This project is mirrored from https://gitlab.archlinux.org/archlinux/archiso.git.
Pull mirroring updated .
- 24 Dec, 2022 3 commits
-
-
nl6720 authored
-
- 22 Dec, 2022 2 commits
-
-
Alexander Speshilov authored
-
Christian Hesse authored
This is a new value introduced in systemd v247. It makes sure a new machine-id is generated, but is handled as first boot as well. See "First Boot Semantics" in machine-id(5) for details.
-
- 17 Dec, 2022 1 commit
-
-
nl6720 authored
Now that xz 5.4 is out and erofs-utils is built with LZMA support, it is possible to compress the EROFS image with LZMA for higher compression. `mkfs.erofs` trows a few warnings about using experimental features, but they should not be an issue. Nothing changes for the releng profile, for now at least.
-
- 10 Dec, 2022 2 commits
-
-
nl6720 authored
Specify `cms_verify=y` in SYSLINUX/PXELINUX configuration to use OpenSSL CMS based method for verifying the root file system image against the code signing certificates in the initramfs. `checksum` and `verify` are removed since they essentially serve the same purpose and performing all the checks just needlessly delays boot. Additionally, the removal of `verify` allows to build the ISO without gpg, i.e. without using `mkarchiso`'s `-g` and `-G` options. Fixes #200
-
nl6720 authored
Look for the files in `*_validate_options` and error out early if they do not exist.
-
- 06 Dec, 2022 4 commits
-
-
nl6720 authored
mkarchiso: open the ARCHISO_GNUPG_FD, ARCHISO_TLS_FD and ARCHISO_TLSCA_FD file descriptors only for reading Nothing should ever be written to these files, so let's make sure it cannot happen.
-
nl6720 authored
The `bootstrap` build mode never calls `_export_gpg_publickey`, so even if the GPG key is passed with the `-g` option and thus the `gpg_key` variable is set, the `${work_dir}/pubkey.gpg` file will not exist. This has not caused any issue so far because the `ARCHISO_GNUPG_FD` file descriptor opens the file for both reading and writing, which means the file gets created if it does not exist. Assign the exported public key file name to a `gpg_publickey` variable in `_export_gpg_publickey` and check for it when the file is used. Since the exist status of the gpg command cannot be checked, look for the exported public key file instead.
-
nl6720 authored
The warning about SC2076 does not apply here.
-
- 03 Dec, 2022 1 commit
-
-
Jonathan Liu authored
Implements #203.
-
- 12 Nov, 2022 1 commit
-
-
nl6720 authored
This protects against the case where /proc/cmdline contains garbage triggering grep to think it is a binary. See e.g. https://bugs.archlinux.org/task/76468 for an example.
-
- 30 Oct, 2022 1 commit
-
-
nl6720 authored
-
- 25 Oct, 2022 1 commit
-
-
nl6720 authored
The archiso_kms hook was moved from mkinitcpio-archiso to the mkinitcpio project. See https://github.com/archlinux/mkinitcpio/commit/7bfe4861eacb3bf6cb70d9a17a0262542733a8ed and https://gitlab.archlinux.org/mkinitcpio/mkinitcpio-archiso/-/commit/dec17db5324285118e2faee296cc990ff1281bd8
-
- 22 Oct, 2022 1 commit
-
-
nl6720 authored
The default is now copytoram=auto which enables copying to RAM when the rootfs image size is less than 4 GiB and free RAM exceeds the rootfs image size + 2 GiB. See https://gitlab.archlinux.org/mkinitcpio/mkinitcpio-archiso/-/issues/13 and https://gitlab.archlinux.org/mkinitcpio/mkinitcpio-archiso/-/merge_requests/26. Implements #177.
-
- 13 Oct, 2022 1 commit
-
- 06 Oct, 2022 1 commit
-
- 25 Sep, 2022 6 commits
-
-
David Runge authored
CHANGELOG.rst: Add changelog for version 67.
