custom archiso welcome message; refactor: holo depends on git and base; add ssh package

build-archiso/run.sh

@@ -1,9 +1,5 @@
 #!/bin/bash
-#
+
-# https://wiki.archlinux.org/index.php/Archiso#Prepare_a_custom_profile
-#
-# TODO: set custom welcome message in /etc/motd
-#
 BUILD_DIR=/out
 
 PKGS=()
@@ -13,6 +9,9 @@ PKGS+=('de-p1st-screen')    # longer scrollback history in screen
 PKGS+=('de-p1st-pacman')    # [de-p1st] mirror enabled
 PKGS+=('de-p1st-installer') # de-p1st-installer script
 
+ENABLE_SSH=true
+SSH_PUB_KEY='ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCpgihAg8Qzu5q+AGXHLR7p+rrS1yB0KlZb/Y/EwZT15EhEtsUMqBMRiY0TdjKQU0broyygZnymccLmCXvihEgk3zk/hP8VEDmN5wmE2tRBPR4lSjo8E1R8N79G+gaFkwi93QYh57MsGfa9k4tvGrJy0yaD7GrPqtQf+IIuvV14WJQAqnikTdbFqRjk5JGearYLU7jSKa+9NmR7JQ9NExoyIPgmQ/pd0Xc2qt8k5UGfz3HM9MAmIVQ30whK6m1iYZ8nxEidHrfreQx8NOa7ujo4zQnV1NYvRUjObr/qyIhPU6DYLT2mVRNupQFKx6LI38O4U13heugUFqJ3zvog3aDsriFiv8jzJAJvWXx7Q3TqKhqiG9VTkwBw1NDbCAOXKiEdMfiCYbdCfpNgdepU75bMloJcSQQVUqoH2tQhSbwKLuRFgOnyaHpvWbieXBRcUnfG8gg4p4jqiwx5laweEeOIOD/i7G1Mjx7Dj2ctnT/ILat/xsf+Y0W4eJr3bc5L9ghgw6wsKbNSqwjFUCFcHcARK3gvSH+hO2/BpgMVoyvZjO5PNuUqfsZ7bIIs5cDdyB/ly3irKuaRz1+3x1x4gPgSiOcji7HxPwogzhPsyfoRLHNt9tJ5X4nF2Iz1M5RTJpbZCi6yEj+9Q85FVjD76BEWuZe18kRrwhuLf/XgKdF9tQ== openpgp:0xA8B75370'
+
 ################################
 
 # Write-permission for user "build"
@@ -67,9 +66,22 @@ for PKG in "${PKGS[@]}"; do
   echo "${PKG}" >>"${BUILD_DIR}"/profile/packages.x86_64
 done
 
+# source: https://gitlab.archlinux.org/archlinux/archiso/-/blob/master/configs/releng/airootfs/etc/motd
+echo 'To install Arch Linux run the following command:
+de-p1st-installer
+
+
+
+For Wi-Fi, authenticate to the wireless network using the iwctl utility.
+For mobile broadband (WWAN) modems, connect with the mmcli utility.
+Ethernet, WLAN and WWAN interfaces using DHCP should work automatically.
+' > "${BUILD_DIR}"/profile/airootfs/etc/motd || exit $?
+
 ###
 
 mkdir "${BUILD_DIR}/work_dir" && mkdir "${BUILD_DIR}/out_dir" || exit $?
 
 echo "running 'sudo mkarchiso' ..."
 sudo mkarchiso -v -w "${BUILD_DIR}/work_dir" -o "${BUILD_DIR}/out_dir" "${BUILD_DIR}/profile" || exit $?
+
+sudo chown -R "build:wheel" /out/out_dir

pkg/de-p1st-gpu-amdgpu/PKGBUILD

@@ -20,7 +20,7 @@ depends+=(libva-mesa-driver)
 # "HW-vide-acceleration: VDPAU"
 depends+=(mesa-vdpau)
 # holo
-depends+=('holo' 'base')  # without base "holo apply" may fail on initial system installation
+depends+=('holo' 'git' 'base')  # without base "holo apply" may fail on initial system installation
 
 makedepends=('git')
 provides=('de-p1st-gpu') # implicitly provides $pkgname

pkg/de-p1st-grub/PKGBUILD

@@ -8,7 +8,7 @@ pkgdesc="grub with configuration"
 arch=('any')
 url="https://codeberg.org/privacy1st/${_reponame}"
 license=('MIT')
-depends=('grub' 'holo' 'git')
+depends=('grub' 'holo' 'git' 'base')
 makedepends=('git')
 install='.install'
 changelog=

pkg/de-p1st-locale/PKGBUILD

@@ -8,7 +8,7 @@ pkgdesc="locale and timezone"
 arch=('any')
 url="https://codeberg.org/privacy1st/${_reponame}"
 license=('MIT')
-depends=('holo' 'git')
+depends=('holo' 'git' 'base')
 makedepends=('git')
 backup=('etc/locale.conf' 'etc/localtime')
 install='.install'

pkg/de-p1st-makepkg/PKGBUILD

@@ -8,7 +8,7 @@ pkgdesc="Personalized makepkg.conf"
 arch=('any')
 url="https://codeberg.org/privacy1st/${_reponame}"
 license=('MIT')
-depends=('pacman' 'holo' 'git')  # /etc/makepkg.conf belongs to pacman
+depends=('pacman' 'holo' 'git' 'base')  # /etc/makepkg.conf belongs to pacman
 makedepends=('git')
 install='.install'
 changelog=

pkg/de-p1st-mkinitcpio/mkinitcpio.conf.holoscript

@@ -5,7 +5,7 @@
 # save stdin (content of /etc/mkinitcpio.conf) in variable
 stdin=$(cat)
 
