mirror of
https://gitlab.archlinux.org/tpowa/archboot.git
synced 2024-09-20 03:50:37 +02:00
further tightening
This commit is contained in:
parent
2ed7c6de97
commit
0b51090191
1 changed files with 15 additions and 24 deletions
|
@ -34,13 +34,22 @@ usr/share/{locale/{be,bg,cs,da,de,en_US,el,es,fi,fr,hu,it,lt,lv,mk,nl,nn,pl,pt,r
|
||||||
var/lib/pacman/local \
|
var/lib/pacman/local \
|
||||||
| tar -C "${_ROOTFS}" -xpf -
|
| tar -C "${_ROOTFS}" -xpf -
|
||||||
fi
|
fi
|
||||||
_map _binary agetty awk basename bsdtar chmod clear date dd df dir du \
|
_map _binary agetty archlinux-keyring-wkd-sync awk basename bsdtar \
|
||||||
false gawk insmod install kill killall ldconfig mktemp \
|
{bus,boot,coredump,hostname,journal,locale,login,machine,network,\
|
||||||
more od partprobe passwd pgrep pidof printf ps \
|
system,timedate,userdb,home,oom,portable}ctl certutil chmod clear cmsutil crlutil curl date \
|
||||||
pwd rmdir true rbash rmmod sort stat tar tee top touch \
|
dbus-{cleanup-sockets,daemon,launch,monitor,run-session,send,test-tool,\
|
||||||
tr tty wc yes zstd
|
update-activation-environment,uuidgen} dd df dir du false gawk gpg{,-agent,conf,-connect-agent} \
|
||||||
|
gpgme-{tool,json} insmod install kernel-install kill{,all} loadkeys ldconfig \
|
||||||
|
login makepkg mktemp mkhomedir_helper modutil more mount.ddi mount.nfs{,4} \
|
||||||
|
nano nologin nss-config od p11-kit pk12util pam_timestamp_check pacman{,-conf,-key,-db-upgrade} \
|
||||||
|
partprobe passwd pgrep pidof pinentry{,-curses} printf ps pwd rmdir tr true \
|
||||||
|
repo-{add,elephant,remove} rbash rmmod secret-tool shlibsign sign{tool,ver} sort \
|
||||||
|
ssltap stat symkeyutil systemd-{ac-power,analyze,ask-password,cat,cgls,cgtop,confextdelta,\
|
||||||
|
detect-virt,escape,firstboot,hwdb,inhibit,machine-id-setup,mount,notify,nspawn,path,resolve,repartrun,\
|
||||||
|
socket-activate,stdio-bridge,sysusers,tty-ask-password-agent,umount,creds,cryptenroll,dissect,id128,sysext} \
|
||||||
|
tar tee testpkg top touch trust tty unix_{chkpwd,update} /usr/lib/dbus-1.0/dbus-daemon-launch-helper \
|
||||||
|
umount.nfs{,4} update-ca-trust vercmp wc yes zstd
|
||||||
# add nano
|
# add nano
|
||||||
_binary nano
|
|
||||||
_file_rename /etc/nanorc /etc/nanorc
|
_file_rename /etc/nanorc /etc/nanorc
|
||||||
# add syntax highlighting
|
# add syntax highlighting
|
||||||
echo "include \"/usr/share/nano/*.nanorc\"" >> "${_ROOTFS}/etc/nanorc"
|
echo "include \"/usr/share/nano/*.nanorc\"" >> "${_ROOTFS}/etc/nanorc"
|
||||||
|
@ -57,21 +66,8 @@ protocols,request-key.conf,securetty,services}
|
||||||
# fixing network support from glibc
|
# fixing network support from glibc
|
||||||
_map _file /usr/lib/{libnss_files.so.2,libnss_dns.so.2}
|
_map _file /usr/lib/{libnss_files.so.2,libnss_dns.so.2}
|
||||||
## add pam and shadow
|
## add pam and shadow
|
||||||
_map _binary login nologin mkhomedir_helper pam_timestamp_check unix_{chkpwd,update}
|
|
||||||
_map _file /etc/{environment,login.defs}
|
_map _file /etc/{environment,login.defs}
|
||||||
# add systemd service apps
|
|
||||||
_map _binary loadkeys mount.nfs{,4} umount.nfs{,4}
|
|
||||||
# dbus files
|
|
||||||
_map _binary dbus-{cleanup-sockets,daemon,launch,monitor,run-session,send,test-tool,\
|
|
||||||
update-activation-environment,uuidgen} /usr/lib/dbus-1.0/dbus-daemon-launch-helper
