[releng][baseline] sync with archiso and archiso32

Signed-off-by: David P <megver83@parabola.nu>
author: David P <megver83@parabola.nu> 2020-07-15 11:05:30 -0400
committer: David P <megver83@parabola.nu> 2020-07-15 11:05:30 -0400
commit: f2d5583a9428f576a09023032a3e3bae95690b9a (patch)
tree: 25a98b2aa34e32e52fa87f25961fdee396003fa8 /configs/releng/airootfs
parent: ff1afc970853f1e9aac03e3fec8a3e2730920651 (diff)
24 files changed, 89 insertions, 14 deletions
diff --git a/configs/releng/airootfs/etc/localtime b/configs/releng/airootfs/etc/localtime
new file mode 120000
index 0000000..0e35b57
--- /dev/null
+++ b/configs/releng/airootfs/etc/localtime
@@ -0,0 +1 @@
+/usr/share/zoneinfo/UTC
+\ No newline at end of file
diff --git a/configs/releng/airootfs/etc/resolv.conf b/configs/releng/airootfs/etc/resolv.conf
new file mode 120000
index 0000000..3639662
--- /dev/null
+++ b/configs/releng/airootfs/etc/resolv.conf
@@ -0,0 +1 @@
+/run/systemd/resolve/stub-resolv.conf
+\ No newline at end of file
diff --git a/configs/releng/airootfs/etc/systemd/journald.conf.d/volatile-storage.conf b/configs/releng/airootfs/etc/systemd/journald.conf.d/volatile-storage.conf
new file mode 100644
index 0000000..b69850d
--- /dev/null
+++ b/configs/releng/airootfs/etc/systemd/journald.conf.d/volatile-storage.conf
@@ -0,0 +1,2 @@
+[Journal]
+Storage=volatile
diff --git a/configs/releng/airootfs/etc/systemd/logind.conf.d/do-not-suspend.conf b/configs/releng/airootfs/etc/systemd/logind.conf.d/do-not-suspend.conf
new file mode 100644
index 0000000..f3ecb39
--- /dev/null
+++ b/configs/releng/airootfs/etc/systemd/logind.conf.d/do-not-suspend.conf
@@ -0,0 +1,4 @@
+[Login]
+HandleSuspendKey=ignore
+HandleHibernateKey=ignore
+HandleLidSwitch=ignore
diff --git a/configs/releng/airootfs/etc/systemd/network/20-ethernet.network b/configs/releng/airootfs/etc/systemd/network/20-ethernet.network
new file mode 100644
index 0000000..37878b0
--- /dev/null
+++ b/configs/releng/airootfs/etc/systemd/network/20-ethernet.network
@@ -0,0 +1,10 @@
+[Match]
+Name=en*
+Name=eth*
+
+[Network]
+DHCP=yes
+IPv6PrivacyExtensions=yes
+
+[DHCP]
+RouteMetric=512
diff --git a/configs/releng/airootfs/etc/systemd/network/20-wireless.network b/configs/releng/airootfs/etc/systemd/network/20-wireless.network
new file mode 100644
index 0000000..e1d624c
--- /dev/null
+++ b/configs/releng/airootfs/etc/systemd/network/20-wireless.network
@@ -0,0 +1,10 @@
+[Match]
+Name=wlp*
+Name=wlan*
+
+[Network]
+DHCP=yes
+IPv6PrivacyExtensions=yes
+
+[DHCP]
+RouteMetric=1024
diff --git a/configs/releng/airootfs/etc/systemd/system/choose-mirror.service b/configs/releng/airootfs/etc/systemd/system/choose-mirror.service
index 1e4d771..b6a3562 100644
--- a/configs/releng/airootfs/etc/systemd/system/choose-mirror.service
+++ b/configs/releng/airootfs/etc/systemd/system/choose-mirror.service
@@ -4,7 +4,7 @@ ConditionKernelCommandLine=mirror
 
 [Service]
 Type=oneshot
-ExecStart=/etc/systemd/scripts/choose-mirror
+ExecStart=/usr/local/bin/choose-mirror
 
