From be3461510f5f859a0cc209378291b0ddd6fb0130 Mon Sep 17 00:00:00 2001
From: Tobias Powalowski <tpowa@archlinux.org>
Date: Wed, 8 Nov 2023 12:33:01 +0100
Subject: [PATCH] clean empty root password setup, disabled not needed systemd
 timers and services

---
 usr/lib/archboot/cpio/hooks/base_common       | 19 ++++++++++++-------
 usr/lib/archboot/cpio/hooks/init              |  2 +-
 .../remote/etc/systemd/system/ttyd.service    |  2 +-
 3 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/usr/lib/archboot/cpio/hooks/base_common b/usr/lib/archboot/cpio/hooks/base_common
index 9511fdd46..f23585213 100644
--- a/usr/lib/archboot/cpio/hooks/base_common
+++ b/usr/lib/archboot/cpio/hooks/base_common
@@ -75,7 +75,7 @@ inputrc,mke2fs.conf,nsswitch.conf,protocols,request-key.conf,securetty,services}
     # use color bash prompt
     # unlock and delete root password, if not set by user!
     # use color grep and ls output
-    for i in custom-bash-options.sh archboot-reset-root-password.sh; do
+    for i in custom-bash-options.sh; do
         _file_rename "/usr/share/archboot/base/etc/profile.d/${i}" "/etc/profile.d/${i}"
     done
     # add default bash setup
@@ -121,22 +121,25 @@ inputrc,mke2fs.conf,nsswitch.conf,protocols,request-key.conf,securetty,services}
     _file_rename /usr/share/archboot/base/etc/systemd/system/windowkeys.service /etc/systemd/system/windowkeys.service
     _file_rename /usr/share/archboot/base/etc/systemd/journald.conf.d/fw-tty12.conf /etc/systemd/journald.conf.d/fw-tty12.conf
     _symlink /etc/systemd/system/multi-user.target.wants/windowkeys.service /etc/systemd/system/windowkeys.service
+    ### use: systemctl status for everything
+    ### use: systemctl list-dependencies for tree
     ### disable systemd mounts:
-    # disable debugfs, fuse, hugepages, mqueue and tracefs
     for i in dev-mqueue dev-hugepages sys-kernel-debug sys-kernel-tracing sys-fs-fuse-connections tmp; do
         _symlink "/etc/systemd/system/${i}.mount" /dev/null
     done
     ### disable systemd targets:
-    # swap cryptsetup integritysetup veritysetup
     for i in cryptsetup first-boot-complete integritysetup swap veritysetup; do
         _symlink "/etc/systemd/system/${i}.target" /dev/null
     done
     ### disable systemd services:
-    # hwdb-update firstboot machine-id-commit pcrmachine  binfmt
-    # boot-random-seed repart pcrphase pcrphase-sysinit
-    for i in hwdb-update firstboot machine-id-commit pcrmachine binfmt boot-random-seed repart pcrphase pcrphase-sysinit; do
+    for i in hwdb-update firstboot machine-id-commit pcrmachine binfmt boot-random-seed repart \
+             pcrphase pcrphase-sysinit user-sessions; do
         _symlink "/etc/systemd/system/systemd-${i}.service" /dev/null
     done
+    ### disable systemd timers:
+    for i in man-db shadow; do
+        _symlink "/etc/systemd/system/systemd-${i}.timer" /dev/null
+    done
     ### disable automount:
     # proc-sys-fs-binfmt_misc.automount
     _symlink /etc/systemd/system/proc-sys-fs-binfmt_misc.automount /dev/null
@@ -159,7 +162,9 @@ inputrc,mke2fs.conf,nsswitch.conf,protocols,request-key.conf,securetty,services}
     /usr/share/kbd/keymaps/{include/compose.latin1,i386/include/euro{,1}.map.gz}
     # add swapiness sysctl config file
     _file_rename /usr/share/archboot/base/etc/sysctl.d/99-sysctl.conf /etc/sysctl.d/99-sysctl.conf
-
+    # add root user with empty password
+    echo "root::0:root" > "${_ROOTFS}/etc/group"
+    echo "root::0:0:Super User:/root:/bin/bash" > "${_ROOTFS}/etc/passwd"
     ### add pacman
     _map _binary pacman pacman-conf pacman-key pacman-db-upgrade makepkg \
           repo-add repo-elephant testpkg vercmp curl gpg-agent gpg \
diff --git a/usr/lib/archboot/cpio/hooks/init b/usr/lib/archboot/cpio/hooks/init
index b855551c4..da9d552a5 100644
--- a/usr/lib/archboot/cpio/hooks/init
+++ b/usr/lib/archboot/cpio/hooks/init
@@ -61,7 +61,7 @@ _run ()
     echo "alias reboot='echo b >/proc/sysrq-trigger'" >> "${_ROOTFS}/root/.bashrc"
     echo "alias poweroff='echo o >/proc/sysrq-trigger'" >> "${_ROOTFS}/root/.bashrc"
     echo "root::0:root" > "${_ROOTFS}/etc/group"
-    echo "root::0:0:root:/root:/bin/bash" > "${_ROOTFS}/etc/passwd"
+    echo "root::0:0:Super User:/root:/bin/bash" > "${_ROOTFS}/etc/passwd"
     _file_rename /usr/share/archboot/base/etc/profile.d/custom-bash-options.sh \
                  /etc/profile.d/custom-bash-options.sh
     _file /usr/lib/archboot/cpio/init.sh
diff --git a/usr/share/archboot/remote/etc/systemd/system/ttyd.service b/usr/share/archboot/remote/etc/systemd/system/ttyd.service
index 668066b55..0716f001c 100644
--- a/usr/share/archboot/remote/etc/systemd/system/ttyd.service
+++ b/usr/share/archboot/remote/etc/systemd/system/ttyd.service
@@ -5,7 +5,7 @@
 Description=TTYD
 After=syslog.target
 After=network.target
-After=default.target
+After=multi-user.target
 
 [Service]
 ExecStart=/usr/bin/ttyd remote-login.sh