Compare commits
6 commits
1d6e7c3e8a
...
a89604704e
Author | SHA1 | Date | |
---|---|---|---|
a89604704e | |||
82997da5b3 | |||
9f37e6c755 | |||
069b64a8c5 | |||
f193311e4d | |||
2b865999d3 |
|
@ -8,39 +8,43 @@ CleanPackageMetadata=no
|
|||
Packages=
|
||||
# Minimal package set to define a basic Arch Linux installation
|
||||
# Based on "base" group, without pacman, mkinitcpio and archlinux-keyring
|
||||
# very very base
|
||||
filesystem
|
||||
gcc-libs
|
||||
glibc
|
||||
bash
|
||||
bzip2
|
||||
# POSIX tools
|
||||
coreutils
|
||||
file
|
||||
filesystem
|
||||
findutils
|
||||
gawk
|
||||
gcc-libs
|
||||
gettext
|
||||
glibc
|
||||
grep
|
||||
gzip
|
||||
iproute2
|
||||
iputils
|
||||
licenses
|
||||
pciutils
|
||||
procps-ng
|
||||
psmisc
|
||||
sed
|
||||
shadow
|
||||
tar
|
||||
# standard linux toolset
|
||||
gettext
|
||||
pciutils
|
||||
psmisc
|
||||
shadow
|
||||
util-linux
|
||||
bzip2
|
||||
gzip
|
||||
xz
|
||||
# system and service manager
|
||||
# distro defined requirements
|
||||
licenses
|
||||
systemd
|
||||
# sysvinit compat for systemd
|
||||
systemd-sysvcompat
|
||||
iputils
|
||||
iproute2
|
||||
|
||||
# systemd: show QR codes (systemd-bsod)
|
||||
qrencode
|
||||
# systemd: unlocking LUKS2 volumes with FIDO2 token
|
||||
libfido2
|
||||
# systemd: unlocking LUKS2 volumes with TPM2
|
||||
tpm2-tss
|
||||
|
||||
# The Linux kernel and modules
|
||||
linux
|
||||
# linux: firmware images needed for some devices
|
||||
|
@ -51,19 +55,23 @@ Packages=
|
|||
amd-ucode
|
||||
# Microcode update image for Intel CPUs
|
||||
intel-ucode
|
||||
|
||||
# Firmware updates
|
||||
# gnome-control-center: device security panel
|
||||
fwupd
|
||||
|
||||
# Userspace utilities for linux-erofs file system
|
||||
erofs-utils
|
||||
# Btrfs filesystem utilities
|
||||
btrfs-progs
|
||||
# Ext2/3/4 filesystem utilities
|
||||
e2fsprogs
|
||||
|
||||
# Userspace components of the audit framework
|
||||
audit
|
||||
# Mandatory Access Control (MAC) using Linux Security Module (LSM)
|
||||
apparmor
|
||||
|
||||
# Give certain users the ability to run some commands as root
|
||||
sudo
|
||||
# command line tool and library for transferring data with URLs
|
||||
|
|
|
@ -2,4 +2,8 @@
|
|||
enable apparmor.service
|
||||
|
||||
# Displays boot-time emergency log message in full screen.
|
||||
enable systemd-bsod.service
|
||||
enable systemd-bsod.service
|
||||
|
||||
# Populates empty /etc/ca-certificates/extracted/, /etc/ssl/certs
|
||||
# and /etc/ssl/certs/java/cacerts on new user root
|
||||
enable update-ca-certificates.service
|
|
@ -0,0 +1,9 @@
|
|||
[Unit]
|
||||
Description=Update CA certificates
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/usr/bin/update-ca-trust extract
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -0,0 +1,13 @@
|
|||
# based on PKGBUILD of package apparmor
|
||||
|
||||
# setup /etc
|
||||
d /etc/apparmor.d/ 0755 root root
|
||||
d /etc/apparmor/ 0755 root root
|
||||
|
||||
# copy from factory when missing
|
||||
C+ /etc/apparmor.d/
|
||||
C /etc/apparmor/easyprof.conf
|
||||
C /etc/apparmor/logprof.conf
|
||||
C /etc/apparmor/notify.conf
|
||||
C /etc/apparmor/parser.conf
|
||||
C /etc/apparmor/severity.db
|
|
@ -0,0 +1,17 @@
|
|||
# based on PKGBUILD of package audit
|
||||
|
||||
# setup /etc
|
||||
d /etc/audit/ 0755 root root
|
||||
d /etc/audit/plugins.d/ 0755 root root
|
||||
d /etc/audit/rules.d/ 0755 root root
|
||||
|
||||
# copy from factory when missing
|
