okay. think i figured it out. nspawn doesn't like pipes.

extra/build.conf.sample

@@ -74,7 +74,9 @@ LOGFILE="${BASEDIR}/logs/$(date +%s)"
 # What should the regular username be? (Automatically logged in on boot)
 REGUSR="${UXNAME}"
 
-# Should the REGUSR have a password? IF THIS IS NOT SET, THE PASSWORD WILL BE BLANK!
+# Should the REGUSR have a password? IF THIS IS NOT SET, PASSWORD LOGIN WILL BE DISABLED!
+# If you wish to have a blank password, use the string '{[BLANK]}'.
+# You MUST USE SINGLE-QUOTES, OR ESCAPE SHELL-EXPANDED CHARACTERS (e.g. $,*,etc.)
 # Do NOT use a plaintext password here. You will need to generate a salted and hashed string
 # in a shadow-compatible format.
 # Debian can do this with the mkpasswd utility (it's in Arch's AUR as debian-whois-mkpasswd):
@@ -88,7 +90,21 @@ REGUSR="${UXNAME}"
 # /sbin/grub-crypt --sha-512
 # The end-product should look something like this:
 # $6$aBcDeFgHiJ$Yh342vFH7MOjPNu9InFymD1Dd42i5cFsr1cTWdpKGNIkbRGR/ZKQDRPJ1ZeeGb7y894Tfh3iWZIJKu3phlsqQ1
-REGUSR_PASS=""
+#
+# Note that if you want an automatic login, this is *not* where it would be set.
+# It should instead be controlled via overlay/etc/systemd/system/getty@ttyN.service.d/autologin.conf
+# In the following format:
+#  [Service]
+#  Type=idle
+#  ExecStart=
+#  ExecStart=-/usr/bin/agetty --autologin <USERNAME> --noclear %I 38400 linux
+# (where N is the TTY number). Alternatively, if booting to a GUI, it can be set as according
+# to that GUI (e.g. for LXDE, overlay/etc/lxdm/lxdm.conf, "autologin=<USERNAME>")
+REGUSR_PASS=''
+
+# Same exact thing as REGUSR_PASS, but for the root password (i.e. if no password hash is
+# specified, password login will be disabled, etc.).
+ROOT_PASS=''
 
 # Do we have enough horsepower on the build system to jack up the resources we throw at building?
 # Enabling this will give absolute CPU preference to building the kernels and do make-time

extra/packages.both

@@ -75,7 +75,7 @@ ed
 efibootmgr
 efivar
 elfutils
-elilo-efi
+#elilo-efi
 elinks
 etc-update
 ethtool
@@ -138,14 +138,15 @@ iso-codes
 isomaster
 jasper
 jfsutils
-john-mpi
+#john-mpi
+john
 keyutils
 kismet-allplugins
 libisoburn
 lftp
 links
 localepurge
-logkeys
+#logkeys
 logkeys-keymaps
 lm_sensors
 lrzsz
@@ -177,7 +178,7 @@ mtd-utils
 mtools
 mtr
 mtree
-mtx
+#mtx
 multipath-tools
 myrescue
 nbd
@@ -217,7 +218,7 @@ php
 php-fpm
 php-gd
 php-mcrypt
-phrasendrescher
+#phrasendrescher
 pigz
 pkgfile
 pkgtools
@@ -240,7 +241,6 @@ rdiff-backup
 read-edid
 reaver
 rename
-rescan-scsi-bus
 rfkill
 rp-pppoe
 rpcbind
@@ -270,7 +270,7 @@ s-nail
 socat
 squashfs3-tools
 squashfs-tools
-star
+#star
 strace
 stress
 sucrack
@@ -318,6 +318,7 @@ whdd
 whois
 wifite
 wipe
+wireshark-cli
 wpscrack
 wput
 x11vnc

