mirror of
https://gitlab.archlinux.org/tpowa/archboot.git
synced 2024-09-19 19:40:37 +02:00
Compare commits
11 commits
6175f40a88
...
a43e130b1b
Author | SHA1 | Date | |
---|---|---|---|
|
a43e130b1b | ||
|
839dcd0df6 | ||
|
15acb8ab04 | ||
|
cc3c4c0e3a | ||
|
762df37e61 | ||
|
3609a59f7a | ||
|
0cb9db8072 | ||
|
3abd5ababe | ||
|
ba4d18cfd5 | ||
|
f4068249ec | ||
|
27be74bc19 |
6 changed files with 82 additions and 23 deletions
|
@ -1,7 +1,6 @@
|
||||||
On the road to 2023.07:
|
On the road to 2023.07:
|
||||||
- kernel 6.4.x
|
- kernel 6.4.x
|
||||||
- grub 2.06.r591.g6425c12cd-1
|
- grub 2.06.r591.g6425c12cd-1
|
||||||
- use BLAKE2b/b2sum instead of sha256sum
|
|
||||||
Environment Changes:
|
Environment Changes:
|
||||||
- renamed initramfs to initrd
|
- renamed initramfs to initrd
|
||||||
- stripped off archboot from kernel name
|
- stripped off archboot from kernel name
|
||||||
|
@ -9,6 +8,8 @@ Environment Changes:
|
||||||
- removed custom grub package
|
- removed custom grub package
|
||||||
- removed uninstalled packages
|
- removed uninstalled packages
|
||||||
- added grub bli efi module
|
- added grub bli efi module
|
||||||
|
- added ttyd remote http terminal support
|
||||||
|
- use BLAKE2b/b2sum instead of sha256sum
|
||||||
locale:
|
locale:
|
||||||
- fixed abort dialog
|
- fixed abort dialog
|
||||||
update:
|
update:
|
||||||
|
|
|
@ -7,33 +7,38 @@ build ()
|
||||||
map add_binary findssl.sh scp sftp ssh-add ssh-agent ssh-copy-id ssh-keygen ssh-keyscan sshd \
|
map add_binary findssl.sh scp sftp ssh-add ssh-agent ssh-copy-id ssh-keygen ssh-keyscan sshd \
|
||||||
exportfs nfsstat rpc.idmapd rpc.mountd rpc.nfsd rpc.statd rpcdebug showmount \
|
exportfs nfsstat rpc.idmapd rpc.mountd rpc.nfsd rpc.statd rpcdebug showmount \
|
||||||
sm-notify start-statd rpcbind rpcinfo rpc.gssd \
|
sm-notify start-statd rpcbind rpcinfo rpc.gssd \
|
||||||
nfsdcltrack gssproxy screen tmux rsync
|
nfsdcltrack gssproxy screen tmux rsync ttyd
|
||||||
map add_file "/etc/screenrc" "/etc/ssh/ssh_config" "/etc/ssh/sshd_config" "/etc/ssh/moduli" \
|
map add_file /etc/screenrc /etc/ssh/ssh_config /etc/ssh/sshd_config /etc/ssh/moduli \
|
||||||
"/etc/rsyncd.conf" "/etc/exports" "/usr/lib/ssh/sftp-server" "/usr/lib/ssh/ssh-keysign" \
|
/etc/rsyncd.conf /etc/exports /usr/lib/ssh/sftp-server /usr/lib/ssh/ssh-keysign \
|
||||||
"/usr/lib/ssh/ssh-pkcs11-helper" "/etc/conf.d/rpcbind" \
|
/usr/lib/ssh/ssh-pkcs11-helper /etc/conf.d/rpcbind \
|
||||||
"/etc/netconfig"
|
/etc/netconfig
|
||||||
add_file "/etc/ssh/sshd_config"
|
add_file /etc/ssh/sshd_config
|
||||||
# allow root login and empty passwords
|
# allow root login and empty passwords
|
||||||
echo "PermitRootLogin yes" >> "${BUILDROOT}/etc/ssh/sshd_config"
|
echo "PermitRootLogin yes" >> "${BUILDROOT}/etc/ssh/sshd_config"
|
||||||
echo "PermitEmptyPasswords yes" >> "${BUILDROOT}/etc/ssh/sshd_config"
|
echo "PermitEmptyPasswords yes" >> "${BUILDROOT}/etc/ssh/sshd_config"
|
||||||
add_full_dir "/usr/lib/libnfsidmap/"
|
add_full_dir /usr/lib/libnfsidmap
|
||||||
map add_dir "/var/empty" "/var/lib/nfs/sm" "/var/lib/nfs/sm.bak" "/var/lib/nfs/v4recovery" \
|
map add_dir /var/empty /var/lib/nfs/sm /var/lib/nfs/sm.bak /var/lib/nfs/v4recovery \
|
||||||
"/var/lib/nfs/rpc_pipefs" "/var/lib/rpcbind" "/var/log/gssproxy"
|
/var/lib/nfs/rpc_pipefs /var/lib/rpcbind /var/log/gssproxy
|
||||||
chmod 700 "${BUILDROOT}/var/lib/rpcbind"
|
chmod 700 "${BUILDROOT}/var/lib/rpcbind"
|
||||||