||||
C /etc/audit/audisp-remote.conf
|
||||
C /etc/audit/audit-stop.rules
|
||||
C /etc/audit/auditd.conf
|
||||
C /etc/audit/plugins.d/af_unix.conf
|
||||
C /etc/audit/plugins.d/au-remote.conf
|
||||
C /etc/audit/plugins.d/audispd-zos-remote.conf
|
||||
C /etc/audit/plugins.d/syslog.conf
|
||||
C /etc/audit/zos-remote.conf
|
||||
C /etc/libaudit.conf
|
|
@ -0,0 +1,11 @@
|
|||
# based on PKGBUILD of package bash
|
||||
|
||||
# setup /etc
|
||||
d /etc/skel/ 0755 root root
|
||||
|
||||
# copy from factory when missing
|
||||
C /etc/bash.bash_logout
|
||||
C /etc/bash.bashrc
|
||||
C /etc/skel/.bash_logout
|
||||
C /etc/skel/.bash_profile
|
||||
C /etc/skel/.bashrc
|
|
@ -0,0 +1,26 @@
|
|||
# based on PKGBUILD of package ca-certificates
|
||||
|
||||
# setup /etc
|
||||
d /etc/ca-certificates/ 0755 root root
|
||||
d /etc/ca-certificates/update.d/ 0755 root root
|
||||
d /etc/ca-certificates/trust-source/ 0755 root root
|
||||
d /etc/ca-certificates/trust-source/anchors/ 0755 root root
|
||||
d /etc/ca-certificates/trust-source/blocklist/ 0755 root root
|
||||
d /etc/ssl/ 0755 root root
|
||||
d /etc/ssl/certs/ 0755 root root
|
||||
|
||||
# copy from factory when missing
|
||||
C /etc/ca-certificates.conf
|
||||
C /etc/ca-certificates/README
|
||||
C /etc/ca-certificates/trust-source/README
|
||||
C /etc/ca-certificates/extracted/README
|
||||
C /etc/ssl/README
|
||||
C /etc/ssl/certs/java/README
|
||||
|
||||
# Compatibility link for OpenSSL using /etc/ssl as CAdir
|
||||
# Used in preference to the individual links in /etc/ssl/certs
|
||||
L /etc/ssl/cert.pem - - - /etc/ca-certificates/extracted/tls-ca-bundle.pem
|
||||
# Compatibility link for legacy bundle (Debian)
|
||||
L /etc/ssl/certs/ca-certificates.crt - - - /etc/ca-certificates/extracted/tls-ca-bundle.pem
|
||||
# Compatibility link for legacy bundle (RHEL/Fedora)
|
||||
L /etc/ssl/certs/ca-bundle.crt - - - /etc/ca-certificates/extracted/tls-ca-bundle.pem
|
|
@ -0,0 +1,5 @@
|
|||
# based on PKGBUILD of package e2fsprogs
|
||||
|
||||
# copy from factory when missing
|
||||
C /etc/e2scrub.conf
|
||||
C /etc/mke2fs.conf
|
|
@ -0,0 +1,38 @@
|
|||
# based on PKGBUILD of package filesystem
|
||||
|
||||
# setup root filesystem
|
||||
d /srv/http/ 0755 root root
|
||||
# vsftpd won't run with write perms on /srv/ftp
|
||||
# ftp (uid 14/gid 11)
|
||||
d /srv/ftp/ 0555 root ftp
|
||||
|
||||
# setup /etc
|
||||
d /etc/ld.so.conf.d/ 0755 root root
|
||||
d /etc/skel/ 0755 root root
|
||||
d /etc/profile.d/ 0755 root root
|
||||
|
||||
# copy from factory when missing
|
||||
C /etc/profile.d/locale.sh
|
||||
C /etc/resolv.conf
|
||||
|
||||
# link from factory
|
||||
L+ /etc/arch-release
|
||||
L /etc/protocols
|
||||
L /etc/services
|
||||
|
||||
# setup /var
|
||||
d /var/cache/ 0755 root root
|
||||
d /var/local/ 0755 root root
|
||||
d /var/opt/ 0755 root root
|
||||
d /var/log/ 0755 root root
|
||||
d /var/lib/ 0755 root root
|
||||
d /var/lib/misc/ 0755 root root
|
||||
d /var/empty/ 0755 root root
|
||||
d /var/tmp/ 1777 root root
|
||||
d /var/spool/mail/ 1777 root root
|
||||
|
||||
# allow setgid games (gid 50) to write scores
|
||||
d /var/games/ 0775 root games
|
||||
L /var/mail/ - - - spool/mail/
|
||||
L /var/run/ - - - /run/
|
||||
L /var/lock/ - - - /run/lock/
|
|
@ -0,0 +1,25 @@
|
|||
# based on PKGBUILD of package fwupd
|
||||
|
||||
# setup /etc
|
||||
d /etc/fwupd/ 0755 root root
|
||||
