales should be + avoided. + +Removed +------- + - Remove the custom pacman hook that ran ``locale-gen`` on glibc install from the releng profile. The used locale now ships with the glibc package itself. diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 0a353631..6d4b3ffd 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -806,30 +806,41 @@ _make_boot_on_fat() { # Create a FAT image (efiboot.img) which will serve as the EFI system partition # $1: image size in bytes _make_efibootimg() { - local imgsize="0" + local imgsize_kib="0" + local imgsize_bytes=${1} + + if (( imgsize_bytes < 2*1024*1024 )); then + _msg_info "Validating '${bootmode}': efiboot.img size is ${imgsize_bytes} bytes is less than 2 MiB! Bumping up to 2 MiB" + imgsize_bytes=$((2*1024*1024)) + fi # Convert from bytes to KiB and round up to the next full MiB with an additional MiB for reserved sectors. - imgsize="$(awk 'function ceil(x){return int(x)+(x>int(x))} + imgsize_kib="$(awk 'function ceil(x){return int(x)+(x>int(x))} function byte_to_kib(x){return x/1024} function mib_to_kib(x){return x*1024} - END {print mib_to_kib(ceil((byte_to_kib($1)+1024)/1024))}' <<< "${1}" + END {print mib_to_kib(ceil((byte_to_kib($1)+1024)/1024))}' <<< "${imgsize_bytes}" )" # The FAT image must be created with mkfs.fat not mformat, as some systems have issues with mformat made images: # https://lists.gnu.org/archive/html/grub-devel/2019-04/msg00099.html rm -f -- "${efibootimg}" - _msg_info "Creating FAT image of size: ${imgsize} KiB..." + _msg_info "Creating FAT image of size: ${imgsize_kib} KiB..." if [[ "${quiet}" == "y" ]]; then # mkfs.fat does not have a -q/--quiet option, so redirect stdout to /dev/null instead # https://github.com/dosfstools/dosfstools/issues/103 - mkfs.fat -C -n ARCHISO_EFI "${efibootimg}" "${imgsize}" > /dev/null + mkfs.fat -C -n ARCHISO_EFI "${efibootimg}" "${imgsize_kib}" > /dev/null else - mkfs.fat -C -n ARCHISO_EFI "${efibootimg}" "${imgsize}" + mkfs.fat -C -n ARCHISO_EFI "${efibootimg}" "${imgsize_kib}" fi # Create the default/fallback boot path in which a boot loaders will be placed later. mmd -i "${efibootimg}" ::/EFI ::/EFI/BOOT } +# Copy the grub.cfg file in efiboot.img which is used by both IA32 UEFI and x64 UEFI. +_make_efibootimg_grubcfg() { + mcopy -i "${efibootimg}" \ + "${work_dir}/grub.cfg" ::/EFI/BOOT/grub.cfg +} _make_bootmode_uefi-ia32.grub.esp() { local archiso_uuid TZ=UTC printf -v archiso_uuid '%(%F-%H-%M-%S-00)T' "${SOURCE_DATE_EPOCH}" @@ -841,29 +852,39 @@ _make_bootmode_uefi-ia32.grub.esp() { s|%ARCH%|${arch}|g" \ "${profile}/grub/grub.cfg" > "${work_dir}/grub.cfg" - # shellcheck disable=SC2016 - printf 'configfile ${cmdpath}/grub.cfg\n' > "${work_dir}/grub-embed.cfg" + IFS='' read -r -d '' grubembedcfg <<'EOF' || true +if ! [ -d "$cmdpath" ]; then + # On some firmware, GRUB has a wrong cmdpath when booted from an optical disc. + # https://gitlab.archlinux.org/archlinux/archiso/-/issues/183 + if regexp --set=1:isodevice '^(\([^)]+\))\/?[Ee][Ff][Ii]\/[Bb][Oo][Oo][Tt]\/?$' "$cmdpath"; then + cmdpath="${isodevice}/EFI/BOOT" + fi +fi +configfile "${cmdpath}/grub.cfg" +EOF + printf '%s\n' "$grubembedcfg" > "${work_dir}/grub-embed.cfg" - # Create EFI file + # Create EFI binary grub-mkstandalone -O i386-efi \ --modules="part_gpt part_msdos fat iso9660" \ --locales="en@quot" \ --themes="" \ + --sbat=/usr/share/grub/sbat.csv \ -o "${work_dir}/BOOTIA32.EFI" "boot/grub/grub.cfg=${work_dir}/grub-embed.cfg" # Add GRUB to the list of files used to calculate the required FAT image size. efiboot_files+=("${work_dir}/BOOTIA32.EFI" "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi") - if [[ ! " ${bootmodes[*]} " =~ uefi-x64.systemd-boot.esp ]]; then - efiboot_files+=("${pacstrap_dir}/boot/vmlinuz-"* - "${pacstrap_dir}/boot/initramfs-"*".img") - + if [[ " ${bootmodes[*]} " =~ uefi-x64.systemd-boot.esp ]]; then + # TODO: Remove this branch. + _run_once _make_bootmode_uefi-x64.systemd-boot.esp + elif [[ " ${bootmodes[*]} " =~ uefi-x64.grub.esp ]]; then + _run_once _make_bootmode_uefi-x64.grub.esp + else efiboot_imgsize="$(du -bc "${efiboot_files[@]}" \ 2>/dev/null | awk 'END { print $1 }')" # Create a FAT image for the EFI system partition _make_efibootimg "$efiboot_imgsize" - else - _run_once _make_bootmode_uefi-x64.systemd-boot.esp fi # Copy grub EFI binary to the default/fallback boot path @@ -871,10 +892,8 @@ _make_bootmode_uefi-ia32.grub.esp() { "${work_dir}/BOOTIA32.EFI" ::/EFI/BOOT/BOOTIA32.EFI # Copy GRUB configuration files - mcopy -i "${efibootimg}" \ - "${work_dir}/grub.cfg" ::/EFI/BOOT/grub.cfg + _run_once _make_efibootimg_grubcfg - # shellia32.efi is picked up automatically when on / if [[ -e "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi" ]]; then mcopy -i "${efibootimg}" \ "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi" ::/shellia32.efi @@ -889,7 +908,7 @@ _make_bootmode_uefi-ia32.grub.eltorito() { # uefi-ia32.grub.eltorito has the same requirements as uefi-ia32.grub.esp _run_once _make_bootmode_uefi-ia32.grub.esp - # Additionally set up system-boot in ISO 9660. This allows creating a medium for the live environment by using + # Additionally set up systemd-boot in ISO 9660. This allows creating a medium for the live environment by using # manual partitioning and simply copying the ISO 9660 file system contents. # This is not related to El Torito booting and no firmware uses these files. _msg_info "Preparing an /EFI directory for the ISO 9660 file system..." @@ -903,7 +922,6 @@ _make_bootmode_uefi-ia32.grub.eltorito() { install -m 0644 -- "${work_dir}/grub.cfg" "${isofs_dir}/EFI/BOOT/grub.cfg" # edk2-shell based UEFI shell - # shellia32.efi is picked up automatically when on / if [[ -e "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi" ]]; then install -m 0644 -- "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi" \ "${isofs_dir}/shellia32.efi" @@ -912,7 +930,84 @@ _make_bootmode_uefi-ia32.grub.eltorito() { _msg_info "Done!" } -# Prepare system-boot for booting when written to a disk (isohybrid) +_make_bootmode_uefi-x64.grub.esp() { + # Fill Grub configuration files + sed "s|%ARCHISO_LABEL%|${iso_label}|g; + s|%INSTALL_DIR%|${install_dir}|g; + s|%ARCH%|${arch}|g" \ + "${profile}/grub/grub.cfg" > "${work_dir}/grub.cfg" + + IFS='' read -r -d '' grubembedcfg <<'EOF' || true +if ! [ -d "$cmdpath" ]; then + # On some firmware, GRUB has a wrong cmdpath when booted from an optical disc. + # https://gitlab.archlinux.org/archlinux/archiso/-/issues/183 + if regexp --set=1:isodevice '^(\([^)]+\))\/?[Ee][Ff][Ii]\/[Bb][Oo][Oo][Tt]\/?$' "$cmdpath"; then + cmdpath="${isodevice}/EFI/BOOT" + fi +fi +configfile "${cmdpath}/grub.cfg" +EOF + printf '%s\n' "$grubembedcfg" > "${work_dir}/grub-embed.cfg" + + # Create EFI binary + grub-mkstandalone -O x86_64-efi \ + --modules="part_gpt part_msdos fat iso9660" \ + --locales="en@quot" \ + --themes="" \ + --sbat=/usr/share/grub/sbat.csv \ + -o "${work_dir}/BOOTx64.EFI" "boot/grub/grub.cfg=${work_dir}/grub-embed.cfg" + # Add GRUB to the list of files used to calculate the required FAT image size. + efiboot_files+=("${work_dir}/BOOTx64.EFI" + "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi") + + efiboot_imgsize="$(du -bc "${efiboot_files[@]}" \ + 2>/dev/null | awk 'END { print $1 }')" + + # Create a FAT image for the EFI system partition + _make_efibootimg "$efiboot_imgsize" + + # Copy grub EFI binary to the default/fallback boot path + mcopy -i "${work_dir}/efiboot.img" \ + "${work_dir}/BOOTx64.EFI" ::/EFI/BOOT/BOOTx64.EFI + + _run_once _make_efibootimg_grubcfg + + if [[ -e "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" ]]; then + mcopy -i "${work_dir}/efiboot.img" \ + "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" ::/shellx64.efi + fi + + _msg_info "Done! GRUB set up for UEFI booting successfully." +} + +# Prepare GRUB for El Torito booting +_make_bootmode_uefi-x64.grub.eltorito() { + # El Torito UEFI boot requires an image containing the EFI system partition. + # uefi-x64.grub.eltorito has the same requirements as uefi-x64.grub.esp + _run_once _make_bootmode_uefi-x64.grub.esp + + # Additionally set up systemd-boot in ISO 9660. This allows creating a medium for the live environment by using + # manual partitioning and simply copying the ISO 9660 file system contents. + # This is not related to El Torito booting and no firmware uses these files. + _msg_info "Preparing an /EFI directory for the ISO 9660 file system..." + install -d -m 0755 -- "${isofs_dir}/EFI/BOOT" + + # Copy GRUB EFI binary to the default/fallback boot path + install -m 0644 -- "${work_dir}/BOOTx64.EFI" \ + "${isofs_dir}/EFI/BOOT/BOOTx64.EFI" + + # Copy GRUB configuration files + install -m 0644 -- "${work_dir}/grub.cfg" "${isofs_dir}/EFI/BOOT" + + # edk2-shell based UEFI shell + if [[ -e "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" ]]; then + install -m 0644 -- "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" "${isofs_dir}/shellx64.efi" + fi + + _msg_info "Done!" +} + +# Prepare systemd-boot for booting when written to a disk (isohybrid) _make_bootmode_uefi-x64.systemd-boot.esp() { local _file efiboot_imgsize local _available_ucodes=() @@ -966,13 +1061,13 @@ _make_bootmode_uefi-x64.systemd-boot.esp() { _msg_info "Done! systemd-boot set up for UEFI booting successfully." } -# Prepare system-boot for El Torito booting +# Prepare systemd-boot for El Torito booting _make_bootmode_uefi-x64.systemd-boot.eltorito() { # El Torito UEFI boot requires an image containing the EFI system partition. # uefi-x64.systemd-boot.eltorito has the same requirements as uefi-x64.systemd-boot.esp _run_once _make_bootmode_uefi-x64.systemd-boot.esp - # Additionally set up system-boot in ISO 9660. This allows creating a medium for the live environment by using + # Additionally set up systemd-boot in ISO 9660. This allows creating a medium for the live environment by using # manual partitioning and simply copying the ISO 9660 file system contents. # This is not related to El Torito booting and no firmware uses these files. _msg_info "Preparing an /EFI directory for the ISO 9660 file system..." @@ -1049,6 +1144,11 @@ _validate_requirements_bootmode_bios.syslinux.eltorito() { } _validate_requirements_bootmode_uefi-x64.systemd-boot.esp() { + # shellcheck disable=SC2076 + if [[ " ${bootmodes[*]} " =~ ' uefi-x64.grub.esp ' ]]; then + _msg_error "Validating '${bootmode}': cannot be used with bootmode uefi-x64.grub.esp!" 0 + fi + # Check if mkfs.fat is available if ! command -v mkfs.fat &> /dev/null; then (( validation_error=validation_error+1 )) @@ -1089,6 +1189,11 @@ _validate_requirements_bootmode_uefi-x64.systemd-boot.esp() { } _validate_requirements_bootmode_uefi-x64.systemd-boot.eltorito() { + # shellcheck disable=SC2076 + if [[ " ${bootmodes[*]} " =~ ' uefi-x64.grub.eltorito ' ]]; then + _msg_error "Validating '${bootmode}': cannot be used with bootmode uefi-x64.grub.eltorito!" 0 + fi + # uefi-x64.systemd-boot.eltorito has the exact same requirements as uefi-x64.systemd-boot.esp _validate_requirements_bootmode_uefi-x64.systemd-boot.esp } @@ -1099,7 +1204,15 @@ _validate_requirements_bootmode_uefi-ia32.grub.esp() { (( validation_error=validation_error+1 )) _msg_error "Validating '${bootmode}': grub-install is not available on this host. Install 'grub'!" 0 fi - _validate_requirements_bootmode_uefi-x64.systemd-boot.esp + + # shellcheck disable=SC2076 + if [[ " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.esp ' ]]; then + _validate_requirements_bootmode_uefi-x64.systemd-boot.esp + elif [[ " ${bootmodes[*]} " =~ ' uefi-x64.grub.esp ' ]]; then + _validate_requirements_bootmode_uefi-x64.grub.esp + else + _msg_error "Validating '${bootmode}': requires one of bootmode uefi-x64.systemd-boot.esp or uefi-x64.grub.esp" 0 + fi } _validate_requirements_bootmode_uefi-ia32.grub.eltorito() { @@ -1107,6 +1220,65 @@ _validate_requirements_bootmode_uefi-ia32.grub.eltorito() { _validate_requirements_bootmode_uefi-ia32.grub.esp } +_validate_requirements_bootmode_uefi-x64.grub.esp() { + # shellcheck disable=SC2076 + if [[ " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.esp ' ]]; then + _msg_error "Validating '${bootmode}': cannot be used with bootmode uefi-x64.systemd-boot.esp!" 0 + fi + + # Check if GRUB is available + if ! command -v grub-mkstandalone &> /dev/null; then + (( validation_error=validation_error+1 )) + _msg_error "Validating '${bootmode}': grub-install is not available on this host. Install 'grub'!" 0 + fi + + # Check if mkfs.fat is available + if ! command -v mkfs.fat &> /dev/null; then + (( validation_error=validation_error+1 )) + _msg_error "Validating '${bootmode}': mkfs.fat is not available on this host. Install 'dosfstools'!" 0 + fi + + # Check if mmd and mcopy are available + if ! { command -v mmd &> /dev/null && command -v mcopy &> /dev/null; }; then + _msg_error "Validating '${bootmode}': mmd and/or mcopy are not available on this host. Install 'mtools'!" 0 + fi + + # Check if GRUB configuration files exist + if [[ ! -d "${profile}/grub" ]]; then + (( validation_error=validation_error+1 )) + _msg_error "Validating '${bootmode}': The '${profile}/grub' directory is missing!" 0 + else + if [[ ! -e "${profile}/grub/grub.cfg" ]]; then + (( validation_error=validation_error+1 )) + _msg_error "Validating '${bootmode}': File '${profile}/grub/grub.cfg' not found!" 0 + fi + local conffile + for conffile in "${profile}/grub/"*'.cfg'; do + if [[ -e "${conffile}" ]]; then + break + else + (( validation_error=validation_error+1 )) + _msg_error "Validating '${bootmode}': No configuration file found in '${profile}/grub/'!" 0 + fi + done + fi + + # Check for optional packages + # shellcheck disable=SC2076 + if [[ ! " ${pkg_list[*]} " =~ ' edk2-shell ' ]]; then + _msg_info "'edk2-shell' is not in the package list. The ISO will not contain a bootable UEFI shell." + fi +} + +_validate_requirements_bootmode_uefi-x64.grub.eltorito() { + # shellcheck disable=SC2076 + if [[ " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.eltorito ' ]]; then + _msg_error "Validating '${bootmode}': cannot be used with bootmode uefi-x64.systemd-boot.eltorito!" 0 + fi + # uefi-x64.grub.eltorito has the exact same requirements as uefi-x64.grub.esp + _validate_requirements_bootmode_uefi-x64.grub.esp +} + # Build airootfs filesystem image _prepare_airootfs_image() { local airootfs_size pacstrap_size @@ -1403,17 +1575,20 @@ _add_xorrisofs_options_bios.syslinux.mbr() { # GRUB in an attached EFI system partition _add_xorrisofs_options_uefi-ia32.grub.esp() { + # TODO: how does the bootmodes systemd-boot vs x64.grub affect ${bootmodes[*]} tests in _add_xorrisofs_options_uefi-x64.systemd-boot.esp etc? # shellcheck disable=SC2076 - if [[ ! " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.esp ' ]]; then - _add_xorrisofs_options_uefi-x64.systemd-boot.esp + if [[ ! " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.esp ' && ! " ${bootmodes[*]} " =~ ' uefi-x64.grub.esp ' ]]; then + # _add_xorrisofs_options_uefi-x64.systemd-boot.esp + _add_xorrisofs_options_uefi-x64.grub.esp fi } # GRUB via El Torito _add_xorrisofs_options_uefi-ia32.grub.eltorito() { # shellcheck disable=SC2076 - if [[ ! " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.eltorito ' ]]; then - _add_xorrisofs_options_uefi-x64.systemd-boot.eltorito + if [[ ! " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.eltorito ' && ! " ${bootmodes[*]} " =~ ' uefi-x64.grub.eltorito ' ]]; then + # _add_xorrisofs_options_uefi-x64.systemd-boot.eltorito + _add_xorrisofs_options_uefi-x64.grub.eltorito fi } @@ -1490,6 +1665,78 @@ _add_xorrisofs_options_uefi-x64.systemd-boot.eltorito() { [[ " ${bootmodes[*]} " =~ ' bios.' ]] || xorrisofs_options+=('-eltorito-catalog' 'EFI/boot.cat') } +# GRUB in an attached EFI system partition. +# Same as _add_xorrisofs_options_uefi-x64.systemd-boot.esp. +_add_xorrisofs_options_uefi-x64.grub.esp() { + # Move the first partition away from the start of the ISO, otherwise the GPT will not be valid and ISO 9660 + # partition will not be mountable + # shellcheck disable=SC2076 + [[ " ${xorrisofs_options[*]} " =~ ' -partition_offset ' ]] || xorrisofs_options+=('-partition_offset' '16') + # Attach efiboot.img as a second partition and set its partition type to "EFI system partition" + xorrisofs_options+=('-append_partition' '2' 'C12A7328-F81F-11D2-BA4B-00A0C93EC93B' "${work_dir}/efiboot.img") + # Ensure GPT is used as some systems do not support UEFI booting without it + # shellcheck disable=SC2076 + if [[ " ${bootmodes[*]} " =~ ' bios.syslinux.mbr ' ]]; then + # A valid GPT prevents BIOS booting on some systems, instead use an invalid GPT (without a protective MBR). + # The attached partition will have the EFI system partition type code in MBR, but in the invalid GPT it will + # have a Microsoft basic partition type code. + if [[ ! " ${bootmodes[*]} " =~ ' uefi-x64.grub.eltorito ' && ! " ${bootmodes[*]} " =~ ' uefi-ia32.grub.eltorito ' ]]; then + # If '-isohybrid-gpt-basdat' is specified before '-e', then the appended EFI system partition will have the + # EFI system partition type ID/GUID in both MBR and GPT. If '-isohybrid-gpt-basdat' is specified after '-e', + # the appended EFI system partition will have the Microsoft basic data type GUID in GPT. + if [[ ! " ${xorrisofs_options[*]} " =~ ' -isohybrid-gpt-basdat ' ]]; then + xorrisofs_options+=('-isohybrid-gpt-basdat') + fi + fi + else + # Use valid GPT if BIOS booting support will not be required + xorrisofs_options+=('-appended_part_as_gpt') + fi +} + +# GRUB via El Torito +# Same as _add_xorrisofs_options_uefi-x64.systemd-boot.eltorito. +_add_xorrisofs_options_uefi-x64.grub.eltorito() { + # shellcheck disable=SC2076 + if [[ " ${bootmodes[*]} " =~ ' uefi-x64.grub.esp ' || " ${bootmodes[*]} " =~ ' uefi-ia32.grub.esp ' ]]; then + # grub in an attached EFI system partition via El Torito + xorrisofs_options+=( + # Start a new El Torito boot entry for UEFI + '-eltorito-alt-boot' + # Set the second partition as the El Torito UEFI boot image + '-e' '--interval:appended_partition_2:all::' + # Boot image is not emulating floppy or hard disk; required for all known boot loaders + '-no-emul-boot' + ) + # A valid GPT prevents BIOS booting on some systems, use an invalid GPT instead. + if [[ " ${bootmodes[*]} " =~ ' bios.syslinux.mbr ' ]]; then + # If '-isohybrid-gpt-basdat' is specified before '-e', then the appended EFI system partition will have the + # EFI system partition type ID/GUID in both MBR and GPT. If '-isohybrid-gpt-basdat' is specified after '-e', + # the appended EFI system partition will have the Microsoft basic data type GUID in GPT. + if [[ ! " ${xorrisofs_options[*]} " =~ ' -isohybrid-gpt-basdat ' ]]; then + xorrisofs_options+=('-isohybrid-gpt-basdat') + fi + fi + else + # The ISO will not contain a GPT partition table, so to be able to reference efiboot.img, place it as a + # file inside the ISO 9660 file system + install -d -m 0755 -- "${isofs_dir}/EFI/archiso" + cp -a -- "${work_dir}/efiboot.img" "${isofs_dir}/EFI/archiso/efiboot.img" + # grub in an embedded efiboot.img via El Torito + xorrisofs_options+=( + # Start a new El Torito boot entry for UEFI + '-eltorito-alt-boot' + # Set efiboot.img as the El Torito UEFI boot image + '-e' 'EFI/archiso/efiboot.img' + # Boot image is not emulating floppy or hard disk; required for all known boot loaders + '-no-emul-boot' + ) + fi + # Specify where to save the El Torito boot catalog file in case it is not already set by bios.syslinux.eltorito + # shellcheck disable=SC2076 + [[ " ${bootmodes[*]} " =~ ' bios.' ]] || xorrisofs_options+=('-eltorito-catalog' 'EFI/boot.cat') +} + # Build bootstrap image _build_bootstrap_image() { local _bootstrap_parent diff --git a/configs/baseline/grub/grub.cfg b/configs/baseline/grub/grub.cfg index c2086429..1a886862 100644 --- a/configs/baseline/grub/grub.cfg +++ b/configs/baseline/grub/grub.cfg @@ -1,12 +1,12 @@ +# Load partition table and file system modules insmod part_gpt insmod part_msdos insmod fat insmod iso9660 +# Use graphics-mode output insmod all_video - insmod font - if loadfont "${prefix}/fonts/unicode.pf2" ; then insmod gfxterm set gfxmode="auto" @@ -14,14 +14,28 @@ if loadfont "${prefix}/fonts/unicode.pf2" ; then terminal_output gfxterm fi -menuentry "Arch Linux (x86_64, UEFI)" { +# Enable serial console +if serial --unit=0 --speed=115200; then + terminal_input --append serial + terminal_output --append serial +fi + +# Set default menu entry +default=archlinux +timeout=15 +timeout_style=menu + + +# Menu entries + +menuentry "Arch Linux (x86_64, UEFI)" --class arch --class gnu-linux --class gnu --class os --id 'archlinux' { set gfxpayload=keep search --no-floppy --set=root --fs-uuid %ARCHISO_UUID% linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% archisouuid=%ARCHISO_UUID% %CRYPTO_PARAMS% initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img } -menuentry "Arch Linux (x86_64, UEFI) Copy to RAM" { +menuentry "Arch Linux (x86_64, UEFI) Copy to RAM" --class arch --class gnu-linux --class gnu --class os --id 'archlinux-copy-to-ram' { set gfxpayload=keep search --no-floppy --set=root --fs-uuid %ARCHISO_UUID% linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% archisouuid=%ARCHISO_UUID% %CRYPTO_PARAMS% copytoram diff --git a/configs/baseline/profiledef.sh b/configs/baseline/profiledef.sh index 2ee220fc..4c8e2e8d 100644 --- a/configs/baseline/profiledef.sh +++ b/configs/baseline/profiledef.sh @@ -19,9 +19,9 @@ pacman_conf="pacman.conf" airootfs_image_type="erofs" airootfs_image_tool_options=('-zlz4hc,12' -E ztailpacking) encryption_key="auto" -persistent_size=20000 +persistent_size=10000 keys_image_type="erofs" -keys_image_tool_options=('-zlz4hc,12') +keys_image_tool_options=('-zlz4hc,12' -E ztailpacking) file_permissions=( ["/etc/shadow"]="0:0:400" ) diff --git a/configs/releng/grub/grub.cfg b/configs/releng/grub/grub.cfg index b573ceb3..7abfe72e 100644 --- a/configs/releng/grub/grub.cfg +++ b/configs/releng/grub/grub.cfg @@ -1,12 +1,12 @@ +# Load partition table and file system modules insmod part_gpt insmod part_msdos insmod fat insmod iso9660 +# Use graphics-mode output insmod all_video - insmod font - if loadfont "${prefix}/fonts/unicode.pf2" ; then insmod gfxterm set gfxmode="auto" @@ -14,33 +14,62 @@ if loadfont "${prefix}/fonts/unicode.pf2" ; then terminal_output gfxterm fi +# Enable serial console +if serial --unit=0 --speed=115200; then + terminal_input --append serial + terminal_output --append serial +fi + +# Set default menu entry +default=archlinux +timeout=15 +timeout_style=menu + # GRUB init tune for accessibility -# -# Morse translation table: -# "." is "500 1 300 1" -# "-" is "600 3 300 1" -# " " is "100 2" -# "/" is "100 5" -# -# Message: "s for blind" -play 500 500 1 300 1 500 1 300 1 500 1 300 1 100 5 500 1 300 1 500 1 300 1 100 2 500 1 300 1 500 1 300 1 600 3 300 1 500 1 300 1 100 5 600 3 300 1 500 1 300 1 500 1 300 1 500 1 300 1 100 2 500 1 300 1 600 3 300 1 500 1 300 1 500 1 300 1 100 2 500 1 300 1 500 1 300 1 100 2 500 1 300 1 500 1 300 1 100 2 600 3 300 1 500 1 300 1 100 2 600 3 300 1 500 1 300 1 500 1 300 1 - -menuentry "Arch Linux install medium (x86_64, UEFI)" { +play 600 988 1 1319 4 + +# Menu entries + +menuentry "Arch Linux install medium (x86_64, UEFI)" --class arch --class gnu-linux --class gnu --class os --id 'archlinux' { set gfxpayload=keep search --no-floppy --set=root --fs-uuid %ARCHISO_UUID% linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% archisouuid=%ARCHISO_UUID% %CRYPTO_PARAMS% initrd /%INSTALL_DIR%/boot/intel-ucode.img /%INSTALL_DIR%/boot/amd-ucode.img /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img } -menuentry "Arch Linux install medium with speakup screen reader (x86_64, UEFI)" --hotkey=s { +menuentry "Arch Linux install medium with speakup screen reader (x86_64, UEFI)" --hotkey s --class arch --class gnu-linux --class gnu --class os --id 'archlinux-accessibility' { set gfxpayload=keep search --no-floppy --set=root --fs-uuid %ARCHISO_UUID% linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% archisouuid=%ARCHISO_UUID% %CRYPTO_PARAMS% accessibility=on initrd /%INSTALL_DIR%/boot/intel-ucode.img /%INSTALL_DIR%/boot/amd-ucode.img /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img } -menuentry "UEFI Shell" { - insmod chain - search --no-floppy --set=root --fs-uuid %ARCHISO_UUID% - chainloader /shellia32.efi +if [ "${grub_platform}" == "efi" ]; then + if [ "${grub_cpu}" == "x86_64" ]; then + menuentry "UEFI Shell" { + insmod chain + search --no-floppy --set=root --fs-uuid %ARCHISO_UUID% + chainloader /shellx64.efi + } + elif [ "${grub_cpu}" == "i386" ]; then + menuentry "UEFI Shell" { + insmod chain + search --no-floppy --set=root --fs-uuid %ARCHISO_UUID% + chainloader /shellia32.efi + } + fi + + menuentry 'UEFI Firmware Settings' --id 'uefi-firmware' { + fwsetup + } +fi + +menuentry "System shutdown" --class shutdown --class poweroff { + echo "System shutting down..." + halt +} + +menuentry "System restart" --class reboot --class restart { + echo "System rebooting..." + reboot } diff --git a/configs/releng/profiledef.sh b/configs/releng/profiledef.sh index 4bfa8cf0..80529180 100644 --- a/configs/releng/profiledef.sh +++ b/configs/releng/profiledef.sh @@ -17,7 +17,7 @@ bootmodes=('bios.syslinux.mbr' arch="x86_64" pacman_conf="pacman.conf" airootfs_image_type="erofs" -airootfs_image_tool_options=('-zlz4hc,12') +airootfs_image_tool_options=('-zlz4hc,12' -E ztailpacking) encryption_key="auto" keys_image_type="erofs" keys_image_tool_options=('-zlz4hc,12') diff --git a/docs/README.profile.rst b/docs/README.profile.rst index e1fec7ba..00feb7e3 100644 --- a/docs/README.profile.rst +++ b/docs/README.profile.rst @@ -49,6 +49,8 @@ The image file is constructed from some of the variables in ``profiledef.sh``: ` - ``bios.syslinux.eltorito``: Syslinux for x86 BIOS booting from an optical disc - ``uefi-ia32.grub.esp``: GRUB for IA32 UEFI booting from a disk - ``uefi-ia32.grub.eltorito``: GRUB for IA32 UEFI booting from an optical disc + - ``uefi-x64.grub.esp``: GRUB for x86_64 UEFI booting from a disk + - ``uefi-x64.grub.eltorito``: GRUB for x86_64 UEFI booting from an optical disc - ``uefi-x64.systemd-boot.esp``: systemd-boot for x86_64 UEFI booting from a disk - ``uefi-x64.systemd-boot.eltorito``: systemd-boot for x86_64 UEFI booting from an optical disc Note that BIOS El Torito boot mode must always be listed before UEFI El Torito boot mode. @@ -180,7 +182,12 @@ The *custom template identifiers* are understood in all `.cfg` files in this dir grub ---- -This directory is mandatory when the ``uefi-ia32.grub.esp`` or ``uefi-ia32.grub.eltorito`` bootmodes are selected in -``profiledef.sh``. +This directory is mandatory when any of the following bootmodes is used in ``profiledef.sh``: + +- ``uefi-ia32.grub.esp`` or +- ``uefi-ia32.grub.eltorito`` or +- ``uefi-x64.grub.esp`` or +- ``uefi-x64.grub.eltorito`` + It contains configuration files for `GRUB `_ used in the resulting image. -- GitLab From 7e3f28ba04db6c09f5b866b677a0ce651c8f4156 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Thu, 7 Jul 2022 14:16:37 +0000 Subject: [PATCH 176/347] min 50MB for luks --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 6d4b3ffd..bc5379f7 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -485,7 +485,7 @@ _mkpersistent_ext4+luks() { persistent_guid="CA7D7CCB-63ED-4C53-861C-1742536059CC" _run_mkluks "${image_path}" "${persistent_size}" \ "${iso_label}_PERSISTENT" "${encryption_key}" "false" "${luks_uuid}" - _run_mkext4 "${persistent_dir}" $((persistent_size - 1000)) "${persistent_epoch}" + _run_mkext4 "${persistent_dir}" $((persistent_size - 50000)) "${persistent_epoch}" dd if="${persistent_dir}.img" of="${image_device}" sync _close_luks_device "${image_device}" -- GitLab From f44c88ac8d9567ab1d77f01cc38f7b63455aaeaf Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Thu, 7 Jul 2022 14:41:28 +0000 Subject: [PATCH 177/347] in percentage --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index bc5379f7..4c5e2965 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -485,7 +485,7 @@ _mkpersistent_ext4+luks() { persistent_guid="CA7D7CCB-63ED-4C53-861C-1742536059CC" _run_mkluks "${image_path}" "${persistent_size}" \ "${iso_label}_PERSISTENT" "${encryption_key}" "false" "${luks_uuid}" - _run_mkext4 "${persistent_dir}" $((persistent_size - 50000)) "${persistent_epoch}" + _run_mkext4 "${persistent_dir}" $((persistent_size * (95/100))) "${persistent_epoch}" dd if="${persistent_dir}.img" of="${image_device}" sync _close_luks_device "${image_device}" -- GitLab From 2439d7dd05a29038f9fdc93110ed765e2c1691bf Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Thu, 7 Jul 2022 14:42:33 +0000 Subject: [PATCH 178/347] in percentage --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 4c5e2965..8178ba11 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -485,7 +485,7 @@ _mkpersistent_ext4+luks() { persistent_guid="CA7D7CCB-63ED-4C53-861C-1742536059CC" _run_mkluks "${image_path}" "${persistent_size}" \ "${iso_label}_PERSISTENT" "${encryption_key}" "false" "${luks_uuid}" - _run_mkext4 "${persistent_dir}" $((persistent_size * (95/100))) "${persistent_epoch}" + _run_mkext4 "${persistent_dir}" $(((persistent_size * 95)/100)) "${persistent_epoch}" dd if="${persistent_dir}.img" of="${image_device}" sync _close_luks_device "${image_device}" -- GitLab From e21bb2e679367e76e19bbbde3b3e22f2092bc684 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Thu, 7 Jul 2022 15:47:05 +0000 Subject: [PATCH 179/347] no persistent guid if running after that stage otherwise --- archiso/mkarchiso | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 8178ba11..b76f4c5e 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1601,6 +1601,11 @@ _add_xorrisofs_options_uefi-x64.systemd-boot.esp() { # Attach efiboot.img as a second partition and set its partition type to "EFI system partition" xorrisofs_options+=('-append_partition' '2' 'C12A7328-F81F-11D2-BA4B-00A0C93EC93B' "${efibootimg}") if [ "${persistent_size}" != "" ]; then + if [[ ! "${persistent_image_type}" == *"luks"* ]]; then + persistent_guid="CA7D7CCB-63ED-4C53-861C-1742536059CC" + else + persistent_guid="0FC63DAF-8483-4772-8E79-3D69D8477DE4" + fi xorrisofs_options+=('-append_partition' '3' "${persistent_guid}" "${persistentimg}") fi # Ensure GPT is used as some systems do not support UEFI booting without it -- GitLab From 785b46fac15dbe4af4078936411863a4b6ae9621 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sat, 9 Jul 2022 07:37:07 +0000 Subject: [PATCH 180/347] gracefully exit from dd fail --- archiso/mkarchiso | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index b76f4c5e..f40575f5 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -485,8 +485,8 @@ _mkpersistent_ext4+luks() { persistent_guid="CA7D7CCB-63ED-4C53-861C-1742536059CC" _run_mkluks "${image_path}" "${persistent_size}" \ "${iso_label}_PERSISTENT" "${encryption_key}" "false" "${luks_uuid}" - _run_mkext4 "${persistent_dir}" $(((persistent_size * 95)/100)) "${persistent_epoch}" - dd if="${persistent_dir}.img" of="${image_device}" + _run_mkext4 "${persistent_dir}" $(((persistent_size * 95) / 100)) "${persistent_epoch}" + dd if="${persistent_dir}.img" of="${image_device}" || _close_luks_device "${image_device}" && exit sync _close_luks_device "${image_device}" _msg_info "Done!" -- GitLab From 5000ff8cdf81d1abb8218ae76366c069953a8180 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sat, 9 Jul 2022 08:04:58 +0000 Subject: [PATCH 181/347] better luks internal partitions handling --- archiso/mkarchiso | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index f40575f5..b324d5d7 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -334,7 +334,7 @@ _mkairootfs_common() { # Save the squashfs image on the ISO 9660 file system. _mkairootfs_ext4+squashfs() { _mkairootfs_common - _run_mkext4 "${pacstrap_dir}" $((airootfs_size - 50000)) "${SOURCE_DATE_EPOCH}" + _run_mkext4 "${pacstrap_dir}" "$(_get_internal_size "${airootfs_size}")" "${SOURCE_DATE_EPOCH}" _run_mksquashfs "${pacstrap_dir}.img" "${image_path}" _msg_info "Done!" rm -- "${pacstrap_dir}.img" @@ -347,7 +347,7 @@ _mkairootfs_ext4+squashfs+luks() { _mkluks_common _run_mkluks "${image_path}" "${airootfs_size}" \ "${iso_label}" "${encryption_key}" "true" "${luks_uuid}" - _run_mkext4 "${pacstrap_dir}" $((airootfs_size - 50000)) "${SOURCE_DATE_EPOCH}" + _run_mkext4 "${pacstrap_dir}" "$(_get_internal_size "${airootfs_size}")" "${SOURCE_DATE_EPOCH}" _run_mksquashfs "${pacstrap_dir}.img" "${image_device}" sync _close_luks_device "${image_device}" @@ -406,7 +406,7 @@ _mkkeys_common() { # Save the squashfs image on the ISO 9660 file system. _mkkeys_ext4+squashfs() { _mkkeys_common - _run_mkext4 "${keys_dir}" $((keys_size - 50000)) "${keys_epoch}" + _run_mkext4 "${keys_dir}" "$(_get_internal_size "${keys_size}")" "${keys_epoch}" _run_mksquashfs "${keys_dir}.img" "${image_path}" _msg_info "Done!" rm -- "${keys_dir}.img" @@ -418,7 +418,7 @@ _mkkeys_ext4+squashfs+luks() { _mkkeys_common _run_mkluks "${image_path}" "${keys_size}" \ "${iso_label}_KEYS" "" "true" "${luks_uuid}" - _run_mkext4 "${keys_dir}" $((keys_size - 50000)) "${keys_epoch}" + _run_mkext4 "${keys_dir}" "$(_get_internal_size "${keys_size}")" "${keys_epoch}" _run_mksquashfs "${keys_dir}.img" "${image_device}" sync _close_luks_device "${image_device}" @@ -479,13 +479,25 @@ _mkpersistent_ext4() { _msg_info "Done!" } +_get_internal_size() { + local _size="${1}" + if [[ "${_size}" -lt 200000 ]]; then + ratio=85 + elif [[ "${_size}" -gt 200000 ]] && [[ "${_size}" -lt 1000000 ]]; then + ratio=90 + else + ratio=99 + fi + echo $(((_size * ratio)/100)) +} + # Create an ext4 fs inside a LUKS container to be used as the persistent ISO partition. _mkpersistent_ext4+luks() { _mkpersistent_common persistent_guid="CA7D7CCB-63ED-4C53-861C-1742536059CC" _run_mkluks "${image_path}" "${persistent_size}" \ "${iso_label}_PERSISTENT" "${encryption_key}" "false" "${luks_uuid}" - _run_mkext4 "${persistent_dir}" $(((persistent_size * 95) / 100)) "${persistent_epoch}" + _run_mkext4 "${persistent_dir}" "$(_get_internal_size "${persistent_size}")" "${persistent_epoch}" dd if="${persistent_dir}.img" of="${image_device}" || _close_luks_device "${image_device}" && exit sync _close_luks_device "${image_device}" -- GitLab From a3e3c79ebf6bcb74715172f7bdf7fb77e03f4644 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sat, 9 Jul 2022 08:06:35 +0000 Subject: [PATCH 182/347] better luks internal partitions handling --- archiso/mkarchiso | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index b324d5d7..b6b8462f 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -481,7 +481,9 @@ _mkpersistent_ext4() { _get_internal_size() { local _size="${1}" - if [[ "${_size}" -lt 200000 ]]; then + if [[ "${_size}" -lt 50000 ]]; then + ratio=75 + elif [[ "${_size}" -gt 50000 ]] && [[ "${_size}" -lt 200000 ]]; then ratio=85 elif [[ "${_size}" -gt 200000 ]] && [[ "${_size}" -lt 1000000 ]]; then ratio=90 -- GitLab From 35981a1dd24c6ff53200a6e50a3b8a333f4433ab Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sat, 9 Jul 2022 08:12:05 +0000 Subject: [PATCH 183/347] better nested partitions handling --- archiso/mkarchiso | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index b6b8462f..fb4c5be1 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -482,9 +482,9 @@ _mkpersistent_ext4() { _get_internal_size() { local _size="${1}" if [[ "${_size}" -lt 50000 ]]; then - ratio=75 + ratio=70 elif [[ "${_size}" -gt 50000 ]] && [[ "${_size}" -lt 200000 ]]; then - ratio=85 + ratio=75 elif [[ "${_size}" -gt 200000 ]] && [[ "${_size}" -lt 1000000 ]]; then ratio=90 else -- GitLab From 5f60a9d2568070f46df589cb9caded7c17400b6a Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sat, 9 Jul 2022 08:15:24 +0000 Subject: [PATCH 184/347] remove dd warn --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index fb4c5be1..20c47fd8 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -500,7 +500,7 @@ _mkpersistent_ext4+luks() { _run_mkluks "${image_path}" "${persistent_size}" \ "${iso_label}_PERSISTENT" "${encryption_key}" "false" "${luks_uuid}" _run_mkext4 "${persistent_dir}" "$(_get_internal_size "${persistent_size}")" "${persistent_epoch}" - dd if="${persistent_dir}.img" of="${image_device}" || _close_luks_device "${image_device}" && exit + dd if="${persistent_dir}.img" of="${image_device}" sync _close_luks_device "${image_device}" _msg_info "Done!" -- GitLab From 9bb6e21d2d5ee1b8a6c8d263cfcd4633b70da399 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sat, 9 Jul 2022 08:38:15 +0000 Subject: [PATCH 185/347] typo --- archiso/mkarchiso | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 20c47fd8..86095ac6 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -479,20 +479,6 @@ _mkpersistent_ext4() { _msg_info "Done!" } -_get_internal_size() { - local _size="${1}" - if [[ "${_size}" -lt 50000 ]]; then - ratio=70 - elif [[ "${_size}" -gt 50000 ]] && [[ "${_size}" -lt 200000 ]]; then - ratio=75 - elif [[ "${_size}" -gt 200000 ]] && [[ "${_size}" -lt 1000000 ]]; then - ratio=90 - else - ratio=99 - fi - echo $(((_size * ratio)/100)) -} - # Create an ext4 fs inside a LUKS container to be used as the persistent ISO partition. _mkpersistent_ext4+luks() { _mkpersistent_common @@ -561,6 +547,20 @@ _get_fs_type() { echo "${_no_luks##*"+"}" } +_get_internal_size() { + local _size="${1}" + if [[ "${_size}" -lt 50000 ]]; then + ratio=70 + elif [[ "${_size}" -gt 50000 ]] && [[ "${_size}" -lt 200000 ]]; then + ratio=75 + elif [[ "${_size}" -gt 200000 ]] && [[ "${_size}" -lt 1000000 ]]; then + ratio=90 + else + ratio=99 + fi + echo $(((_size * ratio)/100)) +} + # Helper function to run functions only one time. # $1: function name _run_once() { @@ -855,6 +855,7 @@ _make_efibootimg_grubcfg() { mcopy -i "${efibootimg}" \ "${work_dir}/grub.cfg" ::/EFI/BOOT/grub.cfg } + _make_bootmode_uefi-ia32.grub.esp() { local archiso_uuid TZ=UTC printf -v archiso_uuid '%(%F-%H-%M-%S-00)T' "${SOURCE_DATE_EPOCH}" -- GitLab From 5e65a1252b0adc56f3c8bed4f8d7e8af5316ca10 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sat, 9 Jul 2022 09:29:22 +0000 Subject: [PATCH 186/347] only copy encryption key is luks is enabled --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 86095ac6..b22d2984 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1850,7 +1850,7 @@ _build_iso_image() { _msg_info "Done!" du -h -- "${out_dir}/${image_name}" - if [[ ! " ${buildmodes[*]} " =~ ' keys ' ]]; then + if [[ "${airootfs_image_type}" == *"luks"* ]] && [[ ! " ${buildmodes[*]} " =~ ' keys ' ]]; then cp "${encryption_key}" "${out_dir}" fi -- GitLab From 89993abc8961dd9685ae07494b4ba3dc91142cf7 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 10 Jul 2022 20:49:41 +0000 Subject: [PATCH 187/347] fix typo in ext4 image --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index b22d2984..44962664 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -474,7 +474,7 @@ _mkpersistent_ext4() { _mkpersistent_common persistent_guid="0FC63DAF-8483-4772-8E79-3D69D8477DE4" _run_mkext4 "${persistent_dir}" "${persistent_size}" "${persistent_epoch}" - mv "${persistent_dir}.img" "${image_device}" + mv "${persistent_dir}.img" "${image_path}" sync _msg_info "Done!" } -- GitLab From dabd8c35623ec8901774c8b683e70932392aedc9 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 10 Jul 2022 21:02:44 +0000 Subject: [PATCH 188/347] add label to persistent ext4 partition --- archiso/mkarchiso | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 44962664..cd45e5a7 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -262,6 +262,7 @@ _run_mkext4() { local _image_path="${1}.img" local _size="${2}" local _time="${3}" + local _label="${4}" local ext4_hash_seed mkfs_ext4_options=() local archiso_uuid TZ=UTC printf -v archiso_uuid '%(%F-%H-%M-%S-00)T' "${_time}" @@ -271,6 +272,7 @@ _run_mkext4() { _msg_info "Directory: ${_dir}" _msg_info "Image path: ${_image_path}" _msg_info "UUID: ${archiso_uuid}" + _msg_info "Label: ${_label}" _msg_info "this may take a while..." ext4_hash_seed="$(uuidgen --sha1 --namespace 93a870ff-8565-4cf3-a67b-f47299271a96 \ @@ -283,6 +285,7 @@ _run_mkext4() { '-F' '-U' 'clear' ) + [[ "${_label}" != "" ]] && mkfs_ext4_options+=('-L' "${_label}") [[ ! "${quiet}" == "y" ]] || mkfs_ext4_options+=('-q') rm -f -- "${_image_path}" E2FSPROGS_FAKE_TIME="${_time}" mkfs.ext4 "${mkfs_ext4_options[@]}" -- "${_image_path}" "${_size}K" @@ -473,7 +476,7 @@ _mkpersistent_common() { _mkpersistent_ext4() { _mkpersistent_common persistent_guid="0FC63DAF-8483-4772-8E79-3D69D8477DE4" - _run_mkext4 "${persistent_dir}" "${persistent_size}" "${persistent_epoch}" + _run_mkext4 "${persistent_dir}" "${persistent_size}" "${persistent_epoch}" "${iso_label}_PERSISTENT" mv "${persistent_dir}.img" "${image_path}" sync _msg_info "Done!" -- GitLab From 1294c98cb96acf3cf619e8fe7325af376d74e4a9 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 10 Jul 2022 21:13:32 +0000 Subject: [PATCH 189/347] wrong guid --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index cd45e5a7..2996096e 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1619,7 +1619,7 @@ _add_xorrisofs_options_uefi-x64.systemd-boot.esp() { # Attach efiboot.img as a second partition and set its partition type to "EFI system partition" xorrisofs_options+=('-append_partition' '2' 'C12A7328-F81F-11D2-BA4B-00A0C93EC93B' "${efibootimg}") if [ "${persistent_size}" != "" ]; then - if [[ ! "${persistent_image_type}" == *"luks"* ]]; then + if [[ "${persistent_image_type}" == *"luks"* ]]; then persistent_guid="CA7D7CCB-63ED-4C53-861C-1742536059CC" else persistent_guid="0FC63DAF-8483-4772-8E79-3D69D8477DE4" -- GitLab From b435a7263c86a10c703a45bb2db84f1c1b7d8d57 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 10 Jul 2022 21:33:00 +0000 Subject: [PATCH 190/347] add persistent partition to grub bootmode --- archiso/mkarchiso | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 2996096e..e130451a 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1610,6 +1610,15 @@ _add_xorrisofs_options_uefi-ia32.grub.eltorito() { fi } +_add_xorrisofs_options_persistent_partition() { + if [[ "${persistent_image_type}" == *"luks" ]]; then + persistent_guid="CA7D7CCB-63ED-4C53-861C-1742536059CC" + else + persistent_guid="0FC63DAF-8483-4772-8E79-3D69D8477DE4" + fi + xorrisofs_options+=('-append_partition' '3' "${persistent_guid}" "${persistentimg}") +} + # systemd-boot in an attached EFI system partition _add_xorrisofs_options_uefi-x64.systemd-boot.esp() { # Move the first partition away from the start of the ISO, otherwise the GPT will not be valid and ISO 9660 @@ -1619,12 +1628,7 @@ _add_xorrisofs_options_uefi-x64.systemd-boot.esp() { # Attach efiboot.img as a second partition and set its partition type to "EFI system partition" xorrisofs_options+=('-append_partition' '2' 'C12A7328-F81F-11D2-BA4B-00A0C93EC93B' "${efibootimg}") if [ "${persistent_size}" != "" ]; then - if [[ "${persistent_image_type}" == *"luks"* ]]; then - persistent_guid="CA7D7CCB-63ED-4C53-861C-1742536059CC" - else - persistent_guid="0FC63DAF-8483-4772-8E79-3D69D8477DE4" - fi - xorrisofs_options+=('-append_partition' '3' "${persistent_guid}" "${persistentimg}") + _add_xorrisofs_options_persistent_partition fi # Ensure GPT is used as some systems do not support UEFI booting without it # shellcheck disable=SC2076 @@ -1697,6 +1701,9 @@ _add_xorrisofs_options_uefi-x64.grub.esp() { [[ " ${xorrisofs_options[*]} " =~ ' -partition_offset ' ]] || xorrisofs_options+=('-partition_offset' '16') # Attach efiboot.img as a second partition and set its partition type to "EFI system partition" xorrisofs_options+=('-append_partition' '2' 'C12A7328-F81F-11D2-BA4B-00A0C93EC93B' "${work_dir}/efiboot.img") + if [ "${persistent_size}" != "" ]; then + _add_xorrisofs_options_persistent_partition + fi # Ensure GPT is used as some systems do not support UEFI booting without it # shellcheck disable=SC2076 if [[ " ${bootmodes[*]} " =~ ' bios.syslinux.mbr ' ]]; then -- GitLab From 323c2f088cef8ec353c04ab509cdda9d436d3be9 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Tue, 12 Jul 2022 14:25:05 +0000 Subject: [PATCH 191/347] add optional label to ext4 partition --- archiso/mkarchiso | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index e130451a..863ecc15 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -350,7 +350,7 @@ _mkairootfs_ext4+squashfs+luks() { _mkluks_common _run_mkluks "${image_path}" "${airootfs_size}" \ "${iso_label}" "${encryption_key}" "true" "${luks_uuid}" - _run_mkext4 "${pacstrap_dir}" "$(_get_internal_size "${airootfs_size}")" "${SOURCE_DATE_EPOCH}" + _run_mkext4 "${pacstrap_dir}" "$(_get_internal_size "${airootfs_size}")" "${SOURCE_DATE_EPOCH}" "airootfs" _run_mksquashfs "${pacstrap_dir}.img" "${image_device}" sync _close_luks_device "${image_device}" @@ -409,7 +409,7 @@ _mkkeys_common() { # Save the squashfs image on the ISO 9660 file system. _mkkeys_ext4+squashfs() { _mkkeys_common - _run_mkext4 "${keys_dir}" "$(_get_internal_size "${keys_size}")" "${keys_epoch}" + _run_mkext4 "${keys_dir}" "$(_get_internal_size "${keys_size}")" "${keys_epoch}" "keys" _run_mksquashfs "${keys_dir}.img" "${image_path}" _msg_info "Done!" rm -- "${keys_dir}.img" @@ -421,7 +421,7 @@ _mkkeys_ext4+squashfs+luks() { _mkkeys_common _run_mkluks "${image_path}" "${keys_size}" \ "${iso_label}_KEYS" "" "true" "${luks_uuid}" - _run_mkext4 "${keys_dir}" "$(_get_internal_size "${keys_size}")" "${keys_epoch}" + _run_mkext4 "${keys_dir}" "$(_get_internal_size "${keys_size}")" "${keys_epoch}" "keys" _run_mksquashfs "${keys_dir}.img" "${image_device}" sync _close_luks_device "${image_device}" @@ -488,7 +488,7 @@ _mkpersistent_ext4+luks() { persistent_guid="CA7D7CCB-63ED-4C53-861C-1742536059CC" _run_mkluks "${image_path}" "${persistent_size}" \ "${iso_label}_PERSISTENT" "${encryption_key}" "false" "${luks_uuid}" - _run_mkext4 "${persistent_dir}" "$(_get_internal_size "${persistent_size}")" "${persistent_epoch}" + _run_mkext4 "${persistent_dir}" "$(_get_internal_size "${persistent_size}")" "${persistent_epoch}" "keys" dd if="${persistent_dir}.img" of="${image_device}" sync _close_luks_device "${image_device}" -- GitLab From 2864fac96713df92f334716f6cc0d20ea7bcaaa8 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Tue, 12 Jul 2022 14:28:47 +0000 Subject: [PATCH 192/347] add optional label to ext4 partition --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 863ecc15..53a3c2cf 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -337,7 +337,7 @@ _mkairootfs_common() { # Save the squashfs image on the ISO 9660 file system. _mkairootfs_ext4+squashfs() { _mkairootfs_common - _run_mkext4 "${pacstrap_dir}" "$(_get_internal_size "${airootfs_size}")" "${SOURCE_DATE_EPOCH}" + _run_mkext4 "${pacstrap_dir}" "$(_get_internal_size "${airootfs_size}")" "${SOURCE_DATE_EPOCH}" "airootfs" _run_mksquashfs "${pacstrap_dir}.img" "${image_path}" _msg_info "Done!" rm -- "${pacstrap_dir}.img" -- GitLab From 5eb76186deeb0e2195eee605172ac6c345e2d6e8 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 13 Jul 2022 09:52:22 +0000 Subject: [PATCH 193/347] validation error for keys buildmode --- archiso/mkarchiso | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 53a3c2cf..32d5c5c7 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1504,6 +1504,10 @@ _validate_common_requirements_buildmode_iso_netboot() { } _validate_requirements_buildmode_keys() { + if [[ ! "${airootfs_image_type}" == *"luks" ]]; then + (( validation_error=validation_error+1 )) + _msg_error "An airootfs LUKS image type need to be set to build an USB dongle!" 