tighten hooks

2024-09-20 03:50:37 +02:00 · 2023-11-10 17:30:01 +01:00 · 2023-11-10 17:30:01 +01:00 · 2e7aa1d9ec
commit 2e7aa1d9ec
parent e694de833e
9 changed files with 55 additions and 51 deletions
--- a/usr/lib/archboot/cpio/hooks/base_common
+++ b/usr/lib/archboot/cpio/hooks/base_common
@ -55,6 +55,7 @@ _run ()
    _symlink /etc/systemd/system/proc-sys-fs-binfmt_misc.automount /dev/null
    # add terminus font
    _map _file /usr/share/terminfo/l/linux /usr/share/kbd/consolefonts/ter-v{16,32}n.psf.gz
+    _file /usr/share/licenses/terminus-font/LICENSE
 }

 # vim: set ft=sh ts=4 sw=4 et:
--- a/usr/lib/archboot/cpio/hooks/filesystems
+++ b/usr/lib/archboot/cpio/hooks/filesystems
@ -4,24 +4,22 @@

 _run ()
 {
-    _map _binary mkswap badblocks debugfs dumpe2fs e2fsck e2image e2undo findfs \
-                 fsck logsave mkfs.ext2 resize2fs chattr lsattr e2freefrag filefrag \
-                 jfs_debugfs jfs_fsck jfs_fscklog jfs_logdump jfs_mkfs jfs_tune \
-                 mkfs.xfs xfs_copy xfs_db xfs_estimate xfs_fsr xfs_io xfs_logprint \
-                 xfs_mdrestore xfs_repair xfs_rtcp mkdosfs dosfsck fatlabel mount.smb3 \
-                 mount.cifs fsck.ext2 fsck.ext3 fsck.ext4 e2label tune2fs mkfs.ext3 \
-                 mkfs.ext4 mke2fs fsck.jfs mkfs.jfs wipefs btrfs btrfsck btrfs-find-root \
-                 btrfs-image btrfs-map-logical btrfs-select-super btrfstune mkfs.nilfs2 \
-                 mount.nilfs2 nilfs_cleanerd cifs.idmap cifs.upcall cifscreds getcifsacl \
-                 setcifsacl umount.nilfs2 chcp dumpseg lscp lssu mkcp rmcp fsck.cramfs \
-                 fsck.minix fsfreeze fstrim mkfs.bfs mkfs.cramfs mkfs.minix mkfs.f2fs \
-                 fsck.exfat mkfs.exfat tune.exfat exfatlabel dump.exfat fatresize nvme \
-                 fsck.msdos fsck.vfat mkfs.vfat mkfs.msdos fsck.btrfs dosfslabel \
-                 e2mmpstatus e2scrub e2scrub_all e4crypt e4defrag defrag.f2fs dump.f2fs \
-                 f2fs_io f2fscrypt fibmap.f2fs fsck.f2fs parse.f2fs resize.f2fs sload.f2fs \
-                 blkmapd nfsconf nfsdcld nfsidmap nfsv4.exportd nilfs-clean nilfs-resize \
-                 nilfs-tune xfs_growfs xfs_quota xfs_spaceman compile_et mk_cmds fsck.xfs \
-                 xfs_admin xfs_bmap xfs_freeze xfs_info xfs_metadump xfs_mkfile xfs_ncheck gpart
+    _map _binary mkswap badblocks debugfs dumpe2fs e2{freefrag,fsck,image,label,mmpstatus,\
+scrub,scrub_all,undo} \
+                 findfs fsck logsave resize2fs chattr lsattr filefrag \
+                 jfs_{debugfs,fsck,fscklog,logdump,mkfs,tune} \
+                 xfs_{admin,bmap,copy,db,estimate,freeze,fsr,growfs,info,io,logprint,\
+metadump,mdrestore,mkfile,ncheck,quota,repair,rtcp,spaceman} \
+                 mkdosfs dosfsck fatlabel mount.smb3 mount.cifs tune2fs  mke2fs wipefs \
+                 btrfs btrfsck btrfs-{find-root,image,map-logical,select-super} btrfstune \
+                 mount.nilfs2 nilfs_cleanerd cifs.{idmap,upcall} cifscreds getcifsacl \
+                 setcifsacl umount.nilfs2 chcp dumpseg lscp lssu mkcp rmcp \
+                 fsfreeze fstrim tune.exfat exfatlabel dump.exfat fatresize nvme dosfslabel \