d /etc/fwupd/bios-settings.d/ 0755 root root
|
||||
d /etc/fwupd/remotes.d/ 0755 root root
|
||||
d /etc/grub.d/ 0755 root root
|
||||
d /etc/pki/fwupd-metadata/ 0755 root root
|
||||
d /etc/pki/fwupd/ 0755 root root
|
||||
|
||||
# copy from factory when missing
|
||||
C /etc/fwupd/bios-settings.d/README.md
|
||||
C /etc/fwupd/fwupd.conf
|
||||
C /etc/fwupd/remotes.d/fwupd-tests.conf
|
||||
C /etc/fwupd/remotes.d/lvfs-testing.conf
|
||||
C /etc/fwupd/remotes.d/lvfs.conf
|
||||
C /etc/fwupd/remotes.d/vendor-directory.conf
|
||||
C /etc/fwupd/remotes.d/vendor.conf
|
||||
C /etc/grub.d/35_fwupd
|
||||
C /etc/pki/fwupd-metadata/GPG-KEY-Linux-Foundation-Metadata
|
||||
C /etc/pki/fwupd-metadata/GPG-KEY-Linux-Vendor-Firmware-Service
|
||||
C /etc/pki/fwupd-metadata/LVFS-CA.pem
|
||||
C /etc/pki/fwupd/GPG-KEY-Linux-Foundation-Firmware
|
||||
C /etc/pki/fwupd/GPG-KEY-Linux-Vendor-Firmware-Service
|
||||
C /etc/pki/fwupd/LVFS-CA.pem
|
|
@ -0,0 +1,8 @@
|
|||
# based on PKGBUILD of package gawk
|
||||
|
||||
# setup /etc
|
||||
d /etc/profile.d/ 0755 root root
|
||||
|
||||
# copy from factory when missing
|
||||
C /etc/profile.d/gawk.csh
|
||||
C /etc/profile.d/gawk.sh
|
|
@ -0,0 +1,6 @@
|
|||
# based on PKGBUILD of package glibc
|
||||
|
||||
# copy from factory when missing
|
||||
C /etc/gai.conf
|
||||
C /etc/locale.gen
|
||||
C /etc/rpc
|
|
@ -0,0 +1,9 @@
|
|||
# based on PKGBUILD of package gnutls
|
||||
|
||||
# setup /etc
|
||||
d /etc/gnutls/ 0755 root root
|
||||
d /etc/modules-load.d/ 0755 root root
|
||||
|
||||
# copy from factory when missing
|
||||
C /etc/gnutls/config
|
||||
C /etc/modules-load.d/gnutls.conf
|
|
@ -0,0 +1,11 @@
|
|||
# based on PKGBUILD of package iptables
|
||||
|
||||
# setup /etc
|
||||
d /etc/iptables/ 0755 root root
|
||||
|
||||
# copy from factory when missing
|
||||
C /etc/ethertypes
|
||||
C /etc/iptables/empty.rules
|
||||
C /etc/iptables/ip6tables.rules
|
||||
C /etc/iptables/iptables.rules
|
||||
C /etc/iptables/simple_firewall.rules
|
|
@ -0,0 +1,7 @@
|
|||
# based on PKGBUILD of package kbd
|
||||
|
||||
# setup /etc
|
||||
d /etc/pam.d/ 0755 root root
|
||||
|
||||
# copy from factory when missing
|
||||
C /etc/pam.d/vlock
|
|
@ -0,0 +1,5 @@
|
|||
# based on PKGBUILD of package kmod
|
||||
|
||||
# setup /etc
|
||||
d /etc/depmod.d/ 0755 root root
|
||||
d /etc/modprobe.d/ 0755 root root
|
|
@ -0,0 +1,7 @@
|
|||
# based on PKGBUILD of package neovim
|
||||
|
||||
# setup /etc
|
||||
d /etc/xdg/nvim/ 0755 root root
|
||||
|
||||
# copy from factory when missing
|
||||
C /etc/xdg/nvim/sysinit.vim
|
|
@ -0,0 +1,16 @@
|
|||
# based on PKGBUILD of package openssl
|
||||
|
||||
# setup /etc
|
||||
d /etc/ssl/ 0755 root root
|
||||
d /etc/ssl/certs/ 0755 root root
|
||||
d /etc/ssl/misc/ 0755 root root
|
||||
d /etc/ssl/private/ 0755 root root
|
||||
|
||||
# copy from factory when missing
|
||||
C /etc/ssl/ct_log_list.cnf
|
||||
C /etc/ssl/ct_log_list.cnf.dist
|
||||
C /etc/ssl/misc/CA.pl
|
||||
C /etc/ssl/misc/tsget
|
||||
C /etc/ssl/misc/tsget.pl
|
||||
C /etc/ssl/openssl.cnf
|
||||
C /etc/ssl/openssl.cnf.dist
|
|
@ -0,0 +1,26 @@
|
|||
# based on PKGBUILD of package pam/pambase
|
||||
|
||||
# setup /etc
|
||||
# pam
|
||||
d /etc/security/ 0755 root root
|
||||
# pambase
|
||||
d /etc/pam.d/ 0755 root root
|
||||
|
||||
# copy from factory when missing
|
||||
# pam
|
||||
C /etc/security/access.conf
|
||||
C /etc/security/faillock.conf
|
||||
C /etc/security/group.conf
|
||||
