a again
This commit is contained in:
parent
d026012c2d
commit
c3c110a34a
11 changed files with 273 additions and 3 deletions
|
@ -45,11 +45,10 @@ root_dir() {
|
|||
}
|
||||
|
||||
root_file() {
|
||||
dir=$(basename "$1")
|
||||
dir=$(dirname "$1")
|
||||
mkdir -p "$HOME/.root$dir"
|
||||
cp "$1" "$HOME/.root$dir"
|
||||
$config add "$HOME/.root$dir"
|
||||
rm -fr "$HOME/.root$dir"
|
||||
$config add "$HOME/.root$1"
|
||||
}
|
||||
|
||||
root_dir /etc/initcpio/post
|
||||
|
@ -65,3 +64,4 @@ $config add "$packages"
|
|||
|
||||
rm "$aur"
|
||||
rm "$packages"
|
||||
rm -fr "$HOME/.root"
|
||||
|
|
1
.root/etc/cmdline.d/look.conf
Normal file
1
.root/etc/cmdline.d/look.conf
Normal file
|
@ -0,0 +1 @@
|
|||
loglevel=0 text bgrt_disable
|
1
.root/etc/cmdline.d/root.conf
Normal file
1
.root/etc/cmdline.d/root.conf
Normal file
|
@ -0,0 +1 @@
|
|||
cryptdevice=UUID=c2ac4d90-704e-4f64-a699-4cf69d40bd0b:root:discard root=/dev/mapper/root rw
|
1
.root/etc/cmdline.d/virt.conf
Normal file
1
.root/etc/cmdline.d/virt.conf
Normal file
|
@ -0,0 +1 @@
|
|||
amd_iommu=on
|
15
.root/etc/initcpio/post/uki-sbsign
Executable file
15
.root/etc/initcpio/post/uki-sbsign
Executable file
|
@ -0,0 +1,15 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
uki="$3"
|
||||
[[ -n "$uki" ]] || exit 0
|
||||
|
||||
keypairs=(/usr/share/secureboot/keys/db/db.key /usr/share/secureboot/keys/db/db.pem)
|
||||
|
||||
for (( i=0; i<${#keypairs[@]}; i+=2 )); do
|
||||
key="${keypairs[$i]}"
|
||||
cert="${keypairs[(( i + 1))]}"
|
||||
if ! sbverify --cert "$cert" "$uki" &>/dev/null; then
|
||||
sbsign --key "$key" --cert "$cert" --output "$uki" "$uki"
|
||||
fi
|
||||
done
|
||||
|
159
.root/etc/makepkg.conf
Normal file
159
.root/etc/makepkg.conf
Normal file
|
@ -0,0 +1,159 @@
|
|||
#!/hint/bash
|
||||
#
|
||||
# /etc/makepkg.conf
|
||||
#
|
||||
|
||||
#########################################################################
|
||||
# SOURCE ACQUISITION
|
||||
#########################################################################
|
||||
#
|
||||
#-- The download utilities that makepkg should use to acquire sources
|
||||
# Format: 'protocol::agent'
|
||||
DLAGENTS=('file::/usr/bin/curl -qgC - -o %o %u'
|
||||
'ftp::/usr/bin/curl -qgfC - --ftp-pasv --retry 3 --retry-delay 3 -o %o %u'
|
||||
'http::/usr/bin/curl -qgb "" -fLC - --retry 3 --retry-delay 3 -o %o %u'
|
||||
'https::/usr/bin/curl -qgb "" -fLC - --retry 3 --retry-delay 3 -o %o %u'
|
||||
'rsync::/usr/bin/rsync --no-motd -z %u %o'
|
||||
'scp::/usr/bin/scp -C %u %o')
|
||||
|
||||
# Other common tools:
|
||||
# /usr/bin/snarf
|
||||
# /usr/bin/lftpget -c
|
||||
# /usr/bin/wget
|
||||
|
||||
#-- The package required by makepkg to download VCS sources
|
||||
# Format: 'protocol::package'
|
||||
VCSCLIENTS=('bzr::breezy'
|
||||
'fossil::fossil'
|
||||
'git::git'
|
||||
'hg::mercurial'
|
||||
'svn::subversion')
|
||||
|
||||
#########################################################################
|
||||
# ARCHITECTURE, COMPILE FLAGS
|
||||
#########################################################################
|
||||
#
|
||||
CARCH="x86_64"
|
||||
CHOST="x86_64-pc-linux-gnu"
|
||||
|
||||
#-- Compiler and Linker Flags
|
||||
