Configuring the nofirewall option by the sysrescue-initialize script must be done before the ip6?tables service.
Configuring the firewall should be finished before beginning to initialize the network.
But the rest of sysrescue-initialize should still be done in parallel to networking
being set up for a fast boot sequence. Also some services in sysrescue-initialize require
networking being online, for example load_srm with a remote url.
The proper way to accommodate all these needs is to split sysrescue:
sysrescue-initialize-prenet: must be finished before the network-pre.target
sysrescue-initialize-whilenet: started after sysrescue-initialize-prenet, can run in parallel
to networking being set up.
Initializing the pacman key database during boot can take considerable time
and there is no locking during this time against concurrent file access.
This can lead to problems when installing packages soon after reboot.
This also speeds up the boot process.
Additional disk space requirement is about 1 MByte.
Fixes#290
Before this patch sysrescue-configuration.lua was executed twice each boot:
(1) during initramfs stage (2) in the regular system as sysrescue-configuration.service
While in theory both runs should create the same output, this isn't guaranteed and
differences could appear for example because of network issues. Finding and debugging
these is difficult because the output of sysrescue-configuration.lua created during
initramfs isn't available anymore when the final system is running.
This patch lets sysrescue-configuration.lua just run once during initramfs. The
output JSON file is then written to the new tmpfs mounted dir /run/archiso/config/.
This dir is also made the new default location for sysrescue-effective-config.json.
A symlink from /etc/sysrescue/sysrescue-effective-config.json to the new location
is created for compatibility with previous releases.
This prevents huge dependency downloads by pacman when the SystemRescue version gets older
by using a snapshot repo from the day the SystemRescue version is released.
The classic rolling repos from Arch are also available as option. Activate with the
"--config /etc/pacman-rolling.conf" option to pacman.
To allow switching on a per-command basis, two different sets of remote package databases
are required. But the local package database must be the same for both variants. This
is achived by using two different DBPaths in the pacman config files and bind-mounting
the local part together. pacman does not accept symlinks for this, so it must be a bind mount.
* The synchronization point is getty-pre.target to block login while autorun
is active
* After sysresccd-initialize.service to have keyboard layout configured
* stdin/stdout/stderr conected to /dev/console to make interactive scripts work
Closesfdupoux/sysresccd-src#18
* Passes through PAM (pam_systemd module) via login(1). This sets up
systemd --user instance, which will create and listen on dbus session socket.
* login(1) is called (via agetty(8)) with -p option, keeping the environment
pam_systemd configured for the user, most importantly
DBUS_SESSION_BUS_ADDRESS.
* Thus dbus-launch call in /etc/X11/xinit/xinitrc is unnecessary.
* autologin.conf drop-in configured in the template unit (getty@.service)
to make autologin work on all virtual consoles.
Use localectl to set kbd and x11 keymaps.
Order sysresccd-initialize.service before getty-pre.target (pasive target,
pulled in manually) to ensure console keymap is proper configured when
getty@.service runs.
Fixes#74