C /etc/security/limits.conf
|
||||
C /etc/security/namespace.conf
|
||||
C /etc/security/namespace.init
|
||||
C /etc/security/pam_env.conf
|
||||
C /etc/security/pwhistory.conf
|
||||
C /etc/security/time.conf
|
||||
# pambase
|
||||
C /etc/pam.d/other
|
||||
C /etc/pam.d/system-auth
|
||||
C /etc/pam.d/system-local-login
|
||||
C /etc/pam.d/system-login
|
||||
C /etc/pam.d/system-remote-login
|
||||
C /etc/pam.d/system-services
|
|
@ -0,0 +1,8 @@
|
|||
# based on PKGBUILD of package polkit
|
||||
|
||||
# setup /etc
|
||||
d /etc/pam.d/ 0755 root root
|
||||
d /etc/polkit-1/rules.d/ 0755 root root
|
||||
|
||||
# copy from factory when missing
|
||||
C /etc/pam.d/polit-1
|
|
@ -0,0 +1,4 @@
|
|||
# based on PKGBUILD of package readline
|
||||
|
||||
# copy from factory when missing
|
||||
C /etc/inputrc
|
|
@ -0,0 +1,13 @@
|
|||
# based on PKGBUILD of package shadow
|
||||
|
||||
# setup /etc
|
||||
d /etc/default/ 0755 root root
|
||||
d /etc/pam.d/ 0755 root root
|
||||
|
||||
# copy from factory when missing
|
||||
C /etc/login.defs
|
||||
C /etc/default/useradd
|
||||
C /etc/pam.d/useradd
|
||||
C /etc/pam.d/groupmems
|
||||
C /etc/pam.d/newusers
|
||||
C /etc/pam.d/passwd
|
|
@ -0,0 +1,10 @@
|
|||
# based on PKGBUILD of package sudo
|
||||
|
||||
# setup /etc
|
||||
d /etc/pam.d/ 0755 root root
|
||||
d /etc/sudoers.d/ 0755 root root
|
||||
|
||||
# copy from factory when missing
|
||||
C /etc/pam.d/sudo
|
||||
C /etc/sudo.conf
|
||||
C /etc/sudo_logsrvd.conf
|
|
@ -0,0 +1,49 @@
|
|||
# based on PKGBUILD of package systemd
|
||||
|
||||
# setup /etc
|
||||
d /etc/pam.d/ 0755 root root
|
||||
d /etc/binfmt.d/ 0755 root root
|
||||
d /etc/credstore.encrypted/ 0755 root root
|
||||
d /etc/credstore/ 0755 root root
|
||||
d /etc/kernel/ 0755 root root
|
||||
d /etc/kernel/install.d/ 0755 root root
|
||||
d /etc/modules-load.d/ 0755 root root
|
||||
d /etc/sysctl.d/ 0755 root root
|
||||
d /etc/systemd/ 0755 root root
|
||||
d /etc/systemd/network/ 0755 root root
|
||||
d /etc/systemd/system/ 0755 root root
|
||||
d /etc/systemd/user/ 0755 root root
|
||||
d /etc/tmpfiles.d/ 0755 root root
|
||||
d /etc/udev/ 0755 root root
|
||||
d /etc/udev/hwdb.d/ 0755 root root
|
||||
d /etc/udev/rules.d/ 0755 root root
|
||||
d /etc/xdg/ 0755 root root
|
||||
d /etc/xdg/systemd/ 0755 root root
|
||||
d /etc/xdg/systemd/user/ 0755 root root
|
||||
|
||||
# copy from factory when missing
|
||||
C /etc/X11/xinit/xinitrc.d/50-systemd-user.sh
|
||||
# overwrite the systemd-user PAM configuration with our own
|
||||
C /etc/pam.d/systemd-user
|
||||
C /etc/systemd/coredump.conf
|
||||
C /etc/systemd/homed.conf
|
||||
C /etc/systemd/journal-remote.conf
|
||||
C /etc/systemd/journal-upload.conf
|
||||
C /etc/systemd/journald.conf
|
||||
C /etc/systemd/logind.conf
|
||||
C /etc/systemd/network/networkd.conf
|
||||
C /etc/systemd/oomd.conf
|
||||
C /etc/systemd/pstore.conf
|
||||
C /etc/systemd/resolved.conf
|
||||
C /etc/systemd/sleep.conf
|
||||
C /etc/systemd/system.conf
|
||||
C /etc/systemd/timesyncd.conf
|
||||
C /etc/systemd/user.conf
|
||||
C /etc/udev/iocost.conf
|
||||
C /etc/udev/udev.conf
|
||||
|
||||
# setup /var
|
||||
# The group 'systemd-journal' is allocated dynamically and may have varying
|
||||
# gid on different systems. Let's install with gid 0 (root), systemd-tmpfiles
|
||||
# will fix the permissions for us. (see /usr/lib/tmpfiles.d/systemd.conf)
|
||||
d /var/log/journal 2755 root root
|
|
@ -0,0 +1,10 @@
