since recently /run/archiso/copytoram is bind-mounted to /run/archiso/bootmnt.
This means sysrescue-configuration.lua should just load yaml files from
/run/archiso/bootmnt and not both, otherwise they would be loaded twice.
- call yay through a wrapper to take care of root/sudo handling
- add yay-prepare to reinstall everything that was stripped for size (like /usr/include)
- yay-prepare creates a yay user and sudo rights
- the wrapper is installed in /usr/bin/yay, we want it to clash with yay-packages that aren't adapted to SystemRescue
mkpasswd is finally available packaged on Arch, so add it to allow
manually replacing a password in /etc/shadow, for when chroots or
pam don't work as wanted. Also supports advanced hash algos like
yescrypt that can't be set via the pam stack yet.
Because the source for mkpasswd is part of the whois package, it
is currently packaged as part of whois. But it might get it's own
package in the future, so add a check for /usr/bin/mkpasswd during
build time.
it is usually run during initramfs: we don't have a CA database there, so
all https downloads would fail otherwise.
Not doing cert verification at this step is clearly documented, so no
unexpected security risk for the user.
Activating md raid or lvm means that the kernel changes the metadata like
timestamps and mount counts of the devices and writes them to disk.
Also reconstructing degraded md raid devices is automatically activated.
There are cases when writing to disks is absolutely not wanted. For example
when restoring data from broken disks or when doing forensics.
The nomdlvm boot commandline option prevents any activation and thus
not wanted writes. If the user wants to use md or lvm with the option
set, all md or lvm devices have to be manually found and activated.
nomdlvm is only implemented as boot commandline option and does not use
the YAML config file. The reason is that the udev rules are evaluated
before sysrescue-configuration.lua is run, so the YAML config is not
ready yet. Moving nomdlvm after sysrescue-configuration.lua would be
an invasive operation and modify the activation order of all md and lvm
devices for all cases, increasing the probability of regressions.
Also udev rules offer a direct access to boot commandline options, making
implementation straightforward and robust.
There is no dependency on NetworkManager being actually online when
sysrescue-initialize.py calls load-srm to honor the late_load_srm config
option. So without this patch this can fail when the network takes a
few seconds until the link is actually up.
Fixes#288
serial consoles have separate systemd services (serial-getty@.service). We need to adapt
the handling and also need some different options for them than for regular gettys.
To allow sysrescue-initialize.py to differentiate between regular consoles and serial ones
they must be configured with the prefix "serial:" in the yaml, for example like this:
autoterminal:
"serial:ttyS0": "/usr/bin/bash"
Before this patch sysrescue-configuration.lua was executed twice each boot:
(1) during initramfs stage (2) in the regular system as sysrescue-configuration.service
While in theory both runs should create the same output, this isn't guaranteed and
differences could appear for example because of network issues. Finding and debugging
these is difficult because the output of sysrescue-configuration.lua created during
initramfs isn't available anymore when the final system is running.
This patch lets sysrescue-configuration.lua just run once during initramfs. The
output JSON file is then written to the new tmpfs mounted dir /run/archiso/config/.
This dir is also made the new default location for sysrescue-effective-config.json.
A symlink from /etc/sysrescue/sysrescue-effective-config.json to the new location
is created for compatibility with previous releases.
It loops through all available block devices in the system and tries to mount them.
They are mounted to /mnt/<devicename>.
If they have "dev", "proc" or "sys" dirs in them, then the respective dirs of the
running SystemRescue are bind-mounted into it. This allows running some commands
like grub-install when chrooting into the dir.
When you set a "sysrescuecfg" option on the boot command line before this change,
only the files given on the boot command line were read, not the files in the
sysrescue.d dir. But previous versions of sysrescue-configuration.lua had a set of
built-in default values, these were still used.
Current sysrescue-configuration.lua does not include default values anymore, they
are now all in 100-defaults.yaml. So it is better to always read the default values
from the sysrescue.d dir and just merge files given with the sysrescuecfg option
additionally, with a higher priority.
The sysrescuecfg now also allows absolute paths for local files. When using relative
paths, the common sysrescue.d dirs are prefixed. In this case the file will usually
be loaded again, but at a higher priority.
Previously when loading a YAML config, it overrode single values on the second hierarchy level.
But on all deeper levels new values were completely overwritten. This was inconsistent and poses
a problem for config entries that use these levels, like the ca-trust or the in-development autoterminal.
This change implements full merging of dictionaries on all levels to solve this. Values in files later
in precedence overwrite previous values. If the the old and the new config values are both dictionaries,
then the hierarchy levels are merged down recursively.
You can remove a previously existing dict entry again in a later file by assigning it an empty value.
Also fix handling of invalid YAMLs: ignore them instead of aborting execution
When using a non-root user to execute sysrescue-customize with the srm building function,
you won't have the rights to create files owned by root. When you want to keep the build_into_srm
dir in a git tree, you won't be able to store the file mode there. But using a specific file
mode is important for example for /root/.ssh
The mksquashfs pseudo file allows to solve this by overriding individual file modes like this:
cat <<EOF >recipe_dir/build_into_srm/.squashfs-pseudo
/root/.ssh m 700 root root
/root/.ssh/authorized_keys m 600 root root
EOF
modesetting_drv.so is the library that links to libgbm.so. We not only want
that libgbm.so has all dependecies satisfied, but also the lib that needs
libgbm.so in the first place.
