diff options
author | David P <megver83@parabola.nu> | 2020-08-01 16:14:19 -0400 |
---|---|---|
committer | David P <megver83@parabola.nu> | 2020-08-01 16:48:57 -0400 |
commit | 1de1ff1a297fc9cef517be263be4f873a1d01d65 (patch) | |
tree | cd21a4ec17e38f924563fb3142b810e4a3975b6c /configs/releng/airootfs | |
parent | f013f2bc1b1b512c4a44a2046ccb1a2d76a489eb (diff) |
sync releng with archiso v46
and fix baseline mkinitcpio.conf hooks
Signed-off-by: David P <megver83@parabola.nu>
Diffstat (limited to 'configs/releng/airootfs')
25 files changed, 254 insertions, 34 deletions
diff --git a/configs/releng/airootfs/etc/hostname b/configs/releng/airootfs/etc/hostname index 8aaf41b..5178d59 100644 --- a/configs/releng/airootfs/etc/hostname +++ b/configs/releng/airootfs/etc/hostname @@ -1 +1,3 @@ +# +# SPDX-License-Identifier: GPL-3.0-or-later parabolaiso diff --git a/configs/releng/airootfs/etc/locale.conf b/configs/releng/airootfs/etc/locale.conf index 01ec548..9bf7aef 100644 --- a/configs/releng/airootfs/etc/locale.conf +++ b/configs/releng/airootfs/etc/locale.conf @@ -1 +1,4 @@ +# +# SPDX-License-Identifier: GPL-3.0-or-later + LANG=en_US.UTF-8 diff --git a/configs/releng/airootfs/etc/mkinitcpio.conf b/configs/releng/airootfs/etc/mkinitcpio.conf new file mode 100644 index 0000000..aa45b33 --- /dev/null +++ b/configs/releng/airootfs/etc/mkinitcpio.conf @@ -0,0 +1,69 @@ +# +# SPDX-License-Identifier: GPL-3.0-or-later + +# vim:set ft=sh +# MODULES +# The following modules are loaded before any boot hooks are +# run. Advanced users may wish to specify all system modules +# in this array. For instance: +# MODULES=(piix ide_disk reiserfs) +MODULES=() + +# BINARIES +# This setting includes any additional binaries a given user may +# wish into the CPIO image. This is run last, so it may be used to +# override the actual binaries included by a given hook +# BINARIES are dependency parsed, so you may safely ignore libraries +BINARIES=() + +# FILES +# This setting is similar to BINARIES above, however, files are added +# as-is and are not parsed in any way. This is useful for config files. +FILES=() + +# HOOKS +# This is the most important setting in this file. The HOOKS control the +# modules and scripts added to the image, and what happens at boot time. +# Order is important, and it is recommended that you do not change the +# order in which HOOKS are added. Run 'mkinitcpio -H <hook name>' for +# help on a given hook. +# 'base' is _required_ unless you know precisely what you are doing. +# 'udev' is _required_ in order to automatically load modules +# 'filesystems' is _required_ unless you specify your fs modules in MODULES +# Examples: +## This setup specifies all modules in the MODULES setting above. +## No raid, lvm2, or encrypted root is needed. +# HOOKS=(base) +# +## This setup will autodetect all modules for your system and should +## work as a sane default +# HOOKS=(base udev autodetect block filesystems) +# +## This setup will generate a 'full' image which supports most systems. +## No autodetection is done. +# HOOKS=(base udev block filesystems) +# +## This setup assembles a pata mdadm array with an encrypted root FS. +## Note: See 'mkinitcpio -H mdadm' for more information on raid devices. +# HOOKS=(base udev block mdadm encrypt filesystems) +# +## This setup loads an lvm2 volume group on a usb device. +# HOOKS=(base udev block lvm2 filesystems) +# +## NOTE: If you have /usr on a separate partition, you MUST include the +# usr, fsck and shutdown hooks. +HOOKS=(base udev memdisk parabolaiso_shutdown parabolaiso parabolaiso_loop_mnt parabolaiso_pxe_common parabolaiso_pxe_nbd parabolaiso_pxe_http parabolaiso_pxe_nfs parabolaiso_kms block filesystems keyboard) + +# COMPRESSION +# Use this to compress the initramfs image. By default, gzip compression +# is used. Use 'cat' to create an uncompressed image. +#COMPRESSION="gzip" +#COMPRESSION="bzip2" +#COMPRESSION="lzma" +COMPRESSION="xz" +#COMPRESSION="lzop" +#COMPRESSION="lz4" + +# COMPRESSION_OPTIONS +# Additional options for the compressor +#COMPRESSION_OPTIONS=() diff --git a/configs/releng/airootfs/etc/mkinitcpio.d/linux-libre.preset