fixing this stupid fucking patch. gorram whitespace tabs gorram it

.gitignore

@@ -31,3 +31,6 @@ extra/pre-build.d/etc/openvpn/client.conf
 overlay/etc/ssh/*
 overlay/home/bdisk
 overlay/etc/systemd/system/multi-user.target.wants/openvpn@client.service
+src/ipxe_local/ssl/keys
+src/ipxe_local/ssl/crts
+src/ipxe_local/ssl/txt

bin/build.sh

@@ -85,7 +85,7 @@ CHROOTDIR_GLOB="${CHROOTDIR}"
 BUILDDIR_GLOB="${BUILDDIR}"
 
 # Set the version.
-VERSION="$(git describe --abbrev=0 --tags)-$(git rev-parse --short --verify HEAD)"
+BUILDVERSION="$(git describe --abbrev=0 --tags)-$(git rev-parse --short --verify HEAD)"
 BUILD="$(cat BUILDNO)"
 BUILD="$(expr ${BUILD} + 1)"
 echo ${BUILD} > ./BUILDNO
@@ -104,7 +104,7 @@ set -e
 USERNAME_REAL="$(grep ${BUILD_USERNAME} /etc/passwd | cut -f5 -d':')"
 
 cat > ${BASEDIR}/VERSION_INFO.txt << EOF
-Version:	${VERSION}
+Version:	${BUILDVERSION}
 Build:		${BUILD}
 Time:		${BUILDTIME}
 Machine:	${BUILD_MACHINE}
@@ -155,6 +155,22 @@ then
   exit 0
 fi
 
+# implement for future, needs tweaking- JUST rebuild the ISO.
+#if [[ ${1} == "respin" ]];
+#then
+#  if [[ "${MULTIARCH}" == "y" ]]; 
+#  then
+#    centos_is_stupid
+#    yo_dj any 
+#  else
+#    centos_is_stupid
+#    yo_dj 64
+#    centos_is_stupid
+#    yo_dj 32
+#  fi  
+#fi
+# 
+
 # or are we just building?
 if [[ ${1} == "build" || -z ${1} || ${1} == "all" ]];
 then

docs/FAQ

@@ -0,0 +1,33 @@
+BDisk Frequently Asked(/Unasked) Questions
+
+
+
+0.) Why does it take so long to build?
+1.) Why is the generated ISO file so big?
+2.) How do I find the version/release/etc. number of an ISO?
+
+
+=========================================================
+
+
+
+0.) WHY DOES IT TAKE SO LONG TO BUILD?
+A: This typically occurs when you're building from within a LiveCD/LiveUSB situation, in a VM/container/etc., or on a headless server.
+If this is the case, you may run into what appears to be "stalling", especially while keys are generating for the chroots.
+Thankfully, there is an easy fix. You can install the "haveged"(http://www.issihosts.com/haveged/) software and run it. This will
+show an immediate and non-negligible improvement for the above contexts. If you have extra power to throw at it (or are using a dedicated build box)
+as well, I recommend enabling I_AM_A_RACECAR in your build.conf. BDisk will then be more aggressive with its resource consumption.
+
+
+1.) WHY IS THE GENERATED ISO FILE SO BIG?
+A: You may have enabled a LOT of packages in extra/packages.(32|64|both). Or you're using the default set of packages, which tries to include a LOT
+of different (and in some cases, redundant) packages for widespread utilization and usage. In addition, keep in mind that BDisk builds a single ISO
+that can be used on both i686 architectures AND full x86_64 architectures ("AMD64" as you may sometimes see it referenced). Because it doesn't cheat
+and just use a 64-bit kernel with a 32-bit userland, it needs two different squash images on each ISO- one for 32-bit userland and one for 64-bit
+userland.
+
+2.) HOW DO I FIND THE VERSION/RELEASE/ETC. NUMBER OF AN ISO?
+A: This can be found in a multitude of places. The full-size ISO file (iso/<distname>-<git tag>-<git rev number>-(32|64|any).iso) should have the
+version right in the file name. If you want more detailed information (or perhaps you renamed the file), you can mount the ISO as loopback in GNU/Linux,
+*BSD, or Mac OS X and check /path/to/mounted/iso/VERSION_INTO.txt. Lastly, within the runtime itself (especially handy if booting via iPXE), you can
+check /root/VERSION_INFO.txt within the running live environment.

docs/TODO

@@ -6,6 +6,7 @@
 -- https://github.com/akopytov/sysbench
 -- (http://blog.due.io/2014/linode-digitalocean-and-vultr-comparison/ etc.)
 -package in AUR
+-base rewrite in python. pyalpm may come in handy here.
 
 
 ## NETWORKING ##
@@ -22,25 +23,28 @@
 
 ## Building ##
 
+-GUMMIBOOT IS GONE FROM THE REPOS. I could repackage it, but better to just see what the hell archiso's doing.
 -WISH: Better logging[0]
+-WISH: signing for secureboot releases (PreLoader and gummiboot handle this okay, but require manual intervention
 -use manual chrooting functions ONLY if distro not detected as arch. if /usr/bin/systemd-nspawn exists, use that instead
 --does arch-chroot work across all distros? see https://wiki.archlinux.org/index.php/Install_bundled_32-bit_system_in_Arch64 and https://wiki.archlinux.org/index.php/Chroot
 --i think this might be unnecessary. testing across other major distros is necessary, but i think i can just use the chroot'd arch-chroot
 -tweak build.conf (and build.conf.sample) to source the pwd and set as BASEDIR ***if*** the project resources are present in pwd, otherwise throw warning
 --this is half-done;PWD is currently used by default.
 -does gummiboot? loader? wtfever it's called support splash backgrounds? can i implement that differently somehow?
+--yes, see e.g. https://www.reddit.com/r/archlinux/comments/3bwgf0/where_put_the_splasharchbmp_to_splash_screen_boot/
 -strip out/remove unnecessary and orphan packages (e.g. gcc, make, automake, etc.)
 -incorporate iPXE tweaks:
---http://ipxe.org/crypto
+--http://ipxe.org/crypto 
 --http://ipxe.org/cmd/imgtrust
 --http://ipxe.org/cmd/imgverify
---enable use of custom CA/self-signed certs for HTTPS etc.
+--enable use of custom CA/self-signed certs for HTTPS etc. DONE, partially. need to incorporate codesign certs/keys. routines, conf variables
--X-platform
+-enable mirror= kernel commandline.
---what distros are supported?
+--if mirror_(NAME) is present, use that as repo name.
---automatically install what we need for buildtime
+--if it starts with /, treat as mirrorlist (Include); otherwise use Server = 
----need to finish pkg lists and then test, but meta files should be done as well as lib script
+--if it has mirror_SIG-X, set signature options e.g. _SIG-N would be "SigLevel = Never"
---hardcode list of runtime (e.g. live media) dependencies (e.g. openssh, vim, etc.)
+-iPXE background support. sed -rf "${BASEDIR}/src/ipxe_local/script.sed" ${SRCDIR}/ipxe/src/config/general.h ; sed -rf "${BASEDIR}/src/ipxe_local/script2.sed" ${SRCDIR}/ipxe/src/config/console.h
---...and create separate list for after-the-fact e.g. goodies
+--note that iPXE VESAFB console is not (yet) supported in EFI, so this is on hold.
 
 ## Split into Separate Tools CD ##
 

extra/build.conf.sample

@@ -71,6 +71,35 @@ BUILDMINI="no"
 # This currently does not work for HTTPS with self-signed certificates.
 IPXE_URI="https://bdisk.square-r00t.net"
 
+# Path to the (root) CA certificate file (in PEM/X509 format) iPXE should use.
+# If one is not specified, one will be generated.
+# Only used if BUILDMINI is set to yes.
+# Please properly escape any spaces or other funky characters.
+# Note that you can use your own CA to sign existing certs. See http://ipxe.org/crypto for
+# more info. This is handy if you run a third-party/"Trusted" root-CA-signed certificate
+# for the HTTPS target.
+# Requires IPXE_SSL_CAKEY if specified.
+IPXE_SSL_CA=""
+
+# Path to the (root) CA key file (in PEM/X509 format) iPXE should use.
+# If one is not specified, one will be generated.
+# Only used if BUILDMINI is set to yes.
+# Please properly escape any spaces or other funky characters.
+# Requires IPXE_SSL_CA if specified.
+IPXE_SSL_CAKEY=""
+
+# Path to the CLIENT certificate (in PEM/X509). If one is not specified, one will be generated.
+# Only used if BUILDMINI is set to yes.
+# Please properly escape any spaces or other funky characters.
+# Requires IPXE_SSL_KEY if specified.
+IPXE_SSL_CRT=""
+
+# Path to the CLIENT key (in PEM/X509). If one is not specified, one will be generated.
+# Only used if BUILDMINI is set to yes.
+# Please properly escape any spaces or other funky characters.
+# Requires IPXE_SSL_CRT if specified.
+IPXE_SSL_KEY=""
+
 # Set to "yes" to enable pushing new changes to a git repo/committing to a local repo
 GIT="no"
 