+                 e4{crypt,defrag} defrag.f2fs dump.f2fs f2fs{_io,crypt} fibmap.f2fs \
+                 parse.f2fs resize.f2fs sload.f2fs blkmapd nfsconf nfsdcld \
+                 nfsidmap nfsv4.exportd nilfs-{clean,resize,tune} gpart compile_et mk_cmds \
+                 mkfs.{bfs,cramfs,exfat,ext2,ext3,ext4,f2fs,jfs,minix,msdos,nilfs2,vfat,xfs} \
+                 fsck.{btrfs,cramfs,exfat,ext2,ext3,ext4,f2fs,jfs,minix,msdos,vfat,xfs}
    _file /etc/nilfs_cleanerd.conf
    _map _full_dir /etc/{cifs-utils,request-key.d,nvme}
    # fix libinih for plasma wallpaper
--- a/usr/lib/archboot/cpio/hooks/filesystems_cleanup
+++ b/usr/lib/archboot/cpio/hooks/filesystems_cleanup
@ -6,21 +6,22 @@ _run ()
 {
    ! grep -qw 'archboot' /etc/hostname && return
    _install_files
-    rm /usr/bin/{mkswap,badblocks,debugfs,dumpe2fs,e2fsck,e2image,e2undo,findfs,fsck,\
-logsave,mkfs.ext2,resize2fs,chattr,lsattr,e2freefrag,filefrag,jfs_debugfs,jfs_fsck,\
-jfs_fscklog,jfs_logdump,jfs_mkfs,jfs_tune,mkfs.xfs,xfs_copy,xfs_db,xfs_estimate,\
-xfs_fsr,xfs_io,xfs_logprint,xfs_mdrestore,xfs_repair,xfs_rtcp,mkdosfs,dosfsck,dosfslabel,\
-fatlabel,mount.smb3,mount.cifs,fsck.ext2,fsck.ext3,fsck.ext4,e2label,tune2fs,mkfs.ext3,\
-mkfs.ext4,mke2fs,fsck.jfs,mkfs.jfs,wipefs,btrfs-find-root,btrfs-image,btrfs-map-logical,\
-btrfs-select-super,btrfstune,mkfs.nilfs2,mount.nilfs2,nilfs_cleanerd,cifs.upcall,cifscreds,\
-getcifsacl,setcifsacl,smb2-quota,smbinfo,umount.nilfs2,chcp,dumpseg,lscp,lssu,mkcp,rmcp,\
-fsck.cramfs,fsck.minix,fsfreeze,fstrim,mkfs.bfs,mkfs.cramfs,mkfs.minix,mkfs.f2fs,fsck.exfat,\
-mkfs.exfat,tune.exfat,exfatlabel,dump.exfat,fatresize,nvme,fsck.msdos,fsck.vfat,mkfs.vfat,\
-mkfs.msdos,fsck.btrfs,e2mmpstatus,e2scrub,e2scrub_all,e4crypt,e4defrag,defrag.f2fs,dump.f2fs,\
-f2fs_io,f2fscrypt,fibmap.f2fs,resize.f2fs,sload.f2fs,fsck.f2fs,parse.f2fs,blkmapd,nfsconf,\
-nfsdcld,nfsdclddb,nfsdclnts,nfsidmap,nfsv4.exportd,nilfs-clean,nilfs-resize,nilfs-tune,\
-xfs_growfs,xfs_quota,xfs_spaceman,compile_et,mk_cmds,fsck.xfs,xfs_admin,xfs_bmap,xfs_freeze,\
-xfs_info,xfs_metadump,xfs_mkfile,xfs_ncheck}
+    rm /usr/bin/{mkswap,badblocks,debugfs,dumpe2fs,e2{freefrag,fsck,image,label,mmpstatus,\
+scrub,scrub_all,undo},\
+findfs,fsck,logsave,resize2fs,chattr,lsattr,filefrag,\
+jfs_{debugfs,fsck,fscklog,logdump,mkfs,tune},\
+xfs_{admin,bmap,copy,db,estimate,freeze,fsr,growfs,info,io,logprint,\
+metadump,mdrestore,mkfile,ncheck,quota,repair,rtcp,spaceman},\
+mkdosfs,dosfsck,fatlabel,mount.smb3,mount.cifs,tune2fs,,mke2fs,wipefs,\
+btrfs,btrfsck,btrfs-{find-root,image,map-logical,select-super},btrfstune,\
+mount.nilfs2,nilfs_cleanerd,cifs.{idmap,upcall},cifscreds,getcifsacl,\
+setcifsacl,umount.nilfs2,chcp,dumpseg,lscp,lssu,mkcp,rmcp,\
+fsfreeze,fstrim,tune.exfat,exfatlabel,dump.exfat,fatresize,nvme,dosfslabel,\
+e4{crypt,defrag},defrag.f2fs,dump.f2fs,f2fs{_io,crypt},fibmap.f2fs,\
+parse.f2fs,resize.f2fs,sload.f2fs,blkmapd,nfsconf,nfsdcld,\
+nfsidmap,nfsv4.exportd,nilfs-{clean,resize,tune},gpart,compile_et,mk_cmds,\
+mkfs.{bfs,cramfs,exfat,ext2,ext3,ext4,f2fs,jfs,minix,msdos,nilfs2,vfat,xfs},\
+fsck.{btrfs,cramfs,exfat,ext2,ext3,ext4,f2fs,jfs,minix,msdos,vfat,xfs}}
 }