b/configs/releng/airootfs/etc/mkinitcpio.d/linux-libre.preset new file mode 100644 index 0000000..782d1cd --- /dev/null +++ b/configs/releng/airootfs/etc/mkinitcpio.d/linux-libre.preset @@ -0,0 +1,11 @@ +# +# SPDX-License-Identifier: GPL-3.0-or-later + +# mkinitcpio preset file for the 'linux-libre' package on parabolaiso + +PRESETS=('parabolaiso') + +ALL_kver='/boot/vmlinuz-linux-libre' +ALL_config='/etc/mkinitcpio.conf' + +parabolaiso_image="/boot/parabolaiso.img" diff --git a/configs/releng/airootfs/etc/motd b/configs/releng/airootfs/etc/motd index e4c893c..4c7a45d 100644 --- a/configs/releng/airootfs/etc/motd +++ b/configs/releng/airootfs/etc/motd @@ -1,14 +1,9 @@ +To install [35mParabola GNU/Linux-libre[0m follow the installation guide: +https://wiki.parabola.nu/Installation_Guide -[01;34m=============================================================================== +For Wi-Fi, authenticate to the wireless network using the [35miwctl[0m utility. +Ethernet and Wi-Fi connections using DHCP should work automatically. - [35mParabola GNU/Linux-libre live media _DATE_[00;37m +After connecting to the internet, the installation guide can be accessed +via the convenience script [35mInstallation_guide[0m. - To install Parabola, the system must be connected to the internet. - For instructions, enter this command: - [01;37mless install.txt[00;37m - - Press the function keys while holding Alt to switch virtual terminals. - This allows entering commands without closing less. - -[01;34m=============================================================================== -[00;37m diff --git a/configs/releng/airootfs/etc/pam.d/su b/configs/releng/airootfs/etc/pam.d/su deleted file mode 100644 index a291042..0000000 --- a/configs/releng/airootfs/etc/pam.d/su +++ /dev/null @@ -1,6 +0,0 @@ -#%PAM-1.0 -auth sufficient pam_rootok.so -auth sufficient pam_wheel.so trust use_uid -auth required pam_unix.so -account required pam_unix.so -session required pam_unix.so diff --git a/configs/releng/airootfs/etc/passwd b/configs/releng/airootfs/etc/passwd new file mode 100644 index 0000000..2807d5d --- /dev/null +++ b/configs/releng/airootfs/etc/passwd @@ -0,0 +1 @@ +root:x:0:0:root:/root:/usr/bin/zsh diff --git a/configs/releng/airootfs/etc/shadow b/configs/releng/airootfs/etc/shadow new file mode 100644 index 0000000..7edfd69 --- /dev/null +++ b/configs/releng/airootfs/etc/shadow @@ -0,0 +1 @@ +root::14871:::::: diff --git a/configs/releng/airootfs/etc/ssh/sshd_config b/configs/releng/airootfs/etc/ssh/sshd_config new file mode 100644 index 0000000..8ef1758 --- /dev/null +++ b/configs/releng/airootfs/etc/ssh/sshd_config @@ -0,0 +1,116 @@ +# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/bin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options override the +# default value. + +#Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key +#HostKey /etc/ssh/ssh_host_ed25519_key + +# Ciphers and keying +#RekeyLimit default none + +# Logging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +PermitRootLogin yes +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#PubkeyAuthentication yes + +# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 +# but this is overridden so installations will only check .ssh/authorized_keys +AuthorizedKeysFile .ssh/authorized_keys + +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +#PermitEmptyPasswords no + +# Change to no to disable s/key passwords +ChallengeResponseAuthentication no + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +UsePAM yes + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +#X11Forwarding no +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PermitTTY yes +PrintMotd no # pam does that +#PrintLastLog yes +#TCPKeepAlive yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS no +#PidFile /run/sshd.pid +#MaxStartups 10:30:100 +#PermitTunnel no +#ChrootDirectory none +#VersionAddendum none + +# no default banner path +#Banner none + +# override default of no subsystems +Subsystem sftp /usr/lib/ssh/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# PermitTTY no +# ForceCommand