WORKS!

2023-12-11 01:06:18 +01:00 · 2023-12-11 01:06:18 +01:00 · 60483b68cc
parent 20324bfcb7
commit 60483b68cc
13 changed files with 63 additions and 41 deletions
--- a/mkosi.conf
+++ b/mkosi.conf
@ -5,10 +5,9 @@ CacheOnly=true

 [Output]
 Format=disk
+SplitArtifacts=true
 ManifestFormat=json,changelog
-OutputDirectory=mkosi.output
-BuildDirectory=mkosi.builddir
-CacheDirectory=mkosi.cache
+ImageId=rafeOS
 SectorSize=4096
 #CompressOutput=xz
 # For Reproducible Builds
@ -16,13 +15,18 @@ Seed=834dd70f55be43cc9934b20fc0b7f7be

 [Content]
 Bootable=yes
-RootPassword=password
 SourceDateEpoch=0
 Packages=
 	# Minimal package set to define a basic Arch Linux installation
 	base
 	# system and service manager
 	systemd
+	# systemd: show QR codes
+	qrencode
+	# systemd: unlocking LUKS2 volumes with FIDO2 token
+	libfido2
+	# systemd: unlocking LUKS2 volumes with TPM2
+	tpm2-tss
 	# The Linux kernel and modules
 	linux
 	# linux: firmware images needed for some devices
@ -33,20 +37,20 @@ Packages=
 	amd-ucode
 	# Microcode update image for Intel CPUs
 	intel-ucode
-	# Tools for squashfs, a highly compressed read-only filesystem for Linux
-	squashfs-tools
 	# Userspace utilities for linux-erofs file system
-	erofs-utils
+	#erofs-utils
 	# Btrfs filesystem utilities
 	btrfs-progs
 	# Ext2/3/4 filesystem utilities
 	e2fsprogs
-	# systemd: show QR codes
-	qrencode
-	# systemd: unlocking LUKS2 volumes with FIDO2 token
-	libfido2
-	# systemd: unlocking LUKS2 volumes with TPM2
-	tpm2-tss
+
+RemoveFiles=
+    /usr/include
+    /usr/local
+    /usr/src
+    /usr/lib/cmake
+    /usr/lib/pkgconfig
+
 KernelCommandLine=
 	# prevents access to a shell if boot fails
 	rd.shell=0
@ -58,12 +62,17 @@ KernelCommandLine=

