| Age | Commit message (Collapse) | Author |
|---|
|
The default resolv.conf is empty.
This cause program that depends on resolv.conf for name resolution will
fail.
As a test, we create small Go program "cmd/golookup" that can lookup
IP address of host name using pure Go resolver (using/etc/resolv.conf).
|
|
The original pacman-init.service usage is to populate the pacman keyrings.
Since we install archlinux-keyring package at pacstrap, we did not need
to do it anymore.
On ops-agent, the latest package released that include the same
config.yaml.
|
|
Since around 13 December 2025, the gce repository return an error 403,
error: failed retrieving file 'gce.db' from storage.googleapis.com
: The requested URL returned error: 403
We then build google-compute-engine and google-guest-agent and host it
under build.kilabit.info repository using the latest releases [1][2].
For google-compute-engine we use version 20251014.00-1.
For google-guest-agent we use version 20251223.00-1.
[1]: https://build.kilabit.info/karajo/app/#job_aur_google-compute-engine
[2]: https://build.kilabit.info/karajo/app/#job_aur_google-guest-agent
|
|
An image that build for qemu will have user "arch" with predefined
SSH keys, so user can access the guest from host either using SSH key
or password.
|
|
This remove dhclient and add polkit as dependencies for systemd-hostnamed.
|
|
Recent build return the following error,
2025-11-15 02:01:28 UTC job: gcp-image-arch: rm: cannot remove '/boot/initramfs-linux-fallback.img': No such file or directory
2025-11-15 02:01:28 UTC job: gcp-image-arch: Error: `rm /boot/initramfs-linux-fallback.img` exited with status 1
2025-11-15 02:01:28 UTC job: gcp-image-arch: Error: `arch-chroot -- "$mount_dir" /bin/bash -s <<-'EOS'
set -eEuo pipefail
trap 'echo "Error: \`$BASH_COMMAND\` exited with status $?"' ERR
|
|
This changes require reorder the repository, by moving build.kilabit.info
on top of gce, because the gce provides old version os oslogin, while
build.kilabit.info provides the latest one, 20230831.00 [1].
[1] https://build.kilabit.info/karajo/app/#job_aur_google-compute-engine-oslogin
|
|
The following warnings are logged when running bootctl,
! Mount point '/boot' which backs the random seed file is world accessible, which is a security hole! !
! Random seed file '/boot/loader/.#bootctlrandom-seedd8660b2d2ae5697a' is world accessible, which is a security hole! !
The fix is by mounting the /boot with options
"uid=0,gid=0,fmask=0077,dmask=0077".
|
|
Systemd journald in ArchLinux does not forward the log to syslog anymore.
This fix empty instance log in Cloud Logs Explorer.
|
|
This merge the upstream repository to our fork with some changes in
naming of boot dev and uuid.
# Conflicts:
# README.md
# build-arch-gce6
|
|
We have an issue where the image build on local and the generated
mirrorlist is located in India (or Pakistan?).
This cause our package installation/update really slow when creating a
VM in Singapore region.
Since we did not know who or where the image to be used, the safe
configuration should be to use the worldwide one.
|
|
|
|
This ops-agent is prebuild package from AUR [1].
[1] https://build.kilabit.info
|
|
|
|
Replace GRUB with systemd-boot to make the setup simpler.
Close #47
Signed-off-by: Aviana Cruz <gwencroft@proton.me>
|
|
The common admin and remote tools are vim-minimal, tmux, mosh, rsync,
and unzip.
|
|
This is to speeding up the bootstrap.
|
|
The pacman.conf file is rarely updated, so we add the gce repository
directly into file and use it during pacstrap and to replace the
target root.
|
|
Using this method simplify maintenance on the build script and give
flexibility to custom image builder.
While at it, we add "udev autodetect block filesystems keyboard"
into the HOOKS to allow testing the image using qemu and "fsck"
to allow system run disk check on boot.
|
|
|
|
Using this method give more flexibility to user that need to build
image with custom SSH server configuration.
|
|
Like timesyncd, overwrite the journald configuration by adding
drop-ins configuration under /etc/systemd/journald.conf.d/.
|
|
This simplify updating and maintaining custom locale for user that
does not want to use en_US.
|
|
Per manual page timesyncd.conf(5) [1]:
Initially, the main configuration file in /etc/systemd/ contains
commented out entries showing the defaults as a guide to the
administrator.
...
Using drop-ins for local configuration is recommended over
modifications to the main configuration file.
The reason why the filename is 00- describe below
It is recommended to prefix all filenames in those subdirectories with
a two-digit number and a dash, to simplify the ordering of the files.
Another reason is to prevent the system being littered with
/etc/systemd/timesyncd.conf.pacnew files when systemd updated.
[1] https://man.archlinux.org/man/timesyncd.conf.5
|
|
Passing -c on pacstrap allow the bootstrap process to use the current
package cache on host.
Without using this flag, each build will re-downloads all packages again
from the Internet.
|
|
If user use non default locale, for example en_GB.UTF-8, setting up
chroot will print the following warnings:
/usr/bin/bash: warning: setlocale: LC_ALL: cannot change locale (en_GB.UTF-8)
|
|
|
|
Now that we use UEFI based partition, we can replace the grub with
systemd-boot.
This option have several advantages,
- minimize installed package and dependencies
- allow future customization (e.g. automounting, secure boot)
The pacman hook 00-systemd-boot is required to re-install the systemd
boot loader automatically when package systemd updated.
|
|
This configures systemd-repart to resize the root partition, and
systemd-growfs to resize the root filesystem.
Both services run early in the boot process, and expect the /dev
filesystem to be properly populated. This was only happening later in
the bootup process in the previous configuration, as udev was not
started in the minimal initrd that was used, and as a result they would
both fail.
To fix this, systemd is now enabled in initrd, so that udev is started
there and we get a more complete system earlier. This makes initrd
somewhat bigger, but it probably makes the setup more robust in
general.
|
|
Having initial packages around is useful in case an upgrade breaks
something in the system, in order to allow rolling back to the previous
working version. These are not generally recovarable by the users since
mirrors garbage collect them, so keeping them in the image seems a
reasonable default.
|
|
This is now supported in GCE, and is a better alternative to the old MBR
setup used before. This requires the UEFI_COMPATIBLE flag to be passed
during image creation.
|
|
|
|
By removing the downloaded packages in the target we can minimize
generated image size from 514MB to around 340MB.
|
|
|
|
The latest GCE packages already start services automatically, so this is
no longer needed.
This also includes some cosmetic updates.
|
|
Since dbus 1.11.14 [1], /var/lib/dbus/machine-id is a symlink to
/etc/machine-id, so writing to "$mount_dir/var/lib/dbus/machine-id"
actually overwrites /etc/machine-id on the building host.
[1] https://gitlab.freedesktop.org/dbus/dbus/commit/ae7568facee0b0d93d7bd1433a0d8840e98f6fb6
|
|
|
|
This disables "predictable interface names", as they make the network interface
name dependent on exact hardware configuration. Scripts would then break in case
the name is not exactly "ens4".
|
|
|
|
This is currently already installed as an indirect dependency of the base
package, so this change is a no-op for now, just in case it gets removed in the
future.
|
|
|
|
This is no longer necessary with the new version of compute-image-packages.
|
|
This reverts commit bb393b13c6c3d98ef5d80cf90501b32862a678b2.
MTU is set by DHCP, it shouldn't be set by the udev rule.
|
|
|
|
See the updated README for more information about images generated by
the new script.
|
