since recently /run/archiso/copytoram is bind-mounted to /run/archiso/bootmnt.
This means sysrescue-configuration.lua should just load yaml files from
/run/archiso/bootmnt and not both, otherwise they would be loaded twice.
Configuring the nofirewall option by the sysrescue-initialize script must be done before the ip6?tables service.
Configuring the firewall should be finished before beginning to initialize the network.
But the rest of sysrescue-initialize should still be done in parallel to networking
being set up for a fast boot sequence. Also some services in sysrescue-initialize require
networking being online, for example load_srm with a remote url.
The proper way to accommodate all these needs is to split sysrescue:
sysrescue-initialize-prenet: must be finished before the network-pre.target
sysrescue-initialize-whilenet: started after sysrescue-initialize-prenet, can run in parallel
to networking being set up.
- Implement a new style configuring autorun scripts ("autorun.exec"), more suited to a YAML config file than the old style (#287)
- The old style autorun scripts are still fully supported, they are loaded into keys from "1000-autorun" to "1026-autorunF"
- change the default for ar_nowait to true
- add "shell" option for new autorun exec scripts: let bash interpret the command instead of directly forking it from python
- allow to wait for keypress with a countdown timer, all keys are accepted now (instead of just enter as in the past)
- fix is_elf_binary
- improve output and logging (#253)
- use curl instead of wget for downloading scripts from URLs
- bind-mount /run/archios/bootmnt in case of copytoram to create a stable path for the new-style scripts
- deprecate storing autorun scripts in the root of the boot disk (#252)
- don't check /var/autorun/cdrom for autorun scripts anymore, it was not documented and there are more than enough better alternatives
- call yay through a wrapper to take care of root/sudo handling
- add yay-prepare to reinstall everything that was stripped for size (like /usr/include)
- yay-prepare creates a yay user and sudo rights
- the wrapper is installed in /usr/bin/yay, we want it to clash with yay-packages that aren't adapted to SystemRescue
The binutils package is installed in SystemRescue for some time, so actually use it.
The busybox ar is inferior to the binutils one, causing problems when building
some packages with yay.
remove ipw2100-fw and ipw2200-fw wifi firmware packages as they are no longer available in Arch
See merge request systemrescue/systemrescue-sources!234
mkpasswd is finally available packaged on Arch, so add it to allow
manually replacing a password in /etc/shadow, for when chroots or
pam don't work as wanted. Also supports advanced hash algos like
yescrypt that can't be set via the pam stack yet.
Because the source for mkpasswd is part of the whois package, it
is currently packaged as part of whois. But it might get it's own
package in the future, so add a check for /usr/bin/mkpasswd during
build time.
archiso_http_srv is used in initramfs and we don't have a database
of trusted CAs there. So ignore all CA checks to allow downloading
from https at all.
Without this patch, airootfs.sfs is downloaded to /run/archiso/httpspace
and then copied to /run/archiso/bootmnt. copytoram is automatically
activated, which copies it to /run/archiso/copytoram and removes
/run/archiso/bootmnt. The original /run/archiso/httpspace was kept,
wasting ram.
This patch gets rid of /run/archiso/httpspace and directly downloads
to /run/archiso/bootmnt. This is then copied to copytoram and bootmnt
removed, so we don't keep two copies in ram anymore.
rclone needs a rclone.conf file before it can be used, it contains
the urls, login data and similar.
Use the sysconfig.rclone.config hierarchy instead of just sysconfig.rclone
to allow adding features later. These could be support for encrypted
rclone config files (these would then go into sysconfig.rclone.crypted_config)
or things like automounting.
it is usually run during initramfs: we don't have a CA database there, so
all https downloads would fail otherwise.
Not doing cert verification at this step is clearly documented, so no
unexpected security risk for the user.
The latest Arch updates changed mount behavior during build, at least that
is what I'm seeing on my machine. So only do the second unmount if the
chroot /dev is still mounted. Otherwise the build script would abort due to
the error returncode.
