These embedded checksums can help against accidental image corruption,
for example due to bad cache data, broken mirror servers or bad media.
They are not digital signatures and do *not* help against bad actors
manipulating the .iso image.
Images can be checked manually with the "checkisomd5" command. This
is done automatically when using the Fedora media writer or the upcoming
systemrescue-usbwriter.
The latest Arch updates changed mount behavior during build, at least that
is what I'm seeing on my machine. So only do the second unmount if the
chroot /dev is still mounted. Otherwise the build script would abort due to
the error returncode.
Initializing the pacman key database during boot can take considerable time
and there is no locking during this time against concurrent file access.
This can lead to problems when installing packages soon after reboot.
This also speeds up the boot process.
Additional disk space requirement is about 1 MByte.
Fixes#290
-d option for build.sh
Regular build: 3m49s for 684M ISO
Devel build: 46s for 857M ISO
-> 80% reduction of build time in devel mode
(measured just on my devel vm, not on a broad set of hardware)
It has been superseded by native mkinitcpio (since v16) solution:
- systemd-tmpfiles (via /usr/lib/tmpfiles.d/mkinitcpio.conf fragment) creates /run/initramfs directory during boot.
- Before shutdown, mkinitcpio-generate-shutdown-ramfs.service (enabled by default) populates /run/initramfs using sd-shutdown hook.
Albeit not strictly required, drop it from build.sh too.
See:
2fa0eb25d4e785ee2cee7123888493
This prevents huge dependency downloads by pacman when the SystemRescue version gets older
by using a snapshot repo from the day the SystemRescue version is released.
The classic rolling repos from Arch are also available as option. Activate with the
"--config /etc/pacman-rolling.conf" option to pacman.
To allow switching on a per-command basis, two different sets of remote package databases
are required. But the local package database must be the same for both variants. This
is achived by using two different DBPaths in the pacman config files and bind-mounting
the local part together. pacman does not accept symlinks for this, so it must be a bind mount.
The repo snapshot date is determined automatically by a query to the archive mirror.
You can also set a different snapshot date with the -s option.
Before always the current packages were used. Use defined snapshots instead,
because a future commit will switch pacman within the image to use the snapshot too.
* Passes through PAM (pam_systemd module) via login(1). This sets up
systemd --user instance, which will create and listen on dbus session socket.
* login(1) is called (via agetty(8)) with -p option, keeping the environment
pam_systemd configured for the user, most importantly
DBUS_SESSION_BUS_ADDRESS.
* Thus dbus-launch call in /etc/X11/xinit/xinitrc is unnecessary.
* autologin.conf drop-in configured in the template unit (getty@.service)
to make autologin work on all virtual consoles.