chown 32:32 "${BUILDROOT}/var/lib/rpcbind"
|
chown 32:32 "${BUILDROOT}/var/lib/rpcbind"
|
||||||
# mask nfs3 systemd
|
# mask nfs3 systemd
|
||||||
for i in rpcbind.service rpcbind.socket rpcbind.target nfs-server.service; do
|
for i in rpcbind.service rpcbind.socket rpcbind.target nfs-server.service; do
|
||||||
add_symlink "/etc/systemd/system/${i}" "/dev/null"
|
add_symlink "/etc/systemd/system/${i}" "/dev/null"
|
||||||
done
|
done
|
||||||
map add_full_dir "/etc/gss" "/etc/gssproxy" "/var/lib/gssproxy"
|
map add_full_dir /etc/gss /etc/gssproxy /var/lib/gssproxy
|
||||||
add_dir "/var/lib/openldap"
|
add_dir /var/lib/openldap
|
||||||
chmod 700 "${BUILDROOT}/var/lib/openldap"
|
chmod 700 "${BUILDROOT}/var/lib/openldap"
|
||||||
chown 439:439 "${BUILDROOT}/var/lib/openldap"
|
chown 439:439 "${BUILDROOT}/var/lib/openldap"
|
||||||
# start sshd on startup
|
# start sshd on startup
|
||||||
add_symlink "/etc/systemd/system/multi-user.target.wants/sshd.service" "/usr/lib/systemd/system/sshd.service"
|
add_symlink /etc/systemd/system/multi-user.target.wants/sshd.service /usr/lib/systemd/system/sshd.service
|
||||||
|
# start ttyd on startup
|
||||||
|
add_file /usr/lib/libwebsockets-evlib_uv.so
|
||||||
|
add_file /usr/share/archboot/remote/usr/bin/ttyd.sh /usr/bin/ttyd.sh
|
||||||
|
add_file /usr/share/archboot/remote/etc/systemd/system/ttyd.service /etc/systemd/system/ttyd.service
|
||||||
|
add_symlink /etc/systemd/system/multi-user.target.wants/ttyd.service /etc/systemd/system/ttyd.service
|
||||||
# fix licenses
|
# fix licenses
|
||||||
map add_file "/usr/share/licenses/rpcbind/COPYING" "/usr/share/licenses/nfsidmap/LICENSE" \
|
map add_file /usr/share/licenses/rpcbind/COPYING /usr/share/licenses/nfsidmap/LICENSE \
|
||||||
"/usr/share/licenses/tmux/LICENSE"
|
/usr/share/licenses/tmux/LICENSE /usr/share/licenses/ttyd/LICENSE
|
||||||
}
|
}
|
||||||
|
|
||||||
help ()
|
help ()
|
||||||
|
|
|
@ -19,3 +19,7 @@ if command -v nvim >/dev/null; then
|
||||||
alias vim='nvim'
|
alias vim='nvim'
|
||||||
alias edit='nvim'
|
alias edit='nvim'
|
||||||
fi
|
fi
|
||||||
|
# show MOTD on ttyd login
|
||||||
|
if [[ -z "${TTY}" && -z "${SSH_TTY}" ]]; then
|
||||||
|
[[ "${SHLVL}" == "2" ]] && cat /etc/motd
|
||||||
|
fi
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
<body>
|
<body>
|
||||||
<p><span><img src="/web/logo.png" alt="Logo"></span></p>
|
<p><span><img src="/web/logo.png" alt="Logo"></span></p>
|
||||||
<h1>Archboot Project | <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=Z7GXKW4MKHK7C"><img src="/web/donate.png" alt="Donate"></a></h1>
|
<h1>Archboot Project | <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=Z7GXKW4MKHK7C"><img src="/web/donate.png" alt="Donate"></a></h1>
|
||||||
<p><strong>© 2006 - 2023 | <a href=mailto:tpowa@archlinux.org>Tobias Powalowski</a></strong><br>Arch Linux Developer <strong><a href="https://archlinux.org/people/developers/#tpowa">tpowa</a><br>Last update: 06.07.2023 08:21</strong></p>
|
<p><strong>© 2006 - 2023 | <a href=mailto:tpowa@archlinux.org>Tobias Powalowski</a></strong><br>Arch Linux Developer <strong><a href="https://archlinux.org/people/developers/#tpowa">tpowa</a><br>Last update: 07.07.2023 11:57</strong></p>
|
||||||
<nav id="TOC" role="doc-toc">
|
<nav id="TOC" role="doc-toc">
|
||||||
<ul>
|
<ul>
|
||||||
<li><a href="#introduction" id="toc-introduction"><strong><span class="toc-section-number">1.</span> Introduction</strong></a></li>
|