extra/packages.both

@@ -3,7 +3,7 @@
 abs
 acpi
 #acpidump
-afflib
+#afflib
 aircrack-ng
 apr
 apr-util
@@ -12,14 +12,19 @@ asciidoc
 atop
 autopsy
 autossh
+backuppc
+#bacula ## TODO: grab all the bacula packages in here
 beep
 bin86
 bind-tools
 binutils
 bluez-utils
 bonnie++
+boxbackup-client
+boxbackup-server
 bozocrack-git
 bridge-utils
+burp-backup-git
 btrfs-progs
 cabextract
 cdrtools
@@ -30,6 +35,7 @@ chntpw
 cifs-utils
 ckermit
 clamav
+clonezilla
 cmospwd
 colordiff
 cowpatty
@@ -39,6 +45,7 @@ cpupower
 crackpkcs12
 #cryptcat
 cryptsetup
+csync2
 customizepkg-scripting
 dar
 dcfldd
@@ -47,7 +54,7 @@ dd_rescue
 dd_rhelp
 debianutils
 debootstrap
-dialog
+#dialog #giving a weird dependency issue
 diffutils
 djohn
 dmidecode
@@ -100,6 +107,7 @@ gptfdisk
 gst-libav
 gst-plugins-ugly
 hashcat
+hashdeep
 hddtemp
 hdparm
 hexcurse
@@ -133,12 +141,11 @@ keyutils
 kismet-allplugins
 lftp
 links
-#logkeys
+#logkeys-git # requires a /dev/input, which apparently isn't included in the chroots
-logkeys-keymaps
 lm_sensors
 lrzsz
 lshw
-lsiutil
+#lsiutil # 404'ing on source url at the moment
 lsof
 lsscsi
 lxde
@@ -149,13 +156,14 @@ magicrescue
 mbr
 mbuffer
 mcelog
-md5deep
 mdadm
 mdcrack
-megaraid-cli
+# superseded by storcli
+#megaraid-cli
 memtester
 mfoc
 minicom
+mondo
 mtd-utils
 mtr
 mtree
@@ -176,7 +184,9 @@ nmap
 nmon
 ntfs-3g
 ntfsfixboot
-nwipe
+#nwipe #broken since they moved to github(?)
+nwipe-git
+obnam
 open-iscsi
 openipmi
 ophcrack
@@ -184,6 +194,8 @@ os-prober
 p7zip
 pack
 par2cmdline
+partclone
+partclone-utils
 parted
 partimage
 pax-utils
@@ -207,7 +219,7 @@ procps-ng
 progsreiserfs
 psmisc
 pwgen
-pxz
+pixz
 pyrit-svn
 python2-gnuplot
 python2-pyx
@@ -241,7 +253,8 @@ smartmontools
 smbclient
 s-nail
 socat
-#star
+#star ## do people even USE tape backups anymore?
+storcli
 strace
 stress
 sucrack
@@ -257,12 +270,13 @@ thttpd
 tmon
 tmux
 tre
-truecrack-svn
+truecrack-git
 truecrypt
 tor
 udftools
 #udpcast
 unace
+unison
 unrar
 unshield
 unzip
@@ -281,7 +295,7 @@ vncrack
 vnstat
 vpnc
 weplab
-whdd
+#whdd #currently depends on dialog, which is broke as shit
 whois
 wifite-mod-pixiewps-git
 wipe
@@ -295,6 +309,8 @@ xfsprogs
 xmlto
 xorg
 xorg-drivers
+xorg-xinit
+xterm
 zerofree
 zip
 zsh

extra/pre-build.d/32/etc/pacman.conf

@@ -37,7 +37,8 @@ VerbosePkgLists
 
 # By default, pacman accepts packages signed by keys that its local keyring
 # trusts (see pacman-key and its man page), as well as unsigned packages.
-SigLevel    = Required DatabaseOptional
+#SigLevel    = Required DatabaseOptional #RE-ENABLE ME WHEN A NEW SNAPSHOT IS RELEASED WITH FIXED GPG
+SigLevel    = Never
 LocalFileSigLevel = Optional
 #RemoteFileSigLevel = Required
 

extra/pre-build.d/64/etc/pacman.conf

@@ -37,7 +37,8 @@ VerbosePkgLists
 
 # By default, pacman accepts packages signed by keys that its local keyring
 # trusts (see pacman-key and its man page), as well as unsigned packages.
-SigLevel    = Required DatabaseOptional
+#SigLevel    = Required DatabaseOptional #RE-ENABLE ME WHEN A NEW SNAPSHOT IS RELEASED WITH FIXED GPG
+SigLevel    = Never
 LocalFileSigLevel = Optional
 #RemoteFileSigLevel = Required
 

extra/pre-build.d/etc/apacman.conf

@@ -11,27 +11,26 @@
 #buildonly=1
 #cachevcs=1
 #ignorearch=1
-#needed=1
+#keepkeys=1
+needed=1
+#noaur=1
 noconfirm=1
 noedit=1
-#noaur=1
+nofail=1
-#noconfirm=1
-#noedit=1
-#nofail=1
 #preview=1
-#purgebuild=1
+progress=1
+purgebuild=1
 #quiet=1
-#skipcache=1
+skipcache=1
-skipinteg=1
+#skipinteg=1
 #skiptest=1
 #warn=1
-#tmpdir=/var/tmp/apacman
-#TMPDIR=/var/tmp/apacman
 
 #
 # CONFIGURATION
 #
 
+#builddir="/tmp/pkgbuild-$UID"
 #tmpdir="/tmp/apacmantmp-$UID"
 #makepkgconf="/etc/makepkg.conf"
 #usermakepkgconf="$HOME/.makepkg.conf"
@@ -39,19 +38,21 @@ skipinteg=1
 #downdir="/var/cache/pacman/pkg"
 #savedir="/var/cache/apacman/pkg"
 #editor="nano -w"
-editor="vim"
+#pager="less -R"
 #RPCURL="https://aur.archlinux.org/rpc.php?type"
 #PKGURL="https://aur.archlinux.org"
+#WEBURL="https://www.archlinux.org"
 #ABSURL="rsync.archlinux.org"
 
 #
 # COLORIZATION
 #
 
-COLOR1='\e[1;39m'
+#COLOR1='\e[1;39m'
-COLOR2='\e[1;32m'
+#COLOR2='\e[1;32m'
-COLOR3='\e[1;35m'
+#COLOR3='\e[1;35m'
-COLOR4='\e[1;36m'
+#COLOR4='\e[1;36m'
-COLOR5='\e[1;34m'
+#COLOR5='\e[1;34m'
-COLOR6='\e[1;33m'
+#COLOR6='\e[1;33m'
-COLOR7='\e[1;31m'
+#COLOR7='\e[1;31m'
+

extra/pre-build.d/etc/customizepkg.d/dd_rhelp

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+sed -i -e 's/build(/package(/g' ${1}

extra/pre-build.d/etc/customizepkg.d/etc-update

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+sed -i -re 's/^(url=)\((.*)\)$/\1\2/g' ${1}

extra/pre-build.d/etc/customizepkg.d/fang

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+sed -i -re 's/^(url=)\((.*)\)$/\1\2/g' ${1}

extra/pre-build.d/etc/customizepkg.d/libnfc

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+sed -i -re 's/^(url=)\((.*)\)$/\1\2/g' ${1}

extra/pre-build.d/etc/customizepkg.d/lsiutil

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+sed -re 's@^(source=\(").*$@\1https://github.com/kwilczynski/lsi/blob/master/lsiutil/LSIUtil_1.62.zip?raw=true")@g' ${1}

extra/pre-build.d/etc/customizepkg.d/whdd

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+if [[ ! -f "/usr/lib/libdialog.so" ]];
+then
+  echo "Please run the following: sudo ln -s /usr/lib/libdialog.so.1.2 /usr/lib/libdialog.so"
+  echo "This package will fail to build otherwise."
+fi

extra/pre-build.d/etc/customizepkg.d/wifite-mod-pixiewps-git

@@ -1,3 +1,3 @@
 #!/bin/bash
 
-sed -i -e 's/any/x86_64/g' ${1}
+sed -i -re "s/'any'/'i686' 'x86_64'/g" ${1}

extra/pre-build.d/etc/mkinitcpio.conf

@@ -64,4 +64,4 @@ COMPRESSION="xz"
 
