WORKS!
This commit is contained in:
parent
20324bfcb7
commit
60483b68cc
53
mkosi.conf
53
mkosi.conf
|
@ -5,10 +5,9 @@ CacheOnly=true
|
|||
|
||||
[Output]
|
||||
Format=disk
|
||||
SplitArtifacts=true
|
||||
ManifestFormat=json,changelog
|
||||
OutputDirectory=mkosi.output
|
||||
BuildDirectory=mkosi.builddir
|
||||
CacheDirectory=mkosi.cache
|
||||
ImageId=rafeOS
|
||||
SectorSize=4096
|
||||
#CompressOutput=xz
|
||||
# For Reproducible Builds
|
||||
|
@ -16,13 +15,18 @@ Seed=834dd70f55be43cc9934b20fc0b7f7be
|
|||
|
||||
[Content]
|
||||
Bootable=yes
|
||||
RootPassword=password
|
||||
SourceDateEpoch=0
|
||||
Packages=
|
||||
# Minimal package set to define a basic Arch Linux installation
|
||||
base
|
||||
# system and service manager
|
||||
systemd
|
||||
# systemd: show QR codes
|
||||
qrencode
|
||||
# systemd: unlocking LUKS2 volumes with FIDO2 token
|
||||
libfido2
|
||||
# systemd: unlocking LUKS2 volumes with TPM2
|
||||
tpm2-tss
|
||||
# The Linux kernel and modules
|
||||
linux
|
||||
# linux: firmware images needed for some devices
|
||||
|
@ -33,20 +37,20 @@ Packages=
|
|||
amd-ucode
|
||||
# Microcode update image for Intel CPUs
|
||||
intel-ucode
|
||||
# Tools for squashfs, a highly compressed read-only filesystem for Linux
|
||||
squashfs-tools
|
||||
# Userspace utilities for linux-erofs file system
|
||||
erofs-utils
|
||||
#erofs-utils
|
||||
# Btrfs filesystem utilities
|
||||
btrfs-progs
|
||||
# Ext2/3/4 filesystem utilities
|
||||
e2fsprogs
|
||||
# systemd: show QR codes
|
||||
qrencode
|
||||
# systemd: unlocking LUKS2 volumes with FIDO2 token
|
||||
libfido2
|
||||
# systemd: unlocking LUKS2 volumes with TPM2
|
||||
tpm2-tss
|
||||
|
||||
RemoveFiles=
|
||||
/usr/include
|
||||
/usr/local
|
||||
/usr/src
|
||||
/usr/lib/cmake
|
||||
/usr/lib/pkgconfig
|
||||
|
||||
KernelCommandLine=
|
||||
# prevents access to a shell if boot fails
|
||||
rd.shell=0
|
||||
|
@ -58,12 +62,17 @@ KernelCommandLine=
|
|||
|
||||
[Validation]
|
||||
SecureBoot=true
|
||||
SecureBootKey=/usr/share/secureboot/keys/db/db.key
|
||||
SecureBootCertificate=/usr/share/secureboot/keys/db/db.pem
|
||||
VerityKey=/usr/share/secureboot/keys/db/db.key
|
||||
VerityCertificate=/usr/share/secureboot/keys/db/db.pem
|
||||
#SecureBootKey=mkosi.key
|
||||
#SecureBootCertificate=mkosi.crt
|
||||
#VerityKey=mkosi.key
|
||||
#VerityCertificate=mkosi.crt
|
||||
#Checksum=true
|
||||
SecureBootKey=mkosi.key
|
||||
SecureBootCertificate=mkosi.crt
|
||||
#SecureBootKey=/usr/share/secureboot/keys/db/db.key
|
||||
#SecureBootCertificate=/usr/share/secureboot/keys/db/db.pem
|
||||
SignExpectedPcr=true
|
||||
VerityKey=mkosi.key
|
||||