 # vim: set ft=sh ts=4 sw=4 et:
--- a/usr/lib/archboot/cpio/hooks/lshw
+++ b/usr/lib/archboot/cpio/hooks/lshw
@ -6,7 +6,6 @@ _run ()
 {
    _binary lshw
    _map _file /usr/share/lshw/{manuf,oui,pnpid}.txt
-    _file /usr/share/lshw/pnpid.txt
 }

 # vim: set ft=sh ts=4 sw=4 et:
--- a/usr/lib/archboot/cpio/hooks/lvm2
+++ b/usr/lib/archboot/cpio/hooks/lvm2
@ -7,15 +7,15 @@ _run ()
    local symlink
    ### from thin-provisioning-tools
    _binary pdata_tools
-    for symlink in cache_{check,dump,metadata_size,repair,restore} thin_{check,delta,dump,ls,metadata_size,repair,restore,rmap,trim}; do
+    for symlink in cache_{check,dump,metadata_size,repair,restore} \
+                   thin_{check,delta,dump,ls,metadata_size,repair,restore,rmap,trim}; do
        _symlink "/usr/bin/${symlink}" pdata_tools
    done
-    _map _binary lvmdump lvmconfig vgimportclone fsadm vgcfgbackup vgcfgrestore vgchange \
-          vgck vgconvert vgcreate vgdisplay vgexport vgextend vgimport vgmerge vgmknodes \
-          vgreduce vgremove vgrename vgs vgscan vgsplit pvchange pvck pvcreate pvdisplay \
-          pvmove pvremove pvresize pvs pvscan lvchange lvconvert lvcreate lvdisplay \
-          lvextend lvmdiskscan lvmsadc lvmsar lvreduce lvremove lvrename lvresize lvs \
-          lvscan lvm_import_vdo lvmdevices lvmpolld vgimportdevices
+    _map _binary fsadm lvm{dump,config,devices,polld,diskscan,sadc,sar,_import_vdo} \
+                 vg{importclone,importdevices,cfgbackup,cfgrestore,change,ck,convert,\
+create,display,export,extend,import,merge,mknodes,reduce,remove,rename,s,scan,split} \
+                 pv{change,ck,create,display,move,remove,resize,s,scan} \
+                 lv{change,convert,create,display,extend,reduce,remove,rename,resize,s,scan}
    _map _dir /etc/lvm/{backup,archive}
    _map _file /etc/lvm/lvm.conf /usr/lib/{liblvm*,systemd/system/{lvm2*,blk-availability.service,sysinit.target.wants/lvm2*}}
 }
--- a/usr/lib/archboot/cpio/hooks/remote
+++ b/usr/lib/archboot/cpio/hooks/remote
@ -4,9 +4,9 @@