#CPPFLAGS=""
|
||||
CFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fno-plt -fexceptions \
|
||||
-Wp,-D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security \
|
||||
-fstack-clash-protection -fcf-protection"
|
||||
CXXFLAGS="$CFLAGS -Wp,-D_GLIBCXX_ASSERTIONS"
|
||||
LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now"
|
||||
LTOFLAGS="-flto=auto"
|
||||
#RUSTFLAGS="-C opt-level=2"
|
||||
#-- Make Flags: change this for DistCC/SMP systems
|
||||
MAKEFLAGS="-j16"
|
||||
#-- Debugging flags
|
||||
DEBUG_CFLAGS="-g"
|
||||
DEBUG_CXXFLAGS="$DEBUG_CFLAGS"
|
||||
#DEBUG_RUSTFLAGS="-C debuginfo=2"
|
||||
|
||||
#########################################################################
|
||||
# BUILD ENVIRONMENT
|
||||
#########################################################################
|
||||
#
|
||||
# Makepkg defaults: BUILDENV=(!distcc !color !ccache check !sign)
|
||||
# A negated environment option will do the opposite of the comments below.
|
||||
#
|
||||
#-- distcc: Use the Distributed C/C++/ObjC compiler
|
||||
#-- color: Colorize output messages
|
||||
#-- ccache: Use ccache to cache compilation
|
||||
#-- check: Run the check() function if present in the PKGBUILD
|
||||
#-- sign: Generate PGP signature file
|
||||
#
|
||||
BUILDENV=(!distcc color !ccache check !sign)
|
||||
#
|
||||
#-- If using DistCC, your MAKEFLAGS will also need modification. In addition,
|
||||
#-- specify a space-delimited list of hosts running in the DistCC cluster.
|
||||
#DISTCC_HOSTS=""
|
||||
#
|
||||
#-- Specify a directory for package building.
|
||||
#BUILDDIR=/tmp/makepkg
|
||||
|
||||
#########################################################################
|
||||
# GLOBAL PACKAGE OPTIONS
|
||||
# These are default values for the options=() settings
|
||||
#########################################################################
|
||||
#
|
||||
# Makepkg defaults: OPTIONS=(!strip docs libtool staticlibs emptydirs !zipman !purge !debug !lto)
|
||||
# A negated option will do the opposite of the comments below.
|
||||
#
|
||||
#-- strip: Strip symbols from binaries/libraries
|
||||
#-- docs: Save doc directories specified by DOC_DIRS
|
||||
#-- libtool: Leave libtool (.la) files in packages
|
||||
#-- staticlibs: Leave static library (.a) files in packages
|
||||
#-- emptydirs: Leave empty directories in packages
|
||||
#-- zipman: Compress manual (man and info) pages in MAN_DIRS with gzip
|
||||
#-- purge: Remove files specified by PURGE_TARGETS
|
||||
#-- debug: Add debugging flags as specified in DEBUG_* variables
|
||||
#-- lto: Add compile flags for building with link time optimization
|
||||
#
|
||||
OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge !debug !lto)
|
||||
|
||||
#-- File integrity checks to use. Valid: md5, sha1, sha224, sha256, sha384, sha512, b2
|
||||
INTEGRITY_CHECK=(sha256)
|
||||
#-- Options to be used when stripping binaries. See `man strip' for details.
|
||||
STRIP_BINARIES="--strip-all"
|
||||
#-- Options to be used when stripping shared libraries. See `man strip' for details.
|
||||
STRIP_SHARED="--strip-unneeded"
|
||||
#-- Options to be used when stripping static libraries. See `man strip' for details.
