Before this change, the hash of the etc metadata image was included in
the mount unit that's responsible for mounting this metadata image in the
initrd.
And because this metadata image changes with every change to the etc
contents, the initrd would be rebuild every time as well.
This can lead to a lot of rebuilds (especially when revision info is
included in /etc/os-release) and all these initrd archives use up a lot of
space on the ESP.
With this change, we instead include a symlink to the metadata image in the
top-level directory, in the same way as we already do for things like init and
prepare-root, and we deduce the store path from the init= kernel parameter,
in the same way as we already do to find the path to init and prepare-root.
Doing so avoids rebuilding the initrd all the time.
The URL scheme for downloading plugins has changed a long time ago and
the used URL is dead. Gerrit only throws an error since it can't load
the plugin but it continues to boot. However, instead of maintaining
URLs to 3rdparty plugins, which end up dead anyway, just drop it. The
test should cover Gerrit and not 3rd party plugins.
Also, while on it, drop the setting `plugins.allowRemoteAdmin = true`
since it's not needed.
Signed-off-by: Felix Singer <felixsinger@posteo.net>
🎉
This package has been deprecated and unmaintained upstream for almost a
decade, has required extensive patching to keep working on new Python
versions, will inevitably break again with Python 3.13 dropping 2to3,
is lacking a maintainer in Nixpkgs, is now unused in the tree, and
has caused us all far too many headaches lately. Let’s put an end
to this!
Shout‐outs to mweinelt and jchv for dealing with this situation
early on, pyrox0, Sigmanificient, and dotlambda for tackling a bunch
of packages, and natsukium for help with reviews. I never thought this
would get finished so quickly. We’ve collectively handled almost
1½ packages per day in the three months since I first opened the
tracking issue, and sometimes helped move the entire ecosystem forward.
Closes: #326513
Group only needs limited access, while other users don't need access at
all. So set the UMask to 027.
Signed-off-by: Felix Singer <felixsinger@posteo.net>
It was breaking knot-dns.tests.knot
New knotd uses fchown to cover cases where user changes during startup.
In typical Linux cases the user is kept the same and there are
capabilities instead, but the syscall still happens and got caught here.
systemd requires paths in `ReadWritePaths=` to exist before setting up
the service sandbox, so dhcpcd should be ordered after resolvconf.
Making resolvconf a oneshot service ensure `After=resolvconf.service`
works correctly.
