Configuring the nofirewall option by the sysrescue-initialize script must be done before the ip6?tables service.
Configuring the firewall should be finished before beginning to initialize the network.
But the rest of sysrescue-initialize should still be done in parallel to networking
being set up for a fast boot sequence. Also some services in sysrescue-initialize require
networking being online, for example load_srm with a remote url.
The proper way to accommodate all these needs is to split sysrescue:
sysrescue-initialize-prenet: must be finished before the network-pre.target
sysrescue-initialize-whilenet: started after sysrescue-initialize-prenet, can run in parallel
to networking being set up.
mkpasswd is finally available packaged on Arch, so add it to allow
manually replacing a password in /etc/shadow, for when chroots or
pam don't work as wanted. Also supports advanced hash algos like
yescrypt that can't be set via the pam stack yet.
Because the source for mkpasswd is part of the whois package, it
is currently packaged as part of whois. But it might get it's own
package in the future, so add a check for /usr/bin/mkpasswd during
build time.
rclone needs a rclone.conf file before it can be used, it contains
the urls, login data and similar.
Use the sysconfig.rclone.config hierarchy instead of just sysconfig.rclone
to allow adding features later. These could be support for encrypted
rclone config files (these would then go into sysconfig.rclone.crypted_config)
or things like automounting.
syslinux: this is already installed, but only through a dependency.
syslinux is essential to build a bootable image. So this should be
explicitly listed and not just as a dependency.
fatresize (10 KB): allows to resize FAT filesystems. Helpful for
example when you have to grow a EFI System Partition because it
ran out of space.
kexec-tools (70 KB): allows to directly boot into a given kernel +
initramfs without going through the BIOS or bootloader before.
Useful when the bootloader is broken, you can't immediately fix
it but want to boot the original system.
moreutils (about 200k): several small shell utilities
I want to use lckdo for improving mountall. Also ts is helpful when you have a
datastream (like from a serial console) and add timestamps to it. But there are
more helpful utils in there.
https://joeyh.name/code/moreutils/
python-pythondialog (about 60k): allows to easily use python to create
simple shell UIs, based on the "dialog" utility (like used for example in setkmap).
I want to use it to create menus to be used with autoterminal.
https://pythondialog.sourceforge.io/
Do not include the firmware for Q-Logic Fibrechannel/Infiniband HBA firmware anymore,
as it is a similar category as the Mellanox firmware which is already not included
for some time without anyone complaining. This saves about 12 MB space on the ISO.
Implements #256
-d option for build.sh
Regular build: 3m49s for 684M ISO
Devel build: 46s for 857M ISO
-> 80% reduction of build time in devel mode
(measured just on my devel vm, not on a broad set of hardware)
This allows to add additional CAs as trust anchors via the root key
"ca-trust" in the YAML config files.
Why is this helpful and can't be done for example with SRMs?
After the CA files are copied, "update-ca-trust" must be called. This
updates *all* ca trust files. This means your SRM will override all
trust files with the ones used when creating the SRM.
When you then use the SRM with a newer version of SystemRescue, you will
still use the old ca trust files from when the SRM was built.