 # COMPRESSION_OPTIONS
 # Additional options for the compressor
-#COMPRESSION_OPTIONS=""
+COMPRESSION_OPTIONS="-9"

extra/pre-build.d/etc/pacman.d/mirrorlist

@@ -1,7 +1,6 @@
-# Server list generated by rankmirrors on 2014-11-10
+Server = http://mirrors.advancedhosters.com/archlinux/$repo/os/$arch
-Server = http://mirror.rit.edu/archlinux/$repo/os/$arch
+Server = http://mirrors.gigenet.com/archlinux/$repo/os/$arch
-Server = http://mirror.cc.columbia.edu/pub/linux/archlinux/$repo/os/$arch
+Server = http://il.mirrors.linaxe.net/archlinux/$repo/os/$arch
-Server = http://mirrors.acm.wpi.edu/archlinux/$repo/os/$arch
+Server = http://mirror.grig.io/archlinux/$repo/os/$arch
-Server = http://mirror.jmu.edu/pub/archlinux/$repo/os/$arch
+Server = http://arch.mirrors.ionfish.org/$repo/os/$arch
-Server = http://mirror.cs.pitt.edu/archlinux/$repo/os/$arch
+Server = http://cosmos.cites.illinois.edu/pub/archlinux/$repo/os/$arch
-Server = http://mirror.vtti.vt.edu/archlinux/$repo/os/$arch

extra/pre-build.d/root/post-build.sh

@@ -3,6 +3,6 @@
 set -e
 
 apacman --noconfirm --noedit -S --needed customizepkg-scripting
-
+ln -s /usr/lib/libdialog.so.1.2 /usr/lib/libdialog.so
 
 echo "Done."

lib/00-depcheck.func.sh

@@ -31,8 +31,8 @@ function so_check_me_out {
        break 2
      fi
    done
-   set -e
  fi
+ set -e
 
  # Sanity is important.
  if [[ -z "${HOST_DIST}" ]];
@@ -64,8 +64,10 @@ function so_check_me_out {
      echo "Please ensure you are connected to the Internet/have repositories configured correctly."
      exit 1
    fi
+   set -e
  fi
 
+ set +e
  while read pkgname;
  do
    eval "${PKG_CHK}" >> "${LOGFILE}.${FUNCNAME}" 2>&1
@@ -83,8 +85,8 @@ function so_check_me_out {
      fi
    fi
  done < ${PKGLIST}
-
  set -e
+
  rm -f "${LOCKFILE}"
 }
 

lib/01-mk.chroot.func.sh

@@ -179,7 +179,8 @@ EOF
     for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done
     echo "Done."
     echo -n "...Upgrading any outdated packages..."
-    ${CHROOTCMD} ${i}/ pacman -Syyu --noconfirm >> "${LOGFILE}.${FUNCNAME}" 2>&1
+    ${CHROOTCMD} ${i}/ pacman -Syyu --force --noconfirm >> "${LOGFILE}.${FUNCNAME}" 2>&1
+    ${CHROOTCMD} ${i}/ pacman-key --refresh-keys >> "${LOGFILE}.${FUNCNAME}" 2>&1
     for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done
     echo "Done. Finishing/cleaning up..."
     ${CHROOTCMD} ${i}/ pacman -S --noconfirm --needed base-devel >> "${LOGFILE}.${FUNCNAME}" 2>&1
@@ -195,7 +196,7 @@ EOF
     #${CHROOTCMD} ${i} "pacman --noconfirm -U /var/tmp/pkg/apacman.tar.xz" >> "${LOGFILE}.${FUNCNAME}" 2>&1
     ${CHROOTCMD} ${i} bash -c "pacman --noconfirm -U /var/tmp/pkg/apacman.tar.xz && mkdir /var/tmp/apacman && chmod 0750 /var/tmp/apacman && chown root:aurbuild /var/tmp/apacman " >> "${LOGFILE}.${FUNCNAME}" 2>&1
     for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done
-    ${CHROOTCMD} ${i} bash -c "apacman -S --noconfirm --noedit --skipinteg -S apacman-deps expac" >> "${LOGFILE}.${FUNCNAME}" 2>&1
+    ${CHROOTCMD} ${i} bash -c "apacman -S --noconfirm --noedit --skipinteg -S  apacman apacman-deps expac" >> "${LOGFILE}.${FUNCNAME}" 2>&1
     #rm -rf ${i}/var/tmp/pkg
     #${CHROOTCMD} ${i}/ pacman -S --noconfirm --needed yaourt >> "${LOGFILE}.${FUNCNAME}" 2>&1
     for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done
@@ -245,38 +246,39 @@ EOF
  for x in $(find ${CHROOTDIR64}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%.pacorig} ; done
  set -e
 
- # preprocessing
+ # extra packages
- sed -i -e '/base-devel/d ; /multilib-devel/d' ${BASEDIR}/extra/packages.*
+ sed -i -e '/base-devel/d ; /multilib-devel/d' ${BASEDIR}/extra/packages.{both,64}
  # both
  echo "Installing extra common packages..."
  PKGLIST=$(sed -e '/^[[:space:]]*#/d ; /^[[:space:]]*$/d' ${BASEDIR}/extra/packages.both | tr '\n' ' ')
  for i in ${CHROOTDIR32} ${CHROOTDIR64};
  do
     echo "Running post-build tasks in ${i}..."
+    chmod 700 ${i}/root/post-build.sh
     ${CHROOTCMD} ${i}/ "/root/post-build.sh" >> "${LOGFILE}.${FUNCNAME}" 2>&1
     for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done
     set +e
     ${CHROOTCMD} ${i}/ /usr/bin/bash -c "apacman --noconfirm --noedit --skipinteg -S --needed linux" >> "${LOGFILE}.${FUNCNAME}" 2>&1
-    cp -a ${i}/boot/vmlinuz-linux ${i}/boot/vmlinuz-linux-${PNAME}
+    cp -a ${i}/boot/vmlinuz-linux ${i}/boot/vmlinuz-linux-${DISTNAME}
-    cp -a ${i}/boot/initramfs-linux.img ${i}/boot/initramfs-linux-${PNAME}.img
+    #cp -a ${i}/boot/initramfs-linux.img ${i}/boot/initramfs-linux-${DISTNAME}.img
     set -e
     for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done
     # Uncomment if you wish to use the mkpasswd binary from within the chroot...
     #${CHROOTCMD} ${i}/ bash -c "apacman --noconfirm --noedit --skipinteg -S --needed debian-whois-mkpasswd" >> "${LOGFILE}.${FUNCNAME}" 2>&1
     #for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done
     echo -n "Regular packages..."
-    set +e
     ${CHROOTCMD} ${i}/ bash -c "yes '' | apacman --noconfirm --noedit --skipinteg -S --needed ${PKGLIST}" >> "${LOGFILE}.${FUNCNAME}" 2>&1
+    set +e
     for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done
-    # User creation
     set -e
+    # User creation
     echo -n "...Creating ${REGUSR} user..."
     ${CHROOTCMD} ${i}/ useradd -m -s /bin/bash -c "Default user" ${REGUSR} >> "${LOGFILE}.${FUNCNAME}" 2>&1
     ${CHROOTCMD} ${i}/ usermod -aG users,games,video,audio ${REGUSR} >> "${LOGFILE}.${FUNCNAME}" 2>&1
     ${CHROOTCMD} ${i}/ passwd -d ${REGUSR} >> "${LOGFILE}.${FUNCNAME}" 2>&1
     mkdir -p ${i}/etc/sudoers.d ; chmod 750 ${i}/etc/sudoers.d
-    echo "${REGUSR} ALL=(ALL) ALL" >> ${i}/etc/sudoers.d/${REGUSR}
+    printf "Defaults:${REGUSR} \041lecture\n${REGUSR} ALL=(ALL) ALL\n" >> ${i}/etc/sudoers.d/${REGUSR}
-    if [ -n "${REGUSR_PASS}" ];
+    if [[ -n "${REGUSR_PASS}" && "${REGUSR_PASS}" != '{[BLANK]}' ]];
     then
       #${CHROOTCMD} ${i}/ "/usr/bin/echo ${REGUSR}:${REGUSR_PASS} | chpasswd -e" >> "${LOGFILE}.${FUNCNAME}" 2>&1
       sed -i -e "s|^${REGUSR}::|${REGUSR}:${REGUSR_PASS}:|g" ${i}/etc/shadow
@@ -286,7 +288,7 @@ EOF
     else
       ${CHROOTCMD} ${i}/ usermod -L ${REGUSR} >> "${LOGFILE}.${FUNCNAME}" 2>&1
     fi
-    if [ -n "${ROOT_PASS}" ];
+    if [[ -n "${ROOT_PASS}" && "${ROOT_PASS}" != '{[BLANK]}' ]];
     then
       #${CHROOTCMD} ${i}/ "/usr/bin/echo root:${ROOT_PASS} | chpasswd -e" >> "${LOGFILE}.${FUNCNAME}" 2>&1
       sed -i -e "s|^root::|root:${ROOT_PASS}:|g" ${i}/etc/shadow
@@ -306,7 +308,7 @@ EOF
   set +e
   for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%.pacorig} ; done
   ${CHROOTCMD} ${i}/ /usr/bin/bash -c "mkinitcpio -p linux" >> "${LOGFILE}.${FUNCNAME}" 2>&1
-  cp -a ${i}/boot/initramfs-linux.img ${i}/boot/initramfs-linux-${PNAME}.img
+  cp -a ${i}/boot/initramfs-linux.img ${i}/boot/initramfs-linux-${DISTNAME}.img
   set -e
  done
  
@@ -359,7 +361,7 @@ EOF
  echo "Done."
 