lib/mk.chroot.sh

@@ -190,11 +190,11 @@ EOF
  for i in ${CHROOTDIR32} ${CHROOTDIR64};
  do
     echo -n "...Packages installing to ${i}..."
-    ${CHROOTCMD} ${i}/ bash -c "yaourt -S --needed --noconfirm customizepkg-scripting" >> "${LOGFILE}.${FUNCNAME}" 2>&1
+    ${CHROOTCMD} ${i}/ /usr/bin/bash -c "yaourt -S --needed --noconfirm customizepkg-scripting" >> "${LOGFILE}.${FUNCNAME}" 2>&1
     for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done
     echo -n "Compiling kernel sources..."
     set +e
-    ${CHROOTCMD} ${i}/ bash -c "yaourt -S --needed --noconfirm linux" >> "${LOGFILE}.${FUNCNAME}" 2>&1
+    ${CHROOTCMD} ${i}/ /usr/bin/bash -c "yaourt -S --needed --noconfirm linux" >> "${LOGFILE}.${FUNCNAME}" 2>&1
     set -e
     # Uncomment if you wish to use the mkpasswd binary from within the chroot...
     #${CHROOTCMD} ${i}/ bash -c "yaourt -S --needed --noconfirm debian-whois-mkpasswd" >> "${LOGFILE}.${FUNCNAME}" 2>&1
@@ -202,8 +202,9 @@ EOF
     echo -n "Regular packages..."
     set +e
     ${CHROOTCMD} ${i}/ bash -c "yes '' | yaourt -S --needed --noconfirm ${PKGLIST}" >> "${LOGFILE}.${FUNCNAME}" 2>&1
-    set -e
     for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done
+    # User creation
+    set -e
     echo -n "...Creating ${REGUSR} user..."
     ${CHROOTCMD} ${i}/ useradd -m -s /bin/bash -c "Default user" ${REGUSR} >> "${LOGFILE}.${FUNCNAME}" 2>&1
     ${CHROOTCMD} ${i}/ usermod -aG users,games,video,audio ${REGUSR} >> "${LOGFILE}.${FUNCNAME}" 2>&1
@@ -212,16 +213,32 @@ EOF
     echo "${REGUSR} ALL=(ALL) ALL" >> ${i}/etc/sudoers.d/${REGUSR}
     if [ -n "${REGUSR_PASS}" ];
     then
-      ${CHROOTCMD} ${i}/ echo "${REGUSR}:${REGUSR_PASS}" | chpasswd -e 
+      #${CHROOTCMD} ${i}/ "/usr/bin/echo ${REGUSR}:${REGUSR_PASS} | chpasswd -e" >> "${LOGFILE}.${FUNCNAME}" 2>&1
+      sed -i -e "s|^${REGUSR}::|${REGUSR}:${REGUSR_PASS}:|g" ${i}/etc/shadow
+    elif [[ "${REGUSR_PASS}" == '{[BLANK]}' ]];
+    then
+      ${CHROOTCMD} ${i}/ passwd -d ${REGUSR} >> "${LOGFILE}.${FUNCNAME}" 2>&1
+    else
+      ${CHROOTCMD} ${i}/ usermod -L ${REGUSR} >> "${LOGFILE}.${FUNCNAME}" 2>&1
     fi
-    # COMMENT THIS LINE IF YOU WANT TO SET A ROOT PASSWORD
-    ${CHROOTCMD} ${i}/ usermod -L root
+    if [ -n "${ROOT_PASS}" ];
+    then
+      #${CHROOTCMD} ${i}/ "/usr/bin/echo root:${ROOT_PASS} | chpasswd -e" >> "${LOGFILE}.${FUNCNAME}" 2>&1
+      sed -i -e "s|^root::|root:${ROOT_PASS}:|g" ${i}/etc/shadow
+    elif [[ "${ROOT_PASS}" == '{[BLANK]}' ]];
+    then
+      ${CHROOTCMD} ${i}/ passwd -d root >> "${LOGFILE}.${FUNCNAME}" 2>&1
+    else
+      ${CHROOTCMD} ${i}/ passwd -d root >> "${LOGFILE}.${FUNCNAME}" 2>&1
+    fi
+    # The following is supposed to do the same as the above, but "cleaner". However, it currently fails with "execv() failed: No such file or directory"
+    ##${CHROOTCMD} ${i}/ usermod -L root >> "${LOGFILE}.${FUNCNAME}" 2>&1
     echo "Done."
  done
  
  for i in ${CHROOTDIR32} ${CHROOTDIR64};
  do
-  ${CHROOTCMD} ${i}/ bash -c "mkinitcpio -p linux-${PNAME}" >> "${LOGFILE}.${FUNCNAME}" 2>&1
+  ${CHROOTCMD} ${i}/ /usr/bin/bash -c "mkinitcpio -p linux-${PNAME}" >> "${LOGFILE}.${FUNCNAME}" 2>&1
  done
  
  # 32-bit
@@ -229,9 +246,11 @@ EOF
  PKGLIST=$(sed -e '/^[[:space:]]*#/d ; /^[[:space:]]*$/d' ${BASEDIR}/extra/packages.32 | tr '\n' ' ')
  if [ -n "${PKGLIST}" ];
  then
-   ${CHROOTCMD} ${CHROOTDIR32}/ bash -c "yaourt -S --needed --noconfirm ${PKGLIST}" >> "${LOGFILE}.${FUNCNAME}" 2>&1
+   ${CHROOTCMD} ${CHROOTDIR32}/ /usr/bin/bash -c "yaourt -S --needed --noconfirm ${PKGLIST}" >> "${LOGFILE}.${FUNCNAME}" 2>&1
  fi
+ set +e
  for x in $(find ${CHROOTDIR32}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%.pacorig} ; done
+ set -e
  echo "Done."
  
  # 64-bit
@@ -239,9 +258,11 @@ EOF
  PKGLIST=$(sed -e '/^[[:space:]]*#/d ; /^[[:space:]]*$/d' ${BASEDIR}/extra/packages.64 | tr '\n' ' ')
  if [ -n "${PKGLIST}" ];
  then
-   ${CHROOTCMD} ${CHROOTDIR64}/ bash -c "yaourt -S --needed --noconfirm ${PKGLIST}" >> "${LOGFILE}.${FUNCNAME}" 2>&1
+   ${CHROOTCMD} ${CHROOTDIR64}/ /usr/bin/bash -c "yaourt -S --needed --noconfirm ${PKGLIST}" >> "${LOGFILE}.${FUNCNAME}" 2>&1
  fi
+ set +e
  for x in $(find ${CHROOTDIR64}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%.pacorig} ; done
+ set -e
  echo "Done."
 
  echo "Syncing overlay..."

overlay/etc/systemd/system/multi-user.target.wants/openvpn@grainwreck

@@ -0,0 +1 @@
+/usr/lib/systemd/system/openvpn@.service