 [Install]
 WantedBy=multi-user.target
diff --git a/configs/releng/airootfs/etc/systemd/system/dbus-org.freedesktop.network1.service b/configs/releng/airootfs/etc/systemd/system/dbus-org.freedesktop.network1.service
new file mode 120000
index 0000000..4c158e6
--- /dev/null
+++ b/configs/releng/airootfs/etc/systemd/system/dbus-org.freedesktop.network1.service
@@ -0,0 +1 @@
+/usr/lib/systemd/system/systemd-networkd.service
+\ No newline at end of file
diff --git a/configs/releng/airootfs/etc/systemd/system/dbus-org.freedesktop.resolve1.service b/configs/releng/airootfs/etc/systemd/system/dbus-org.freedesktop.resolve1.service
new file mode 120000
index 0000000..4f6ae34
--- /dev/null
+++ b/configs/releng/airootfs/etc/systemd/system/dbus-org.freedesktop.resolve1.service
@@ -0,0 +1 @@
+/usr/lib/systemd/system/systemd-resolved.service
+\ No newline at end of file
diff --git a/configs/releng/airootfs/etc/systemd/system/default.target b/configs/releng/airootfs/etc/systemd/system/default.target
new file mode 120000
index 0000000..d321622
--- /dev/null
+++ b/configs/releng/airootfs/etc/systemd/system/default.target
@@ -0,0 +1 @@
+/usr/lib/systemd/system/multi-user.target
+\ No newline at end of file
diff --git a/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/choose-mirror.service b/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/choose-mirror.service
new file mode 120000
index 0000000..2d8d256
--- /dev/null
+++ b/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/choose-mirror.service
@@ -0,0 +1 @@
+../choose-mirror.service
+\ No newline at end of file
diff --git a/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/iwd.service b/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/iwd.service
new file mode 120000
index 0000000..3625abd
--- /dev/null
+++ b/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/iwd.service
@@ -0,0 +1 @@
+/usr/lib/systemd/system/iwd.service
+\ No newline at end of file
diff --git a/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/pacman-init.service b/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/pacman-init.service
new file mode 120000
index 0000000..d09eec6
--- /dev/null
+++ b/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/pacman-init.service
@@ -0,0 +1 @@
+../pacman-init.service
+\ No newline at end of file
diff --git a/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/reflector.service b/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/reflector.service
new file mode 120000
index 0000000..f5071ce
--- /dev/null
+++ b/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/reflector.service
@@ -0,0 +1 @@
+../reflector.service
+\ No newline at end of file
diff --git a/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/systemd-networkd.service b/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/systemd-networkd.service
new file mode 120000
index 0000000..4c158e6
--- /dev/null
+++ b/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/systemd-networkd.service
@@ -0,0 +1 @@
+/usr/lib/systemd/system/systemd-networkd.service
+\ No newline at end of file
diff --git a/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/systemd-resolved.service b/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/systemd-resolved.service
new file mode 120000
index 0000000..4f6ae34
--- /dev/null
+++ b/configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/systemd-resolved.service
@@ -0,0 +1 @@
+/usr/lib/systemd/system/systemd-resolved.service
+\ No newline at end of file
diff --git a/configs/releng/airootfs/etc/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service b/configs/releng/airootfs/etc/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service
new file mode 120000
index 0000000..7d6ad92
--- /dev/null
+++ b/configs/releng/airootfs/etc/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service
@@ -0,0 +1 @@
+/usr/lib/systemd/system/systemd-networkd-wait-online.service
+\ No newline at end of file
diff --git a/configs/releng/airootfs/etc/systemd/system/reflector.service b/configs/releng/airootfs/etc/systemd/system/reflector.service
new file mode 100644
index 0000000..dd37dd0
--- /dev/null
+++ b/configs/releng/airootfs/etc/systemd/system/reflector.service
@@ -0,0 +1,42 @@
+[Unit]
+Description=pacman mirrorlist update
+Wants=network-online.target
+After=network-online.target nss-lookup.target
+ConditionKernelCommandLine=!mirror
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/reflector --protocol https --age 1 --sort rate --save /etc/pacman.d/mirrorlist
+Restart=on-failure
+RestartSec=10
+CacheDirectory=reflector
+CapabilityBoundingSet=~CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_CHOWN CAP_FSETID CAP_SETFCAP CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_FOWNER CAP_IPC_OWNER CAP_NET_ADMIN CAP_SYS_TIME CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE CAP_KILL CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYS_RESOURCE CAP_MAC_ADMIN CAP_MAC_OVERRIDE CAP_SYS_BOOT CAP_LINUX_IMMUTABLE CAP_IPC_LOCK CAP_SYS_CHROOT CAP_BLOCK_SUSPEND CAP_LEASE CAP_SYS_PACCT CAP_SYS_TTY_CONFIG CAP_WAKE_ALARM
+Environment=XDG_CACHE_HOME=/var/cache/reflector
+LockPersonality=true
+MemoryDenyWriteExecute=true
+NoNewPrivileges=true
+PrivateDevices=true
+PrivateTmp=true
+PrivateUsers=true
+ProtectClock=true
+ProtectControlGroups=true
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelLogs=true
+ProtectKernelModules=true
+ProtectSystem=strict
+ReadWritePaths=/etc/pacman.d/mirrorlist
+ReadOnlyPaths=/etc/reflector/reflector.conf
+RemoveIPC=true
+RestrictAddressFamilies=~AF_AX25 AF_IPX AF_APPLETALK AF_X25 AF_DECnet AF_KEY AF_NETLINK AF_PACKET AF_RDS AF_PPPOX AF_LLC AF_IB AF_MPLS AF_CAN AF_TIPC AF_BLUETOOTH AF_ALG AF_VSOCK AF_KCM AF_UNIX AF_XDP
+RestrictNamespaces=true
+RestrictRealtime=true
+RestrictSUIDSGID=true
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+SystemCallFilter=~@resources @privileged
+UMask=177
+
+[Install]
+WantedBy=multi-user.target
diff --git a/configs/releng/airootfs/etc/systemd/system/sockets.target.wants/systemd-networkd.socket b/configs/releng/airootfs/etc/systemd/system/sockets.target.wants/systemd-networkd.socket
new file mode 120000
index 0000000..51942c8
--- /dev/null
+++ b/configs/releng/airootfs/etc/systemd/system/sockets.target.wants/systemd-networkd.socket
@@ -0,0 +1 @@
+/usr/lib/systemd/system/systemd-networkd.socket
+\ No newline at end of file
diff --git a/configs/releng/airootfs/etc/systemd/system/systemd-networkd-wait-online.service.d/wait-for-only-one-interface.conf b/configs/releng/airootfs/etc/systemd/system/systemd-networkd-wait-online.service.d/wait-for-only-one-interface.conf
new file mode 100644
index 0000000..c875311
--- /dev/null
+++ b/configs/releng/airootfs/etc/systemd/system/systemd-networkd-wait-online.service.d/wait-for-only-one-interface.conf
@@ -0,0 +1,3 @@
+[Service]
+ExecStart=
+ExecStart=/usr/lib/systemd/systemd-networkd-wait-online --any
diff --git a/configs/releng/airootfs/etc/udev/rules.d/81-dhcpcd.rules b/configs/releng/airootfs/etc/udev/rules.d/81-dhcpcd.rules
deleted file mode 100644
index 970da69..0000000
--- a/configs/releng/airootfs/etc/udev/rules.d/81-dhcpcd.rules
+++ /dev/null
@@ -1 +0,0 @@
-ACTION=="add", SUBSYSTEM=="net", ENV{SYSTEMD_WANTS}="dhcpcd@$name.service"
diff --git a/configs/releng/airootfs/root/.automated_script.sh b/configs/releng/airootfs/root/.automated_script.sh
index fb106da..0159a8f 100755
--- a/configs/releng/airootfs/root/.automated_script.sh
+++ b/configs/releng/airootfs/root/.automated_script.sh
@@ -15,8 +15,8 @@ automated_script ()
     local script rt
     script="$(script_cmdline)"
     if [[ -n "${script}" && ! -x /tmp/startup_script ]]; then
-        if [[ "${script}" =~ ^http:// || "${script}" =~ ^ftp:// ]]; then
-            wget "${script}" --retry-connrefused -q -O /tmp/startup_script >/dev/null
+        if [[ "${script}" =~ ^((http|https|ftp)://) ]]; then
+            curl "${script}" --retry-connrefused -s -o /tmp/startup_script >/dev/null
             rt=$?
         else
             cp "${script}" /tmp/startup_script
diff --git a/configs/releng/airootfs/root/customize_airootfs.sh b/configs/releng/airootfs/root/customize_airootfs.sh
index 2ebaa3b..dd8cefa 100755
--- a/configs/releng/airootfs/root/customize_airootfs.sh
+++ b/configs/releng/airootfs/root/customize_airootfs.sh
@@ -5,21 +5,13 @@ set -e -u
 sed -i 's/#\(en_US\.UTF-8\)/\1/' /etc/locale.gen
 locale-gen
 
