collect all files first and run _install_files when it fits best

usr/bin/archboot-cpio.sh

@@ -82,6 +82,7 @@ for i in "${_HOOKS[@]}"; do
     _run_hook "${i}"
     _HOOK_COUNT="$((_HOOK_COUNT+1))"
 done
+_install_files
 _install_libs
 _install_mods "${!_MOD_PATH[@]}"
 ldconfig -r "${_ROOTFS}" &>"${_NO_LOG}" || exit 1

usr/lib/archboot/cpio/cpio.sh

@@ -59,6 +59,11 @@ _map() {
     return "${_RETURN}"
 }
 
+_loaded_mods() {
+modinfo -k ${_KERNELVERSION} --field filename $(cut -d ' ' -f1 </proc/modules) $(modinfo --field depends $(cut -d ' ' -f1 </proc/modules) | sed -e 's#,# #g') 2>/dev/null
+modinfo -k ${_KERNELVERSION} --field firmware $(cut -d ' ' -f1 </proc/modules) | sed -e 's#^#/usr/lib/firmware/#g' -e 's#$#.zst#g'
+}
+
 _filter_mods() {
     # Add modules to the rootfs, filtered by grep.
     #   $@: filter arguments to grep
@@ -151,15 +156,18 @@ _symlink() {
 }
 
 _file() {
-    if [[ ! -e "${_ROOTFS}${1}" ]]; then
-        tar --hard-dereference -C / -cpf - ."${1}" | tar -C "${_ROOTFS}" -xpf - || return 1
-        if [[ -L "${1}" ]]; then
-            _LINK_SOURCE="$(realpath -- "${1}")"
-            _file  "${_LINK_SOURCE}"
-        fi
+    _FILES+="${1##/} "
+    if [[ -L "${1}" ]]; then
+        _LINK_SOURCE="$(realpath -- "${1}")"
+        _file  "${_LINK_SOURCE}"
     fi
 }
 
+_install_files() {
+    tar --hard-dereference -C / -cpf - ${_FILES} | tar -C "${_ROOTFS}" -xpf - || return 1
+    _FILES=""
+}
+
 _file_rename() {
     tar --hard-dereference --transform="s|${1}|${2}|" -C / -cpf - ."${1}" | tar -C "${_ROOTFS}" -xpf -
 }
@@ -207,10 +215,11 @@ _run_hook() {
 }
 
 _install_mods() {
+    _map _file "${_MODULE_DIR}"/modules.{builtin,builtin.modinfo,order}
+    _install_files
     echo "Adding kernel modules..."
     tar --hard-dereference -C / -cpf - "$@" | tar -C "${_ROOTFS}" -xpf -
     echo "Generating module dependencies..."
-    _map _file "${_MODULE_DIR}"/modules.{builtin,builtin.modinfo,order}
     depmod -b "${_ROOTFS}" "${_KERNELVERSION}"
     # remove all non-binary module.* files (except devname for on-demand module loading
     # and builtin.modinfo for checking on builtin modules)
@@ -224,6 +233,7 @@ _install_libs() {
         [[ -e "${i}" ]] && _file "${i}"
     done < <(objdump -p "${_ROOTFS}"/bin/* "${_ROOTFS}"/lib/systemd/{systemd-*,libsystemd*} 2>${_NO_LOG} |
                 grep 'NEEDED' | sort -u | sed -e 's#NEEDED##g' -e 's# .* #/lib/#g')
+    _install_files
     echo "Checking libraries in /lib..."
     _LIB_COUNT=""
     while true; do
@@ -231,6 +241,7 @@ _install_libs() {
             [[ -e "${i}" ]] && _file "${i}"
         done < <(objdump -p "${_ROOTFS}"/lib/*.so* |
                 grep 'NEEDED' | sort -u | sed -e 's#NEEDED##g' -e 's# .* #/lib/#g')
+        _install_files
         # rerun loop if new libs were discovered, else break
         _LIB_COUNT2="$(ls "${_ROOTFS}"/lib/*.so* | wc -l)"
         [[ "${_LIB_COUNT}" == "${_LIB_COUNT2}" ]] && break