|
||||
STRIP_STATIC="--strip-debug"
|
||||
#-- Manual (man and info) directories to compress (if zipman is specified)
|
||||
MAN_DIRS=({usr{,/local}{,/share},opt/*}/{man,info})
|
||||
#-- Doc directories to remove (if !docs is specified)
|
||||
DOC_DIRS=(usr/{,local/}{,share/}{doc,gtk-doc} opt/*/{doc,gtk-doc})
|
||||
#-- Files to be removed from all packages (if purge is specified)
|
||||
PURGE_TARGETS=(usr/{,share}/info/dir .packlist *.pod)
|
||||
#-- Directory to store source code in for debug packages
|
||||
DBGSRCDIR="/usr/src/debug"
|
||||
|
||||
#########################################################################
|
||||
# PACKAGE OUTPUT
|
||||
#########################################################################
|
||||
#
|
||||
# Default: put built package and cached source in build directory
|
||||
#
|
||||
#-- Destination: specify a fixed directory where all packages will be placed
|
||||
#PKGDEST=/home/packages
|
||||
#-- Source cache: specify a fixed directory where source files will be cached
|
||||
#SRCDEST=/home/sources
|
||||
#-- Source packages: specify a fixed directory where all src packages will be placed
|
||||
#SRCPKGDEST=/home/srcpackages
|
||||
#-- Log files: specify a fixed directory where all log files will be placed
|
||||
#LOGDEST=/home/makepkglogs
|
||||
#-- Packager: name/email of the person or organization building packages
|
||||
#PACKAGER="John Doe <john@doe.com>"
|
||||
#-- Specify a key to use for package signing
|
||||
#GPGKEY=""
|
||||
|
||||
#########################################################################
|
||||
# COMPRESSION DEFAULTS
|
||||
#########################################################################
|
||||
#
|
||||
COMPRESSGZ=(gzip -c -f -n)
|
||||
COMPRESSBZ2=(bzip2 -c -f)
|
||||
COMPRESSXZ=(xz -c -z -)
|
||||
COMPRESSZST=(zstd -c -z -q -)
|
||||
COMPRESSLRZ=(lrzip -q)
|
||||
COMPRESSLZO=(lzop -q)
|
||||
COMPRESSZ=(compress -c -f)
|
||||
COMPRESSLZ4=(lz4 -q)
|
||||
COMPRESSLZ=(lzip -c -f)
|
||||
|
||||
#########################################################################
|
||||
# EXTENSION DEFAULTS
|
||||
#########################################################################
|
||||
#
|
||||
PKGEXT='.pkg.tar.zst'
|
||||
SRCEXT='.src.tar.gz'
|
||||
|
||||
#########################################################################
|
||||
# OTHER
|
||||
#########################################################################
|
||||
#
|
||||
#-- Command used to run pacman as root, instead of trying sudo and su
|
||||
PACMAN_AUTH=(doas)
|
4
.root/etc/mkinitcpio.conf
Normal file
4
.root/etc/mkinitcpio.conf
Normal file
|
@ -0,0 +1,4 @@
|
|||
MODULES=(vfio_pci vfio_iommu_type1 vfio)
|
||||
BINARIES=()
|
||||
FILES=()
|
||||
HOOKS=(base udev autodetect modconf kms keyboard keymap block tpm2 encrypt filesystems fsck)
|
17
.root/etc/mkinitcpio.d/linux-lts.preset
Normal file
17
.root/etc/mkinitcpio.d/linux-lts.preset
Normal file
|
@ -0,0 +1,17 @@