cvs server diff --git a/configs/releng/airootfs/etc/systemd/journald.conf.d/volatile-storage.conf b/configs/releng/airootfs/etc/systemd/journald.conf.d/volatile-storage.conf index b69850d..3104779 100644 --- a/configs/releng/airootfs/etc/systemd/journald.conf.d/volatile-storage.conf +++ b/configs/releng/airootfs/etc/systemd/journald.conf.d/volatile-storage.conf @@ -1,2 +1,5 @@ +# +# SPDX-License-Identifier: GPL-3.0-or-later + [Journal] Storage=volatile diff --git a/configs/releng/airootfs/etc/systemd/logind.conf.d/do-not-suspend.conf b/configs/releng/airootfs/etc/systemd/logind.conf.d/do-not-suspend.conf index f3ecb39..c6b17a4 100644 --- a/configs/releng/airootfs/etc/systemd/logind.conf.d/do-not-suspend.conf +++ b/configs/releng/airootfs/etc/systemd/logind.conf.d/do-not-suspend.conf @@ -1,3 +1,6 @@ +# +# SPDX-License-Identifier: GPL-3.0-or-later + [Login] HandleSuspendKey=ignore HandleHibernateKey=ignore diff --git a/configs/releng/airootfs/etc/systemd/network/20-ethernet.network b/configs/releng/airootfs/etc/systemd/network/20-ethernet.network index 37878b0..efa309c 100644 --- a/configs/releng/airootfs/etc/systemd/network/20-ethernet.network +++ b/configs/releng/airootfs/etc/systemd/network/20-ethernet.network @@ -1,3 +1,6 @@ +# +# SPDX-License-Identifier: GPL-3.0-or-later + [Match] Name=en* Name=eth* diff --git a/configs/releng/airootfs/etc/systemd/network/20-wireless.network b/configs/releng/airootfs/etc/systemd/network/20-wireless.network index e1d624c..bf9ab9d 100644 --- a/configs/releng/airootfs/etc/systemd/network/20-wireless.network +++ b/configs/releng/airootfs/etc/systemd/network/20-wireless.network @@ -1,3 +1,6 @@ +# +# SPDX-License-Identifier: GPL-3.0-or-later + [Match] Name=wlp* Name=wlan* diff --git a/configs/releng/airootfs/etc/systemd/system/choose-mirror.service b/configs/releng/airootfs/etc/systemd/system/choose-mirror.service index b6a3562..b3e4847 100644 --- a/configs/releng/airootfs/etc/systemd/system/choose-mirror.service +++ b/configs/releng/airootfs/etc/systemd/system/choose-mirror.service @@ -1,3 +1,6 @@ +# +# SPDX-License-Identifier: GPL-3.0-or-later + [Unit] Description=Choose mirror from the kernel command line ConditionKernelCommandLine=mirror diff --git a/configs/releng/airootfs/etc/systemd/system/default.target b/configs/releng/airootfs/etc/systemd/system/default.target deleted file mode 120000 index d321622..0000000 --- a/configs/releng/airootfs/etc/systemd/system/default.target +++ /dev/null @@ -1 +0,0 @@ -/usr/lib/systemd/system/multi-user.target
\ No newline at end of file diff --git a/configs/releng/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount b/configs/releng/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount index 4eab551..f86a91d 100644 --- a/configs/releng/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount +++ b/configs/releng/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount @@ -1,3 +1,6 @@ +# +# SPDX-License-Identifier: GPL-3.0-or-later + [Unit] Description=Temporary /etc/pacman.d/gnupg directory diff --git a/configs/releng/airootfs/etc/systemd/system/getty@tty1.service.d/autologin.conf b/configs/releng/airootfs/etc/systemd/system/getty@tty1.service.d/autologin.conf index d1d8474..370735f 100644 --- a/configs/releng/airootfs/etc/systemd/system/getty@tty1.service.d/autologin.conf +++ b/configs/releng/airootfs/etc/systemd/system/getty@tty1.service.d/autologin.conf @@ -1,3 +1,6 @@ +# +# SPDX-License-Identifier: GPL-3.0-or-later + [Service] ExecStart= ExecStart=-/sbin/agetty --autologin root --noclear %I 38400 linux diff --git a/configs/releng/airootfs/etc/systemd/system/pacman-init.service b/configs/releng/airootfs/etc/systemd/system/pacman-init.service index 3414ebc..e2511a9 100644 --- a/configs/releng/airootfs/etc/systemd/system/pacman-init.service +++ b/configs/releng/airootfs/etc/systemd/system/pacman-init.service @@ -1,3 +1,6 @@ +# +# SPDX-License-Identifier: GPL-3.0-or-later + [Unit] Description=Initializes Pacman keyring Wants=haveged.service diff --git a/configs/releng/airootfs/etc/systemd/system/reflector.service b/configs/releng/airootfs/etc/systemd/system/reflector.service