usr/lib/archboot/cpio/hooks/base_cleanup

@@ -39,6 +39,7 @@ _run ()
     if [[ "${_RUNNING_ARCH}" == "riscv64" ]]; then
         _APPS="waitpid ${_APPS}"
     fi
+    _install_files
     for i in ${_APPS}; do
         rm /usr/bin/"${i}"
     done

usr/lib/archboot/cpio/hooks/base_common

@@ -46,7 +46,7 @@ var/lib/pacman/local \
 
     ### add nano
     _binary nano
-    _file /etc/nanorc
+    _file_rename /etc/nanorc /etc/nanorc
     # add syntax highlighting
     echo "include \"/usr/share/nano/*.nanorc\"" >> "${_ROOTFS}/etc/nanorc"
 

usr/lib/archboot/cpio/hooks/base_common_cleanup

@@ -10,29 +10,16 @@ _run ()
     rm -f /tmp/etc/systemd/system/pacman-init.service
     # add created gpg keyring
     cp -ar /etc/pacman.d/gnupg /tmp/etc/pacman.d
-    apps="login nologin"
-    for i in $apps; do
-        rm /usr/bin/"${i}"
-    done
-    apps="mount.nfs4 umount.nfs umount.nfs4 mount.nfs setfont loadkeys mkfs.btrfs rmmod mountpoint gzip"
-    for i in $apps; do
-        rm /usr/bin/"${i}"
-    done
-    #dbus files
-    apps="dbus-cleanup-sockets dbus-daemon dbus-launch dbus-monitor dbus-run-session dbus-send dbus-test-tool \
-          dbus-update-activation-environment dbus-uuidgen"
-    for i in $apps; do
-        rm /usr/bin/"${i}"
-    done
-    #systemd files
-    _APPS="systemd-umount busctl bootctl coredumpctl hostnamectl journalctl kernel-install localectl \
-          loginctl machinectl networkctl systemctl systemd-analyze systemd-ask-password \
-          systemd-cat systemd-cgls systemd-cgtop \
-          systemd-delta systemd-detect-virt systemd-escape systemd-firstboot systemd-hwdb systemd-inhibit systemd-machine-id-setup \
-          systemd-mount systemd-notify systemd-nspawn systemd-path systemd-resolve \
-          systemd-run systemd-socket-activate systemd-stdio-bridge systemd-sysusers \
-          systemd-tty-ask-password-agent timedatectl systemd-repart userdbctl homectl oomctl portablectl systemd-creds \
-          systemd-cryptenroll systemd-dissect systemd-id128 systemd-sysext"
+    _APPS="login nologin mount.nfs4 umount.nfs umount.nfs4 mount.nfs setfont loadkeys mkfs.btrfs rmmod mountpoint gzip \
+            dbus-cleanup-sockets dbus-daemon dbus-launch dbus-monitor dbus-run-session dbus-send dbus-test-tool \
+            dbus-update-activation-environment dbus-uuidgen systemd-umount busctl bootctl coredumpctl hostnamectl \
+            journalctl kernel-install localectl loginctl machinectl networkctl systemctl systemd-analyze systemd-ask-password \
+            systemd-cat systemd-cgls systemd-cgtop systemd-delta systemd-detect-virt systemd-escape systemd-firstboot \
+            systemd-hwdb systemd-inhibit systemd-machine-id-setup systemd-mount systemd-notify systemd-nspawn \
+            systemd-path systemd-resolve systemd-run systemd-socket-activate systemd-stdio-bridge systemd-sysusers \
+            systemd-tty-ask-password-agent timedatectl systemd-repart userdbctl homectl oomctl portablectl systemd-creds \
+            systemd-cryptenroll systemd-dissect systemd-id128 systemd-sysext"
+    _install_files
     for i in ${_APPS}; do
         rm /usr/bin/"${i}"
     done