<li><a href="#introduction" id="toc-introduction"><strong><span class="toc-section-number">1.</span> Introduction</strong></a></li>
|
||||||
|
@ -30,7 +30,7 @@
|
||||||
<li><a href="#archboot-in-a-nutshell" id="toc-archboot-in-a-nutshell"><strong><span class="toc-section-number">3.</span> Features In A Nutshell</strong></a></li>
|
<li><a href="#archboot-in-a-nutshell" id="toc-archboot-in-a-nutshell"><strong><span class="toc-section-number">3.</span> Features In A Nutshell</strong></a></li>
|
||||||
<li><ul>
|
<li><ul>
|
||||||
<li><a href="#graphical-environment-vnc" id="toc-graphical-environment-vnc"><span class="toc-section-number">3.1</span> Graphical Environments / VNC</a></li>
|
<li><a href="#graphical-environment-vnc" id="toc-graphical-environment-vnc"><span class="toc-section-number">3.1</span> Graphical Environments / VNC</a></li>
|
||||||
<li><a href="#remote-installation-with-openssh" id="toc-remote-installation-with-openssh"><span class="toc-section-number">3.2</span> Remote Access With OpenSSH</a></li>
|
<li><a href="#remote-access" id="toc-remote-access"><span class="toc-section-number">3.2</span> Remote Access</a></li>
|
||||||
<li><a href="#secure-boot-support" id="toc-secure-boot-support"><span class="toc-section-number">3.3</span> Secure Boot - MOK / Machine Owner Key</a></li>
|
<li><a href="#secure-boot-support" id="toc-secure-boot-support"><span class="toc-section-number">3.3</span> Secure Boot - MOK / Machine Owner Key</a></li>
|
||||||
<li><a href="#switch-to-complete-arch-linux-system" id="toc-switch-to-complete-arch-linux-system"><span class="toc-section-number">3.4</span> Switch To Complete Arch Linux System</a></li>
|
<li><a href="#switch-to-complete-arch-linux-system" id="toc-switch-to-complete-arch-linux-system"><span class="toc-section-number">3.4</span> Switch To Complete Arch Linux System</a></li>
|
||||||
<li><a href="#interactive-setup" id="toc-interactive-setup"><span class="toc-section-number">3.5</span> Interactive Setup</a></li>
|
<li><a href="#interactive-setup" id="toc-interactive-setup"><span class="toc-section-number">3.5</span> Interactive Setup</a></li>
|
||||||
|
@ -432,7 +432,8 @@
|
||||||
</tr>
|
</tr>
|
||||||
</tbody>
|
</tbody>
|
||||||
</table>
|
</table>
|
||||||
<h3 data-number="3.2" id="remote-installation-with-openssh"><span class="header-section-number">3.2</span> <strong>Remote Access With OpenSSH</strong></h3>
|
<h3 data-number="3.2" id="remote-access"><span class="header-section-number">3.2</span> <strong>Remote Access</strong></h3>
|
||||||
|
<h4 data-number="3.2.1" id="remote-access-openssh"><span class="header-section-number">3.2.1</span> <strong>OpenSSH</strong></h4>
|
||||||
<p>root <a href="https://wiki.archlinux.org/title/Password" title="Password"><strong>password</strong></a> is <strong>not</strong> set by default! If you need security during installation set a <a href="https://wiki.archlinux.org/title/Password" title="Password"><strong>password</strong></a>.</p>
|
<p>root <a href="https://wiki.archlinux.org/title/Password" title="Password"><strong>password</strong></a> is <strong>not</strong> set by default! If you need security during installation set a <a href="https://wiki.archlinux.org/title/Password" title="Password"><strong>password</strong></a>.</p>
|
||||||
<table>
|
<table>
|
||||||
<thead>
|
<thead>
|
||||||
|
@ -442,7 +443,21 @@
|
||||||
</thead>
|
</thead>
|
||||||
<tbody>
|
<tbody>
|
||||||
<tr class="odd">
|
<tr class="odd">
|
||||||
