a again
This commit is contained in:
parent
d026012c2d
commit
c3c110a34a
11 changed files with 273 additions and 3 deletions
|
@ -45,11 +45,10 @@ root_dir() {
|
||||||
}
|
}
|
||||||
|
|
||||||
root_file() {
|
root_file() {
|
||||||
dir=$(basename "$1")
|
dir=$(dirname "$1")
|
||||||
mkdir -p "$HOME/.root$dir"
|
mkdir -p "$HOME/.root$dir"
|
||||||
cp "$1" "$HOME/.root$dir"
|
cp "$1" "$HOME/.root$dir"
|
||||||
$config add "$HOME/.root$dir"
|
$config add "$HOME/.root$1"
|
||||||
rm -fr "$HOME/.root$dir"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
root_dir /etc/initcpio/post
|
root_dir /etc/initcpio/post
|
||||||
|
@ -65,3 +64,4 @@ $config add "$packages"
|
||||||
|
|
||||||
rm "$aur"
|
rm "$aur"
|
||||||
rm "$packages"
|
rm "$packages"
|
||||||
|
rm -fr "$HOME/.root"
|
||||||
|
|
1
.root/etc/cmdline.d/look.conf
Normal file
1
.root/etc/cmdline.d/look.conf
Normal file
|
@ -0,0 +1 @@
|
||||||
|
loglevel=0 text bgrt_disable
|
1
.root/etc/cmdline.d/root.conf
Normal file
1
.root/etc/cmdline.d/root.conf
Normal file
|
@ -0,0 +1 @@
|
||||||
|
cryptdevice=UUID=c2ac4d90-704e-4f64-a699-4cf69d40bd0b:root:discard root=/dev/mapper/root rw
|
1
.root/etc/cmdline.d/virt.conf
Normal file
1
.root/etc/cmdline.d/virt.conf
Normal file
|
@ -0,0 +1 @@
|
||||||
|
amd_iommu=on
|
15
.root/etc/initcpio/post/uki-sbsign
Executable file
15
.root/etc/initcpio/post/uki-sbsign
Executable file
|
@ -0,0 +1,15 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
uki="$3"
|
||||||
|
[[ -n "$uki" ]] || exit 0
|
||||||
|
|
||||||
|
keypairs=(/usr/share/secureboot/keys/db/db.key /usr/share/secureboot/keys/db/db.pem)
|
||||||
|
|
||||||
|
for (( i=0; i<${#keypairs[@]}; i+=2 )); do
|
||||||
|
key="${keypairs[$i]}"
|
||||||
|
cert="${keypairs[(( i + 1))]}"
|
||||||
|
if ! sbverify --cert "$cert" "$uki" &>/dev/null; then
|
||||||
|
sbsign --key "$key" --cert "$cert" --output "$uki" "$uki"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
159
.root/etc/makepkg.conf
Normal file
159
.root/etc/makepkg.conf
Normal file
|
@ -0,0 +1,159 @@
|
||||||
|
#!/hint/bash
|
||||||
|
#
|
||||||
|
# /etc/makepkg.conf
|
||||||
|
#
|
||||||
|
|
||||||
|
#########################################################################
|
||||||
|
# SOURCE ACQUISITION
|
||||||
|
#########################################################################
|
||||||
|
#
|
||||||
|
#-- The download utilities that makepkg should use to acquire sources
|
||||||
|
# Format: 'protocol::agent'
|
||||||
|
DLAGENTS=('file::/usr/bin/curl -qgC - -o %o %u'
|
||||||
|
'ftp::/usr/bin/curl -qgfC - --ftp-pasv --retry 3 --retry-delay 3 -o %o %u'
|
||||||
|
'http::/usr/bin/curl -qgb "" -fLC - --retry 3 --retry-delay 3 -o %o %u'
|
||||||
|
'https::/usr/bin/curl -qgb "" -fLC - --retry 3 --retry-delay 3 -o %o %u'
|
||||||
|
'rsync::/usr/bin/rsync --no-motd -z %u %o'
|
||||||
|
'scp::/usr/bin/scp -C %u %o')
|
||||||
|
|
||||||
|
# Other common tools:
|
||||||
|
# /usr/bin/snarf
|
||||||
|
# /usr/bin/lftpget -c
|
||||||
|
# /usr/bin/wget
|
||||||
|
|
||||||
|
#-- The package required by makepkg to download VCS sources
|
||||||
|
# Format: 'protocol::package'
|
||||||
|
VCSCLIENTS=('bzr::breezy'
|
||||||
|
'fossil::fossil'
|
||||||
|
'git::git'
|
||||||
|
'hg::mercurial'
|
||||||
|
'svn::subversion')
|
||||||
|
|
||||||
|
#########################################################################
|
||||||
|
# ARCHITECTURE, COMPILE FLAGS
|
||||||
|
#########################################################################