|
|||
# mkinitcpio preset file for the 'linux-lts' package
|
||||
|
||||
#ALL_config="/etc/mkinitcpio.conf"
|
||||
ALL_kver="/boot/vmlinuz-linux-lts"
|
||||
ALL_microcode=(/boot/*-ucode.img)
|
||||
|
||||
PRESETS=('default' 'fallback')
|
||||
|
||||
#default_config="/etc/mkinitcpio.conf"
|
||||
#default_image="/boot/initramfs-linux-lts.img"
|
||||
default_uki="/boot/efi/EFI/Linux/arch-linux-lts.efi"
|
||||
#default_options="--splash /usr/share/systemd/bootctl/splash-arch.bmp"
|
||||
|
||||
#fallback_config="/etc/mkinitcpio.conf"
|
||||
#fallback_image="/boot/initramfs-linux-lts-fallback.img"
|
||||
fallback_uki="/boot/efi/EFI/Linux/arch-linux-lts-fallback.efi"
|
||||
fallback_options="-S autodetect"
|
17
.root/etc/mkinitcpio.d/linux.preset
Normal file
17
.root/etc/mkinitcpio.d/linux.preset
Normal file
|
@ -0,0 +1,17 @@
|
|||
# mkinitcpio preset file for the 'linux' package
|
||||
|
||||
#ALL_config="/etc/mkinitcpio.conf"
|
||||
ALL_kver="/boot/vmlinuz-linux"
|
||||
ALL_microcode=(/boot/*-ucode.img)
|
||||
|
||||
PRESETS=('default' 'fallback')
|
||||
|
||||
#default_config="/etc/mkinitcpio.conf"
|
||||
#default_image="/boot/initramfs-linux.img"
|
||||
default_uki="/boot/efi/EFI/Linux/arch-linux.efi"
|
||||
#default_options="--splash /usr/share/systemd/bootctl/splash-arch.bmp"
|
||||
|
||||
#fallback_config="/etc/mkinitcpio.conf"
|
||||
#fallback_image="/boot/initramfs-linux-fallback.img"
|
||||
fallback_uki="/boot/efi/EFI/Linux/arch-linux-fallback.efi"
|
||||
fallback_options="-S autodetect"
|
16
.root/etc/pacman.d/hooks/uki.hook
Normal file
16
.root/etc/pacman.d/hooks/uki.hook
Normal file
|
@ -0,0 +1,16 @@
|
|||
[Trigger]
|
||||
Operation=Install
|
||||
Operation=Upgrade
|
||||
Operation=Remove
|
||||
Type=Package
|
||||
Target=amd-ucode
|
||||
Target=linux
|
||||
Target=linux-lts
|
||||
|
||||
[Action]
|
||||
Description=Update Kernel and Microcode in initramfs
|
||||
Depends=mkinitcpio
|
||||
When=PostTransaction
|
||||
NeedsTargets
|
||||
Exec=/bin/sh -c 'while read -r trg; do case $trg in linux) exit 0; esac; done; /usr/bin/mkinitcpio -P'
|
||||
|
39
.root/etc/paru.conf
Normal file
39
.root/etc/paru.conf
Normal file
|
@ -0,0 +1,39 @@
|
|||
#
|
||||
# $PARU_CONF
|
||||
# /etc/paru.conf
|
||||
# ~/.config/paru/paru.conf
|
||||
#
|
||||
# See the paru.conf(5) manpage for options
|
||||
|
||||
#
|
||||
# GENERAL OPTIONS
|
||||
#
|
||||
[options]
|
||||
PgpFetch
|
||||
Devel
|
||||
Provides
|
||||
DevelSuffixes = -git -cvs -svn -bzr -darcs -always -hg -fossil
|
||||
#AurOnly
|
||||
#BottomUp
|
||||
#RemoveMake
|
||||
#SudoLoop
|
||||
#UseAsk
|
||||
#SaveChanges
|
||||
#CombinedUpgrade
|
||||
#CleanAfter
|
||||
#UpgradeMenu
|
||||
#NewsOnUpgrade
|
||||
|
||||
#LocalRepo
|
||||
#Chroot
|
||||
#Sign
|
||||
#SignDb
|
||||
#KeepRepoCache
|
||||
|
||||
#
|
||||
# Binary OPTIONS
|
||||
#
|
||||
[bin]
|
||||
#FileManager = vifm
|
||||
#MFlags = --skippgpcheck
|
||||
Sudo = doas
|
Loading…
Reference in a new issue