<td><code>$ ssh root@<ipadress></code></td>
|
<td><code>$ ssh root@<ipaddress></code></td>
|
||||||
|
</tr>
|
||||||
|
</tbody>
|
||||||
|
</table>
|
||||||
|
<h4 data-number="3.2.2" id="remote-access-ttyd"><span class="header-section-number">3.2.2</span> <strong>HTTP Browser Terminal - TTYD</strong></h4>
|
||||||
|
<p>Get a <a href="https://github.com/tsl0922/ttyd" title="ttyd"><strong>ttyd terminal</strong></a> in your browser window.</p>
|
||||||
|
<table>
|
||||||
|
<thead>
|
||||||
|
<tr class="header">
|
||||||
|
<th>Connect with your favourite browser to archboot:</th>
|
||||||
|
</tr>
|
||||||
|
</thead>
|
||||||
|
<tbody>
|
||||||
|
<tr class="odd">
|
||||||
|
<td>http://<ipaddress>:7681</td>
|
||||||
</tr>
|
</tr>
|
||||||
</tbody>
|
</tbody>
|
||||||
</table>
|
</table>
|
||||||
|
@ -789,6 +804,10 @@ The calculated size to boot the image follows the formula:<br>
|
||||||
<td class="MyNo">✖</td>
|
<td class="MyNo">✖</td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr class="odd">
|
<tr class="odd">
|
||||||
|
<td>HTTP Browser Terminal - <a href="https://github.com/tsl0922/ttyd" title="ttyd"><strong>TTYD</strong></a></td>
|
||||||
|
<td class="MyYes">✔</td>
|
||||||
|
<td class="MyNo">✖</td>
|
||||||
|
</tr>
|
||||||
<td>Offline installation support<sup>1</sup></td>
|
<td>Offline installation support<sup>1</sup></td>
|
||||||
<td class="MyYes">✔</td>
|
<td class="MyYes">✔</td>
|
||||||
<td class="MyNo">✖</td>
|
<td class="MyNo">✖</td>
|
||||||
|
@ -850,12 +869,12 @@ The calculated size to boot the image follows the formula:<br>
|
||||||
</tr>
|
</tr>
|
||||||
<tr class="even">
|
<tr class="even">
|
||||||
<td>ROOTFS size in MiB</td>
|
<td>ROOTFS size in MiB</td>
|
||||||
<td class="MyYes">389</td>
|
<td class="MyYes">386</td>
|
||||||
<td class="MyNo">1700</td>
|
<td class="MyNo">1700</td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr class="odd">
|
<tr class="odd">
|
||||||
<td>ROOTFS packages</td>
|
<td>ROOTFS packages</td>
|
||||||
<td class="MyYes">193</td>
|
<td class="MyYes">196</td>
|
||||||
<td class="MyNo">392</td>
|
<td class="MyNo">392</td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr class="even">
|
<tr class="even">
|
||||||
|
|
17
usr/share/archboot/remote/etc/systemd/system/ttyd.service
Normal file
17
usr/share/archboot/remote/etc/systemd/system/ttyd.service
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
# SPDX-License-Identifier: GPL-2.0-only
|
||||||
|
# Created by Tobias Powalowski <tpowa@archlinux.org>
|
||||||
|
|
||||||
|
[Unit]
|
||||||
|
Description=TTYD
|
||||||
|
After=syslog.target
|
||||||
|
After=network.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
ExecStart=/usr/bin/ttyd ttyd.sh
|
||||||
|
Type=simple
|
||||||
|
Restart=always
|
||||||
|
User=root
|
||||||
|
Group=root
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
13
usr/share/archboot/remote/usr/bin/ttyd.sh
Executable file
13
usr/share/archboot/remote/usr/bin/ttyd.sh
Executable file
|
@ -0,0 +1,13 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
# SPDX-License-Identifier: GPL-2.0-only
|
||||||
|
# Created by Tobias Powalowski <tpowa@archlinux.org>
|
||||||
|
|
||||||
|
# simulate login from tty
|
||||||
|
if ! [[ -e /tmp/.ttyd ]]; then
|
||||||
|
cat /etc/motd
|
||||||
|
echo -e "Hit \e[1m\e[92mENTER\e[m for \e[1mshell\e[m login."
|
||||||
|
read -r
|
||||||
|
: >/tmp/.ttyd
|
||||||
|
fi
|
||||||
|
. /etc/profile
|
||||||
|
screen -q -R
|
Loading…
Reference in a new issue