0 + fi [[ -n "$encryption_key" ]] && _resolve_encryption_key } -- GitLab From 815765545d236e25da09808abdb464acabd04411 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 13 Jul 2022 09:56:15 +0000 Subject: [PATCH 194/347] validation error for keys buildmode --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 32d5c5c7..a9c25a04 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1506,7 +1506,7 @@ _validate_common_requirements_buildmode_iso_netboot() { _validate_requirements_buildmode_keys() { if [[ ! "${airootfs_image_type}" == *"luks" ]]; then (( validation_error=validation_error+1 )) - _msg_error "An airootfs LUKS image type need to be set to build an USB dongle!" 0 + _msg_error "Set a LUKS image type for airootfs to build an USB dongle." 0 fi [[ -n "$encryption_key" ]] && _resolve_encryption_key } -- GitLab From fadded172c79538f7f47bb6aba34216f122c94f7 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 13 Jul 2022 10:01:39 +0000 Subject: [PATCH 195/347] fix profiledef.sh --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index a9c25a04..260a4cab 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1504,7 +1504,7 @@ _validate_common_requirements_buildmode_iso_netboot() { } _validate_requirements_buildmode_keys() { - if [[ ! "${airootfs_image_type}" == *"luks" ]]; then + if [[ "${airootfs_image_type}" != *"luks"* ]]; then (( validation_error=validation_error+1 )) _msg_error "Set a LUKS image type for airootfs to build an USB dongle." 0 fi -- GitLab From e28718ec5629a7d4119404b66cdff9309ae6df8b Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Fri, 15 Jul 2022 15:14:53 +0000 Subject: [PATCH 196/347] reduce percentage --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 260a4cab..212d3d2d 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -557,7 +557,7 @@ _get_internal_size() { elif [[ "${_size}" -gt 50000 ]] && [[ "${_size}" -lt 200000 ]]; then ratio=75 elif [[ "${_size}" -gt 200000 ]] && [[ "${_size}" -lt 1000000 ]]; then - ratio=90 + ratio=85 else ratio=99 fi -- GitLab From bd21ef3c08a9cec3204da98097f08b1d4944903f Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Fri, 15 Jul 2022 15:56:10 +0000 Subject: [PATCH 197/347] update ratio --- archiso/mkarchiso | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 212d3d2d..0556df75 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -557,9 +557,9 @@ _get_internal_size() { elif [[ "${_size}" -gt 50000 ]] && [[ "${_size}" -lt 200000 ]]; then ratio=75 elif [[ "${_size}" -gt 200000 ]] && [[ "${_size}" -lt 1000000 ]]; then - ratio=85 + ratio=80 else - ratio=99 + ratio=80 fi echo $(((_size * ratio)/100)) } -- GitLab From 21be6600c7a0c2c51b5bdd30c6a4e618889749aa Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 17 Jul 2022 09:37:32 +0000 Subject: [PATCH 198/347] forgot kernel params for grub x64; actually kernel parameters should be removed from config files and added to archiso directly --- archiso/mkarchiso | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 0556df75..7a2f6ecb 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -950,8 +950,10 @@ _make_bootmode_uefi-ia32.grub.eltorito() { _make_bootmode_uefi-x64.grub.esp() { # Fill Grub configuration files - sed "s|%ARCHISO_LABEL%|${iso_label}|g; +sed "s|%ARCHISO_LABEL%|${iso_label}|g; + s|%ARCHISO_UUID%|${archiso_uuid}|g; s|%INSTALL_DIR%|${install_dir}|g; + s|%CRYPTO_PARAMS%|$(_get_crypto_params)|g; s|%ARCH%|${arch}|g" \ "${profile}/grub/grub.cfg" > "${work_dir}/grub.cfg" -- GitLab From c9f194210d44bf0560748d8617aa32f90c72476a Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 20 Jul 2022 11:44:20 +0000 Subject: [PATCH 199/347] don't delete machine id when persistent --- archiso/mkarchiso | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 7a2f6ecb..4514951c 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -166,9 +166,13 @@ _cleanup_pacstrap_dir() { # Delete package pacman related files. find "${work_dir}" \( -name '*.pacnew' -o -name '*.pacsave' -o -name '*.pacorig' \) -delete # Create an empty /etc/machine-id - rm -f -- "${pacstrap_dir}/etc/machine-id" - printf '' > "${pacstrap_dir}/etc/machine-id" - + local _machine_id="${pacstrap_dir}/etc/machine-id" + if [[ "${persistent_size}" != "" ]]; then + dbus-uuidgen --ensure="${_machine_id}" + else + rm -f -- "${_machine_id}" + printf '' > "${_machine_id}" + fi _msg_info "Done!" } -- GitLab From f439e5f29fe4cb1da96167419a3d3e4ad779e726 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 20 Jul 2022 12:32:50 +0000 Subject: [PATCH 200/347] update mkarchiso --- archiso/mkarchiso | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 4514951c..b8ffd497 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -562,8 +562,10 @@ _get_internal_size() { ratio=75 elif [[ "${_size}" -gt 200000 ]] && [[ "${_size}" -lt 1000000 ]]; then ratio=80 - else + elif [[ "${_size}" -gt 200000 ]] && [[ "${_size}" -lt 5000000 ]]; then ratio=80 + else + ratio=85 fi echo $(((_size * ratio)/100)) } @@ -991,13 +993,13 @@ EOF _make_efibootimg "$efiboot_imgsize" # Copy grub EFI binary to the default/fallback boot path - mcopy -i "${work_dir}/efiboot.img" \ + mcopy -i "${efibootimg}" \ "${work_dir}/BOOTx64.EFI" ::/EFI/BOOT/BOOTx64.EFI _run_once _make_efibootimg_grubcfg if [[ -e "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" ]]; then - mcopy -i "${work_dir}/efiboot.img" \ + mcopy -i "${efibootimg}" \ "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" ::/shellx64.efi fi @@ -1761,7 +1763,7 @@ _add_xorrisofs_options_uefi-x64.grub.eltorito() { # The ISO will not contain a GPT partition table, so to be able to reference efiboot.img, place it as a # file inside the ISO 9660 file system install -d -m 0755 -- "${isofs_dir}/EFI/archiso" - cp -a -- "${work_dir}/efiboot.img" "${isofs_dir}/EFI/archiso/efiboot.img" + cp -a -- "${efibootimg}" "${isofs_dir}/EFI/archiso/efiboot.img" # grub in an embedded efiboot.img via El Torito xorrisofs_options+=( # Start a new El Torito boot entry for UEFI -- GitLab From 06615c86e773ec59f88adb123a4f7b3d30e5648d Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 10:27:39 +0000 Subject: [PATCH 201/347] I don't like so many functions --- archiso/mkarchiso | 255 +++++++++++++++++++++++++++++++++++----------- 1 file changed, 197 insertions(+), 58 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index b8ffd497..9d589f3b 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -576,6 +576,10 @@ _run_once() { if [[ ! -e "${work_dir}/${run_once_mode}.${1}" ]]; then "$1" touch "${work_dir}/${run_once_mode}.${1}" + else + if [ "${quiet}" == "n" ]; then + _msg_info "Command ${1} already run" + fi fi } @@ -703,25 +707,44 @@ _make_customize_airootfs() { _make_bootmodes() { local bootmode for bootmode in "${bootmodes[@]}"; do - _run_once "_make_bootmode_${bootmode}" + _run_once "_make_bootmode_${bootmode}_iso" + done +} + +# Set up boot loaders +_make_bootmodes_keys() { + local bootmode + for bootmode in "${bootmodes[@]}"; do + _run_once "_make_bootmode_${bootmode}_keys" done } # Copy kernel and initramfs to ISO 9660 _make_boot_on_iso9660() { + _make_boot_on_iso "${isofs_dir}" +} + +# Copy kernel and initramfs to keys ISO 9660 +_make_boot_on_keys() { + _make_boot_on_iso "${keys_isofs_dir}" +} + +# Copy kernel and initramfs to ISO 9660 +_make_boot_on_iso() { + local bootable_dir="${1}" local ucode_image _msg_info "Preparing kernel and initramfs for the ISO 9660 file system..." - install -d -m 0755 -- "${isofs_dir}/${install_dir}/boot/${arch}" - install -m 0644 -- "${pacstrap_dir}/boot/initramfs-"*".img" "${isofs_dir}/${install_dir}/boot/${arch}/" - install -m 0644 -- "${pacstrap_dir}/boot/vmlinuz-"* "${isofs_dir}/${install_dir}/boot/${arch}/" + install -d -m 0755 -- "${bootable_dir}/${install_dir}/boot/${arch}" + install -m 0644 -- "${pacstrap_dir}/boot/initramfs-"*".img" "${bootable_dir}/${install_dir}/boot/${arch}/" + install -m 0644 -- "${pacstrap_dir}/boot/vmlinuz-"* "${bootable_dir}/${install_dir}/boot/${arch}/" for ucode_image in "${ucodes[@]}"; do if [[ -e "${pacstrap_dir}/boot/${ucode_image}" ]]; then - install -m 0644 -- "${pacstrap_dir}/boot/${ucode_image}" "${isofs_dir}/${install_dir}/boot/" + install -m 0644 -- "${pacstrap_dir}/boot/${ucode_image}" "${bootable_dir}/${install_dir}/boot/" if [[ -e "${pacstrap_dir}/usr/share/licenses/${ucode_image%.*}/" ]]; then - install -d -m 0755 -- "${isofs_dir}/${install_dir}/boot/licenses/${ucode_image%.*}/" + install -d -m 0755 -- "${bootable_dir}/${install_dir}/boot/licenses/${ucode_image%.*}/" install -m 0644 -- "${pacstrap_dir}/usr/share/licenses/${ucode_image%.*}/"* \ - "${isofs_dir}/${install_dir}/boot/licenses/${ucode_image%.*}/" + "${bootable_dir}/${install_dir}/boot/licenses/${ucode_image%.*}/" fi fi done @@ -752,8 +775,9 @@ _get_crypto_params() { # Prepare syslinux for booting from MBR (isohybrid) _make_bootmode_bios.syslinux.mbr() { + bootable_dir="${1}" _msg_info "Setting up SYSLINUX for BIOS booting from a disk..." - install -d -m 0755 -- "${isofs_dir}/syslinux" + install -d -m 0755 -- "${bootable_dir}/syslinux" local archiso_uuid TZ=UTC printf -v archiso_uuid '%(%F-%H-%M-%S-00)T' "${SOURCE_DATE_EPOCH}" for _cfg in "${profile}/syslinux/"*.cfg; do @@ -762,47 +786,63 @@ _make_bootmode_bios.syslinux.mbr() { s|%INSTALL_DIR%|${install_dir}|g; s|%CRYPTO_PARAMS%|$(_get_crypto_params)|g; s|%ARCH%|${arch}|g" \ - "${_cfg}" > "${isofs_dir}/syslinux/${_cfg##*/}" + "${_cfg}" > "${bootable_dir}/syslinux/${_cfg##*/}" done if [[ -e "${profile}/syslinux/splash.png" ]]; then - install -m 0644 -- "${profile}/syslinux/splash.png" "${isofs_dir}/syslinux/" + install -m 0644 -- "${profile}/syslinux/splash.png" "${bootable_dir}/syslinux/" fi - install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/"*.c32 "${isofs_dir}/syslinux/" - install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/lpxelinux.0" "${isofs_dir}/syslinux/" - install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/memdisk" "${isofs_dir}/syslinux/" + install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/"*.c32 "${bootable_dir}/syslinux/" + install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/lpxelinux.0" "${bootable_dir}/syslinux/" + install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/memdisk" "${bootable_dir}/syslinux/" _run_once _make_boot_on_iso9660 + _run_once _make_boot_on_keys - if [[ -e "${isofs_dir}/syslinux/hdt.c32" ]]; then - install -d -m 0755 -- "${isofs_dir}/syslinux/hdt" + if [[ -e "${bootable_dir}/syslinux/hdt.c32" ]]; then + install -d -m 0755 -- "${bootable_dir}/syslinux/hdt" if [[ -e "${pacstrap_dir}/usr/share/hwdata/pci.ids" ]]; then gzip -cn9 "${pacstrap_dir}/usr/share/hwdata/pci.ids" > \ - "${isofs_dir}/syslinux/hdt/pciids.gz" + "${bootable_dir}/syslinux/hdt/pciids.gz" fi find "${pacstrap_dir}/usr/lib/modules" -name 'modules.alias' -print -exec gzip -cn9 '{}' ';' -quit > \ - "${isofs_dir}/syslinux/hdt/modalias.gz" + "${bootable_dir}/syslinux/hdt/modalias.gz" fi # Add other aditional/extra files to ${install_dir}/boot/ if [[ -e "${pacstrap_dir}/boot/memtest86+/memtest.bin" ]]; then # rename for PXE: https://wiki.archlinux.org/title/Syslinux#Using_memtest - install -m 0644 -- "${pacstrap_dir}/boot/memtest86+/memtest.bin" "${isofs_dir}/${install_dir}/boot/memtest" - install -d -m 0755 -- "${isofs_dir}/${install_dir}/boot/licenses/memtest86+/" + install -m 0644 -- "${pacstrap_dir}/boot/memtest86+/memtest.bin" "${bootable_dir}/${install_dir}/boot/memtest" + install -d -m 0755 -- "${bootable_dir}/${install_dir}/boot/licenses/memtest86+/" install -m 0644 -- "${pacstrap_dir}/usr/share/licenses/common/GPL2/license.txt" \ - "${isofs_dir}/${install_dir}/boot/licenses/memtest86+/" + "${bootable_dir}/${install_dir}/boot/licenses/memtest86+/" fi _msg_info "Done! SYSLINUX set up for BIOS booting from a disk successfully." } +_make_bootmode_bios.syslinux.mbr_iso() { + _make_bootmode_bios.syslinux.mbr "${isofs_dir}" +} + +_make_bootmode_bios.syslinux.mbr_keys() { + _make_bootmode_bios.syslinux.mbr "${keys_isofs_dir}" +} +_make_bootmode_bios.syslinux.eltorito_iso() { + _make_bootmode_bios.syslinux.eltorito "${isofs_dir}" + _run_once _make_bootmode_bios.syslinux.mbr_iso +} + +_make_bootmode_bios.syslinux.eltorito_keys() { + _make_bootmode_bios.syslinux.eltorito "${keys_isofs_dir}" + _run_once _make_bootmode_bios.syslinux.mbr_keys +} + # Prepare syslinux for El-Torito booting _make_bootmode_bios.syslinux.eltorito() { + local bootable_dir="${1}" _msg_info "Setting up SYSLINUX for BIOS booting from an optical disc..." - install -d -m 0755 -- "${isofs_dir}/syslinux" - install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/isolinux.bin" "${isofs_dir}/syslinux/" - install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/isohdpfx.bin" "${isofs_dir}/syslinux/" - - # ISOLINUX and SYSLINUX installation is shared - _run_once _make_bootmode_bios.syslinux.mbr + install -d -m 0755 -- "${bootable_dir}/syslinux" + install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/isolinux.bin" "${bootable_dir}/syslinux/" + install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/isohdpfx.bin" "${bootable_dir}/syslinux/" _msg_info "Done! SYSLINUX set up for BIOS booting from an optical disc successfully." } @@ -865,6 +905,15 @@ _make_efibootimg_grubcfg() { "${work_dir}/grub.cfg" ::/EFI/BOOT/grub.cfg } + +_make_bootmode_uefi-ia32.grub.esp_keys() { + _make_bootmode_uefi-ia32.grub.esp +} + +_make_bootmode_uefi-ia32.grub.esp_iso() { + _make_bootmode_uefi-ia32.grub.esp +} + _make_bootmode_uefi-ia32.grub.esp() { local archiso_uuid TZ=UTC printf -v archiso_uuid '%(%F-%H-%M-%S-00)T' "${SOURCE_DATE_EPOCH}" @@ -926,8 +975,17 @@ EOF _msg_info "Done! GRUB set up for UEFI booting successfully." } +_make_bootmode_uefi-ia32.grub.eltorito_iso() { + _make_bootmode_uefi-ia32.grub.eltorito "${isofs_dir}" +} + +_make_bootmode_uefi-ia32.grub.eltorito_keys() { + _make_bootmode_uefi-ia32.grub.eltorito "${keys_isofs_dir}" +} + # Prepare GRUB for El Torito booting _make_bootmode_uefi-ia32.grub.eltorito() { + local bootable_dir="${1}" # El Torito UEFI boot requires an image containing the EFI system partition. # uefi-ia32.grub.eltorito has the same requirements as uefi-ia32.grub.esp _run_once _make_bootmode_uefi-ia32.grub.esp @@ -936,24 +994,32 @@ _make_bootmode_uefi-ia32.grub.eltorito() { # manual partitioning and simply copying the ISO 9660 file system contents. # This is not related to El Torito booting and no firmware uses these files. _msg_info "Preparing an /EFI directory for the ISO 9660 file system..." - install -d -m 0755 -- "${isofs_dir}/EFI/BOOT" + install -d -m 0755 -- "${bootable_dir}/EFI/BOOT" # Copy GRUB EFI binary to the default/fallback boot path install -m 0644 -- "${work_dir}/BOOTIA32.EFI" \ - "${isofs_dir}/EFI/BOOT/BOOTIA32.EFI" + "${bootable_dir}/EFI/BOOT/BOOTIA32.EFI" # Copy GRUB configuration files - install -m 0644 -- "${work_dir}/grub.cfg" "${isofs_dir}/EFI/BOOT/grub.cfg" + install -m 0644 -- "${work_dir}/grub.cfg" "${bootable_dir}/EFI/BOOT/grub.cfg" # edk2-shell based UEFI shell if [[ -e "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi" ]]; then install -m 0644 -- "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi" \ - "${isofs_dir}/shellia32.efi" + "${bootable_dir}/shellia32.efi" fi _msg_info "Done!" } +_make_bootmode_uefi-x64.grub.esp_iso() { + _make_bootmode_uefi-x64.grub.esp +} + +_make_bootmode_uefi-x64.grub.esp_keys() { + _make_bootmode_uefi-x64.grub.esp +} + _make_bootmode_uefi-x64.grub.esp() { # Fill Grub configuration files sed "s|%ARCHISO_LABEL%|${iso_label}|g; @@ -1006,8 +1072,17 @@ EOF _msg_info "Done! GRUB set up for UEFI booting successfully." } +_make_bootmode_uefi-x64.grub.eltorito_iso() { + _make_bootmode_uefi-x64.grub.eltorito "${isofs_dir}" +} + +_make_bootmode_uefi-x64.grub.eltorito_keys() { + _make_bootmode_uefi-x64.grub.eltorito "${keys_isofs_dir}" +} + # Prepare GRUB for El Torito booting _make_bootmode_uefi-x64.grub.eltorito() { + local bootable_dir="${1}" # El Torito UEFI boot requires an image containing the EFI system partition. # uefi-x64.grub.eltorito has the same requirements as uefi-x64.grub.esp _run_once _make_bootmode_uefi-x64.grub.esp @@ -1016,23 +1091,31 @@ _make_bootmode_uefi-x64.grub.eltorito() { # manual partitioning and simply copying the ISO 9660 file system contents. # This is not related to El Torito booting and no firmware uses these files. _msg_info "Preparing an /EFI directory for the ISO 9660 file system..." - install -d -m 0755 -- "${isofs_dir}/EFI/BOOT" + install -d -m 0755 -- "${bootable_dir}/EFI/BOOT" # Copy GRUB EFI binary to the default/fallback boot path install -m 0644 -- "${work_dir}/BOOTx64.EFI" \ - "${isofs_dir}/EFI/BOOT/BOOTx64.EFI" + "${bootable_dir}/EFI/BOOT/BOOTx64.EFI" # Copy GRUB configuration files - install -m 0644 -- "${work_dir}/grub.cfg" "${isofs_dir}/EFI/BOOT" + install -m 0644 -- "${work_dir}/grub.cfg" "${bootable_dir}/EFI/BOOT" # edk2-shell based UEFI shell if [[ -e "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" ]]; then - install -m 0644 -- "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" "${isofs_dir}/shellx64.efi" + install -m 0644 -- "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" "${bootable_dir}/shellx64.efi" fi _msg_info "Done!" } +_make_bootmode_uefi-x64.systemd-boot.esp_iso() { + _make_bootmode_uefi-x64.systemd-boot.esp +} + +_make_bootmode_uefi-x64.systemd-boot.esp_keys() { + _make_bootmode_uefi-x64.systemd-boot.esp +} + # Prepare systemd-boot for booting when written to a disk (isohybrid) _make_bootmode_uefi-x64.systemd-boot.esp() { local _file efiboot_imgsize @@ -1087,8 +1170,19 @@ _make_bootmode_uefi-x64.systemd-boot.esp() { _msg_info "Done! systemd-boot set up for UEFI booting successfully." } +# Prepare systemd-boot for El Torito booting +_make_bootmode_uefi-x64.systemd-boot.eltorito_iso() { + _make_bootmode_uefi-x64.systemd-boot.eltorito "${isofs_dir}" +} + +# Prepare systemd-boot for El Torito booting +_make_bootmode_uefi-x64.systemd-boot.eltorito_keys() { + _make_bootmode_uefi-x64.systemd-boot.eltorito "${keys_isofs_dir}" +} + # Prepare systemd-boot for El Torito booting _make_bootmode_uefi-x64.systemd-boot.eltorito() { + local bootable_dir="${1}" # El Torito UEFI boot requires an image containing the EFI system partition. # uefi-x64.systemd-boot.eltorito has the same requirements as uefi-x64.systemd-boot.esp _run_once _make_bootmode_uefi-x64.systemd-boot.esp @@ -1097,15 +1191,15 @@ _make_bootmode_uefi-x64.systemd-boot.eltorito() { # manual partitioning and simply copying the ISO 9660 file system contents. # This is not related to El Torito booting and no firmware uses these files. _msg_info "Preparing an /EFI directory for the ISO 9660 file system..." - install -d -m 0755 -- "${isofs_dir}/EFI/BOOT" + install -d -m 0755 -- "${bootable_dir}/EFI/BOOT" # Copy systemd-boot EFI binary to the default/fallback boot path install -m 0644 -- "${pacstrap_dir}/usr/lib/systemd/boot/efi/systemd-bootx64.efi" \ - "${isofs_dir}/EFI/BOOT/BOOTx64.EFI" + "${bootable_dir}/EFI/BOOT/BOOTx64.EFI" # Copy systemd-boot configuration files - install -d -m 0755 -- "${isofs_dir}/loader/entries" - install -m 0644 -- "${profile}/efiboot/loader/loader.conf" "${isofs_dir}/loader/" + install -d -m 0755 -- "${bootable_dir}/loader/entries" + install -m 0644 -- "${profile}/efiboot/loader/loader.conf" "${bootable_dir}/loader/" local archiso_uuid TZ=UTC printf -v archiso_uuid '%(%F-%H-%M-%S-00)T' "${SOURCE_DATE_EPOCH}" for _conf in "${profile}/efiboot/loader/entries/"*".conf"; do @@ -1114,13 +1208,13 @@ _make_bootmode_uefi-x64.systemd-boot.eltorito() { s|%INSTALL_DIR%|${install_dir}|g; s|%CRYPTO_PARAMS%|$(_get_crypto_params)|g; s|%ARCH%|${arch}|g" \ - "${_conf}" > "${isofs_dir}/loader/entries/${_conf##*/}" + "${_conf}" > "${bootable_dir}/loader/entries/${_conf##*/}" done # edk2-shell based UEFI shell # shellx64.efi is picked up automatically when on / if [[ -e "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" ]]; then - install -m 0644 -- "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" "${isofs_dir}/shellx64.efi" + install -m 0644 -- "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" "${bootable_dir}/shellx64.efi" fi _msg_info "Done!" @@ -1588,9 +1682,10 @@ _add_xorrisofs_options_bios.syslinux.eltorito() { # SYSLINUX MBR (isohybrid) _add_xorrisofs_options_bios.syslinux.mbr() { + local bootable_dir="${1}" xorrisofs_options+=( # SYSLINUX MBR bootstrap code; does not work without "-eltorito-boot syslinux/isolinux.bin" - '-isohybrid-mbr' "${isofs_dir}/syslinux/isohdpfx.bin" + '-isohybrid-mbr' "${bootable_dir}/syslinux/isohdpfx.bin" # When GPT is used, create an additional partition in the MBR (besides 0xEE) for sectors 0–1 (MBR # bootstrap code area) and mark it as bootable # May allow booting on some systems @@ -1633,13 +1728,15 @@ _add_xorrisofs_options_persistent_partition() { # systemd-boot in an attached EFI system partition _add_xorrisofs_options_uefi-x64.systemd-boot.esp() { + local _xorrisofs_options=("$@") # Move the first partition away from the start of the ISO, otherwise the GPT will not be valid and ISO 9660 # partition will not be mountable # shellcheck disable=SC2076 - [[ " ${xorrisofs_options[*]} " =~ ' -partition_offset ' ]] || xorrisofs_options+=('-partition_offset' '16') + [[ " ${_xorrisofs_options[*]} " =~ ' -partition_offset ' ]] || _xorrisofs_options+=('-partition_offset' '16') # Attach efiboot.img as a second partition and set its partition type to "EFI system partition" - xorrisofs_options+=('-append_partition' '2' 'C12A7328-F81F-11D2-BA4B-00A0C93EC93B' "${efibootimg}") + _xorrisofs_options+=('-append_partition' '2' 'C12A7328-F81F-11D2-BA4B-00A0C93EC93B' "${efibootimg}") if [ "${persistent_size}" != "" ]; then + # READ _add_xorrisofs_options_persistent_partition fi # Ensure GPT is used as some systems do not support UEFI booting without it @@ -1652,22 +1749,34 @@ _add_xorrisofs_options_uefi-x64.systemd-boot.esp() { # If '-isohybrid-gpt-basdat' is specified before '-e', then the appended EFI system partition will have the # EFI system partition type ID/GUID in both MBR and GPT. If '-isohybrid-gpt-basdat' is specified after '-e', # the appended EFI system partition will have the Microsoft basic data type GUID in GPT. - if [[ ! " ${xorrisofs_options[*]} " =~ ' -isohybrid-gpt-basdat ' ]]; then - xorrisofs_options+=('-isohybrid-gpt-basdat') + if [[ ! " ${_xorrisofs_options[*]} " =~ ' -isohybrid-gpt-basdat ' ]]; then + _xorrisofs_options+=('-isohybrid-gpt-basdat') fi fi else # Use valid GPT if BIOS booting support will not be required - xorrisofs_options+=('-appended_part_as_gpt') + _xorrisofs_options+=('-appended_part_as_gpt') fi + echo "${_xorrisofs_options[@]}" +} + +_add_xorrisofs_options_uefi-x64.systemd-boot.esp_iso() { + xorrisofs_options+=("$(_add_xorrisofs_options_uefi-x64.systemd-boot.esp "${xorrisofs_options[@]}")") +} + +_add_xorrisofs_options_uefi-x64.systemd-boot.esp_keys() { + keys_xorrisofs_options+=("$(_add_xorrisofs_options_uefi-x64.systemd-boot.esp "${keys_xorrisofs_options[@]}")") } # systemd-boot via El Torito _add_xorrisofs_options_uefi-x64.systemd-boot.eltorito() { + local bootable_dir="${1}" + shift + local _xorrisofs_options=("$@") # shellcheck disable=SC2076 if [[ " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.esp ' || " ${bootmodes[*]} " =~ ' uefi-ia32.grub.esp ' ]]; then # systemd-boot in an attached EFI system partition via El Torito - xorrisofs_options+=( + _xorrisofs_options+=( # Start a new El Torito boot entry for UEFI '-eltorito-alt-boot' # Set the second partition as the El Torito UEFI boot image @@ -1681,16 +1790,16 @@ _add_xorrisofs_options_uefi-x64.systemd-boot.eltorito() { # EFI system partition type ID/GUID in both MBR and GPT. If '-isohybrid-gpt-basdat' is specified after '-e', # the appended EFI system partition will have the Microsoft basic data type GUID in GPT. if [[ ! " ${xorrisofs_options[*]} " =~ ' -isohybrid-gpt-basdat ' ]]; then - xorrisofs_options+=('-isohybrid-gpt-basdat') + _xorrisofs_options+=('-isohybrid-gpt-basdat') fi fi else # The ISO will not contain a GPT partition table, so to be able to reference efiboot.img, place it as a # file inside the ISO 9660 file system - install -d -m 0755 -- "${isofs_dir}/EFI/archiso" - cp -a -- "${efibootimg}" "${isofs_dir}/EFI/archiso/efiboot.img" + install -d -m 0755 -- "${bootable_dir}/EFI/archiso" + cp -a -- "${efibootimg}" "${bootable_dir}/EFI/archiso/efiboot.img" # systemd-boot in an embedded efiboot.img via El Torito - xorrisofs_options+=( + _xorrisofs_options+=( # Start a new El Torito boot entry for UEFI '-eltorito-alt-boot' # Set efiboot.img as the El Torito UEFI boot image @@ -1701,7 +1810,16 @@ _add_xorrisofs_options_uefi-x64.systemd-boot.eltorito() { fi # Specify where to save the El Torito boot catalog file in case it is not already set by bios.syslinux.eltorito # shellcheck disable=SC2076 - [[ " ${bootmodes[*]} " =~ ' bios.' ]] || xorrisofs_options+=('-eltorito-catalog' 'EFI/boot.cat') + [[ " ${bootmodes[*]} " =~ ' bios.' ]] || _xorrisofs_options+=('-eltorito-catalog' 'EFI/boot.cat') + echo "${_xorrisofs_options[@]}" +} + +_add_xorrisofs_options_uefi-x64.systemd-boot.eltorito_iso() { + xorrisofs_options+=("$(_add_xorrisofs_options_uefi-x64.systemd-boot.eltorito "${isofs_dir}" "${xorrisofs_options[@]}")") +} + +_add_xorrisofs_options_uefi-x64.systemd-boot.eltorito_keys() { + keys_xorrisofs_options+=("$(_add_xorrisofs_options_uefi-x64.systemd-boot.eltorito "${keys_isofs_dir}" "${keys_xorrisofs_options[@]}")") } # GRUB in an attached EFI system partition. @@ -1736,9 +1854,20 @@ _add_xorrisofs_options_uefi-x64.grub.esp() { fi } +_add_xorrisofs_options_uefi-x64.systemd-boot.esp_iso() { + xorrisofs_options+=("$(_add_xorrisofs_options_uefi-x64.grub.esp "${xorrisofs_options[@]}")") +} + +_add_xorrisofs_options_uefi-x64.systemd-boot.esp_keys() { + keys_xorrisofs_options+=("$(_add_xorrisofs_options_uefi-x64.grub.esp "${keys_xorrisofs_options[@]}")") +} + # GRUB via El Torito # Same as _add_xorrisofs_options_uefi-x64.systemd-boot.eltorito. _add_xorrisofs_options_uefi-x64.grub.eltorito() { + local bootable_dir="${1}" + shift + local _xorrisofs_options=("$@") # shellcheck disable=SC2076 if [[ " ${bootmodes[*]} " =~ ' uefi-x64.grub.esp ' || " ${bootmodes[*]} " =~ ' uefi-ia32.grub.esp ' ]]; then # grub in an attached EFI system partition via El Torito @@ -1755,17 +1884,17 @@ _add_xorrisofs_options_uefi-x64.grub.eltorito() { # If '-isohybrid-gpt-basdat' is specified before '-e', then the appended EFI system partition will have the # EFI system partition type ID/GUID in both MBR and GPT. If '-isohybrid-gpt-basdat' is specified after '-e', # the appended EFI system partition will have the Microsoft basic data type GUID in GPT. - if [[ ! " ${xorrisofs_options[*]} " =~ ' -isohybrid-gpt-basdat ' ]]; then - xorrisofs_options+=('-isohybrid-gpt-basdat') + if [[ ! " ${_xorrisofs_options[*]} " =~ ' -isohybrid-gpt-basdat ' ]]; then + _xorrisofs_options+=('-isohybrid-gpt-basdat') fi fi else # The ISO will not contain a GPT partition table, so to be able to reference efiboot.img, place it as a # file inside the ISO 9660 file system - install -d -m 0755 -- "${isofs_dir}/EFI/archiso" - cp -a -- "${efibootimg}" "${isofs_dir}/EFI/archiso/efiboot.img" + install -d -m 0755 -- "${bootable_dir}/EFI/archiso" + cp -a -- "${efibootimg}" "${bootable_dir}/EFI/archiso/efiboot.img" # grub in an embedded efiboot.img via El Torito - xorrisofs_options+=( + _xorrisofs_options+=( # Start a new El Torito boot entry for UEFI '-eltorito-alt-boot' # Set efiboot.img as the El Torito UEFI boot image @@ -1776,7 +1905,16 @@ _add_xorrisofs_options_uefi-x64.grub.eltorito() { fi # Specify where to save the El Torito boot catalog file in case it is not already set by bios.syslinux.eltorito # shellcheck disable=SC2076 - [[ " ${bootmodes[*]} " =~ ' bios.' ]] || xorrisofs_options+=('-eltorito-catalog' 'EFI/boot.cat') + [[ " ${bootmodes[*]} " =~ ' bios.' ]] || _xorrisofs_options+=('-eltorito-catalog' 'EFI/boot.cat') + echo "${_xorrisofs_options[@]}" +} + +_add_xorrisofs_options_uefi-x64.systemd-boot.eltorito_iso() { + xorrisofs_options+=("$(_add_xorrisofs_options_uefi-x64.grub.eltorito "${isofs_dir}" "${xorrisofs_options[@]}")") +} + +_add_xorrisofs_options_uefi-x64.systemd-boot.eltorito_keys() { + keys_xorrisofs_options+=("$(_add_xorrisofs_options_uefi-x64.systemd-boot.eltorito "${keys_isofs_dir}" "${keys_xorrisofs_options[@]}")") } # Build bootstrap image @@ -2082,6 +2220,7 @@ _build_keys_base() { cp "${encryption_key}" "${keys_dir}/airootfs.key" + _run_once _make_boot_on_keys _run_once _prepare_keys_image } -- GitLab From 13af18bb560290e9d3e0e8209e9ade675c9215a9 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 11:07:40 +0000 Subject: [PATCH 202/347] add new split add_xorrisofs_buildmode functions --- archiso/mkarchiso | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 9d589f3b..9f3cf188 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1670,6 +1670,7 @@ _validate_requirements_buildmode_netboot() { # SYSLINUX El Torito _add_xorrisofs_options_bios.syslinux.eltorito() { + local _xorrisofs_options="$@" xorrisofs_options+=( # El Torito boot image for x86 BIOS '-eltorito-boot' 'syslinux/isolinux.bin' @@ -1678,6 +1679,7 @@ _add_xorrisofs_options_bios.syslinux.eltorito() { # Required options to boot with ISOLINUX '-no-emul-boot' '-boot-load-size' '4' '-boot-info-table' ) + echo "${_xorrisofs_options[@]}" } # SYSLINUX MBR (isohybrid) @@ -1718,12 +1720,14 @@ _add_xorrisofs_options_uefi-ia32.grub.eltorito() { } _add_xorrisofs_options_persistent_partition() { + local _xorrisofs_options=("$@") if [[ "${persistent_image_type}" == *"luks" ]]; then persistent_guid="CA7D7CCB-63ED-4C53-861C-1742536059CC" else persistent_guid="0FC63DAF-8483-4772-8E79-3D69D8477DE4" fi - xorrisofs_options+=('-append_partition' '3' "${persistent_guid}" "${persistentimg}") + _xorrisofs_options+=('-append_partition' '3' "${persistent_guid}" "${persistentimg}") + echo "${_xorrisofs_options[@]}" } # systemd-boot in an attached EFI system partition @@ -1737,7 +1741,7 @@ _add_xorrisofs_options_uefi-x64.systemd-boot.esp() { _xorrisofs_options+=('-append_partition' '2' 'C12A7328-F81F-11D2-BA4B-00A0C93EC93B' "${efibootimg}") if [ "${persistent_size}" != "" ]; then # READ - _add_xorrisofs_options_persistent_partition + _add_xorrisofs_options_persistent_partition "${_xorrisofs_options[@]}" fi # Ensure GPT is used as some systems do not support UEFI booting without it # shellcheck disable=SC2076 @@ -1825,14 +1829,15 @@ _add_xorrisofs_options_uefi-x64.systemd-boot.eltorito_keys() { # GRUB in an attached EFI system partition. # Same as _add_xorrisofs_options_uefi-x64.systemd-boot.esp. _add_xorrisofs_options_uefi-x64.grub.esp() { + local _xorrisofs_options=("$@") # Move the first partition away from the start of the ISO, otherwise the GPT will not be valid and ISO 9660 # partition will not be mountable # shellcheck disable=SC2076 - [[ " ${xorrisofs_options[*]} " =~ ' -partition_offset ' ]] || xorrisofs_options+=('-partition_offset' '16') + [[ " ${_xorrisofs_options[*]} " =~ ' -partition_offset ' ]] || _xorrisofs_options+=('-partition_offset' '16') # Attach efiboot.img as a second partition and set its partition type to "EFI system partition" - xorrisofs_options+=('-append_partition' '2' 'C12A7328-F81F-11D2-BA4B-00A0C93EC93B' "${work_dir}/efiboot.img") + _xorrisofs_options+=('-append_partition' '2' 'C12A7328-F81F-11D2-BA4B-00A0C93EC93B' "${work_dir}/efiboot.img") if [ "${persistent_size}" != "" ]; then - _add_xorrisofs_options_persistent_partition + _add_xorrisofs_options_persistent_partition "${_xorrisofs_options[@]}" fi # Ensure GPT is used as some systems do not support UEFI booting without it # shellcheck disable=SC2076 @@ -1854,11 +1859,11 @@ _add_xorrisofs_options_uefi-x64.grub.esp() { fi } -_add_xorrisofs_options_uefi-x64.systemd-boot.esp_iso() { +_add_xorrisofs_options_uefi-x64.grub.esp_iso() { xorrisofs_options+=("$(_add_xorrisofs_options_uefi-x64.grub.esp "${xorrisofs_options[@]}")") } -_add_xorrisofs_options_uefi-x64.systemd-boot.esp_keys() { +_add_xorrisofs_options_uefi-x64.grub.esp_keys() { keys_xorrisofs_options+=("$(_add_xorrisofs_options_uefi-x64.grub.esp "${keys_xorrisofs_options[@]}")") } -- GitLab From a7c313774f746f0090ebd20acb1304684328e16a Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 11:11:04 +0000 Subject: [PATCH 203/347] add new split add_xorrisofs_buildmode functions --- archiso/mkarchiso | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 9f3cf188..dba82cc7 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1914,11 +1914,11 @@ _add_xorrisofs_options_uefi-x64.grub.eltorito() { echo "${_xorrisofs_options[@]}" } -_add_xorrisofs_options_uefi-x64.systemd-boot.eltorito_iso() { +_add_xorrisofs_options_uefi-x64.grub.eltorito_iso() { xorrisofs_options+=("$(_add_xorrisofs_options_uefi-x64.grub.eltorito "${isofs_dir}" "${xorrisofs_options[@]}")") } -_add_xorrisofs_options_uefi-x64.systemd-boot.eltorito_keys() { +_add_xorrisofs_options_uefi-x64.grub.eltorito_keys() { keys_xorrisofs_options+=("$(_add_xorrisofs_options_uefi-x64.systemd-boot.eltorito "${keys_isofs_dir}" "${keys_xorrisofs_options[@]}")") } -- GitLab From 3da835f83302d0022870975c8ae4efe8d9392c8f Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 11:29:25 +0000 Subject: [PATCH 204/347] new format for bootmodes but I don't know --- archiso/mkarchiso | 45 +++++++++++++++++++++++++++++++++++---------- 1 file changed, 35 insertions(+), 10 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index dba82cc7..b378c826 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1668,9 +1668,20 @@ _validate_requirements_buildmode_netboot() { fi } +_add_xorrisofs_options_persistent_partition() { + local _xorrisofs_options=("$@") + if [[ "${persistent_image_type}" == *"luks" ]]; then + persistent_guid="CA7D7CCB-63ED-4C53-861C-1742536059CC" + else + persistent_guid="0FC63DAF-8483-4772-8E79-3D69D8477DE4" + fi + _xorrisofs_options+=('-append_partition' '3' "${persistent_guid}" "${persistentimg}") + echo "${_xorrisofs_options[@]}" +} + # SYSLINUX El Torito _add_xorrisofs_options_bios.syslinux.eltorito() { - local _xorrisofs_options="$@" + local _xorrisofs_options=("$@") xorrisofs_options+=( # El Torito boot image for x86 BIOS '-eltorito-boot' 'syslinux/isolinux.bin' @@ -1682,6 +1693,14 @@ _add_xorrisofs_options_bios.syslinux.eltorito() { echo "${_xorrisofs_options[@]}" } +_add_xorrisofs_options_bios.syslinux.eltorito_iso() { + xorrisofs_options+=("$(_add_xorrisofs_options_bios.syslinux.eltorito "${xorrisofs_options[@]}")") +} + +_add_xorrisofs_options_uefi-bios.syslinux.eltorito_keys() { + keys_xorrisofs_options+=("$(_add_xorrisofs_options_bios.syslinux.eltorito "${keys_xorrisofs_options[@]}")") +} + # SYSLINUX MBR (isohybrid) _add_xorrisofs_options_bios.syslinux.mbr() { local bootable_dir="${1}" @@ -1700,6 +1719,14 @@ _add_xorrisofs_options_bios.syslinux.mbr() { ) } +_add_xorrisofs_options_bios.syslinux.mbr_iso() { + xorrisofs_options+=("$(_add_xorrisofs_options_bios.syslinux.mbr "${xorrisofs_options[@]}")") +} + +_add_xorrisofs_options_bios.syslinux.mbr_keys() { + keys_xorrisofs_options+=("$(_add_xorrisofs_options_bios.syslinux.mbr "${keys_xorrisofs_options[@]}")") +} + # GRUB in an attached EFI system partition _add_xorrisofs_options_uefi-ia32.grub.esp() { # TODO: how does the bootmodes systemd-boot vs x64.grub affect ${bootmodes[*]} tests in _add_xorrisofs_options_uefi-x64.systemd-boot.esp etc? @@ -1712,6 +1739,7 @@ _add_xorrisofs_options_uefi-ia32.grub.esp() { # GRUB via El Torito _add_xorrisofs_options_uefi-ia32.grub.eltorito() { + local _xorrisofs_options=("$@") # shellcheck disable=SC2076 if [[ ! " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.eltorito ' && ! " ${bootmodes[*]} " =~ ' uefi-x64.grub.eltorito ' ]]; then # _add_xorrisofs_options_uefi-x64.systemd-boot.eltorito @@ -1719,15 +1747,12 @@ _add_xorrisofs_options_uefi-ia32.grub.eltorito() { fi } -_add_xorrisofs_options_persistent_partition() { - local _xorrisofs_options=("$@") - if [[ "${persistent_image_type}" == *"luks" ]]; then - persistent_guid="CA7D7CCB-63ED-4C53-861C-1742536059CC" - else - persistent_guid="0FC63DAF-8483-4772-8E79-3D69D8477DE4" - fi - _xorrisofs_options+=('-append_partition' '3' "${persistent_guid}" "${persistentimg}") - echo "${_xorrisofs_options[@]}" +_add_xorrisofs_options_uefi-ia32.grub.eltorito_iso() { + xorrisofs_options+=("$(_add_xorrisofs_options_uefi-ia32.grub.eltorito "${xorrisofs_options[@]}")") +} + +_add_xorrisofs_options_uefi-ia32.grub.eltorito_keys() { + keys_xorrisofs_options+=("$(_add_xorrisofs_options_uefi-ia32.grub.eltorito "${keys_xorrisofs_options[@]}")") } # systemd-boot in an attached EFI system partition -- GitLab From 8e9fc7d5f3f4bb20e2eb42a7c1acdf441fc17004 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 11:31:10 +0000 Subject: [PATCH 205/347] new format for bootmodes but I don't know --- archiso/mkarchiso | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index b378c826..00607d91 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1682,7 +1682,7 @@ _add_xorrisofs_options_persistent_partition() { # SYSLINUX El Torito _add_xorrisofs_options_bios.syslinux.eltorito() { local _xorrisofs_options=("$@") - xorrisofs_options+=( + _xorrisofs_options+=( # El Torito boot image for x86 BIOS '-eltorito-boot' 'syslinux/isolinux.bin' # El Torito boot catalog file @@ -1704,7 +1704,8 @@ _add_xorrisofs_options_uefi-bios.syslinux.eltorito_keys() { # SYSLINUX MBR (isohybrid) _add_xorrisofs_options_bios.syslinux.mbr() { local bootable_dir="${1}" - xorrisofs_options+=( + local _xorrisofs_options=("$@") + _xorrisofs_options+=( # SYSLINUX MBR bootstrap code; does not work without "-eltorito-boot syslinux/isolinux.bin" '-isohybrid-mbr' "${bootable_dir}/syslinux/isohdpfx.bin" # When GPT is used, create an additional partition in the MBR (besides 0xEE) for sectors 0–1 (MBR @@ -1717,6 +1718,7 @@ _add_xorrisofs_options_bios.syslinux.mbr() { # https://dev.lovelyhq.com/libburnia/libisoburn/src/branch/master/doc/partition_offset.wiki '-partition_offset' '16' ) + echo "${_xorrisofs_options[@]}" } _add_xorrisofs_options_bios.syslinux.mbr_iso() { -- GitLab From 8d09db4b8f290573eb9ad9156633437ee98f16f6 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 12:37:46 +0000 Subject: [PATCH 206/347] new format for bootmodes but I don't know --- archiso/mkarchiso | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 00607d91..3459f751 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1722,21 +1722,31 @@ _add_xorrisofs_options_bios.syslinux.mbr() { } _add_xorrisofs_options_bios.syslinux.mbr_iso() { - xorrisofs_options+=("$(_add_xorrisofs_options_bios.syslinux.mbr "${xorrisofs_options[@]}")") + xorrisofs_options+=("$(_add_xorrisofs_options_bios.syslinux.mbr "${isofs_dir}" "${xorrisofs_options[@]}")") } _add_xorrisofs_options_bios.syslinux.mbr_keys() { - keys_xorrisofs_options+=("$(_add_xorrisofs_options_bios.syslinux.mbr "${keys_xorrisofs_options[@]}")") + keys_xorrisofs_options+=("$(_add_xorrisofs_options_bios.syslinux.mbr "${keys_isofs_dir}" "${keys_xorrisofs_options[@]}")") } # GRUB in an attached EFI system partition _add_xorrisofs_options_uefi-ia32.grub.esp() { + local _xorrisofs_options=("$@") # TODO: how does the bootmodes systemd-boot vs x64.grub affect ${bootmodes[*]} tests in _add_xorrisofs_options_uefi-x64.systemd-boot.esp etc? # shellcheck disable=SC2076 if [[ ! " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.esp ' && ! " ${bootmodes[*]} " =~ ' uefi-x64.grub.esp ' ]]; then # _add_xorrisofs_options_uefi-x64.systemd-boot.esp - _add_xorrisofs_options_uefi-x64.grub.esp + _xorrisofs_options+=("$(_add_xorrisofs_options_uefi-x64.grub.esp)") fi + echo "${_xorrisofs_options[@]}" +} + +_add_xorrisofs_options_uefi-ia32.grub.esp_iso() { + xorrisofs_options+=("$(_add_xorrisofs_options_uefi-x64.grub.esp "${xorrisofs_options[@]}")") +} + +_add_xorrisofs_options_uefi-x64.grub.esp_keys() { + keys_xorrisofs_options+=("$(_add_xorrisofs_options_uefi-x64.grub.esp "${keys_xorrisofs_options[@]}")") } # GRUB via El Torito @@ -1745,7 +1755,7 @@ _add_xorrisofs_options_uefi-ia32.grub.eltorito() { # shellcheck disable=SC2076 if [[ ! " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.eltorito ' && ! " ${bootmodes[*]} " =~ ' uefi-x64.grub.eltorito ' ]]; then # _add_xorrisofs_options_uefi-x64.systemd-boot.eltorito - _add_xorrisofs_options_uefi-x64.grub.eltorito + _xorrisofs_options+=("$(_add_xorrisofs_options_uefi-x64.grub.eltorito "${xorrisofs_options[@]}")") fi } -- GitLab From 7e0f66259387baa40891c6db24faf03b4b079e37 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 12:49:22 +0000 Subject: [PATCH 207/347] switch to new branch --- archiso/mkarchiso | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 3459f751..f2196f0a 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1976,13 +1976,13 @@ _build_bootstrap_image() { } _build_keys_image() { - local xorriso_options=() xorrisofs_options=() + local keys_xorriso_options=() keys_xorrisofs_options=() local bootmode # Add required xorrisofs options for each boot mode - # for bootmode in "${bootmodes[@]}"; do - # typeset -f "_add_xorrisofs_options_${bootmode}" &> /dev/null && "_add_xorrisofs_options_${bootmode}" - # done + for bootmode in "${bootmodes[@]}"; do + typeset -f "_add_xorrisofs_options_${bootmode}_keys" &> /dev/null && "_add_xorrisofs_options_${bootmode}_keys" + done [[ -d "${out_dir}" ]] || install -d -- "${out_dir}" @@ -1990,7 +1990,7 @@ _build_keys_image() { # The when xorriso is run in mkisofs