|
|||
# based on PKGBUILD of package tpm2-tss
|
||||
|
||||
# setup /etc
|
||||
d /etc/tpm2-tss/ 0755 root root
|
||||
d /etc/tpm2-tss/fapi-profiles/ 0755 root root
|
||||
|
||||
# copy from factory when missing
|
||||
C /etc/tpm2-tss/fapi-config.json
|
||||
C /etc/tpm2-tss/fapi-profiles/P_ECCP256SHA256.json
|
||||
C /etc/tpm2-tss/fapi-profiles/P_RSA2048SHA256.json
|
|
@ -0,0 +1,11 @@
|
|||
# based on PKGBUILD of package util-linux
|
||||
|
||||
# copy from factory when missing
|
||||
C /etc/pam.d/chfn
|
||||
C /etc/pam.d/chsh
|
||||
C /etc/pam.d/login
|
||||
C /etc/pam.d/remote
|
||||
C /etc/pam.d/runuser
|
||||
C /etc/pam.d/runuser-l
|
||||
C /etc/pam.d/su
|
||||
C /etc/pam.d/su-l
|
|
@ -0,0 +1,7 @@
|
|||
# based on PKGBUILD of package wireless-regdb
|
||||
|
||||
# setup /etc
|
||||
d /etc/conf.d/ 0755 root root
|
||||
|
||||
# copy from factory when missing
|
||||
C /etc/conf.d/wireless-regdom
|
|
@ -0,0 +1 @@
|
|||
L+ /etc/resolv.conf - - - /run/systemd/resolve/stub-resolv.conf
|
|
@ -0,0 +1,5 @@
|
|||
# Create missing directories for update-ca-certificates.service
|
||||
d /etc/ca-certificates/extracted/ 0755 root root - -
|
||||
d /etc/ca-certificates/extracted/cadir/ 0755 root root - -
|
||||
d /etc/ssl/certs/ 0755 root root - -
|
||||
d /etc/ssl/certs/java/ 0755 root root - -
|
238
mkosi.images/base/mkosi.postinst.chroot
Normal file
238
mkosi.images/base/mkosi.postinst.chroot
Normal file
|
@ -0,0 +1,238 @@
|
|||
#!/bin/bash
|
||||
ETC_FACTORY_DIR=/usr/share/factory/etc
|
||||
|
||||
# copy additional files provided by package filesystem to factory
|
||||
cp -af /etc/arch-release $ETC_FACTORY_DIR/
|
||||
cp -af /etc/resolv.conf $ETC_FACTORY_DIR/
|
||||
cp -af /etc/protocols $ETC_FACTORY_DIR/
|
||||
cp -af /etc/services $ETC_FACTORY_DIR/
|
||||
|
||||
install -d -m0755 $ETC_FACTORY_DIR/profile.d/
|
||||
cp -af /etc/profile.d/locale.sh $ETC_FACTORY_DIR/profile.d/
|
||||
|
||||
# copy files provided by package shadow to factory
|
||||
cp -af /etc/login.defs $ETC_FACTORY_DIR/
|
||||
|
||||
install -d -m0755 $ETC_FACTORY_DIR/default
|
||||
cp -af /etc/default/useradd $ETC_FACTORY_DIR/default/
|
||||
|
||||
install -d -m0755 $ETC_FACTORY_DIR/pam.d
|
||||
cp -af /etc/pam.d/chpasswd $ETC_FACTORY_DIR/pam.d/
|
||||
cp -af /etc/pam.d/groupmems $ETC_FACTORY_DIR/pam.d/
|
||||
cp -af /etc/pam.d/newusers $ETC_FACTORY_DIR/pam.d/
|
||||
cp -af /etc/pam.d/passwd $ETC_FACTORY_DIR/pam.d/
|
||||
|
||||
# copy files provided by package systemd to factory
|
||||
install -d -m0755 $ETC_FACTORY_DIR/X11/xinit/xinitrc.d/
|
||||
cp -af /etc/X11/xinit/xinitrc.d/50-systemd-user.sh $ETC_FACTORY_DIR/X11/xinit/xinitrc.d/
|
||||
|
||||
install -d -m0755 $ETC_FACTORY_DIR/pam.d/
|
||||
cp -af /etc/pam.d/systemd-user $ETC_FACTORY_DIR/pam.d/
|
||||
|
||||
install -d -m0755 $ETC_FACTORY_DIR/systemd/
|
||||
cp -af /etc/systemd/coredump.conf $ETC_FACTORY_DIR/systemd/
|
||||
cp -af /etc/systemd/homed.conf $ETC_FACTORY_DIR/systemd/
|
||||
cp -af /etc/systemd/journal-remote.conf $ETC_FACTORY_DIR/systemd/
|
||||
cp -af /etc/systemd/journal-upload.conf $ETC_FACTORY_DIR/systemd/
|
||||
cp -af /etc/systemd/journald.conf $ETC_FACTORY_DIR/systemd/
|
||||
cp -af /etc/systemd/logind.conf $ETC_FACTORY_DIR/systemd/
|
||||
cp -af /etc/systemd/oomd.conf $ETC_FACTORY_DIR/systemd/
|
||||
cp -af /etc/systemd/pstore.conf $ETC_FACTORY_DIR/systemd/
|
||||
cp -af /etc/systemd/resovled.conf $ETC_FACTORY_DIR/systemd/
|
||||