index dd37dd0..4058e36 100644 --- a/configs/releng/airootfs/etc/systemd/system/reflector.service +++ b/configs/releng/airootfs/etc/systemd/system/reflector.service @@ -1,3 +1,6 @@ +# +# SPDX-License-Identifier: GPL-3.0-or-later + [Unit] Description=pacman mirrorlist update Wants=network-online.target @@ -6,7 +9,7 @@ ConditionKernelCommandLine=!mirror [Service] Type=oneshot -ExecStart=/usr/bin/reflector --protocol https --age 1 --sort rate --save /etc/pacman.d/mirrorlist +ExecStart=/usr/bin/reflector --protocol https --latest 70 --sort rate --save /etc/pacman.d/mirrorlist Restart=on-failure RestartSec=10 CacheDirectory=reflector @@ -27,7 +30,6 @@ ProtectKernelLogs=true ProtectKernelModules=true ProtectSystem=strict ReadWritePaths=/etc/pacman.d/mirrorlist -ReadOnlyPaths=/etc/reflector/reflector.conf RemoveIPC=true RestrictAddressFamilies=~AF_AX25 AF_IPX AF_APPLETALK AF_X25 AF_DECnet AF_KEY AF_NETLINK AF_PACKET AF_RDS AF_PPPOX AF_LLC AF_IB AF_MPLS AF_CAN AF_TIPC AF_BLUETOOTH AF_ALG AF_VSOCK AF_KCM AF_UNIX AF_XDP RestrictNamespaces=true diff --git a/configs/releng/airootfs/etc/systemd/system/systemd-networkd-wait-online.service.d/wait-for-only-one-interface.conf b/configs/releng/airootfs/etc/systemd/system/systemd-networkd-wait-online.service.d/wait-for-only-one-interface.conf index c875311..1b4c091 100644 --- a/configs/releng/airootfs/etc/systemd/system/systemd-networkd-wait-online.service.d/wait-for-only-one-interface.conf +++ b/configs/releng/airootfs/etc/systemd/system/systemd-networkd-wait-online.service.d/wait-for-only-one-interface.conf @@ -1,3 +1,6 @@ +# +# SPDX-License-Identifier: GPL-3.0-or-later + [Service] ExecStart= ExecStart=/usr/lib/systemd/systemd-networkd-wait-online --any diff --git a/configs/releng/airootfs/root/.automated_script.sh b/configs/releng/airootfs/root/.automated_script.sh index 0159a8f..ed3a924 100755 --- a/configs/releng/airootfs/root/.automated_script.sh +++ b/configs/releng/airootfs/root/.automated_script.sh @@ -1,11 +1,11 @@ -#!/bin/bash +#!/usr/bin/env bash script_cmdline () { local param for param in $(< /proc/cmdline); do case "${param}" in - script=*) echo "${param##*=}" ; return 0 ;; + script=*) echo "${param#*=}" ; return 0 ;; esac done } diff --git a/configs/releng/airootfs/root/customize_airootfs.sh b/configs/releng/airootfs/root/customize_airootfs.sh index dd8cefa..c72644a 100755 --- a/configs/releng/airootfs/root/customize_airootfs.sh +++ b/configs/releng/airootfs/root/customize_airootfs.sh @@ -1,17 +1,12 @@ -#!/bin/bash +#!/usr/bin/env bash +# +# SPDX-License-Identifier: GPL-3.0-or-later set -e -u +echo 'Warning: customize_airootfs.sh is deprecated! Support for it will be removed in a future parabolaiso version.' + sed -i 's/#\(en_US\.UTF-8\)/\1/' /etc/locale.gen locale-gen -usermod -s /usr/bin/zsh root -cp -aT /etc/skel/ /root/ -chmod 700 /root -# unset the root password -passwd -d root - -sed -i 's/#\(PermitRootLogin \).\+/\1yes/' /etc/ssh/sshd_config sed -i "s/#Server/Server/g" /etc/pacman.d/mirrorlist - -sed -i "s/_DATE_/$(date +%Y.%m.%d)/" /etc/motd diff --git a/configs/releng/airootfs/root/install.txt b/configs/releng/airootfs/root/install.txt deleted file mode 100644 index a594b97..0000000 --- a/configs/releng/airootfs/root/install.txt +++ /dev/null @@ -1,2 +0,0 @@ -View this installation guide online at -https://wiki.parabola.nu/Installation_Guide diff --git a/configs/releng/airootfs/usr/local/bin/Installation_guide b/configs/releng/airootfs/usr/local/bin/Installation_guide new file mode 100755 index 0000000..876fbd2 --- /dev/null +++ b/configs/releng/airootfs/usr/local/bin/Installation_guide @@ -0,0 +1,5 @@ +#!/bin/sh +# +# SPDX-License-Identifier: GPL-3.0-or-later + +exec lynx 'https://wiki.parabola.nu/Installation_Guide' diff --git a/configs/releng/airootfs/usr/local/bin/choose-mirror b/configs/releng/airootfs/usr/local/bin/choose-mirror index 13c9f69..e8f8254 100755 --- a/configs/releng/airootfs/usr/local/bin/choose-mirror +++ b/configs/releng/airootfs/usr/local/bin/choose-mirror @@ -1,4 +1,6 @@ #!/bin/bash +# +# SPDX-License-Identifier: GPL-3.0-or-later get_cmdline() { local param |