usr/lib/archboot/cpio/hooks/filesystems_cleanup

@@ -22,6 +22,7 @@ _run ()
           nfsdcld nfsdclddb nfsdclnts nfsidmap nfsv4.exportd nilfs-clean nilfs-resize nilfs-tune \
           xfs_growfs xfs_quota xfs_spaceman compile_et mk_cmds fsck.xfs xfs_admin \
           xfs_bmap xfs_freeze xfs_info xfs_metadump xfs_mkfile xfs_ncheck"
+    _install_files
     for i in ${_APPS}; do
         rm /usr/bin/"${i}"
     done

usr/lib/archboot/cpio/hooks/firmware

@@ -5,8 +5,7 @@
 _run ()
 {
     # add firmware files and licenses
-    tar -C / --exclude=./lib/firmware/{amphion,"as102*",atusb,av7110,cadence,cavium,"cmmb*",cis,cpia2,cnm,"ct*","cxgb*","cmmb*",dabusb,dpaa2,dsp56k,"dvb*",edgeport,emi26,emi62,ess,"f2255usb*",go7007,"hfi1*",inside-secure,"isdbt*","keyspan*",korg,meson,"lgs8g75*","lt9611uxc*",moxa,"mts*","myri10ge*",myricom,nxp,ositech,"qat*",sb16,"s2250*","s5p-*","sms1*",rtl_bt,"tdmb*",ttusb-budget,ueagle-atm,"usbdux*",ti,ti-keystone,"v4l*",vicam,vxge,"whiteheat*",yam,yamaha,"*.txt*","*README*"} --hard-dereference -cpf - ./lib/firmware | tar -C "${_ROOTFS}" -xpf -
-    _full_dir "/usr/share/licenses/linux-firmware"
+    tar -C / --exclude=lib/firmware/{amphion,"as102*",atusb,av7110,cadence,cavium,"cmmb*",cis,cpia2,cnm,"ct*","cxgb*","cmmb*",dabusb,dpaa2,dsp56k,"dvb*",edgeport,emi26,emi62,ess,"f2255usb*",go7007,"hfi1*",inside-secure,"isdbt*","keyspan*",korg,meson,"lgs8g75*","lt9611uxc*",moxa,"mts*","myri10ge*",myricom,nxp,ositech,"qat*",sb16,"s2250*","s5p-*","sms1*",rtl_bt,"tdmb*",ttusb-budget,ueagle-atm,"usbdux*",ti,ti-keystone,"v4l*",vicam,vxge,"whiteheat*",yam,yamaha,"*.txt*","*README*"} --hard-dereference -cpf - lib/firmware usr/share/licenses/linux-firmware | tar -C "${_ROOTFS}" -xpf -
     _all_mods "/firmware/"
 }
 

usr/lib/archboot/cpio/hooks/net_cleanup

@@ -8,6 +8,7 @@ _run ()
     _APPS="arping clockdiff tracepath ssh arpd \
       genl ifstat ctstat rtstat lnstat nstat rtacct rtmon ss tc \
       bridge dcb devlink rdma tipc vdpa ethtool elinks brctl"
+    _install_files
     for i in ${_APPS}; do
         rm /usr/bin/"${i}"
     done

usr/lib/archboot/cpio/hooks/remote

@@ -8,10 +8,11 @@ _run ()
       exportfs nfsstat rpc.idmapd rpc.mountd rpc.nfsd rpc.statd rpcdebug showmount \
       sm-notify start-statd rpc.gssd \
       nfsdcltrack gssproxy screen tmux rsync ttyd
-    _map _file /etc/screenrc /etc/ssh/ssh_config /etc/ssh/sshd_config /etc/ssh/moduli \
+    _map _file /etc/screenrc /etc/ssh/ssh_config /etc/ssh/moduli \
         /etc/rsyncd.conf /etc/exports  /usr/lib/ssh/sftp-server /usr/lib/ssh/ssh-keysign \
         /usr/lib/ssh/ssh-pkcs11-helper \
         /etc/netconfig
+    _file_rename /etc/ssh/sshd_config /etc/ssh/sshd_config
     # allow root login and empty passwords
     echo "PermitRootLogin yes" >> "${_ROOTFS}/etc/ssh/sshd_config"
     echo "PermitEmptyPasswords yes" >> "${_ROOTFS}/etc/ssh/sshd_config"