cp -af /etc/systemd/sleep.conf $ETC_FACTORY_DIR/systemd/
|
||||
cp -af /etc/systemd/system.conf $ETC_FACTORY_DIR/systemd/
|
||||
cp -af /etc/systemd/timesyncd.conf $ETC_FACTORY_DIR/systemd/
|
||||
cp -af /etc/systemd/user.conf $ETC_FACTORY_DIR/systemd/
|
||||
|
||||
install -d -m0755 $ETC_FACTORY_DIR/systemd/network/
|
||||
cp -af /etc/systemd/network/networkd.conf $ETC_FACTORY_DIR/systemd/network/
|
||||
|
||||
install -d -m0755 $ETC_FACTORY_DIR/udev/
|
||||
cp -af /etc/udev/iocost.conf $ETC_FACTORY_DIR/udev/
|
||||
cp -af /etc/udev/udev.conf $ETC_FACTORY_DIR/udev/
|
||||
|
||||
# copy files provided by package audit to factory
|
||||
cp -af /etc/libaudit.conf $ETC_FACTORY_DIR/
|
||||
|
||||
install -d -m0755 $ETC_FACTORY_DIR/audit/
|
||||
cp -af /etc/audit/audisp-remote.conf $ETC_FACTORY_DIR/audit/
|
||||
cp -af /etc/audit/audit-stop.rules $ETC_FACTORY_DIR/audit/
|
||||
cp -af /etc/audit/auditd.conf $ETC_FACTORY_DIR/audit/
|
||||
cp -af /etc/audit/zos-remote.conf $ETC_FACTORY_DIR/audit/
|
||||
|
||||
install -d -m0755 $ETC_FACTORY_DIR/audit/plugins.d/
|
||||
cp -af /etc/audit/plugins.d/af_unix.conf $ETC_FACTORY_DIR/audit/plugins.d/
|
||||
cp -af /etc/audit/plugins.d/au-remote.conf $ETC_FACTORY_DIR/audit/plugins.d/
|
||||
cp -af /etc/audit/plugins.d/audispd-zos-remote.conf $ETC_FACTORY_DIR/audit/plugins.d/
|
||||
cp -af /etc/audit/plugins.d/syslog.conf $ETC_FACTORY_DIR/audit/plugins.d/
|
||||
|
||||
# copy files provided by package apparmor to factory
|
||||
install -d -m0755 $ETC_FACTORY_DIR/apparmor.d/
|
||||
cp -af --recursive /etc/apparmor.d/ $ETC_FACTORY_DIR/apparmor.d/
|
||||
|
||||
install -d -m0755 $ETC_FACTORY_DIR/apparmor/
|
||||
cp -af /etc/apparmor/easyprof.conf $ETC_FACTORY_DIR/apparmor/
|
||||
cp -af /etc/apparmor/logprof.conf $ETC_FACTORY_DIR/apparmor/
|
||||
cp -af /etc/apparmor/notify.conf $ETC_FACTORY_DIR/apparmor/
|
||||
cp -af /etc/apparmor/parser.conf $ETC_FACTORY_DIR/apparmor/
|
||||
cp -af /etc/apparmor/severity.db $ETC_FACTORY_DIR/apparmor/
|
||||
|
||||
# copy files provided by package tpm2-tss to factory
|
||||
install -d -m0755 $ETC_FACTORY_DIR/tpm2-tss/
|
||||
cp -af /etc/tpm2-tss/fapi-config.json $ETC_FACTORY_DIR/tpm2-tss/
|
||||
|
||||
install -d -m0755 $ETC_FACTORY_DIR/tpm2-tss/fapi-profiles/
|
||||
cp -af /etc/tpm2-tss/fapi-profiles/P_ECCP256SHA256.json $ETC_FACTORY_DIR/tpm2-tss/fapi-profiles/
|
||||
cp -af /etc/tpm2-tss/fapi-profiles/P_RSA2048SHA256.json $ETC_FACTORY_DIR/tpm2-tss/fapi-profiles/
|
||||
|
||||
# copy files provided by package bash to factory
|
||||
cp -af /etc/bash.bash_logout $ETC_FACTORY_DIR/
|
||||
cp -af /etc/bash.rc $ETC_FACTORY_DIR/
|
||||
|
||||
install -d -m0755 $ETC_FACTORY_DIR/skel/
|
||||
cp -af /etc/.bash_logout $ETC_FACTORY_DIR/skel/
|
||||
cp -af /etc/.bash_profile $ETC_FACTORY_DIR/skel/
|
||||
cp -af /etc/.bashrc $ETC_FACTORY_DIR/skel/
|
||||
|
||||
# copy files provided by package kbd to factory
|
||||
install -d -m0755 $ETC_FACTORY_DIR/pam.d/
|
||||
cp -af /etc/pam.d/vlock $ETC_FACTORY_DIR/pam.d/
|
||||
|
||||
# copy files provided by package pam/pambase to factory
|
||||
# pam
|
||||
install -d -m0755 $ETC_FACTORY_DIR/security/
|
||||
cp -af /etc/security/access.conf $ETC_FACTORY_DIR/security/
|
||||
cp -af /etc/security/faillock.conf $ETC_FACTORY_DIR/security/
|
||||
cp -af /etc/security/group.conf $ETC_FACTORY_DIR/security/
|
||||
cp -af /etc/security/limits.conf $ETC_FACTORY_DIR/security/
|
||||
cp -af /etc/security/namespace.conf $ETC_FACTORY_DIR/security/
