## General ## -include benchmarking -- http://sourceforge.net/projects/unixbench/ -- https://code.google.com/p/byte-unixbench/ -- https://github.com/akopytov/sysbench -- (http://blog.due.io/2014/linode-digitalocean-and-vultr-comparison/ etc.) -package in AUR -base rewrite in python. pyalpm may come in handy here. ## NETWORKING ## -shorewall/some other firewall? -WISH: locked-down VPN? -autodetection/configuration of network. DHCP is currently running by default, but does it need to support IPv6? if so, how would the user configure their network? -SECURE SSH: https://stribika.github.io/2015/01/04/secure-secure-shell.html -DISABLE NETWORKMANAGER AND "fi.w1.wpa_supplicant1"??? keeps spawning wpa_supplicant (and thusly killing networking proper) -for netboot, custom user agent (should be defined by build.conf) --iPXE's curl --initrd's curl ## Building ## -GUMMIBOOT IS GONE FROM THE REPOS. I could repackage it, but better to just see what the hell archiso's doing. -WISH: Better logging[0] -WISH: signing for secureboot releases (PreLoader and gummiboot handle this okay, but require manual intervention -use manual chrooting functions ONLY if distro not detected as arch. if /usr/bin/systemd-nspawn exists, use that instead --does arch-chroot work across all distros? see https://wiki.archlinux.org/index.php/Install_bundled_32-bit_system_in_Arch64 and https://wiki.archlinux.org/index.php/Chroot --i think this might be unnecessary. testing across other major distros is necessary, but i think i can just use the chroot'd arch-chroot -tweak build.conf (and build.conf.sample) to source the pwd and set as BASEDIR ***if*** the project resources are present in pwd, otherwise throw warning --this is half-done;PWD is currently used by default. -does gummiboot? loader? wtfever it's called support splash backgrounds? can i implement that differently somehow? --yes, see e.g. https://www.reddit.com/r/archlinux/comments/3bwgf0/where_put_the_splasharchbmp_to_splash_screen_boot/ -strip out/remove unnecessary and orphan packages (e.g. gcc, make, automake, etc.) -incorporate iPXE tweaks: --http://ipxe.org/crypto --http://ipxe.org/cmd/imgtrust --http://ipxe.org/cmd/imgverify --enable use of custom CA/self-signed certs for HTTPS etc. DONE, partially. need to incorporate codesign certs/keys. routines, conf variables -enable mirror= kernel commandline. --if mirror_(NAME) is present, use that as repo name. --if it starts with /, treat as mirrorlist (Include); otherwise use Server = --if it has mirror_SIG-X, set signature options e.g. _SIG-N would be "SigLevel = Never" -iPXE background support. sed -rf "${BASEDIR}/src/ipxe_local/script.sed" ${SRCDIR}/ipxe/src/config/general.h ; sed -rf "${BASEDIR}/src/ipxe_local/script2.sed" ${SRCDIR}/ipxe/src/config/console.h --note that iPXE VESAFB console is not (yet) supported in EFI, so this is on hold. ## Split into Separate Tools CD ## -include WinMTR, build Mac OS X MTR for dist/tools on CD -include pre-compiled LibreCrypt for opening LUKS parts on Windows (https://github.com/t-d-k/LibreCrypt) --curl -s https://raw.githubusercontent.com/t-d-k/LibreCrypt/master/README.md | egrep 'InstallLibreCrypt_v[A-Za-z0-9\.]*.exe' | cut -f2 -d'"' __________________________________________________________ FOOTNOTES: [0] I'd really like to implement the following in build.conf; like: http://forums.fedoraforum.org/showthread.php?t=275743 # The following is the setting for "verbosity". A more accurate way of saying it is how output should be handled. # Note that for it to be properly parsed, it MUST be in the form of a linear array (e.g. VAR=(1 2 3) ). # '| tee -a ${BASEDIR}/logs/${FUNCNAME}.$(date +%s)' means "display output for STDOUT and STDERR, and also log STDOUT to logs/.EPOCH_TIME" # '2>&1 /dev/null' means "hide STDOUT and STDERR, no logging" # '>> ${BASEDIR}/logs/${FUNCNAME}.$(date +%s) 2>&1' means "log both STDOUT and STDERR to logs/.EPOCH_TIME, no output" # '>> ${BASEDIR}/logs/${FUNCNAME}.$(date +%s)' means "log STDOUT to logs/.EPOCH_TIME, display (but don't log) STDERR)" # '' means "no logging; display both STDOUT and STDERR"