 _run ()
 {
-    _map _binary findssl.sh scp sftp ssh-add ssh-agent ssh-copy-id ssh-keygen ssh-keyscan sshd \
-      exportfs nfsstat rpc.idmapd rpc.mountd rpc.nfsd rpc.statd rpcdebug showmount \
-      sm-notify start-statd rpc.gssd nfsdcltrack gssproxy screen tmux rsync ttyd
+    _map _binary findssl.sh scp sftp ssh-{add,agent,copy-id,keygen,keyscan} sshd \
+      exportfs nfsstat rpc.{gssd,idmapd,mountd,nfsd,statd} rpcdebug showmount \
+      sm-notify start-statd nfsdcltrack gssproxy screen tmux rsync ttyd
    _map _file /etc/{screenrc,ssh/{ssh_config,/moduli},rsyncd.conf,exports,netconfig} \
          /usr/lib/ssh/{sftp-server,ssh-keysign,ssh-pkcs11-helper}
    _file_rename /etc/ssh/sshd_config /etc/ssh/sshd_config
@ -25,9 +25,12 @@ _run ()
    _symlink /etc/systemd/system/multi-user.target.wants/sshd.service /usr/lib/systemd/system/sshd.service
    # start ttyd on startup
    _file /usr/lib/libwebsockets-evlib_uv.so
-    _file_rename /usr/share/archboot/remote/usr/bin/remote-login.sh /usr/bin/remote-login.sh
-    _file_rename /usr/share/archboot/remote/etc/systemd/system/ttyd.service /etc/systemd/system/ttyd.service
-    _symlink /etc/systemd/system/multi-user.target.wants/ttyd.service /etc/systemd/system/ttyd.service
+    _file_rename /usr/share/archboot/remote/usr/bin/remote-login.sh \
+                 /usr/bin/remote-login.sh
+    _file_rename /usr/share/archboot/remote/etc/systemd/system/ttyd.service \
+                 /etc/systemd/system/ttyd.service
+    _symlink /etc/systemd/system/multi-user.target.wants/ttyd.service \
+             /etc/systemd/system/ttyd.service
    # fix licenses
    _map _file /usr/share/licenses/{nfsidmap/LICENSE,tmux/LICENSE,ttyd/LICENSE}
 }
--- a/usr/lib/archboot/cpio/hooks/secureboot
+++ b/usr/lib/archboot/cpio/hooks/secureboot
@ -8,7 +8,7 @@ _run ()
    _map _file /etc/ssl/openssl.cnf /usr/share/licenses/sbctl/LICENSE
    # add mkkeys.sh, 
    # curl -s -L -O https://www.rodsbooks.com/efi-bootloaders/mkkeys.sh
-    # modiiied to use uuidgen instead of python
+    # modified to use uuidgen instead of python
    _file_rename /usr/bin/archboot-mkkeys.sh /usr/bin/mkkeys.sh
    if [[ "${_RUNNING_ARCH}" == "x86_64" ]]; then
        _map _file /usr/share/archboot/bootloader/{shimx64.efi,mmx64.efi,mmia32.efi,shimia32.efi}
--- a/usr/lib/archboot/cpio/hooks/vconsole
+++ b/usr/lib/archboot/cpio/hooks/vconsole
@ -6,13 +6,15 @@ _run ()
 {
    _full_dir /usr/share/kbd
    #add kbd binaries
-    _map _binary dumpkeys kbd_mode chvt deallocvt fgconsole getkeycodes kbdinfo kbdrate loadunimap mapscrn openvt psfaddtable psfgettable psfstriptable psfxtable setkeycodes setleds setmetamode setvtrgb showconsolefont showkey unicode_start unicode_stop vlock
+    _map _binary dumpkeys kbd_mode chvt deallocvt fgconsole getkeycodes kbdinfo \
+                 kbdrate loadunimap mapscrn openvt psfaddtable psfgettable psfstriptable \
+                 psfxtable setkeycodes setleds setmetamode setvtrgb showconsolefont \
+                 showkey unicode_start unicode_stop vlock
    # only add resizecons on x86_64 
    [[ "${_RUNNING_ARCH}" == "x86_64" ]] && _binary resizecons
    # add fbset
    _binary fbset
    _file /etc/fb.modes
-    _file /usr/share/licenses/terminus-font/LICENSE
 }

 # vim: set ft=sh ts=4 sw=4 et:
--- a/usr/lib/archboot/cpio/hooks/wireless
+++ b/usr/lib/archboot/cpio/hooks/wireless
@ -6,7 +6,7 @@ _run ()
 {
    # start iwd service
    _symlink /etc/systemd/system/multi-user.target.wants/iwd.service /usr/lib/systemd/system/iwd.service
-    _map _binary iw set-wireless-regdom rfkill hwsim iwctl iwmon set-wireless-regdom
+    _map _binary iw set-wireless-regdom rfkill hwsim iwctl iwmon
    # add iwd and ead daemon
    _map _binary /usr/lib/iwd/{iwd,ead}
    # add hwsim helper script