remove ipw2100-fw and ipw2200-fw wifi firmware packages as they are no longer available in Arch
See merge request systemrescue/systemrescue-sources!234
mkpasswd is finally available packaged on Arch, so add it to allow
manually replacing a password in /etc/shadow, for when chroots or
pam don't work as wanted. Also supports advanced hash algos like
yescrypt that can't be set via the pam stack yet.
Because the source for mkpasswd is part of the whois package, it
is currently packaged as part of whois. But it might get it's own
package in the future, so add a check for /usr/bin/mkpasswd during
build time.
archiso_http_srv is used in initramfs and we don't have a database
of trusted CAs there. So ignore all CA checks to allow downloading
from https at all.
Without this patch, airootfs.sfs is downloaded to /run/archiso/httpspace
and then copied to /run/archiso/bootmnt. copytoram is automatically
activated, which copies it to /run/archiso/copytoram and removes
/run/archiso/bootmnt. The original /run/archiso/httpspace was kept,
wasting ram.
This patch gets rid of /run/archiso/httpspace and directly downloads
to /run/archiso/bootmnt. This is then copied to copytoram and bootmnt
removed, so we don't keep two copies in ram anymore.
rclone needs a rclone.conf file before it can be used, it contains
the urls, login data and similar.
Use the sysconfig.rclone.config hierarchy instead of just sysconfig.rclone
to allow adding features later. These could be support for encrypted
rclone config files (these would then go into sysconfig.rclone.crypted_config)
or things like automounting.
it is usually run during initramfs: we don't have a CA database there, so
all https downloads would fail otherwise.
Not doing cert verification at this step is clearly documented, so no
unexpected security risk for the user.
The latest Arch updates changed mount behavior during build, at least that
is what I'm seeing on my machine. So only do the second unmount if the
chroot /dev is still mounted. Otherwise the build script would abort due to
the error returncode.
Qt 5 and 6 package translation files for common widgets that programs
can opt to use. These translation files take up about 2 MB of the final
iso image.
When the translations are removed, qt is designed to show messages
in the default language, English.
SystemRescue currently contains 2 programs using qt5 and qt6. I
tested both with the default en_US.UTF-8 and custom de_DE.UTF-8 locales:
featherpad: contains it's own complete translation. It's UI uses the
configured locale and it works regardless if the qt-translations are
installed or not.
yubikey-personalization-gui: doesn't use the translations at all and
is always shown in English. Removing the qt translations doesn't change
anything.
So programs coming with SystemRescue by default aren't affected. Also
other qt programs the user could install won't be affected. Only if the
user also changes the default locale, parts of some programs might be
now shown in English, like many other parts of SystemRescue that don't
come with translations.
The KeepassXC documentation takes up 5 MB of final iso image size.
This is quite excessive.
Removing the documentation doesn't impair program usage. The documentation
can easily be accessed online from the KeepassXC website, it is directly
linked in the help menu.
Activating md raid or lvm means that the kernel changes the metadata like
timestamps and mount counts of the devices and writes them to disk.
Also reconstructing degraded md raid devices is automatically activated.
There are cases when writing to disks is absolutely not wanted. For example
when restoring data from broken disks or when doing forensics.
The nomdlvm boot commandline option prevents any activation and thus
not wanted writes. If the user wants to use md or lvm with the option
set, all md or lvm devices have to be manually found and activated.
nomdlvm is only implemented as boot commandline option and does not use
the YAML config file. The reason is that the udev rules are evaluated
before sysrescue-configuration.lua is run, so the YAML config is not
ready yet. Moving nomdlvm after sysrescue-configuration.lua would be
an invasive operation and modify the activation order of all md and lvm
devices for all cases, increasing the probability of regressions.
Also udev rules offer a direct access to boot commandline options, making
implementation straightforward and robust.
The dns library used by lua requires /etc/hosts to exist, otherwise all
requests for name resolution are denied. This meant that using the
sysrescuecfg boot option with a http URL and hostname did not work
while using an IP worked.
This patch adds an empty /etc/hosts file to the initramfs image to fix this.
Initializing the pacman key database during boot can take considerable time
and there is no locking during this time against concurrent file access.
This can lead to problems when installing packages soon after reboot.
This also speeds up the boot process.
Additional disk space requirement is about 1 MByte.
Fixes#290