  
- rm -f ${LOCKFILE}
+ #rm -f ${LOCKFILE}
  
  echo "Chroot setup complete."
 

lib/07-centos_is_stupid.func.sh

@@ -4,8 +4,7 @@ function centos_is_stupid {
 
   if [[ "${HOST_DIST}" == "CentOS" || "${HOST_DIST}" == "RHEL" ]];
   then
-    rpm -qa | egrep -q "^xorriso-[0-9]"
+    if [[ "$(rpm -qa | egrep -q '^xorriso-[0-9]')" != "0" ]];
-    if [[ "${?}" != "0" ]];
     then
       # Download/install the proper xorriso
       EL_VER="$(rpm -qa coreutils | sed -re 's/^coreutils-[0-9.-]*el([0-9])*.*$/\1/g')"
@@ -17,7 +16,9 @@ function centos_is_stupid {
       XORRISO_RPM=$(curl -s http://pkgs.repoforge.org/xorriso/ | egrep "\"xorriso-[0-9.-]*el${EL_VER}.rf.x86_64.rpm\"" | sed -re "s/^.*\"(xorriso[0-9.-]*el${EL_VER}.rf.x86_64.rpm).*$/\1/g")
       echo "Since you're using either CentOS or RHEL, we need to install xorriso directly from an RPM. Please wait while we do this..."
       curl -sLo /tmp/${XORRISO_RPM} http://pkgs.repoforge.org/xorriso/${XORRISO_RPM}
+      set +e
       yum -y install /tmp/${XORRISO_RPM} >> "${LOGFILE}.${FUNCNAME}" 2>&1
+      set -e
       echo "Done."
       echo
     fi
@@ -28,8 +29,7 @@ function centos_is_stupid {
   # UGH. And you know what? Fuck SUSE too.
   if [[ "${HOST_DIST}" == "openSUSE" || "${HOST_DIST}" == "SUSE" ]];
   then
-    rpm -qa | egrep -q "^xorriso-[0-9]"
+    if [[ "$(rpm -qa | egrep -q '^xorriso-[0-9]')" != "0" ]];
-    if [[ "${?}" != "0" ]];
     then
       # Download/install the proper xorriso
       source /etc/os-release
@@ -37,7 +37,10 @@ function centos_is_stupid {
       XORRISO_RPM=$(curl -s "http://software.opensuse.org/download.html?project=home%3AKnolleblau&package=xorriso" | egrep "/openSUSE_${SUSE_VER}/x86_64/xorriso-[0-9.-]" | tail -n1 | sed -re 's|^.*x86_64/(xorriso-[0-9.-]*.x86_64.rpm).*$|\1|g')
       echo "Since you're using openSUSE or SLED/SLES, we need to install xorriso directly from an RPM. Please wait while we do this..."
       curl -sLo /tmp/${XORRISO_RPM} "http://download.opensuse.org/repositories/home:/Knolleblau/openSUSE_${SUSE_VER}/x86_64/${XORRISO_RPM}"
+      cp /etc/zypp/zypp.conf /etc/zypp/zypp.conf_BAK."${$}"
+      echo 'pkg_gpgcheck = no' >> /etc/zypp/zypp.conf
       zypper install --no-confirm -l /tmp/${XORRISO_RPM} >> "${LOGFILE}.${FUNCNAME}" 2>&1
+      mv -f /etc/zypp/zypp.conf_BAK."${$}" /etc/zypp/zypp.conf
       echo "Done."
  
       echo
@@ -64,6 +67,7 @@ function centos_is_stupid {
         echo "Please ensure you are connected to the Internet/have repositories configured correctly."
         exit 1
       fi
+      set -e
     fi
 
     zypper search binutils-devel | egrep -q '^[[:space:]]*|[[:space:]]*binutils-devel[[:space:]]*'

lib/08-will_it_blend.func.sh

@@ -75,14 +75,19 @@ function will_it_blend () {
   # and now we copy stuff into the live directories
   echo "[${ARCHSUFFIX}-bit] Copying files for PXE, and ISO building, please be patient."
   #rm -rf ${TEMPDIR}/*
+  if [ ! -f ${BASEDIR}/extra/${UXNAME}.png ];
+  then
+    cat ${BASEDIR}/extra/bdisk.png > ${BASEDIR}/extra/${UXNAME}.png
+  fi
   cp -af ${BASEDIR}/extra/${UXNAME}.png ${TEMPDIR}/.
   cp -af ${BASEDIR}/extra/${UXNAME}.png ${TFTPDIR}/.
   mkdir -p ${TEMPDIR}/boot
-  cp -af ${CHROOTDIR}/boot/initramfs-linux-${PNAME}.img ${TEMPDIR}/boot/${UXNAME}.${ARCHSUFFIX}.img
+  cp -af ${CHROOTDIR}/boot/initramfs-linux-${DISTNAME}.img ${TEMPDIR}/boot/${UXNAME}.${ARCHSUFFIX}.img
-  cp -af ${CHROOTDIR}/boot/vmlinuz-linux-${PNAME} ${TEMPDIR}/boot/${UXNAME}.${ARCHSUFFIX}.kern
+  cp -af ${CHROOTDIR}/boot/vmlinuz-linux-${DISTNAME} ${TEMPDIR}/boot/${UXNAME}.${ARCHSUFFIX}.kern
-  cp -af ${CHROOTDIR}/boot/initramfs-linux-${PNAME}.img ${TFTPDIR}/${UXNAME}.${ARCHSUFFIX}.img
+  cp -af ${CHROOTDIR}/boot/initramfs-linux-${DISTNAME}.img ${TFTPDIR}/${UXNAME}.${ARCHSUFFIX}.img
-  cp -af ${CHROOTDIR}/boot/vmlinuz-linux-${PNAME} ${TFTPDIR}/${UXNAME}.${ARCHSUFFIX}.kern
+  cp -af ${CHROOTDIR}/boot/vmlinuz-linux-${DISTNAME} ${TFTPDIR}/${UXNAME}.${ARCHSUFFIX}.kern
   cp -af ${ARCHBOOT}/* ${HTTPDIR}/${DISTNAME}/.
+  cp -af ${TFTPDIR}/* ${HTTPDIR}/.
   chown -R ${HTTPUSR}:${HTTPGRP} ${HTTPDIR}
   chown ${TFTPUSR}:${TFTPGRP} ${TFTPDIR}/${UXNAME}.*
 }

lib/09-stuffy.func.sh

@@ -14,10 +14,10 @@ function stuffy {
   echo "Setting up EFI stuff..."
 
   mkdir -p ${TEMPDIR}/{EFI/{${DISTNAME},boot},loader/entries}
-  # this stuff comes from the prebootloader pkg and gummiboot pkg. lets us boot on UEFI machines with secureboot still enabled.
+  # this stuff comes from the prebootloader pkg and systemd-boot. lets us boot on UEFI machines with secureboot still enabled.
   cp ${BASEDIR}/root.x86_64/usr/lib/prebootloader/PreLoader.efi ${TEMPDIR}/EFI/boot/bootx64.efi
   cp ${BASEDIR}/root.x86_64/usr/lib/prebootloader/HashTool.efi ${TEMPDIR}/EFI/boot/.
-  cp ${BASEDIR}/root.x86_64/usr/lib/gummiboot/gummibootx64.efi ${TEMPDIR}/EFI/boot/loader.efi # TODO: can i use syslinux.efi instead?
+  cp ${BASEDIR}/root.x86_64/usr/lib/systemd/boot/efi/systemd-bootx64.efi ${TEMPDIR}/EFI/boot/loader.efi # TODO: can i use syslinux.efi instead?
 
   echo "Checking/fetching UEFI shells..."
   if [ ! -f "${TEMPDIR}/EFI/shellx64_v2.efi" ];
@@ -71,7 +71,7 @@ EOF
   FATSIZE=$((${FATSIZE} + $(stat --format="%s" ${TEMPDIR}/boot/${UXNAME}.64.img))) # EFI/BDISK/bdisk.img
   FATSIZE=$((${FATSIZE} + $(stat --format="%s" ${BASEDIR}/root.x86_64/usr/lib/prebootloader/PreLoader.efi))) # EFI/boot/bootx64.efi
   FATSIZE=$((${FATSIZE} + $(stat --format="%s" ${BASEDIR}/root.x86_64/usr/lib/prebootloader/HashTool.efi))) # EFI/boot/HashTool.efi
-  FATSIZE=$((${FATSIZE} + $(stat --format="%s" ${BASEDIR}/root.x86_64/usr/lib/gummiboot/gummibootx64.efi))) # EFI/boot/loader.efi
+  FATSIZE=$((${FATSIZE} + $(stat --format="%s" ${BASEDIR}/root.x86_64/usr/lib/systemd/boot/efi/systemd-bootx64.efi))) # EFI/boot/loader.efi
   FATSIZE=$((${FATSIZE} + $(stat --format="%s" ${TEMPDIR}/EFI/shellx64_v1.efi)))
   FATSIZE=$((${FATSIZE} + $(stat --format="%s" ${TEMPDIR}/EFI/shellx64_v2.efi)))
   FATSIZE=$((${FATSIZE} + $(du -sb ${TEMPDIR}/loader | tail -n1 | awk '{print $1}'))) # loader/* (okay so i cheated a little here.)
@@ -112,7 +112,7 @@ EOF
 
   cp ${BASEDIR}/root.x86_64/usr/lib/prebootloader/PreLoader.efi ${SRCDIR}/efiboot/EFI/boot/bootx64.efi
   cp ${BASEDIR}/root.x86_64/usr/lib/prebootloader/HashTool.efi ${SRCDIR}/efiboot/EFI/boot/.
-  cp ${BASEDIR}/root.x86_64/usr/lib/gummiboot/gummibootx64.efi ${SRCDIR}/efiboot/EFI/boot/loader.efi # TODO: can i use syslinux.efi instead?
+  cp ${BASEDIR}/root.x86_64/usr/lib/systemd/boot/efi/systemd-bootx64.efi ${SRCDIR}/efiboot/EFI/boot/loader.efi # TODO: can i use syslinux.efi instead?
   cp ${TEMPDIR}/EFI/shellx64_v{1,2}.efi ${SRCDIR}/efiboot/EFI/.
   umount ${SRCDIR}/efiboot
   echo "EFI configuration complete..."