-
David Runge authored
README.rst: Change referenced PGP key ID from `C7E7849466FE2358343588377258734B41C31549` to `991F6E3F0765CF6295888586139B09DA5BF0D338`, as the latter is now in used. The keys are cross-signed and both available via Arch Linux's WKD.
-
(gitlab ci) Added a CA structure to the codesigning certificates. This to test the functionality of optional CA being in the signing message. (mkarchiso) Removed the ``sign_netboot_artifacts`` variable and instead we'll now rely on ``if [[ -v cert_list ]]; then``. Added ``ARCHISO_TLS_FD`` and ``ARCHISO_TLSCA_FD`` environment variables to override the certificates used. This is so that third party CA's can be used during building in a meaningful way without distrupting the CA trust that is shipped by default. _cms_sign_artifact() was added which signs the rootfs using OpenSSL CMS. The files will be saved as "${artifact}.cms.sig". That would be for instance "${isofs_dir}/${install_dir}/${arch}/airootfs.sfs.cms.sig".
-
David Runge authored
CHANGELOG.rst: Add changelog entry for ordering pacman-init after time-sync.target
-
David Runge authored
configs/releng/airootfs/etc/systemd/system/pacman-init.service: Order pacman-init.service after time-sync.target, so that time on the host is synchronized before initializing pacman.
-
David Runge authored
configs/releng/airootfs/etc/systemd/system/{dbus-org.freedesktop.timesync1},sysinit.target.wants/systemd-timesyncd}.service: Enable systemd-timesyncd which aliases to dbus-org.freedesktop.timesync1 to ensure time gets synced on the host. configs/releng/airootfs/etc/systemd/system/sysinit.target.wants/systemd-time-wait-sync.service: Enable systemd-time-wait-sync to ensure time is finished syncing when time-sync.target is finished.
-
- 22 Sep, 2022 2 commits
-
-
nl6720 authored
By Tobias Powalowski * origin/merge-requests/286: remove ipw2100-fw and ipw2200-fw, cleanup of [core] https://lists.archlinux.org/archives/list/arch-dev-public@lists.archlinux.org/thread/UKXPJEJZPU5PFKAPSATNL2DSWFGNEUCK/ See merge request !286
-
Tobias Powalowski authored
-
- 01 Sep, 2022 1 commit
-
-
nl6720 authored
archlinux-keyring-wkd-sync.service needs an initialized pacman keyring to work. Add BindsTo=etc-pacman.d-gnupg.mount to stop pacman-init.service if the mount unit suddenly enters inactive state.
-
- 28 Aug, 2022 2 commits
-
-
nl6720 authored
-
nl6720 authored
By Christian Hesse * origin/merge-requests/281: mkarchiso: touch clock-epoch for extra hint on date and time See merge request !281 While it feels dirty to place files in /usr/lib/, since it is the package manager's teritory, the path is unfortunately hardcoded. https://github.com/systemd/systemd/commit/5170afbc55d492f270c8948579324910c8c0b838
-
- 26 Aug, 2022 1 commit
-
-
Christian Hesse authored
This helps on systems with screwed or broken RTC.