compatibility mode (xorrisofs), the mkisofs option -quiet is interpreted # too late (e.g. messages about SOURCE_DATE_EPOCH still get shown). # Instead use native xorriso option to silence the output. - xorriso_options=('-report_about' 'SORRY' "${xorriso_options[@]}") + keys_xorriso_options=('-report_about' 'SORRY' "${xorriso_options[@]}") fi # Update SORCE_DATE_EPOCH for keys ISO UUID @@ -1998,7 +1998,7 @@ _build_keys_image() { rm -f -- "${out_dir}/${image_name}" _msg_info "Creating ISO image..." - xorriso "${xorriso_options[@]}" -as mkisofs \ + xorriso "${keys_xorriso_options[@]}" -as mkisofs \ -iso-level 3 \ -full-iso9660-filenames \ -joliet \ @@ -2008,7 +2008,7 @@ _build_keys_image() { -appid "${iso_application} keys CD" \ -publisher "${iso_publisher}" \ -preparer "prepared by ${app_name}" \ - "${xorrisofs_options[@]}" \ + "${keys_xorrisofs_options[@]}" \ -output "${out_dir}/${image_name}" \ "${keys_isofs_dir}/" _msg_info "Done!" @@ -2031,7 +2031,7 @@ _build_iso_image() { # Add required xorrisofs options for each boot mode for bootmode in "${bootmodes[@]}"; do - typeset -f "_add_xorrisofs_options_${bootmode}" &> /dev/null && "_add_xorrisofs_options_${bootmode}" + typeset -f "_add_xorrisofs_options_${bootmode}_iso" &> /dev/null && "_add_xorrisofs_options_${bootmode}_iso" done rm -f -- "${out_dir}/${image_name}" -- GitLab From 212fdef13027a4db6164b1c5367e8e2cb3f4244d Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 12:51:45 +0000 Subject: [PATCH 208/347] switch to new branch --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index f2196f0a..918b935a 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1778,7 +1778,7 @@ _add_xorrisofs_options_uefi-x64.systemd-boot.esp() { _xorrisofs_options+=('-append_partition' '2' 'C12A7328-F81F-11D2-BA4B-00A0C93EC93B' "${efibootimg}") if [ "${persistent_size}" != "" ]; then # READ - _add_xorrisofs_options_persistent_partition "${_xorrisofs_options[@]}" + _xorrisofs_options+=("$(_add_xorrisofs_options_persistent_partition "${_xorrisofs_options[@]}")") fi # Ensure GPT is used as some systems do not support UEFI booting without it # shellcheck disable=SC2076 -- GitLab From 1e4b15b765e5413ce4f733b9d7013f1284acd1e0 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 12:56:09 +0000 Subject: [PATCH 209/347] switch to new branch --- archiso/mkarchiso | 1 + 1 file changed, 1 insertion(+) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 918b935a..2ee1d5be 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -2263,6 +2263,7 @@ _build_keys_base() { cp "${encryption_key}" "${keys_dir}/airootfs.key" _run_once _make_boot_on_keys + _make_bootmodes_keys _run_once _prepare_keys_image } -- GitLab From ed7cb1a982772e10c9dac0dc2cc8ba71b74728c9 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 13:02:43 +0000 Subject: [PATCH 210/347] switch to new branch --- archiso/mkarchiso | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 2ee1d5be..e4923a21 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -704,7 +704,7 @@ _make_customize_airootfs() { } # Set up boot loaders -_make_bootmodes() { +_make_bootmodes_iso() { local bootmode for bootmode in "${bootmodes[@]}"; do _run_once "_make_bootmode_${bootmode}_iso" @@ -1990,7 +1990,7 @@ _build_keys_image() { # The when xorriso is run in mkisofs compatibility mode (xorrisofs), the mkisofs option -quiet is interpreted # too late (e.g. messages about SOURCE_DATE_EPOCH still get shown). # Instead use native xorriso option to silence the output. - keys_xorriso_options=('-report_about' 'SORRY' "${xorriso_options[@]}") + keys_xorriso_options=('-report_about' 'SORRY' "${keys_xorriso_options[@]}") fi # Update SORCE_DATE_EPOCH for keys ISO UUID @@ -2305,7 +2305,7 @@ _build_iso_base() { if [[ "${buildmode}" == 'netboot' ]]; then _run_once _make_boot_on_iso9660 else - _make_bootmodes + _make_bootmodes_iso fi _run_once _cleanup_pacstrap_dir _run_once _prepare_airootfs_image -- GitLab From 59c9e7c924b6f989a6f173094e2e2adaaea2c5a1 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 13:20:45 +0000 Subject: [PATCH 211/347] switch to new branch --- archiso/mkarchiso | 42 +++++++++++++++++++++++------------------- 1 file changed, 23 insertions(+), 19 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index e4923a21..dc5ca060 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -915,6 +915,7 @@ _make_bootmode_uefi-ia32.grub.esp_iso() { } _make_bootmode_uefi-ia32.grub.esp() { + local bootable="${1}" local archiso_uuid TZ=UTC printf -v archiso_uuid '%(%F-%H-%M-%S-00)T' "${SOURCE_DATE_EPOCH}" # Fill Grub configuration files @@ -950,9 +951,9 @@ EOF if [[ " ${bootmodes[*]} " =~ uefi-x64.systemd-boot.esp ]]; then # TODO: Remove this branch. - _run_once _make_bootmode_uefi-x64.systemd-boot.esp + _run_once "_make_bootmode_uefi-x64.systemd-boot.esp_${bootable}" elif [[ " ${bootmodes[*]} " =~ uefi-x64.grub.esp ]]; then - _run_once _make_bootmode_uefi-x64.grub.esp + _run_once "_make_bootmode_uefi-x64.grub.esp_${bootable}" else efiboot_imgsize="$(du -bc "${efiboot_files[@]}" \ 2>/dev/null | awk 'END { print $1 }')" @@ -976,19 +977,20 @@ EOF } _make_bootmode_uefi-ia32.grub.eltorito_iso() { - _make_bootmode_uefi-ia32.grub.eltorito "${isofs_dir}" + _make_bootmode_uefi-ia32.grub.eltorito "${isofs_dir}" "iso" } _make_bootmode_uefi-ia32.grub.eltorito_keys() { - _make_bootmode_uefi-ia32.grub.eltorito "${keys_isofs_dir}" + _make_bootmode_uefi-ia32.grub.eltorito "${keys_isofs_dir}" "keys" } # Prepare GRUB for El Torito booting _make_bootmode_uefi-ia32.grub.eltorito() { local bootable_dir="${1}" + local bootable="${2}" # El Torito UEFI boot requires an image containing the EFI system partition. # uefi-ia32.grub.eltorito has the same requirements as uefi-ia32.grub.esp - _run_once _make_bootmode_uefi-ia32.grub.esp + _run_once "_make_bootmode_uefi-ia32.grub.esp_${bootable}" # Additionally set up systemd-boot in ISO 9660. This allows creating a medium for the live environment by using # manual partitioning and simply copying the ISO 9660 file system contents. @@ -1073,19 +1075,20 @@ EOF } _make_bootmode_uefi-x64.grub.eltorito_iso() { - _make_bootmode_uefi-x64.grub.eltorito "${isofs_dir}" + _make_bootmode_uefi-x64.grub.eltorito "${isofs_dir}" "iso" } _make_bootmode_uefi-x64.grub.eltorito_keys() { - _make_bootmode_uefi-x64.grub.eltorito "${keys_isofs_dir}" + _make_bootmode_uefi-x64.grub.eltorito "${keys_isofs_dir}" "keys" } # Prepare GRUB for El Torito booting _make_bootmode_uefi-x64.grub.eltorito() { local bootable_dir="${1}" + local bootable="${2}" # El Torito UEFI boot requires an image containing the EFI system partition. # uefi-x64.grub.eltorito has the same requirements as uefi-x64.grub.esp - _run_once _make_bootmode_uefi-x64.grub.esp + _run_once "_make_bootmode_uefi-x64.grub.esp_${bootable}" # Additionally set up systemd-boot in ISO 9660. This allows creating a medium for the live environment by using # manual partitioning and simply copying the ISO 9660 file system contents. @@ -1170,22 +1173,13 @@ _make_bootmode_uefi-x64.systemd-boot.esp() { _msg_info "Done! systemd-boot set up for UEFI booting successfully." } -# Prepare systemd-boot for El Torito booting -_make_bootmode_uefi-x64.systemd-boot.eltorito_iso() { - _make_bootmode_uefi-x64.systemd-boot.eltorito "${isofs_dir}" -} - -# Prepare systemd-boot for El Torito booting -_make_bootmode_uefi-x64.systemd-boot.eltorito_keys() { - _make_bootmode_uefi-x64.systemd-boot.eltorito "${keys_isofs_dir}" -} - # Prepare systemd-boot for El Torito booting _make_bootmode_uefi-x64.systemd-boot.eltorito() { local bootable_dir="${1}" + local bootable="${2}" # El Torito UEFI boot requires an image containing the EFI system partition. # uefi-x64.systemd-boot.eltorito has the same requirements as uefi-x64.systemd-boot.esp - _run_once _make_bootmode_uefi-x64.systemd-boot.esp + _run_once "_make_bootmode_uefi-x64.systemd-boot.esp_${bootable}" # Additionally set up systemd-boot in ISO 9660. This allows creating a medium for the live environment by using # manual partitioning and simply copying the ISO 9660 file system contents. @@ -1220,6 +1214,16 @@ _make_bootmode_uefi-x64.systemd-boot.eltorito() { _msg_info "Done!" } +# Prepare systemd-boot for El Torito booting +_make_bootmode_uefi-x64.systemd-boot.eltorito_iso() { + _make_bootmode_uefi-x64.systemd-boot.eltorito "${isofs_dir}" "iso" +} + +# Prepare systemd-boot for El Torito booting +_make_bootmode_uefi-x64.systemd-boot.eltorito_keys() { + _make_bootmode_uefi-x64.systemd-boot.eltorito "${keys_isofs_dir}" "keys" +} + _validate_requirements_bootmode_bios.syslinux.mbr() { # bios.syslinux.mbr requires bios.syslinux.eltorito # shellcheck disable=SC2076 -- GitLab From 34b6544e97eeef49ccd4b610600eb91ad82b5df2 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 14:19:05 +0000 Subject: [PATCH 212/347] switch to new branch --- archiso/mkarchiso | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index dc5ca060..7438c2c3 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -905,13 +905,12 @@ _make_efibootimg_grubcfg() { "${work_dir}/grub.cfg" ::/EFI/BOOT/grub.cfg } - -_make_bootmode_uefi-ia32.grub.esp_keys() { - _make_bootmode_uefi-ia32.grub.esp +_make_bootmode_uefi-ia32.grub.esp_iso() { + _make_bootmode_uefi-ia32.grub.esp "iso" } -_make_bootmode_uefi-ia32.grub.esp_iso() { - _make_bootmode_uefi-ia32.grub.esp +_make_bootmode_uefi-ia32.grub.esp_keys() { + _make_bootmode_uefi-ia32.grub.esp "keys" } _make_bootmode_uefi-ia32.grub.esp() { -- GitLab From 5b2fcaf52e0db8a4c8b104d5362a53f8f5ab3596 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 14:59:08 +0000 Subject: [PATCH 213/347] update changelog --- CHANGELOG.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index df9ae066..c2483f5e 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -10,10 +10,11 @@ Added - Add support for LUKS2 image disks: - ``+luks`` airootfs image types; - ``keys`` buildmode; - - ``encryption_key`` parameter; + - ``encryption_key`` parameter. - Add support for persistent partition on ISO: - ''persistent_size'' parameter; - Configure the locale for the baseline profile to ``C.UTF-8`` so that a UTF-8 locale is used. +- Add ``efibootimg`` to ``mkarchiso`` to abstract the FAT image path. Changed ------- -- GitLab From 850aad254c8571b8f61eca9a6352c29967509744 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 15:30:28 +0000 Subject: [PATCH 214/347] have persistent_size_kib instead of persistent_size --- archiso/mkarchiso | 18 +++++++++--------- docs/README.profile.rst | 2 +- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 7438c2c3..937496bb 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -45,7 +45,7 @@ declare -A file_permissions=() efibootimg="" efiboot_files=() encryption_key="" -persistent_size="" +persistent_size_kib="" persistent_image_type="" persistentimg="" # adapted from GRUB_EARLY_INITRD_LINUX_STOCK in https://git.savannah.gnu.org/cgit/grub.git/tree/util/grub-mkconfig.in @@ -167,7 +167,7 @@ _cleanup_pacstrap_dir() { find "${work_dir}" \( -name '*.pacnew' -o -name '*.pacsave' -o -name '*.pacorig' \) -delete # Create an empty /etc/machine-id local _machine_id="${pacstrap_dir}/etc/machine-id" - if [[ "${persistent_size}" != "" ]]; then + if [[ "${persistent_size_kib}" != "" ]]; then dbus-uuidgen --ensure="${_machine_id}" else rm -f -- "${_machine_id}" @@ -480,7 +480,7 @@ _mkpersistent_common() { _mkpersistent_ext4() { _mkpersistent_common persistent_guid="0FC63DAF-8483-4772-8E79-3D69D8477DE4" - _run_mkext4 "${persistent_dir}" "${persistent_size}" "${persistent_epoch}" "${iso_label}_PERSISTENT" + _run_mkext4 "${persistent_dir}" "${persistent_size_kib}" "${persistent_epoch}" "${iso_label}_PERSISTENT" mv "${persistent_dir}.img" "${image_path}" sync _msg_info "Done!" @@ -490,9 +490,9 @@ _mkpersistent_ext4() { _mkpersistent_ext4+luks() { _mkpersistent_common persistent_guid="CA7D7CCB-63ED-4C53-861C-1742536059CC" - _run_mkluks "${image_path}" "${persistent_size}" \ + _run_mkluks "${image_path}" "${persistent_size_kib}" \ "${iso_label}_PERSISTENT" "${encryption_key}" "false" "${luks_uuid}" - _run_mkext4 "${persistent_dir}" "$(_get_internal_size "${persistent_size}")" "${persistent_epoch}" "keys" + _run_mkext4 "${persistent_dir}" "$(_get_internal_size "${persistent_size_kib}")" "${persistent_epoch}" "keys" dd if="${persistent_dir}.img" of="${image_device}" sync _close_luks_device "${image_device}" @@ -1434,10 +1434,10 @@ _prepare_persistent_image() { if [ -d "${profile}/persistent" ]; then cp -af --no-preserve=ownership,mode -- "${profile}/persistent/." "${persistent_dir}" persistent_dir_size=$(du -s "${persistent_dir}" | cut -f 1) - persistent_size=$(( persistent_dir_size > persistent_size ? persistent_dir_size : persistent_size )) + persistent_size_kib=$(( persistent_dir_size > persistent_size_kib ? persistent_dir_size : persistent_size_kib )) fi - if [ "${persistent_size}" != "" ]; then + if [ "${persistent_size_kib}" != "" ]; then _run_once "_mkpersistent_${persistent_image_type}" fi } @@ -1779,7 +1779,7 @@ _add_xorrisofs_options_uefi-x64.systemd-boot.esp() { [[ " ${_xorrisofs_options[*]} " =~ ' -partition_offset ' ]] || _xorrisofs_options+=('-partition_offset' '16') # Attach efiboot.img as a second partition and set its partition type to "EFI system partition" _xorrisofs_options+=('-append_partition' '2' 'C12A7328-F81F-11D2-BA4B-00A0C93EC93B' "${efibootimg}") - if [ "${persistent_size}" != "" ]; then + if [ "${persistent_size_kib}" != "" ]; then # READ _xorrisofs_options+=("$(_add_xorrisofs_options_persistent_partition "${_xorrisofs_options[@]}")") fi @@ -1876,7 +1876,7 @@ _add_xorrisofs_options_uefi-x64.grub.esp() { [[ " ${_xorrisofs_options[*]} " =~ ' -partition_offset ' ]] || _xorrisofs_options+=('-partition_offset' '16') # Attach efiboot.img as a second partition and set its partition type to "EFI system partition" _xorrisofs_options+=('-append_partition' '2' 'C12A7328-F81F-11D2-BA4B-00A0C93EC93B' "${work_dir}/efiboot.img") - if [ "${persistent_size}" != "" ]; then + if [ "${persistent_size_kib}" != "" ]; then _add_xorrisofs_options_persistent_partition "${_xorrisofs_options[@]}" fi # Ensure GPT is used as some systems do not support UEFI booting without it diff --git a/docs/README.profile.rst b/docs/README.profile.rst index 00feb7e3..d4da0d80 100644 --- a/docs/README.profile.rst +++ b/docs/README.profile.rst @@ -70,7 +70,7 @@ The image file is constructed from some of the variables in ``profiledef.sh``: ` ``mkfs.erofs`` are supported. See ``mksquashfs --help`` or ``mkfs.erofs --help`` for all possible options * ``encryption_key``: If pointing to a file, it will use as encryption key for the airootfs; if "auto" will generate a key at build time; if empty, will prompt for password. -* ``persistent_size``: Size in KB of the persistent partition. +* ``persistent_size_kib``: Size in KB of the persistent partition. * ``persistent_image_type``: The type of the persistent portion of the ISO. - ``ext4``: Create an ext4 partition. - ``ext4+luks``: Create a LUKS container with an ext4 partition inside. -- GitLab From 87c4f78b1e9fe47045f38b6fa4d7897fd4d97bb6 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 15:34:14 +0000 Subject: [PATCH 215/347] have persistent_size_kib instead of persistent_size --- archiso/mkarchiso | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 937496bb..98b1838e 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -826,15 +826,6 @@ _make_bootmode_bios.syslinux.mbr_iso() { _make_bootmode_bios.syslinux.mbr_keys() { _make_bootmode_bios.syslinux.mbr "${keys_isofs_dir}" } -_make_bootmode_bios.syslinux.eltorito_iso() { - _make_bootmode_bios.syslinux.eltorito "${isofs_dir}" - _run_once _make_bootmode_bios.syslinux.mbr_iso -} - -_make_bootmode_bios.syslinux.eltorito_keys() { - _make_bootmode_bios.syslinux.eltorito "${keys_isofs_dir}" - _run_once _make_bootmode_bios.syslinux.mbr_keys -} # Prepare syslinux for El-Torito booting _make_bootmode_bios.syslinux.eltorito() { @@ -847,6 +838,16 @@ _make_bootmode_bios.syslinux.eltorito() { _msg_info "Done! SYSLINUX set up for BIOS booting from an optical disc successfully." } +_make_bootmode_bios.syslinux.eltorito_iso() { + _make_bootmode_bios.syslinux.eltorito "${isofs_dir}" + _run_once _make_bootmode_bios.syslinux.mbr_iso +} + +_make_bootmode_bios.syslinux.eltorito_keys() { + _make_bootmode_bios.syslinux.eltorito "${keys_isofs_dir}" + _run_once _make_bootmode_bios.syslinux.mbr_keys +} + # Copy kernel and initramfs to FAT image _make_boot_on_fat() { local ucode_image all_ucode_images=() -- GitLab From 1528601254573776b994f28d1dc2527dae093c60 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 15:58:05 +0000 Subject: [PATCH 216/347] fix unbound variable --- archiso/mkarchiso | 3 +++ 1 file changed, 3 insertions(+) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 98b1838e..718fd87e 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -726,6 +726,7 @@ _make_boot_on_iso9660() { # Copy kernel and initramfs to keys ISO 9660 _make_boot_on_keys() { + local keys_isofs_dir="${work_dir}/keys_iso" _make_boot_on_iso "${keys_isofs_dir}" } @@ -776,6 +777,7 @@ _get_crypto_params() { # Prepare syslinux for booting from MBR (isohybrid) _make_bootmode_bios.syslinux.mbr() { bootable_dir="${1}" + bootable="${2}" _msg_info "Setting up SYSLINUX for BIOS booting from a disk..." install -d -m 0755 -- "${bootable_dir}/syslinux" local archiso_uuid @@ -795,6 +797,7 @@ _make_bootmode_bios.syslinux.mbr() { install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/lpxelinux.0" "${bootable_dir}/syslinux/" install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/memdisk" "${bootable_dir}/syslinux/" + if [[ "${bootable}" == "" ]]; _run_once _make_boot_on_iso9660 _run_once _make_boot_on_keys -- GitLab From 7fb331e16add5834c954535aa0b7b5b4772c6a1d Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 15:59:59 +0000 Subject: [PATCH 217/347] fix unbound variable --- archiso/mkarchiso | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 718fd87e..fb1a6d16 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -797,9 +797,11 @@ _make_bootmode_bios.syslinux.mbr() { install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/lpxelinux.0" "${bootable_dir}/syslinux/" install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/memdisk" "${bootable_dir}/syslinux/" - if [[ "${bootable}" == "" ]]; - _run_once _make_boot_on_iso9660 - _run_once _make_boot_on_keys + if [[ "${bootable}" == "iso" ]]; then + _run_once _make_boot_on_iso9660 + elif [[ "${bootable}" == "keys" ]]; then + _run_once _make_boot_on_keys + fi if [[ -e "${bootable_dir}/syslinux/hdt.c32" ]]; then install -d -m 0755 -- "${bootable_dir}/syslinux/hdt" @@ -823,11 +825,11 @@ _make_bootmode_bios.syslinux.mbr() { } _make_bootmode_bios.syslinux.mbr_iso() { - _make_bootmode_bios.syslinux.mbr "${isofs_dir}" + _make_bootmode_bios.syslinux.mbr "${isofs_dir}" "iso" } _make_bootmode_bios.syslinux.mbr_keys() { - _make_bootmode_bios.syslinux.mbr "${keys_isofs_dir}" + _make_bootmode_bios.syslinux.mbr "${keys_isofs_dir}" "keys" } # Prepare syslinux for El-Torito booting -- GitLab From b84449c0ddc589f03cc945a2d012bd774e05ade7 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 16:24:34 +0000 Subject: [PATCH 218/347] debug --- archiso/mkarchiso | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index fb1a6d16..a0a49abe 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -2007,6 +2007,8 @@ _build_keys_image() { rm -f -- "${out_dir}/${image_name}" _msg_info "Creating ISO image..." + _msg_info "xorrisofs options: ${keys_xorriso_options[*]}" + _msg_info "xorrisofs options: ${keys_xorrisofs_options[*]}" xorriso "${keys_xorriso_options[@]}" -as mkisofs \ -iso-level 3 \ -full-iso9660-filenames \ @@ -2045,6 +2047,8 @@ _build_iso_image() { rm -f -- "${out_dir}/${image_name}" _msg_info "Creating ISO image..." + _msg_info "xorrisofs options: ${xorriso_options[*]}" + _msg_info "xorrisofs options: ${xorrisofs_options[*]}" xorriso "${xorriso_options[@]}" -as mkisofs \ -iso-level 3 \ -full-iso9660-filenames \ -- GitLab From 2af3c01247f55d21140a99e1f02ff621b1c42345 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 16:29:27 +0000 Subject: [PATCH 219/347] debug --- archiso/mkarchiso | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index a0a49abe..87da5030 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1731,11 +1731,11 @@ _add_xorrisofs_options_bios.syslinux.mbr() { } _add_xorrisofs_options_bios.syslinux.mbr_iso() { - xorrisofs_options+=("$(_add_xorrisofs_options_bios.syslinux.mbr "${isofs_dir}" "${xorrisofs_options[@]}")") + xorrisofs_options=("$(_add_xorrisofs_options_bios.syslinux.mbr "${isofs_dir}" "${xorrisofs_options[@]}")") } _add_xorrisofs_options_bios.syslinux.mbr_keys() { - keys_xorrisofs_options+=("$(_add_xorrisofs_options_bios.syslinux.mbr "${keys_isofs_dir}" "${keys_xorrisofs_options[@]}")") + keys_xorrisofs_options=("$(_add_xorrisofs_options_bios.syslinux.mbr "${keys_isofs_dir}" "${keys_xorrisofs_options[@]}")") } # GRUB in an attached EFI system partition @@ -1751,11 +1751,11 @@ _add_xorrisofs_options_uefi-ia32.grub.esp() { } _add_xorrisofs_options_uefi-ia32.grub.esp_iso() { - xorrisofs_options+=("$(_add_xorrisofs_options_uefi-x64.grub.esp "${xorrisofs_options[@]}")") + xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.grub.esp "${xorrisofs_options[@]}")") } _add_xorrisofs_options_uefi-x64.grub.esp_keys() { - keys_xorrisofs_options+=("$(_add_xorrisofs_options_uefi-x64.grub.esp "${keys_xorrisofs_options[@]}")") + keys_xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.grub.esp "${keys_xorrisofs_options[@]}")") } # GRUB via El Torito @@ -1769,11 +1769,11 @@ _add_xorrisofs_options_uefi-ia32.grub.eltorito() { } _add_xorrisofs_options_uefi-ia32.grub.eltorito_iso() { - xorrisofs_options+=("$(_add_xorrisofs_options_uefi-ia32.grub.eltorito "${xorrisofs_options[@]}")") + xorrisofs_options=("$(_add_xorrisofs_options_uefi-ia32.grub.eltorito "${xorrisofs_options[@]}")") } _add_xorrisofs_options_uefi-ia32.grub.eltorito_keys() { - keys_xorrisofs_options+=("$(_add_xorrisofs_options_uefi-ia32.grub.eltorito "${keys_xorrisofs_options[@]}")") + keys_xorrisofs_options=("$(_add_xorrisofs_options_uefi-ia32.grub.eltorito "${keys_xorrisofs_options[@]}")") } # systemd-boot in an attached EFI system partition @@ -1811,11 +1811,11 @@ _add_xorrisofs_options_uefi-x64.systemd-boot.esp() { } _add_xorrisofs_options_uefi-x64.systemd-boot.esp_iso() { - xorrisofs_options+=("$(_add_xorrisofs_options_uefi-x64.systemd-boot.esp "${xorrisofs_options[@]}")") + xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.systemd-boot.esp "${xorrisofs_options[@]}")") } _add_xorrisofs_options_uefi-x64.systemd-boot.esp_keys() { - keys_xorrisofs_options+=("$(_add_xorrisofs_options_uefi-x64.systemd-boot.esp "${keys_xorrisofs_options[@]}")") + keys_xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.systemd-boot.esp "${keys_xorrisofs_options[@]}")") } # systemd-boot via El Torito @@ -1865,11 +1865,11 @@ _add_xorrisofs_options_uefi-x64.systemd-boot.eltorito() { } _add_xorrisofs_options_uefi-x64.systemd-boot.eltorito_iso() { - xorrisofs_options+=("$(_add_xorrisofs_options_uefi-x64.systemd-boot.eltorito "${isofs_dir}" "${xorrisofs_options[@]}")") + xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.systemd-boot.eltorito "${isofs_dir}" "${xorrisofs_options[@]}")") } _add_xorrisofs_options_uefi-x64.systemd-boot.eltorito_keys() { - keys_xorrisofs_options+=("$(_add_xorrisofs_options_uefi-x64.systemd-boot.eltorito "${keys_isofs_dir}" "${keys_xorrisofs_options[@]}")") + keys_xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.systemd-boot.eltorito "${keys_isofs_dir}" "${keys_xorrisofs_options[@]}")") } # GRUB in an attached EFI system partition. @@ -1906,11 +1906,11 @@ _add_xorrisofs_options_uefi-x64.grub.esp() { } _add_xorrisofs_options_uefi-x64.grub.esp_iso() { - xorrisofs_options+=("$(_add_xorrisofs_options_uefi-x64.grub.esp "${xorrisofs_options[@]}")") + xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.grub.esp "${xorrisofs_options[@]}")") } _add_xorrisofs_options_uefi-x64.grub.esp_keys() { - keys_xorrisofs_options+=("$(_add_xorrisofs_options_uefi-x64.grub.esp "${keys_xorrisofs_options[@]}")") + keys_xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.grub.esp "${keys_xorrisofs_options[@]}")") } # GRUB via El Torito @@ -1961,11 +1961,11 @@ _add_xorrisofs_options_uefi-x64.grub.eltorito() { } _add_xorrisofs_options_uefi-x64.grub.eltorito_iso() { - xorrisofs_options+=("$(_add_xorrisofs_options_uefi-x64.grub.eltorito "${isofs_dir}" "${xorrisofs_options[@]}")") + xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.grub.eltorito "${isofs_dir}" "${xorrisofs_options[@]}")") } _add_xorrisofs_options_uefi-x64.grub.eltorito_keys() { - keys_xorrisofs_options+=("$(_add_xorrisofs_options_uefi-x64.systemd-boot.eltorito "${keys_isofs_dir}" "${keys_xorrisofs_options[@]}")") + keys_xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.systemd-boot.eltorito "${keys_isofs_dir}" "${keys_xorrisofs_options[@]}")") } # Build bootstrap image -- GitLab From d4e065042b25f65a6ed741fd150ef71af9b882f2 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 16:38:55 +0000 Subject: [PATCH 220/347] debug --- archiso/mkarchiso | 2 ++ 1 file changed, 2 insertions(+) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 87da5030..ac087d7b 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1986,6 +1986,7 @@ _build_bootstrap_image() { _build_keys_image() { local keys_xorriso_options=() keys_xorrisofs_options=() + local keys_isofs_dir="${work_dir}/keys_iso" local bootmode # Add required xorrisofs options for each boot mode @@ -2029,6 +2030,7 @@ _build_keys_image() { # Build ISO _build_iso_image() { local xorriso_options=() xorrisofs_options=() + local isofs_dir="${work_dir}/iso" local bootmode [[ -d "${out_dir}" ]] || install -d -- "${out_dir}" -- GitLab From f8f1b706cc59b54acbc47e306d22157d745f4931 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 16:47:26 +0000 Subject: [PATCH 221/347] debug --- archiso/mkarchiso | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index ac087d7b..28fab7bc 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1883,7 +1883,7 @@ _add_xorrisofs_options_uefi-x64.grub.esp() { # Attach efiboot.img as a second partition and set its partition type to "EFI system partition" _xorrisofs_options+=('-append_partition' '2' 'C12A7328-F81F-11D2-BA4B-00A0C93EC93B' "${work_dir}/efiboot.img") if [ "${persistent_size_kib}" != "" ]; then - _add_xorrisofs_options_persistent_partition "${_xorrisofs_options[@]}" + _xorrisofs_options=("$(_add_xorrisofs_options_persistent_partition "${_xorrisofs_options[@]}")") fi # Ensure GPT is used as some systems do not support UEFI booting without it # shellcheck disable=SC2076 @@ -1896,13 +1896,14 @@ _add_xorrisofs_options_uefi-x64.grub.esp() { # EFI system partition type ID/GUID in both MBR and GPT. If '-isohybrid-gpt-basdat' is specified after '-e', # the appended EFI system partition will have the Microsoft basic data type GUID in GPT. if [[ ! " ${xorrisofs_options[*]} " =~ ' -isohybrid-gpt-basdat ' ]]; then - xorrisofs_options+=('-isohybrid-gpt-basdat') + _xorrisofs_options+=('-isohybrid-gpt-basdat') fi fi else # Use valid GPT if BIOS booting support will not be required - xorrisofs_options+=('-appended_part_as_gpt') + _xorrisofs_options+=('-appended_part_as_gpt') fi + echo "${_xorrisofs_options[@]}" } _add_xorrisofs_options_uefi-x64.grub.esp_iso() { @@ -2044,7 +2045,7 @@ _build_iso_image() { # Add required xorrisofs options for each boot mode for bootmode in "${bootmodes[@]}"; do - typeset -f "_add_xorrisofs_options_${bootmode}_iso" &> /dev/null && "_add_xorrisofs_options_${bootmode}_iso" + "_add_xorrisofs_options_${bootmode}_iso" #typeset -f "_add_xorrisofs_options_${bootmode}_iso" &> /dev/null && "_add_xorrisofs_options_${bootmode}_iso" done rm -f -- "${out_dir}/${image_name}" -- GitLab From dda03823fa164d4908cb7d4d392576f3c79761be Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 16:52:30 +0000 Subject: [PATCH 222/347] debug --- archiso/mkarchiso | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 28fab7bc..e2504a60 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1992,7 +1992,8 @@ _build_keys_image() { # Add required xorrisofs options for each boot mode for bootmode in "${bootmodes[@]}"; do - typeset -f "_add_xorrisofs_options_${bootmode}_keys" &> /dev/null && "_add_xorrisofs_options_${bootmode}_keys" + xorriso_options=("$("_add_xorrisofs_options_${bootmode}_keys" "${keys_xorriso_options[@]}")") + # typeset -f "_add_xorrisofs_options_${bootmode}_keys" &> /dev/null && "_add_xorrisofs_options_${bootmode}_keys" done [[ -d "${out_dir}" ]] || install -d -- "${out_dir}" @@ -2045,7 +2046,8 @@ _build_iso_image() { # Add required xorrisofs options for each boot mode for bootmode in "${bootmodes[@]}"; do - "_add_xorrisofs_options_${bootmode}_iso" #typeset -f "_add_xorrisofs_options_${bootmode}_iso" &> /dev/null && "_add_xorrisofs_options_${bootmode}_iso" + xorriso_options=("$("_add_xorrisofs_options_${bootmode}_iso" "${xorriso_options[@]}")") + # typeset -f "_add_xorrisofs_options_${bootmode}_iso" &> /dev/null && "_add_xorrisofs_options_${bootmode}_iso" done rm -f -- "${out_dir}/${image_name}" -- GitLab From db0151bbfa3528d2578ca7ada6d3451d40ba4622 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 16:58:15 +0000 Subject: [PATCH 223/347] debug --- archiso/mkarchiso | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index e2504a60..c4ec9276 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -39,6 +39,7 @@ airootfs_image_type="" airootfs_image_tool_options=() keys_image_type="" keys_image_tool_options=() +keys_isofs_dir="" cert_list=() sign_netboot_artifacts="" declare -A file_permissions=() @@ -726,7 +727,7 @@ _make_boot_on_iso9660() { # Copy kernel and initramfs to keys ISO 9660 _make_boot_on_keys() { - local keys_isofs_dir="${work_dir}/keys_iso" + # local keys_isofs_dir="${work_dir}/keys_iso" _make_boot_on_iso "${keys_isofs_dir}" } @@ -1987,7 +1988,7 @@ _build_bootstrap_image() { _build_keys_image() { local keys_xorriso_options=() keys_xorrisofs_options=() - local keys_isofs_dir="${work_dir}/keys_iso" + # local keys_isofs_dir="${work_dir}/keys_iso" local bootmode # Add required xorrisofs options for each boot mode @@ -2206,6 +2207,7 @@ _set_overrides() { [[ -n "$keys_image_type" ]] || keys_image_type="squashfs+luks" [[ -n "$persistent_image_type" ]] || persistent_image_type="ext4+luks" [[ -n "$iso_name" ]] || iso_name="${app_name}" + [[ -n "$keys_isofs_dir"]] || keys_isofs_dir="${work_dir}/keys_iso" [[ -n "$efibootimg" ]] || efibootimg="${work_dir}/efiboot.img" [[ -n "$persistentimg" ]] || persistentimg="${work_dir}/persistent."$(_get_fs_ext "persistent") } @@ -2272,7 +2274,7 @@ _build_keys_base() { local run_once_mode="base" # Set up essential directory paths - keys_isofs_dir="${work_dir}/keys_iso" + # keys_isofs_dir="${work_dir}/keys_iso" keys_dir="${work_dir}/keys" [[ -d "${keys_dir}" ]] || install -d -- "${keys_dir}" -- GitLab From a84eb4d8e9e8014a7b78c964e337a0d88e170432 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 16:59:51 +0000 Subject: [PATCH 224/347] debug --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index c4ec9276..daeacc90 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -2207,7 +2207,7 @@ _set_overrides() { [[ -n "$keys_image_type" ]] || keys_image_type="squashfs+luks" [[ -n "$persistent_image_type" ]] || persistent_image_type="ext4+luks" [[ -n "$iso_name" ]] || iso_name="${app_name}" - [[ -n "$keys_isofs_dir"]] || keys_isofs_dir="${work_dir}/keys_iso" + [[ -n "$keys_isofs_dir" ]] || keys_isofs_dir="${work_dir}/keys_iso" [[ -n "$efibootimg" ]] || efibootimg="${work_dir}/efiboot.img" [[ -n "$persistentimg" ]] || persistentimg="${work_dir}/persistent."$(_get_fs_ext "persistent") } -- GitLab From 14fcc2c25fe84e0c3859841c01bdb5c5cdce4309 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 17:05:01 +0000 Subject: [PATCH 225/347] debug --- archiso/mkarchiso | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index daeacc90..fb83a51d 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -2208,6 +2208,7 @@ _set_overrides() { [[ -n "$persistent_image_type" ]] || persistent_image_type="ext4+luks" [[ -n "$iso_name" ]] || iso_name="${app_name}" [[ -n "$keys_isofs_dir" ]] || keys_isofs_dir="${work_dir}/keys_iso" + [[ -n "$isofs_dir" ]] || keys_isofs_dir="${work_dir}/iso" [[ -n "$efibootimg" ]] || efibootimg="${work_dir}/efiboot.img" [[ -n "$persistentimg" ]] || persistentimg="${work_dir}/persistent."$(_get_fs_ext "persistent") } @@ -2275,7 +2276,7 @@ _build_keys_base() { # Set up essential directory paths # keys_isofs_dir="${work_dir}/keys_iso" - keys_dir="${work_dir}/keys" + # keys_dir="${work_dir}/keys" [[ -d "${keys_dir}" ]] || install -d -- "${keys_dir}" [[ -d "${keys_isofs_dir}" ]] || install -d -- "${keys_isofs_dir}" -- GitLab From 546d69af0109bb9ef923a4530a14aabb8f982866 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 17:07:08 +0000 Subject: [PATCH 226/347] debug --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index fb83a51d..f4d63fdc 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -2207,8 +2207,8 @@ _set_overrides() { [[ -n "$keys_image_type" ]] || keys_image_type="squashfs+luks" [[ -n "$persistent_image_type" ]] || persistent_image_type="ext4+luks" [[ -n "$iso_name" ]] || iso_name="${app_name}" + [[ -n "$isofs_dir" ]] || isofs_dir="${work_dir}/iso" [[ -n "$keys_isofs_dir" ]] || keys_isofs_dir="${work_dir}/keys_iso" - [[ -n "$isofs_dir" ]] || keys_isofs_dir="${work_dir}/iso" [[ -n "$efibootimg" ]] || efibootimg="${work_dir}/efiboot.img" [[ -n "$persistentimg" ]] || persistentimg="${work_dir}/persistent."$(_get_fs_ext "persistent") } -- GitLab From 0870790b800357b4cfe37084a3473a81fe61b460 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 17:09:40 +0000 Subject: [PATCH 227/347] debug --- archiso/mkarchiso | 1 + 1 file changed, 1 insertion(+) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index f4d63fdc..ba01adfb 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -26,6 +26,7 @@ iso_label="" iso_publisher="" iso_application="" iso_version="" +isofs_dir="" install_dir="" arch="" pacman_conf="" -- GitLab From 0752f3869706ac1b89f9161da923542955de2873 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 17:18:04 +0000 Subject: [PATCH 228/347] debug --- archiso/mkarchiso | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index ba01adfb..df187cac 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -2209,6 +2209,7 @@ _set_overrides() { [[ -n "$persistent_image_type" ]] || persistent_image_type="ext4+luks" [[ -n "$iso_name" ]] || iso_name="${app_name}" [[ -n "$isofs_dir" ]] || isofs_dir="${work_dir}/iso" + [[ -n "$airootfs_img_dir" ]] airootfs_img_dir="${isofs_dir}/${install_dir}/${arch}" [[ -n "$keys_isofs_dir" ]] || keys_isofs_dir="${work_dir}/keys_iso" [[ -n "$efibootimg" ]] || efibootimg="${work_dir}/efiboot.img" [[ -n "$persistentimg" ]] || persistentimg="${work_dir}/persistent."$(_get_fs_ext "persistent") @@ -2298,9 +2299,9 @@ _build_iso_base() { local buildmode_pkg_list=("${pkg_list[@]}") # Set up essential directory paths pacstrap_dir="${work_dir}/${arch}/airootfs" - isofs_dir="${work_dir}/iso" - keys_dir="${work_dir}/keys" - airootfs_img_dir="${isofs_dir}/${install_dir}/${arch}" + # isofs_dir="${work_dir}/iso" + # keys_dir="${work_dir}/keys" + # airootfs_img_dir="${isofs_dir}/${install_dir}/${arch}" persistent_dir="${work_dir}/persistent" # Create working directory -- GitLab From 1432399e1e4d9d328f8f6b52f897eb18c4feb5b7 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 17:18:33 +0000 Subject: [PATCH 229/347] debug --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index df187cac..7ae199d1 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -2209,7 +2209,7 @@ _set_overrides() { [[ -n "$persistent_image_type" ]] || persistent_image_type="ext4+luks" [[ -n "$iso_name" ]] || iso_name="${app_name}" [[ -n "$isofs_dir" ]] || isofs_dir="${work_dir}/iso" - [[ -n "$airootfs_img_dir" ]] airootfs_img_dir="${isofs_dir}/${install_dir}/${arch}" + [[ -n "$airootfs_img_dir" ]] || airootfs_img_dir="${isofs_dir}/${install_dir}/${arch}" [[ -n "$keys_isofs_dir" ]] || keys_isofs_dir="${work_dir}/keys_iso" [[ -n "$efibootimg" ]] || efibootimg="${work_dir}/efiboot.img" [[ -n "$persistentimg" ]] || persistentimg="${work_dir}/persistent."$(_get_fs_ext "persistent") -- GitLab From b4f40870d52c444f5b812af4e5fa3c3e1d2d60ce Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 17:19:50 +0000 Subject: [PATCH 230/347] debug --- archiso/mkarchiso | 1 + 1 file changed, 1 insertion(+) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 7ae199d1..e1d03a6e 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -38,6 +38,7 @@ buildmodes=() bootmodes=() airootfs_image_type="" airootfs_image_tool_options=() +airootfs_img_dir="" keys_image_type="" keys_image_tool_options=() keys_isofs_dir="" -- GitLab From 002f395005ba54e9e6ddff4afd4c2092ddda7529 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 17:23:54 +0000 Subject: [PATCH 231/347] debug --- archiso/mkarchiso | 1046 ++++++++++++++++++++++----------------------- 1 file changed, 523 insertions(+), 523 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index e1d03a6e..40e9abbd 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -119,8 +119,8 @@ usage: ${app_name} [options] profile_dir: Directory of the archiso profile to build ENDUSAGETEXT - printf '%s' "${usagetext}" - exit "${1}" +printf '%s' "${usagetext}" +exit "${1}" } # Shows configuration options. @@ -196,25 +196,25 @@ _run_mkluks() { _uuid="$(uuidgen --sha1 --namespace 93a870ff-8565-4cf3-a67b-f47299271a96 --name "${_epoch}")" if [[ "${_encryption_key}" != "" ]]; then - _key_opts=("--key-file=${_encryption_key}") - _cryptsetup_opts+=("${_key_opts[@]}") + _key_opts=("--key-file=${_encryption_key}") + _cryptsetup_opts+=("${_key_opts[@]}") _key_msg="with key $(basename "${_encryption_key}")" fi _activation_opts+=("${_cryptsetup_opts[@]}") _format_opts+=("${_cryptsetup_opts[@]}" \ - '--integrity' 'hmac-sha512' \ - '--sector-size' '4096' \ - '--key-size' '512' \ - '--pbkdf-memory' 256) + '--integrity' 'hmac-sha512' \ + '--sector-size' '4096' \ + '--key-size' '512' \ + '--pbkdf-memory' 256) if [ "${_read_only}" = "true" ]; then _msg_info "Integrity journal disabled" - _activation_opts+=('--persistent' \ - '--integrity-no-journal' \ - '--key-size' '512') + _activation_opts+=('--persistent' \ + '--integrity-no-journal' \ + '--key-size' '512') fi - + _msg_info "Creating LUKS image $(basename "${_image_path}") with cryptsetup (${_size}KB) ${_key_msg}" fallocate -l "${_size}K" "${_image_path}" while ! eval "cryptsetup -q -y luksFormat ${_format_opts[*]} ${_image_path}"; do @@ -226,18 +226,18 @@ _run_mkluks() { _close_luks_device "${image_device}" done - _msg_info "Setting UUID ${_uuid}" + _msg_info "Setting UUID ${_uuid}" while ! eval "cryptsetup -q -y luksUUID --uuid ${_uuid} ${_image_path}"; do _close_luks_device "${image_device}" done - + _close_luks_device "${image_device}" _msg_info "Opening device on mapper ${_mapper}" while ! eval "cryptsetup ${_activation_opts[*]} open ${_image_path} ${_mapper}"; do _close_luks_device "${image_device}" done - + _msg_info "Done!" } @@ -284,21 +284,21 @@ _run_mkext4() { ext4_hash_seed="$(uuidgen --sha1 --namespace 93a870ff-8565-4cf3-a67b-f47299271a96 \ --name "${_time} ext4 hash seed")" - mkfs_ext4_options=( - '-d' "${_dir}" - '-O' '^has_journal,^resize_inode' - '-E' "lazy_itable_init=0,root_owner=0:0,hash_seed=${ext4_hash_seed}" - '-m' '0' - '-F' - '-U' 'clear' - ) - [[ "${_label}" != "" ]] && mkfs_ext4_options+=('-L' "${_label}") - [[ ! "${quiet}" == "y" ]] || mkfs_ext4_options+=('-q') - rm -f -- "${_image_path}" - E2FSPROGS_FAKE_TIME="${_time}" mkfs.ext4 "${mkfs_ext4_options[@]}" -- "${_image_path}" "${_size}K" - tune2fs -c 0 -i 0 -- "${_image_path}" > /dev/null - _msg_info "Done!" -} + mkfs_ext4_options=( + '-d' "${_dir}" + '-O' '^has_journal,^resize_inode' + '-E' "lazy_itable_init=0,root_owner=0:0,hash_seed=${ext4_hash_seed}" + '-m' '0' + '-F' + '-U' 'clear' + ) + [[ "${_label}" != "" ]] && mkfs_ext4_options+=('-L' "${_label}") + [[ ! "${quiet}" == "y" ]] || mkfs_ext4_options+=('-q') + rm -f -- "${_image_path}" + E2FSPROGS_FAKE_TIME="${_time}" mkfs.ext4 "${mkfs_ext4_options[@]}" -- "${_image_path}" "${_size}K" + tune2fs -c 0 -i 0 -- "${_image_path}" > /dev/null + _msg_info "Done!" + } # Create an EROFS image given a directory. @@ -343,20 +343,20 @@ _mkairootfs_common() { # Create an ext4 image containing the root file system and pack it inside a squashfs image. # Save the squashfs image on the ISO 9660 file system. _mkairootfs_ext4+squashfs() { - _mkairootfs_common - _run_mkext4 "${pacstrap_dir}" "$(_get_internal_size "${airootfs_size}")" "${SOURCE_DATE_EPOCH}" "airootfs" - _run_mksquashfs "${pacstrap_dir}.img" "${image_path}" - _msg_info "Done!" - rm -- "${pacstrap_dir}.img" +_mkairootfs_common +_run_mkext4 "${pacstrap_dir}" "$(_get_internal_size "${airootfs_size}")" "${SOURCE_DATE_EPOCH}" "airootfs" +_run_mksquashfs "${pacstrap_dir}.img" "${image_path}" +_msg_info "Done!" +rm -- "${pacstrap_dir}.img" } # Create an ext4 image containing the root file system and pack it inside a squashfs image. # Pack the squash image inside the LUKS image and save it on the ISO 9660 file system. _mkairootfs_ext4+squashfs+luks() { - _mkairootfs_common - _mkluks_common - _run_mkluks "${image_path}" "${airootfs_size}" \ - "${iso_label}" "${encryption_key}" "true" "${luks_uuid}" +_mkairootfs_common +_mkluks_common +_run_mkluks "${image_path}" "${airootfs_size}" \ + "${iso_label}" "${encryption_key}" "true" "${luks_uuid}" _run_mkext4 "${pacstrap_dir}" "$(_get_internal_size "${airootfs_size}")" "${SOURCE_DATE_EPOCH}" "airootfs" _run_mksquashfs "${pacstrap_dir}.img" "${image_device}" sync @@ -374,10 +374,10 @@ _mkairootfs_squashfs() { # Create a squashfs image containing the root file system and saves it on the LUKS image. # Saves the LUKS image on the ISO 9660 file system. _mkairootfs_squashfs+luks() { - _mkairootfs_common - _mkluks_common - _run_mkluks "${image_path}" "${airootfs_size}" \ - "${iso_label}" "${encryption_key}" "true" "${luks_uuid}" +_mkairootfs_common +_mkluks_common +_run_mkluks "${image_path}" "${airootfs_size}" \ + "${iso_label}" "${encryption_key}" "true" "${luks_uuid}" _run_mksquashfs "${pacstrap_dir}" "${image_device}" sync _close_luks_device "${image_device}" @@ -393,10 +393,10 @@ _mkairootfs_erofs() { # Create an EROFS image containing the root file system and saves it on the LUKS image. # Save the LUKS image on the ISO 9660 file system. _mkairootfs_erofs+luks() { - _mkairootfs_common - _mkluks_common - _run_mkluks "${image_path}" "${airootfs_size}" \ - "${iso_label}" "${encryption_key}" "true" "${luks_uuid}" +_mkairootfs_common +_mkluks_common +_run_mkluks "${image_path}" "${airootfs_size}" \ + "${iso_label}" "${encryption_key}" "true" "${luks_uuid}" _run_mkerofs "${image_device}" "${pacstrap_dir}" "${erofs_uuid}" sync _close_luks_device "${image_device}" @@ -415,19 +415,19 @@ _mkkeys_common() { # Create an ext4 image containing the keys file system and pack it inside a squashfs image. # Save the squashfs image on the ISO 9660 file system. _mkkeys_ext4+squashfs() { - _mkkeys_common - _run_mkext4 "${keys_dir}" "$(_get_internal_size "${keys_size}")" "${keys_epoch}" "keys" - _run_mksquashfs "${keys_dir}.img" "${image_path}" - _msg_info "Done!" - rm -- "${keys_dir}.img" +_mkkeys_common +_run_mkext4 "${keys_dir}" "$(_get_internal_size "${keys_size}")" "${keys_epoch}" "keys" +_run_mksquashfs "${keys_dir}.img" "${image_path}" +_msg_info "Done!" +rm -- "${keys_dir}.img" } # Create an ext4 image containing the keys file system and pack it inside a squashfs image. # Pack the squash image inside the LUKS image and save it on the ISO 9660 file system. _mkkeys_ext4+squashfs+luks() { - _mkkeys_common - _run_mkluks "${image_path}" "${keys_size}" \ - "${iso_label}_KEYS" "" "true" "${luks_uuid}" +_mkkeys_common +_run_mkluks "${image_path}" "${keys_size}" \ + "${iso_label}_KEYS" "" "true" "${luks_uuid}" _run_mkext4 "${keys_dir}" "$(_get_internal_size "${keys_size}")" "${keys_epoch}" "keys" _run_mksquashfs "${keys_dir}.img" "${image_device}" sync @@ -439,9 +439,9 @@ _mkkeys_ext4+squashfs+luks() { # Create a squashfs image containing the keys file system and saves it on the LUKS image. # Saves the LUKS image on the ISO 9660 file system. _mkkeys_squashfs+luks() { - _mkkeys_common - _run_mkluks "${image_path}" "${airootfs_size}" \ - "${iso_label}" "${encryption_key}" "true" "${luks_uuid}" +_mkkeys_common +_run_mkluks "${image_path}" "${airootfs_size}" \ + "${iso_label}" "${encryption_key}" "true" "${luks_uuid}" _run_mksquashfs "${keys_dir}" "${image_device}" sync _close_luks_device "${image_device}" @@ -463,9 +463,9 @@ _mkkeys_erofs() { # Create an EROFS image containing the keys file system and saves it on the LUKS image. # Save the LUKS image on the ISO 9660 file system. _mkkeys_erofs+luks() { - _mkkeys_common - _run_mkluks "${image_path}" "${keys_size}" \ - "${iso_label}_KEYS" "" "true" "${luks_uuid}" +_mkkeys_common +_run_mkluks "${image_path}" "${keys_size}" \ + "${iso_label}_KEYS" "" "true" "${luks_uuid}" _run_mkerofs "${image_device}" "${keys_dir}" "${erofs_uuid}" sync _close_luks_device "${image_device}" @@ -491,10 +491,10 @@ _mkpersistent_ext4() { # Create an ext4 fs inside a LUKS container to be used as the persistent ISO partition. _mkpersistent_ext4+luks() { - _mkpersistent_common - persistent_guid="CA7D7CCB-63ED-4C53-861C-1742536059CC" - _run_mkluks "${image_path}" "${persistent_size_kib}" \ - "${iso_label}_PERSISTENT" "${encryption_key}" "false" "${luks_uuid}" +_mkpersistent_common +persistent_guid="CA7D7CCB-63ED-4C53-861C-1742536059CC" +_run_mkluks "${image_path}" "${persistent_size_kib}" \ + "${iso_label}_PERSISTENT" "${encryption_key}" "false" "${luks_uuid}" _run_mkext4 "${persistent_dir}" "$(_get_internal_size "${persistent_size_kib}")" "${persistent_epoch}" "keys" dd if="${persistent_dir}.img" of="${image_device}" sync @@ -595,9 +595,9 @@ _make_pacman_conf() { # Only use the profile's CacheDir, if it is not the default and not the same as the system cache dir. if [[ "${_profile_cache_dirs}" != "/var/cache/pacman/pkg" ]] && \ [[ "${_system_cache_dirs}" != "${_profile_cache_dirs}" ]]; then - _cache_dirs="${_profile_cache_dirs}" - else - _cache_dirs="${_system_cache_dirs}" + _cache_dirs="${_profile_cache_dirs}" + else + _cache_dirs="${_system_cache_dirs}" fi _msg_info "Copying custom pacman.conf to work directory..." @@ -608,8 +608,8 @@ _make_pacman_conf() { # see `man 8 pacman` for further info pacman-conf --config "${pacman_conf}" | \ sed "/CacheDir/d;/DBPath/d;/HookDir/d;/LogFile/d;/RootDir/d;/\[options\]/a CacheDir = ${_cache_dirs} - /\[options\]/a HookDir = ${pacstrap_dir}/etc/pacman.d/hooks/" > "${work_dir}/${buildmode}.pacman.conf" -} + /\[options\]/a HookDir = ${pacstrap_dir}/etc/pacman.d/hooks/" > "${work_dir}/${buildmode}.pacman.conf" + } # Prepare working directory and copy custom root file system files. _make_custom_airootfs() { @@ -627,7 +627,7 @@ _make_custom_airootfs() { # Prevent file path traversal outside of $pacstrap_dir if [[ "$(realpath -q -- "${pacstrap_dir}${filename}")" != "${pacstrap_dir}"* ]]; then _msg_error "Failed to set permissions on '${pacstrap_dir}${filename}'. Outside of valid path." 1 - # Warn if the file does not exist + # Warn if the file does not exist elif [[ ! -e "${pacstrap_dir}${filename}" ]]; then _msg_warning "Cannot change permissions of '${pacstrap_dir}${filename}'. The file or directory does not exist." else @@ -767,31 +767,31 @@ _get_crypto_params() { TZ=UTC printf -v _archiso_uuid '%(%F-%H-%M-%S-00)T' "${SOURCE_DATE_EPOCH}" if [[ "${airootfs_image_type}" == *luks ]]; then _cparams=("root=/dev/mapper/root" - "cryptdevice=UUID=${_archiso_uuid},${_airootfs_path}:root:readonly") - if [ "${encryption_key}" != "" ]; then - _cparams+=("cryptkey=UUID=${_keys_uuid}:iso9660,${_keys_fs_type}:${_keys_path},airootfs.key") - fi - echo "${_cparams[@]}" - else - echo "" + "cryptdevice=UUID=${_archiso_uuid},${_airootfs_path}:root:readonly") + if [ "${encryption_key}" != "" ]; then + _cparams+=("cryptkey=UUID=${_keys_uuid}:iso9660,${_keys_fs_type}:${_keys_path},airootfs.key") + fi + echo "${_cparams[@]}" + else + echo "" fi } # Prepare syslinux for booting from MBR (isohybrid) _make_bootmode_bios.syslinux.mbr() { - bootable_dir="${1}" - bootable="${2}" - _msg_info "Setting up SYSLINUX for BIOS booting from a disk..." - install -d -m 0755 -- "${bootable_dir}/syslinux" - local archiso_uuid - TZ=UTC printf -v archiso_uuid '%(%F-%H-%M-%S-00)T' "${SOURCE_DATE_EPOCH}" - for _cfg in "${profile}/syslinux/"*.cfg; do - sed "s|%ARCHISO_LABEL%|${iso_label}|g; - s|%ARCHISO_UUID%|${archiso_uuid}|g; - s|%INSTALL_DIR%|${install_dir}|g; - s|%CRYPTO_PARAMS%|$(_get_crypto_params)|g; - s|%ARCH%|${arch}|g" \ - "${_cfg}" > "${bootable_dir}/syslinux/${_cfg##*/}" +bootable_dir="${1}" +bootable="${2}" +_msg_info "Setting up SYSLINUX for BIOS booting from a disk..." +install -d -m 0755 -- "${bootable_dir}/syslinux" +local archiso_uuid +TZ=UTC printf -v archiso_uuid '%(%F-%H-%M-%S-00)T' "${SOURCE_DATE_EPOCH}" +for _cfg in "${profile}/syslinux/"*.cfg; do + sed "s|%ARCHISO_LABEL%|${iso_label}|g; + s|%ARCHISO_UUID%|${archiso_uuid}|g; + s|%INSTALL_DIR%|${install_dir}|g; + s|%CRYPTO_PARAMS%|$(_get_crypto_params)|g; + s|%ARCH%|${arch}|g" \ + "${_cfg}" > "${bootable_dir}/syslinux/${_cfg##*/}" done if [[ -e "${profile}/syslinux/splash.png" ]]; then install -m 0644 -- "${profile}/syslinux/splash.png" "${bootable_dir}/syslinux/" @@ -828,32 +828,32 @@ _make_bootmode_bios.syslinux.mbr() { } _make_bootmode_bios.syslinux.mbr_iso() { - _make_bootmode_bios.syslinux.mbr "${isofs_dir}" "iso" +_make_bootmode_bios.syslinux.mbr "${isofs_dir}" "iso" } _make_bootmode_bios.syslinux.mbr_keys() { - _make_bootmode_bios.syslinux.mbr "${keys_isofs_dir}" "keys" +_make_bootmode_bios.syslinux.mbr "${keys_isofs_dir}" "keys" } # Prepare syslinux for El-Torito booting _make_bootmode_bios.syslinux.eltorito() { - local bootable_dir="${1}" - _msg_info "Setting up SYSLINUX for BIOS booting from an optical disc..." - install -d -m 0755 -- "${bootable_dir}/syslinux" - install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/isolinux.bin" "${bootable_dir}/syslinux/" - install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/isohdpfx.bin" "${bootable_dir}/syslinux/" +local bootable_dir="${1}" +_msg_info "Setting up SYSLINUX for BIOS booting from an optical disc..." +install -d -m 0755 -- "${bootable_dir}/syslinux" +install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/isolinux.bin" "${bootable_dir}/syslinux/" +install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/isohdpfx.bin" "${bootable_dir}/syslinux/" - _msg_info "Done! SYSLINUX set up for BIOS booting from an optical disc successfully." +_msg_info "Done! SYSLINUX set up for BIOS booting from an optical disc successfully." } _make_bootmode_bios.syslinux.eltorito_iso() { - _make_bootmode_bios.syslinux.eltorito "${isofs_dir}" - _run_once _make_bootmode_bios.syslinux.mbr_iso +_make_bootmode_bios.syslinux.eltorito "${isofs_dir}" +_run_once _make_bootmode_bios.syslinux.mbr_iso } _make_bootmode_bios.syslinux.eltorito_keys() { - _make_bootmode_bios.syslinux.eltorito "${keys_isofs_dir}" - _run_once _make_bootmode_bios.syslinux.mbr_keys +_make_bootmode_bios.syslinux.eltorito "${keys_isofs_dir}" +_run_once _make_bootmode_bios.syslinux.mbr_keys } # Copy kernel and initramfs to FAT image @@ -862,18 +862,18 @@ _make_boot_on_fat() { _msg_info "Preparing kernel and initramfs for the FAT file system..." mmd -i "${efibootimg}" \ "::/${install_dir}" "::/${install_dir}/boot" "::/${install_dir}/boot/${arch}" - mcopy -i "${efibootimg}" "${pacstrap_dir}/boot/vmlinuz-"* \ - "${pacstrap_dir}/boot/initramfs-"*".img" "::/${install_dir}/boot/${arch}/" - for ucode_image in "${ucodes[@]}"; do - if [[ -e "${pacstrap_dir}/boot/${ucode_image}" ]]; then - all_ucode_images+=("${pacstrap_dir}/boot/${ucode_image}") - fi - done - if (( ${#all_ucode_images[@]} )); then - mcopy -i "${efibootimg}" "${all_ucode_images[@]}" "::/${install_dir}/boot/" - fi - _msg_info "Done!" -} + mcopy -i "${efibootimg}" "${pacstrap_dir}/boot/vmlinuz-"* \ + "${pacstrap_dir}/boot/initramfs-"*".img" "::/${install_dir}/boot/${arch}/" + for ucode_image in "${ucodes[@]}"; do + if [[ -e "${pacstrap_dir}/boot/${ucode_image}" ]]; then + all_ucode_images+=("${pacstrap_dir}/boot/${ucode_image}") + fi + done + if (( ${#all_ucode_images[@]} )); then + mcopy -i "${efibootimg}" "${all_ucode_images[@]}" "::/${install_dir}/boot/" + fi + _msg_info "Done!" + } # Create a FAT image (efiboot.img) which will serve as the EFI system partition # $1: image size in bytes @@ -888,9 +888,9 @@ _make_efibootimg() { # Convert from bytes to KiB and round up to the next full MiB with an additional MiB for reserved sectors. imgsize_kib="$(awk 'function ceil(x){return int(x)+(x>int(x))} - function byte_to_kib(x){return x/1024} - function mib_to_kib(x){return x*1024} - END {print mib_to_kib(ceil((byte_to_kib($1)+1024)/1024))}' <<< "${imgsize_bytes}" + function byte_to_kib(x){return x/1024} + function mib_to_kib(x){return x*1024} + END {print mib_to_kib(ceil((byte_to_kib($1)+1024)/1024))}' <<< "${imgsize_bytes}" )" # The FAT image must be created with mkfs.fat not mformat, as some systems have issues with mformat made images: # https://lists.gnu.org/archive/html/grub-devel/2019-04/msg00099.html @@ -912,29 +912,29 @@ _make_efibootimg() { _make_efibootimg_grubcfg() { mcopy -i "${efibootimg}" \ "${work_dir}/grub.cfg" ::/EFI/BOOT/grub.cfg -} + } -_make_bootmode_uefi-ia32.grub.esp_iso() { + _make_bootmode_uefi-ia32.grub.esp_iso() { _make_bootmode_uefi-ia32.grub.esp "iso" } _make_bootmode_uefi-ia32.grub.esp_keys() { - _make_bootmode_uefi-ia32.grub.esp "keys" +_make_bootmode_uefi-ia32.grub.esp "keys" } _make_bootmode_uefi-ia32.grub.esp() { - local bootable="${1}" - local archiso_uuid - TZ=UTC printf -v archiso_uuid '%(%F-%H-%M-%S-00)T' "${SOURCE_DATE_EPOCH}" - # Fill Grub configuration files - sed "s|%ARCHISO_LABEL%|${iso_label}|g; - s|%ARCHISO_UUID%|${archiso_uuid}|g; - s|%INSTALL_DIR%|${install_dir}|g; - s|%CRYPTO_PARAMS%|$(_get_crypto_params)|g; - s|%ARCH%|${arch}|g" \ - "${profile}/grub/grub.cfg" > "${work_dir}/grub.cfg" +local bootable="${1}" +local archiso_uuid +TZ=UTC printf -v archiso_uuid '%(%F-%H-%M-%S-00)T' "${SOURCE_DATE_EPOCH}" +# Fill Grub configuration files +sed "s|%ARCHISO_LABEL%|${iso_label}|g; +s|%ARCHISO_UUID%|${archiso_uuid}|g; +s|%INSTALL_DIR%|${install_dir}|g; +s|%CRYPTO_PARAMS%|$(_get_crypto_params)|g; +s|%ARCH%|${arch}|g" \ + "${profile}/grub/grub.cfg" > "${work_dir}/grub.cfg" - IFS='' read -r -d '' grubembedcfg <<'EOF' || true +IFS='' read -r -d '' grubembedcfg <<'EOF' || true if ! [ -d "$cmdpath" ]; then # On some firmware, GRUB has a wrong cmdpath when booted from an optical disc. # https://gitlab.archlinux.org/archlinux/archiso/-/issues/183 @@ -944,30 +944,30 @@ if ! [ -d "$cmdpath" ]; then fi configfile "${cmdpath}/grub.cfg" EOF - printf '%s\n' "$grubembedcfg" > "${work_dir}/grub-embed.cfg" +printf '%s\n' "$grubembedcfg" > "${work_dir}/grub-embed.cfg" # Create EFI binary grub-mkstandalone -O i386-efi \ - --modules="part_gpt part_msdos fat iso9660" \ - --locales="en@quot" \ - --themes="" \ - --sbat=/usr/share/grub/sbat.csv \ - -o "${work_dir}/BOOTIA32.EFI" "boot/grub/grub.cfg=${work_dir}/grub-embed.cfg" - # Add GRUB to the list of files used to calculate the required FAT image size. - efiboot_files+=("${work_dir}/BOOTIA32.EFI" - "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi") - - if [[ " ${bootmodes[*]} " =~ uefi-x64.systemd-boot.esp ]]; then - # TODO: Remove this branch. - _run_once "_make_bootmode_uefi-x64.systemd-boot.esp_${bootable}" - elif [[ " ${bootmodes[*]} " =~ uefi-x64.grub.esp ]]; then - _run_once "_make_bootmode_uefi-x64.grub.esp_${bootable}" - else - efiboot_imgsize="$(du -bc "${efiboot_files[@]}" \ - 2>/dev/null | awk 'END { print $1 }')" - # Create a FAT image for the EFI system partition - _make_efibootimg "$efiboot_imgsize" - fi + --modules="part_gpt part_msdos fat iso9660" \ + --locales="en@quot" \ + --themes="" \ + --sbat=/usr/share/grub/sbat.csv \ + -o "${work_dir}/BOOTIA32.EFI" "boot/grub/grub.cfg=${work_dir}/grub-embed.cfg" + # Add GRUB to the list of files used to calculate the required FAT image size. + efiboot_files+=("${work_dir}/BOOTIA32.EFI" + "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi") + + if [[ " ${bootmodes[*]} " =~ uefi-x64.systemd-boot.esp ]]; then + # TODO: Remove this branch. + _run_once "_make_bootmode_uefi-x64.systemd-boot.esp_${bootable}" + elif [[ " ${bootmodes[*]} " =~ uefi-x64.grub.esp ]]; then + _run_once "_make_bootmode_uefi-x64.grub.esp_${bootable}" + else + efiboot_imgsize="$(du -bc "${efiboot_files[@]}" \ + 2>/dev/null | awk 'END { print $1 }')" + # Create a FAT image for the EFI system partition + _make_efibootimg "$efiboot_imgsize" + fi # Copy grub EFI binary to the default/fallback boot path mcopy -i "${efibootimg}" \ @@ -985,20 +985,20 @@ EOF } _make_bootmode_uefi-ia32.grub.eltorito_iso() { - _make_bootmode_uefi-ia32.grub.eltorito "${isofs_dir}" "iso" +_make_bootmode_uefi-ia32.grub.eltorito "${isofs_dir}" "iso" } _make_bootmode_uefi-ia32.grub.eltorito_keys() { - _make_bootmode_uefi-ia32.grub.eltorito "${keys_isofs_dir}" "keys" +_make_bootmode_uefi-ia32.grub.eltorito "${keys_isofs_dir}" "keys" } # Prepare GRUB for El Torito booting _make_bootmode_uefi-ia32.grub.eltorito() { - local bootable_dir="${1}" - local bootable="${2}" - # El Torito UEFI boot requires an image containing the EFI system partition. - # uefi-ia32.grub.eltorito has the same requirements as uefi-ia32.grub.esp - _run_once "_make_bootmode_uefi-ia32.grub.esp_${bootable}" +local bootable_dir="${1}" +local bootable="${2}" +# El Torito UEFI boot requires an image containing the EFI system partition. +# uefi-ia32.grub.eltorito has the same requirements as uefi-ia32.grub.esp +_run_once "_make_bootmode_uefi-ia32.grub.esp_${bootable}" # Additionally set up systemd-boot in ISO 9660. This allows creating a medium for the live environment by using # manual partitioning and simply copying the ISO 9660 file system contents. @@ -1016,30 +1016,30 @@ _make_bootmode_uefi-ia32.grub.eltorito() { # edk2-shell based UEFI shell if [[ -e "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi" ]]; then install -m 0644 -- "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi" \ - "${bootable_dir}/shellia32.efi" + "${bootable_dir}/shellia32.efi" fi _msg_info "Done!" } _make_bootmode_uefi-x64.grub.esp_iso() { - _make_bootmode_uefi-x64.grub.esp +_make_bootmode_uefi-x64.grub.esp } _make_bootmode_uefi-x64.grub.esp_keys() { - _make_bootmode_uefi-x64.grub.esp +_make_bootmode_uefi-x64.grub.esp } _make_bootmode_uefi-x64.grub.esp() { - # Fill Grub configuration files +# Fill Grub configuration files sed "s|%ARCHISO_LABEL%|${iso_label}|g; - s|%ARCHISO_UUID%|${archiso_uuid}|g; - s|%INSTALL_DIR%|${install_dir}|g; - s|%CRYPTO_PARAMS%|$(_get_crypto_params)|g; - s|%ARCH%|${arch}|g" \ - "${profile}/grub/grub.cfg" > "${work_dir}/grub.cfg" +s|%ARCHISO_UUID%|${archiso_uuid}|g; +s|%INSTALL_DIR%|${install_dir}|g; +s|%CRYPTO_PARAMS%|$(_get_crypto_params)|g; +s|%ARCH%|${arch}|g" \ + "${profile}/grub/grub.cfg" > "${work_dir}/grub.cfg" - IFS='' read -r -d '' grubembedcfg <<'EOF' || true +IFS='' read -r -d '' grubembedcfg <<'EOF' || true if ! [ -d "$cmdpath" ]; then # On some firmware, GRUB has a wrong cmdpath when booted from an optical disc. # https://gitlab.archlinux.org/archlinux/archiso/-/issues/183 @@ -1049,21 +1049,21 @@ if ! [ -d "$cmdpath" ]; then fi configfile "${cmdpath}/grub.cfg" EOF - printf '%s\n' "$grubembedcfg" > "${work_dir}/grub-embed.cfg" +printf '%s\n' "$grubembedcfg" > "${work_dir}/grub-embed.cfg" # Create EFI binary grub-mkstandalone -O x86_64-efi \ - --modules="part_gpt part_msdos fat iso9660" \ - --locales="en@quot" \ - --themes="" \ - --sbat=/usr/share/grub/sbat.csv \ - -o "${work_dir}/BOOTx64.EFI" "boot/grub/grub.cfg=${work_dir}/grub-embed.cfg" - # Add GRUB to the list of files used to calculate the required FAT image size. - efiboot_files+=("${work_dir}/BOOTx64.EFI" - "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi") - - efiboot_imgsize="$(du -bc "${efiboot_files[@]}" \ - 2>/dev/null | awk 'END { print $1 }')" + --modules="part_gpt part_msdos fat iso9660" \ + --locales="en@quot" \ + --themes="" \ + --sbat=/usr/share/grub/sbat.csv \ + -o "${work_dir}/BOOTx64.EFI" "boot/grub/grub.cfg=${work_dir}/grub-embed.cfg" + # Add GRUB to the list of files used to calculate the required FAT image size. + efiboot_files+=("${work_dir}/BOOTx64.EFI" + "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi") + + efiboot_imgsize="$(du -bc "${efiboot_files[@]}" \ + 2>/dev/null | awk 'END { print $1 }')" # Create a FAT image for the EFI system partition _make_efibootimg "$efiboot_imgsize" @@ -1083,20 +1083,20 @@ EOF } _make_bootmode_uefi-x64.grub.eltorito_iso() { - _make_bootmode_uefi-x64.grub.eltorito "${isofs_dir}" "iso" +_make_bootmode_uefi-x64.grub.eltorito "${isofs_dir}" "iso" } _make_bootmode_uefi-x64.grub.eltorito_keys() { - _make_bootmode_uefi-x64.grub.eltorito "${keys_isofs_dir}" "keys" +_make_bootmode_uefi-x64.grub.eltorito "${keys_isofs_dir}" "keys" } # Prepare GRUB for El Torito booting _make_bootmode_uefi-x64.grub.eltorito() { - local bootable_dir="${1}" - local bootable="${2}" - # El Torito UEFI boot requires an image containing the EFI system partition. - # uefi-x64.grub.eltorito has the same requirements as uefi-x64.grub.esp - _run_once "_make_bootmode_uefi-x64.grub.esp_${bootable}" +local bootable_dir="${1}" +local bootable="${2}" +# El Torito UEFI boot requires an image containing the EFI system partition. +# uefi-x64.grub.eltorito has the same requirements as uefi-x64.grub.esp +_run_once "_make_bootmode_uefi-x64.grub.esp_${bootable}" # Additionally set up systemd-boot in ISO 9660. This allows creating a medium for the live environment by using # manual partitioning and simply copying the ISO 9660 file system contents. @@ -1120,33 +1120,33 @@ _make_bootmode_uefi-x64.grub.eltorito() { } _make_bootmode_uefi-x64.systemd-boot.esp_iso() { - _make_bootmode_uefi-x64.systemd-boot.esp +_make_bootmode_uefi-x64.systemd-boot.esp } _make_bootmode_uefi-x64.systemd-boot.esp_keys() { - _make_bootmode_uefi-x64.systemd-boot.esp +_make_bootmode_uefi-x64.systemd-boot.esp } # Prepare systemd-boot for booting when written to a disk (isohybrid) _make_bootmode_uefi-x64.systemd-boot.esp() { - local _file efiboot_imgsize - local _available_ucodes=() - _msg_info "Setting up systemd-boot for UEFI booting..." +local _file efiboot_imgsize +local _available_ucodes=() +_msg_info "Setting up systemd-boot for UEFI booting..." - for _file in "${ucodes[@]}"; do - if [[ -e "${pacstrap_dir}/boot/${_file}" ]]; then - _available_ucodes+=("${pacstrap_dir}/boot/${_file}") - fi - done - # Calculate the required FAT image size in bytes - efiboot_files+=("${pacstrap_dir}/usr/lib/systemd/boot/efi/systemd-bootx64.efi" - "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" - "${profile}/efiboot/" - "${pacstrap_dir}/boot/vmlinuz-"* - "${pacstrap_dir}/boot/initramfs-"*".img" - "${_available_ucodes[@]}") - efiboot_imgsize="$(du -bc "${efiboot_files[@]}" \ - 2>/dev/null | awk 'END { print $1 }')" +for _file in "${ucodes[@]}"; do + if [[ -e "${pacstrap_dir}/boot/${_file}" ]]; then + _available_ucodes+=("${pacstrap_dir}/boot/${_file}") + fi +done +# Calculate the required FAT image size in bytes +efiboot_files+=("${pacstrap_dir}/usr/lib/systemd/boot/efi/systemd-bootx64.efi" +"${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" +"${profile}/efiboot/" +"${pacstrap_dir}/boot/vmlinuz-"* +"${pacstrap_dir}/boot/initramfs-"*".img" +"${_available_ucodes[@]}") +efiboot_imgsize="$(du -bc "${efiboot_files[@]}" \ + 2>/dev/null | awk 'END { print $1 }')" # Create a FAT image for the EFI system partition _make_efibootimg "$efiboot_imgsize" @@ -1161,12 +1161,12 @@ _make_bootmode_uefi-x64.systemd-boot.esp() { TZ=UTC printf -v archiso_uuid '%(%F-%H-%M-%S-00)T' "${SOURCE_DATE_EPOCH}" for _conf in "${profile}/efiboot/loader/entries/"*".conf"; do sed "s|%ARCHISO_LABEL%|${iso_label}|g; - s|%ARCHISO_UUID%|${archiso_uuid}|g; - s|%INSTALL_DIR%|${install_dir}|g; - s|%CRYPTO_PARAMS%|$(_get_crypto_params)|g; - s|%ARCH%|${arch}|g" \ + s|%ARCHISO_UUID%|${archiso_uuid}|g; + s|%INSTALL_DIR%|${install_dir}|g; + s|%CRYPTO_PARAMS%|$(_get_crypto_params)|g; + s|%ARCH%|${arch}|g" \ "${_conf}" | mcopy -i "${efibootimg}" - "::/loader/entries/${_conf##*/}" - done + done # shellx64.efi is picked up automatically when on / if [[ -e "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" ]]; then @@ -1183,11 +1183,11 @@ _make_bootmode_uefi-x64.systemd-boot.esp() { # Prepare systemd-boot for El Torito booting _make_bootmode_uefi-x64.systemd-boot.eltorito() { - local bootable_dir="${1}" - local bootable="${2}" - # El Torito UEFI boot requires an image containing the EFI system partition. - # uefi-x64.systemd-boot.eltorito has the same requirements as uefi-x64.systemd-boot.esp - _run_once "_make_bootmode_uefi-x64.systemd-boot.esp_${bootable}" +local bootable_dir="${1}" +local bootable="${2}" +# El Torito UEFI boot requires an image containing the EFI system partition. +# uefi-x64.systemd-boot.eltorito has the same requirements as uefi-x64.systemd-boot.esp +_run_once "_make_bootmode_uefi-x64.systemd-boot.esp_${bootable}" # Additionally set up systemd-boot in ISO 9660. This allows creating a medium for the live environment by using # manual partitioning and simply copying the ISO 9660 file system contents. @@ -1206,12 +1206,12 @@ _make_bootmode_uefi-x64.systemd-boot.eltorito() { TZ=UTC printf -v archiso_uuid '%(%F-%H-%M-%S-00)T' "${SOURCE_DATE_EPOCH}" for _conf in "${profile}/efiboot/loader/entries/"*".conf"; do sed "s|%ARCHISO_LABEL%|${iso_label}|g; - s|%ARCHISO_UUID%|${archiso_uuid}|g; - s|%INSTALL_DIR%|${install_dir}|g; - s|%CRYPTO_PARAMS%|$(_get_crypto_params)|g; - s|%ARCH%|${arch}|g" \ + s|%ARCHISO_UUID%|${archiso_uuid}|g; + s|%INSTALL_DIR%|${install_dir}|g; + s|%CRYPTO_PARAMS%|$(_get_crypto_params)|g; + s|%ARCH%|${arch}|g" \ "${_conf}" > "${bootable_dir}/loader/entries/${_conf##*/}" - done + done # edk2-shell based UEFI shell # shellx64.efi is picked up automatically when on / @@ -1224,21 +1224,21 @@ _make_bootmode_uefi-x64.systemd-boot.eltorito() { # Prepare systemd-boot for El Torito booting _make_bootmode_uefi-x64.systemd-boot.eltorito_iso() { - _make_bootmode_uefi-x64.systemd-boot.eltorito "${isofs_dir}" "iso" +_make_bootmode_uefi-x64.systemd-boot.eltorito "${isofs_dir}" "iso" } # Prepare systemd-boot for El Torito booting _make_bootmode_uefi-x64.systemd-boot.eltorito_keys() { - _make_bootmode_uefi-x64.systemd-boot.eltorito "${keys_isofs_dir}" "keys" +_make_bootmode_uefi-x64.systemd-boot.eltorito "${keys_isofs_dir}" "keys" } _validate_requirements_bootmode_bios.syslinux.mbr() { - # bios.syslinux.mbr requires bios.syslinux.eltorito - # shellcheck disable=SC2076 - if [[ ! " ${bootmodes[*]} " =~ ' bios.syslinux.eltorito ' ]]; then - (( validation_error=validation_error+1 )) - _msg_error "Using 'bios.syslinux.mbr' boot mode without 'bios.syslinux.eltorito' is not supported." 0 - fi +# bios.syslinux.mbr requires bios.syslinux.eltorito +# shellcheck disable=SC2076 +if [[ ! " ${bootmodes[*]} " =~ ' bios.syslinux.eltorito ' ]]; then + (( validation_error=validation_error+1 )) + _msg_error "Using 'bios.syslinux.mbr' boot mode without 'bios.syslinux.eltorito' is not supported." 0 +fi # Check if the syslinux package is in the package list # shellcheck disable=SC2076 @@ -1271,15 +1271,15 @@ _validate_requirements_bootmode_bios.syslinux.mbr() { } _validate_requirements_bootmode_bios.syslinux.eltorito() { - # bios.syslinux.eltorito has the exact same requirements as bios.syslinux.mbr - _validate_requirements_bootmode_bios.syslinux.mbr +# bios.syslinux.eltorito has the exact same requirements as bios.syslinux.mbr +_validate_requirements_bootmode_bios.syslinux.mbr } _validate_requirements_bootmode_uefi-x64.systemd-boot.esp() { - # shellcheck disable=SC2076 - if [[ " ${bootmodes[*]} " =~ ' uefi-x64.grub.esp ' ]]; then - _msg_error "Validating '${bootmode}': cannot be used with bootmode uefi-x64.grub.esp!" 0 - fi +# shellcheck disable=SC2076 +if [[ " ${bootmodes[*]} " =~ ' uefi-x64.grub.esp ' ]]; then + _msg_error "Validating '${bootmode}': cannot be used with bootmode uefi-x64.grub.esp!" 0 +fi # Check if mkfs.fat is available if ! command -v mkfs.fat &> /dev/null; then @@ -1321,21 +1321,21 @@ _validate_requirements_bootmode_uefi-x64.systemd-boot.esp() { } _validate_requirements_bootmode_uefi-x64.systemd-boot.eltorito() { - # shellcheck disable=SC2076 - if [[ " ${bootmodes[*]} " =~ ' uefi-x64.grub.eltorito ' ]]; then - _msg_error "Validating '${bootmode}': cannot be used with bootmode uefi-x64.grub.eltorito!" 0 - fi +# shellcheck disable=SC2076 +if [[ " ${bootmodes[*]} " =~ ' uefi-x64.grub.eltorito ' ]]; then + _msg_error "Validating '${bootmode}': cannot be used with bootmode uefi-x64.grub.eltorito!" 0 +fi # uefi-x64.systemd-boot.eltorito has the exact same requirements as uefi-x64.systemd-boot.esp _validate_requirements_bootmode_uefi-x64.systemd-boot.esp } _validate_requirements_bootmode_uefi-ia32.grub.esp() { - # Check if GRUB is available - if ! command -v grub-mkstandalone &> /dev/null; then - (( validation_error=validation_error+1 )) - _msg_error "Validating '${bootmode}': grub-install is not available on this host. Install 'grub'!" 0 - fi +# Check if GRUB is available +if ! command -v grub-mkstandalone &> /dev/null; then + (( validation_error=validation_error+1 )) + _msg_error "Validating '${bootmode}': grub-install is not available on this host. Install 'grub'!" 0 +fi # shellcheck disable=SC2076 if [[ " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.esp ' ]]; then @@ -1348,15 +1348,15 @@ _validate_requirements_bootmode_uefi-ia32.grub.esp() { } _validate_requirements_bootmode_uefi-ia32.grub.eltorito() { - # uefi-ia32.grub.eltorito has the exact same requirements as uefi-ia32.grub.esp - _validate_requirements_bootmode_uefi-ia32.grub.esp +# uefi-ia32.grub.eltorito has the exact same requirements as uefi-ia32.grub.esp +_validate_requirements_bootmode_uefi-ia32.grub.esp } _validate_requirements_bootmode_uefi-x64.grub.esp() { - # shellcheck disable=SC2076 - if [[ " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.esp ' ]]; then - _msg_error "Validating '${bootmode}': cannot be used with bootmode uefi-x64.systemd-boot.esp!" 0 - fi +# shellcheck disable=SC2076 +if [[ " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.esp ' ]]; then + _msg_error "Validating '${bootmode}': cannot be used with bootmode uefi-x64.systemd-boot.esp!" 0 +fi # Check if GRUB is available if ! command -v grub-mkstandalone &> /dev/null; then @@ -1365,10 +1365,10 @@ _validate_requirements_bootmode_uefi-x64.grub.esp() { fi # Check if mkfs.fat is available - if ! command -v mkfs.fat &> /dev/null; then - (( validation_error=validation_error+1 )) - _msg_error "Validating '${bootmode}': mkfs.fat is not available on this host. Install 'dosfstools'!" 0 - fi + if ! command -v mkfs.fat &> /dev/null; then + (( validation_error=validation_error+1 )) + _msg_error "Validating '${bootmode}': mkfs.fat is not available on this host. Install 'dosfstools'!" 0 + fi # Check if mmd and mcopy are available if ! { command -v mmd &> /dev/null && command -v mcopy &> /dev/null; }; then @@ -1403,12 +1403,12 @@ _validate_requirements_bootmode_uefi-x64.grub.esp() { } _validate_requirements_bootmode_uefi-x64.grub.eltorito() { - # shellcheck disable=SC2076 - if [[ " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.eltorito ' ]]; then - _msg_error "Validating '${bootmode}': cannot be used with bootmode uefi-x64.systemd-boot.eltorito!" 0 - fi - # uefi-x64.grub.eltorito has the exact same requirements as uefi-x64.grub.esp - _validate_requirements_bootmode_uefi-x64.grub.esp +# shellcheck disable=SC2076 +if [[ " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.eltorito ' ]]; then + _msg_error "Validating '${bootmode}': cannot be used with bootmode uefi-x64.systemd-boot.eltorito!" 0 +fi +# uefi-x64.grub.eltorito has the exact same requirements as uefi-x64.grub.esp +_validate_requirements_bootmode_uefi-x64.grub.esp } # Build airootfs filesystem image @@ -1481,25 +1481,25 @@ _sign_netboot_artifacts() { -inkey "${cert_list[1]}" \ -outform DER \ -out "${_file}".ipxe.sig - done - _msg_info "Done!" -} + done + _msg_info "Done!" + } -_validate_requirements_airootfs_image_type_squashfs() { - if ! command -v mksquashfs &> /dev/null; then - (( validation_error=validation_error+1 )) - _msg_error "Validating '${airootfs_image_type}': mksquashfs is not available on this host. Install 'squashfs-tools'!" 0 - fi -} + _validate_requirements_airootfs_image_type_squashfs() { + if ! command -v mksquashfs &> /dev/null; then + (( validation_error=validation_error+1 )) + _msg_error "Validating '${airootfs_image_type}': mksquashfs is not available on this host. Install 'squashfs-tools'!" 0 + fi + } -_validate_requirements_airootfs_image_type_ext4() { - if ! { command -v mkfs.ext4 &> /dev/null && command -v tune2fs &> /dev/null; }; then - (( validation_error=validation_error+1 )) - _msg_error "Validating '${airootfs_image_type}': mkfs.ext4 and/or tune2fs is not available on this host. Install 'e2fsprogs'!" 0 - fi -} + _validate_requirements_airootfs_image_type_ext4() { + if ! { command -v mkfs.ext4 &> /dev/null && command -v tune2fs &> /dev/null; }; then + (( validation_error=validation_error+1 )) + _msg_error "Validating '${airootfs_image_type}': mkfs.ext4 and/or tune2fs is not available on this host. Install 'e2fsprogs'!" 0 + fi + } -_validate_requirements_airootfs_image_type_ext4+squashfs() { + _validate_requirements_airootfs_image_type_ext4+squashfs() { _validate_requirements_airootfs_image_type_ext4 _validate_requirements_airootfs_image_type_squashfs } @@ -1513,19 +1513,19 @@ _resolve_encryption_key(){ dd if=/dev/random bs=512 count=1 of="${encryption_key}" elif [ "${encryption_key}" != 'auto' ]; then _msg_error "File '${encryption_key}' does not exist." 0 + fi fi - fi -} + } -_validate_requirements_airootfs_image_type_squashfs+luks() { + _validate_requirements_airootfs_image_type_squashfs+luks() { _validate_requirements_airootfs_image_type_luks _validate_requirements_airootfs_image_type_squashfs } _validate_requirements_airootfs_image_type_ext4+squashfs+luks() { - _validate_requirements_airootfs_image_type_luks - _validate_requirements_airootfs_image_type_squashfs - _validate_requirements_airootfs_image_type_ext4 +_validate_requirements_airootfs_image_type_luks +_validate_requirements_airootfs_image_type_squashfs +_validate_requirements_airootfs_image_type_ext4 } _validate_requirements_airootfs_image_type_erofs() { @@ -1544,8 +1544,8 @@ _validate_requirements_airootfs_image_type_luks() { } _validate_requirements_airootfs_image_type_erofs+luks() { - _validate_requirements_airootfs_image_type_luks - _validate_requirements_airootfs_image_type_erofs +_validate_requirements_airootfs_image_type_luks +_validate_requirements_airootfs_image_type_erofs } _validate_common_requirements_buildmode_all() { @@ -1570,14 +1570,14 @@ _validate_requirements_buildmode_bootstrap() { if [[ -e "${bootstrap_packages}" ]]; then mapfile -t bootstrap_pkg_list_from_file < \ <(sed '/^[[:blank:]]*#.*/d;s/#.*//;/^[[:blank:]]*$/d' "${bootstrap_packages}") - bootstrap_pkg_list+=("${bootstrap_pkg_list_from_file[@]}") - if (( ${#bootstrap_pkg_list_from_file[@]} < 1 )); then - (( validation_error=validation_error+1 )) - _msg_error "No package specified in '${bootstrap_packages}'." 0 - fi - else - (( validation_error=validation_error+1 )) - _msg_error "Bootstrap packages file '${bootstrap_packages}' does not exist." 0 + bootstrap_pkg_list+=("${bootstrap_pkg_list_from_file[@]}") + if (( ${#bootstrap_pkg_list_from_file[@]} < 1 )); then + (( validation_error=validation_error+1 )) + _msg_error "No package specified in '${bootstrap_packages}'." 0 + fi + else + (( validation_error=validation_error+1 )) + _msg_error "Bootstrap packages file '${bootstrap_packages}' does not exist." 0 fi _validate_common_requirements_buildmode_all @@ -1693,283 +1693,283 @@ _add_xorrisofs_options_persistent_partition() { # SYSLINUX El Torito _add_xorrisofs_options_bios.syslinux.eltorito() { - local _xorrisofs_options=("$@") - _xorrisofs_options+=( - # El Torito boot image for x86 BIOS - '-eltorito-boot' 'syslinux/isolinux.bin' - # El Torito boot catalog file - '-eltorito-catalog' 'syslinux/boot.cat' - # Required options to boot with ISOLINUX - '-no-emul-boot' '-boot-load-size' '4' '-boot-info-table' - ) - echo "${_xorrisofs_options[@]}" +local _xorrisofs_options=("$@") +_xorrisofs_options+=( +# El Torito boot image for x86 BIOS +'-eltorito-boot' 'syslinux/isolinux.bin' +# El Torito boot catalog file +'-eltorito-catalog' 'syslinux/boot.cat' +# Required options to boot with ISOLINUX +'-no-emul-boot' '-boot-load-size' '4' '-boot-info-table' +) +echo "${_xorrisofs_options[@]}" } _add_xorrisofs_options_bios.syslinux.eltorito_iso() { - xorrisofs_options+=("$(_add_xorrisofs_options_bios.syslinux.eltorito "${xorrisofs_options[@]}")") +xorrisofs_options+=("$(_add_xorrisofs_options_bios.syslinux.eltorito "${xorrisofs_options[@]}")") } _add_xorrisofs_options_uefi-bios.syslinux.eltorito_keys() { - keys_xorrisofs_options+=("$(_add_xorrisofs_options_bios.syslinux.eltorito "${keys_xorrisofs_options[@]}")") +keys_xorrisofs_options+=("$(_add_xorrisofs_options_bios.syslinux.eltorito "${keys_xorrisofs_options[@]}")") } # SYSLINUX MBR (isohybrid) _add_xorrisofs_options_bios.syslinux.mbr() { - local bootable_dir="${1}" - local _xorrisofs_options=("$@") - _xorrisofs_options+=( - # SYSLINUX MBR bootstrap code; does not work without "-eltorito-boot syslinux/isolinux.bin" - '-isohybrid-mbr' "${bootable_dir}/syslinux/isohdpfx.bin" - # When GPT is used, create an additional partition in the MBR (besides 0xEE) for sectors 0–1 (MBR - # bootstrap code area) and mark it as bootable - # May allow booting on some systems - # https://wiki.archlinux.org/title/Partitioning#Tricking_old_BIOS_into_booting_from_GPT - '--mbr-force-bootable' - # Move the first partition away from the start of the ISO to match the expectations of partition editors - # May allow booting on some systems - # https://dev.lovelyhq.com/libburnia/libisoburn/src/branch/master/doc/partition_offset.wiki - '-partition_offset' '16' - ) - echo "${_xorrisofs_options[@]}" +local bootable_dir="${1}" +local _xorrisofs_options=("$@") +_xorrisofs_options+=( +# SYSLINUX MBR bootstrap code; does not work without "-eltorito-boot syslinux/isolinux.bin" +'-isohybrid-mbr' "${bootable_dir}/syslinux/isohdpfx.bin" +# When GPT is used, create an additional partition in the MBR (besides 0xEE) for sectors 0–1 (MBR +# bootstrap code area) and mark it as bootable +# May allow booting on some systems +# https://wiki.archlinux.org/title/Partitioning#Tricking_old_BIOS_into_booting_from_GPT +'--mbr-force-bootable' +# Move the first partition away from the start of the ISO to match the expectations of partition editors +# May allow booting on some systems +# https://dev.lovelyhq.com/libburnia/libisoburn/src/branch/master/doc/partition_offset.wiki +'-partition_offset' '16' +) +echo "${_xorrisofs_options[@]}" } _add_xorrisofs_options_bios.syslinux.mbr_iso() { - xorrisofs_options=("$(_add_xorrisofs_options_bios.syslinux.mbr "${isofs_dir}" "${xorrisofs_options[@]}")") +xorrisofs_options=("$(_add_xorrisofs_options_bios.syslinux.mbr "${isofs_dir}" "${xorrisofs_options[@]}")") } _add_xorrisofs_options_bios.syslinux.mbr_keys() { - keys_xorrisofs_options=("$(_add_xorrisofs_options_bios.syslinux.mbr "${keys_isofs_dir}" "${keys_xorrisofs_options[@]}")") +keys_xorrisofs_options=("$(_add_xorrisofs_options_bios.syslinux.mbr "${keys_isofs_dir}" "${keys_xorrisofs_options[@]}")") } # GRUB in an attached EFI system partition _add_xorrisofs_options_uefi-ia32.grub.esp() { - local _xorrisofs_options=("$@") - # TODO: how does the bootmodes systemd-boot vs x64.grub affect ${bootmodes[*]} tests in _add_xorrisofs_options_uefi-x64.systemd-boot.esp etc? - # shellcheck disable=SC2076 - if [[ ! " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.esp ' && ! " ${bootmodes[*]} " =~ ' uefi-x64.grub.esp ' ]]; then - # _add_xorrisofs_options_uefi-x64.systemd-boot.esp - _xorrisofs_options+=("$(_add_xorrisofs_options_uefi-x64.grub.esp)") - fi - echo "${_xorrisofs_options[@]}" +local _xorrisofs_options=("$@") +# TODO: how does the bootmodes systemd-boot vs x64.grub affect ${bootmodes[*]} tests in _add_xorrisofs_options_uefi-x64.systemd-boot.esp etc? +# shellcheck disable=SC2076 +if [[ ! " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.esp ' && ! " ${bootmodes[*]} " =~ ' uefi-x64.grub.esp ' ]]; then + # _add_xorrisofs_options_uefi-x64.systemd-boot.esp + _xorrisofs_options+=("$(_add_xorrisofs_options_uefi-x64.grub.esp)") +fi +echo "${_xorrisofs_options[@]}" } _add_xorrisofs_options_uefi-ia32.grub.esp_iso() { - xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.grub.esp "${xorrisofs_options[@]}")") +xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.grub.esp "${xorrisofs_options[@]}")") } _add_xorrisofs_options_uefi-x64.grub.esp_keys() { - keys_xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.grub.esp "${keys_xorrisofs_options[@]}")") +keys_xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.grub.esp "${keys_xorrisofs_options[@]}")") } # GRUB via El Torito _add_xorrisofs_options_uefi-ia32.grub.eltorito() { - local _xorrisofs_options=("$@") - # shellcheck disable=SC2076 - if [[ ! " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.eltorito ' && ! " ${bootmodes[*]} " =~ ' uefi-x64.grub.eltorito ' ]]; then - # _add_xorrisofs_options_uefi-x64.systemd-boot.eltorito - _xorrisofs_options+=("$(_add_xorrisofs_options_uefi-x64.grub.eltorito "${xorrisofs_options[@]}")") - fi +local _xorrisofs_options=("$@") +# shellcheck disable=SC2076 +if [[ ! " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.eltorito ' && ! " ${bootmodes[*]} " =~ ' uefi-x64.grub.eltorito ' ]]; then + # _add_xorrisofs_options_uefi-x64.systemd-boot.eltorito + _xorrisofs_options+=("$(_add_xorrisofs_options_uefi-x64.grub.eltorito "${xorrisofs_options[@]}")") +fi } _add_xorrisofs_options_uefi-ia32.grub.eltorito_iso() { - xorrisofs_options=("$(_add_xorrisofs_options_uefi-ia32.grub.eltorito "${xorrisofs_options[@]}")") +xorrisofs_options=("$(_add_xorrisofs_options_uefi-ia32.grub.eltorito "${xorrisofs_options[@]}")") } _add_xorrisofs_options_uefi-ia32.grub.eltorito_keys() { - keys_xorrisofs_options=("$(_add_xorrisofs_options_uefi-ia32.grub.eltorito "${keys_xorrisofs_options[@]}")") +keys_xorrisofs_options=("$(_add_xorrisofs_options_uefi-ia32.grub.eltorito "${keys_xorrisofs_options[@]}")") } # systemd-boot in an attached EFI system partition _add_xorrisofs_options_uefi-x64.systemd-boot.esp() { - local _xorrisofs_options=("$@") - # Move the first partition away from the start of the ISO, otherwise the GPT will not be valid and ISO 9660 - # partition will not be mountable - # shellcheck disable=SC2076 - [[ " ${_xorrisofs_options[*]} " =~ ' -partition_offset ' ]] || _xorrisofs_options+=('-partition_offset' '16') - # Attach efiboot.img as a second partition and set its partition type to "EFI system partition" - _xorrisofs_options+=('-append_partition' '2' 'C12A7328-F81F-11D2-BA4B-00A0C93EC93B' "${efibootimg}") - if [ "${persistent_size_kib}" != "" ]; then - # READ - _xorrisofs_options+=("$(_add_xorrisofs_options_persistent_partition "${_xorrisofs_options[@]}")") - fi - # Ensure GPT is used as some systems do not support UEFI booting without it - # shellcheck disable=SC2076 - if [[ " ${bootmodes[*]} " =~ ' bios.syslinux.mbr ' ]]; then - # A valid GPT prevents BIOS booting on some systems, instead use an invalid GPT (without a protective MBR). - # The attached partition will have the EFI system partition type code in MBR, but in the invalid GPT it will - # have a Microsoft basic partition type code. - if [[ ! " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.eltorito ' && ! " ${bootmodes[*]} " =~ ' uefi-ia32.grub.eltorito ' ]]; then - # If '-isohybrid-gpt-basdat' is specified before '-e', then the appended EFI system partition will have the - # EFI system partition type ID/GUID in both MBR and GPT. If '-isohybrid-gpt-basdat' is specified after '-e', - # the appended EFI system partition will have the Microsoft basic data type GUID in GPT. - if [[ ! " ${_xorrisofs_options[*]} " =~ ' -isohybrid-gpt-basdat ' ]]; then - _xorrisofs_options+=('-isohybrid-gpt-basdat') - fi +local _xorrisofs_options=("$@") +# Move the first partition away from the start of the ISO, otherwise the GPT will not be valid and ISO 9660 +# partition will not be mountable +# shellcheck disable=SC2076 +[[ " ${_xorrisofs_options[*]} " =~ ' -partition_offset ' ]] || _xorrisofs_options+=('-partition_offset' '16') +# Attach efiboot.img as a second partition and set its partition type to "EFI system partition" +_xorrisofs_options+=('-append_partition' '2' 'C12A7328-F81F-11D2-BA4B-00A0C93EC93B' "${efibootimg}") +if [ "${persistent_size_kib}" != "" ]; then + # READ + _xorrisofs_options+=("$(_add_xorrisofs_options_persistent_partition "${_xorrisofs_options[@]}")") +fi +# Ensure GPT is used as some systems do not support UEFI booting without it +# shellcheck disable=SC2076 +if [[ " ${bootmodes[*]} " =~ ' bios.syslinux.mbr ' ]]; then + # A valid GPT prevents BIOS booting on some systems, instead use an invalid GPT (without a protective MBR). + # The attached partition will have the EFI system partition type code in MBR, but in the invalid GPT it will + # have a Microsoft basic partition type code. + if [[ ! " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.eltorito ' && ! " ${bootmodes[*]} " =~ ' uefi-ia32.grub.eltorito ' ]]; then + # If '-isohybrid-gpt-basdat' is specified before '-e', then the appended EFI system partition will have the + # EFI system partition type ID/GUID in both MBR and GPT. If '-isohybrid-gpt-basdat' is specified after '-e', + # the appended EFI system partition will have the Microsoft basic data type GUID in GPT. + if [[ ! " ${_xorrisofs_options[*]} " =~ ' -isohybrid-gpt-basdat ' ]]; then + _xorrisofs_options+=('-isohybrid-gpt-basdat') fi - else - # Use valid GPT if BIOS booting support will not be required - _xorrisofs_options+=('-appended_part_as_gpt') fi - echo "${_xorrisofs_options[@]}" +else + # Use valid GPT if BIOS booting support will not be required + _xorrisofs_options+=('-appended_part_as_gpt') +fi +echo "${_xorrisofs_options[@]}" } _add_xorrisofs_options_uefi-x64.systemd-boot.esp_iso() { - xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.systemd-boot.esp "${xorrisofs_options[@]}")") +xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.systemd-boot.esp "${xorrisofs_options[@]}")") } _add_xorrisofs_options_uefi-x64.systemd-boot.esp_keys() { - keys_xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.systemd-boot.esp "${keys_xorrisofs_options[@]}")") +keys_xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.systemd-boot.esp "${keys_xorrisofs_options[@]}")") } # systemd-boot via El Torito _add_xorrisofs_options_uefi-x64.systemd-boot.eltorito() { - local bootable_dir="${1}" - shift - local _xorrisofs_options=("$@") - # shellcheck disable=SC2076 - if [[ " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.esp ' || " ${bootmodes[*]} " =~ ' uefi-ia32.grub.esp ' ]]; then - # systemd-boot in an attached EFI system partition via El Torito - _xorrisofs_options+=( - # Start a new El Torito boot entry for UEFI - '-eltorito-alt-boot' - # Set the second partition as the El Torito UEFI boot image - '-e' '--interval:appended_partition_2:all::' - # Boot image is not emulating floppy or hard disk; required for all known boot loaders - '-no-emul-boot' - ) - # A valid GPT prevents BIOS booting on some systems, use an invalid GPT instead. - if [[ " ${bootmodes[*]} " =~ ' bios.syslinux.mbr ' ]]; then - # If '-isohybrid-gpt-basdat' is specified before '-e', then the appended EFI system partition will have the - # EFI system partition type ID/GUID in both MBR and GPT. If '-isohybrid-gpt-basdat' is specified after '-e', - # the appended EFI system partition will have the Microsoft basic data type GUID in GPT. - if [[ ! " ${xorrisofs_options[*]} " =~ ' -isohybrid-gpt-basdat ' ]]; then - _xorrisofs_options+=('-isohybrid-gpt-basdat') - fi - fi - else - # The ISO will not contain a GPT partition table, so to be able to reference efiboot.img, place it as a - # file inside the ISO 9660 file system - install -d -m 0755 -- "${bootable_dir}/EFI/archiso" - cp -a -- "${efibootimg}" "${bootable_dir}/EFI/archiso/efiboot.img" - # systemd-boot in an embedded efiboot.img via El Torito - _xorrisofs_options+=( - # Start a new El Torito boot entry for UEFI - '-eltorito-alt-boot' - # Set efiboot.img as the El Torito UEFI boot image - '-e' 'EFI/archiso/efiboot.img' - # Boot image is not emulating floppy or hard disk; required for all known