lib/10-yo_dj.func.sh

@@ -5,15 +5,15 @@ function yo_dj () {
   ARCH="${1}"
   echo "Building the actual .iso image. This may take a while."
   #im_batman ## WHYTF IS THIS HERE?!
-  ISOFILENAME="${UXNAME}-${VERSION}.iso"
+  ISOFILENAME="${UXNAME}-${BUILDVERSION}.iso"
-  #MINIFILENAME="${UXNAME}-${VERSION}-mini.iso"
+  #MINIFILENAME="${UXNAME}-${BUILDVERSION}-mini.iso"
   MINIFILENAME="${UXNAME}-mini.iso"
   USBFILENAME="${UXNAME}-mini.usb.img"
   if [[ "${MULTIARCH}" == "y" ]];
   then
-    ISOFILENAME="${UXNAME}-${VERSION}-any.iso"
+    ISOFILENAME="${UXNAME}-${BUILDVERSION}-any.iso"
   else
-    ISOFILENAME="${UXNAME}-${VERSION}-${ARCH}.iso"
+    ISOFILENAME="${UXNAME}-${BUILDVERSION}-${ARCH}.iso"
   fi
 
   if [[ "${I_AM_A_RACECAR}" == "y" ]]; 
@@ -284,6 +284,7 @@ EOF
   if [[ "${BUILDMINI}" == "y" ]];
   then
     echo "Now generating the iPXE images; please wait..."
+    ## Get the latest version of ipxe from git.
     git submodule init >> "${LOGFILE}.${FUNCNAME}" 2>&1
     git submodule update >> "${LOGFILE}.${FUNCNAME}" 2>&1
     cd ${BASEDIR}/src/ipxe/src
@@ -292,24 +293,95 @@ EOF
     git checkout master >> "${LOGFILE}.${FUNCNAME}" 2>&1
     git pull >> "${LOGFILE}.${FUNCNAME}" 2>&1
     git checkout master >> "${LOGFILE}.${FUNCNAME}" 2>&1
+    # It will not build if we don't do this. Apparently we *need* libiberty.
+    git revert -n 40a9a0f0
+    ## Apply our patches.
     for i in $(find ${BASEDIR}/src/ipxe_local/patches/ -type f -iname "*.patch" -printf '%P\n' | sort);
     do
-      patch -Np2 < ${BASEDIR}/src/ipxe_local/patches/${i} >> "${LOGFILE}.${FUNCNAME}" 2>&1
+      patch --verbose -Np2 < ${BASEDIR}/src/ipxe_local/patches/${i} >> "${LOGFILE}.${FUNCNAME}" 2>&1
     done
+    ## SSL
+    SSLDIR="${BASEDIR}/src/ipxe_local/ssl"
+    mkdir -p ${SSLDIR}/{keys,crts,txt}
+    chmod 000 ${SSLDIR}/keys
+    chown root:root ${SSLDIR}/keys
+    if [[ -z "${IPXE_SSL_CA}" && -z "${IPXE_SSL_KEY}" ]];
+    then
+      # Generate SSL CA
+      #rm -rf ${SSLDIR}/*
+      cd "${SSLDIR}"
+      IPXE_SSL_CA="${SSLDIR}/crts/ca.crt"
+      IPXE_SSL_CAKEY="${SSLDIR}/keys/ca.key"
+      IPXE_DOMAIN=$(echo ${IPXE_URI} | sed -re 's/^(f|ht)tps?:\/\/// ; s/\/.*//')
+      if [[ ! -f "${SSLDIR}/txt/ca.srl" ]];
+      then
+        echo 01 > ${SSLDIR}/txt/ca.srl
+      fi
+      touch ${SSLDIR}/txt/ca.idx
+      openssl req -days 3650 -subj "/CN=${IPXE_DOMAIN}/O=${PNAME}/C=NA" -x509 -newkey rsa:4096 -nodes -out ${IPXE_SSL_CA} -keyout ${IPXE_SSL_CAKEY} -sha512 >> "${LOGFILE}.${FUNCNAME}" 2>&1
+      openssl req -days 3650 -subj "/CN=${IPXE_DOMAIN}/O=${PNAME}/C=NA" -newkey rsa:4096 -keyout ${SSLDIR}/keys/server.key -nodes -out ${SSLDIR}/crts/server.csr -sha512 >> "${LOGFILE}.${FUNCNAME}" 2>&1
+      openssl ca -days 3650 -batch -config ${SSLDIR}/openssl.cnf -keyfile ${IPXE_SSL_CAKEY} -in ${SSLDIR}/crts/server.csr -out ${SSLDIR}/crts/server.crt >> "${LOGFILE}.${FUNCNAME}" 2>&1
+      #cat crts/server.crt crts/ca.crt > crts/server_chained.crt
+    elif [[ -z "${IPXE_SSL_CA}" && -e "${IPXE_SSL_CAKEY}" ]];
+    then
+      echo "ERROR: You specified IPXE_SSL_CAKEY but not IPXE_SSL_CA. If one is specified, the other must be also."
+      exit 1
+    elif [[ -z "${IPXE_SSL_CAKEY}" && -e "${IPXE_SSL_CA}" ]];
+    then
+      echo "ERROR: You specified IPXE_SSL_CA but not IPXE_SSL_CAKEY. If one is specified, the other must be also."
+      exit 1
+    elif [[ ! -e "${IPXE_SSL_CA}" || ! -e "${IPXE_SSL_CAKEY}" ]];
+    then
+      echo "ERROR: You have specified both IPXE_SSL_CA and IPXE_SSL_CAKEY but one (or both) are not valid paths/files."
+      exit 1
+    fi
+    if [[ -z "${IPXE_SSL_KEY}" && -z "${IPXE_SSL_CRT}" ]];
+    then
+      IPXE_SSL_KEY="${SSLDIR}/keys/client.key"
+      IPXE_SSL_CRT="${SSLDIR}/crts/client.crt"
+      IPXE_DOMAIN=$(echo ${IPXE_URI} | sed -re 's/^(f|ht)tps?:\/\/// ; s/\/.*//')
+      # Generate SSL client key.
+      openssl req -days 3650 -subj "/CN=${IPXE_DOMAIN}/O=${PNAME}/C=NA" -newkey rsa:4096 -keyout ${IPXE_SSL_KEY} -nodes -out ${SSLDIR}/crts/client.csr -sha512 >> "${LOGFILE}.${FUNCNAME}" 2>&1
+      # Sign the crt.
+      openssl ca -days 3650 -batch -config ${SSLDIR}/openssl.cnf -keyfile ${IPXE_SSL_CAKEY} -in ${SSLDIR}/crts/client.csr -out ${IPXE_SSL_CRT} >> "${LOGFILE}.${FUNCNAME}" 2>&1
+    elif [[ -z "${IPXE_SSL_CRT}" && -e "${IPXE_SSL_KEY}" ]]; 
+    then
+      echo "ERROR: You specified IPXE_SSL_KEY but not IPXE_SSL_CRT. If one is specified, the other must be also."
+      exit 1
+    elif [[ -z "${IPXE_SSL_KEY}" && -e "${IPXE_SSL_CRT}" ]]; 
+    then
+      echo "ERROR: You specified IPXE_SSL_CRT but not IPXE_SSL_KEY. If one is specified, the other must be also."
+      exit 1
+    elif [[ ! -e "${IPXE_SSL_CRT}" || ! -e "${IPXE_SSL_KEY}" ]]; 
+    then
+      echo "ERROR: You have specified both IPXE_SSL_CRT and IPXE_SSL_KEY but one (or both) are not valid paths/files."
+      exit 1
+    fi
+    cd ${BASEDIR}/src/ipxe/src
     # Generate the iPXE EMBED script...
     sed -re "s,^(chain\ ).*$,\1${IPXE_URI},g" \
 	-e 's/%%COMMA%%/,/g' ${BASEDIR}/src/ipxe_local/EMBED > ${SRCDIR}/EMBED
+    # And now we build!
     #make everything EMBED="${SRCDIR}/EMBED" >> "${LOGFILE}.${FUNCNAME}" 2>&1
-    make bin-i386-efi/ipxe.efi bin-x86_64-efi/ipxe.efi EMBED="${SRCDIR}/EMBED" >> "${LOGFILE}.${FUNCNAME}" 2>&1
+    make bin-i386-efi/ipxe.efi bin-x86_64-efi/ipxe.efi \
-    make bin/ipxe.eiso bin/ipxe.usb EMBED="${SRCDIR}/EMBED" >> "${LOGFILE}.${FUNCNAME}" 2>&1
+         EMBED="${SRCDIR}/EMBED" \
+         TRUST="${IPXE_SSL_CA}" \
+         CERT="${IPXE_SSL_CA},${IPXE_SSL_CRT}" \
+         PRIVKEY="${IPXE_SSL_KEY}" >> "${LOGFILE}.${FUNCNAME}" 2>&1
+    make bin/ipxe.eiso bin/ipxe.usb \
+         EMBED="${SRCDIR}/EMBED" \
+         TRUST="${IPXE_SSL_CA}" \
+         CERT="${IPXE_SSL_CA},${IPXE_SSL_CRT}" \
+         PRIVKEY="${IPXE_SSL_KEY}" >> "${LOGFILE}.${FUNCNAME}" 2>&1
     # Change this to USB-only...
     #make all EMBED="${BASEDIR}/src/ipxe_local/EMBED" >> "${LOGFILE}.${FUNCNAME}" 2>&1
     mv -f ${BASEDIR}/src/ipxe/src/bin/ipxe.usb  ${ISODIR}/${USBFILENAME}
     mv -f ${BASEDIR}/src/ipxe/src/bin/ipxe.eiso  ${ISODIR}/${MINIFILENAME}
     make clean >> "${LOGFILE}.${FUNCNAME}" 2>&1
-    git reset --hard >> "${LOGFILE}.${FUNCNAME}" 2>&1
+    cd ${BASEDIR}/src/ipxe
     git clean -xdf > /dev/null 2>&1
-    git checkout master > /dev/null 2>&1
+    git reset --hard >> "${LOGFILE}.${FUNCNAME}" 2>&1
+    git checkout master . > /dev/null 2>&1
     #git reset --hard HEAD > /dev/null 2>&1
     echo
   fi

