66 lines
2.9 KiB
Plaintext
66 lines
2.9 KiB
Plaintext
## Missing v2.x functionality ##
|
|
-i_am_a_racecar optimizations
|
|
-see also: grep -HnR bdisk/*.py
|
|
-TFTP, HTTP, RSYNC, git
|
|
-UPDATE THE README!
|
|
-sizes of build iso files
|
|
|
|
## General ##
|
|
|
|
-include benchmarking
|
|
-- http://sourceforge.net/projects/unixbench/
|
|
-- https://code.google.com/p/byte-unixbench/
|
|
-- https://github.com/akopytov/sysbench
|
|
-- (http://blog.due.io/2014/linode-digitalocean-and-vultr-comparison/ etc.)
|
|
-implement pyalpm to decreate dependency on chroot pacman-ing?
|
|
|
|
|
|
## NETWORKING ##
|
|
|
|
-shorewall/some other firewall?
|
|
-WISH: locked-down VPN?
|
|
-autodetection/configuration of network. DHCP is currently running by default, but does it need to support IPv6? if so, how would the user configure their network?
|
|
-SECURE SSH: https://stribika.github.io/2015/01/04/secure-secure-shell.html
|
|
-DISABLE NETWORKMANAGER AND "fi.w1.wpa_supplicant1"??? keeps spawning wpa_supplicant (and thusly killing networking proper)
|
|
-for netboot, custom user agent (should be defined by build.conf)
|
|
--iPXE's curl
|
|
--initrd's curl
|
|
|
|
|
|
## Building ##
|
|
|
|
-WISH: Better logging[0]
|
|
-WISH: signing for secureboot releases (PreLoader and loader.efi handle this okay, but require manual intervention)
|
|
-does loader.efi support splash backgrounds? can i implement that differently somehow?
|
|
--yes, see e.g. https://www.reddit.com/r/archlinux/comments/3bwgf0/where_put_the_splasharchbmp_to_splash_screen_boot/
|
|
-strip out/remove unnecessary and orphan packages (e.g. gcc, make, automake, etc.)
|
|
-incorporate iPXE tweaks:
|
|
--http://ipxe.org/crypto
|
|
--http://ipxe.org/cmd/imgtrust
|
|
--http://ipxe.org/cmd/imgverify
|
|
--enable use of custom CA/self-signed certs for HTTPS etc.
|
|
--signed kernel and initrd for ipxe:
|
|
---#imgtrust --permanent
|
|
---#imgverify vmlinuz path/to/vmlinuz.sig
|
|
---#imgverify initrd path/to/initrd.sig
|
|
---DONE, partially. need to incorporate codesign certs/keys. routines, conf variables
|
|
-enable mirror= kernel commandline.
|
|
--if mirror_(NAME) is present, use that as repo name.
|
|
--if it starts with /, treat as mirrorlist (Include); otherwise use Server =
|
|
--if it has mirror_SIG-X, set signature options e.g. _SIG-N would be "SigLevel = Never"
|
|
-iPXE background support. sed -rf "${BASEDIR}/src/ipxe_local/script.sed" ${SRCDIR}/ipxe/src/config/general.h ; sed -rf "${BASEDIR}/src/ipxe_local/script2.sed" ${SRCDIR}/ipxe/src/config/console.h
|
|
--note that iPXE VESAFB console is not (yet) supported in EFI, so this is on hold. check into this to see if it has changed.
|
|
|
|
## Split into Separate Tools CD ##
|
|
|
|
-include WinMTR, build Mac OS X MTR for dist/tools on CD
|
|
-include pre-compiled LibreCrypt for opening LUKS parts on Windows (https://github.com/t-d-k/LibreCrypt)
|
|
--curl -s https://raw.githubusercontent.com/t-d-k/LibreCrypt/master/README.md | egrep 'InstallLibreCrypt_v[A-Za-z0-9\.]*.exe' | cut -f2 -d'"'
|
|
|
|
|
|
__________________________________________________________
|
|
FOOTNOTES:
|
|
|
|
|
|
[0] Debugging mode would probably suffice for logging? Maybe? There are plenty of pythonic ways to do logging too.
|