It allows to preconfigure a list of known host keys.
But the primary use case will probably be trusting signatures from SSH CAs for host keys.
Example:
---
sysconfig:
ssh_known_hosts:
myhost.example.org: "ssh-ed25519 AAAAC3NzaC1l...JJTO48B"
"@cert-authority *.mydomain.org": "ssh-rsa AAAAB3NzaC1y...Zhk0="
Do this by asking max 6 times for a password, then continue with the next device.
Also fix a bug when an encrypted device on LVM leads to the same device
name for the encrypted and unencrypted device.
Configuring the nofirewall option by the sysrescue-initialize script must be done before the ip6?tables service.
Configuring the firewall should be finished before beginning to initialize the network.
But the rest of sysrescue-initialize should still be done in parallel to networking
being set up for a fast boot sequence. Also some services in sysrescue-initialize require
networking being online, for example load_srm with a remote url.
The proper way to accommodate all these needs is to split sysrescue:
sysrescue-initialize-prenet: must be finished before the network-pre.target
sysrescue-initialize-whilenet: started after sysrescue-initialize-prenet, can run in parallel
to networking being set up.
mkpasswd is finally available packaged on Arch, so add it to allow
manually replacing a password in /etc/shadow, for when chroots or
pam don't work as wanted. Also supports advanced hash algos like
yescrypt that can't be set via the pam stack yet.
Because the source for mkpasswd is part of the whois package, it
is currently packaged as part of whois. But it might get it's own
package in the future, so add a check for /usr/bin/mkpasswd during
build time.
rclone needs a rclone.conf file before it can be used, it contains
the urls, login data and similar.
Use the sysconfig.rclone.config hierarchy instead of just sysconfig.rclone
to allow adding features later. These could be support for encrypted
rclone config files (these would then go into sysconfig.rclone.crypted_config)
or things like automounting.
syslinux: this is already installed, but only through a dependency.
syslinux is essential to build a bootable image. So this should be
explicitly listed and not just as a dependency.
fatresize (10 KB): allows to resize FAT filesystems. Helpful for
example when you have to grow a EFI System Partition because it
ran out of space.
kexec-tools (70 KB): allows to directly boot into a given kernel +
initramfs without going through the BIOS or bootloader before.
Useful when the bootloader is broken, you can't immediately fix
it but want to boot the original system.
moreutils (about 200k): several small shell utilities
I want to use lckdo for improving mountall. Also ts is helpful when you have a
datastream (like from a serial console) and add timestamps to it. But there are
more helpful utils in there.
https://joeyh.name/code/moreutils/
python-pythondialog (about 60k): allows to easily use python to create
simple shell UIs, based on the "dialog" utility (like used for example in setkmap).
I want to use it to create menus to be used with autoterminal.
https://pythondialog.sourceforge.io/