|
||||
cp -af /etc/security/namespace.init $ETC_FACTORY_DIR/security/
|
||||
cp -af /etc/security/pam_env.conf $ETC_FACTORY_DIR/security/
|
||||
cp -af /etc/security/pwhistory.conf $ETC_FACTORY_DIR/security/
|
||||
cp -af /etc/security/time.conf $ETC_FACTORY_DIR/security/
|
||||
# pambase
|
||||
install -d -m0755 $ETC_FACTORY_DIR/pam.d/
|
||||
cp -af /etc/pam.d/other $ETC_FACTORY_DIR/pam.d/
|
||||
cp -af /etc/pam.d/system-auth $ETC_FACTORY_DIR/pam.d/
|
||||
cp -af /etc/pam.d/system-local-login $ETC_FACTORY_DIR/pam.d/
|
||||
cp -af /etc/pam.d/system-login $ETC_FACTORY_DIR/pam.d/
|
||||
cp -af /etc/pam.d/system-remote-login $ETC_FACTORY_DIR/pam.d/
|
||||
cp -af /etc/pam.d/system-services $ETC_FACTORY_DIR/pam.d/
|
||||
|
||||
# copy files provided by package readline to factory
|
||||
cp -af /etc/inputrc $ETC_FACTORY_DIR/
|
||||
|
||||
# copy files provided by package util-linux to factory
|
||||
install -d -m0755 $ETC_FACTORY_DIR/pam.d
|
||||
cp -af /etc/pam.d/chfn $ETC_FACTORY_DIR/pam.d/
|
||||
cp -af /etc/pam.d/chsh $ETC_FACTORY_DIR/pam.d/
|
||||
cp -af /etc/pam.d/login $ETC_FACTORY_DIR/pam.d/
|
||||
cp -af /etc/pam.d/remote $ETC_FACTORY_DIR/pam.d/
|
||||
cp -af /etc/pam.d/runuser $ETC_FACTORY_DIR/pam.d/
|
||||
cp -af /etc/pam.d/runuser-l $ETC_FACTORY_DIR/pam.d/
|
||||
cp -af /etc/pam.d/su $ETC_FACTORY_DIR/pam.d/
|
||||
cp -af /etc/pam.d/su-l $ETC_FACTORY_DIR/pam.d/
|
||||
|
||||
# copy files provided by package glibc to factory
|
||||
cp -af /etc/gai.conf $ETC_FACTORY_DIR/
|
||||
cp -af /etc/locale.gen $ETC_FACTORY_DIR/
|
||||
cp -af /etc/rpc $ETC_FACTORY_DIR/
|
||||
|
||||
# copy files provided by package openssl to factory
|
||||
install -d -m0755 $ETC_FACTORY_DIR/ssl/
|
||||
cp -af /etc/ssl/ct_log_list.cnf $ETC_FACTORY_DIR/ssl/
|
||||
cp -af /etc/ssl/ct_log_list.cnf.dist $ETC_FACTORY_DIR/ssl/
|
||||
cp -af /etc/ssl/openssl.cnf $ETC_FACTORY_DIR/ssl/
|
||||
cp -af /etc/ssl/openssl.cnf.dist $ETC_FACTORY_DIR/ssl/
|
||||
|
||||
install -d -m0755 $ETC_FACTORY_DIR/ssl/misc/
|
||||
cp -af /etc/ssl/misc/CA.pl $ETC_FACTORY_DIR/ssl/misc/
|
||||
cp -af /etc/ssl/misc/tsget $ETC_FACTORY_DIR/ssl/misc/
|
||||
cp -af /etc/ssl/misc/tsget.pl $ETC_FACTORY_DIR/ssl/misc/
|
||||
|
||||
# copy files provided by package ca-certificates to factory
|
||||
install -d -m0755 $ETC_FACTORY_DIR/ca-certificates/
|
||||
cp -af /etc/ca-certificates/README $ETC_FACTORY_DIR/ca-certificates/
|
||||
|
||||
install -d -m0755 $ETC_FACTORY_DIR/ca-certificates/trust-source/
|
||||
cp -af /etc/ca-certificates/trust-source/README $ETC_FACTORY_DIR/ca-certificates/trust-source/
|
||||
|
||||
install -d -m0755 $ETC_FACTORY_DIR/ca-certificates/extracted/
|
||||
cp -af /etc/ca-certificates/extracted/README $ETC_FACTORY_DIR/ca-certificates/extracted/
|
||||
|
||||
install -d -m0755 $ETC_FACTORY_DIR/ssl/
|
||||
cp -af /etc/ssl/README $ETC_FACTORY_DIR/ssl/
|
||||
|
||||
install -d -m0755 $ETC_FACTORY_DIR/ssl/certs/java/
|
||||
cp -af /etc/ssl/certs/java/README $ETC_FACTORY_DIR/ssl/certs/java/
|
||||
|
||||
# copy files provided by package gawk to factory
|
||||
install -d -m0755 $ETC_FACTORY_DIR/profile.d/
|
||||
cp -af /etc/profile.d/gawk.csh $ETC_FACTORY_DIR/profile.d/
|
||||
cp -af /etc/profile.d/gawk.sh $ETC_FACTORY_DIR/profile.d/
|
||||
|
||||
# copy files provided by package iptables to factory
|
||||
cp -af /etc/ethertypes $ETC_FACTORY_DIR/
|
||||
|
||||
install -d -m0755 $ETC_FACTORY_DIR/iptables/
|
||||
cp -af /etc/iptables/empty.rules $ETC_FACTORY_DIR/iptables/
