diff --git a/build-archiso/run.sh b/build-archiso/run.sh index a94adb4..9437ec0 100755 --- a/build-archiso/run.sh +++ b/build-archiso/run.sh @@ -1,9 +1,5 @@ #!/bin/bash -# -# https://wiki.archlinux.org/index.php/Archiso#Prepare_a_custom_profile -# -# TODO: set custom welcome message in /etc/motd -# + BUILD_DIR=/out PKGS=() @@ -13,6 +9,9 @@ PKGS+=('de-p1st-screen') # longer scrollback history in screen PKGS+=('de-p1st-pacman') # [de-p1st] mirror enabled PKGS+=('de-p1st-installer') # de-p1st-installer script +ENABLE_SSH=true +SSH_PUB_KEY='ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCpgihAg8Qzu5q+AGXHLR7p+rrS1yB0KlZb/Y/EwZT15EhEtsUMqBMRiY0TdjKQU0broyygZnymccLmCXvihEgk3zk/hP8VEDmN5wmE2tRBPR4lSjo8E1R8N79G+gaFkwi93QYh57MsGfa9k4tvGrJy0yaD7GrPqtQf+IIuvV14WJQAqnikTdbFqRjk5JGearYLU7jSKa+9NmR7JQ9NExoyIPgmQ/pd0Xc2qt8k5UGfz3HM9MAmIVQ30whK6m1iYZ8nxEidHrfreQx8NOa7ujo4zQnV1NYvRUjObr/qyIhPU6DYLT2mVRNupQFKx6LI38O4U13heugUFqJ3zvog3aDsriFiv8jzJAJvWXx7Q3TqKhqiG9VTkwBw1NDbCAOXKiEdMfiCYbdCfpNgdepU75bMloJcSQQVUqoH2tQhSbwKLuRFgOnyaHpvWbieXBRcUnfG8gg4p4jqiwx5laweEeOIOD/i7G1Mjx7Dj2ctnT/ILat/xsf+Y0W4eJr3bc5L9ghgw6wsKbNSqwjFUCFcHcARK3gvSH+hO2/BpgMVoyvZjO5PNuUqfsZ7bIIs5cDdyB/ly3irKuaRz1+3x1x4gPgSiOcji7HxPwogzhPsyfoRLHNt9tJ5X4nF2Iz1M5RTJpbZCi6yEj+9Q85FVjD76BEWuZe18kRrwhuLf/XgKdF9tQ== openpgp:0xA8B75370' + ################################ # Write-permission for user "build" @@ -67,9 +66,22 @@ for PKG in "${PKGS[@]}"; do echo "${PKG}" >>"${BUILD_DIR}"/profile/packages.x86_64 done +# source: https://gitlab.archlinux.org/archlinux/archiso/-/blob/master/configs/releng/airootfs/etc/motd +echo 'To install Arch Linux run the following command: +de-p1st-installer + + + +For Wi-Fi, authenticate to the wireless network using the iwctl utility. +For mobile broadband (WWAN) modems, connect with the mmcli utility. +Ethernet, WLAN and WWAN interfaces using DHCP should work automatically. +' > "${BUILD_DIR}"/profile/airootfs/etc/motd || exit $? + ### mkdir "${BUILD_DIR}/work_dir" && mkdir "${BUILD_DIR}/out_dir" || exit $? echo "running 'sudo mkarchiso' ..." sudo mkarchiso -v -w "${BUILD_DIR}/work_dir" -o "${BUILD_DIR}/out_dir" "${BUILD_DIR}/profile" || exit $? + +sudo chown -R "build:wheel" /out/out_dir diff --git a/pkg/de-p1st-gpu-amdgpu/PKGBUILD b/pkg/de-p1st-gpu-amdgpu/PKGBUILD index aadc3c8..fcc144d 100644 --- a/pkg/de-p1st-gpu-amdgpu/PKGBUILD +++ b/pkg/de-p1st-gpu-amdgpu/PKGBUILD @@ -20,7 +20,7 @@ depends+=(libva-mesa-driver) # "HW-vide-acceleration: VDPAU" depends+=(mesa-vdpau) # holo -depends+=('holo' 'base') # without base "holo apply" may fail on initial system installation +depends+=('holo' 'git' 'base') # without base "holo apply" may fail on initial system installation makedepends=('git') provides=('de-p1st-gpu') # implicitly provides $pkgname diff --git a/pkg/de-p1st-grub/PKGBUILD b/pkg/de-p1st-grub/PKGBUILD index 8a18622..0e8cae7 100644 --- a/pkg/de-p1st-grub/PKGBUILD +++ b/pkg/de-p1st-grub/PKGBUILD @@ -8,7 +8,7 @@ pkgdesc="grub with configuration" arch=('any') url="https://codeberg.org/privacy1st/${_reponame}" license=('MIT') -depends=('grub' 'holo' 'git') +depends=('grub' 'holo' 'git' 'base') makedepends=('git') install='.install' changelog= diff --git a/pkg/de-p1st-locale/PKGBUILD b/pkg/de-p1st-locale/PKGBUILD index e058ed5..3df8d5c 100644 --- a/pkg/de-p1st-locale/PKGBUILD +++ b/pkg/de-p1st-locale/PKGBUILD @@ -8,7 +8,7 @@ pkgdesc="locale and timezone" arch=('any') url="https://codeberg.org/privacy1st/${_reponame}" license=('MIT') -depends=('holo' 'git') +depends=('holo' 'git' 'base') makedepends=('git') backup=('etc/locale.conf' 'etc/localtime') install='.install' diff --git a/pkg/de-p1st-makepkg/PKGBUILD b/pkg/de-p1st-makepkg/PKGBUILD index 235ef45..60dae7d 100644 --- a/pkg/de-p1st-makepkg/PKGBUILD +++ b/pkg/de-p1st-makepkg/PKGBUILD @@ -8,7 +8,7 @@ pkgdesc="Personalized makepkg.conf" arch=('any') url="https://codeberg.org/privacy1st/${_reponame}" license=('MIT') -depends=('pacman' 'holo' 'git') # /etc/makepkg.conf belongs to pacman +depends=('pacman' 'holo' 'git' 'base') # /etc/makepkg.conf belongs to pacman makedepends=('git') install='.install' changelog= diff --git a/pkg/de-p1st-mkinitcpio/mkinitcpio.conf.holoscript b/pkg/de-p1st-mkinitcpio/mkinitcpio.conf.holoscript index 4d937bf..d2ffd78 100644 --- a/pkg/de-p1st-mkinitcpio/mkinitcpio.conf.holoscript +++ b/pkg/de-p1st-mkinitcpio/mkinitcpio.conf.holoscript @@ -5,7 +5,7 @@ # save stdin (content of /etc/mkinitcpio.conf) in variable stdin=$(cat) -# MODULES is empty +# assert MODULES is empty echo "$stdin" | grep '^MODULES=()' # assert HOOKS is as expected diff --git a/pkg/de-p1st-nano/PKGBUILD b/pkg/de-p1st-nano/PKGBUILD index 8a3b4ed..352cbe1 100644 --- a/pkg/de-p1st-nano/PKGBUILD +++ b/pkg/de-p1st-nano/PKGBUILD @@ -8,7 +8,7 @@ pkgdesc="nano with configuration" arch=('any') url="https://codeberg.org/privacy1st/${_reponame}" license=('MIT') -depends=('nano' 'holo' 'git') +depends=('nano' 'holo' 'git' 'base') makedepends=('git') install='.install' source=("git+${url}.git") diff --git a/pkg/de-p1st-pacman/PKGBUILD b/pkg/de-p1st-pacman/PKGBUILD index 5484906..6d7f0e1 100644 --- a/pkg/de-p1st-pacman/PKGBUILD +++ b/pkg/de-p1st-pacman/PKGBUILD @@ -8,7 +8,7 @@ pkgdesc="pacman with configuration" arch=('any') url="https://codeberg.org/privacy1st/${_reponame}" license=('MIT') -depends=('pacman' 'holo' 'git') +depends=('pacman' 'holo' 'git' 'base') makedepends=('git') optdepends=('de-p1st-pacman-mirrorlist') install='.install' diff --git a/pkg/de-p1st-screen/PKGBUILD b/pkg/de-p1st-screen/PKGBUILD index d520d9b..4edada7 100644 --- a/pkg/de-p1st-screen/PKGBUILD +++ b/pkg/de-p1st-screen/PKGBUILD @@ -8,7 +8,7 @@ pkgdesc="screen with configuration" arch=('any') url="https://codeberg.org/privacy1st/${_reponame}" license=('MIT') -depends=('screen' 'holo' 'git') +depends=('screen' 'holo' 'git' 'base') makedepends=('git') install='.install' source=("git+${url}.git") diff --git a/pkg/de-p1st-sddm-theme-nordic/PKGBUILD b/pkg/de-p1st-sddm-theme-nordic/PKGBUILD index f579850..7984fa8 100644 --- a/pkg/de-p1st-sddm-theme-nordic/PKGBUILD +++ b/pkg/de-p1st-sddm-theme-nordic/PKGBUILD @@ -14,7 +14,7 @@ depends=('sddm' 'sddm-nordic-theme-git') # Main.qml:28:1: module "org.kde.plasma.extras" is not installed depends+=('plasma-framework') # See TODO below -depends+=('holo' 'git') +depends+=('holo' 'git' 'base') makedepends=('git') install='.install' diff --git a/pkg/de-p1st-smartcard/PKGBUILD b/pkg/de-p1st-smartcard/PKGBUILD index ac8d589..d68c0e4 100644 --- a/pkg/de-p1st-smartcard/PKGBUILD +++ b/pkg/de-p1st-smartcard/PKGBUILD @@ -9,7 +9,7 @@ arch=('any') url="https://codeberg.org/privacy1st/${_reponame}" license=('MIT') groups=() -depends=('ccid' 'opensc' 'systemd' 'holo' 'git' 'de-p1st-gnupg') +depends=('ccid' 'opensc' 'systemd' 'holo' 'git' 'base' 'de-p1st-gnupg') makedepends=('git') install='.install' source=("git+${url}.git") diff --git a/pkg/de-p1st-ssh/.install b/pkg/de-p1st-ssh/.install new file mode 100644 index 0000000..215ed0f --- /dev/null +++ b/pkg/de-p1st-ssh/.install @@ -0,0 +1,17 @@ +## arg 1: the new package version +post_install() { + holo apply + systemctl preset-all +} + +## arg 1: the new package version +## arg 2: the old package version +post_upgrade() { + holo apply + systemctl preset-all +} + +## arg 1: the old package version +post_remove() { + holo apply +} diff --git a/pkg/de-p1st-ssh/PKGBUILD b/pkg/de-p1st-ssh/PKGBUILD new file mode 100644 index 0000000..b209b3b --- /dev/null +++ b/pkg/de-p1st-ssh/PKGBUILD @@ -0,0 +1,22 @@ +# Maintainer: Daniel Langbein +_pkgname=ssh +_reponame=arch +pkgname="de-p1st-$_pkgname" +pkgver=0.0.1 +pkgrel=1 +pkgdesc="ssh with configuration" +arch=('any') +url="https://codeberg.org/privacy1st/${_reponame}" +license=('MIT') +depends=('openssh' 'systemd') +depends+=('holo' 'git' 'base') # holo and its dependencies: git for holo-diff; without base "holo apply" may fail on initial system installation +makedepends=('git') +install='.install' +source=("git+${url}.git") +sha256sums=('SKIP') + +package() { + cd "${_reponame}/pkg/${pkgname}" + + install -Dm0644 systemd.preset "$pkgdir"/usr/lib/systemd/system-preset/20-"$pkgname".preset +} diff --git a/pkg/de-p1st-ssh/sshd_config.holoscript b/pkg/de-p1st-ssh/sshd_config.holoscript new file mode 100644 index 0000000..6162d36 --- /dev/null +++ b/pkg/de-p1st-ssh/sshd_config.holoscript @@ -0,0 +1,23 @@ +#!/bin/sh +# stdin: default config +# stdout: modified config + +# save stdin (content of /etc/ssh/sshd_config) in variable +stdin=$(cat) + +# asertions +echo "$stdin" | grep '^UsePAM yes$' +# +echo "$stdin" | grep '^#PermitRootLogin\s.*$' +echo "$stdin" | grep '^#PubkeyAuthentication\s.*$' +echo "$stdin" | grep '^#PasswordAuthentication\s.*$' +echo "$stdin" | grep '^#PermitEmptyPasswords\s.*$' +echo "$stdin" | grep '^#X11Forwarding\s.*$' + +sed ' + s|^#PermitRootLogin\s.*$|PermitRootLogin no|; + s|^#PubkeyAuthentication\s.*$|PubkeyAuthentication yes|; + s|^#PasswordAuthentication\s.*$|PasswordAuthentication no|; + s|^#PermitEmptyPasswords\s.*$|PermitEmptyPasswords no|; + s|^#X11Forwarding\s.*$|X11Forwarding no| + ' <<< "$stdin" diff --git a/pkg/de-p1st-ssh/systemd.preset b/pkg/de-p1st-ssh/systemd.preset new file mode 100644 index 0000000..650fccd --- /dev/null +++ b/pkg/de-p1st-ssh/systemd.preset @@ -0,0 +1 @@ +enable sshd.service \ No newline at end of file diff --git a/prototype/proto.PKGBUILD b/prototype/proto.PKGBUILD index 695b273..854b9b3 100644 --- a/prototype/proto.PKGBUILD +++ b/prototype/proto.PKGBUILD @@ -10,7 +10,8 @@ url="https://codeberg.org/privacy1st/${_reponame}" license=('MIT') groups=() depends=() -makedepends=('git') +depends+=('holo' 'git' 'base') # holo and its dependencies: git for holo-diff; without base "holo apply" may fail on initial system installation +makedepends=('git') # to fetch source(s) via git optdepends=() provides=() conflicts=()