|
||||||
|
#
|
||||||
|
CARCH="x86_64"
|
||||||
|
CHOST="x86_64-pc-linux-gnu"
|
||||||
|
|
||||||
|
#-- Compiler and Linker Flags
|
||||||
|
#CPPFLAGS=""
|
||||||
|
CFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fno-plt -fexceptions \
|
||||||
|
-Wp,-D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security \
|
||||||
|
-fstack-clash-protection -fcf-protection"
|
||||||
|
CXXFLAGS="$CFLAGS -Wp,-D_GLIBCXX_ASSERTIONS"
|
||||||
|
LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now"
|
||||||
|
LTOFLAGS="-flto=auto"
|
||||||
|
#RUSTFLAGS="-C opt-level=2"
|
||||||
|
#-- Make Flags: change this for DistCC/SMP systems
|
||||||
|
MAKEFLAGS="-j16"
|
||||||
|
#-- Debugging flags
|
||||||
|
DEBUG_CFLAGS="-g"
|
||||||
|
DEBUG_CXXFLAGS="$DEBUG_CFLAGS"
|
||||||
|
#DEBUG_RUSTFLAGS="-C debuginfo=2"
|
||||||
|
|
||||||
|
#########################################################################
|
||||||
|
# BUILD ENVIRONMENT
|
||||||
|
#########################################################################
|
||||||
|
#
|
||||||
|
# Makepkg defaults: BUILDENV=(!distcc !color !ccache check !sign)
|
||||||
|
# A negated environment option will do the opposite of the comments below.
|
||||||
|
#
|
||||||
|
#-- distcc: Use the Distributed C/C++/ObjC compiler
|
||||||
|
#-- color: Colorize output messages
|
||||||
|
#-- ccache: Use ccache to cache compilation
|
||||||
|
#-- check: Run the check() function if present in the PKGBUILD
|
||||||
|
#-- sign: Generate PGP signature file
|
||||||
|
#
|
||||||
|
BUILDENV=(!distcc color !ccache check !sign)
|
||||||
|
#
|
||||||
|
#-- If using DistCC, your MAKEFLAGS will also need modification. In addition,
|
||||||
|
#-- specify a space-delimited list of hosts running in the DistCC cluster.
|
||||||
|
#DISTCC_HOSTS=""
|
||||||
|
#
|
||||||
|
#-- Specify a directory for package building.
|
||||||
|
#BUILDDIR=/tmp/makepkg
|
||||||
|
|
||||||
|
#########################################################################
|
||||||
|
# GLOBAL PACKAGE OPTIONS
|
||||||
|
# These are default values for the options=() settings
|
||||||
|
#########################################################################
|
||||||
|
#
|
||||||
|
# Makepkg defaults: OPTIONS=(!strip docs libtool staticlibs emptydirs !zipman !purge !debug !lto)
|
||||||
|
# A negated option will do the opposite of the comments below.
|
||||||
|
#
|
||||||
|
#-- strip: Strip symbols from binaries/libraries
|
||||||
|
#-- docs: Save doc directories specified by DOC_DIRS
|
||||||
|
#-- libtool: Leave libtool (.la) files in packages
|
||||||
|
#-- staticlibs: Leave static library (.a) files in packages
|
||||||
|
#-- emptydirs: Leave empty directories in packages
|
||||||
|
#-- zipman: Compress manual (man and info) pages in MAN_DIRS with gzip
|
||||||
|
#-- purge: Remove files specified by PURGE_TARGETS
|
||||||
|
#-- debug: Add debugging flags as specified in DEBUG_* variables
|
||||||
|
#-- lto: Add compile flags for building with link time optimization
|
||||||
|
#
|
||||||
|
OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge !debug !lto)
|
||||||
|
|
||||||
|
#-- File integrity checks to use. Valid: md5, sha1, sha224, sha256, sha384, sha512, b2
|
||||||
|
INTEGRITY_CHECK=(sha256)
|
||||||
|
#-- Options to be used when stripping binaries. See `man strip' for details.
|
||||||
|
STRIP_BINARIES="--strip-all"
|
||||||
|
#-- Options to be used when stripping shared libraries. See `man strip' for details.
