Before this patch sysrescue-configuration.lua was executed twice each boot:
(1) during initramfs stage (2) in the regular system as sysrescue-configuration.service
While in theory both runs should create the same output, this isn't guaranteed and
differences could appear for example because of network issues. Finding and debugging
these is difficult because the output of sysrescue-configuration.lua created during
initramfs isn't available anymore when the final system is running.
This patch lets sysrescue-configuration.lua just run once during initramfs. The
output JSON file is then written to the new tmpfs mounted dir /run/archiso/config/.
This dir is also made the new default location for sysrescue-effective-config.json.
A symlink from /etc/sysrescue/sysrescue-effective-config.json to the new location
is created for compatibility with previous releases.
When you set a "sysrescuecfg" option on the boot command line before this change,
only the files given on the boot command line were read, not the files in the
sysrescue.d dir. But previous versions of sysrescue-configuration.lua had a set of
built-in default values, these were still used.
Current sysrescue-configuration.lua does not include default values anymore, they
are now all in 100-defaults.yaml. So it is better to always read the default values
from the sysrescue.d dir and just merge files given with the sysrescuecfg option
additionally, with a higher priority.
The sysrescuecfg now also allows absolute paths for local files. When using relative
paths, the common sysrescue.d dirs are prefixed. In this case the file will usually
be loaded again, but at a higher priority.
Until now sysrescue-configuration.lua always ensured the default values were
in the effective JSON config because there was no way to remove them. Now the
lua script is improved to allow full config merging, including a delete function.
This could lead to the user accidently removing a value. The scripts did not
expect this and accessed non existing keys, leading to an exception.
This is fixed with this commit.
Previously when loading a YAML config, it overrode single values on the second hierarchy level.
But on all deeper levels new values were completely overwritten. This was inconsistent and poses
a problem for config entries that use these levels, like the ca-trust or the in-development autoterminal.
This change implements full merging of dictionaries on all levels to solve this. Values in files later
in precedence overwrite previous values. If the the old and the new config values are both dictionaries,
then the hierarchy levels are merged down recursively.
You can remove a previously existing dict entry again in a later file by assigning it an empty value.
Also fix handling of invalid YAMLs: ignore them instead of aborting execution
When the correct keyboard map is not set yet, it might be difficult for the user
to type in the command. This way they just have to press the arrow up key to reach it.
Fixes#273
This allows to add additional CAs as trust anchors via the root key
"ca-trust" in the YAML config files.
Why is this helpful and can't be done for example with SRMs?
After the CA files are copied, "update-ca-trust" must be called. This
updates *all* ca trust files. This means your SRM will override all
trust files with the ones used when creating the SRM.
When you then use the SRM with a newer version of SystemRescue, you will
still use the old ca trust files from when the SRM was built.
When using a non-root user to execute sysrescue-customize with the srm building function,
you won't have the rights to create files owned by root. When you want to keep the build_into_srm
dir in a git tree, you won't be able to store the file mode there. But using a specific file
mode is important for example for /root/.ssh
The mksquashfs pseudo file allows to solve this by overriding individual file modes like this:
cat <<EOF >recipe_dir/build_into_srm/.squashfs-pseudo
/root/.ssh m 700 root root
/root/.ssh/authorized_keys m 600 root root
EOF
- disable telemetry and studies, remove notice tab about telemetry
- force off DNS-over-HTTPS and always use the local dns resolver.
This allows for example to access websites in the local part of a split dns setup
- set the default search engine to DuckDuckGo
- change the homepage to the internal firefox homepage (shows a searchbar and buttons).
This doesn't load an external page (DuckDuckGo previously) without user consent/action,
but still provides a convenient way to search via DuckDuckGo.
modesetting_drv.so is the library that links to libgbm.so. We not only want
that libgbm.so has all dependecies satisfied, but also the lib that needs
libgbm.so in the first place.
The ldconfig service ("Rebuild Dynamic Linker Cache") updates /etc/ld.so.cache when it is
older than some preconfigured age. This increases boot time, especially when airootfs is
on a slower media, like a DVD-ROM drive or NFS. Since System Rescue doesn't change over time,
keeping the original file from release is fine.
You can't easily update the kernel from within a running System Rescue.
Updating the kernel will create conflicts of the new kernel modules and the still running kernel.
This has been a problem in the past, see for example #238. So better prevent it.
This prevents huge dependency downloads by pacman when the SystemRescue version gets older
by using a snapshot repo from the day the SystemRescue version is released.
The classic rolling repos from Arch are also available as option. Activate with the
"--config /etc/pacman-rolling.conf" option to pacman.
To allow switching on a per-command basis, two different sets of remote package databases
are required. But the local package database must be the same for both variants. This
is achived by using two different DBPaths in the pacman config files and bind-mounting
the local part together. pacman does not accept symlinks for this, so it must be a bind mount.