boot loaders - '-no-emul-boot' - ) - fi - # Specify where to save the El Torito boot catalog file in case it is not already set by bios.syslinux.eltorito - # shellcheck disable=SC2076 - [[ " ${bootmodes[*]} " =~ ' bios.' ]] || _xorrisofs_options+=('-eltorito-catalog' 'EFI/boot.cat') - echo "${_xorrisofs_options[@]}" +local bootable_dir="${1}" +shift +local _xorrisofs_options=("$@") +# shellcheck disable=SC2076 +if [[ " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.esp ' || " ${bootmodes[*]} " =~ ' uefi-ia32.grub.esp ' ]]; then + # systemd-boot in an attached EFI system partition via El Torito + _xorrisofs_options+=( + # Start a new El Torito boot entry for UEFI + '-eltorito-alt-boot' + # Set the second partition as the El Torito UEFI boot image + '-e' '--interval:appended_partition_2:all::' + # Boot image is not emulating floppy or hard disk; required for all known boot loaders + '-no-emul-boot' +) +# A valid GPT prevents BIOS booting on some systems, use an invalid GPT instead. +if [[ " ${bootmodes[*]} " =~ ' bios.syslinux.mbr ' ]]; then + # If '-isohybrid-gpt-basdat' is specified before '-e', then the appended EFI system partition will have the + # EFI system partition type ID/GUID in both MBR and GPT. If '-isohybrid-gpt-basdat' is specified after '-e', + # the appended EFI system partition will have the Microsoft basic data type GUID in GPT. + if [[ ! " ${xorrisofs_options[*]} " =~ ' -isohybrid-gpt-basdat ' ]]; then + _xorrisofs_options+=('-isohybrid-gpt-basdat') + fi +fi +else + # The ISO will not contain a GPT partition table, so to be able to reference efiboot.img, place it as a + # file inside the ISO 9660 file system + install -d -m 0755 -- "${bootable_dir}/EFI/archiso" + cp -a -- "${efibootimg}" "${bootable_dir}/EFI/archiso/efiboot.img" + # systemd-boot in an embedded efiboot.img via El Torito + _xorrisofs_options+=( + # Start a new El Torito boot entry for UEFI + '-eltorito-alt-boot' + # Set efiboot.img as the El Torito UEFI boot image + '-e' 'EFI/archiso/efiboot.img' + # Boot image is not emulating floppy or hard disk; required for all known boot loaders + '-no-emul-boot' +) +fi +# Specify where to save the El Torito boot catalog file in case it is not already set by bios.syslinux.eltorito +# shellcheck disable=SC2076 +[[ " ${bootmodes[*]} " =~ ' bios.' ]] || _xorrisofs_options+=('-eltorito-catalog' 'EFI/boot.cat') +echo "${_xorrisofs_options[@]}" } _add_xorrisofs_options_uefi-x64.systemd-boot.eltorito_iso() { - xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.systemd-boot.eltorito "${isofs_dir}" "${xorrisofs_options[@]}")") +xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.systemd-boot.eltorito "${isofs_dir}" "${xorrisofs_options[@]}")") } _add_xorrisofs_options_uefi-x64.systemd-boot.eltorito_keys() { - keys_xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.systemd-boot.eltorito "${keys_isofs_dir}" "${keys_xorrisofs_options[@]}")") +keys_xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.systemd-boot.eltorito "${keys_isofs_dir}" "${keys_xorrisofs_options[@]}")") } # GRUB in an attached EFI system partition. # Same as _add_xorrisofs_options_uefi-x64.systemd-boot.esp. _add_xorrisofs_options_uefi-x64.grub.esp() { - local _xorrisofs_options=("$@") - # Move the first partition away from the start of the ISO, otherwise the GPT will not be valid and ISO 9660 - # partition will not be mountable - # shellcheck disable=SC2076 - [[ " ${_xorrisofs_options[*]} " =~ ' -partition_offset ' ]] || _xorrisofs_options+=('-partition_offset' '16') - # Attach efiboot.img as a second partition and set its partition type to "EFI system partition" - _xorrisofs_options+=('-append_partition' '2' 'C12A7328-F81F-11D2-BA4B-00A0C93EC93B' "${work_dir}/efiboot.img") - if [ "${persistent_size_kib}" != "" ]; then - _xorrisofs_options=("$(_add_xorrisofs_options_persistent_partition "${_xorrisofs_options[@]}")") - fi - # Ensure GPT is used as some systems do not support UEFI booting without it - # shellcheck disable=SC2076 - if [[ " ${bootmodes[*]} " =~ ' bios.syslinux.mbr ' ]]; then - # A valid GPT prevents BIOS booting on some systems, instead use an invalid GPT (without a protective MBR). - # The attached partition will have the EFI system partition type code in MBR, but in the invalid GPT it will - # have a Microsoft basic partition type code. - if [[ ! " ${bootmodes[*]} " =~ ' uefi-x64.grub.eltorito ' && ! " ${bootmodes[*]} " =~ ' uefi-ia32.grub.eltorito ' ]]; then - # If '-isohybrid-gpt-basdat' is specified before '-e', then the appended EFI system partition will have the - # EFI system partition type ID/GUID in both MBR and GPT. If '-isohybrid-gpt-basdat' is specified after '-e', - # the appended EFI system partition will have the Microsoft basic data type GUID in GPT. - if [[ ! " ${xorrisofs_options[*]} " =~ ' -isohybrid-gpt-basdat ' ]]; then - _xorrisofs_options+=('-isohybrid-gpt-basdat') - fi +local _xorrisofs_options=("$@") +# Move the first partition away from the start of the ISO, otherwise the GPT will not be valid and ISO 9660 +# partition will not be mountable +# shellcheck disable=SC2076 +[[ " ${_xorrisofs_options[*]} " =~ ' -partition_offset ' ]] || _xorrisofs_options+=('-partition_offset' '16') +# Attach efiboot.img as a second partition and set its partition type to "EFI system partition" +_xorrisofs_options+=('-append_partition' '2' 'C12A7328-F81F-11D2-BA4B-00A0C93EC93B' "${work_dir}/efiboot.img") +if [ "${persistent_size_kib}" != "" ]; then + _xorrisofs_options=("$(_add_xorrisofs_options_persistent_partition "${_xorrisofs_options[@]}")") +fi +# Ensure GPT is used as some systems do not support UEFI booting without it +# shellcheck disable=SC2076 +if [[ " ${bootmodes[*]} " =~ ' bios.syslinux.mbr ' ]]; then + # A valid GPT prevents BIOS booting on some systems, instead use an invalid GPT (without a protective MBR). + # The attached partition will have the EFI system partition type code in MBR, but in the invalid GPT it will + # have a Microsoft basic partition type code. + if [[ ! " ${bootmodes[*]} " =~ ' uefi-x64.grub.eltorito ' && ! " ${bootmodes[*]} " =~ ' uefi-ia32.grub.eltorito ' ]]; then + # If '-isohybrid-gpt-basdat' is specified before '-e', then the appended EFI system partition will have the + # EFI system partition type ID/GUID in both MBR and GPT. If '-isohybrid-gpt-basdat' is specified after '-e', + # the appended EFI system partition will have the Microsoft basic data type GUID in GPT. + if [[ ! " ${xorrisofs_options[*]} " =~ ' -isohybrid-gpt-basdat ' ]]; then + _xorrisofs_options+=('-isohybrid-gpt-basdat') fi - else - # Use valid GPT if BIOS booting support will not be required - _xorrisofs_options+=('-appended_part_as_gpt') fi - echo "${_xorrisofs_options[@]}" +else + # Use valid GPT if BIOS booting support will not be required + _xorrisofs_options+=('-appended_part_as_gpt') +fi +echo "${_xorrisofs_options[@]}" } _add_xorrisofs_options_uefi-x64.grub.esp_iso() { - xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.grub.esp "${xorrisofs_options[@]}")") +xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.grub.esp "${xorrisofs_options[@]}")") } _add_xorrisofs_options_uefi-x64.grub.esp_keys() { - keys_xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.grub.esp "${keys_xorrisofs_options[@]}")") +keys_xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.grub.esp "${keys_xorrisofs_options[@]}")") } # GRUB via El Torito # Same as _add_xorrisofs_options_uefi-x64.systemd-boot.eltorito. _add_xorrisofs_options_uefi-x64.grub.eltorito() { - local bootable_dir="${1}" - shift - local _xorrisofs_options=("$@") - # shellcheck disable=SC2076 - if [[ " ${bootmodes[*]} " =~ ' uefi-x64.grub.esp ' || " ${bootmodes[*]} " =~ ' uefi-ia32.grub.esp ' ]]; then - # grub in an attached EFI system partition via El Torito - xorrisofs_options+=( - # Start a new El Torito boot entry for UEFI - '-eltorito-alt-boot' - # Set the second partition as the El Torito UEFI boot image - '-e' '--interval:appended_partition_2:all::' - # Boot image is not emulating floppy or hard disk; required for all known boot loaders - '-no-emul-boot' - ) - # A valid GPT prevents BIOS booting on some systems, use an invalid GPT instead. - if [[ " ${bootmodes[*]} " =~ ' bios.syslinux.mbr ' ]]; then - # If '-isohybrid-gpt-basdat' is specified before '-e', then the appended EFI system partition will have the - # EFI system partition type ID/GUID in both MBR and GPT. If '-isohybrid-gpt-basdat' is specified after '-e', - # the appended EFI system partition will have the Microsoft basic data type GUID in GPT. - if [[ ! " ${_xorrisofs_options[*]} " =~ ' -isohybrid-gpt-basdat ' ]]; then - _xorrisofs_options+=('-isohybrid-gpt-basdat') - fi - fi - else - # The ISO will not contain a GPT partition table, so to be able to reference efiboot.img, place it as a - # file inside the ISO 9660 file system - install -d -m 0755 -- "${bootable_dir}/EFI/archiso" - cp -a -- "${efibootimg}" "${bootable_dir}/EFI/archiso/efiboot.img" - # grub in an embedded efiboot.img via El Torito - _xorrisofs_options+=( - # Start a new El Torito boot entry for UEFI - '-eltorito-alt-boot' - # Set efiboot.img as the El Torito UEFI boot image - '-e' 'EFI/archiso/efiboot.img' - # Boot image is not emulating floppy or hard disk; required for all known boot loaders - '-no-emul-boot' - ) - fi - # Specify where to save the El Torito boot catalog file in case it is not already set by bios.syslinux.eltorito - # shellcheck disable=SC2076 - [[ " ${bootmodes[*]} " =~ ' bios.' ]] || _xorrisofs_options+=('-eltorito-catalog' 'EFI/boot.cat') - echo "${_xorrisofs_options[@]}" +local bootable_dir="${1}" +shift +local _xorrisofs_options=("$@") +# shellcheck disable=SC2076 +if [[ " ${bootmodes[*]} " =~ ' uefi-x64.grub.esp ' || " ${bootmodes[*]} " =~ ' uefi-ia32.grub.esp ' ]]; then + # grub in an attached EFI system partition via El Torito + xorrisofs_options+=( + # Start a new El Torito boot entry for UEFI + '-eltorito-alt-boot' + # Set the second partition as the El Torito UEFI boot image + '-e' '--interval:appended_partition_2:all::' + # Boot image is not emulating floppy or hard disk; required for all known boot loaders + '-no-emul-boot' +) +# A valid GPT prevents BIOS booting on some systems, use an invalid GPT instead. +if [[ " ${bootmodes[*]} " =~ ' bios.syslinux.mbr ' ]]; then + # If '-isohybrid-gpt-basdat' is specified before '-e', then the appended EFI system partition will have the + # EFI system partition type ID/GUID in both MBR and GPT. If '-isohybrid-gpt-basdat' is specified after '-e', + # the appended EFI system partition will have the Microsoft basic data type GUID in GPT. + if [[ ! " ${_xorrisofs_options[*]} " =~ ' -isohybrid-gpt-basdat ' ]]; then + _xorrisofs_options+=('-isohybrid-gpt-basdat') + fi +fi +else + # The ISO will not contain a GPT partition table, so to be able to reference efiboot.img, place it as a + # file inside the ISO 9660 file system + install -d -m 0755 -- "${bootable_dir}/EFI/archiso" + cp -a -- "${efibootimg}" "${bootable_dir}/EFI/archiso/efiboot.img" + # grub in an embedded efiboot.img via El Torito + _xorrisofs_options+=( + # Start a new El Torito boot entry for UEFI + '-eltorito-alt-boot' + # Set efiboot.img as the El Torito UEFI boot image + '-e' 'EFI/archiso/efiboot.img' + # Boot image is not emulating floppy or hard disk; required for all known boot loaders + '-no-emul-boot' +) +fi +# Specify where to save the El Torito boot catalog file in case it is not already set by bios.syslinux.eltorito +# shellcheck disable=SC2076 +[[ " ${bootmodes[*]} " =~ ' bios.' ]] || _xorrisofs_options+=('-eltorito-catalog' 'EFI/boot.cat') +echo "${_xorrisofs_options[@]}" } _add_xorrisofs_options_uefi-x64.grub.eltorito_iso() { - xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.grub.eltorito "${isofs_dir}" "${xorrisofs_options[@]}")") +xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.grub.eltorito "${isofs_dir}" "${xorrisofs_options[@]}")") } _add_xorrisofs_options_uefi-x64.grub.eltorito_keys() { - keys_xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.systemd-boot.eltorito "${keys_isofs_dir}" "${keys_xorrisofs_options[@]}")") +keys_xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.systemd-boot.eltorito "${keys_isofs_dir}" "${keys_xorrisofs_options[@]}")") } # Build bootstrap image @@ -2016,21 +2016,21 @@ _build_keys_image() { _msg_info "xorrisofs options: ${keys_xorriso_options[*]}" _msg_info "xorrisofs options: ${keys_xorrisofs_options[*]}" xorriso "${keys_xorriso_options[@]}" -as mkisofs \ - -iso-level 3 \ - -full-iso9660-filenames \ - -joliet \ - -joliet-long \ - -rational-rock \ - -volid "${iso_label}_KEYS" \ - -appid "${iso_application} keys CD" \ - -publisher "${iso_publisher}" \ - -preparer "prepared by ${app_name}" \ - "${keys_xorrisofs_options[@]}" \ - -output "${out_dir}/${image_name}" \ - "${keys_isofs_dir}/" - _msg_info "Done!" - du -h -- "${out_dir}/${image_name}" -} + -iso-level 3 \ + -full-iso9660-filenames \ + -joliet \ + -joliet-long \ + -rational-rock \ + -volid "${iso_label}_KEYS" \ + -appid "${iso_application} keys CD" \ + -publisher "${iso_publisher}" \ + -preparer "prepared by ${app_name}" \ + "${keys_xorrisofs_options[@]}" \ + -output "${out_dir}/${image_name}" \ + "${keys_isofs_dir}/" + _msg_info "Done!" + du -h -- "${out_dir}/${image_name}" + } # Build ISO _build_iso_image() { @@ -2058,26 +2058,26 @@ _build_iso_image() { _msg_info "xorrisofs options: ${xorriso_options[*]}" _msg_info "xorrisofs options: ${xorrisofs_options[*]}" xorriso "${xorriso_options[@]}" -as mkisofs \ - -iso-level 3 \ - -full-iso9660-filenames \ - -joliet \ - -joliet-long \ - -rational-rock \ - -volid "${iso_label}" \ - -appid "${iso_application}" \ - -publisher "${iso_publisher}" \ - -preparer "prepared by ${app_name}" \ - "${xorrisofs_options[@]}" \ - -output "${out_dir}/${image_name}" \ - "${isofs_dir}/" - _msg_info "Done!" - du -h -- "${out_dir}/${image_name}" - - if [[ "${airootfs_image_type}" == *"luks"* ]] && [[ ! " ${buildmodes[*]} " =~ ' keys ' ]]; then - cp "${encryption_key}" "${out_dir}" - fi + -iso-level 3 \ + -full-iso9660-filenames \ + -joliet \ + -joliet-long \ + -rational-rock \ + -volid "${iso_label}" \ + -appid "${iso_application}" \ + -publisher "${iso_publisher}" \ + -preparer "prepared by ${app_name}" \ + "${xorrisofs_options[@]}" \ + -output "${out_dir}/${image_name}" \ + "${isofs_dir}/" + _msg_info "Done!" + du -h -- "${out_dir}/${image_name}" + + if [[ "${airootfs_image_type}" == *"luks"* ]] && [[ ! " ${buildmodes[*]} " =~ ' keys ' ]]; then + cp "${encryption_key}" "${out_dir}" + fi -} + } # Read profile's values from profiledef.sh _read_profile() { -- GitLab From fc9f21f82ccd8199b28aa7e97a87b5ec69265b0e Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 17:30:25 +0000 Subject: [PATCH 232/347] debug --- archiso/mkarchiso | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 40e9abbd..c881a7c1 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -729,7 +729,7 @@ _make_boot_on_iso9660() { # Copy kernel and initramfs to keys ISO 9660 _make_boot_on_keys() { - # local keys_isofs_dir="${work_dir}/keys_iso" + keys_isofs_dir="${work_dir}/keys_iso" _make_boot_on_iso "${keys_isofs_dir}" } @@ -1990,13 +1990,12 @@ _build_bootstrap_image() { _build_keys_image() { local keys_xorriso_options=() keys_xorrisofs_options=() - # local keys_isofs_dir="${work_dir}/keys_iso" + local keys_isofs_dir="${work_dir}/keys_iso" local bootmode # Add required xorrisofs options for each boot mode for bootmode in "${bootmodes[@]}"; do xorriso_options=("$("_add_xorrisofs_options_${bootmode}_keys" "${keys_xorriso_options[@]}")") - # typeset -f "_add_xorrisofs_options_${bootmode}_keys" &> /dev/null && "_add_xorrisofs_options_${bootmode}_keys" done [[ -d "${out_dir}" ]] || install -d -- "${out_dir}" @@ -2300,9 +2299,9 @@ _build_iso_base() { local buildmode_pkg_list=("${pkg_list[@]}") # Set up essential directory paths pacstrap_dir="${work_dir}/${arch}/airootfs" - # isofs_dir="${work_dir}/iso" - # keys_dir="${work_dir}/keys" - # airootfs_img_dir="${isofs_dir}/${install_dir}/${arch}" + isofs_dir="${work_dir}/iso" + keys_dir="${work_dir}/keys" + airootfs_img_dir="${isofs_dir}/${install_dir}/${arch}" persistent_dir="${work_dir}/persistent" # Create working directory -- GitLab From 36054950d8465fe51b39333a05c7def11f034a36 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 18:14:38 +0000 Subject: [PATCH 233/347] don't delete boot if persistent --- archiso/mkarchiso | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index c881a7c1..af406328 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -154,8 +154,6 @@ _show_config() { _cleanup_pacstrap_dir() { _msg_info "Cleaning up in pacstrap location..." - # Delete all files in /boot - [[ -d "${pacstrap_dir}/boot" ]] && find "${pacstrap_dir}/boot" -mindepth 1 -delete # Delete pacman database sync cache files (*.tar.gz) [[ -d "${pacstrap_dir}/var/lib/pacman" ]] && find "${pacstrap_dir}/var/lib/pacman" -maxdepth 1 -type f -delete # Delete pacman database sync cache @@ -168,13 +166,15 @@ _cleanup_pacstrap_dir() { [[ -d "${pacstrap_dir}/var/tmp" ]] && find "${pacstrap_dir}/var/tmp" -mindepth 1 -delete # Delete package pacman related files. find "${work_dir}" \( -name '*.pacnew' -o -name '*.pacsave' -o -name '*.pacorig' \) -delete - # Create an empty /etc/machine-id local _machine_id="${pacstrap_dir}/etc/machine-id" if [[ "${persistent_size_kib}" != "" ]]; then dbus-uuidgen --ensure="${_machine_id}" else + # Create an empty /etc/machine-id rm -f -- "${_machine_id}" printf '' > "${_machine_id}" + # Delete all files in /boot + [[ -d "${pacstrap_dir}/boot" ]] && find "${pacstrap_dir}/boot" -mindepth 1 -delete fi _msg_info "Done!" } @@ -1140,11 +1140,11 @@ for _file in "${ucodes[@]}"; do done # Calculate the required FAT image size in bytes efiboot_files+=("${pacstrap_dir}/usr/lib/systemd/boot/efi/systemd-bootx64.efi" -"${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" -"${profile}/efiboot/" -"${pacstrap_dir}/boot/vmlinuz-"* -"${pacstrap_dir}/boot/initramfs-"*".img" -"${_available_ucodes[@]}") + "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" + "${profile}/efiboot/" + "${pacstrap_dir}/boot/vmlinuz-"* + "${pacstrap_dir}/boot/initramfs-"*".img" + "${_available_ucodes[@]}") efiboot_imgsize="$(du -bc "${efiboot_files[@]}" \ 2>/dev/null | awk 'END { print $1 }')" # Create a FAT image for the EFI system partition -- GitLab From 33e1630a671edaf550cd2393dd3f43a8d0cd52f9 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 18:29:14 +0000 Subject: [PATCH 234/347] fix path hard way --- archiso/mkarchiso | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index af406328..239c1101 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -154,6 +154,8 @@ _show_config() { _cleanup_pacstrap_dir() { _msg_info "Cleaning up in pacstrap location..." + # Delete all files in /boot + [[ -d "${pacstrap_dir}/boot" ]] && find "${pacstrap_dir}/boot" -mindepth 1 -delete # Delete pacman database sync cache files (*.tar.gz) [[ -d "${pacstrap_dir}/var/lib/pacman" ]] && find "${pacstrap_dir}/var/lib/pacman" -maxdepth 1 -type f -delete # Delete pacman database sync cache @@ -739,8 +741,8 @@ _make_boot_on_iso() { local ucode_image _msg_info "Preparing kernel and initramfs for the ISO 9660 file system..." install -d -m 0755 -- "${bootable_dir}/${install_dir}/boot/${arch}" - install -m 0644 -- "${pacstrap_dir}/boot/initramfs-"*".img" "${bootable_dir}/${install_dir}/boot/${arch}/" - install -m 0644 -- "${pacstrap_dir}/boot/vmlinuz-"* "${bootable_dir}/${install_dir}/boot/${arch}/" + install -m 0644 -- "${pacstrap_dir}/../iso/arch/boot/${arch}/initramfs-"*".img" "${bootable_dir}/${install_dir}/boot/${arch}/" + install -m 0644 -- "${pacstrap_dir}/../iso/boot/${arch}/vmlinuz-"* "${bootable_dir}/${install_dir}/boot/${arch}/" for ucode_image in "${ucodes[@]}"; do if [[ -e "${pacstrap_dir}/boot/${ucode_image}" ]]; then -- GitLab From 8e7785db0e52ca1288f02549e2f7b5bca70f868b Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 18:33:40 +0000 Subject: [PATCH 235/347] fix path hard way --- archiso/mkarchiso | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 239c1101..9f7a7bb1 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -741,8 +741,8 @@ _make_boot_on_iso() { local ucode_image _msg_info "Preparing kernel and initramfs for the ISO 9660 file system..." install -d -m 0755 -- "${bootable_dir}/${install_dir}/boot/${arch}" - install -m 0644 -- "${pacstrap_dir}/../iso/arch/boot/${arch}/initramfs-"*".img" "${bootable_dir}/${install_dir}/boot/${arch}/" - install -m 0644 -- "${pacstrap_dir}/../iso/boot/${arch}/vmlinuz-"* "${bootable_dir}/${install_dir}/boot/${arch}/" + install -m 0644 -- "${pacstrap_dir}/boot/initramfs-"*".img" "${bootable_dir}/${install_dir}/boot/${arch}/" + install -m 0644 -- "${pacstrap_dir}/boot/vmlinuz-"* "${bootable_dir}/${install_dir}/boot/${arch}/" for ucode_image in "${ucodes[@]}"; do if [[ -e "${pacstrap_dir}/boot/${ucode_image}" ]]; then -- GitLab From b6d119fffeb44dda2358789411e5dab4c1535d6e Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 18:51:27 +0000 Subject: [PATCH 236/347] fix path hard way --- archiso/mkarchiso | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 9f7a7bb1..4cc875db 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -154,8 +154,8 @@ _show_config() { _cleanup_pacstrap_dir() { _msg_info "Cleaning up in pacstrap location..." - # Delete all files in /boot - [[ -d "${pacstrap_dir}/boot" ]] && find "${pacstrap_dir}/boot" -mindepth 1 -delete + # Move files from pacstrap_dir /boot + [[ -d "${pacstrap_dir}/boot" ]] && mv "${pacstrap_dir}/boot" "${work_dir}" # Delete pacman database sync cache files (*.tar.gz) [[ -d "${pacstrap_dir}/var/lib/pacman" ]] && find "${pacstrap_dir}/var/lib/pacman" -maxdepth 1 -type f -delete # Delete pacman database sync cache @@ -175,8 +175,6 @@ _cleanup_pacstrap_dir() { # Create an empty /etc/machine-id rm -f -- "${_machine_id}" printf '' > "${_machine_id}" - # Delete all files in /boot - [[ -d "${pacstrap_dir}/boot" ]] && find "${pacstrap_dir}/boot" -mindepth 1 -delete fi _msg_info "Done!" } @@ -741,8 +739,8 @@ _make_boot_on_iso() { local ucode_image _msg_info "Preparing kernel and initramfs for the ISO 9660 file system..." install -d -m 0755 -- "${bootable_dir}/${install_dir}/boot/${arch}" - install -m 0644 -- "${pacstrap_dir}/boot/initramfs-"*".img" "${bootable_dir}/${install_dir}/boot/${arch}/" - install -m 0644 -- "${pacstrap_dir}/boot/vmlinuz-"* "${bootable_dir}/${install_dir}/boot/${arch}/" + install -m 0644 -- "${work_dir}/boot/initramfs-"*".img" "${bootable_dir}/${install_dir}/boot/${arch}/" + install -m 0644 -- "${work_dir}/boot/vmlinuz-"* "${bootable_dir}/${install_dir}/boot/${arch}/" for ucode_image in "${ucodes[@]}"; do if [[ -e "${pacstrap_dir}/boot/${ucode_image}" ]]; then -- GitLab From baec4e19c8ca82e82193d72daba66bcf164d1e81 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 19:06:53 +0000 Subject: [PATCH 237/347] fix path hard way --- archiso/mkarchiso | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 4cc875db..34bfba96 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -738,9 +738,11 @@ _make_boot_on_iso() { local bootable_dir="${1}" local ucode_image _msg_info "Preparing kernel and initramfs for the ISO 9660 file system..." + initramfs_files=("$(find "${work_dir}" | grep "initramfs.*img")") + vmlinuz_files=("$(find "${work_dir}" | grep "vmlinuz.*img")") install -d -m 0755 -- "${bootable_dir}/${install_dir}/boot/${arch}" - install -m 0644 -- "${work_dir}/boot/initramfs-"*".img" "${bootable_dir}/${install_dir}/boot/${arch}/" - install -m 0644 -- "${work_dir}/boot/vmlinuz-"* "${bootable_dir}/${install_dir}/boot/${arch}/" + install -m 0644 -- "${initramfs_files[@]}" "${bootable_dir}/${install_dir}/boot/${arch}/" + install -m 0644 -- "${vmlinuz_files[@]}" "${bootable_dir}/${install_dir}/boot/${arch}/" for ucode_image in "${ucodes[@]}"; do if [[ -e "${pacstrap_dir}/boot/${ucode_image}" ]]; then -- GitLab From e9ab34be8237756ed489be991df6fcb274e45381 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 19:10:08 +0000 Subject: [PATCH 238/347] don't remove kernel --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 34bfba96..9d765529 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -155,7 +155,7 @@ _cleanup_pacstrap_dir() { _msg_info "Cleaning up in pacstrap location..." # Move files from pacstrap_dir /boot - [[ -d "${pacstrap_dir}/boot" ]] && mv "${pacstrap_dir}/boot" "${work_dir}" + # [[ -d "${pacstrap_dir}/boot" ]] && mv "${pacstrap_dir}/boot" "${work_dir}" # Delete pacman database sync cache files (*.tar.gz) [[ -d "${pacstrap_dir}/var/lib/pacman" ]] && find "${pacstrap_dir}/var/lib/pacman" -maxdepth 1 -type f -delete # Delete pacman database sync cache -- GitLab From 31541e89e626fee27c1e1dc556818782319b5a54 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 19:21:42 +0000 Subject: [PATCH 239/347] don't remove kernel --- archiso/mkarchiso | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 9d765529..cb470aea 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -737,13 +737,16 @@ _make_boot_on_keys() { _make_boot_on_iso() { local bootable_dir="${1}" local ucode_image + local boot_dir="${bootable_dir}/${install_dir}/boot/${arch}/" _msg_info "Preparing kernel and initramfs for the ISO 9660 file system..." initramfs_files=("$(find "${work_dir}" | grep "initramfs.*img")") vmlinuz_files=("$(find "${work_dir}" | grep "vmlinuz.*img")") - install -d -m 0755 -- "${bootable_dir}/${install_dir}/boot/${arch}" - install -m 0644 -- "${initramfs_files[@]}" "${bootable_dir}/${install_dir}/boot/${arch}/" - install -m 0644 -- "${vmlinuz_files[@]}" "${bootable_dir}/${install_dir}/boot/${arch}/" - + install -d -m 0755 -- "${boot_dir}" + cp -af --no-preserve=ownership,mode -- "${initramfs_files[@]}" "${boot_dir}" + cp -af --no-preserve=ownership,mode -- "${vmlinuz_files[@]}" "${boot_dir}" + chown 0644 "${initramfs_files[@]}" + chown 0644 "${vmlinuz_files[@]}" + for ucode_image in "${ucodes[@]}"; do if [[ -e "${pacstrap_dir}/boot/${ucode_image}" ]]; then install -m 0644 -- "${pacstrap_dir}/boot/${ucode_image}" "${bootable_dir}/${install_dir}/boot/" -- GitLab From 60652dc22bcb09ae82469e2a8a8664e8447b095e Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 19:23:48 +0000 Subject: [PATCH 240/347] don't remove kernel --- archiso/mkarchiso | 2 ++ 1 file changed, 2 insertions(+) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index cb470aea..eff28c14 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -741,6 +741,8 @@ _make_boot_on_iso() { _msg_info "Preparing kernel and initramfs for the ISO 9660 file system..." initramfs_files=("$(find "${work_dir}" | grep "initramfs.*img")") vmlinuz_files=("$(find "${work_dir}" | grep "vmlinuz.*img")") + _msg_info "${initramfs_files[@]}" + _msg_info "${vmlinuz_files[@]}" install -d -m 0755 -- "${boot_dir}" cp -af --no-preserve=ownership,mode -- "${initramfs_files[@]}" "${boot_dir}" cp -af --no-preserve=ownership,mode -- "${vmlinuz_files[@]}" "${boot_dir}" -- GitLab From b7206836628e51dc92239bd640c8a95d85b8d022 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 19:48:18 +0000 Subject: [PATCH 241/347] don't remove kernel --- archiso/mkarchiso | 198 +++++++++++++++++++++++----------------------- 1 file changed, 99 insertions(+), 99 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index eff28c14..21755c0f 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1001,11 +1001,11 @@ _make_bootmode_uefi-ia32.grub.eltorito "${keys_isofs_dir}" "keys" # Prepare GRUB for El Torito booting _make_bootmode_uefi-ia32.grub.eltorito() { -local bootable_dir="${1}" -local bootable="${2}" -# El Torito UEFI boot requires an image containing the EFI system partition. -# uefi-ia32.grub.eltorito has the same requirements as uefi-ia32.grub.esp -_run_once "_make_bootmode_uefi-ia32.grub.esp_${bootable}" + local bootable_dir="${1}" + local bootable="${2}" + # El Torito UEFI boot requires an image containing the EFI system partition. + # uefi-ia32.grub.eltorito has the same requirements as uefi-ia32.grub.esp + _run_once "_make_bootmode_uefi-ia32.grub.esp_${bootable}" # Additionally set up systemd-boot in ISO 9660. This allows creating a medium for the live environment by using # manual partitioning and simply copying the ISO 9660 file system contents. @@ -1038,15 +1038,15 @@ _make_bootmode_uefi-x64.grub.esp } _make_bootmode_uefi-x64.grub.esp() { -# Fill Grub configuration files -sed "s|%ARCHISO_LABEL%|${iso_label}|g; -s|%ARCHISO_UUID%|${archiso_uuid}|g; -s|%INSTALL_DIR%|${install_dir}|g; -s|%CRYPTO_PARAMS%|$(_get_crypto_params)|g; -s|%ARCH%|${arch}|g" \ - "${profile}/grub/grub.cfg" > "${work_dir}/grub.cfg" - -IFS='' read -r -d '' grubembedcfg <<'EOF' || true + # Fill Grub configuration files + sed "s|%ARCHISO_LABEL%|${iso_label}|g; + s|%ARCHISO_UUID%|${archiso_uuid}|g; + s|%INSTALL_DIR%|${install_dir}|g; + s|%CRYPTO_PARAMS%|$(_get_crypto_params)|g; + s|%ARCH%|${arch}|g" \ + "${profile}/grub/grub.cfg" > "${work_dir}/grub.cfg" + + IFS='' read -r -d '' grubembedcfg <<'EOF' || true if ! [ -d "$cmdpath" ]; then # On some firmware, GRUB has a wrong cmdpath when booted from an optical disc. # https://gitlab.archlinux.org/archlinux/archiso/-/issues/183 @@ -1056,7 +1056,7 @@ if ! [ -d "$cmdpath" ]; then fi configfile "${cmdpath}/grub.cfg" EOF -printf '%s\n' "$grubembedcfg" > "${work_dir}/grub-embed.cfg" + printf '%s\n' "$grubembedcfg" > "${work_dir}/grub-embed.cfg" # Create EFI binary grub-mkstandalone -O x86_64-efi \ @@ -1090,20 +1090,20 @@ printf '%s\n' "$grubembedcfg" > "${work_dir}/grub-embed.cfg" } _make_bootmode_uefi-x64.grub.eltorito_iso() { -_make_bootmode_uefi-x64.grub.eltorito "${isofs_dir}" "iso" + _make_bootmode_uefi-x64.grub.eltorito "${isofs_dir}" "iso" } _make_bootmode_uefi-x64.grub.eltorito_keys() { -_make_bootmode_uefi-x64.grub.eltorito "${keys_isofs_dir}" "keys" + _make_bootmode_uefi-x64.grub.eltorito "${keys_isofs_dir}" "keys" } # Prepare GRUB for El Torito booting _make_bootmode_uefi-x64.grub.eltorito() { -local bootable_dir="${1}" -local bootable="${2}" -# El Torito UEFI boot requires an image containing the EFI system partition. -# uefi-x64.grub.eltorito has the same requirements as uefi-x64.grub.esp -_run_once "_make_bootmode_uefi-x64.grub.esp_${bootable}" + local bootable_dir="${1}" + local bootable="${2}" + # El Torito UEFI boot requires an image containing the EFI system partition. + # uefi-x64.grub.eltorito has the same requirements as uefi-x64.grub.esp + _run_once "_make_bootmode_uefi-x64.grub.esp_${bootable}" # Additionally set up systemd-boot in ISO 9660. This allows creating a medium for the live environment by using # manual partitioning and simply copying the ISO 9660 file system contents. @@ -1136,23 +1136,23 @@ _make_bootmode_uefi-x64.systemd-boot.esp # Prepare systemd-boot for booting when written to a disk (isohybrid) _make_bootmode_uefi-x64.systemd-boot.esp() { -local _file efiboot_imgsize -local _available_ucodes=() -_msg_info "Setting up systemd-boot for UEFI booting..." - -for _file in "${ucodes[@]}"; do - if [[ -e "${pacstrap_dir}/boot/${_file}" ]]; then - _available_ucodes+=("${pacstrap_dir}/boot/${_file}") - fi -done -# Calculate the required FAT image size in bytes -efiboot_files+=("${pacstrap_dir}/usr/lib/systemd/boot/efi/systemd-bootx64.efi" - "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" - "${profile}/efiboot/" - "${pacstrap_dir}/boot/vmlinuz-"* - "${pacstrap_dir}/boot/initramfs-"*".img" - "${_available_ucodes[@]}") -efiboot_imgsize="$(du -bc "${efiboot_files[@]}" \ + local _file efiboot_imgsize + local _available_ucodes=() + _msg_info "Setting up systemd-boot for UEFI booting..." + + for _file in "${ucodes[@]}"; do + if [[ -e "${pacstrap_dir}/boot/${_file}" ]]; then + _available_ucodes+=("${pacstrap_dir}/boot/${_file}") + fi + done + # Calculate the required FAT image size in bytes + efiboot_files+=("${pacstrap_dir}/usr/lib/systemd/boot/efi/systemd-bootx64.efi" + "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" + "${profile}/efiboot/" + "${pacstrap_dir}/boot/vmlinuz-"* + "${pacstrap_dir}/boot/initramfs-"*".img" + "${_available_ucodes[@]}") + efiboot_imgsize="$(du -bc "${efiboot_files[@]}" \ 2>/dev/null | awk 'END { print $1 }')" # Create a FAT image for the EFI system partition _make_efibootimg "$efiboot_imgsize" @@ -1190,11 +1190,11 @@ efiboot_imgsize="$(du -bc "${efiboot_files[@]}" \ # Prepare systemd-boot for El Torito booting _make_bootmode_uefi-x64.systemd-boot.eltorito() { -local bootable_dir="${1}" -local bootable="${2}" -# El Torito UEFI boot requires an image containing the EFI system partition. -# uefi-x64.systemd-boot.eltorito has the same requirements as uefi-x64.systemd-boot.esp -_run_once "_make_bootmode_uefi-x64.systemd-boot.esp_${bootable}" + local bootable_dir="${1}" + local bootable="${2}" + # El Torito UEFI boot requires an image containing the EFI system partition. + # uefi-x64.systemd-boot.eltorito has the same requirements as uefi-x64.systemd-boot.esp + _run_once "_make_bootmode_uefi-x64.systemd-boot.esp_${bootable}" # Additionally set up systemd-boot in ISO 9660. This allows creating a medium for the live environment by using # manual partitioning and simply copying the ISO 9660 file system contents. @@ -1231,62 +1231,62 @@ _run_once "_make_bootmode_uefi-x64.systemd-boot.esp_${bootable}" # Prepare systemd-boot for El Torito booting _make_bootmode_uefi-x64.systemd-boot.eltorito_iso() { -_make_bootmode_uefi-x64.systemd-boot.eltorito "${isofs_dir}" "iso" + _make_bootmode_uefi-x64.systemd-boot.eltorito "${isofs_dir}" "iso" } # Prepare systemd-boot for El Torito booting _make_bootmode_uefi-x64.systemd-boot.eltorito_keys() { -_make_bootmode_uefi-x64.systemd-boot.eltorito "${keys_isofs_dir}" "keys" + _make_bootmode_uefi-x64.systemd-boot.eltorito "${keys_isofs_dir}" "keys" } _validate_requirements_bootmode_bios.syslinux.mbr() { -# bios.syslinux.mbr requires bios.syslinux.eltorito -# shellcheck disable=SC2076 -if [[ ! " ${bootmodes[*]} " =~ ' bios.syslinux.eltorito ' ]]; then - (( validation_error=validation_error+1 )) - _msg_error "Using 'bios.syslinux.mbr' boot mode without 'bios.syslinux.eltorito' is not supported." 0 -fi - - # Check if the syslinux package is in the package list + # bios.syslinux.mbr requires bios.syslinux.eltorito # shellcheck disable=SC2076 - if [[ ! " ${pkg_list[*]} " =~ ' syslinux ' ]]; then - (( validation_error=validation_error+1 )) - _msg_error "Validating '${bootmode}': The 'syslinux' package is missing from the package list!" 0 - fi - - # Check if syslinux configuration files exist - if [[ ! -d "${profile}/syslinux" ]]; then + if [[ ! " ${bootmodes[*]} " =~ ' bios.syslinux.eltorito ' ]]; then (( validation_error=validation_error+1 )) - _msg_error "Validating '${bootmode}': The '${profile}/syslinux' directory is missing!" 0 - else - local cfgfile - for cfgfile in "${profile}/syslinux/"*'.cfg'; do - if [[ -e "${cfgfile}" ]]; then - break - else - (( validation_error=validation_error+1 )) - _msg_error "Validating '${bootmode}': No configuration file found in '${profile}/syslinux/'!" 0 - fi - done - fi - - # Check for optional packages - # shellcheck disable=SC2076 - if [[ ! " ${pkg_list[*]} " =~ ' memtest86+ ' ]]; then - _msg_info "Validating '${bootmode}': 'memtest86+' is not in the package list. Memmory testing will not be available from syslinux." + _msg_error "Using 'bios.syslinux.mbr' boot mode without 'bios.syslinux.eltorito' is not supported." 0 fi + + # Check if the syslinux package is in the package list + # shellcheck disable=SC2076 + if [[ ! " ${pkg_list[*]} " =~ ' syslinux ' ]]; then + (( validation_error=validation_error+1 )) + _msg_error "Validating '${bootmode}': The 'syslinux' package is missing from the package list!" 0 + fi + + # Check if syslinux configuration files exist + if [[ ! -d "${profile}/syslinux" ]]; then + (( validation_error=validation_error+1 )) + _msg_error "Validating '${bootmode}': The '${profile}/syslinux' directory is missing!" 0 + else + local cfgfile + for cfgfile in "${profile}/syslinux/"*'.cfg'; do + if [[ -e "${cfgfile}" ]]; then + break + else + (( validation_error=validation_error+1 )) + _msg_error "Validating '${bootmode}': No configuration file found in '${profile}/syslinux/'!" 0 + fi + done + fi + + # Check for optional packages + # shellcheck disable=SC2076 + if [[ ! " ${pkg_list[*]} " =~ ' memtest86+ ' ]]; then + _msg_info "Validating '${bootmode}': 'memtest86+' is not in the package list. Memmory testing will not be available from syslinux." + fi } _validate_requirements_bootmode_bios.syslinux.eltorito() { -# bios.syslinux.eltorito has the exact same requirements as bios.syslinux.mbr -_validate_requirements_bootmode_bios.syslinux.mbr + # bios.syslinux.eltorito has the exact same requirements as bios.syslinux.mbr + _validate_requirements_bootmode_bios.syslinux.mbr } _validate_requirements_bootmode_uefi-x64.systemd-boot.esp() { -# shellcheck disable=SC2076 -if [[ " ${bootmodes[*]} " =~ ' uefi-x64.grub.esp ' ]]; then - _msg_error "Validating '${bootmode}': cannot be used with bootmode uefi-x64.grub.esp!" 0 -fi + # shellcheck disable=SC2076 + if [[ " ${bootmodes[*]} " =~ ' uefi-x64.grub.esp ' ]]; then + _msg_error "Validating '${bootmode}': cannot be used with bootmode uefi-x64.grub.esp!" 0 + fi # Check if mkfs.fat is available if ! command -v mkfs.fat &> /dev/null; then @@ -1328,21 +1328,21 @@ fi } _validate_requirements_bootmode_uefi-x64.systemd-boot.eltorito() { -# shellcheck disable=SC2076 -if [[ " ${bootmodes[*]} " =~ ' uefi-x64.grub.eltorito ' ]]; then - _msg_error "Validating '${bootmode}': cannot be used with bootmode uefi-x64.grub.eltorito!" 0 -fi + # shellcheck disable=SC2076 + if [[ " ${bootmodes[*]} " =~ ' uefi-x64.grub.eltorito ' ]]; then + _msg_error "Validating '${bootmode}': cannot be used with bootmode uefi-x64.grub.eltorito!" 0 + fi # uefi-x64.systemd-boot.eltorito has the exact same requirements as uefi-x64.systemd-boot.esp _validate_requirements_bootmode_uefi-x64.systemd-boot.esp } _validate_requirements_bootmode_uefi-ia32.grub.esp() { -# Check if GRUB is available -if ! command -v grub-mkstandalone &> /dev/null; then - (( validation_error=validation_error+1 )) - _msg_error "Validating '${bootmode}': grub-install is not available on this host. Install 'grub'!" 0 -fi + # Check if GRUB is available + if ! command -v grub-mkstandalone &> /dev/null; then + (( validation_error=validation_error+1 )) + _msg_error "Validating '${bootmode}': grub-install is not available on this host. Install 'grub'!" 0 + fi # shellcheck disable=SC2076 if [[ " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.esp ' ]]; then @@ -1410,12 +1410,12 @@ fi } _validate_requirements_bootmode_uefi-x64.grub.eltorito() { -# shellcheck disable=SC2076 -if [[ " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.eltorito ' ]]; then - _msg_error "Validating '${bootmode}': cannot be used with bootmode uefi-x64.systemd-boot.eltorito!" 0 -fi -# uefi-x64.grub.eltorito has the exact same requirements as uefi-x64.grub.esp -_validate_requirements_bootmode_uefi-x64.grub.esp + # shellcheck disable=SC2076 + if [[ " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.eltorito ' ]]; then + _msg_error "Validating '${bootmode}': cannot be used with bootmode uefi-x64.systemd-boot.eltorito!" 0 + fi + # uefi-x64.grub.eltorito has the exact same requirements as uefi-x64.grub.esp + _validate_requirements_bootmode_uefi-x64.grub.esp } # Build airootfs filesystem image -- GitLab From b60b4dd908b5f23b624fd5eebfbb8e082abfd582 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 19:52:30 +0000 Subject: [PATCH 242/347] don't remove kernel --- archiso/mkarchiso | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 21755c0f..fea0fd1f 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1472,13 +1472,13 @@ _sign_netboot_artifacts() { local _file _dir local _files_to_sign=() _msg_info "Signing netboot artifacts..." - _dir="${isofs_dir}/${install_dir}/boot/" + _dir="${isofs_dir}/${install_dir}/boot" for _file in "${ucodes[@]}"; do - if [[ -e "${_dir}${_file}" ]]; then - _files_to_sign+=("${_dir}${_file}") + if [[ -e "${_dir}/${_file}" ]]; then + _files_to_sign+=("${_dir}/${_file}") fi done - for _file in "${_files_to_sign[@]}" "${_dir}${arch}/vmlinuz-"* "${_dir}${arch}/initramfs-"*.img; do + for _file in "${_files_to_sign[@]}" "${_dir}/${arch}/vmlinuz-"* "${_dir}/${arch}/initramfs-"*.img; do openssl cms \ -sign \ -binary \ -- GitLab From e58eefa654a093397d963bead32d3a9e1a8da6d3 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 19:55:47 +0000 Subject: [PATCH 243/347] don't remove kernel --- archiso/mkarchiso | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index fea0fd1f..2bb8a127 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -739,8 +739,8 @@ _make_boot_on_iso() { local ucode_image local boot_dir="${bootable_dir}/${install_dir}/boot/${arch}/" _msg_info "Preparing kernel and initramfs for the ISO 9660 file system..." - initramfs_files=("$(find "${work_dir}" | grep "initramfs.*img")") - vmlinuz_files=("$(find "${work_dir}" | grep "vmlinuz.*img")") + initramfs_files=("${work_dir}/$(find "${work_dir}" | grep "initramfs.*img")") + vmlinuz_files=("${work_dir}/$(find "${work_dir}" | grep "vmlinuz.*img")") _msg_info "${initramfs_files[@]}" _msg_info "${vmlinuz_files[@]}" install -d -m 0755 -- "${boot_dir}" -- GitLab From 85ba559b368b4b39303b92151ff60aef32cee37d Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 19:59:17 +0000 Subject: [PATCH 244/347] don't remove kernel --- archiso/mkarchiso | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 2bb8a127..e27e33e4 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -724,6 +724,7 @@ _make_bootmodes_keys() { # Copy kernel and initramfs to ISO 9660 _make_boot_on_iso9660() { + isofs_dir="${work_dir}/iso" _make_boot_on_iso "${isofs_dir}" } @@ -740,12 +741,12 @@ _make_boot_on_iso() { local boot_dir="${bootable_dir}/${install_dir}/boot/${arch}/" _msg_info "Preparing kernel and initramfs for the ISO 9660 file system..." initramfs_files=("${work_dir}/$(find "${work_dir}" | grep "initramfs.*img")") - vmlinuz_files=("${work_dir}/$(find "${work_dir}" | grep "vmlinuz.*img")") + vmlinuz_files=("${work_dir}/""$(find "${work_dir}" | grep "vmlinuz.*img")") _msg_info "${initramfs_files[@]}" _msg_info "${vmlinuz_files[@]}" install -d -m 0755 -- "${boot_dir}" - cp -af --no-preserve=ownership,mode -- "${initramfs_files[@]}" "${boot_dir}" - cp -af --no-preserve=ownership,mode -- "${vmlinuz_files[@]}" "${boot_dir}" + cp -af --no-preserve=ownership,mode "${initramfs_files[@]}" "${boot_dir}" + cp -af --no-preserve=ownership,mode "${vmlinuz_files[@]}" "${boot_dir}" chown 0644 "${initramfs_files[@]}" chown 0644 "${vmlinuz_files[@]}" -- GitLab From 8e7a2b964f4b587610d06fb89d4081b3cce6db7e Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 20:01:24 +0000 Subject: [PATCH 245/347] don't remove kernel --- archiso/mkarchiso | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index e27e33e4..74aabfe1 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -740,10 +740,10 @@ _make_boot_on_iso() { local ucode_image local boot_dir="${bootable_dir}/${install_dir}/boot/${arch}/" _msg_info "Preparing kernel and initramfs for the ISO 9660 file system..." - initramfs_files=("${work_dir}/$(find "${work_dir}" | grep "initramfs.*img")") - vmlinuz_files=("${work_dir}/""$(find "${work_dir}" | grep "vmlinuz.