lib/11-mentos.func.sh

@@ -22,7 +22,7 @@ function mentos {
    RACECAR_CHK=""
  fi
 
- if [[ -n $(find ${BASEDIR}/extra/pre-build.d/ -type f -newer ${BASEDIR}/root.x86_64/boot/vmlinuz-linux-${PNAME}) ]];
+ if [[ -n $(find ${BASEDIR}/extra/pre-build.d/ -type f -newer ${BASEDIR}/root.x86_64/boot/vmlinuz-linux-${DISTNAME}) ]];
  then
   touch ${LOCKFILE}
   sleep 2
@@ -36,7 +36,7 @@ function mentos {
  for i in ${CHROOTDIR32} ${CHROOTDIR64};
  do
     echo -n "...Packages installing/upgrading to ${i}..."
-    local INSTKERN=$(file ${i}/boot/vmlinuz-linux-${PNAME} | awk '{print $9}' | cut -f1 -d"-")
+    local INSTKERN=$(file ${i}/boot/vmlinuz-linux-${DISTNAME} | awk '{print $9}' | cut -f1 -d"-")
     local MIRROR=$(egrep '^Server' ${i}/etc/pacman.d/mirrorlist | head -n1 | sed -e 's/^Server\ =\ //g  ; s#$repo.*#core/os/x86_64/#g')
     local NEWKERN=$(curl -s "${MIRROR}" | grep linux | awk '{print $3}' | cut -f2 -d\" | egrep '^linux-[0-9].*pkg.tar.xz$' | cut -f2 -d"-")
 
@@ -45,8 +45,8 @@ function mentos {
     for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%.pacorig} ; done
     ${CHROOTCMD} ${i}/ /usr/bin/bash -c "mkinitcpio -p linux" >> "${LOGFILE}.${FUNCNAME}" 2>&1
     #${CHROOTCMD} ${i}/ bash -c "apacman --noconfirm --noedit --skipinteg -S --needed ${PKGLIST}"
-    cp -a ${i}/boot/vmlinuz-linux ${i}/boot/vmlinuz-linux-${PNAME}
+    cp -a ${i}/boot/vmlinuz-linux ${i}/boot/vmlinuz-linux-${DISTNAME}
-    cp -a ${i}/boot/initramfs-linux.img ${i}/boot/initramfs-linux-${PNAME}.img
+    cp -a ${i}/boot/initramfs-linux.img ${i}/boot/initramfs-linux-${DISTNAME}.img
     echo "Done."
  done
  

lib/prereqs/Antergos/meta

@@ -10,7 +10,7 @@ function distro_specific_tweaks {
  # For some reason, I can't get "yes y | " to parse correctly with eval. And Arch isn't smart enough
  # to figure out that if I enable the multilib repos, *I want multilib gcc*. Fuck it. We'll just remove it first.
 
- pacman -S --needed haveged >> "${LOGFILE}.${FUNCNAME}" 2>&1
+ pacman -S --needed --noconfirm haveged >> "${LOGFILE}.${FUNCNAME}" 2>&1
  haveged
 
  set +e

lib/prereqs/Arch/meta

@@ -10,7 +10,7 @@ function distro_specific_tweaks {
  # For some reason, I can't get "yes y | " to parse correctly with eval. And Arch isn't smart enough
  # to figure out that if I enable the multilib repos, *I want multilib gcc*. Fuck it. We'll just remove it first.
 
- pacman -S --needed haveged >> "${LOGFILE}.${FUNCNAME}" 2>&1
+ pacman -S --needed --noconfirm haveged >> "${LOGFILE}.${FUNCNAME}" 2>&1
  haveged
 
  set +e

lib/prereqs/Arch/pkgs

@@ -1,5 +1,6 @@
 binutils
 curl
+dosfstools
 findutils
 gcc-libs-multilib
 gcc-multilib

lib/prereqs/CentOS/meta

@@ -1,4 +1,5 @@
 NAME='CentOS'
+# Currently fails on installing software *inside* the chroot. Will troubleshoot and restore when figured out.
 SUPPORTED='yes'
 CHECK_METHOD='egrep "^CentOS" /etc/redhat-release'
 PKG_MGR='yum -y install ${pkgname}'
@@ -9,6 +10,7 @@ URL='http://centos.org/'
 function distro_specific_tweaks {
  # NOTE: we handle installing of squashfs-tools (maybe) and xorriso in centos_is_stupid function.
  # because they *suck*. Seriously. I need to install tk just to install xorriso. I mean, what?
+ # You need EPEL enabled, by the way.
 
  echo "No tweaks found."
 

lib/prereqs/Debian/pkgs

@@ -10,7 +10,7 @@ libiberty-dev
 libisoburn1
 lynx
 liblzma5
-liblsma-dev
+liblzma-dev
 make
 mtools
 patch

lib/prereqs/Devuan/meta

@@ -1,5 +1,5 @@
 NAME='Devuan'
-SUPPORTED='yes'
+SUPPORTED='no'
 CHECK_METHOD='egrep "^NAME=\"Devuan\ GNU/Linux\"$" /etc/os-release'
 PKG_MGR='apt-get -y install ${pkgname}'
 PRE_RUN='apt-get update'

lib/prereqs/Fedora/pkgs

@@ -1,6 +1,7 @@
 binutils
 binutils-devel
 curl
+dosfstools
 gcc
 git
 libisofs

lib/prereqs/Gentoo/pkgs

@@ -1,5 +1,6 @@
 sys-devel/binutils
 net-misc/curl
+sys-fs/dosfstools
 sys-devel/gcc
 dev-vcs/git
 dev-libs/libisoburn

lib/prereqs/Manjaro/meta

@@ -2,7 +2,7 @@ NAME='Manjaro'
 SUPPORTED='yes'
 CHECK_METHOD='egrep "^NAME=\"Manjaro Linux\"$" /etc/os-release'
 PKG_MGR='pacman -S --needed --noconfirm ${pkgname}'
-PRE_RUN='pacman -Syyyu'
+PRE_RUN='pacman -Syyy --noconfirm'
 PKG_CHK='pacman -Q ${pkgname}'
 URL='https://manjaro.org/'
 
@@ -10,7 +10,7 @@ function distro_specific_tweaks {
  # For some reason, I can't get "yes y | " to parse correctly with eval. And Arch isn't smart enough
  # to figure out that if I enable the multilib repos, *I want multilib gcc*. Fuck it. We'll just remove it first.
 