|
||||
cp -af /etc/iptables/ip6tables.rules $ETC_FACTORY_DIR/iptables/
|
||||
cp -af /etc/iptables/iptables.rules $ETC_FACTORY_DIR/iptables/
|
||||
cp -af /etc/iptables/simple_firewall.rules $ETC_FACTORY_DIR/iptables/
|
||||
|
||||
# copy files provided by package wireless-regdb to factory
|
||||
install -d -m0755 $ETC_FACTORY_DIR/conf.d/
|
||||
cp -af /etc/conf.d/wireless-regdom $ETC_FACTORY_DIR/conf.d/
|
||||
|
||||
# copy files provided by package fwupd to factory
|
||||
install -d -m0755 $ETC_FACTORY_DIR/fwupd/
|
||||
cp -af /etc/fwupd/fwupd.conf $ETC_FACTORY_DIR/fwupd/
|
||||
|
||||
install -d -m0755 $ETC_FACTORY_DIR/fwupd/bios-settings.d/
|
||||
cp -af /etc/fwupd/bios-settings.d/README $ETC_FACTORY_DIR/fwupd/bios-settings.d/
|
||||
|
||||
install -d -m0755 $ETC_FACTORY_DIR/fwupd/remotes.d/
|
||||
cp -af /etc/fwupd/remotes.d/fwupd-tests.conf $ETC_FACTORY_DIR/fwupd/remotes.d/
|
||||
cp -af /etc/fwupd/remotes.d/lvfs-testing.conf $ETC_FACTORY_DIR/fwupd/remotes.d/
|
||||
cp -af /etc/fwupd/remotes.d/lvfs.conf $ETC_FACTORY_DIR/fwupd/remotes.d/
|
||||
cp -af /etc/fwupd/remotes.d/vendor-directory.conf $ETC_FACTORY_DIR/fwupd/remotes.d/
|
||||
cp -af /etc/fwupd/remotes.d/vendor.conf $ETC_FACTORY_DIR/fwupd/remotes.d/
|
||||
|
||||
install -d -m0755 $ETC_FACTORY_DIR/grub.d/
|
||||
cp -af /etc/grub.d/35_fwupd $ETC_FACTORY_DIR/grub.d/
|
||||
|
||||
install -d -m0755 $ETC_FACTORY_DIR/pki/fwupd-metadata/
|
||||
cp -af /etc/pki/fwupd-metadata/GPG-KEY-Linux-Foundation-Metadata $ETC_FACTORY_DIR/pki/fwupd-metadata/
|
||||
cp -af /etc/pki/fwupd-metadata/GPG-KEY-Linux-Vendor-Firmware-Service $ETC_FACTORY_DIR/pki/fwupd-metadata/
|
||||
cp -af /etc/pki/fwupd-metadata/LVFS-CA.pem $ETC_FACTORY_DIR/pki/fwupd-metadata/
|
||||
|
||||
install -d -m0755 $ETC_FACTORY_DIR/pki/fwupd/
|
||||
cp -af /etc/pki/fwupd/GPG-KEY-Linux-Foundation-Metadata $ETC_FACTORY_DIR/pki/fwupd/
|
||||
cp -af /etc/pki/fwupd/GPG-KEY-Linux-Vendor-Firmware-Service $ETC_FACTORY_DIR/pki/fwupd/
|
||||
cp -af /etc/pki/fwupd/LVFS-CA.pem $ETC_FACTORY_DIR/pki/fwupd/
|
||||
|
||||
# copy files provided by package e2fsprogs to factory
|
||||
cp -af /etc/e2scrub.conf $ETC_FACTORY_DIR/
|
||||
cp -af /etc/mke2fs.conf $ETC_FACTORY_DIR/
|
||||
|
||||
# copy files provided by package sudo to factory
|
||||
cp -af /etc/sudo.conf $ETC_FACTORY_DIR/
|
||||
cp -af /etc/sudo_logsrvd.conf $ETC_FACTORY_DIR/
|
||||
|
||||
install -d -m0755 $ETC_FACTORY_DIR/pam.d/
|
||||
cp -af /etc/pam.d/sudo $ETC_FACTORY_DIR/pam.d/
|
||||
|
||||
# copy files provided by package neovim to factory
|
||||
install -d -m0755 $ETC_FACTORY_DIR/xdg/nvim/
|
||||
cp -af /etc/xdg/nvim/sysinit.vim $ETC_FACTORY_DIR/xdg/nvim/
|
||||
|
||||
# copy files provided by package gnutls to factory
|
||||
install -d -m0755 $ETC_FACTORY_DIR/gnutls/
|
||||
cp -af /etc/gnutls/config $ETC_FACTORY_DIR/gnutls/
|
||||
|
||||
install -d -m0755 $ETC_FACTORY_DIR/modules-load.d/
|
||||
cp -af /etc/modules-load.d/gnutls.conf $ETC_FACTORY_DIR/modules-load.d/
|
||||
|
||||
# copy files provided by package polkit to factory
|
||||
install -d -m0755 $ETC_FACTORY_DIR/pam.d/
|
||||
cp -af /etc/pam.d/polkit-1 $ETC_FACTORY_DIR/pam.d/
|
|
@ -13,7 +13,6 @@ CompressOutput=xz
|
|||
[Content]
|
||||
Bootable=yes
|
||||
SourceDateEpoch=0
|
||||
Autologin=yes
|
||||
BaseTrees=../../mkosi.output/base/
|
||||
Initrds=../../mkosi.output/initrd
|
||||
CleanPackageMetadata=yes
|
||||
|
|
Loading…
Reference in a new issue