-# MODULES is empty
+# assert MODULES is empty
 echo "$stdin" | grep '^MODULES=()'
 
 # assert HOOKS is as expected

pkg/de-p1st-nano/PKGBUILD

@@ -8,7 +8,7 @@ pkgdesc="nano with configuration"
 arch=('any')
 url="https://codeberg.org/privacy1st/${_reponame}"
 license=('MIT')
-depends=('nano' 'holo' 'git')
+depends=('nano' 'holo' 'git' 'base')
 makedepends=('git')
 install='.install'
 source=("git+${url}.git")

pkg/de-p1st-pacman/PKGBUILD

@@ -8,7 +8,7 @@ pkgdesc="pacman with configuration"
 arch=('any')
 url="https://codeberg.org/privacy1st/${_reponame}"
 license=('MIT')
-depends=('pacman' 'holo' 'git')
+depends=('pacman' 'holo' 'git' 'base')
 makedepends=('git')
 optdepends=('de-p1st-pacman-mirrorlist')
 install='.install'

pkg/de-p1st-screen/PKGBUILD

@@ -8,7 +8,7 @@ pkgdesc="screen with configuration"
 arch=('any')
 url="https://codeberg.org/privacy1st/${_reponame}"
 license=('MIT')
-depends=('screen' 'holo' 'git')
+depends=('screen' 'holo' 'git' 'base')
 makedepends=('git')
 install='.install'
 source=("git+${url}.git")

pkg/de-p1st-sddm-theme-nordic/PKGBUILD

@@ -14,7 +14,7 @@ depends=('sddm' 'sddm-nordic-theme-git')
 # Main.qml:28:1: module "org.kde.plasma.extras" is not installed
 depends+=('plasma-framework')
 # See TODO below
-depends+=('holo' 'git')
+depends+=('holo' 'git' 'base')
 
 makedepends=('git')
 install='.install'

pkg/de-p1st-smartcard/PKGBUILD

@@ -9,7 +9,7 @@ arch=('any')
 url="https://codeberg.org/privacy1st/${_reponame}"
 license=('MIT')
 groups=()
-depends=('ccid' 'opensc' 'systemd' 'holo' 'git' 'de-p1st-gnupg')
+depends=('ccid' 'opensc' 'systemd' 'holo' 'git' 'base' 'de-p1st-gnupg')
 makedepends=('git')
 install='.install'
 source=("git+${url}.git")

pkg/de-p1st-ssh/.install

@@ -0,0 +1,17 @@
+## arg 1:  the new package version
+post_install() {
+  holo apply
+  systemctl preset-all
+}
+
+## arg 1:  the new package version
+## arg 2:  the old package version
+post_upgrade() {
+  holo apply
+  systemctl preset-all
+}
+
+## arg 1:  the old package version
+post_remove() {
+  holo apply
+}

pkg/de-p1st-ssh/PKGBUILD

@@ -0,0 +1,22 @@
+# Maintainer: Daniel Langbein <daniel@systemli.org>
+_pkgname=ssh
+_reponame=arch
+pkgname="de-p1st-$_pkgname"
+pkgver=0.0.1
+pkgrel=1
+pkgdesc="ssh with configuration"
+arch=('any')
+url="https://codeberg.org/privacy1st/${_reponame}"
+license=('MIT')
+depends=('openssh' 'systemd')
+depends+=('holo' 'git' 'base')  # holo and its dependencies: git for holo-diff; without base "holo apply" may fail on initial system installation
+makedepends=('git')
+install='.install'
+source=("git+${url}.git")
+sha256sums=('SKIP')
+
+package() {
+  cd "${_reponame}/pkg/${pkgname}"
+
+  install -Dm0644 systemd.preset "$pkgdir"/usr/lib/systemd/system-preset/20-"$pkgname".preset
+}

pkg/de-p1st-ssh/sshd_config.holoscript

@@ -0,0 +1,23 @@
+#!/bin/sh
+# stdin: default config
+# stdout: modified config
+
+# save stdin (content of /etc/ssh/sshd_config) in variable
+stdin=$(cat)
+
+# asertions
+echo "$stdin" | grep '^UsePAM yes$'
+#
+echo "$stdin" | grep '^#PermitRootLogin\s.*$'
+echo "$stdin" | grep '^#PubkeyAuthentication\s.*$'
+echo "$stdin" | grep '^#PasswordAuthentication\s.*$'
+echo "$stdin" | grep '^#PermitEmptyPasswords\s.*$'
+echo "$stdin" | grep '^#X11Forwarding\s.*$'
+
+sed '
+  s|^#PermitRootLogin\s.*$|PermitRootLogin no|;
+  s|^#PubkeyAuthentication\s.*$|PubkeyAuthentication yes|;
+  s|^#PasswordAuthentication\s.*$|PasswordAuthentication no|;
+  s|^#PermitEmptyPasswords\s.*$|PermitEmptyPasswords no|;
+  s|^#X11Forwarding\s.*$|X11Forwarding no|
+  ' <<< "$stdin"

pkg/de-p1st-ssh/systemd.preset

@@ -0,0 +1 @@
+enable sshd.service

prototype/proto.PKGBUILD

@@ -10,7 +10,8 @@ url="https://codeberg.org/privacy1st/${_reponame}"
 license=('MIT')
 groups=()
 depends=()
-makedepends=('git')
+depends+=('holo' 'git' 'base')  # holo and its dependencies: git for holo-diff; without base "holo apply" may fail on initial system installation
+makedepends=('git')  # to fetch source(s) via git
 optdepends=()
 provides=()
 conflicts=()