disable lastlog in a clean way, disable firstboot machine-id-commit pcrmachine binfmt boot-random-seed repart services

2024-09-19 19:40:37 +02:00 · 2023-06-21 10:26:13 +02:00 · 2023-06-21 10:26:13 +02:00 · 42406b7091
commit 42406b7091
parent 7f3daea6a9
2 changed files with 30 additions and 6 deletions
--- a/usr/lib/initcpio/install/archboot_base_common
+++ b/usr/lib/initcpio/install/archboot_base_common
@ -9,7 +9,6 @@ build ()

    add_symlink /var/run ../run
    add_symlink /var/lock ../run/lock
-    add_symlink /var/log/lastlog /dev/null

    ### add basic apps
    map add_binary init agetty basename mount umount clear env printf gawk tty bash rbash \
@ -140,20 +139,23 @@ build ()
    add_file "/usr/share/archboot/base/etc/systemd/system/serial-getty@.service" "/etc/systemd/system/serial-getty@.service"
    add_file "/usr/share/archboot/base/etc/systemd/system/systemd-sysusers.service" "/etc/systemd/system/systemd-sysusers.service"
    ### disable systemd mounts:
-    # mask fuse, it's not included by default
-    # no tmpfs needed on /tmp!
-    # disable debugfs, configfs and tracefs
+    # disable configfs, debugfs, fuse and tracefs
    for i in sys-kernel-debug sys-kernel-tracing sys-kernel-config sys-fs-fuse-connections tmp; do
        add_symlink "/etc/systemd/system/${i}.mount" "/dev/null"
    done
    ### disable systemd targets:
-    # disable swap
-    # disable cryptsetup integritysetup veritysetup
+    # swap cryptsetup integritysetup veritysetup
    for i in cryptsetup integritysetup swap veritysetup; do
        add_symlink "/etc/systemd/system/${i}.target" "/dev/null"
    done
+    ### disable systemd services:
+    for i in firstboot machine-id-commit pcrmachine binfmt boot-random-seed repart
+        add_symlink "/etc/systemd/system/sytem-${i}.service" "/dev/null"
+    done
    # remove multi-user.target.wants
    rm -rf ${BUILDROOT}/etc/systemd/system/multi-user.target.wants
+    # disable lastlog
+    add_symlink "/var/log/lastlog" "/dev/null"
    ### add missing libsystemd files
    map add_file "/usr/lib/libnss_myhostname.so.2" "/usr/lib/libnss_mymachines.so.2" \
                 "/usr/lib/libnss_resolve.so.2" "/usr/lib/libnss_systemd.so.2"
--- a/usr/share/archboot/base/etc/tmpfiles.d/var.conf
+++ b/usr/share/archboot/base/etc/tmpfiles.d/var.conf
@ -0,0 +1,22 @@
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+
+# See tmpfiles.d(5) for details
+
+q /var 0755 - - -
+
+L /var/run - - - - ../run
+
+d /var/log 0755 - - -
+f /var/log/wtmp 0664 root utmp -
+f /var/log/btmp 0660 root utmp -
+
+d /var/cache 0755 - - -
+
+d /var/lib 0755 - - -
+
+d /var/spool 0755 - - -