- pacman -S --needed haveged >> "${LOGFILE}.${FUNCNAME}" 2>&1
+ pacman -S --needed --noconfirm haveged >> "${LOGFILE}.${FUNCNAME}" 2>&1
  haveged
 
  set +e
@@ -20,6 +20,7 @@ function distro_specific_tweaks {
    if [[ "${?}" == "0" ]];
    then
      pacman -Rdd --noconfirm ${pkg_override} >> "${LOGFILE}.${FUNCNAME}" 2>&1
+     pacman -S --noconfirm ${pkg_override}-multilib >> "${LOGFILE}.${FUNCNAME}" 2>&1
    fi
  done
 set -e

lib/prereqs/Mint/meta

@@ -1,6 +1,7 @@
 NAME='Mint'
-SUPPORTED='yes'
+SUPPORTED='no'
-CHECK_METHOD='egrep "^DESCRIPTION=\"Linux\ Mint\"" /etc/linuxmint/info'
+# Needs non-systemd chroot method
+CHECK_METHOD='egrep "^DESCRIPTION=\"Linux\ Mint" /etc/linuxmint/info'
 PKG_MGR='apt-get -y install ${pkgname}'
 PRE_RUN='apt-get -y update'
 PKG_CHK='dpkg-query -l ${pkgname}'

lib/prereqs/RHEL/meta

@@ -1,5 +1,5 @@
-NAME=RHEL
+NAME='RHEL'
-SUPPORTED=yes
+SUPPORTED='yes'
 # Red Hat Enterprise Linux Server release 6.5 (Santiago)
 CHECK_METHOD='egrep "^Red\ Hat\ Enterprise\ Linux" /etc/redhat-release'
 PKG_MGR='yum -y install'

lib/prereqs/RHEL/pkgs

@@ -1,6 +1,7 @@
 binutils
 binutils-devel
 curl
+dosfstools
 gcc
 git
 libisofs

lib/prereqs/Ubuntu/pkgs

@@ -10,7 +10,7 @@ libiberty-dev
 libisoburn1
 lynx
 liblzma5
-liblsma-dev
+liblzma-dev
 make
 mtools
 patch
@@ -19,7 +19,6 @@ rsync
 sed
 squashfs-tools
 syslinux
-syslinux-efi
 xorriso
 xz-utils
 zlib1g

lib/prereqs/elementaryOS/meta

@@ -1,5 +1,5 @@
 NAME='elementaryOS'
-SUPPORTED='yes'
+SUPPORTED='no'
 CHECK_METHOD='egrep "^DISTRIB_ID=\"elementary OS\"$" /etc/lsb-release'
 PKG_MGR='apt-get -y install ${pkgname}'
 PRE_RUN='apt-get -y update'

lib/prereqs/iso.pkgs.lst

@@ -12,7 +12,6 @@ efivar
 ethtool
 file
 findutils
-gummiboot
 iproute2
 iputils
 libisoburn
@@ -28,11 +27,11 @@ netctl
 networkmanager
 openssh
 openvpn
+prebootloader
 pv
 rsync
 sed
 shorewall
-squashfs3-tools
 squashfs-tools
 sudo
 sysfsutils

lib/prereqs/openSUSE/pkgs

@@ -1,5 +1,8 @@
 binutils
+binutils-devel
+binutils-devel-32bit
 curl
+dosfstools
 gcc
 gcc-32bit
 git
@@ -15,3 +18,5 @@ sed
 squashfs
 syslinux
 xz
+xz-devel
+xz-devel-32bit

overlay/etc/bash.bashrc

@@ -50,9 +50,10 @@ echo "==================================="
 date
 if [ -n "${DEFROUTEIF}" ];
 then
+ IPADDR=$(ip a s dev ${DEFROUTEIF} | egrep '^[[:space:]]*inet\ ' | awk '{print $2}' | cut -f1 -d"/")
+ HWADDR=$(ip l show dev ${DEFROUTEIF} | egrep '^[[:space:]]*link' | awk '{print $2}')
  echo
- echo -n "${DEFROUTEIF} is: "
+ echo -n "${DEFROUTEIF} (${HWADDR}) is: ${IPADDR}"
- ifconfig "${DEFROUTEIF}" | egrep 'inet|ether' | grep -v "inet6" | awk '{print $2}'
 fi
 echo
 echo  -n "tun0 is:"

overlay/etc/systemd/scripts/livecd.fix.sh

@@ -1,11 +1,6 @@
 #/bin/sh -
 
 #chmod 4755 /opt/google/chrome-beta/chrome-sandbox
-mkdir -p /var/db/sudo/lectured
-touch /var/db/sudo/lectured/bdisk
-chmod 700 /var/db/sudo/lectured
-chgrp bdisk /var/db/sudo/lectured/bdisk
-chmod 600 /var/db/sudo/lectured/bdisk
 chmod 4755 /usr/bin/sudo
 
 function fuck_you_gimme_net() {

src/ipxe_local/00-general.sed

@@ -0,0 +1,10 @@
+## Enable IPv6 support
+s/^#undef([[:space:]]*NET_PROTO_IPV6)/#define\1/g
+## Enable HTTPS
+s/^#undef([[:space:]]*DOWNLOAD_PROTO_HTTPS)/#define\1/g
+s@^//(#define[[:space:]]*IMAGE_TRUST_CMD@\1@g
+## Enable FTP
+s/^#undef([[:space:]]*DOWNLOAD_PROTO_FTP)/#define\1/g
+## Currently broken for EFI building
+#s@^//(#define[[:space:]]*CONSOLE_CMD)@\1@g
+#s@^//(#define[[:space:]]*IMAGE_PNG@\1@g

src/ipxe_local/01-console.sed

@@ -0,0 +1,2 @@
+## Currently broken on EFI systems
+#s@^//(#define[[:space:]]*CONSOLE_VESAFB)@\1@g

src/ipxe_local/EMBED

@@ -1,4 +1,8 @@
 #!ipxe
 
 dhcp
+## TODO: signed kernel and initrd
+#imgtrust --permanent
+#imgverify vmlinuz path/to/vmlinuz.sig
+#imgverify initrd path/to/initrd.sig
 chain https://bdisk.square-r00t.net

src/ipxe_local/patches/ipxe-0002-banner.patch

@@ -1,6 +1,8 @@
---- a/src/usr/autoboot.c	2015-06-29 04:18:17.055394598 -0400
+diff --git a/src/usr/autoboot.c b/src/usr/autoboot.c
-+++ b/src/usr/autoboot.c	2015-06-29 22:04:28.692916217 -0400
+index e93b015..758e187 100644
-@@ -71,6 +71,7 @@
+--- a/src/usr/autoboot.c
++++ b/src/usr/autoboot.c
+@@ -71,6 +71,7 @@ static int ( * is_autoboot_device ) ( struct net_device *netdev );
  #define NORMAL	"\033[0m"
  #define BOLD	"\033[1m"
  #define CYAN	"\033[36m"
@@ -8,16 +10,27 @@
  
  /** The "scriptlet" setting */
  const struct setting scriptlet_setting __setting ( SETTING_MISC, scriptlet ) = {
-@@ -560,9 +561,9 @@
+@@ -521,7 +522,6 @@ static int shell_banner ( void ) {
+  * @ret rc		Return status code
+  */
+ int ipxe ( struct net_device *netdev ) {
+-	struct feature *feature;
+ 	struct image *image;
+ 	char *scriptlet;
+ 	int rc;
+@@ -538,11 +538,11 @@ int ipxe ( struct net_device *netdev ) {
  	 * do so.
  	 *
  	 */
 -	printf ( NORMAL "\n\n" PRODUCT_NAME "\n" BOLD PRODUCT_SHORT_NAME " %s"
--		 NORMAL " -- " PRODUCT_TAG_LINE " -- "
++       printf ( NORMAL "\n\n" PRODUCT_NAME "\n" BOLD PRODUCT_SHORT_NAME 
+ 		 NORMAL " -- " PRODUCT_TAG_LINE " -- "
 -		 CYAN PRODUCT_URI NORMAL "\nFeatures:", product_version );
-+	printf ( NORMAL "\n\n" PRODUCT_NAME "\n" BOLD PRODUCT_SHORT_NAME
+-	for_each_table_entry ( feature, FEATURES )
-+		 CYAN PRODUCT_URI NORMAL "\n"
+-		printf ( " %s", feature->name );
-+		 BOLD BLUE "http://bdisk.square-r00t.net/" NORMAL "\n" );
++                CYAN PRODUCT_URI NORMAL "\n"
- 	for_each_table_entry ( feature, FEATURES )
++                BOLD "BDisk" BLUE "LiveDistro" NORMAL " -- Welp, Yer Boned!(TM) -- "
- 		printf ( " %s", feature->name );
++                BOLD BLUE "https://bdisk.square-r00t.net/" NORMAL "\n" );
  	printf ( "\n" );
+ 
+ 	/* Boot system */

src/ipxe_local/patches/ipxe-0003-iso-efi.patch

@@ -1,26 +1,25 @@
-From ddf6f6ac945654b00121ab899fb0bbb63293e51e Mon Sep 17 00:00:00 2001
+From d2092664b3cf866b2ab338fe056149d3266d0acc Mon Sep 17 00:00:00 2001
 From: Christian Hesse <mail@eworm.de>
-Date: Tue, 7 Apr 2015 16:04:31 +0200
+Date: Sun, 19 Apr 2015 13:16:09 +0200
-Subject: [PATCH 1/2] [build] allow to build ISO image with EFI support
+Subject: [PATCH 1/1] allow to build ISO image with EFI support (ipxe.eiso)
- (ipxe.eiso)
 
