When the correct keyboard map is not set yet, it might be difficult for the user
to type in the command. This way they just have to press the arrow up key to reach it.
Fixes#273
This allows to add additional CAs as trust anchors via the root key
"ca-trust" in the YAML config files.
Why is this helpful and can't be done for example with SRMs?
After the CA files are copied, "update-ca-trust" must be called. This
updates *all* ca trust files. This means your SRM will override all
trust files with the ones used when creating the SRM.
When you then use the SRM with a newer version of SystemRescue, you will
still use the old ca trust files from when the SRM was built.
When using a non-root user to execute sysrescue-customize with the srm building function,
you won't have the rights to create files owned by root. When you want to keep the build_into_srm
dir in a git tree, you won't be able to store the file mode there. But using a specific file
mode is important for example for /root/.ssh
The mksquashfs pseudo file allows to solve this by overriding individual file modes like this:
cat <<EOF >recipe_dir/build_into_srm/.squashfs-pseudo
/root/.ssh m 700 root root
/root/.ssh/authorized_keys m 600 root root
EOF
- disable telemetry and studies, remove notice tab about telemetry
- force off DNS-over-HTTPS and always use the local dns resolver.
This allows for example to access websites in the local part of a split dns setup
- set the default search engine to DuckDuckGo
- change the homepage to the internal firefox homepage (shows a searchbar and buttons).
This doesn't load an external page (DuckDuckGo previously) without user consent/action,
but still provides a convenient way to search via DuckDuckGo.
modesetting_drv.so is the library that links to libgbm.so. We not only want
that libgbm.so has all dependecies satisfied, but also the lib that needs
libgbm.so in the first place.
The ldconfig service ("Rebuild Dynamic Linker Cache") updates /etc/ld.so.cache when it is
older than some preconfigured age. This increases boot time, especially when airootfs is
on a slower media, like a DVD-ROM drive or NFS. Since System Rescue doesn't change over time,
keeping the original file from release is fine.
You can't easily update the kernel from within a running System Rescue.
Updating the kernel will create conflicts of the new kernel modules and the still running kernel.
This has been a problem in the past, see for example #238. So better prevent it.
This prevents huge dependency downloads by pacman when the SystemRescue version gets older
by using a snapshot repo from the day the SystemRescue version is released.
The classic rolling repos from Arch are also available as option. Activate with the
"--config /etc/pacman-rolling.conf" option to pacman.
To allow switching on a per-command basis, two different sets of remote package databases
are required. But the local package database must be the same for both variants. This
is achived by using two different DBPaths in the pacman config files and bind-mounting
the local part together. pacman does not accept symlinks for this, so it must be a bind mount.
On newer systems /bin is linked to /usr/bin, the same goes for /sbin.
This is called usrmerge. Some distributions seem to have introduced
usrmerge just very recently, like openSUSE in 2021. So SystemRescue
should fully support this for years to come.
So we need /bin, /sbin and /usr/sbin in the default $PATH to make it
easy to use from within a chroot.