|
||||||
|
STRIP_SHARED="--strip-unneeded"
|
||||||
|
#-- Options to be used when stripping static libraries. See `man strip' for details.
|
||||||
|
STRIP_STATIC="--strip-debug"
|
||||||
|
#-- Manual (man and info) directories to compress (if zipman is specified)
|
||||||
|
MAN_DIRS=({usr{,/local}{,/share},opt/*}/{man,info})
|
||||||
|
#-- Doc directories to remove (if !docs is specified)
|
||||||
|
DOC_DIRS=(usr/{,local/}{,share/}{doc,gtk-doc} opt/*/{doc,gtk-doc})
|
||||||
|
#-- Files to be removed from all packages (if purge is specified)
|
||||||
|
PURGE_TARGETS=(usr/{,share}/info/dir .packlist *.pod)
|
||||||
|
#-- Directory to store source code in for debug packages
|
||||||
|
DBGSRCDIR="/usr/src/debug"
|
||||||
|
|
||||||
|
#########################################################################
|
||||||
|
# PACKAGE OUTPUT
|
||||||
|
#########################################################################
|
||||||
|
#
|
||||||
|
# Default: put built package and cached source in build directory
|
||||||
|
#
|
||||||
|
#-- Destination: specify a fixed directory where all packages will be placed
|
||||||
|
#PKGDEST=/home/packages
|
||||||
|
#-- Source cache: specify a fixed directory where source files will be cached
|
||||||
|
#SRCDEST=/home/sources
|
||||||
|
#-- Source packages: specify a fixed directory where all src packages will be placed
|
||||||
|
#SRCPKGDEST=/home/srcpackages
|
||||||
|
#-- Log files: specify a fixed directory where all log files will be placed
|
||||||
|
#LOGDEST=/home/makepkglogs
|
||||||
|
#-- Packager: name/email of the person or organization building packages
|
||||||
|
#PACKAGER="John Doe <john@doe.com>"
|
||||||
|
#-- Specify a key to use for package signing
|
||||||
|
#GPGKEY=""
|
||||||
|
|
||||||
|
#########################################################################
|
||||||
|
# COMPRESSION DEFAULTS
|
||||||
|
#########################################################################
|
||||||
|
#
|
||||||
|
COMPRESSGZ=(gzip -c -f -n)
|
||||||
|
COMPRESSBZ2=(bzip2 -c -f)
|
||||||
|
COMPRESSXZ=(xz -c -z -)
|
||||||
|
COMPRESSZST=(zstd -c -z -q -)
|
||||||
|
COMPRESSLRZ=(lrzip -q)
|
||||||
|
COMPRESSLZO=(lzop -q)
|
||||||
|
COMPRESSZ=(compress -c -f)
|
||||||
|
COMPRESSLZ4=(lz4 -q)
|
||||||
|
COMPRESSLZ=(lzip -c -f)
|
||||||
|
|
||||||
|
#########################################################################
|
||||||
|
# EXTENSION DEFAULTS
|
||||||
|
#########################################################################
|
||||||
|
#
|
||||||
|
PKGEXT='.pkg.tar.zst'
|
||||||
|
SRCEXT='.src.tar.gz'
|
||||||
|
|
||||||
|
#########################################################################
|
||||||
|
# OTHER
|
||||||
|
#########################################################################
|
||||||
|
#
|
||||||
|
#-- Command used to run pacman as root, instead of trying sudo and su
|
||||||
|
PACMAN_AUTH=(doas)
|
4
.root/etc/mkinitcpio.conf
Normal file
4
.root/etc/mkinitcpio.conf
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
MODULES=(vfio_pci vfio_iommu_type1 vfio)
|
||||||
|
BINARIES=()
|
||||||
|
FILES=()
|
||||||
|
HOOKS=(base udev autodetect modconf kms keyboard keymap block tpm2 encrypt filesystems fsck)
|
17
.root/etc/mkinitcpio.d/linux-lts.preset
Normal file
17
.root/etc/mkinitcpio.d/linux-lts.preset
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