 Signed-off-by: Christian Hesse <mail@eworm.de>
 ---
- src/arch/i386/Makefile.pcbios |  6 ++++++
+ src/arch/x86/Makefile.pcbios |  6 ++++++
- src/util/geniso               | 39 ++++++++++++++++++++++++++++++---------
+ src/util/geniso               | 52 +++++++++++++++++++++++++++++++++----------
- 2 files changed, 36 insertions(+), 9 deletions(-)
+ 2 files changed, 46 insertions(+), 12 deletions(-)
 
-diff --git a/src/arch/i386/Makefile.pcbios b/src/arch/i386/Makefile.pcbios
+diff --git a/src/arch/x86/Makefile.pcbios b/src/arch/x86/Makefile.pcbios
-index ff82373..c7a58eb 100644
+index 18a6f75..9cb3e0b 100644
---- a/src/arch/i386/Makefile.pcbios
+--- a/src/arch/x86/Makefile.pcbios
-+++ b/src/arch/i386/Makefile.pcbios
++++ b/src/arch/x86/Makefile.pcbios
-@@ -59,6 +59,12 @@ NON_AUTO_MEDIA	+= iso
+@@ -82,6 +82,12 @@ NON_AUTO_MEDIA	+= iso
- 	$(QM)$(ECHO) "  [GENISO] $@"
+ 	$(Q)ISOLINUX_BIN=$(ISOLINUX_BIN) LDLINUX_C32=$(LDLINUX_C32) \
- 	$(Q)ISOLINUX_BIN=$(ISOLINUX_BIN) VERSION="$(VERSION)" bash util/geniso -o $@ $<
+ 	    VERSION="$(VERSION)" bash util/geniso -o $@ $<
  
 +# rule to make a non-emulation ISO boot image with EFI support
-+NON_AUTO_MEDIA	+= eiso
++NON_AUTO_MEDIA += eiso
-+%eiso:	%lkrn bin-i386-efi/ipxe.efi bin-x86_64-efi/ipxe.efi util/geniso
++%eiso: %lkrn bin-i386-efi/ipxe.efi bin-x86_64-efi/ipxe.efi util/geniso
 +	$(QM)$(ECHO) "  [GENISO] $@"
 +	$(Q)ISOLINUX_BIN=$(ISOLINUX_BIN) VERSION="$(VERSION)" bash util/geniso -e -o $@ $<
 +
@@ -28,14 +27,14 @@ index ff82373..c7a58eb 100644
  NON_AUTO_MEDIA	+= liso
  %liso:	%lkrn util/geniso
 diff --git a/src/util/geniso b/src/util/geniso
-index 521c929..998370d 100755
+index 521c929..9e8588c 100755
 --- a/src/util/geniso
 +++ b/src/util/geniso
 @@ -6,16 +6,21 @@ function help() {
  	echo "usage: ${0} [OPTIONS] foo.lkrn [bar.lkrn,...]"
  	echo
  	echo "where OPTIONS are:"
-+	echo " -e	build image with EFI support"
++	echo " -e       build image with EFI support"
  	echo " -h       show this help"
  	echo " -l       build legacy image with floppy emulation"
  	echo " -o FILE  save iso image to file"
@@ -54,49 +53,47 @@ index 521c929..998370d 100755
  		h)
  			help
  			exit 0
-@@ -37,23 +42,24 @@ if [ -z "${OUT}" ]; then
+@@ -37,17 +42,25 @@ if [ -z "${OUT}" ]; then
  	exit 1
  fi
  
 -# There should either be mkisofs or the compatible genisoimage program
 -for command in genisoimage mkisofs; do
-+# We require xorriso (from libisoburn) for EFI support
+-	if ${command} --version >/dev/null 2>/dev/null; then
-+# genisoimage and mkisofs are missing some features
-+for command in xorriso; do
- 	if ${command} --version >/dev/null 2>/dev/null; then
 -		mkisofs=(${command})
-+		xorriso=(${command})
+-		break
- 		break
+-	fi
- 	fi
+-done
- done
+-
- 
 -if [ -z "${mkisofs}" ]; then
 -	echo "${0}: mkisofs or genisoimage not found, please install or set PATH" >&2
-+if [ -z "${xorriso}" ]; then
++# We need xorriso (from libisoburn) for EFI support, so try that first.
-+	echo "${0}: xorriso not found, please install or set PATH" >&2
++if xorriso --version >/dev/null 2>/dev/null; then
++	mkisofs=(xorriso -as mkisofs)
++elif [ ${EFI} -eq 1 ]; then
++	echo "${0}: xorriso not found, but required for EFI support. Please install." >&2
  	exit 1
++else
++	# fall back to mkisofs or the compatible genisoimage program
++	for command in genisoimage mkisofs; do
++		if ${command} --version >/dev/null 2>/dev/null; then
++			mkisofs=(${command})
++			break
++		fi
++	done
++
++	if [ -z "${mkisofs}" ]; then
++		echo "${0}: mkisofs or genisoimage not found, please install or set PATH" >&2
++		exit 1
++	fi
  fi
  
  dir=$(mktemp -d bin/iso.dir.XXXXXX)
- cfg=${dir}/isolinux.cfg
+@@ -122,6 +135,21 @@ case "${LEGACY}" in
- 
--mkisofs+=(-quiet -l -volid "iPXE" -preparer "iPXE build system"
-+xorriso+=(-as mkisofs -quiet -l -volid "iPXE" -preparer "iPXE build system"
- 	-appid "iPXE ${VERSION} - Open Source Network Boot Firmware"
- 	-publisher "http://ipxe.org/" -c boot.cat)
- 
-@@ -116,12 +122,27 @@ case "${LEGACY}" in
- 		fi
- 
- 		# generate the iso image
--		"${mkisofs[@]}" -b boot.img -output ${OUT} ${dir}
-+		"${xorriso[@]}" -b boot.img -output ${OUT} ${dir}
- 		;;
- 	0)
  		# copy isolinux bootloader
  		cp ${ISOLINUX_BIN} ${dir}
  
-+		xorriso+=(-b isolinux.bin -no-emul-boot -boot-load-size 4 -boot-info-table)
++		mkisofs+=(-b isolinux.bin -no-emul-boot -boot-load-size 4 -boot-info-table)
 +
 +		if [ "${EFI}" -eq 1 ]; then
 +			# generate EFI image
@@ -108,18 +105,18 @@ index 521c929..998370d 100755
 +			mcopy -m -i ${img} bin-x86_64-efi/ipxe.efi "::EFI/BOOT/BOOTX64.EFI"
 +			mcopy -m -i ${img} bin-i386-efi/ipxe.efi "::EFI/BOOT/BOOTIA32.EFI"
 +
-+			xorriso+=(-eltorito-alt-boot -e efiboot.img -isohybrid-gpt-basdat -no-emul-boot)
++			mkisofs+=(-eltorito-alt-boot -e efiboot.img -isohybrid-gpt-basdat -no-emul-boot)
 +		fi
 +
  		# syslinux 6.x needs a file called ldlinux.c32
  		LDLINUX_C32=$(dirname ${ISOLINUX_BIN})/ldlinux.c32
  		if [ -s ${LDLINUX_C32} ]; then
-@@ -129,7 +150,7 @@ case "${LEGACY}" in
+@@ -129,7 +157,7 @@ case "${LEGACY}" in
  		fi
  
  		# generate the iso image
 -		"${mkisofs[@]}" -b isolinux.bin -no-emul-boot -boot-load-size 4 -boot-info-table -output ${OUT} ${dir}
-+		"${xorriso[@]}" -output ${OUT} ${dir}
++		"${mkisofs[@]}" -output ${OUT} ${dir}
  
  		# isohybrid will be used if available
  		if isohybrid --version >/dev/null 2>/dev/null; then

src/ipxe_local/ssl/openssl.cnf

@@ -0,0 +1,33 @@
+[ ca ]
+default_ca             = ca_default
+
+[ ca_default ]
+certificate            = crts/ca.crt
+private_key            = keys/ca.key
+serial                 = txt/ca.srl
+database               = txt/ca.idx
+#new_certs_dir          = signed
+new_certs_dir          = crts
+#default_md             = default
+default_md             = sha512
+policy                 = policy_anything
+preserve               = yes
+default_days           = 90
+unique_subject         = no
+
+[ policy_anything ]
+countryName            = optional
+stateOrProvinceName    = optional
+localityName           = optional
+organizationName       = optional
+organizationalUnitName = optional
+commonName             = optional
+emailAddress           = optional
+
+[ cross ]
+basicConstraints       = critical,CA:true
+keyUsage               = critical,cRLSign,keyCertSign
+
+[ codesigning ]
+keyUsage                = digitalSignature
+extendedKeyUsage        = codeSigning