 [Validation]
 SecureBoot=true
-SecureBootKey=/usr/share/secureboot/keys/db/db.key
-SecureBootCertificate=/usr/share/secureboot/keys/db/db.pem
-VerityKey=/usr/share/secureboot/keys/db/db.key
-VerityCertificate=/usr/share/secureboot/keys/db/db.pem
-#SecureBootKey=mkosi.key
-#SecureBootCertificate=mkosi.crt
-#VerityKey=mkosi.key
-#VerityCertificate=mkosi.crt
-#Checksum=true
+SecureBootKey=mkosi.key
+SecureBootCertificate=mkosi.crt
+#SecureBootKey=/usr/share/secureboot/keys/db/db.key
+#SecureBootCertificate=/usr/share/secureboot/keys/db/db.pem
+SignExpectedPcr=true
+VerityKey=mkosi.key
+VerityCertificate=mkosi.crt
+#VerityKey=/usr/share/secureboot/keys/db/db.key
+#VerityCertificate=/usr/share/secureboot/keys/db/db.pem
+Checksum=true
+
+[Host]
+Incremental=true
+ToolsTree=default
--- a/mkosi.extra/usr/lib/repart.d/00-esp.conf
+++ b/mkosi.extra/usr/lib/repart.d/00-esp.conf
@ -1,4 +1,3 @@
 [Partition]
 Type=esp
-SizeMinBytes=1G
-SizeMaxBytes=1G
+CopyBlocks=auto
--- a/mkosi.extra/usr/lib/repart.d/20-usr-a.conf
+++ b/mkosi.extra/usr/lib/repart.d/20-usr-a.conf
@ -1,3 +1,3 @@
 [Partition]
 Type=usr
-SizeMinBytes=1G
+CopyBlocks=auto
--- a/mkosi.extra/usr/lib/repart.d/21-usr-verity-a.conf
+++ b/mkosi.extra/usr/lib/repart.d/21-usr-verity-a.conf
@ -1,4 +1,3 @@
 [Partition]
 Type=usr-verity
-SizeMinBytes=64M
-SizeMaxBytes=256M
+CopyBlocks=auto
--- a/mkosi.extra/usr/lib/repart.d/22-usr-verity-signature-a.conf
+++ b/mkosi.extra/usr/lib/repart.d/22-usr-verity-signature-a.conf
@ -1,2 +1,6 @@
 [Partition]
-Type=usr-verity-sig
+Type=usr-verity-sig
+CopyBlocks=auto
+# https://github.com/systemd/systemd/issues/25362
+#SizeMinBytes=16K
+#SizeMaxBytes=16K
--- a/mkosi.extra/usr/lib/repart.d/40-root.conf
+++ b/mkosi.extra/usr/lib/repart.d/40-root.conf
@ -1,6 +1,12 @@
 [Partition]
 Type=root
 Format=btrfs
-SizeMinBytes=100M
+FactoryReset=true
+#SizeMinBytes=100M
 Encrypt=key-file+tpm2
-FactoryReset=true
+MakeDirectories=/etc
+MakeDirectories=/var
+MakeDirectories=/srv
+Subvolumes=/etc
+Subvolumes=/var
+Subvolumes=/srv
--- a/mkosi.extra/usr/lib/repart.d/60-home.conf
+++ b/mkosi.extra/usr/lib/repart.d/60-home.conf
@ -1,5 +1,5 @@
 [Partition]
 Type=home
 Format=ext4
-SizeMinBytes=100M
-FactoryReset=false
+FactoryReset=false
+#SizeMinBytes=100M
--- a/mkosi.repart/00-esp.conf
+++ b/mkosi.repart/00-esp.conf
@ -1,8 +1,8 @@
 [Partition]
 Type=esp
+SizeMinBytes=1G
+SizeMaxBytes=1G
 Format=vfat
 CopyFiles=/efi:/
 ExcludeFilesTarget=/efi/EFI/systemd/systemd-bootia32.efi
-ExcludeFilesTarget=/efi/EFI/BOOT/BOOTIA32.EFI
-SizeMinBytes=1G
-SizeMaxBytes=1G
+ExcludeFilesTarget=/efi/EFI/BOOT/BOOTIA32.EFI
--- a/mkosi.repart/20-usr-a.conf
+++ b/mkosi.repart/20-usr-a.conf
@ -1,8 +1,9 @@
 [Partition]
 Type=usr
-Format=erofs
-CopyFiles=/usr:/
-SizeMinBytes=1G
-Minimize=best
+Label=%M_%A
+#SizeMinBytes=1G
+Minimize=true
 Verity=data
-VerityMatchKey=usr
+VerityMatchKey=usr
+Format=erofs
+CopyFiles=/usr:/
--- a/mkosi.repart/21-usr-verity-a.conf
+++ b/mkosi.repart/21-usr-verity-a.conf
@ -1,8 +1,9 @@
 [Partition]
 Type=usr-verity
+Label=%M_%A
 SizeMinBytes=64M
 SizeMaxBytes=256M
-Minimize=best
+Minimize=true
 Verity=hash
 VerityMatchKey=usr
 # Explicitly set the hash and data block size to 4K
--- a/mkosi.repart/22-usr-verity-signature-a.conf
+++ b/mkosi.repart/22-usr-verity-signature-a.conf
@ -1,4 +1,5 @@
 [Partition]
 Type=usr-verity-sig
+Label=%M_%A
 Verity=signature
 VerityMatchKey=usr
--- a/mkosi.rootpw
+++ b/mkosi.rootpw
@ -0,0 +1 @@
+password
--- a/mkosi.version
+++ b/mkosi.version
@ -0,0 +1 @@
+0.0.0