VerityCertificate=mkosi.crt
|
||||
#VerityKey=/usr/share/secureboot/keys/db/db.key
|
||||
#VerityCertificate=/usr/share/secureboot/keys/db/db.pem
|
||||
Checksum=true
|
||||
|
||||
[Host]
|
||||
Incremental=true
|
||||
ToolsTree=default
|
|
@ -1,4 +1,3 @@
|
|||
[Partition]
|
||||
Type=esp
|
||||
SizeMinBytes=1G
|
||||
SizeMaxBytes=1G
|
||||
CopyBlocks=auto
|
|
@ -1,3 +1,3 @@
|
|||
[Partition]
|
||||
Type=usr
|
||||
SizeMinBytes=1G
|
||||
CopyBlocks=auto
|
|
@ -1,4 +1,3 @@
|
|||
[Partition]
|
||||
Type=usr-verity
|
||||
SizeMinBytes=64M
|
||||
SizeMaxBytes=256M
|
||||
CopyBlocks=auto
|
|
@ -1,2 +1,6 @@
|
|||
[Partition]
|
||||
Type=usr-verity-sig
|
||||
Type=usr-verity-sig
|
||||
CopyBlocks=auto
|
||||
# https://github.com/systemd/systemd/issues/25362
|
||||
#SizeMinBytes=16K
|
||||
#SizeMaxBytes=16K
|
|
@ -1,6 +1,12 @@
|
|||
[Partition]
|
||||
Type=root
|
||||
Format=btrfs
|
||||
SizeMinBytes=100M
|
||||
FactoryReset=true
|
||||
#SizeMinBytes=100M
|
||||
Encrypt=key-file+tpm2
|
||||
FactoryReset=true
|
||||
MakeDirectories=/etc
|
||||
MakeDirectories=/var
|
||||
MakeDirectories=/srv
|
||||
Subvolumes=/etc
|
||||
Subvolumes=/var
|
||||
Subvolumes=/srv
|
|
@ -1,5 +1,5 @@
|
|||
[Partition]
|
||||
Type=home
|
||||
Format=ext4
|
||||
SizeMinBytes=100M
|
||||
FactoryReset=false
|
||||
FactoryReset=false
|
||||
#SizeMinBytes=100M
|
|
@ -1,8 +1,8 @@
|
|||
[Partition]
|
||||
Type=esp
|
||||
SizeMinBytes=1G
|
||||
SizeMaxBytes=1G
|
||||
Format=vfat
|
||||
CopyFiles=/efi:/
|
||||
ExcludeFilesTarget=/efi/EFI/systemd/systemd-bootia32.efi
|
||||
ExcludeFilesTarget=/efi/EFI/BOOT/BOOTIA32.EFI
|
||||
SizeMinBytes=1G
|
||||
SizeMaxBytes=1G
|
||||
ExcludeFilesTarget=/efi/EFI/BOOT/BOOTIA32.EFI
|
|
@ -1,8 +1,9 @@
|
|||
[Partition]
|
||||
Type=usr
|
||||
Format=erofs
|
||||
CopyFiles=/usr:/
|
||||
SizeMinBytes=1G
|
||||
Minimize=best
|
||||
Label=%M_%A
|
||||
#SizeMinBytes=1G
|
||||
Minimize=true
|
||||
Verity=data
|
||||
VerityMatchKey=usr
|
||||
VerityMatchKey=usr
|
||||
Format=erofs
|
||||
CopyFiles=/usr:/
|
|
@ -1,8 +1,9 @@
|
|||
[Partition]
|
||||
Type=usr-verity
|
||||
Label=%M_%A
|
||||
SizeMinBytes=64M
|
||||
SizeMaxBytes=256M
|
||||
Minimize=best
|
||||
Minimize=true
|
||||
Verity=hash
|
||||
VerityMatchKey=usr
|
||||
# Explicitly set the hash and data block size to 4K
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
[Partition]
|
||||
Type=usr-verity-sig
|
||||
Label=%M_%A
|
||||
Verity=signature
|
||||
VerityMatchKey=usr
|
1
mkosi.rootpw
Normal file
1
mkosi.rootpw
Normal file
|
@ -0,0 +1 @@
|
|||
password
|
1
mkosi.version
Normal file
1
mkosi.version
Normal file
|
@ -0,0 +1 @@
|
|||
0.0.0
|
Loading…
Reference in a new issue