# mkinitcpio preset file for the 'linux-lts' package
|
||||||
|
|
||||||
|
#ALL_config="/etc/mkinitcpio.conf"
|
||||||
|
ALL_kver="/boot/vmlinuz-linux-lts"
|
||||||
|
ALL_microcode=(/boot/*-ucode.img)
|
||||||
|
|
||||||
|
PRESETS=('default' 'fallback')
|
||||||
|
|
||||||
|
#default_config="/etc/mkinitcpio.conf"
|
||||||
|
#default_image="/boot/initramfs-linux-lts.img"
|
||||||
|
default_uki="/boot/efi/EFI/Linux/arch-linux-lts.efi"
|
||||||
|
#default_options="--splash /usr/share/systemd/bootctl/splash-arch.bmp"
|
||||||
|
|
||||||
|
#fallback_config="/etc/mkinitcpio.conf"
|
||||||
|
#fallback_image="/boot/initramfs-linux-lts-fallback.img"
|
||||||
|
fallback_uki="/boot/efi/EFI/Linux/arch-linux-lts-fallback.efi"
|
||||||
|
fallback_options="-S autodetect"
|
17
.root/etc/mkinitcpio.d/linux.preset
Normal file
17
.root/etc/mkinitcpio.d/linux.preset
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
# mkinitcpio preset file for the 'linux' package
|
||||||
|
|
||||||
|
#ALL_config="/etc/mkinitcpio.conf"
|
||||||
|
ALL_kver="/boot/vmlinuz-linux"
|
||||||
|
ALL_microcode=(/boot/*-ucode.img)
|
||||||
|
|
||||||
|
PRESETS=('default' 'fallback')
|
||||||
|
|
||||||
|
#default_config="/etc/mkinitcpio.conf"
|
||||||
|
#default_image="/boot/initramfs-linux.img"
|
||||||
|
default_uki="/boot/efi/EFI/Linux/arch-linux.efi"
|
||||||
|
#default_options="--splash /usr/share/systemd/bootctl/splash-arch.bmp"
|
||||||
|
|
||||||
|
#fallback_config="/etc/mkinitcpio.conf"
|
||||||
|
#fallback_image="/boot/initramfs-linux-fallback.img"
|
||||||
|
fallback_uki="/boot/efi/EFI/Linux/arch-linux-fallback.efi"
|
||||||
|
fallback_options="-S autodetect"
|
16
.root/etc/pacman.d/hooks/uki.hook
Normal file
16
.root/etc/pacman.d/hooks/uki.hook
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
[Trigger]
|
||||||
|
Operation=Install
|
||||||
|
Operation=Upgrade
|
||||||
|
Operation=Remove
|
||||||
|
Type=Package
|
||||||
|
Target=amd-ucode
|
||||||
|
Target=linux
|
||||||
|
Target=linux-lts
|
||||||
|
|
||||||
|
[Action]
|
||||||
|
Description=Update Kernel and Microcode in initramfs
|
||||||
|
Depends=mkinitcpio
|
||||||
|
When=PostTransaction
|
||||||
|
NeedsTargets
|
||||||
|
Exec=/bin/sh -c 'while read -r trg; do case $trg in linux) exit 0; esac; done; /usr/bin/mkinitcpio -P'
|
||||||
|
|
39
.root/etc/paru.conf
Normal file
39
.root/etc/paru.conf
Normal file
|
@ -0,0 +1,39 @@
|
||||||
|
#
|
||||||
|
# $PARU_CONF
|
||||||
|
# /etc/paru.conf
|
||||||
|
# ~/.config/paru/paru.conf
|
||||||
|
#
|
||||||
|
# See the paru.conf(5) manpage for options
|
||||||
|
|
||||||
|
#
|
||||||
|
# GENERAL OPTIONS
|
||||||
|
#
|
||||||
|
[options]
|
||||||
|
PgpFetch
|
||||||
|
Devel
|
||||||
|
Provides
|
||||||
|
DevelSuffixes = -git -cvs -svn -bzr -darcs -always -hg -fossil
|
||||||
|
#AurOnly
|
||||||
|
#BottomUp
|
||||||
|
#RemoveMake
|
||||||
|
#SudoLoop
|
||||||
|
#UseAsk
|
||||||
|
#SaveChanges
|
||||||
|
#CombinedUpgrade
|
||||||
|
#CleanAfter
|
||||||
|
#UpgradeMenu
|
||||||
|
#NewsOnUpgrade
|
||||||
|
|
||||||
|
#LocalRepo
|
||||||
|
#Chroot
|
||||||
|
#Sign
|
||||||
|
#SignDb
|
||||||
|
#KeepRepoCache
|
||||||
|
|
||||||
|
#
|
||||||
|
# Binary OPTIONS
|
||||||
|
#
|
||||||
|
[bin]
|
||||||
|
#FileManager = vifm
|
||||||
|
#MFlags = --skippgpcheck
|
||||||
|
Sudo = doas
|
Loading…
Reference in a new issue