|
|
||||||
# tpm2-tss files
|
|
||||||
_map _binary secret-tool pinentry{,-curses} gpgme-{tool,json}
|
|
||||||
# systemd files
|
# systemd files
|
||||||
_map _binary {bus,boot,coredump,hostname,journal,locale,login,machine,network,\
|
|
||||||
system,timedate,userdb,home,oom,portable}ctl kernel-install mount.ddi systemd-{ac-power,\
|
|
||||||
analyze,ask-password,cat,cgls,cgtop,confextdelta,detect-virt,escape,firstboot,hwdb,inhibit,\
|
|
||||||
machine-id-setup,mount,notify,nspawn,path,resolve,repartrun,socket-activate,stdio-bridge,\
|
|
||||||
sysusers,tty-ask-password-agent,umount,creds,cryptenroll,dissect,id128,sysext}
|
|
||||||
_map _dir /etc/tmpfiles.d /etc/modules-load.d /etc/binfmt.d
|
_map _dir /etc/tmpfiles.d /etc/modules-load.d /etc/binfmt.d
|
||||||
_file_rename /usr/share/archboot/base/etc/locale.conf /etc/locale.conf
|
_file_rename /usr/share/archboot/base/etc/locale.conf /etc/locale.conf
|
||||||
_file_rename /usr/share/archboot/base/etc/vconsole.conf /etc/vconsole.conf
|
_file_rename /usr/share/archboot/base/etc/vconsole.conf /etc/vconsole.conf
|
||||||
|
@ -114,9 +110,6 @@ linux-with-alt-and-altgr,linux-keys-bare}.inc,qwerty/us.map.gz} \
|
||||||
# add swapiness sysctl config file
|
# add swapiness sysctl config file
|
||||||
_file_rename /usr/share/archboot/base/etc/sysctl.d/99-sysctl.conf /etc/sysctl.d/99-sysctl.conf
|
_file_rename /usr/share/archboot/base/etc/sysctl.d/99-sysctl.conf /etc/sysctl.d/99-sysctl.conf
|
||||||
# add pacman
|
# add pacman
|
||||||
_map _binary pacman{,-conf,-key,-db-upgrade} makepkg \
|
|
||||||
repo-{add,elephant,remove} testpkg vercmp curl gpg{,-agent,conf,-connect-agent} \
|
|
||||||
archlinux-keyring-wkd-sync
|
|
||||||
_map _dir /var/{cache/pacman/pkg,lib/pacman}
|
_map _dir /var/{cache/pacman/pkg,lib/pacman}
|
||||||
_map _file /etc/{pacman.conf,makepkg.conf,pacman.d/mirrorlist}
|
_map _file /etc/{pacman.conf,makepkg.conf,pacman.d/mirrorlist}
|
||||||
# add pacman initialization of gpg keys
|
# add pacman initialization of gpg keys
|
||||||
|
@ -124,8 +117,6 @@ linux-with-alt-and-altgr,linux-keys-bare}.inc,qwerty/us.map.gz} \
|
||||||
_file_rename /usr/share/archboot/base/etc/systemd/system/pacman-init.service \
|
_file_rename /usr/share/archboot/base/etc/systemd/system/pacman-init.service \
|
||||||
/etc/systemd/system/pacman-init.service
|
/etc/systemd/system/pacman-init.service
|
||||||
# add nss p11-kit and ca certificates
|
# add nss p11-kit and ca certificates
|
||||||
_map _binary p11-kit trust certutil cmsutil crlutil modutil nss-config pk12util \
|
|
||||||
shlibsign signtool signver ssltap symkeyutil update-ca-trust
|
|
||||||
_symlink "/etc/ssl/cert.pem" "../ca-certificates/extracted/tls-ca-bundle.pem"
|
_symlink "/etc/ssl/cert.pem" "../ca-certificates/extracted/tls-ca-bundle.pem"
|
||||||
_symlink "/etc/ssl/certs/ca-certificates.crt" "../../ca-certificates/extracted/tls-ca-bundle.pem"
|
_symlink "/etc/ssl/certs/ca-certificates.crt" "../../ca-certificates/extracted/tls-ca-bundle.pem"
|
||||||
_map _file /usr/share/{ca-certificates/trust-source/mozilla.trust.p11-kit,p11-kit/modules/p11-kit-trust.module}
|
_map _file /usr/share/{ca-certificates/trust-source/mozilla.trust.p11-kit,p11-kit/modules/p11-kit-trust.module}
|
||||||
|
|
Loading…
Reference in a new issue