*img")") - _msg_info "${initramfs_files[@]}" - _msg_info "${vmlinuz_files[@]}" + initramfs_files=("${work_dir}/$(find "${work_dir}" | grep "initramfs..img")") + vmlinuz_files=("${work_dir}/""$(find "${work_dir}" | grep "vmlinuz..img")") + _msg_info "${initramfs_files[*]}" + _msg_info "${vmlinuz_files[*]}" install -d -m 0755 -- "${boot_dir}" cp -af --no-preserve=ownership,mode "${initramfs_files[@]}" "${boot_dir}" cp -af --no-preserve=ownership,mode "${vmlinuz_files[@]}" "${boot_dir}" -- GitLab From 729942e1b8ffaa50fad0f588d4ced7ae35d6d897 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 20:04:11 +0000 Subject: [PATCH 246/347] don't remove kernel --- archiso/mkarchiso | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 74aabfe1..1f51ba51 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -739,10 +739,11 @@ _make_boot_on_iso() { local bootable_dir="${1}" local ucode_image local boot_dir="${bootable_dir}/${install_dir}/boot/${arch}/" - _msg_info "Preparing kernel and initramfs for the ISO 9660 file system..." + _msg_info "Preparing kernel and initramfs for the ISO 9660 file system in ${bootable_dir}..." + initramfs_files=("${work_dir}/$(find "${work_dir}" | grep "initramfs..img")") vmlinuz_files=("${work_dir}/""$(find "${work_dir}" | grep "vmlinuz..img")") - _msg_info "${initramfs_files[*]}" + _msg_info "${initramfs_files}" _msg_info "${vmlinuz_files[*]}" install -d -m 0755 -- "${boot_dir}" cp -af --no-preserve=ownership,mode "${initramfs_files[@]}" "${boot_dir}" -- GitLab From f201c9b6ffa7a28a3a067f7b092fe557e9e8c1a2 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 20:05:41 +0000 Subject: [PATCH 247/347] don't remove kernel --- archiso/mkarchiso | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 1f51ba51..c2a990fe 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -743,7 +743,11 @@ _make_boot_on_iso() { initramfs_files=("${work_dir}/$(find "${work_dir}" | grep "initramfs..img")") vmlinuz_files=("${work_dir}/""$(find "${work_dir}" | grep "vmlinuz..img")") - _msg_info "${initramfs_files}" + for _file in "${initramfs_files[@]}"; do + _msg_info "${_file}" + done + + _msg_info "${initramfs_files[*]}" _msg_info "${vmlinuz_files[*]}" install -d -m 0755 -- "${boot_dir}" cp -af --no-preserve=ownership,mode "${initramfs_files[@]}" "${boot_dir}" -- GitLab From d7f197e0198b6fe66f4d2cb5d3fbdcf917c42e7b Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 20:15:00 +0000 Subject: [PATCH 248/347] don't remove kernel --- archiso/mkarchiso | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index c2a990fe..991aee40 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -737,24 +737,20 @@ _make_boot_on_keys() { # Copy kernel and initramfs to ISO 9660 _make_boot_on_iso() { local bootable_dir="${1}" - local ucode_image + local _query _src ucode_image local boot_dir="${bootable_dir}/${install_dir}/boot/${arch}/" _msg_info "Preparing kernel and initramfs for the ISO 9660 file system in ${bootable_dir}..." - initramfs_files=("${work_dir}/$(find "${work_dir}" | grep "initramfs..img")") - vmlinuz_files=("${work_dir}/""$(find "${work_dir}" | grep "vmlinuz..img")") - for _file in "${initramfs_files[@]}"; do - _msg_info "${_file}" + install -d -m 0755 -- "${boot_dir}" + for _query in ("initramfs" "vmlinuz"); do + for _file in $(find "${work_dir}" | grep "${query}..img"); do + _src="${work_dir}/${_file}" + _msg_info "${_src}" + cp -af --no-preserve=ownership,mode "${_src}" "${boot_dir}" + chmod 0644 "${boot_dir}/${_file}" + done done - _msg_info "${initramfs_files[*]}" - _msg_info "${vmlinuz_files[*]}" - install -d -m 0755 -- "${boot_dir}" - cp -af --no-preserve=ownership,mode "${initramfs_files[@]}" "${boot_dir}" - cp -af --no-preserve=ownership,mode "${vmlinuz_files[@]}" "${boot_dir}" - chown 0644 "${initramfs_files[@]}" - chown 0644 "${vmlinuz_files[@]}" - for ucode_image in "${ucodes[@]}"; do if [[ -e "${pacstrap_dir}/boot/${ucode_image}" ]]; then install -m 0644 -- "${pacstrap_dir}/boot/${ucode_image}" "${bootable_dir}/${install_dir}/boot/" -- GitLab From d3fe699ca955d81b27104aac83353c537f3623f3 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 20:17:47 +0000 Subject: [PATCH 249/347] don't remove kernel --- archiso/mkarchiso | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 991aee40..ac4061bd 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -739,10 +739,11 @@ _make_boot_on_iso() { local bootable_dir="${1}" local _query _src ucode_image local boot_dir="${bootable_dir}/${install_dir}/boot/${arch}/" + local images=("initramfs" "vmlinuz") _msg_info "Preparing kernel and initramfs for the ISO 9660 file system in ${bootable_dir}..." install -d -m 0755 -- "${boot_dir}" - for _query in ("initramfs" "vmlinuz"); do + for _query in "${images[@]}"; do for _file in $(find "${work_dir}" | grep "${query}..img"); do _src="${work_dir}/${_file}" _msg_info "${_src}" -- GitLab From 58663b32a712ddc8021a413106aa4f91cdcb1c0c Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 20:18:10 +0000 Subject: [PATCH 250/347] don't remove kernel --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index ac4061bd..b8d35684 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -744,7 +744,7 @@ _make_boot_on_iso() { install -d -m 0755 -- "${boot_dir}" for _query in "${images[@]}"; do - for _file in $(find "${work_dir}" | grep "${query}..img"); do + for _file in $(find "${work_dir}" | grep "${_query}..img"); do _src="${work_dir}/${_file}" _msg_info "${_src}" cp -af --no-preserve=ownership,mode "${_src}" "${boot_dir}" -- GitLab From 26eecf7dc1bc3537a73ae246dd45122cfc6703e4 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 20:20:40 +0000 Subject: [PATCH 251/347] don't remove kernel --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index b8d35684..744d9622 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -155,7 +155,7 @@ _cleanup_pacstrap_dir() { _msg_info "Cleaning up in pacstrap location..." # Move files from pacstrap_dir /boot - # [[ -d "${pacstrap_dir}/boot" ]] && mv "${pacstrap_dir}/boot" "${work_dir}" + [[ -d "${pacstrap_dir}/boot" ]] && mv "${pacstrap_dir}/boot" "${work_dir}" # Delete pacman database sync cache files (*.tar.gz) [[ -d "${pacstrap_dir}/var/lib/pacman" ]] && find "${pacstrap_dir}/var/lib/pacman" -maxdepth 1 -type f -delete # Delete pacman database sync cache -- GitLab From 76b9b7d941e25719d8305b80db66263a409c517f Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 20:29:15 +0000 Subject: [PATCH 252/347] don't remove kernel --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 744d9622..4fe26e86 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -155,7 +155,7 @@ _cleanup_pacstrap_dir() { _msg_info "Cleaning up in pacstrap location..." # Move files from pacstrap_dir /boot - [[ -d "${pacstrap_dir}/boot" ]] && mv "${pacstrap_dir}/boot" "${work_dir}" + [[ -d "${pacstrap_dir}/boot" ]] && mv "${pacstrap_dir}/boot" "${work_dir}/keys_iso" # Delete pacman database sync cache files (*.tar.gz) [[ -d "${pacstrap_dir}/var/lib/pacman" ]] && find "${pacstrap_dir}/var/lib/pacman" -maxdepth 1 -type f -delete # Delete pacman database sync cache -- GitLab From b044fa4b68176aaba0ea8089f53b55e4803b359f Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 20:32:58 +0000 Subject: [PATCH 253/347] don't remove kernel --- archiso/mkarchiso | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 4fe26e86..64891d6e 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -155,7 +155,10 @@ _cleanup_pacstrap_dir() { _msg_info "Cleaning up in pacstrap location..." # Move files from pacstrap_dir /boot - [[ -d "${pacstrap_dir}/boot" ]] && mv "${pacstrap_dir}/boot" "${work_dir}/keys_iso" + if [[ "${buildmodes[*]}" ~= keys ]]; then + install -d -m 0755 "${work_dir}/keys_iso" + [[ -d "${pacstrap_dir}/boot" ]] && mv "${pacstrap_dir}/boot" "${work_dir}/keys_iso" + fi # Delete pacman database sync cache files (*.tar.gz) [[ -d "${pacstrap_dir}/var/lib/pacman" ]] && find "${pacstrap_dir}/var/lib/pacman" -maxdepth 1 -type f -delete # Delete pacman database sync cache -- GitLab From c7169b0c770bd06e8fe215963192867ffaf18c63 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 20:34:07 +0000 Subject: [PATCH 254/347] don't remove kernel --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 64891d6e..39abc40b 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -155,7 +155,7 @@ _cleanup_pacstrap_dir() { _msg_info "Cleaning up in pacstrap location..." # Move files from pacstrap_dir /boot - if [[ "${buildmodes[*]}" ~= keys ]]; then + if [[ "${buildmodes[*]}" ~= ' keys ' ]]; then install -d -m 0755 "${work_dir}/keys_iso" [[ -d "${pacstrap_dir}/boot" ]] && mv "${pacstrap_dir}/boot" "${work_dir}/keys_iso" fi -- GitLab From e5eda725e244e582e11a3bd03fcc465aa6ca8b63 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 20:35:05 +0000 Subject: [PATCH 255/347] don't remove kernel --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 39abc40b..dab66728 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -155,7 +155,7 @@ _cleanup_pacstrap_dir() { _msg_info "Cleaning up in pacstrap location..." # Move files from pacstrap_dir /boot - if [[ "${buildmodes[*]}" ~= ' keys ' ]]; then + if [[ " ${buildmodes[*]} " ~= ' keys ' ]]; then install -d -m 0755 "${work_dir}/keys_iso" [[ -d "${pacstrap_dir}/boot" ]] && mv "${pacstrap_dir}/boot" "${work_dir}/keys_iso" fi -- GitLab From 0a0520812e89a8d284040d31b541975c041af85a Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 20:36:00 +0000 Subject: [PATCH 256/347] don't remove kernel --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index dab66728..2b53f8d6 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -155,7 +155,7 @@ _cleanup_pacstrap_dir() { _msg_info "Cleaning up in pacstrap location..." # Move files from pacstrap_dir /boot - if [[ " ${buildmodes[*]} " ~= ' keys ' ]]; then + if [[ " ${buildmodes[*]} " =~ ' keys ' ]]; then install -d -m 0755 "${work_dir}/keys_iso" [[ -d "${pacstrap_dir}/boot" ]] && mv "${pacstrap_dir}/boot" "${work_dir}/keys_iso" fi -- GitLab From b1bf2bbdf79edc93b09d8340ddaaf84ee5a837c7 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 20:49:19 +0000 Subject: [PATCH 257/347] don't remove kernel --- archiso/mkarchiso | 30 ++++++++++++++++++------------ 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 2b53f8d6..9d7d772a 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -872,21 +872,27 @@ _run_once _make_bootmode_bios.syslinux.mbr_keys # Copy kernel and initramfs to FAT image _make_boot_on_fat() { local ucode_image all_ucode_images=() + local _file _queries _src _msg_info "Preparing kernel and initramfs for the FAT file system..." + _queries=("initramfs" "vmlinuz") mmd -i "${efibootimg}" \ "::/${install_dir}" "::/${install_dir}/boot" "::/${install_dir}/boot/${arch}" - mcopy -i "${efibootimg}" "${pacstrap_dir}/boot/vmlinuz-"* \ - "${pacstrap_dir}/boot/initramfs-"*".img" "::/${install_dir}/boot/${arch}/" - for ucode_image in "${ucodes[@]}"; do - if [[ -e "${pacstrap_dir}/boot/${ucode_image}" ]]; then - all_ucode_images+=("${pacstrap_dir}/boot/${ucode_image}") - fi - done - if (( ${#all_ucode_images[@]} )); then - mcopy -i "${efibootimg}" "${all_ucode_images[@]}" "::/${install_dir}/boot/" - fi - _msg_info "Done!" - } + for _query in "${_queries[@]}"; do + for _file in $(find "${work_dir}" | grep "${_query}..img"); do + _src="${work_dir}/${_file}" + mcopy -i "${efibootimg}" "${src}" "::/${install_dir}/boot/${arch}/" + done + done + for ucode_image in "${ucodes[@]}"; do + if [[ -e "${pacstrap_dir}/boot/${ucode_image}" ]]; then + all_ucode_images+=("${pacstrap_dir}/boot/${ucode_image}") + fi + done + if (( ${#all_ucode_images[@]} )); then + mcopy -i "${efibootimg}" "${all_ucode_images[@]}" "::/${install_dir}/boot/" + fi + _msg_info "Done!" +} # Create a FAT image (efiboot.img) which will serve as the EFI system partition # $1: image size in bytes -- GitLab From 75ac2d8f98e767c9a1e7e2ceb1407dac540c8cfa Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 20:50:04 +0000 Subject: [PATCH 258/347] don't remove kernel --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 9d7d772a..b49939cf 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -880,7 +880,7 @@ _make_boot_on_fat() { for _query in "${_queries[@]}"; do for _file in $(find "${work_dir}" | grep "${_query}..img"); do _src="${work_dir}/${_file}" - mcopy -i "${efibootimg}" "${src}" "::/${install_dir}/boot/${arch}/" + mcopy -i "${efibootimg}" "${_src}" "::/${install_dir}/boot/${arch}/" done done for ucode_image in "${ucodes[@]}"; do -- GitLab From c9a822a2fd9e0197f8cd2b4c38358934718b0b34 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 20:58:31 +0000 Subject: [PATCH 259/347] fix typo --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index b49939cf..7ce80df6 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1728,7 +1728,7 @@ _add_xorrisofs_options_bios.syslinux.eltorito_iso() { xorrisofs_options+=("$(_add_xorrisofs_options_bios.syslinux.eltorito "${xorrisofs_options[@]}")") } -_add_xorrisofs_options_uefi-bios.syslinux.eltorito_keys() { +_add_xorrisofs_options_bios.syslinux.eltorito_keys() { keys_xorrisofs_options+=("$(_add_xorrisofs_options_bios.syslinux.eltorito "${keys_xorrisofs_options[@]}")") } -- GitLab From 554e0c2476dd26010f38338648414da10f359aec Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sun, 24 Jul 2022 21:05:54 +0000 Subject: [PATCH 260/347] fix typo --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 7ce80df6..1dcbc471 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1776,7 +1776,7 @@ _add_xorrisofs_options_uefi-ia32.grub.esp_iso() { xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.grub.esp "${xorrisofs_options[@]}")") } -_add_xorrisofs_options_uefi-x64.grub.esp_keys() { +_add_xorrisofs_options_uefi-ia32.grub.esp_keys() { keys_xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.grub.esp "${keys_xorrisofs_options[@]}")") } -- GitLab From 8e6ccf2fc619d4823c4bf6e284011e62ea7269af Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 25 Jul 2022 08:15:57 +0000 Subject: [PATCH 261/347] working --- archiso/mkarchiso | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 1dcbc471..788d48d4 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1712,16 +1712,14 @@ _add_xorrisofs_options_persistent_partition() { # SYSLINUX El Torito _add_xorrisofs_options_bios.syslinux.eltorito() { -local _xorrisofs_options=("$@") -_xorrisofs_options+=( -# El Torito boot image for x86 BIOS -'-eltorito-boot' 'syslinux/isolinux.bin' -# El Torito boot catalog file -'-eltorito-catalog' 'syslinux/boot.cat' -# Required options to boot with ISOLINUX -'-no-emul-boot' '-boot-load-size' '4' '-boot-info-table' -) -echo "${_xorrisofs_options[@]}" + local _xorrisofs_options=("$@") + _xorrisofs_options+=(# El Torito boot image for x86 BIOS + '-eltorito-boot' 'syslinux/isolinux.bin' + # El Torito boot catalog file + '-eltorito-catalog' 'syslinux/boot.cat' + # Required options to boot with ISOLINUX + '-no-emul-boot' '-boot-load-size' '4' '-boot-info-table') + echo "${_xorrisofs_options[@]}" } _add_xorrisofs_options_bios.syslinux.eltorito_iso() { @@ -2014,7 +2012,7 @@ _build_keys_image() { # Add required xorrisofs options for each boot mode for bootmode in "${bootmodes[@]}"; do - xorriso_options=("$("_add_xorrisofs_options_${bootmode}_keys" "${keys_xorriso_options[@]}")") + keys_xorriso_options=("$("_add_xorrisofs_options_${bootmode}_keys" "${keys_xorriso_options[@]}")") done [[ -d "${out_dir}" ]] || install -d -- "${out_dir}" @@ -2023,7 +2021,7 @@ _build_keys_image() { # The when xorriso is run in mkisofs compatibility mode (xorrisofs), the mkisofs option -quiet is interpreted # too late (e.g. messages about SOURCE_DATE_EPOCH still get shown). # Instead use native xorriso option to silence the output. - keys_xorriso_options=('-report_about' 'SORRY' "${keys_xorriso_options[@]}") + keys_xorriso_options+=('-report_about' 'SORRY' "${keys_xorriso_options[@]}") fi # Update SORCE_DATE_EPOCH for keys ISO UUID @@ -2031,7 +2029,7 @@ _build_keys_image() { rm -f -- "${out_dir}/${image_name}" _msg_info "Creating ISO image..." - _msg_info "xorrisofs options: ${keys_xorriso_options[*]}" + _msg_info "xorriso options: ${keys_xorriso_options[*]}" _msg_info "xorrisofs options: ${keys_xorrisofs_options[*]}" xorriso "${keys_xorriso_options[@]}" -as mkisofs \ -iso-level 3 \ -- GitLab From f7c49c2af6ace217f8aac7955e2b93958c21c032 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 25 Jul 2022 08:23:07 +0000 Subject: [PATCH 262/347] working --- archiso/mkarchiso | 338 +++++++++++++++++++++++----------------------- 1 file changed, 169 insertions(+), 169 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 788d48d4..094f97cb 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1723,11 +1723,11 @@ _add_xorrisofs_options_bios.syslinux.eltorito() { } _add_xorrisofs_options_bios.syslinux.eltorito_iso() { -xorrisofs_options+=("$(_add_xorrisofs_options_bios.syslinux.eltorito "${xorrisofs_options[@]}")") + xorrisofs_options=("$(_add_xorrisofs_options_bios.syslinux.eltorito "${xorrisofs_options[@]}")") } _add_xorrisofs_options_bios.syslinux.eltorito_keys() { -keys_xorrisofs_options+=("$(_add_xorrisofs_options_bios.syslinux.eltorito "${keys_xorrisofs_options[@]}")") + keys_xorrisofs_options=("$(_add_xorrisofs_options_bios.syslinux.eltorito "${keys_xorrisofs_options[@]}")") } # SYSLINUX MBR (isohybrid) @@ -1751,183 +1751,183 @@ echo "${_xorrisofs_options[@]}" } _add_xorrisofs_options_bios.syslinux.mbr_iso() { -xorrisofs_options=("$(_add_xorrisofs_options_bios.syslinux.mbr "${isofs_dir}" "${xorrisofs_options[@]}")") + xorrisofs_options=("$(_add_xorrisofs_options_bios.syslinux.mbr "${isofs_dir}" "${xorrisofs_options[@]}")") } _add_xorrisofs_options_bios.syslinux.mbr_keys() { -keys_xorrisofs_options=("$(_add_xorrisofs_options_bios.syslinux.mbr "${keys_isofs_dir}" "${keys_xorrisofs_options[@]}")") + keys_xorrisofs_options=("$(_add_xorrisofs_options_bios.syslinux.mbr "${keys_isofs_dir}" "${keys_xorrisofs_options[@]}")") } # GRUB in an attached EFI system partition _add_xorrisofs_options_uefi-ia32.grub.esp() { -local _xorrisofs_options=("$@") -# TODO: how does the bootmodes systemd-boot vs x64.grub affect ${bootmodes[*]} tests in _add_xorrisofs_options_uefi-x64.systemd-boot.esp etc? -# shellcheck disable=SC2076 -if [[ ! " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.esp ' && ! " ${bootmodes[*]} " =~ ' uefi-x64.grub.esp ' ]]; then - # _add_xorrisofs_options_uefi-x64.systemd-boot.esp - _xorrisofs_options+=("$(_add_xorrisofs_options_uefi-x64.grub.esp)") -fi -echo "${_xorrisofs_options[@]}" + local _xorrisofs_options=("$@") + # TODO: how does the bootmodes systemd-boot vs x64.grub affect ${bootmodes[*]} tests in _add_xorrisofs_options_uefi-x64.systemd-boot.esp etc? + # shellcheck disable=SC2076 + if [[ ! " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.esp ' && ! " ${bootmodes[*]} " =~ ' uefi-x64.grub.esp ' ]]; then + # _add_xorrisofs_options_uefi-x64.systemd-boot.esp + _xorrisofs_options+=("$(_add_xorrisofs_options_uefi-x64.grub.esp)") + fi + echo "${_xorrisofs_options[@]}" } _add_xorrisofs_options_uefi-ia32.grub.esp_iso() { -xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.grub.esp "${xorrisofs_options[@]}")") + xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.grub.esp "${xorrisofs_options[@]}")") } _add_xorrisofs_options_uefi-ia32.grub.esp_keys() { -keys_xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.grub.esp "${keys_xorrisofs_options[@]}")") + keys_xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.grub.esp "${keys_xorrisofs_options[@]}")") } # GRUB via El Torito _add_xorrisofs_options_uefi-ia32.grub.eltorito() { -local _xorrisofs_options=("$@") -# shellcheck disable=SC2076 -if [[ ! " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.eltorito ' && ! " ${bootmodes[*]} " =~ ' uefi-x64.grub.eltorito ' ]]; then - # _add_xorrisofs_options_uefi-x64.systemd-boot.eltorito - _xorrisofs_options+=("$(_add_xorrisofs_options_uefi-x64.grub.eltorito "${xorrisofs_options[@]}")") -fi + local _xorrisofs_options=("$@") + # shellcheck disable=SC2076 + if [[ ! " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.eltorito ' && ! " ${bootmodes[*]} " =~ ' uefi-x64.grub.eltorito ' ]]; then + # _add_xorrisofs_options_uefi-x64.systemd-boot.eltorito + _xorrisofs_options+=("$(_add_xorrisofs_options_uefi-x64.grub.eltorito "${xorrisofs_options[@]}")") + fi } _add_xorrisofs_options_uefi-ia32.grub.eltorito_iso() { -xorrisofs_options=("$(_add_xorrisofs_options_uefi-ia32.grub.eltorito "${xorrisofs_options[@]}")") + xorrisofs_options=("$(_add_xorrisofs_options_uefi-ia32.grub.eltorito "${xorrisofs_options[@]}")") } _add_xorrisofs_options_uefi-ia32.grub.eltorito_keys() { -keys_xorrisofs_options=("$(_add_xorrisofs_options_uefi-ia32.grub.eltorito "${keys_xorrisofs_options[@]}")") + keys_xorrisofs_options=("$(_add_xorrisofs_options_uefi-ia32.grub.eltorito "${keys_xorrisofs_options[@]}")") } # systemd-boot in an attached EFI system partition _add_xorrisofs_options_uefi-x64.systemd-boot.esp() { -local _xorrisofs_options=("$@") -# Move the first partition away from the start of the ISO, otherwise the GPT will not be valid and ISO 9660 -# partition will not be mountable -# shellcheck disable=SC2076 -[[ " ${_xorrisofs_options[*]} " =~ ' -partition_offset ' ]] || _xorrisofs_options+=('-partition_offset' '16') -# Attach efiboot.img as a second partition and set its partition type to "EFI system partition" -_xorrisofs_options+=('-append_partition' '2' 'C12A7328-F81F-11D2-BA4B-00A0C93EC93B' "${efibootimg}") -if [ "${persistent_size_kib}" != "" ]; then - # READ - _xorrisofs_options+=("$(_add_xorrisofs_options_persistent_partition "${_xorrisofs_options[@]}")") -fi -# Ensure GPT is used as some systems do not support UEFI booting without it -# shellcheck disable=SC2076 -if [[ " ${bootmodes[*]} " =~ ' bios.syslinux.mbr ' ]]; then - # A valid GPT prevents BIOS booting on some systems, instead use an invalid GPT (without a protective MBR). - # The attached partition will have the EFI system partition type code in MBR, but in the invalid GPT it will - # have a Microsoft basic partition type code. - if [[ ! " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.eltorito ' && ! " ${bootmodes[*]} " =~ ' uefi-ia32.grub.eltorito ' ]]; then - # If '-isohybrid-gpt-basdat' is specified before '-e', then the appended EFI system partition will have the - # EFI system partition type ID/GUID in both MBR and GPT. If '-isohybrid-gpt-basdat' is specified after '-e', - # the appended EFI system partition will have the Microsoft basic data type GUID in GPT. - if [[ ! " ${_xorrisofs_options[*]} " =~ ' -isohybrid-gpt-basdat ' ]]; then - _xorrisofs_options+=('-isohybrid-gpt-basdat') + local _xorrisofs_options=("$@") + # Move the first partition away from the start of the ISO, otherwise the GPT will not be valid and ISO 9660 + # partition will not be mountable + # shellcheck disable=SC2076 + [[ " ${_xorrisofs_options[*]} " =~ ' -partition_offset ' ]] || _xorrisofs_options+=('-partition_offset' '16') + # Attach efiboot.img as a second partition and set its partition type to "EFI system partition" + _xorrisofs_options+=('-append_partition' '2' 'C12A7328-F81F-11D2-BA4B-00A0C93EC93B' "${efibootimg}") + if [ "${persistent_size_kib}" != "" ]; then + # READ + _xorrisofs_options+=("$(_add_xorrisofs_options_persistent_partition "${_xorrisofs_options[@]}")") + fi + # Ensure GPT is used as some systems do not support UEFI booting without it + # shellcheck disable=SC2076 + if [[ " ${bootmodes[*]} " =~ ' bios.syslinux.mbr ' ]]; then + # A valid GPT prevents BIOS booting on some systems, instead use an invalid GPT (without a protective MBR). + # The attached partition will have the EFI system partition type code in MBR, but in the invalid GPT it will + # have a Microsoft basic partition type code. + if [[ ! " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.eltorito ' && ! " ${bootmodes[*]} " =~ ' uefi-ia32.grub.eltorito ' ]]; then + # If '-isohybrid-gpt-basdat' is specified before '-e', then the appended EFI system partition will have the + # EFI system partition type ID/GUID in both MBR and GPT. If '-isohybrid-gpt-basdat' is specified after '-e', + # the appended EFI system partition will have the Microsoft basic data type GUID in GPT. + if [[ ! " ${_xorrisofs_options[*]} " =~ ' -isohybrid-gpt-basdat ' ]]; then + _xorrisofs_options+=('-isohybrid-gpt-basdat') + fi fi + else + # Use valid GPT if BIOS booting support will not be required + _xorrisofs_options+=('-appended_part_as_gpt') fi -else - # Use valid GPT if BIOS booting support will not be required - _xorrisofs_options+=('-appended_part_as_gpt') -fi -echo "${_xorrisofs_options[@]}" + echo "${_xorrisofs_options[@]}" } _add_xorrisofs_options_uefi-x64.systemd-boot.esp_iso() { -xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.systemd-boot.esp "${xorrisofs_options[@]}")") + xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.systemd-boot.esp "${xorrisofs_options[@]}")") } _add_xorrisofs_options_uefi-x64.systemd-boot.esp_keys() { -keys_xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.systemd-boot.esp "${keys_xorrisofs_options[@]}")") + keys_xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.systemd-boot.esp "${keys_xorrisofs_options[@]}")") } # systemd-boot via El Torito _add_xorrisofs_options_uefi-x64.systemd-boot.eltorito() { -local bootable_dir="${1}" -shift -local _xorrisofs_options=("$@") -# shellcheck disable=SC2076 -if [[ " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.esp ' || " ${bootmodes[*]} " =~ ' uefi-ia32.grub.esp ' ]]; then - # systemd-boot in an attached EFI system partition via El Torito - _xorrisofs_options+=( - # Start a new El Torito boot entry for UEFI - '-eltorito-alt-boot' - # Set the second partition as the El Torito UEFI boot image - '-e' '--interval:appended_partition_2:all::' - # Boot image is not emulating floppy or hard disk; required for all known boot loaders - '-no-emul-boot' -) -# A valid GPT prevents BIOS booting on some systems, use an invalid GPT instead. -if [[ " ${bootmodes[*]} " =~ ' bios.syslinux.mbr ' ]]; then - # If '-isohybrid-gpt-basdat' is specified before '-e', then the appended EFI system partition will have the - # EFI system partition type ID/GUID in both MBR and GPT. If '-isohybrid-gpt-basdat' is specified after '-e', - # the appended EFI system partition will have the Microsoft basic data type GUID in GPT. - if [[ ! " ${xorrisofs_options[*]} " =~ ' -isohybrid-gpt-basdat ' ]]; then - _xorrisofs_options+=('-isohybrid-gpt-basdat') + local bootable_dir="${1}" + shift + local _xorrisofs_options=("$@") + # shellcheck disable=SC2076 + if [[ " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.esp ' || " ${bootmodes[*]} " =~ ' uefi-ia32.grub.esp ' ]]; then + # systemd-boot in an attached EFI system partition via El Torito + _xorrisofs_options+=( + # Start a new El Torito boot entry for UEFI + '-eltorito-alt-boot' + # Set the second partition as the El Torito UEFI boot image + '-e' '--interval:appended_partition_2:all::' + # Boot image is not emulating floppy or hard disk; required for all known boot loaders + '-no-emul-boot' + ) + # A valid GPT prevents BIOS booting on some systems, use an invalid GPT instead. + if [[ " ${bootmodes[*]} " =~ ' bios.syslinux.mbr ' ]]; then + # If '-isohybrid-gpt-basdat' is specified before '-e', then the appended EFI system partition will have the + # EFI system partition type ID/GUID in both MBR and GPT. If '-isohybrid-gpt-basdat' is specified after '-e', + # the appended EFI system partition will have the Microsoft basic data type GUID in GPT. + if [[ ! " ${xorrisofs_options[*]} " =~ ' -isohybrid-gpt-basdat ' ]]; then + _xorrisofs_options+=('-isohybrid-gpt-basdat') + fi fi -fi -else - # The ISO will not contain a GPT partition table, so to be able to reference efiboot.img, place it as a - # file inside the ISO 9660 file system - install -d -m 0755 -- "${bootable_dir}/EFI/archiso" - cp -a -- "${efibootimg}" "${bootable_dir}/EFI/archiso/efiboot.img" - # systemd-boot in an embedded efiboot.img via El Torito - _xorrisofs_options+=( - # Start a new El Torito boot entry for UEFI - '-eltorito-alt-boot' - # Set efiboot.img as the El Torito UEFI boot image - '-e' 'EFI/archiso/efiboot.img' - # Boot image is not emulating floppy or hard disk; required for all known boot loaders - '-no-emul-boot' -) -fi -# Specify where to save the El Torito boot catalog file in case it is not already set by bios.syslinux.eltorito -# shellcheck disable=SC2076 -[[ " ${bootmodes[*]} " =~ ' bios.' ]] || _xorrisofs_options+=('-eltorito-catalog' 'EFI/boot.cat') -echo "${_xorrisofs_options[@]}" + else + # The ISO will not contain a GPT partition table, so to be able to reference efiboot.img, place it as a + # file inside the ISO 9660 file system + install -d -m 0755 -- "${bootable_dir}/EFI/archiso" + cp -a -- "${efibootimg}" "${bootable_dir}/EFI/archiso/efiboot.img" + # systemd-boot in an embedded efiboot.img via El Torito + _xorrisofs_options+=( + # Start a new El Torito boot entry for UEFI + '-eltorito-alt-boot' + # Set efiboot.img as the El Torito UEFI boot image + '-e' 'EFI/archiso/efiboot.img' + # Boot image is not emulating floppy or hard disk; required for all known boot loaders + '-no-emul-boot' + ) + fi + # Specify where to save the El Torito boot catalog file in case it is not already set by bios.syslinux.eltorito + # shellcheck disable=SC2076 + [[ " ${bootmodes[*]} " =~ ' bios.' ]] || _xorrisofs_options+=('-eltorito-catalog' 'EFI/boot.cat') + echo "${_xorrisofs_options[@]}" } _add_xorrisofs_options_uefi-x64.systemd-boot.eltorito_iso() { -xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.systemd-boot.eltorito "${isofs_dir}" "${xorrisofs_options[@]}")") + xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.systemd-boot.eltorito "${isofs_dir}" "${xorrisofs_options[@]}")") } _add_xorrisofs_options_uefi-x64.systemd-boot.eltorito_keys() { -keys_xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.systemd-boot.eltorito "${keys_isofs_dir}" "${keys_xorrisofs_options[@]}")") + keys_xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.systemd-boot.eltorito "${keys_isofs_dir}" "${keys_xorrisofs_options[@]}")") } # GRUB in an attached EFI system partition. # Same as _add_xorrisofs_options_uefi-x64.systemd-boot.esp. _add_xorrisofs_options_uefi-x64.grub.esp() { -local _xorrisofs_options=("$@") -# Move the first partition away from the start of the ISO, otherwise the GPT will not be valid and ISO 9660 -# partition will not be mountable -# shellcheck disable=SC2076 -[[ " ${_xorrisofs_options[*]} " =~ ' -partition_offset ' ]] || _xorrisofs_options+=('-partition_offset' '16') -# Attach efiboot.img as a second partition and set its partition type to "EFI system partition" -_xorrisofs_options+=('-append_partition' '2' 'C12A7328-F81F-11D2-BA4B-00A0C93EC93B' "${work_dir}/efiboot.img") -if [ "${persistent_size_kib}" != "" ]; then - _xorrisofs_options=("$(_add_xorrisofs_options_persistent_partition "${_xorrisofs_options[@]}")") -fi -# Ensure GPT is used as some systems do not support UEFI booting without it -# shellcheck disable=SC2076 -if [[ " ${bootmodes[*]} " =~ ' bios.syslinux.mbr ' ]]; then - # A valid GPT prevents BIOS booting on some systems, instead use an invalid GPT (without a protective MBR). - # The attached partition will have the EFI system partition type code in MBR, but in the invalid GPT it will - # have a Microsoft basic partition type code. - if [[ ! " ${bootmodes[*]} " =~ ' uefi-x64.grub.eltorito ' && ! " ${bootmodes[*]} " =~ ' uefi-ia32.grub.eltorito ' ]]; then - # If '-isohybrid-gpt-basdat' is specified before '-e', then the appended EFI system partition will have the - # EFI system partition type ID/GUID in both MBR and GPT. If '-isohybrid-gpt-basdat' is specified after '-e', - # the appended EFI system partition will have the Microsoft basic data type GUID in GPT. - if [[ ! " ${xorrisofs_options[*]} " =~ ' -isohybrid-gpt-basdat ' ]]; then - _xorrisofs_options+=('-isohybrid-gpt-basdat') + local _xorrisofs_options=("$@") + # Move the first partition away from the start of the ISO, otherwise the GPT will not be valid and ISO 9660 + # partition will not be mountable + # shellcheck disable=SC2076 + [[ " ${_xorrisofs_options[*]} " =~ ' -partition_offset ' ]] || _xorrisofs_options+=('-partition_offset' '16') + # Attach efiboot.img as a second partition and set its partition type to "EFI system partition" + _xorrisofs_options+=('-append_partition' '2' 'C12A7328-F81F-11D2-BA4B-00A0C93EC93B' "${work_dir}/efiboot.img") + if [ "${persistent_size_kib}" != "" ]; then + _xorrisofs_options=("$(_add_xorrisofs_options_persistent_partition "${_xorrisofs_options[@]}")") + fi + # Ensure GPT is used as some systems do not support UEFI booting without it + # shellcheck disable=SC2076 + if [[ " ${bootmodes[*]} " =~ ' bios.syslinux.mbr ' ]]; then + # A valid GPT prevents BIOS booting on some systems, instead use an invalid GPT (without a protective MBR). + # The attached partition will have the EFI system partition type code in MBR, but in the invalid GPT it will + # have a Microsoft basic partition type code. + if [[ ! " ${bootmodes[*]} " =~ ' uefi-x64.grub.eltorito ' && ! " ${bootmodes[*]} " =~ ' uefi-ia32.grub.eltorito ' ]]; then + # If '-isohybrid-gpt-basdat' is specified before '-e', then the appended EFI system partition will have the + # EFI system partition type ID/GUID in both MBR and GPT. If '-isohybrid-gpt-basdat' is specified after '-e', + # the appended EFI system partition will have the Microsoft basic data type GUID in GPT. + if [[ ! " ${xorrisofs_options[*]} " =~ ' -isohybrid-gpt-basdat ' ]]; then + _xorrisofs_options+=('-isohybrid-gpt-basdat') + fi fi + else + # Use valid GPT if BIOS booting support will not be required + _xorrisofs_options+=('-appended_part_as_gpt') fi -else - # Use valid GPT if BIOS booting support will not be required - _xorrisofs_options+=('-appended_part_as_gpt') -fi -echo "${_xorrisofs_options[@]}" -} - + echo "${_xorrisofs_options[@]}" + } + _add_xorrisofs_options_uefi-x64.grub.esp_iso() { -xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.grub.esp "${xorrisofs_options[@]}")") + xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.grub.esp "${xorrisofs_options[@]}")") } _add_xorrisofs_options_uefi-x64.grub.esp_keys() { @@ -1937,56 +1937,56 @@ keys_xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.grub.esp "${keys_xorr # GRUB via El Torito # Same as _add_xorrisofs_options_uefi-x64.systemd-boot.eltorito. _add_xorrisofs_options_uefi-x64.grub.eltorito() { -local bootable_dir="${1}" -shift -local _xorrisofs_options=("$@") -# shellcheck disable=SC2076 -if [[ " ${bootmodes[*]} " =~ ' uefi-x64.grub.esp ' || " ${bootmodes[*]} " =~ ' uefi-ia32.grub.esp ' ]]; then - # grub in an attached EFI system partition via El Torito - xorrisofs_options+=( - # Start a new El Torito boot entry for UEFI - '-eltorito-alt-boot' - # Set the second partition as the El Torito UEFI boot image - '-e' '--interval:appended_partition_2:all::' - # Boot image is not emulating floppy or hard disk; required for all known boot loaders - '-no-emul-boot' -) -# A valid GPT prevents BIOS booting on some systems, use an invalid GPT instead. -if [[ " ${bootmodes[*]} " =~ ' bios.syslinux.mbr ' ]]; then - # If '-isohybrid-gpt-basdat' is specified before '-e', then the appended EFI system partition will have the - # EFI system partition type ID/GUID in both MBR and GPT. If '-isohybrid-gpt-basdat' is specified after '-e', - # the appended EFI system partition will have the Microsoft basic data type GUID in GPT. - if [[ ! " ${_xorrisofs_options[*]} " =~ ' -isohybrid-gpt-basdat ' ]]; then - _xorrisofs_options+=('-isohybrid-gpt-basdat') + local bootable_dir="${1}" + shift + local _xorrisofs_options=("$@") + # shellcheck disable=SC2076 + if [[ " ${bootmodes[*]} " =~ ' uefi-x64.grub.esp ' || " ${bootmodes[*]} " =~ ' uefi-ia32.grub.esp ' ]]; then + # grub in an attached EFI system partition via El Torito + xorrisofs_options+=( + # Start a new El Torito boot entry for UEFI + '-eltorito-alt-boot' + # Set the second partition as the El Torito UEFI boot image + '-e' '--interval:appended_partition_2:all::' + # Boot image is not emulating floppy or hard disk; required for all known boot loaders + '-no-emul-boot' + ) + # A valid GPT prevents BIOS booting on some systems, use an invalid GPT instead. + if [[ " ${bootmodes[*]} " =~ ' bios.syslinux.mbr ' ]]; then + # If '-isohybrid-gpt-basdat' is specified before '-e', then the appended EFI system partition will have the + # EFI system partition type ID/GUID in both MBR and GPT. If '-isohybrid-gpt-basdat' is specified after '-e', + # the appended EFI system partition will have the Microsoft basic data type GUID in GPT. + if [[ ! " ${_xorrisofs_options[*]} " =~ ' -isohybrid-gpt-basdat ' ]]; then + _xorrisofs_options+=('-isohybrid-gpt-basdat') + fi fi -fi -else - # The ISO will not contain a GPT partition table, so to be able to reference efiboot.img, place it as a - # file inside the ISO 9660 file system - install -d -m 0755 -- "${bootable_dir}/EFI/archiso" - cp -a -- "${efibootimg}" "${bootable_dir}/EFI/archiso/efiboot.img" - # grub in an embedded efiboot.img via El Torito - _xorrisofs_options+=( - # Start a new El Torito boot entry for UEFI - '-eltorito-alt-boot' - # Set efiboot.img as the El Torito UEFI boot image - '-e' 'EFI/archiso/efiboot.img' - # Boot image is not emulating floppy or hard disk; required for all known boot loaders - '-no-emul-boot' -) -fi -# Specify where to save the El Torito boot catalog file in case it is not already set by bios.syslinux.eltorito -# shellcheck disable=SC2076 -[[ " ${bootmodes[*]} " =~ ' bios.' ]] || _xorrisofs_options+=('-eltorito-catalog' 'EFI/boot.cat') -echo "${_xorrisofs_options[@]}" + else + # The ISO will not contain a GPT partition table, so to be able to reference efiboot.img, place it as a + # file inside the ISO 9660 file system + install -d -m 0755 -- "${bootable_dir}/EFI/archiso" + cp -a -- "${efibootimg}" "${bootable_dir}/EFI/archiso/efiboot.img" + # grub in an embedded efiboot.img via El Torito + _xorrisofs_options+=( + # Start a new El Torito boot entry for UEFI + '-eltorito-alt-boot' + # Set efiboot.img as the El Torito UEFI boot image + '-e' 'EFI/archiso/efiboot.img' + # Boot image is not emulating floppy or hard disk; required for all known boot loaders + '-no-emul-boot' + ) + fi + # Specify where to save the El Torito boot catalog file in case it is not already set by bios.syslinux.eltorito + # shellcheck disable=SC2076 + [[ " ${bootmodes[*]} " =~ ' bios.' ]] || _xorrisofs_options+=('-eltorito-catalog' 'EFI/boot.cat') + echo "${_xorrisofs_options[@]}" } _add_xorrisofs_options_uefi-x64.grub.eltorito_iso() { -xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.grub.eltorito "${isofs_dir}" "${xorrisofs_options[@]}")") + xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.grub.eltorito "${isofs_dir}" "${xorrisofs_options[@]}")") } _add_xorrisofs_options_uefi-x64.grub.eltorito_keys() { -keys_xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.systemd-boot.eltorito "${keys_isofs_dir}" "${keys_xorrisofs_options[@]}")") + keys_xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.systemd-boot.eltorito "${keys_isofs_dir}" "${keys_xorrisofs_options[@]}")") } # Build bootstrap image @@ -2060,7 +2060,7 @@ _build_iso_image() { # The when xorriso is run in mkisofs compatibility mode (xorrisofs), the mkisofs option -quiet is interpreted # too late (e.g. messages about SOURCE_DATE_EPOCH still get shown). # Instead use native xorriso option to silence the output. - xorriso_options=('-report_about' 'SORRY' "${xorriso_options[@]}") + xorriso_options+=('-report_about' 'SORRY' "${xorriso_options[@]}") fi # Add required xorrisofs options for each boot mode -- GitLab From cfc5dd4f57b802d1dbb38c75b96c49e9a428bace Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 25 Jul 2022 12:07:50 +0000 Subject: [PATCH 263/347] working --- archiso/mkarchiso | 86 +++++++++++++++++++++++++---------------------- 1 file changed, 46 insertions(+), 40 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 094f97cb..42fd8b60 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -39,9 +39,13 @@ bootmodes=() airootfs_image_type="" airootfs_image_tool_options=() airootfs_img_dir="" +xorriso_options=() +xorrisofs_options=() keys_image_type="" keys_image_tool_options=() keys_isofs_dir="" +keys_xorriso_options=() +keys_xorrisofs_options=() cert_list=() sign_netboot_artifacts="" declare -A file_permissions=() @@ -1732,22 +1736,22 @@ _add_xorrisofs_options_bios.syslinux.eltorito_keys() { # SYSLINUX MBR (isohybrid) _add_xorrisofs_options_bios.syslinux.mbr() { -local bootable_dir="${1}" -local _xorrisofs_options=("$@") -_xorrisofs_options+=( -# SYSLINUX MBR bootstrap code; does not work without "-eltorito-boot syslinux/isolinux.bin" -'-isohybrid-mbr' "${bootable_dir}/syslinux/isohdpfx.bin" -# When GPT is used, create an additional partition in the MBR (besides 0xEE) for sectors 0–1 (MBR -# bootstrap code area) and mark it as bootable -# May allow booting on some systems -# https://wiki.archlinux.org/title/Partitioning#Tricking_old_BIOS_into_booting_from_GPT -'--mbr-force-bootable' -# Move the first partition away from the start of the ISO to match the expectations of partition editors -# May allow booting on some systems -# https://dev.lovelyhq.com/libburnia/libisoburn/src/branch/master/doc/partition_offset.wiki -'-partition_offset' '16' -) -echo "${_xorrisofs_options[@]}" + local bootable_dir="${1}" + local _xorrisofs_options=("$@") + _xorrisofs_options+=( + # SYSLINUX MBR bootstrap code; does not work without "-eltorito-boot syslinux/isolinux.bin" + '-isohybrid-mbr' "${bootable_dir}/syslinux/isohdpfx.bin" + # When GPT is used, create an additional partition in the MBR (besides 0xEE) for sectors 0–1 (MBR + # bootstrap code area) and mark it as bootable + # May allow booting on some systems + # https://wiki.archlinux.org/title/Partitioning#Tricking_old_BIOS_into_booting_from_GPT + '--mbr-force-bootable' + # Move the first partition away from the start of the ISO to match the expectations of partition editors + # May allow booting on some systems + # https://dev.lovelyhq.com/libburnia/libisoburn/src/branch/master/doc/partition_offset.wiki + '-partition_offset' '16' + ) + echo "${_xorrisofs_options[@]}" } _add_xorrisofs_options_bios.syslinux.mbr_iso() { @@ -1765,17 +1769,17 @@ _add_xorrisofs_options_uefi-ia32.grub.esp() { # shellcheck disable=SC2076 if [[ ! " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.esp ' && ! " ${bootmodes[*]} " =~ ' uefi-x64.grub.esp ' ]]; then # _add_xorrisofs_options_uefi-x64.systemd-boot.esp - _xorrisofs_options+=("$(_add_xorrisofs_options_uefi-x64.grub.esp)") + _xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.grub.esp "${_xorrisofs_options[@]}")") fi echo "${_xorrisofs_options[@]}" } _add_xorrisofs_options_uefi-ia32.grub.esp_iso() { - xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.grub.esp "${xorrisofs_options[@]}")") + xorrisofs_options=("$(_add_xorrisofs_options_uefi-ia32.grub.esp "${xorrisofs_options[@]}")") } _add_xorrisofs_options_uefi-ia32.grub.esp_keys() { - keys_xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.grub.esp "${keys_xorrisofs_options[@]}")") + keys_xorrisofs_options=("$(_add_xorrisofs_options_uefi-ia32.grub.esp "${keys_xorrisofs_options[@]}")") } # GRUB via El Torito @@ -1784,8 +1788,9 @@ _add_xorrisofs_options_uefi-ia32.grub.eltorito() { # shellcheck disable=SC2076 if [[ ! " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.eltorito ' && ! " ${bootmodes[*]} " =~ ' uefi-x64.grub.eltorito ' ]]; then # _add_xorrisofs_options_uefi-x64.systemd-boot.eltorito - _xorrisofs_options+=("$(_add_xorrisofs_options_uefi-x64.grub.eltorito "${xorrisofs_options[@]}")") + _xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.grub.eltorito "${_xorrisofs_options[@]}")") fi + echo "${_xorrisofs_options[@]}" } _add_xorrisofs_options_uefi-ia32.grub.eltorito_iso() { @@ -1807,7 +1812,7 @@ _add_xorrisofs_options_uefi-x64.systemd-boot.esp() { _xorrisofs_options+=('-append_partition' '2' 'C12A7328-F81F-11D2-BA4B-00A0C93EC93B' "${efibootimg}") if [ "${persistent_size_kib}" != "" ]; then # READ - _xorrisofs_options+=("$(_add_xorrisofs_options_persistent_partition "${_xorrisofs_options[@]}")") + _xorrisofs_options=("$(_add_xorrisofs_options_persistent_partition "${_xorrisofs_options[@]}")") fi # Ensure GPT is used as some systems do not support UEFI booting without it # shellcheck disable=SC2076 @@ -1847,12 +1852,12 @@ _add_xorrisofs_options_uefi-x64.systemd-boot.eltorito() { if [[ " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.esp ' || " ${bootmodes[*]} " =~ ' uefi-ia32.grub.esp ' ]]; then # systemd-boot in an attached EFI system partition via El Torito _xorrisofs_options+=( - # Start a new El Torito boot entry for UEFI - '-eltorito-alt-boot' - # Set the second partition as the El Torito UEFI boot image - '-e' '--interval:appended_partition_2:all::' - # Boot image is not emulating floppy or hard disk; required for all known boot loaders - '-no-emul-boot' + # Start a new El Torito boot entry for UEFI + '-eltorito-alt-boot' + # Set the second partition as the El Torito UEFI boot image + '-e' '--interval:appended_partition_2:all::' + # Boot image is not emulating floppy or hard disk; required for all known boot loaders + '-no-emul-boot' ) # A valid GPT prevents BIOS booting on some systems, use an invalid GPT instead. if [[ " ${bootmodes[*]} " =~ ' bios.syslinux.mbr ' ]]; then @@ -1931,7 +1936,7 @@ _add_xorrisofs_options_uefi-x64.grub.esp_iso() { } _add_xorrisofs_options_uefi-x64.grub.esp_keys() { -keys_xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.grub.esp "${keys_xorrisofs_options[@]}")") + keys_xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.grub.esp "${keys_xorrisofs_options[@]}")") } # GRUB via El Torito @@ -1944,12 +1949,12 @@ _add_xorrisofs_options_uefi-x64.grub.eltorito() { if [[ " ${bootmodes[*]} " =~ ' uefi-x64.grub.esp ' || " ${bootmodes[*]} " =~ ' uefi-ia32.grub.esp ' ]]; then # grub in an attached EFI system partition via El Torito xorrisofs_options+=( - # Start a new El Torito boot entry for UEFI - '-eltorito-alt-boot' - # Set the second partition as the El Torito UEFI boot image - '-e' '--interval:appended_partition_2:all::' - # Boot image is not emulating floppy or hard disk; required for all known boot loaders - '-no-emul-boot' + # Start a new El Torito boot entry for UEFI + '-eltorito-alt-boot' + # Set the second partition as the El Torito UEFI boot image + '-e' '--interval:appended_partition_2:all::' + # Boot image is not emulating floppy or hard disk; required for all known boot loaders + '-no-emul-boot' ) # A valid GPT prevents BIOS booting on some systems, use an invalid GPT instead. if [[ " ${bootmodes[*]} " =~ ' bios.syslinux.mbr ' ]]; then @@ -1967,12 +1972,12 @@ _add_xorrisofs_options_uefi-x64.grub.eltorito() { cp -a -- "${efibootimg}" "${bootable_dir}/EFI/archiso/efiboot.img" # grub in an embedded efiboot.img via El Torito _xorrisofs_options+=( - # Start a new El Torito boot entry for UEFI - '-eltorito-alt-boot' - # Set efiboot.img as the El Torito UEFI boot image - '-e' 'EFI/archiso/efiboot.img' - # Boot image is not emulating floppy or hard disk; required for all known boot loaders - '-no-emul-boot' + # Start a new El Torito boot entry for UEFI + '-eltorito-alt-boot' + # Set efiboot.img as the El Torito UEFI boot image + '-e' 'EFI/archiso/efiboot.img' + # Boot image is not emulating floppy or hard disk; required for all known boot loaders + '-no-emul-boot' ) fi # Specify where to save the El Torito boot catalog file in case it is not already set by bios.syslinux.eltorito @@ -2030,6 +2035,7 @@ _build_keys_image() { rm -f -- "${out_dir}/${image_name}" _msg_info "Creating ISO image..." _msg_info "xorriso options: ${keys_xorriso_options[*]}" + _msg_info "${keys_xorriso_options[*]}" _msg_info "xorrisofs options: ${keys_xorrisofs_options[*]}" xorriso "${keys_xorriso_options[@]}" -as mkisofs \ -iso-level 3 \ -- GitLab From 64a49e3d476a05076c188b36d6af24f1be75a0b0 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 25 Jul 2022 12:24:50 +0000 Subject: [PATCH 264/347] working --- archiso/mkarchiso | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 42fd8b60..f27c3873 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -2011,7 +2011,7 @@ _build_bootstrap_image() { } _build_keys_image() { - local keys_xorriso_options=() keys_xorrisofs_options=() + # local keys_xorriso_options=() keys_xorrisofs_options=() local keys_isofs_dir="${work_dir}/keys_iso" local bootmode @@ -2056,7 +2056,7 @@ _build_keys_image() { # Build ISO _build_iso_image() { - local xorriso_options=() xorrisofs_options=() + #local xorriso_options=() xorrisofs_options=() local isofs_dir="${work_dir}/iso" local bootmode -- GitLab From 5e28e41403b3ecf0056d76b172a75976a1ff19c2 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 25 Jul 2022 12:36:41 +0000 Subject: [PATCH 265/347] working --- archiso/mkarchiso | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index f27c3873..ef04a393 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -2017,7 +2017,7 @@ _build_keys_image() { # Add required xorrisofs options for each boot mode for bootmode in "${bootmodes[@]}"; do - keys_xorriso_options=("$("_add_xorrisofs_options_${bootmode}_keys" "${keys_xorriso_options[@]}")") + keys_xorrisofs_options=("$("_add_xorrisofs_options_${bootmode}_keys" "${keys_xorrisofs_options[@]}")") done [[ -d "${out_dir}" ]] || install -d -- "${out_dir}" @@ -2071,7 +2071,7 @@ _build_iso_image() { # Add required xorrisofs options for each boot mode for bootmode in "${bootmodes[@]}"; do - xorriso_options=("$("_add_xorrisofs_options_${bootmode}_iso" "${xorriso_options[@]}")") + xorrisofs_options=("$("_add_xorrisofs_options_${bootmode}_iso" "${xorrisofs_options[@]}")") # typeset -f "_add_xorrisofs_options_${bootmode}_iso" &> /dev/null && "_add_xorrisofs_options_${bootmode}_iso" done -- GitLab From a292d1e70683e3ebb32c268c540720cf8d4c5c86 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 25 Jul 2022 12:39:44 +0000 Subject: [PATCH 266/347] maybe fixed --- archiso/mkarchiso | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index ef04a393..b5aa1235 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -2017,7 +2017,8 @@ _build_keys_image() { # Add required xorrisofs options for each boot mode for bootmode in "${bootmodes[@]}"; do - keys_xorrisofs_options=("$("_add_xorrisofs_options_${bootmode}_keys" "${keys_xorrisofs_options[@]}")") + # keys_xorrisofs_options=("$("_add_xorrisofs_options_${bootmode}_keys" "${keys_xorrisofs_options[@]}")") + "_add_xorrisofs_options_${bootmode}_keys" done [[ -d "${out_dir}" ]] || install -d -- "${out_dir}" @@ -2071,7 +2072,8 @@ _build_iso_image() { # Add required xorrisofs options for each boot mode for bootmode in "${bootmodes[@]}"; do - xorrisofs_options=("$("_add_xorrisofs_options_${bootmode}_iso" "${xorrisofs_options[@]}")") + "_add_xorrisofs_options_${bootmode}_iso" + # xorrisofs_options=("$("_add_xorrisofs_options_${bootmode}_iso" "${xorrisofs_options[@]}")") # typeset -f "_add_xorrisofs_options_${bootmode}_iso" &> /dev/null && "_add_xorrisofs_options_${bootmode}_iso" done -- GitLab From a74716f30362c9de6fce4978ad1e13d9e0e266e3 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 25 Jul 2022 13:11:00 +0000 Subject: [PATCH 267/347] maybe fixed --- archiso/mkarchiso | 145 +++++++++++++++++++++++----------------------- 1 file changed, 73 insertions(+), 72 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index b5aa1235..9756a120 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1371,58 +1371,58 @@ _validate_requirements_bootmode_uefi-ia32.grub.esp() { } _validate_requirements_bootmode_uefi-ia32.grub.eltorito() { -# uefi-ia32.grub.eltorito has the exact same requirements as uefi-ia32.grub.esp -_validate_requirements_bootmode_uefi-ia32.grub.esp + # uefi-ia32.grub.eltorito has the exact same requirements as uefi-ia32.grub.esp + _validate_requirements_bootmode_uefi-ia32.grub.esp } _validate_requirements_bootmode_uefi-x64.grub.esp() { -# shellcheck disable=SC2076 -if [[ " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.esp ' ]]; then - _msg_error "Validating '${bootmode}': cannot be used with bootmode uefi-x64.systemd-boot.esp!" 0 -fi - - # Check if GRUB is available - if ! command -v grub-mkstandalone &> /dev/null; then - (( validation_error=validation_error+1 )) - _msg_error "Validating '${bootmode}': grub-install is not available on this host. Install 'grub'!" 0 + # shellcheck disable=SC2076 + if [[ " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.esp ' ]]; then + _msg_error "Validating '${bootmode}': cannot be used with bootmode uefi-x64.systemd-boot.esp!" 0 fi - - # Check if mkfs.fat is available - if ! command -v mkfs.fat &> /dev/null; then + + # Check if GRUB is available + if ! command -v grub-mkstandalone &> /dev/null; then (( validation_error=validation_error+1 )) - _msg_error "Validating '${bootmode}': mkfs.fat is not available on this host. Install 'dosfstools'!" 0 + _msg_error "Validating '${bootmode}': grub-install is not available on this host. Install 'grub'!" 0 fi - - # Check if mmd and mcopy are available - if ! { command -v mmd &> /dev/null && command -v mcopy &> /dev/null; }; then - _msg_error "Validating '${bootmode}': mmd and/or mcopy are not available on this host. Install 'mtools'!" 0 - fi - - # Check if GRUB configuration files exist - if [[ ! -d "${profile}/grub" ]]; then - (( validation_error=validation_error+1 )) - _msg_error "Validating '${bootmode}': The '${profile}/grub' directory is missing!" 0 - else - if [[ ! -e "${profile}/grub/grub.cfg" ]]; then - (( validation_error=validation_error+1 )) - _msg_error "Validating '${bootmode}': File '${profile}/grub/grub.cfg' not found!" 0 + + # Check if mkfs.fat is available + if ! command -v mkfs.fat &> /dev/null; then + (( validation_error=validation_error+1 )) + _msg_error "Validating '${bootmode}': mkfs.fat is not available on this host. Install 'dosfstools'!" 0 + fi + + # Check if mmd and mcopy are available + if ! { command -v mmd &> /dev/null && command -v mcopy &> /dev/null; }; then + _msg_error "Validating '${bootmode}': mmd and/or mcopy are not available on this host. Install 'mtools'!" 0 fi - local conffile - for conffile in "${profile}/grub/"*'.cfg'; do - if [[ -e "${conffile}" ]]; then - break - else + + # Check if GRUB configuration files exist + if [[ ! -d "${profile}/grub" ]]; then + (( validation_error=validation_error+1 )) + _msg_error "Validating '${bootmode}': The '${profile}/grub' directory is missing!" 0 + else + if [[ ! -e "${profile}/grub/grub.cfg" ]]; then (( validation_error=validation_error+1 )) - _msg_error "Validating '${bootmode}': No configuration file found in '${profile}/grub/'!" 0 + _msg_error "Validating '${bootmode}': File '${profile}/grub/grub.cfg' not found!" 0 fi - done - fi - - # Check for optional packages - # shellcheck disable=SC2076 - if [[ ! " ${pkg_list[*]} " =~ ' edk2-shell ' ]]; then - _msg_info "'edk2-shell' is not in the package list. The ISO will not contain a bootable UEFI shell." - fi + local conffile + for conffile in "${profile}/grub/"*'.cfg'; do + if [[ -e "${conffile}" ]]; then + break + else + (( validation_error=validation_error+1 )) + _msg_error "Validating '${bootmode}': No configuration file found in '${profile}/grub/'!" 0 + fi + done + fi + + # Check for optional packages + # shellcheck disable=SC2076 + if [[ ! " ${pkg_list[*]} " =~ ' edk2-shell ' ]]; then + _msg_info "'edk2-shell' is not in the package list. The ISO will not contain a bootable UEFI shell." + fi } _validate_requirements_bootmode_uefi-x64.grub.eltorito() { @@ -1714,29 +1714,10 @@ _add_xorrisofs_options_persistent_partition() { echo "${_xorrisofs_options[@]}" } -# SYSLINUX El Torito -_add_xorrisofs_options_bios.syslinux.eltorito() { - local _xorrisofs_options=("$@") - _xorrisofs_options+=(# El Torito boot image for x86 BIOS - '-eltorito-boot' 'syslinux/isolinux.bin' - # El Torito boot catalog file - '-eltorito-catalog' 'syslinux/boot.cat' - # Required options to boot with ISOLINUX - '-no-emul-boot' '-boot-load-size' '4' '-boot-info-table') - echo "${_xorrisofs_options[@]}" -} - -_add_xorrisofs_options_bios.syslinux.eltorito_iso() { - xorrisofs_options=("$(_add_xorrisofs_options_bios.syslinux.eltorito "${xorrisofs_options[@]}")") -} - -_add_xorrisofs_options_bios.syslinux.eltorito_keys() { - keys_xorrisofs_options=("$(_add_xorrisofs_options_bios.syslinux.eltorito "${keys_xorrisofs_options[@]}")") -} - # SYSLINUX MBR (isohybrid) _add_xorrisofs_options_bios.syslinux.mbr() { local bootable_dir="${1}" + shift local _xorrisofs_options=("$@") _xorrisofs_options+=( # SYSLINUX MBR bootstrap code; does not work without "-eltorito-boot syslinux/isolinux.bin" @@ -1762,6 +1743,26 @@ _add_xorrisofs_options_bios.syslinux.mbr_keys() { keys_xorrisofs_options=("$(_add_xorrisofs_options_bios.syslinux.mbr "${keys_isofs_dir}" "${keys_xorrisofs_options[@]}")") } +# SYSLINUX El Torito +_add_xorrisofs_options_bios.syslinux.eltorito() { + local _xorrisofs_options=("$@") + _xorrisofs_options+=(# El Torito boot image for x86 BIOS + '-eltorito-boot' 'syslinux/isolinux.bin' + # El Torito boot catalog file + '-eltorito-catalog' 'syslinux/boot.cat' + # Required options to boot with ISOLINUX + '-no-emul-boot' '-boot-load-size' '4' '-boot-info-table') + echo "${_xorrisofs_options[@]}" +} + +_add_xorrisofs_options_bios.syslinux.eltorito_iso() { + xorrisofs_options=("$(_add_xorrisofs_options_bios.syslinux.eltorito "${xorrisofs_options[@]}")") +} + +_add_xorrisofs_options_bios.syslinux.eltorito_keys() { + keys_xorrisofs_options=("$(_add_xorrisofs_options_bios.syslinux.eltorito "${keys_xorrisofs_options[@]}")") +} + # GRUB in an attached EFI system partition _add_xorrisofs_options_uefi-ia32.grub.esp() { local _xorrisofs_options=("$@") @@ -1864,7 +1865,7 @@ _add_xorrisofs_options_uefi-x64.systemd-boot.eltorito() { # If '-isohybrid-gpt-basdat' is specified before '-e', then the appended EFI system partition will have the # EFI system partition type ID/GUID in both MBR and GPT. If '-isohybrid-gpt-basdat' is specified after '-e', # the appended EFI system partition will have the Microsoft basic data type GUID in GPT. - if [[ ! " ${xorrisofs_options[*]} " =~ ' -isohybrid-gpt-basdat ' ]]; then + if [[ ! " ${_xorrisofs_options[*]} " =~ ' -isohybrid-gpt-basdat ' ]]; then _xorrisofs_options+=('-isohybrid-gpt-basdat') fi fi @@ -1875,13 +1876,13 @@ _add_xorrisofs_options_uefi-x64.systemd-boot.eltorito() { cp -a -- "${efibootimg}" "${bootable_dir}/EFI/archiso/efiboot.img" # systemd-boot in an embedded efiboot.img via El Torito _xorrisofs_options+=( - # Start a new El Torito boot entry for UEFI - '-eltorito-alt-boot' - # Set efiboot.img as the El Torito UEFI boot image - '-e' 'EFI/archiso/efiboot.img' - # Boot image is not emulating floppy or hard disk; required for all known boot loaders - '-no-emul-boot' - ) + # Start a new El Torito boot entry for UEFI + '-eltorito-alt-boot' + # Set efiboot.img as the El Torito UEFI boot image + '-e' 'EFI/archiso/efiboot.img' + # Boot image is not emulating floppy or hard disk; required for all known boot loaders + '-no-emul-boot' + ) fi # Specify where to save the El Torito boot catalog file in case it is not already set by bios.syslinux.eltorito # shellcheck disable=SC2076 @@ -1948,7 +1949,7 @@ _add_xorrisofs_options_uefi-x64.grub.eltorito() { # shellcheck disable=SC2076 if [[ " ${bootmodes[*]} " =~ ' uefi-x64.grub.esp ' || " ${bootmodes[*]} " =~ ' uefi-ia32.grub.esp ' ]]; then # grub in an attached EFI system partition via El Torito - xorrisofs_options+=( + _xorrisofs_options+=( # Start a new El Torito boot entry for UEFI '-eltorito-alt-boot' # Set the second partition as the El Torito UEFI boot image -- GitLab From d9fc9abcadd84d19e5d540f3845c57e415a2bf62 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 25 Jul 2022 13:39:55 +0000 Subject: [PATCH 268/347] maybe fixed --- archiso/mkarchiso | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 9756a120..7ac880c8 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -2013,7 +2013,7 @@ _build_bootstrap_image() { _build_keys_image() { # local keys_xorriso_options=() keys_xorrisofs_options=() - local keys_isofs_dir="${work_dir}/keys_iso" + keys_isofs_dir="${work_dir}/keys_iso" local bootmode # Add required xorrisofs options for each boot mode @@ -2049,7 +2049,7 @@ _build_keys_image() { -appid "${iso_application} keys CD" \ -publisher "${iso_publisher}" \ -preparer "prepared by ${app_name}" \ - "${keys_xorrisofs_options[@]}" \ + "${keys_xorrisofs_options[*]}" \ -output "${out_dir}/${image_name}" \ "${keys_isofs_dir}/" _msg_info "Done!" @@ -2059,7 +2059,7 @@ _build_keys_image() { # Build ISO _build_iso_image() { #local xorriso_options=() xorrisofs_options=() - local isofs_dir="${work_dir}/iso" + isofs_dir="${work_dir}/iso" local bootmode [[ -d "${out_dir}" ]] || install -d -- "${out_dir}" @@ -2092,7 +2092,7 @@ _build_iso_image() { -appid "${iso_application}" \ -publisher "${iso_publisher}" \ -preparer "prepared by ${app_name}" \ - "${xorrisofs_options[@]}" \ + "${xorrisofs_options[*]}" \ -output "${out_dir}/${image_name}" \ "${isofs_dir}/" _msg_info "Done!" -- GitLab From b932ea9f62a4ac46a84f0fd6e48a5f9731fd956d Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 25 Jul 2022 13:43:09 +0000 Subject: [PATCH 269/347] maybe fixed --- archiso/mkarchiso | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 7ac880c8..0184c2d6 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -2049,7 +2049,7 @@ _build_keys_image() { -appid "${iso_application} keys CD" \ -publisher "${iso_publisher}" \ -preparer "prepared by ${app_name}" \ - "${keys_xorrisofs_options[*]}" \ + $(echo "${keys_xorrisofs_options[*]}") \ -output "${out_dir}/${image_name}" \ "${keys_isofs_dir}/" _msg_info "Done!" @@ -2092,7 +2092,7 @@ _build_iso_image() { -appid "${iso_application}" \ -publisher "${iso_publisher}" \ -preparer "prepared by ${app_name}" \ - "${xorrisofs_options[*]}" \ + $(echo "${xorrisofs_options[*]}") \ -output "${out_dir}/${image_name}" \ "${isofs_dir}/" _msg_info "Done!" -- GitLab From 9acdabf229eda0f58141a727a3f87ab5163f32f2 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 25 Jul 2022 13:45:02 +0000 Subject: [PATCH 270/347] maybe fixed --- archiso/mkarchiso | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 0184c2d6..a2aec304 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -2034,6 +2034,7 @@ _build_keys_image() { # Update SORCE_DATE_EPOCH for keys ISO UUID SOURCE_DATE_EPOCH=$((SOURCE_DATE_EPOCH + 69 * 42)) + # disable shellcheck=SC2116 rm -f -- "${out_dir}/${image_name}" _msg_info "Creating ISO image..." _msg_info "xorriso options: ${keys_xorriso_options[*]}" @@ -2049,7 +2050,7 @@ _build_keys_image() { -appid "${iso_application} keys CD" \ -publisher "${iso_publisher}" \ -preparer "prepared by ${app_name}" \ - $(echo "${keys_xorrisofs_options[*]}") \ + "$(echo "${keys_xorrisofs_options[*]}")" \ -output "${out_dir}/${image_name}" \ "${keys_isofs_dir}/" _msg_info "Done!" -- GitLab From aefee8125c3722ac0ff771db856e52b209efd6b8 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 25 Jul 2022 13:45:31 +0000 Subject: [PATCH 271/347] maybe fixed --- archiso/mkarchiso | 1 + 1 file changed, 1 insertion(+) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index a2aec304..46a41625 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -2079,6 +2079,7 @@ _build_iso_image() { # typeset -f "_add_xorrisofs_options_${bootmode}_iso" &> /dev/null && "_add_xorrisofs_options_${bootmode}_iso" done + # disable shellcheck=SC2116 rm -f -- "${out_dir}/${image_name}" _msg_info "Creating ISO image..." _msg_info "xorrisofs options: ${xorriso_options[*]}" -- GitLab From 17446c9b75fd28fa0fc914f70fac2a75a5808625 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 25 Jul 2022 13:46:10 +0000 Subject: [PATCH 272/347] maybe fixed --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 46a41625..80a3bce4 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -2079,7 +2079,6 @@ _build_iso_image() { # typeset -f "_add_xorrisofs_options_${bootmode}_iso" &> /dev/null && "_add_xorrisofs_options_${bootmode}_iso" done - # disable shellcheck=SC2116 rm -f -- "${out_dir}/${image_name}" _msg_info "Creating ISO image..." _msg_info "xorrisofs options: ${xorriso_options[*]}" @@ -2094,6 +2093,7 @@ _build_iso_image() { -appid "${iso_application}" \ -publisher "${iso_publisher}" \ -preparer "prepared by ${app_name}" \ + # disable shellcheck=SC2116 $(echo "${xorrisofs_options[*]}") \ -output "${out_dir}/${image_name}" \ "${isofs_dir}/" -- GitLab From 6d64b7c6853465ef8548c6f41a38998e1a17a280 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 25 Jul 2022 13:46:43 +0000 Subject: [PATCH 273/347] maybe fixed --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 80a3bce4..b6a2419e 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -2034,7 +2034,6 @@ _build_keys_image() { # Update SORCE_DATE_EPOCH for keys ISO UUID SOURCE_DATE_EPOCH=$((SOURCE_DATE_EPOCH + 69 * 42)) - # disable shellcheck=SC2116 rm -f -- "${out_dir}/${image_name}" _msg_info "Creating ISO image..." _msg_info "xorriso options: ${keys_xorriso_options[*]}" @@ -2050,6 +2049,7 @@ _build_keys_image() { -appid "${iso_application} keys CD" \ -publisher "${iso_publisher}" \ -preparer "prepared by ${app_name}" \ + # disable shellcheck=SC2116 "$(echo "${keys_xorrisofs_options[*]}")" \ -output "${out_dir}/${image_name}" \ "${keys_isofs_dir}/" -- GitLab From 0c907be59c51d928da84caa1d4e2a53c29efa7cf Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 25 Jul 2022 13:47:53 +0000 Subject: [PATCH 274/347] maybe fixed --- archiso/mkarchiso | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index b6a2419e..2c9f3b31 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -2034,6 +2034,7 @@ _build_keys_image() { # Update SORCE_DATE_EPOCH for keys ISO UUID SOURCE_DATE_EPOCH=$((SOURCE_DATE_EPOCH + 69 * 42)) + # shellcheck disable=SC2116 rm -f -- "${out_dir}/${image_name}" _msg_info "Creating ISO image..." _msg_info "xorriso options: ${keys_xorriso_options[*]}" @@ -2049,7 +2050,6 @@ _build_keys_image() { -appid "${iso_application} keys CD" \ -publisher "${iso_publisher}" \ -preparer "prepared by ${app_name}" \ - # disable shellcheck=SC2116 "$(echo "${keys_xorrisofs_options[*]}")" \ -output "${out_dir}/${image_name}" \ "${keys_isofs_dir}/" @@ -2079,6 +2079,7 @@ _build_iso_image() { # typeset -f "_add_xorrisofs_options_${bootmode}_iso" &> /dev/null && "_add_xorrisofs_options_${bootmode}_iso" done + # shellcheck disable=SC2116 rm -f -- "${out_dir}/${image_name}" _msg_info "Creating ISO image..." _msg_info "xorrisofs options: ${xorriso_options[*]}" @@ -2093,7 +2094,6 @@ _build_iso_image() { -appid "${iso_application}" \ -publisher "${iso_publisher}" \ -preparer "prepared by ${app_name}" \ - # disable shellcheck=SC2116 $(echo "${xorrisofs_options[*]}") \ -output "${out_dir}/${image_name}" \ "${isofs_dir}/" -- GitLab From 36ee4a83732bbf43c4b0d84e7095db8aa4d46a05 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 25 Jul 2022 13:48:57 +0000 Subject: [PATCH 275/347] maybe fixed --- archiso/mkarchiso | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 2c9f3b31..5ff65de2 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -2050,7 +2050,7 @@ _build_keys_image() { -appid "${iso_application} keys CD" \ -publisher "${iso_publisher}" \ -preparer "prepared by ${app_name}" \ - "$(echo "${keys_xorrisofs_options[*]}")" \ + "$("echo ${keys_xorrisofs_options[*]}")" \ -output "${out_dir}/${image_name}" \ "${keys_isofs_dir}/" _msg_info "Done!" @@ -2094,7 +2094,7 @@ _build_iso_image() { -appid "${iso_application}" \ -publisher "${iso_publisher}" \ -preparer "prepared by ${app_name}" \ - $(echo "${xorrisofs_options[*]}") \ + "$("echo ${xorrisofs_options[*]}")" \ -output "${out_dir}/${image_name}" \ "${isofs_dir}/" _msg_info "Done!" -- GitLab From 6425c8ff69e7c8c6d606c23d643baa9a9ce1ff3a Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 25 Jul 2022 13:50:26 +0000 Subject: [PATCH 276/347] maybe fixed --- archiso/mkarchiso | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 5ff65de2..6c816a02 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -2050,7 +2050,7 @@ _build_keys_image() { -appid "${iso_application} keys CD" \ -publisher "${iso_publisher}" \ -preparer "prepared by ${app_name}" \ - "$("echo ${keys_xorrisofs_options[*]}")" \ + "$(echo "${keys_xorrisofs_options[*]}")" \ -output "${out_dir}/${image_name}" \ "${keys_isofs_dir}/" _msg_info "Done!" @@ -2094,7 +2094,7 @@ _build_iso_image() { -appid "${iso_application}" \ -publisher "${iso_publisher}" \ -preparer "prepared by ${app_name}" \ - "$("echo ${xorrisofs_options[*]}")" \ + "$(echo "${xorrisofs_options[*]}")" \ -output "${out_dir}/${image_name}" \ "${isofs_dir}/" _msg_info "Done!" -- GitLab From 859093efb920e34539c64e4ac8a39fb3c16fcb5e Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 25 Jul 2022 13:51:09 +0000 Subject: [PATCH 277/347] maybe fixed --- archiso/mkarchiso | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 6c816a02..6ec1698f 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -2034,7 +2034,6 @@ _build_keys_image() { # Update SORCE_DATE_EPOCH for keys ISO UUID SOURCE_DATE_EPOCH=$((SOURCE_DATE_EPOCH + 69 * 42)) - # shellcheck disable=SC2116 rm -f -- "${out_dir}/${image_name}" _msg_info "Creating ISO image..." _msg_info "xorriso options: ${keys_xorriso_options[*]}" @@ -2050,6 +2049,7 @@ _build_keys_image() { -appid "${iso_application} keys CD" \ -publisher "${iso_publisher}" \ -preparer "prepared by ${app_name}" \ + # shellcheck disable=SC2116 "$(echo "${keys_xorrisofs_options[*]}")" \ -output "${out_dir}/${image_name}" \ "${keys_isofs_dir}/" @@ -2079,7 +2079,6 @@ _build_iso_image() { # typeset -f "_add_xorrisofs_options_${bootmode}_iso" &> /dev/null && "_add_xorrisofs_options_${bootmode}_iso" done - # shellcheck disable=SC2116 rm -f -- "${out_dir}/${image_name}" _msg_info "Creating ISO image..." _msg_info "xorrisofs options: ${xorriso_options[*]}" @@ -2094,6 +2093,7 @@ _build_iso_image() { -appid "${iso_application}" \ -publisher "${iso_publisher}" \ -preparer "prepared by ${app_name}" \ + # shellcheck disable=SC2116 "$(echo "${xorrisofs_options[*]}")" \ -output "${out_dir}/${image_name}" \ "${isofs_dir}/" -- GitLab From df9d835a36613b6d6013b3448ed9a8459794fc8a Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 25 Jul 2022 13:52:00 +0000 Subject: [PATCH 278/347] maybe fixed --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 6ec1698f..4550a089 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -2034,6 +2034,7 @@ _build_keys_image() { # Update SORCE_DATE_EPOCH for keys ISO UUID SOURCE_DATE_EPOCH=$((SOURCE_DATE_EPOCH + 69 * 42)) + # shellcheck disable=SC2116 rm -f -- "${out_dir}/${image_name}" _msg_info "Creating ISO image..." _msg_info "xorriso options: ${keys_xorriso_options[*]}" @@ -2049,7 +2050,6 @@ _build_keys_image() { -appid "${iso_application} keys CD" \ -publisher "${iso_publisher}" \ -preparer "prepared by ${app_name}" \ - # shellcheck disable=SC2116 "$(echo "${keys_xorrisofs_options[*]}")" \ -output "${out_dir}/${image_name}" \ "${keys_isofs_dir}/" -- GitLab From 7e5dc5a980eaa9c93904de51fbbe262de1d07929 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 25 Jul 2022 13:52:34 +0000 Subject: [PATCH 279/347] maybe fixed --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 4550a089..6c816a02 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -2079,6 +2079,7 @@ _build_iso_image() { # typeset -f "_add_xorrisofs_options_${bootmode}_iso" &> /dev/null && "_add_xorrisofs_options_${bootmode}_iso" done + # shellcheck disable=SC2116 rm -f -- "${out_dir}/${image_name}" _msg_info "Creating ISO image..." _msg_info "xorrisofs options: ${xorriso_options[*]}" @@ -2093,7 +2094,6 @@ _build_iso_image() { -appid "${iso_application}" \ -publisher "${iso_publisher}" \ -preparer "prepared by ${app_name}" \ - # shellcheck disable=SC2116 "$(echo "${xorrisofs_options[*]}")" \ -output "${out_dir}/${image_name}" \ "${isofs_dir}/" -- GitLab From 27aecf8f7a66500bdf0f8c283f8e88ae4bbed31d Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 25 Jul 2022 13:53:43 +0000 Subject: [PATCH 280/347] maybe fixed --- archiso/mkarchiso | 1 + 1 file changed, 1 insertion(+) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 6c816a02..fc77f7ac 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -2084,6 +2084,7 @@ _build_iso_image() { _msg_info "Creating ISO image..." _msg_info "xorrisofs options: ${xorriso_options[*]}" _msg_info "xorrisofs options: ${xorrisofs_options[*]}" + # shellcheck disable=SC2116 xorriso "${xorriso_options[@]}" -as mkisofs \ -iso-level 3 \ -full-iso9660-filenames \ -- GitLab From 060b49511acd1b69d7ee1c03960db454884ccdff Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 25 Jul 2022 13:54:12 +0000 Subject: [PATCH 281/347] maybe fixed --- archiso/mkarchiso | 1 + 1 file changed, 1 insertion(+) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index fc77f7ac..9eb1359f 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -2040,6 +2040,7 @@ _build_keys_image() { _msg_info "xorriso options: ${keys_xorriso_options[*]}" _msg_info "${keys_xorriso_options[*]}" _msg_info "xorrisofs options: ${keys_xorrisofs_options[*]}" + # shellcheck disable=SC2116 xorriso "${keys_xorriso_options[@]}" -as mkisofs \ -iso-level 3 \ -full-iso9660-filenames \ -- GitLab From 009fa41424711655b2aaa80dd4c3c1fb38c333f5 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 25 Jul 2022 13:54:30 +0000 Subject: [PATCH 282/347] maybe fixed --- archiso/mkarchiso | 2 -- 1 file changed, 2 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 9eb1359f..d6cccd87 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -2034,7 +2034,6 @@ _build_keys_image() { # Update SORCE_DATE_EPOCH for keys ISO UUID SOURCE_DATE_EPOCH=$((SOURCE_DATE_EPOCH + 69 * 42)) - # shellcheck disable=SC2116 rm -f -- "${out_dir}/${image_name}" _msg_info "Creating ISO image..." _msg_info "xorriso options: ${keys_xorriso_options[*]}" @@ -2080,7 +2079,6 @@ _build_iso_image() { # typeset -f "_add_xorrisofs_options_${bootmode}_iso" &> /dev/null && "_add_xorrisofs_options_${bootmode}_iso" done - # shellcheck disable=SC2116 rm -f -- "${out_dir}/${image_name}" _msg_info "Creating ISO image..." _msg_info "xorrisofs options: ${xorriso_options[*]}" -- GitLab From d023f7dfb630513950d5e0ea065c57f0d388fd53 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 25 Jul 2022 14:07:09 +0000 Subject: [PATCH 283/347] maybe fixed --- archiso/mkarchiso | 81 +++++++++++++++++++++++++---------------------- 1 file changed, 44 insertions(+), 37 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index d6cccd87..09d5c035 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -2014,6 +2014,7 @@ _build_bootstrap_image() { _build_keys_image() { # local keys_xorriso_options=() keys_xorrisofs_options=() keys_isofs_dir="${work_dir}/keys_iso" + local keys_xorriso_cmd_line local bootmode # Add required xorrisofs options for each boot mode @@ -2040,26 +2041,31 @@ _build_keys_image() { _msg_info "${keys_xorriso_options[*]}" _msg_info "xorrisofs options: ${keys_xorrisofs_options[*]}" # shellcheck disable=SC2116 - xorriso "${keys_xorriso_options[@]}" -as mkisofs \ - -iso-level 3 \ - -full-iso9660-filenames \ - -joliet \ - -joliet-long \ - -rational-rock \ - -volid "${iso_label}_KEYS" \ - -appid "${iso_application} keys CD" \ - -publisher "${iso_publisher}" \ - -preparer "prepared by ${app_name}" \ - "$(echo "${keys_xorrisofs_options[*]}")" \ - -output "${out_dir}/${image_name}" \ + keys_xorriso_cmd_line=( + "${keys_xorriso_options[@]}" + '-as' 'mkisofs' + '-iso-level' 3 + '-full-iso9660-filenames' + '-joliet' + '-joliet-long' + '-rational-rock' + '-volid' "${iso_label}_KEYS" + '-appid' "${iso_application} keys CD" + '-publisher' "${iso_publisher}" + '-preparer' "prepared by ${app_name}" + "${keys_xorrisofs_options[@]}" + '-output' "${out_dir}/${image_name}" "${keys_isofs_dir}/" - _msg_info "Done!" - du -h -- "${out_dir}/${image_name}" - } + ) + xorriso "${keys_xorriso_cmd_line[@]}" + _msg_info "Done!" + du -h -- "${out_dir}/${image_name}" +} # Build ISO _build_iso_image() { #local xorriso_options=() xorrisofs_options=() + local xorriso_cmd_line isofs_dir="${work_dir}/iso" local bootmode @@ -2080,31 +2086,32 @@ _build_iso_image() { done rm -f -- "${out_dir}/${image_name}" - _msg_info "Creating ISO image..." - _msg_info "xorrisofs options: ${xorriso_options[*]}" - _msg_info "xorrisofs options: ${xorrisofs_options[*]}" # shellcheck disable=SC2116 - xorriso "${xorriso_options[@]}" -as mkisofs \ - -iso-level 3 \ - -full-iso9660-filenames \ - -joliet \ - -joliet-long \ - -rational-rock \ - -volid "${iso_label}" \ - -appid "${iso_application}" \ - -publisher "${iso_publisher}" \ - -preparer "prepared by ${app_name}" \ - "$(echo "${xorrisofs_options[*]}")" \ - -output "${out_dir}/${image_name}" \ + xorriso_cmd_line=( + "${xorriso_options[@]}" '-as' 'mkisofs' + '-iso-level' 3 + '-full-iso9660-filenames' + '-joliet' + '-joliet-long' + '-rational-rock' + '-volid' "${iso_label}" + '-appid' "${iso_application}" + '-publisher' "${iso_publisher}" + '-preparer' "prepared by ${app_name}" + "${xorrisofs_options[@]}" + '-output' "${out_dir}/${image_name}" "${isofs_dir}/" - _msg_info "Done!" - du -h -- "${out_dir}/${image_name}" - - if [[ "${airootfs_image_type}" == *"luks"* ]] && [[ ! " ${buildmodes[*]} " =~ ' keys ' ]]; then - cp "${encryption_key}" "${out_dir}" - fi + ) + _msg_info "Creating ISO image..." + _msg_info "xorriso args: ${xorriso_cmd_line[*]}" + xorriso "${xorriso_cmd_line[@]}" + _msg_info "Done!" + du -h -- "${out_dir}/${image_name}" - } + if [[ "${airootfs_image_type}" == *"luks"* ]] && [[ ! " ${buildmodes[*]} " =~ ' keys ' ]]; then + cp "${encryption_key}" "${out_dir}" + fi +} # Read profile's values from profiledef.sh _read_profile() { -- GitLab From 3366a8dddbe6b73387825be14768235e273dbd76 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 25 Jul 2022 14:12:14 +0000 Subject: [PATCH 284/347] maybe fixed --- archiso/mkarchiso | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 09d5c035..a9e9f7bc 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -2050,11 +2050,11 @@ _build_keys_image() { '-joliet-long' '-rational-rock' '-volid' "${iso_label}_KEYS" - '-appid' "${iso_application} keys CD" - '-publisher' "${iso_publisher}" - '-preparer' "prepared by ${app_name}" + '-appid' "\"${iso_application} keys CD\"" + '-publisher' "\"${iso_publisher}\"" + '-preparer' "\"prepared by ${app_name}\"" "${keys_xorrisofs_options[@]}" - '-output' "${out_dir}/${image_name}" + '-output' "\"${out_dir}/${image_name}\"" "${keys_isofs_dir}/" ) xorriso "${keys_xorriso_cmd_line[@]}" @@ -2095,9 +2095,9 @@ _build_iso_image() { '-joliet-long' '-rational-rock' '-volid' "${iso_label}" - '-appid' "${iso_application}" - '-publisher' "${iso_publisher}" - '-preparer' "prepared by ${app_name}" + '-appid' "\"${iso_application}\"" + '-publisher' "\"${iso_publisher}\"" + '-preparer' "\"prepared by ${app_name}\"" "${xorrisofs_options[@]}" '-output' "${out_dir}/${image_name}" "${isofs_dir}/" -- GitLab From 7be23171bc69c0b2b2fee768c7e0bb6c3f0e9aa9 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 25 Jul 2022 14:47:29 +0000 Subject: [PATCH 285/347] maybe fixed --- archiso/mkarchiso | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index a9e9f7bc..45cf4747 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1812,7 +1812,6 @@ _add_xorrisofs_options_uefi-x64.systemd-boot.esp() { # Attach efiboot.img as a second partition and set its partition type to "EFI system partition" _xorrisofs_options+=('-append_partition' '2' 'C12A7328-F81F-11D2-BA4B-00A0C93EC93B' "${efibootimg}") if [ "${persistent_size_kib}" != "" ]; then - # READ _xorrisofs_options=("$(_add_xorrisofs_options_persistent_partition "${_xorrisofs_options[@]}")") fi # Ensure GPT is used as some systems do not support UEFI booting without it @@ -1907,7 +1906,7 @@ _add_xorrisofs_options_uefi-x64.grub.esp() { # shellcheck disable=SC2076 [[ " ${_xorrisofs_options[*]} " =~ ' -partition_offset ' ]] || _xorrisofs_options+=('-partition_offset' '16') # Attach efiboot.img as a second partition and set its partition type to "EFI system partition" - _xorrisofs_options+=('-append_partition' '2' 'C12A7328-F81F-11D2-BA4B-00A0C93EC93B' "${work_dir}/efiboot.img") + _xorrisofs_options+=('-append_partition' '2' 'C12A7328-F81F-11D2-BA4B-00A0C93EC93B' "${efibootimg}") if [ "${persistent_size_kib}" != "" ]; then _xorrisofs_options=("$(_add_xorrisofs_options_persistent_partition "${_xorrisofs_options[@]}")") fi @@ -1921,7 +1920,7 @@ _add_xorrisofs_options_uefi-x64.grub.esp() { # If '-isohybrid-gpt-basdat' is specified before '-e', then the appended EFI system partition will have the # EFI system partition type ID/GUID in both MBR and GPT. If '-isohybrid-gpt-basdat' is specified after '-e', # the appended EFI system partition will have the Microsoft basic data type GUID in GPT. - if [[ ! " ${xorrisofs_options[*]} " =~ ' -isohybrid-gpt-basdat ' ]]; then + if [[ ! " ${_xorrisofs_options[*]} " =~ ' -isohybrid-gpt-basdat ' ]]; then _xorrisofs_options+=('-isohybrid-gpt-basdat') fi fi @@ -1956,7 +1955,7 @@ _add_xorrisofs_options_uefi-x64.grub.eltorito() { '-e' '--interval:appended_partition_2:all::' # Boot image is not emulating floppy or hard disk; required for all known boot loaders '-no-emul-boot' - ) + ) # A valid GPT prevents BIOS booting on some systems, use an invalid GPT instead. if [[ " ${bootmodes[*]} " =~ ' bios.syslinux.mbr ' ]]; then # If '-isohybrid-gpt-basdat' is specified before '-e', then the appended EFI system partition will have the -- GitLab From 37941c31d2be49aa3e8396c5c16d39c35af596f4 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 25 Jul 2022 15:19:06 +0000 Subject: [PATCH 286/347] maybe fixed --- archiso/mkarchiso | 164 +++++++++++++++++++++++----------------------- 1 file changed, 82 insertions(+), 82 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 45cf4747..31a325e2 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -796,81 +796,81 @@ _get_crypto_params() { # Prepare syslinux for booting from MBR (isohybrid) _make_bootmode_bios.syslinux.mbr() { -bootable_dir="${1}" -bootable="${2}" -_msg_info "Setting up SYSLINUX for BIOS booting from a disk..." -install -d -m 0755 -- "${bootable_dir}/syslinux" -local archiso_uuid -TZ=UTC printf -v archiso_uuid '%(%F-%H-%M-%S-00)T' "${SOURCE_DATE_EPOCH}" -for _cfg in "${profile}/syslinux/"*.cfg; do - sed "s|%ARCHISO_LABEL%|${iso_label}|g; - s|%ARCHISO_UUID%|${archiso_uuid}|g; - s|%INSTALL_DIR%|${install_dir}|g; - s|%CRYPTO_PARAMS%|$(_get_crypto_params)|g; - s|%ARCH%|${arch}|g" \ - "${_cfg}" > "${bootable_dir}/syslinux/${_cfg##*/}" - done - if [[ -e "${profile}/syslinux/splash.png" ]]; then - install -m 0644 -- "${profile}/syslinux/splash.png" "${bootable_dir}/syslinux/" - fi - install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/"*.c32 "${bootable_dir}/syslinux/" - install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/lpxelinux.0" "${bootable_dir}/syslinux/" - install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/memdisk" "${bootable_dir}/syslinux/" - - if [[ "${bootable}" == "iso" ]]; then - _run_once _make_boot_on_iso9660 - elif [[ "${bootable}" == "keys" ]]; then - _run_once _make_boot_on_keys - fi - - if [[ -e "${bootable_dir}/syslinux/hdt.c32" ]]; then - install -d -m 0755 -- "${bootable_dir}/syslinux/hdt" - if [[ -e "${pacstrap_dir}/usr/share/hwdata/pci.ids" ]]; then - gzip -cn9 "${pacstrap_dir}/usr/share/hwdata/pci.ids" > \ - "${bootable_dir}/syslinux/hdt/pciids.gz" + bootable_dir="${1}" + bootable="${2}" + _msg_info "Setting up SYSLINUX for BIOS booting from a disk..." + install -d -m 0755 -- "${bootable_dir}/syslinux" + local archiso_uuid + TZ=UTC printf -v archiso_uuid '%(%F-%H-%M-%S-00)T' "${SOURCE_DATE_EPOCH}" + for _cfg in "${profile}/syslinux/"*.cfg; do + sed "s|%ARCHISO_LABEL%|${iso_label}|g; + s|%ARCHISO_UUID%|${archiso_uuid}|g; + s|%INSTALL_DIR%|${install_dir}|g; + s|%CRYPTO_PARAMS%|$(_get_crypto_params)|g; + s|%ARCH%|${arch}|g" \ + "${_cfg}" > "${bootable_dir}/syslinux/${_cfg##*/}" + done + if [[ -e "${profile}/syslinux/splash.png" ]]; then + install -m 0644 -- "${profile}/syslinux/splash.png" "${bootable_dir}/syslinux/" fi - find "${pacstrap_dir}/usr/lib/modules" -name 'modules.alias' -print -exec gzip -cn9 '{}' ';' -quit > \ - "${bootable_dir}/syslinux/hdt/modalias.gz" - fi - - # Add other aditional/extra files to ${install_dir}/boot/ - if [[ -e "${pacstrap_dir}/boot/memtest86+/memtest.bin" ]]; then - # rename for PXE: https://wiki.archlinux.org/title/Syslinux#Using_memtest - install -m 0644 -- "${pacstrap_dir}/boot/memtest86+/memtest.bin" "${bootable_dir}/${install_dir}/boot/memtest" - install -d -m 0755 -- "${bootable_dir}/${install_dir}/boot/licenses/memtest86+/" - install -m 0644 -- "${pacstrap_dir}/usr/share/licenses/common/GPL2/license.txt" \ - "${bootable_dir}/${install_dir}/boot/licenses/memtest86+/" - fi - _msg_info "Done! SYSLINUX set up for BIOS booting from a disk successfully." + install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/"*.c32 "${bootable_dir}/syslinux/" + install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/lpxelinux.0" "${bootable_dir}/syslinux/" + install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/memdisk" "${bootable_dir}/syslinux/" + + if [[ "${bootable}" == "iso" ]]; then + _run_once _make_boot_on_iso9660 + elif [[ "${bootable}" == "keys" ]]; then + _run_once _make_boot_on_keys + fi + + if [[ -e "${bootable_dir}/syslinux/hdt.c32" ]]; then + install -d -m 0755 -- "${bootable_dir}/syslinux/hdt" + if [[ -e "${pacstrap_dir}/usr/share/hwdata/pci.ids" ]]; then + gzip -cn9 "${pacstrap_dir}/usr/share/hwdata/pci.ids" > \ + "${bootable_dir}/syslinux/hdt/pciids.gz" + fi + find "${pacstrap_dir}/usr/lib/modules" -name 'modules.alias' -print -exec gzip -cn9 '{}' ';' -quit > \ + "${bootable_dir}/syslinux/hdt/modalias.gz" + fi + + # Add other aditional/extra files to ${install_dir}/boot/ + if [[ -e "${pacstrap_dir}/boot/memtest86+/memtest.bin" ]]; then + # rename for PXE: https://wiki.archlinux.org/title/Syslinux#Using_memtest + install -m 0644 -- "${pacstrap_dir}/boot/memtest86+/memtest.bin" "${bootable_dir}/${install_dir}/boot/memtest" + install -d -m 0755 -- "${bootable_dir}/${install_dir}/boot/licenses/memtest86+/" + install -m 0644 -- "${pacstrap_dir}/usr/share/licenses/common/GPL2/license.txt" \ + "${bootable_dir}/${install_dir}/boot/licenses/memtest86+/" + fi + _msg_info "Done! SYSLINUX set up for BIOS booting from a disk successfully." } _make_bootmode_bios.syslinux.mbr_iso() { -_make_bootmode_bios.syslinux.mbr "${isofs_dir}" "iso" + _make_bootmode_bios.syslinux.mbr "${isofs_dir}" "iso" } _make_bootmode_bios.syslinux.mbr_keys() { -_make_bootmode_bios.syslinux.mbr "${keys_isofs_dir}" "keys" + _make_bootmode_bios.syslinux.mbr "${keys_isofs_dir}" "keys" } # Prepare syslinux for El-Torito booting _make_bootmode_bios.syslinux.eltorito() { -local bootable_dir="${1}" -_msg_info "Setting up SYSLINUX for BIOS booting from an optical disc..." -install -d -m 0755 -- "${bootable_dir}/syslinux" -install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/isolinux.bin" "${bootable_dir}/syslinux/" -install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/isohdpfx.bin" "${bootable_dir}/syslinux/" - -_msg_info "Done! SYSLINUX set up for BIOS booting from an optical disc successfully." + local bootable_dir="${1}" + _msg_info "Setting up SYSLINUX for BIOS booting from an optical disc..." + install -d -m 0755 -- "${bootable_dir}/syslinux" + install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/isolinux.bin" "${bootable_dir}/syslinux/" + install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/isohdpfx.bin" "${bootable_dir}/syslinux/" + + _msg_info "Done! SYSLINUX set up for BIOS booting from an optical disc successfully." } _make_bootmode_bios.syslinux.eltorito_iso() { -_make_bootmode_bios.syslinux.eltorito "${isofs_dir}" -_run_once _make_bootmode_bios.syslinux.mbr_iso + _make_bootmode_bios.syslinux.eltorito "${isofs_dir}" + _run_once _make_bootmode_bios.syslinux.mbr_iso } _make_bootmode_bios.syslinux.eltorito_keys() { -_make_bootmode_bios.syslinux.eltorito "${keys_isofs_dir}" -_run_once _make_bootmode_bios.syslinux.mbr_keys + _make_bootmode_bios.syslinux.eltorito "${keys_isofs_dir}" + _run_once _make_bootmode_bios.syslinux.mbr_keys } # Copy kernel and initramfs to FAT image @@ -937,27 +937,19 @@ _make_efibootimg_grubcfg() { "${work_dir}/grub.cfg" ::/EFI/BOOT/grub.cfg } - _make_bootmode_uefi-ia32.grub.esp_iso() { - _make_bootmode_uefi-ia32.grub.esp "iso" -} - -_make_bootmode_uefi-ia32.grub.esp_keys() { -_make_bootmode_uefi-ia32.grub.esp "keys" -} - _make_bootmode_uefi-ia32.grub.esp() { -local bootable="${1}" -local archiso_uuid -TZ=UTC printf -v archiso_uuid '%(%F-%H-%M-%S-00)T' "${SOURCE_DATE_EPOCH}" -# Fill Grub configuration files -sed "s|%ARCHISO_LABEL%|${iso_label}|g; -s|%ARCHISO_UUID%|${archiso_uuid}|g; -s|%INSTALL_DIR%|${install_dir}|g; -s|%CRYPTO_PARAMS%|$(_get_crypto_params)|g; -s|%ARCH%|${arch}|g" \ - "${profile}/grub/grub.cfg" > "${work_dir}/grub.cfg" - -IFS='' read -r -d '' grubembedcfg <<'EOF' || true + local bootable="${1}" + local archiso_uuid + TZ=UTC printf -v archiso_uuid '%(%F-%H-%M-%S-00)T' "${SOURCE_DATE_EPOCH}" + # Fill Grub configuration files + sed "s|%ARCHISO_LABEL%|${iso_label}|g; + s|%ARCHISO_UUID%|${archiso_uuid}|g; + s|%INSTALL_DIR%|${install_dir}|g; + s|%CRYPTO_PARAMS%|$(_get_crypto_params)|g; + s|%ARCH%|${arch}|g" \ + "${profile}/grub/grub.cfg" > "${work_dir}/grub.cfg" + + IFS='' read -r -d '' grubembedcfg <<'EOF' || true if ! [ -d "$cmdpath" ]; then # On some firmware, GRUB has a wrong cmdpath when booted from an optical disc. # https://gitlab.archlinux.org/archlinux/archiso/-/issues/183 @@ -967,7 +959,7 @@ if ! [ -d "$cmdpath" ]; then fi configfile "${cmdpath}/grub.cfg" EOF -printf '%s\n' "$grubembedcfg" > "${work_dir}/grub-embed.cfg" + printf '%s\n' "$grubembedcfg" > "${work_dir}/grub-embed.cfg" # Create EFI binary grub-mkstandalone -O i386-efi \ @@ -1007,6 +999,14 @@ printf '%s\n' "$grubembedcfg" > "${work_dir}/grub-embed.cfg" _msg_info "Done! GRUB set up for UEFI booting successfully." } +_make_bootmode_uefi-ia32.grub.esp_iso() { + _make_bootmode_uefi-ia32.grub.esp "iso" +} + +_make_bootmode_uefi-ia32.grub.esp_keys() { + _make_bootmode_uefi-ia32.grub.esp "keys" +} + _make_bootmode_uefi-ia32.grub.eltorito_iso() { _make_bootmode_uefi-ia32.grub.eltorito "${isofs_dir}" "iso" } @@ -1978,7 +1978,7 @@ _add_xorrisofs_options_uefi-x64.grub.eltorito() { '-e' 'EFI/archiso/efiboot.img' # Boot image is not emulating floppy or hard disk; required for all known boot loaders '-no-emul-boot' - ) + ) fi # Specify where to save the El Torito boot catalog file in case it is not already set by bios.syslinux.eltorito # shellcheck disable=SC2076 @@ -1987,11 +1987,11 @@ _add_xorrisofs_options_uefi-x64.grub.eltorito() { } _add_xorrisofs_options_uefi-x64.grub.eltorito_iso() { - xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.grub.eltorito "${isofs_dir}" "${xorrisofs_options[@]}")") + xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.grub.eltorito "${xorrisofs_options[@]}")") } _add_xorrisofs_options_uefi-x64.grub.eltorito_keys() { - keys_xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.systemd-boot.eltorito "${keys_isofs_dir}" "${keys_xorrisofs_options[@]}")") + keys_xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.grub.eltorito "${keys_xorrisofs_options[@]}")") } # Build bootstrap image -- GitLab From 8351ddbd225f39da15c98f4c6ccbc814bbf539ff Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 25 Jul 2022 15:34:24 +0000 Subject: [PATCH 287/347] maybe fixed --- archiso/mkarchiso | 44 ++++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 31a325e2..f10a4efb 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1007,14 +1007,6 @@ _make_bootmode_uefi-ia32.grub.esp_keys() { _make_bootmode_uefi-ia32.grub.esp "keys" } -_make_bootmode_uefi-ia32.grub.eltorito_iso() { -_make_bootmode_uefi-ia32.grub.eltorito "${isofs_dir}" "iso" -} - -_make_bootmode_uefi-ia32.grub.eltorito_keys() { -_make_bootmode_uefi-ia32.grub.eltorito "${keys_isofs_dir}" "keys" -} - # Prepare GRUB for El Torito booting _make_bootmode_uefi-ia32.grub.eltorito() { local bootable_dir="${1}" @@ -1045,12 +1037,12 @@ _make_bootmode_uefi-ia32.grub.eltorito() { _msg_info "Done!" } -_make_bootmode_uefi-x64.grub.esp_iso() { -_make_bootmode_uefi-x64.grub.esp +_make_bootmode_uefi-ia32.grub.eltorito_iso() { + _make_bootmode_uefi-ia32.grub.eltorito "${isofs_dir}" "iso" } -_make_bootmode_uefi-x64.grub.esp_keys() { -_make_bootmode_uefi-x64.grub.esp +_make_bootmode_uefi-ia32.grub.eltorito_keys() { + _make_bootmode_uefi-ia32.grub.eltorito "${keys_isofs_dir}" "keys" } _make_bootmode_uefi-x64.grub.esp() { @@ -1105,12 +1097,12 @@ EOF _msg_info "Done! GRUB set up for UEFI booting successfully." } -_make_bootmode_uefi-x64.grub.eltorito_iso() { - _make_bootmode_uefi-x64.grub.eltorito "${isofs_dir}" "iso" +_make_bootmode_uefi-x64.grub.esp_iso() { + _make_bootmode_uefi-x64.grub.esp } -_make_bootmode_uefi-x64.grub.eltorito_keys() { - _make_bootmode_uefi-x64.grub.eltorito "${keys_isofs_dir}" "keys" +_make_bootmode_uefi-x64.grub.esp_keys() { + _make_bootmode_uefi-x64.grub.esp } # Prepare GRUB for El Torito booting @@ -1142,12 +1134,12 @@ _make_bootmode_uefi-x64.grub.eltorito() { _msg_info "Done!" } -_make_bootmode_uefi-x64.systemd-boot.esp_iso() { -_make_bootmode_uefi-x64.systemd-boot.esp +_make_bootmode_uefi-x64.grub.eltorito_iso() { + _make_bootmode_uefi-x64.grub.eltorito "${isofs_dir}" "iso" } -_make_bootmode_uefi-x64.systemd-boot.esp_keys() { -_make_bootmode_uefi-x64.systemd-boot.esp +_make_bootmode_uefi-x64.grub.eltorito_keys() { + _make_bootmode_uefi-x64.grub.eltorito "${keys_isofs_dir}" "keys" } # Prepare systemd-boot for booting when written to a disk (isohybrid) @@ -1204,6 +1196,14 @@ _make_bootmode_uefi-x64.systemd-boot.esp() { _msg_info "Done! systemd-boot set up for UEFI booting successfully." } +_make_bootmode_uefi-x64.systemd-boot.esp_iso() { + _make_bootmode_uefi-x64.systemd-boot.esp +} + +_make_bootmode_uefi-x64.systemd-boot.esp_keys() { + _make_bootmode_uefi-x64.systemd-boot.esp +} + # Prepare systemd-boot for El Torito booting _make_bootmode_uefi-x64.systemd-boot.eltorito() { local bootable_dir="${1}" @@ -1987,11 +1987,11 @@ _add_xorrisofs_options_uefi-x64.grub.eltorito() { } _add_xorrisofs_options_uefi-x64.grub.eltorito_iso() { - xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.grub.eltorito "${xorrisofs_options[@]}")") + xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.grub.eltorito "${isofs_dir}" "${xorrisofs_options[@]}")") } _add_xorrisofs_options_uefi-x64.grub.eltorito_keys() { - keys_xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.grub.eltorito "${keys_xorrisofs_options[@]}")") + keys_xorrisofs_options=("$(_add_xorrisofs_options_uefi-x64.grub.eltorito "${keys_isofs_dir}" "${keys_xorrisofs_options[@]}")") } # Build bootstrap image -- GitLab From fad77b178afa1558cfa4bacfd8583e5595b99fe9 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 25 Jul 2022 16:09:50 +0000 Subject: [PATCH 288/347] maybe fixed --- archiso/mkarchiso | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index f10a4efb..ce66e3e1 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -2056,7 +2056,7 @@ _build_keys_image() { '-output' "\"${out_dir}/${image_name}\"" "${keys_isofs_dir}/" ) - xorriso "${keys_xorriso_cmd_line[@]}" + eval "xorriso ${keys_xorriso_cmd_line[*]}" _msg_info "Done!" du -h -- "${out_dir}/${image_name}" } @@ -2103,7 +2103,7 @@ _build_iso_image() { ) _msg_info "Creating ISO image..." _msg_info "xorriso args: ${xorriso_cmd_line[*]}" - xorriso "${xorriso_cmd_line[@]}" + eval "xorriso ${xorriso_cmd_line[*]}" _msg_info "Done!" du -h -- "${out_dir}/${image_name}" -- GitLab From e8c11a45893dadde90c376346abd1abab1103975 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 25 Jul 2022 19:19:28 +0000 Subject: [PATCH 289/347] maybe fixed --- archiso/mkarchiso | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index ce66e3e1..876f3192 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -160,8 +160,12 @@ _cleanup_pacstrap_dir() { # Move files from pacstrap_dir /boot if [[ " ${buildmodes[*]} " =~ ' keys ' ]]; then - install -d -m 0755 "${work_dir}/keys_iso" - [[ -d "${pacstrap_dir}/boot" ]] && mv "${pacstrap_dir}/boot" "${work_dir}/keys_iso" + install -d -m 0755 "${work_dir}/keys_iso/boot" + if [[ -d "${pacstrap_dir}/boot" ]]; then + mv "${pacstrap_dir}/boot/initramfs"*"img" "${work_dir}/keys_iso/boot" + mv "${pacstrap_dir}/boot/vmlinuz"*"img" "${work_dir}/keys_iso/boot" + find "${pacstrap_dir}/boot" -maxdepth 1 -type f -delete + fi fi # Delete pacman database sync cache files (*.tar.gz) [[ -d "${pacstrap_dir}/var/lib/pacman" ]] && find "${pacstrap_dir}/var/lib/pacman" -maxdepth 1 -type f -delete @@ -2416,6 +2420,7 @@ _build_buildmode_keys() { _build_keys_base _run_once _build_keys_image } + # build all buildmodes _build() { local buildmode -- GitLab From 6c6b3cbe4191aaf5486be9c0f717396e3b9973bf Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 25 Jul 2022 19:30:51 +0000 Subject: [PATCH 290/347] maybe fixed --- archiso/mkarchiso | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 876f3192..7ae585c8 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -160,10 +160,13 @@ _cleanup_pacstrap_dir() { # Move files from pacstrap_dir /boot if [[ " ${buildmodes[*]} " =~ ' keys ' ]]; then - install -d -m 0755 "${work_dir}/keys_iso/boot" + install -d -m 0755 "${work_dir}/boot" if [[ -d "${pacstrap_dir}/boot" ]]; then - mv "${pacstrap_dir}/boot/initramfs"*"img" "${work_dir}/keys_iso/boot" - mv "${pacstrap_dir}/boot/vmlinuz"*"img" "${work_dir}/keys_iso/boot" + mv "${pacstrap_dir}/boot/initramfs"*"img" "${work_dir}/boot" + mv "${pacstrap_dir}/boot/vmlinuz"*"img" "${work_dir}/boot" + for ucode_image in "${ucodes[@]}"; do + mv "${pacstrap_dir}/boot/${ucode_image}" "${work_dir}/boot" + done find "${pacstrap_dir}/boot" -maxdepth 1 -type f -delete fi fi @@ -749,7 +752,7 @@ _make_boot_on_keys() { _make_boot_on_iso() { local bootable_dir="${1}" local _query _src ucode_image - local boot_dir="${bootable_dir}/${install_dir}/boot/${arch}/" + local boot_dir="${bootable_dir}/${install_dir}/boot" local images=("initramfs" "vmlinuz") _msg_info "Preparing kernel and initramfs for the ISO 9660 file system in ${bootable_dir}..." @@ -764,8 +767,8 @@ _make_boot_on_iso() { done for ucode_image in "${ucodes[@]}"; do - if [[ -e "${pacstrap_dir}/boot/${ucode_image}" ]]; then - install -m 0644 -- "${pacstrap_dir}/boot/${ucode_image}" "${bootable_dir}/${install_dir}/boot/" + if [[ -e "${work_dir}/boot/${ucode_image}" ]]; then + install -m 0644 -- "${work_dir}/boot/${ucode_image}" "${bootable_dir}/${install_dir}/boot/" if [[ -e "${pacstrap_dir}/usr/share/licenses/${ucode_image%.*}/" ]]; then install -d -m 0755 -- "${bootable_dir}/${install_dir}/boot/licenses/${ucode_image%.*}/" install -m 0644 -- "${pacstrap_dir}/usr/share/licenses/${ucode_image%.*}/"* \ @@ -894,6 +897,8 @@ _make_boot_on_fat() { for ucode_image in "${ucodes[@]}"; do if [[ -e "${pacstrap_dir}/boot/${ucode_image}" ]]; then all_ucode_images+=("${pacstrap_dir}/boot/${ucode_image}") + elif [[ -e "${work_dir}/boot/${ucode_image}" ]]; then + all_ucode_images+=("${work_dir}/boot/${ucode_image}") fi done if (( ${#all_ucode_images[@]} )); then -- GitLab From bfa92597396ad9ddca8511e334c7c287d7e23d1e Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 25 Jul 2022 19:38:49 +0000 Subject: [PATCH 291/347] maybe fixed --- archiso/mkarchiso | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 7ae585c8..3c70a628 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -162,10 +162,13 @@ _cleanup_pacstrap_dir() { if [[ " ${buildmodes[*]} " =~ ' keys ' ]]; then install -d -m 0755 "${work_dir}/boot" if [[ -d "${pacstrap_dir}/boot" ]]; then - mv "${pacstrap_dir}/boot/initramfs"*"img" "${work_dir}/boot" - mv "${pacstrap_dir}/boot/vmlinuz"*"img" "${work_dir}/boot" + cp -af --no-preserve=ownership,mode -- "${pacstrap_dir}/boot/initramfs"*"img" "${work_dir}/boot" + cp -af --no-preserve=ownership,mode -- "${pacstrap_dir}/boot/vmlinuz"*"img" "${work_dir}/boot" + # mv "${pacstrap_dir}/boot/initramfs"*"img" "${work_dir}/boot" + # mv "${pacstrap_dir}/boot/vmlinuz"*"img" "${work_dir}/boot" for ucode_image in "${ucodes[@]}"; do - mv "${pacstrap_dir}/boot/${ucode_image}" "${work_dir}/boot" + cp -af --no-preserve=ownership,mode -- "${pacstrap_dir}/boot/${ucode_image}" "${work_dir}/boot" + # mv "${pacstrap_dir}/boot/${ucode_image}" "${work_dir}/boot" done find "${pacstrap_dir}/boot" -maxdepth 1 -type f -delete fi -- GitLab From 49b8d8051bfd9d9f650fb5dd7eace756d0534c72 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 25 Jul 2022 19:41:05 +0000 Subject: [PATCH 292/347] maybe fixed --- archiso/mkarchiso | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 3c70a628..0a807f18 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -162,13 +162,14 @@ _cleanup_pacstrap_dir() { if [[ " ${buildmodes[*]} " =~ ' keys ' ]]; then install -d -m 0755 "${work_dir}/boot" if [[ -d "${pacstrap_dir}/boot" ]]; then - cp -af --no-preserve=ownership,mode -- "${pacstrap_dir}/boot/initramfs"*"img" "${work_dir}/boot" - cp -af --no-preserve=ownership,mode -- "${pacstrap_dir}/boot/vmlinuz"*"img" "${work_dir}/boot" - # mv "${pacstrap_dir}/boot/initramfs"*"img" "${work_dir}/boot" - # mv "${pacstrap_dir}/boot/vmlinuz"*"img" "${work_dir}/boot" + for _query in "${_queries[@]}"; do + for _file in $(find "${work_dir}" | grep "${_query}..img"); do + _src="${work_dir}/${_file}" + cp -af --no-preserve=ownership,mode -- "${_src}" "${work_dir}/boot" + done + done for ucode_image in "${ucodes[@]}"; do cp -af --no-preserve=ownership,mode -- "${pacstrap_dir}/boot/${ucode_image}" "${work_dir}/boot" - # mv "${pacstrap_dir}/boot/${ucode_image}" "${work_dir}/boot" done find "${pacstrap_dir}/boot" -maxdepth 1 -type f -delete fi -- GitLab From 1e8911abeeb795f33d8ca071be261e65435217a0 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 25 Jul 2022 21:21:32 +0000 Subject: [PATCH 293/347] maybe fixed --- archiso/mkarchiso | 82 ++++++++++++++++++++++------------------------- 1 file changed, 38 insertions(+), 44 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 0a807f18..17f50fcd 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -156,37 +156,37 @@ _show_config() { # Cleanup airootfs _cleanup_pacstrap_dir() { + local _images=("initramfs*img" "vmlinuz-*" "${ucodes[@]}") + local _root="${pacstrap_dir}" + local _boot="${_root}/boot" + local _log="${pacstrap_dir}/var/log" + local _machine_id="${pacstrap_dir}/etc/machine-id" + local _pacman_db="${_root}/var/lib/pacman" + local _pacman_cache="${_root}/var/cache/pacman/pkg" + local _tmp="${pacstrap_dir}/var/tmp" + local _cp_opts=('-af' '--no-preserve=ownership,mode') _msg_info "Cleaning up in pacstrap location..." - # Move files from pacstrap_dir /boot + # Move kernel, initramfs and microcodes for later usage if [[ " ${buildmodes[*]} " =~ ' keys ' ]]; then install -d -m 0755 "${work_dir}/boot" - if [[ -d "${pacstrap_dir}/boot" ]]; then - for _query in "${_queries[@]}"; do - for _file in $(find "${work_dir}" | grep "${_query}..img"); do - _src="${work_dir}/${_file}" - cp -af --no-preserve=ownership,mode -- "${_src}" "${work_dir}/boot" - done - done - for ucode_image in "${ucodes[@]}"; do - cp -af --no-preserve=ownership,mode -- "${pacstrap_dir}/boot/${ucode_image}" "${work_dir}/boot" - done - find "${pacstrap_dir}/boot" -maxdepth 1 -type f -delete - fi + for _query in "${_images[@]}"; do + find "${_boot}" -iname "${_query}" -exec cp "${_cp_opts[@]}" -- "${_boot}/"{} "${work_dir}/boot" \; + done fi + [[ -d "${_boot}" ]] && find "${_boot}" -maxdepth 1 -type f -delete # Delete pacman database sync cache files (*.tar.gz) - [[ -d "${pacstrap_dir}/var/lib/pacman" ]] && find "${pacstrap_dir}/var/lib/pacman" -maxdepth 1 -type f -delete + [[ -d "${_pacman_db}" ]] && find "${_pacman_db}" -maxdepth 1 -type f -delete # Delete pacman database sync cache - [[ -d "${pacstrap_dir}/var/lib/pacman/sync" ]] && find "${pacstrap_dir}/var/lib/pacman/sync" -delete - # Delete pacman package cache - [[ -d "${pacstrap_dir}/var/cache/pacman/pkg" ]] && find "${pacstrap_dir}/var/cache/pacman/pkg" -type f -delete + [[ -d "${_pacman_db}/sync" ]] && find "${_pacman_db}/sync" -delete + # Delete pacman cache files + [[ -d "${_pacman_cache}" ]] && find "${_pacman_cache}" -type f -delete # Delete all log files, keeps empty dirs. - [[ -d "${pacstrap_dir}/var/log" ]] && find "${pacstrap_dir}/var/log" -type f -delete + [[ -d "${_log}" ]] && find "${_log}" -type f -delete # Delete all temporary files and dirs - [[ -d "${pacstrap_dir}/var/tmp" ]] && find "${pacstrap_dir}/var/tmp" -mindepth 1 -delete + [[ -d "${_tmp}" ]] && find "${_tmp}" -mindepth 1 -delete # Delete package pacman related files. find "${work_dir}" \( -name '*.pacnew' -o -name '*.pacsave' -o -name '*.pacorig' \) -delete - local _machine_id="${pacstrap_dir}/etc/machine-id" if [[ "${persistent_size_kib}" != "" ]]; then dbus-uuidgen --ensure="${_machine_id}" else @@ -756,28 +756,26 @@ _make_boot_on_keys() { _make_boot_on_iso() { local bootable_dir="${1}" local _query _src ucode_image + local _cp_opts=('-af' '--no-preserve=ownership,mode') local boot_dir="${bootable_dir}/${install_dir}/boot" - local images=("initramfs" "vmlinuz") + local kernel_dir="${bootable_dir}/${install_dir}/boot/${arch}" + local licenses_src="${pacstrap_dir}/usr/share/licenses" + local licenses_dest="${boot_dir}/licenses" + local images=("initramfs*img" "vmlinuz-*") _msg_info "Preparing kernel and initramfs for the ISO 9660 file system in ${bootable_dir}..." - install -d -m 0755 -- "${boot_dir}" + install -d -m 0755 -- "${kernel_dir}" for _query in "${images[@]}"; do - for _file in $(find "${work_dir}" | grep "${_query}..img"); do - _src="${work_dir}/${_file}" - _msg_info "${_src}" - cp -af --no-preserve=ownership,mode "${_src}" "${boot_dir}" - chmod 0644 "${boot_dir}/${_file}" - done + find "${work_dir}" -iname "${_query}" -exec cp "${_cp_opts[@]}" "${work_dir}/"{} "${kernel_dir}" \; + find "${kernel_dir}" -iname "${_query}" -exec chmod 0644 "${kernel_dir}/"{} \; done for ucode_image in "${ucodes[@]}"; do - if [[ -e "${work_dir}/boot/${ucode_image}" ]]; then - install -m 0644 -- "${work_dir}/boot/${ucode_image}" "${bootable_dir}/${install_dir}/boot/" - if [[ -e "${pacstrap_dir}/usr/share/licenses/${ucode_image%.*}/" ]]; then - install -d -m 0755 -- "${bootable_dir}/${install_dir}/boot/licenses/${ucode_image%.*}/" - install -m 0644 -- "${pacstrap_dir}/usr/share/licenses/${ucode_image%.*}/"* \ - "${bootable_dir}/${install_dir}/boot/licenses/${ucode_image%.*}/" - fi + find "${work_dir}" -iname "${ucode_image}" -exec cp "${_cp_opts[@]}" "${work_dir}/"{} "${boot_dir}" \; + find "${boot_dir}" -iname "${_query}" -exec chmod 0644 "${boot_dir}/"{} \; + if [[ -e "${licenses_src}/${ucode_image%.*}/" ]]; then + install -d -m 0755 -- "${licenses_dest}/${ucode_image%.*}/" + install -m 0644 -- "${licenses_src}/${ucode_image%.*}/"* "${licenses_dest}/${ucode_image%.*}/" fi done _msg_info "Done!" @@ -887,23 +885,19 @@ _make_bootmode_bios.syslinux.eltorito_keys() { # Copy kernel and initramfs to FAT image _make_boot_on_fat() { local ucode_image all_ucode_images=() - local _file _queries _src + local _file _images _src _msg_info "Preparing kernel and initramfs for the FAT file system..." - _queries=("initramfs" "vmlinuz") + _images=("initramfs*img" "vmlinuz-*") mmd -i "${efibootimg}" \ "::/${install_dir}" "::/${install_dir}/boot" "::/${install_dir}/boot/${arch}" - for _query in "${_queries[@]}"; do - for _file in $(find "${work_dir}" | grep "${_query}..img"); do + for _query in "${_images[@]}"; do + find "${work_dir}" -iname "${_query}" -print0 | while IFS= read -r -d '' _file; do _src="${work_dir}/${_file}" mcopy -i "${efibootimg}" "${_src}" "::/${install_dir}/boot/${arch}/" done done for ucode_image in "${ucodes[@]}"; do - if [[ -e "${pacstrap_dir}/boot/${ucode_image}" ]]; then - all_ucode_images+=("${pacstrap_dir}/boot/${ucode_image}") - elif [[ -e "${work_dir}/boot/${ucode_image}" ]]; then - all_ucode_images+=("${work_dir}/boot/${ucode_image}") - fi + all_ucode_images+=("$(find "${work_dir}" -iname "${ucode_image}" -exec echo "${work_dir}/"{} \;)") done if (( ${#all_ucode_images[@]} )); then mcopy -i "${efibootimg}" "${all_ucode_images[@]}" "::/${install_dir}/boot/" -- GitLab From 920a76a3c18b6e335227b0190359f9f525429234 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 25 Jul 2022 21:33:14 +0000 Subject: [PATCH 294/347] maybe fixed --- archiso/mkarchiso | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 17f50fcd..945e5e2c 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -171,7 +171,7 @@ _cleanup_pacstrap_dir() { if [[ " ${buildmodes[*]} " =~ ' keys ' ]]; then install -d -m 0755 "${work_dir}/boot" for _query in "${_images[@]}"; do - find "${_boot}" -iname "${_query}" -exec cp "${_cp_opts[@]}" -- "${_boot}/"{} "${work_dir}/boot" \; + find "${_boot}" -iname "${_query}" -exec cp "${_cp_opts[@]}" -- {} "${work_dir}/boot" \; done fi [[ -d "${_boot}" ]] && find "${_boot}" -maxdepth 1 -type f -delete @@ -766,13 +766,13 @@ _make_boot_on_iso() { install -d -m 0755 -- "${kernel_dir}" for _query in "${images[@]}"; do - find "${work_dir}" -iname "${_query}" -exec cp "${_cp_opts[@]}" "${work_dir}/"{} "${kernel_dir}" \; - find "${kernel_dir}" -iname "${_query}" -exec chmod 0644 "${kernel_dir}/"{} \; + find "${work_dir}" -iname "${_query}" -exec cp "${_cp_opts[@]}" {} "${kernel_dir}" \; + find "${kernel_dir}" -iname "${_query}" -exec chmod 0644 {} \; done for ucode_image in "${ucodes[@]}"; do - find "${work_dir}" -iname "${ucode_image}" -exec cp "${_cp_opts[@]}" "${work_dir}/"{} "${boot_dir}" \; - find "${boot_dir}" -iname "${_query}" -exec chmod 0644 "${boot_dir}/"{} \; + find "${work_dir}" -iname "${ucode_image}" -exec cp "${_cp_opts[@]}" {} "${boot_dir}" \; + find "${boot_dir}" -iname "${_query}" -exec chmod 0644 {} \; if [[ -e "${licenses_src}/${ucode_image%.*}/" ]]; then install -d -m 0755 -- "${licenses_dest}/${ucode_image%.*}/" install -m 0644 -- "${licenses_src}/${ucode_image%.*}/"* "${licenses_dest}/${ucode_image%.*}/" @@ -891,13 +891,10 @@ _make_boot_on_fat() { mmd -i "${efibootimg}" \ "::/${install_dir}" "::/${install_dir}/boot" "::/${install_dir}/boot/${arch}" for _query in "${_images[@]}"; do - find "${work_dir}" -iname "${_query}" -print0 | while IFS= read -r -d '' _file; do - _src="${work_dir}/${_file}" - mcopy -i "${efibootimg}" "${_src}" "::/${install_dir}/boot/${arch}/" - done + find "${work_dir}" -iname "${_query}" -exec mcopy -i "${efibootimg}" {} "::/${install_dir}/boot/${arch}/" \; done for ucode_image in "${ucodes[@]}"; do - all_ucode_images+=("$(find "${work_dir}" -iname "${ucode_image}" -exec echo "${work_dir}/"{} \;)") + all_ucode_images+=("$(find "${work_dir}" -iname "${ucode_image}" -exec echo {} \;)") done if (( ${#all_ucode_images[@]} )); then mcopy -i "${efibootimg}" "${all_ucode_images[@]}" "::/${install_dir}/boot/" -- GitLab From 3a1b3f56638a65d0a89d56e8baa3ec70dfbb19f6 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Fri, 29 Jul 2022 18:58:39 +0200 Subject: [PATCH 295/347] check --- archiso/mkarchiso | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 945e5e2c..785d4080 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -598,7 +598,7 @@ _run_once() { "$1" touch "${work_dir}/${run_once_mode}.${1}" else - if [ "${quiet}" == "n" ]; then + if [ "${quiet}" != "y" ]; then _msg_info "Command ${1} already run" fi fi @@ -795,7 +795,8 @@ _get_crypto_params() { _cparams=("root=/dev/mapper/root" "cryptdevice=UUID=${_archiso_uuid},${_airootfs_path}:root:readonly") if [ "${encryption_key}" != "" ]; then - _cparams+=("cryptkey=UUID=${_keys_uuid}:iso9660,${_keys_fs_type}:${_keys_path},airootfs.key") + _cparams+=("cryptkey=UUID=${_keys_uuid}:iso9660,${_keys_fs_type}:${_keys_path},airootfs.key" + "sigdevice=UUID=${_keys_uuid}:iso9660:${_airootfs_path}.sig") fi echo "${_cparams[@]}" else @@ -1440,15 +1441,20 @@ _validate_requirements_bootmode_uefi-x64.grub.eltorito() { # Build airootfs filesystem image _prepare_airootfs_image() { - local airootfs_size pacstrap_size + local _airootfs airootfs_size pacstrap_size + _airootfs="${airootfs_img_dir}/airootfs.$(_get_fs_ext "airootfs")" pacstrap_size=$(du -s "${pacstrap_dir}" | cut -f 1) airootfs_size=$((pacstrap_size+200000)) _run_once "_mkairootfs_${airootfs_image_type}" - _mkchecksum "${airootfs_img_dir}/airootfs.$(_get_fs_ext "airootfs")" + _mkchecksum "${_airootfs}" if [[ -n "${gpg_key}" ]]; then - _mksignature "${airootfs_img_dir}/airootfs.$(_get_fs_ext "airootfs")" + _mksignature "${_airootfs}" + if [[ " ${buildmodes[*]} " =~ ' keys ' ]]; then + install -Dm711 "${keys_isofs_dir}" + cp "${_airootfs}.sig" "${keys_isofs_dir}" + fi fi } -- GitLab From aaf20ecf4d1a0fa4a16a91be67710cd131840e37 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Fri, 29 Jul 2022 19:23:36 +0200 Subject: [PATCH 296/347] check --- archiso/mkarchiso | 1 + 1 file changed, 1 insertion(+) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 785d4080..9c6abb22 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1452,6 +1452,7 @@ _prepare_airootfs_image() { if [[ -n "${gpg_key}" ]]; then _mksignature "${_airootfs}" if [[ " ${buildmodes[*]} " =~ ' keys ' ]]; then + keys_isofs_dir="${work_dir}/keys_iso" install -Dm711 "${keys_isofs_dir}" cp "${_airootfs}.sig" "${keys_isofs_dir}" fi -- GitLab From f50e78fda31efffda936b5bc6a654ffa867c8570 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sat, 30 Jul 2022 10:49:10 +0200 Subject: [PATCH 297/347] check --- archiso/mkarchiso | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 9c6abb22..16ee5596 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1454,7 +1454,7 @@ _prepare_airootfs_image() { if [[ " ${buildmodes[*]} " =~ ' keys ' ]]; then keys_isofs_dir="${work_dir}/keys_iso" install -Dm711 "${keys_isofs_dir}" - cp "${_airootfs}.sig" "${keys_isofs_dir}" + cp "${_airootfs}.sig" "${work_dir}" fi fi } @@ -2320,15 +2320,14 @@ _make_pkglist() { # build the base for an ISO and/or a netboot target _build_keys_base() { local run_once_mode="base" - - # Set up essential directory paths - # keys_isofs_dir="${work_dir}/keys_iso" - # keys_dir="${work_dir}/keys" + local _airootfs + _airootfs="${work_dir}/airootfs.$(_get_fs_ext "airootfs")" [[ -d "${keys_dir}" ]] || install -d -- "${keys_dir}" [[ -d "${keys_isofs_dir}" ]] || install -d -- "${keys_isofs_dir}" cp "${encryption_key}" "${keys_dir}/airootfs.key" + cp "${work_dir}/${_airootfs}.sig" "${keys_isofs_dir}" _run_once _make_boot_on_keys _make_bootmodes_keys -- GitLab From 907d41a98cdb4d64174410ae966d53ff8e4b6eeb Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sat, 30 Jul 2022 11:07:16 +0200 Subject: [PATCH 298/347] fix sigpath --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 16ee5596..801b876c 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -2327,7 +2327,7 @@ _build_keys_base() { [[ -d "${keys_isofs_dir}" ]] || install -d -- "${keys_isofs_dir}" cp "${encryption_key}" "${keys_dir}/airootfs.key" - cp "${work_dir}/${_airootfs}.sig" "${keys_isofs_dir}" + cp "${_airootfs}.sig" "${keys_isofs_dir}" _run_once _make_boot_on_keys _make_bootmodes_keys -- GitLab From 0b241065eb4cf4f3065277412058c959cc73ae70 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sat, 30 Jul 2022 12:32:07 +0200 Subject: [PATCH 299/347] fix sig path --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 801b876c..90e442fb 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -2321,7 +2321,7 @@ _make_pkglist() { _build_keys_base() { local run_once_mode="base" local _airootfs - _airootfs="${work_dir}/airootfs.$(_get_fs_ext "airootfs")" + _airootfs="${work_dir}/iso/${install_dir}/${arch}/airootfs.$(_get_fs_ext "airootfs")" [[ -d "${keys_dir}" ]] || install -d -- "${keys_dir}" [[ -d "${keys_isofs_dir}" ]] || install -d -- "${keys_isofs_dir}" -- GitLab From be3b23c22bf2fc8a237f2eddc29f32ef10af0634 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sat, 30 Jul 2022 15:06:08 +0200 Subject: [PATCH 300/347] add gpg home option --- archiso/mkarchiso | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 90e442fb..d0665fab 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -21,6 +21,7 @@ work_dir="" out_dir="" gpg_key="" gpg_sender="" +gpg_home="" iso_name="" iso_label="" iso_publisher="" @@ -110,6 +111,7 @@ usage: ${app_name} [options] Passed to gpg as the value for --default-key -G Set the PGP signer (must include an email address) Passed to gpg as the value for --sender + -H Set the gpg home directory. -h This message -m [mode ..] Build mode(s) to use (valid modes are: 'bootstrap', 'iso' and 'netboot'). Multiple build modes are provided as quoted, space delimited list. @@ -141,6 +143,7 @@ _show_config() { _msg_info " Build modes: ${buildmodes[*]}" _msg_info " GPG key: ${gpg_key:-None}" _msg_info " GPG signer: ${gpg_sender:-None}" + _msg_info " GPG Home: ${gpg_home:-None}" _msg_info " Encryption Key: ${encryption_key:-None}" _msg_info "Code signing certificates: ${cert_list[*]:-None}" _msg_info " Profile: ${profile}" @@ -548,9 +551,9 @@ _mksignature() { _msg_info "Signing $(basename "${_file}")..." # always use the .sig file extension, as that is what # mkinitcpio-archiso's hooks expect - gpg --batch --no-armor --no-include-key-block \ - --output "${_file}.sig" --detach-sign \ - --default-key "${gpg_key}" "${gpg_options[@]}" "${_file}" + GNUPGHOME="${gpg_home}" gpg --batch --no-armor --no-include-key-block \ + --output "${_file}.sig" --detach-sign \ + --default-key "${gpg_key}" "${gpg_options[@]}" "${_file}" fi _msg_info "Done!" } @@ -2238,6 +2241,7 @@ _set_overrides() { fi [[ ! -v override_gpg_key ]] || gpg_key="$override_gpg_key" [[ ! -v override_gpg_sender ]] || gpg_sender="$override_gpg_sender" + [[ ! -v override_gpg_home ]] || gpg_home="$override_gpg_home" if [[ -v override_cert_list ]]; then sign_netboot_artifacts="y" fi @@ -2262,7 +2266,7 @@ _set_overrides() { _export_gpg_publickey() { rm -f -- "${work_dir}/pubkey.gpg" - gpg --batch --no-armor --output "${work_dir}/pubkey.gpg" --export "${gpg_key}" + GNUPGHOME="${gnupg_home}" gpg --batch --no-armor --output "${work_dir}/pubkey.gpg" --export "${gpg_key}" } _make_version() { @@ -2437,7 +2441,7 @@ _build() { done } -while getopts 'c:p:C:L:P:A:D:w:m:o:g:G:vh?' arg; do +while getopts 'c:p:C:L:P:A:D:w:m:o:g:G:H:vh?' arg; do case "${arg}" in p) read -r -a override_pkg_list <<< "${OPTARG}" ;; C) override_pacman_conf="${OPTARG}" ;; @@ -2451,6 +2455,7 @@ while getopts 'c:p:C:L:P:A:D:w:m:o:g:G:vh?' arg; do o) override_out_dir="${OPTARG}" ;; g) override_gpg_key="${OPTARG}" ;; G) override_gpg_sender="${OPTARG}" ;; + H) override_gpg_home="${OPTARG}" ;; v) override_quiet="n" ;; h|?) _usage 0 ;; *) -- GitLab From 64576221d5b90327e0071cca9873bf9bfaff683e Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sat, 30 Jul 2022 15:07:17 +0200 Subject: [PATCH 301/347] add gpg home option --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index d0665fab..d8bf7c7e 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -2266,7 +2266,7 @@ _set_overrides() { _export_gpg_publickey() { rm -f -- "${work_dir}/pubkey.gpg" - GNUPGHOME="${gnupg_home}" gpg --batch --no-armor --output "${work_dir}/pubkey.gpg" --export "${gpg_key}" + GNUPGHOME="${gpg_home}" gpg --batch --no-armor --output "${work_dir}/pubkey.gpg" --export "${gpg_key}" } _make_version() { -- GitLab From 2994d096aa9fed065490f9be9ba2cdcac1fbafd3 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sat, 30 Jul 2022 15:22:44 +0200 Subject: [PATCH 302/347] add gpg home option --- archiso/mkarchiso | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index d8bf7c7e..690e4ccb 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -551,8 +551,10 @@ _mksignature() { _msg_info "Signing $(basename "${_file}")..." # always use the .sig file extension, as that is what # mkinitcpio-archiso's hooks expect + _msg_info "GPG home: ${gpg_home}" GNUPGHOME="${gpg_home}" gpg --batch --no-armor --no-include-key-block \ --output "${_file}.sig" --detach-sign \ + --config "${gpg_home}" --default-key "${gpg_key}" "${gpg_options[@]}" "${_file}" fi _msg_info "Done!" @@ -2266,7 +2268,7 @@ _set_overrides() { _export_gpg_publickey() { rm -f -- "${work_dir}/pubkey.gpg" - GNUPGHOME="${gpg_home}" gpg --batch --no-armor --output "${work_dir}/pubkey.gpg" --export "${gpg_key}" + GNUPGHOME="${gpg_home}" gpg --homedir "${gpg_home}" --batch --no-armor --output "${work_dir}/pubkey.gpg" --export "${gpg_key}" } _make_version() { -- GitLab From 6be6bb5a9202db15bb1d66fc4d972d567705e38d Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sat, 30 Jul 2022 15:23:43 +0200 Subject: [PATCH 303/347] add gpg home option --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 690e4ccb..ca577329 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -554,7 +554,7 @@ _mksignature() { _msg_info "GPG home: ${gpg_home}" GNUPGHOME="${gpg_home}" gpg --batch --no-armor --no-include-key-block \ --output "${_file}.sig" --detach-sign \ - --config "${gpg_home}" + --config "${gpg_home}" \ --default-key "${gpg_key}" "${gpg_options[@]}" "${_file}" fi _msg_info "Done!" -- GitLab From c9e8e00105ce86b43ca2d4439588a742ed55f5d5 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sat, 30 Jul 2022 16:06:07 +0200 Subject: [PATCH 304/347] add gpg home option --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index ca577329..99471ad9 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -554,7 +554,7 @@ _mksignature() { _msg_info "GPG home: ${gpg_home}" GNUPGHOME="${gpg_home}" gpg --batch --no-armor --no-include-key-block \ --output "${_file}.sig" --detach-sign \ - --config "${gpg_home}" \ + --homedir "${gpg_home}" \ --default-key "${gpg_key}" "${gpg_options[@]}" "${_file}" fi _msg_info "Done!" -- GitLab From 187f10a4d68405df8147ef67578776b7d6b366dc Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sat, 30 Jul 2022 16:13:29 +0200 Subject: [PATCH 305/347] fix install dir --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 99471ad9..439c0e36 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1458,7 +1458,7 @@ _prepare_airootfs_image() { _mksignature "${_airootfs}" if [[ " ${buildmodes[*]} " =~ ' keys ' ]]; then keys_isofs_dir="${work_dir}/keys_iso" - install -Dm711 "${keys_isofs_dir}" + install -d -m711 "${keys_isofs_dir}" cp "${_airootfs}.sig" "${work_dir}" fi fi -- GitLab From d39ebc14c575134ca60f09bab21ca19197abb602 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sat, 30 Jul 2022 16:37:52 +0200 Subject: [PATCH 306/347] add gpg signing support --- archiso/mkarchiso | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 439c0e36..1c0aec6c 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -1446,7 +1446,7 @@ _validate_requirements_bootmode_uefi-x64.grub.eltorito() { # Build airootfs filesystem image _prepare_airootfs_image() { - local _airootfs airootfs_size pacstrap_size + local _airootfs _sig_dir airootfs_size pacstrap_size _airootfs="${airootfs_img_dir}/airootfs.$(_get_fs_ext "airootfs")" pacstrap_size=$(du -s "${pacstrap_dir}" | cut -f 1) @@ -1458,8 +1458,9 @@ _prepare_airootfs_image() { _mksignature "${_airootfs}" if [[ " ${buildmodes[*]} " =~ ' keys ' ]]; then keys_isofs_dir="${work_dir}/keys_iso" - install -d -m711 "${keys_isofs_dir}" - cp "${_airootfs}.sig" "${work_dir}" + _sig_dir="${keys_isofs_dir}/${install_dir}/${arch}" + install -d -m711 "${_sig_dir}" + cp "${_airootfs}.sig" "${_sig_dir}" fi fi } @@ -2326,14 +2327,15 @@ _make_pkglist() { # build the base for an ISO and/or a netboot target _build_keys_base() { local run_once_mode="base" - local _airootfs + local _airootfs _sig_dir _airootfs="${work_dir}/iso/${install_dir}/${arch}/airootfs.$(_get_fs_ext "airootfs")" + _sig_dir="${keys_isofs_dir}/${install_dir}/${arch}" [[ -d "${keys_dir}" ]] || install -d -- "${keys_dir}" [[ -d "${keys_isofs_dir}" ]] || install -d -- "${keys_isofs_dir}" cp "${encryption_key}" "${keys_dir}/airootfs.key" - cp "${_airootfs}.sig" "${keys_isofs_dir}" + cp "${_airootfs}.sig" "${_sig_dir}" _run_once _make_boot_on_keys _make_bootmodes_keys -- GitLab From 1136e0da59820c1fdbd41ffbb539ed3c29774fea Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Sat, 30 Jul 2022 19:27:20 +0200 Subject: [PATCH 307/347] fix signature check --- archiso/mkarchiso | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 1c0aec6c..1bc7d83d 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -796,17 +796,20 @@ _get_crypto_params() { _keys_epoch=$((SOURCE_DATE_EPOCH + 42 * 69)) TZ=UTC printf -v _keys_uuid '%(%F-%H-%M-%S-00)T' "${_keys_epoch}" TZ=UTC printf -v _archiso_uuid '%(%F-%H-%M-%S-00)T' "${SOURCE_DATE_EPOCH}" + _cparams=() if [[ "${airootfs_image_type}" == *luks ]]; then - _cparams=("root=/dev/mapper/root" - "cryptdevice=UUID=${_archiso_uuid},${_airootfs_path}:root:readonly") - if [ "${encryption_key}" != "" ]; then - _cparams+=("cryptkey=UUID=${_keys_uuid}:iso9660,${_keys_fs_type}:${_keys_path},airootfs.key" - "sigdevice=UUID=${_keys_uuid}:iso9660:${_airootfs_path}.sig") - fi - echo "${_cparams[@]}" - else - echo "" + _cparams+=("root=/dev/mapper/root" + "cryptdevice=UUID=${_archiso_uuid},${_airootfs_path}:root:readonly") + if [ "${encryption_key}" != "" ]; then + _cparams+=("cryptkey=UUID=${_keys_uuid}:iso9660,${_keys_fs_type}:${_keys_path},airootfs.key" + "sigdevice=UUID=${_keys_uuid}:iso9660:${_airootfs_path}.sig") + fi + + if [[ " ${buildmodes[*]} " =~ ' keys ' ]]; then + _cparams+=("verify=y") + fi fi + echo "${_cparams[@]}" } # Prepare syslinux for booting from MBR (isohybrid) -- GitLab From 4183415a5bedd5e9846685d07eaf9bf59b75e20b Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 1 Aug 2022 08:35:21 +0000 Subject: [PATCH 308/347] move kernel and initramfs in any case --- archiso/mkarchiso | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 1bc7d83d..0120eea1 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -171,11 +171,10 @@ _cleanup_pacstrap_dir() { _msg_info "Cleaning up in pacstrap location..." # Move kernel, initramfs and microcodes for later usage - if [[ " ${buildmodes[*]} " =~ ' keys ' ]]; then - install -d -m 0755 "${work_dir}/boot" - for _query in "${_images[@]}"; do - find "${_boot}" -iname "${_query}" -exec cp "${_cp_opts[@]}" -- {} "${work_dir}/boot" \; - done + install -d -m 0755 "${work_dir}/boot" + for _query in "${_images[@]}"; do + find "${_boot}" -iname "${_query}" -exec cp "${_cp_opts[@]}" -- {} "${work_dir}/boot" \; + done fi [[ -d "${_boot}" ]] && find "${_boot}" -maxdepth 1 -type f -delete # Delete pacman database sync cache files (*.tar.gz) @@ -896,7 +895,7 @@ _make_boot_on_fat() { local ucode_image all_ucode_images=() local _file _images _src _msg_info "Preparing kernel and initramfs for the FAT file system..." - _images=("initramfs*img" "vmlinuz-*") + _images=("initramfs*.img" "vmlinuz-*") mmd -i "${efibootimg}" \ "::/${install_dir}" "::/${install_dir}/boot" "::/${install_dir}/boot/${arch}" for _query in "${_images[@]}"; do -- GitLab From fffc8ab7a9c241d57b8d56ab02605de9d55349dc Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 1 Aug 2022 08:36:48 +0000 Subject: [PATCH 309/347] move kernel and initramfs in any case --- archiso/mkarchiso | 1 - 1 file changed, 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 0120eea1..8fb7b684 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -175,7 +175,6 @@ _cleanup_pacstrap_dir() { for _query in "${_images[@]}"; do find "${_boot}" -iname "${_query}" -exec cp "${_cp_opts[@]}" -- {} "${work_dir}/boot" \; done - fi [[ -d "${_boot}" ]] && find "${_boot}" -maxdepth 1 -type f -delete # Delete pacman database sync cache files (*.tar.gz) [[ -d "${_pacman_db}" ]] && find "${_pacman_db}" -maxdepth 1 -type f -delete -- GitLab From 3de1300796438bd54dee968bccc2ab038c118783 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 1 Aug 2022 09:03:19 +0000 Subject: [PATCH 310/347] fixes install script spills color --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 8fb7b684..b6620f1d 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -173,7 +173,7 @@ _cleanup_pacstrap_dir() { # Move kernel, initramfs and microcodes for later usage install -d -m 0755 "${work_dir}/boot" for _query in "${_images[@]}"; do - find "${_boot}" -iname "${_query}" -exec cp "${_cp_opts[@]}" -- {} "${work_dir}/boot" \; + find "${_boot}" -iname "${_query}" -exec cp "${_cp_opts[@]}" {} "${work_dir}/boot" \; done [[ -d "${_boot}" ]] && find "${_boot}" -maxdepth 1 -type f -delete # Delete pacman database sync cache files (*.tar.gz) -- GitLab From 0b59e646241057f079e6e58f5935a27136249888 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 1 Aug 2022 09:08:52 +0000 Subject: [PATCH 311/347] fix initramfs generation --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index b6620f1d..30ff541c 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -159,7 +159,7 @@ _show_config() { # Cleanup airootfs _cleanup_pacstrap_dir() { - local _images=("initramfs*img" "vmlinuz-*" "${ucodes[@]}") + local _images=("initramfs*" "vmlinuz-*" "${ucodes[@]}") local _root="${pacstrap_dir}" local _boot="${_root}/boot" local _log="${pacstrap_dir}/var/log" -- GitLab From cb5484de58925dcc70802bfdc209813dbbdab60b Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 1 Aug 2022 09:16:45 +0000 Subject: [PATCH 312/347] fix initramfs generation --- archiso/mkarchiso | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 30ff541c..f3da6fca 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -159,7 +159,7 @@ _show_config() { # Cleanup airootfs _cleanup_pacstrap_dir() { - local _images=("initramfs*" "vmlinuz-*" "${ucodes[@]}") + local _images=("initramfs-*.img" "vmlinuz-*" "${ucodes[@]}") local _root="${pacstrap_dir}" local _boot="${_root}/boot" local _log="${pacstrap_dir}/var/log" @@ -764,7 +764,7 @@ _make_boot_on_iso() { local kernel_dir="${bootable_dir}/${install_dir}/boot/${arch}" local licenses_src="${pacstrap_dir}/usr/share/licenses" local licenses_dest="${boot_dir}/licenses" - local images=("initramfs*img" "vmlinuz-*") + local images=("initramfs-*.img" "vmlinuz-*") _msg_info "Preparing kernel and initramfs for the ISO 9660 file system in ${bootable_dir}..." install -d -m 0755 -- "${kernel_dir}" -- GitLab From 454967bccfd71c6c7aa0abfdc7a20cea786d8aad Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 1 Aug 2022 09:44:02 +0000 Subject: [PATCH 313/347] fix initramfs generation --- archiso/mkarchiso | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index f3da6fca..96c8a766 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -159,7 +159,7 @@ _show_config() { # Cleanup airootfs _cleanup_pacstrap_dir() { - local _images=("initramfs-*.img" "vmlinuz-*" "${ucodes[@]}") + local _images=("initramfs-*img" "vmlinuz-*" "${ucodes[@]}") local _root="${pacstrap_dir}" local _boot="${_root}/boot" local _log="${pacstrap_dir}/var/log" @@ -894,7 +894,7 @@ _make_boot_on_fat() { local ucode_image all_ucode_images=() local _file _images _src _msg_info "Preparing kernel and initramfs for the FAT file system..." - _images=("initramfs*.img" "vmlinuz-*") + _images=("initramfs*img" "vmlinuz-*") mmd -i "${efibootimg}" \ "::/${install_dir}" "::/${install_dir}/boot" "::/${install_dir}/boot/${arch}" for _query in "${_images[@]}"; do -- GitLab From f2a764753555213b645cc0ab483b8f8523cb2c46 Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Mon, 1 Aug 2022 15:35:09 +0000 Subject: [PATCH 314/347] seems it can't be a bind mount --- archiso/mkarchiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 96c8a766..69fc66f2 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -120,7 +120,7 @@ usage: ${app_name} [options] -p [package ..] Package(s) to install. Multiple packages are provided as quoted, space delimited list. -v Enable verbose output - -w Set the working directory + -w Set the working directory (can't be a bind mount). Default: '${work_dir}' profile_dir: Directory of the archiso profile to build -- GitLab From 2f0f76830b4ce80f0cdc09cee4ab2157f6820f6f Mon Sep 17 00:00:00 2001 From: Pellegrino Prevete Date: Wed, 10 Aug 2022 13:21:10 +0000 Subject: [PATCH 315/347] keys buildmode is now dongle buildmode and encryption isn't needed to build a dongle --- archiso/mkarchiso | 298 +++++++++++++++++++++++----------------------- 1 file changed, 149 insertions(+), 149 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 69fc66f2..b6c55dbc 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -44,9 +44,9 @@ xorriso_options=() xorrisofs_options=() keys_image_type="" keys_image_tool_options=() -keys_isofs_dir="" -keys_xorriso_options=() -keys_xorrisofs_options=() +dongle_isofs_dir="" +dongle_xorriso_options=() +dongle_xorrisofs_options=() cert_list=() sign_netboot_artifacts="" declare -A file_permissions=() @@ -362,26 +362,26 @@ _mkairootfs_common() { # Create an ext4 image containing the root file system and pack it inside a squashfs image. # Save the squashfs image on the ISO 9660 file system. _mkairootfs_ext4+squashfs() { -_mkairootfs_common -_run_mkext4 "${pacstrap_dir}" "$(_get_internal_size "${airootfs_size}")" "${SOURCE_DATE_EPOCH}" "airootfs" -_run_mksquashfs "${pacstrap_dir}.img" "${image_path}" -_msg_info "Done!" -rm -- "${pacstrap_dir}.img" + _mkairootfs_common + _run_mkext4 "${pacstrap_dir}" "$(_get_internal_size "${airootfs_size}")" "${SOURCE_DATE_EPOCH}" "airootfs" + _run_mksquashfs "${pacstrap_dir}.img" "${image_path}" + _msg_info "Done!" + rm -- "${pacstrap_dir}.img" } # Create an ext4 image containing the root file system and pack it inside a squashfs image. # Pack the squash image inside the LUKS image and save it on the ISO 9660 file system. _mkairootfs_ext4+squashfs+luks() { -_mkairootfs_common -_mkluks_common -_run_mkluks "${image_path}" "${airootfs_size}" \ - "${iso_label}" "${encryption_key}" "true" "${luks_uuid}" - _run_mkext4 "${pacstrap_dir}" "$(_get_internal_size "${airootfs_size}")" "${SOURCE_DATE_EPOCH}" "airootfs" - _run_mksquashfs "${pacstrap_dir}.img" "${image_device}" - sync - _close_luks_device "${image_device}" - _msg_info "Done!" - rm -- "${pacstrap_dir}.img" + _mkairootfs_common + _mkluks_common + _run_mkluks "${image_path}" "${airootfs_size}" \ + "${iso_label}" "${encryption_key}" "true" "${luks_uuid}" + _run_mkext4 "${pacstrap_dir}" "$(_get_internal_size "${airootfs_size}")" "${SOURCE_DATE_EPOCH}" "airootfs" + _run_mksquashfs "${pacstrap_dir}.img" "${image_device}" + sync + _close_luks_device "${image_device}" + _msg_info "Done!" + rm -- "${pacstrap_dir}.img" } # Create a squashfs image containing the root file system and saves it on the ISO 9660 file system. @@ -412,18 +412,18 @@ _mkairootfs_erofs() { # Create an EROFS image containing the root file system and saves it on the LUKS image. # Save the LUKS image on the ISO 9660 file system. _mkairootfs_erofs+luks() { -_mkairootfs_common -_mkluks_common -_run_mkluks "${image_path}" "${airootf