-
- 22 Aug, 2022 1 commit
-
- 21 Aug, 2022 1 commit
-
-
Kristian Klausen authored
Building inside a TCG accelerated qemu VM is slow and painful, but it is the only option when running in a non-privileged container. arch-boxes has been built inside a KVM accelerated VMs ("VM runner") for over 11 months[2] and recently the MR[1] was merged into the infrastructure repo. With it now being a official part of arch's infrastructure we should switch to it and get much faster builds. Doing some quick testing, the whole pipeline is now roughly ~29-84 minutes faster (taking between 7-9 minutes, instead of 36-93 minutes). [1] infrastructure!385 [2] arch-boxes@3bda5b26 Fix #161
-
- 19 Aug, 2022 1 commit
-
-
nl6720 authored
--disable-shim-lock is required to support Secure Boot with custom signatures without using shim. Otherwise GRUB will trow an error when trying to boot a kernel: error: shim_lock protocol not found. error: you need to load the kernel first. The modules GRUB will use need to be preloaded otherwise the EFI binaries cannot be signed and used for Secure Boot. See https://bugs.archlinux.org/task/71382. GRUB will trow en error: error: verification requested but nobody cares These changes are done to support Secure Boot using custom keys (not shim) by simply extracting the boot loader (BOOTx64.EFI and BOOTIA32.EFI), kernel, UEFI shell, signing them and then repacking the ISO. For example. Extract the files: $ osirrox -indev archlinux-YYYY.MM.DD-x86_64.iso \ -extract_boot_images ./ \ -extract /EFI/BOOT/BOOTx64.EFI BOOTx64.EFI \ -extract /EFI/BOOT/BOOTIA32.EFI BOOTIA32.EFI \ -extract /shellx64.efi shellx64.efi \ -extract /shellia32.efi shellia32.efi \ -extract /arch/boot/x86_64/vmlinuz-linux vmlinuz-linux Make the files writable: $ chmod +w BOOTx64.EFI BOOTIA32.EFI shellx64.efi shellia32.efi vmlinuz-linux Sign the files: $ sbsign --key db.key --cert db.crt --output BOOTx64.EFI BOOTx64.EFI $ sbsign --key db.key --cert db.crt --output BOOTIA32.EFI BOOTIA32.EFI $ sbsign --key db.key --cert db.crt --output shellx64.efi shellx64.efi $ sbsign --key db.key --cert db.crt --output shellia32.efi shellia32.efi $ sbsign --key db.key --cert db.crt --output vmlinuz-linux vmlinuz-linux Copy the boot loader and UEFI shell to the EFI system partition image: $ mcopy -D oO -i eltorito_img2_uefi.img BOOTx64.EFI BOOTIA32.EFI ::/EFI/BOOT/ $ mcopy -D oO -i eltorito_img2_uefi.img shellx64.efi shellia32.efi ::/ Repack the ISO using the modified El Torito UEFI boot image and add the signed boot loader files, UEFI shell and kernel to ISO9660: $ xorriso -indev archlinux-YYYY.MM.DD-x86_64.iso \ -outdev archlinux-YYYY.MM.DD-x86_64-Secure_Boot.iso \ -boot_image any replay \ -append_partition 2 0xef eltorito_img2_uefi.img \ -map BOOTx64.EFI /EFI/BOOT/BOOTx64.EFI \ -map BOOTIA32.EFI /EFI/BOOT/BOOTIA32.EFI \ -map shellx64.efi /shellx64.efi \ -map shellia32.efi /shellia32.efi \ -map vmlinuz-linux /arch/boot/x86_64/vmlinuz-linux Boot the resulting archlinux-YYYY.MM.DD-x86_64-Secure_Boot.iso.
-
- 17 Aug, 2022 1 commit
-
-
nl6720 authored
Do not limit file copying to only grub.cfg and instead copy all GRUB configuration files and assets to both the ISO9660 and FAT image. This will allow for including custom images, fonts, etc. To easily match all non-configuration files (i.e. files without the .cfg extension), bash's extended glob feature will be enabled. Actions common to multiple _make_bootmode_uefi-*.grub are split off into dedicated functions: * _make_common_bootmode_grub_copy_to_efibootimg, * _make_common_bootmode_grub_copy_to_isofs, * _make_common_bootmode_grub_cfg. Use the same du command in all efiboot_imgsize variable assignments. Fixes #185.
-
- 07 Aug, 2022 1 commit
-
-
nl6720 authored
LC_ALL=C.UTF-8, unlike LC_ALL=C, does not override LANGUAGE. See https://sourceware.org/bugzilla/show_bug.cgi?id=16621 and https://savannah.gnu.org/bugs/?62815
-
- 17 Jul, 2022 1 commit
-
- 16 Jul, 2022 1 commit
-
-
Tallero Tallero authored
Update authors Update CHANGELOG
-
- 30 Jun, 2022 1 commit
-
-
nl6720 authored
-
- 26 Jun, 2022 1 commit
-