-ln -sf /usr/share/zoneinfo/UTC /etc/localtime
-
 usermod -s /usr/bin/zsh root
 cp -aT /etc/skel/ /root/
 chmod 700 /root
+# unset the root password
+passwd -d root
 
 sed -i 's/#\(PermitRootLogin \).\+/\1yes/' /etc/ssh/sshd_config
 sed -i "s/#Server/Server/g" /etc/pacman.d/mirrorlist
-sed -i 's/#\(Storage=\)auto/\1volatile/' /etc/systemd/journald.conf
-
-sed -i 's/#\(HandleSuspendKey=\)suspend/\1ignore/' /etc/systemd/logind.conf
-sed -i 's/#\(HandleHibernateKey=\)hibernate/\1ignore/' /etc/systemd/logind.conf
-sed -i 's/#\(HandleLidSwitch=\)suspend/\1ignore/' /etc/systemd/logind.conf
-
-systemctl enable multi-user.target pacman-init.service choose-mirror.service
-systemctl set-default multi-user.target
 
 sed -i "s/_DATE_/$(date +%Y.%m.%d)/" /etc/motd
diff --git a/configs/releng/airootfs/etc/systemd/scripts/choose-mirror b/configs/releng/airootfs/usr/local/bin/choose-mirror
index 13c9f69..13c9f69 100755
--- a/configs/releng/airootfs/etc/systemd/scripts/choose-mirror
+++ b/configs/releng/airootfs/usr/local/bin/choose-mirror
author	David P <megver83@parabola.nu>	2020-07-15 11:05:30 -0400
committer	David P <megver83@parabola.nu>	2020-07-15 11:05:30 -0400
commit	f2d5583a9428f576a09023032a3e3bae95690b9a (patch)
tree	25a98b2aa34e32e52fa87f25961fdee396003fa8 /configs/releng/airootfs
parent	ff1afc970853f1e9aac03e3fec8a3e2730920651 (diff)