Difference between revisions of "User:Rdeckard/Post-installation"
(→Pacman hooks: fix error) |
(→AUR: rename section) |
||
Line 91: | Line 91: | ||
sigfail.verteiltesysteme.net has address 134.91.78.139 (BOGUS (security failure)) | sigfail.verteiltesysteme.net has address 134.91.78.139 (BOGUS (security failure)) | ||
− | == AUR == | + | == Pacman == |
+ | |||
+ | === Create local repository for AUR === | ||
[[Install]] the {{aur|aurutils}} package. Then create a local repository called {{ic|aur}}: | [[Install]] the {{aur|aurutils}} package. Then create a local repository called {{ic|aur}}: |
Revision as of 19:18, 18 February 2018
Contents
Setup networking
If you have a wired connection, start/enable the dhcpcd@interface.service
unit.
If you have a wireless connection, create the following file:
/etc/wpa_supplicant/wpa_supplicant.conf
ctrl_interface=/run/wpa_supplicant update_config=1
Now add the dhcpcd hook for wpa_supplicant:
# ln -s /usr/share/dhcpcd/hooks/10-wpa_supplicant /usr/lib/dhcpcd/dhcpcd-hooks/
Now start/enable the dhcpcd@interface.service
.
Then connect to a wifi network with:
# wpa_passphrase MYSSID passphrase >> /etc/wpa_supplicant/wpa_supplicant.conf
You may need to restart dhcpcd@interface.service
.
Alternatively, use wpa_cli to scan and connect to a network.
Enable the ntpd.service
to keep your clock in sync.
/etc/systemd/system/dhcpcd@.service.d/override.conf
[Service] ExecStart= ExecStart=/usr/bin/dhcpcd -b -q %I
DNS Resolver
Set your DNS server to 127.0.0.1
:
/etc/resolv.conf
127.0.0.1
Ensure that dhcpcd won't overwrite it:
/etc/dhcpcd.conf
nohook resolv.conf
Add the following configuration file for unbound. It includes DNSSEC, root hints, and ad blocking. Add the IP addresses of DNS servers where indicated.
/etc/unbound/unbound.conf
server: username: unbound pidfile: "/etc/unbound/unbound.pid" directory: "/etc/unbound" trust-anchor-file: "/etc/unbound/root.key" root-hints: "/etc/unbound/root.hints" include: /etc/unbound/ads.conf do-not-query-localhost: no forward-zone: name: "." forward-addr: dns_ip_addr1 forward-addr: dns_ip_addr2
Update the trust anchor file:
# unbound-anchor -a /etc/unbound/root.key
Update the root hints file:
# curl -o /etc/unbound/root.hints https://www.internic.net/domain/named.cache
Update the ad blocking file:
# curl https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts | awk '/^0\.0\.0\.0/ {print "local-zone: \""$2"\" redirect\nlocal-data: \""$2" A 0.0.0.0\""}' > /etc/unbound/ads.conf
Start/enable the unbound.service
.
Test DNSSEC
$ unbound-host -C /etc/unbound/unbound.conf -v sigok.verteiltesysteme.net
The first output line should be something like the following. Note the word "secure".
sigok.verteiltesysteme.net has address 134.91.78.139 (secure)
$ unbound-host -C /etc/unbound/unbound.conf -v sigfail.verteiltesysteme.net
The first output line should be something like the following. Note the word "BOGUS".
sigfail.verteiltesysteme.net has address 134.91.78.139 (BOGUS (security failure))
Pacman
Create local repository for AUR
Install the aurutilsAUR package. Then create a local repository called aur
:
/etc/pacman.d/aur
[options] CacheDir = /var/cache/pacman/pkg CacheDir = /var/cache/pacman/aur CleanMethod = KeepCurrent [aur] SigLevel = Optional TrustAll Server = file:///var/cache/pacman/aur
Additional line:
/etc/pacman.conf
Include = /etc/pacman.d/aur
# mkdir -p /var/cache/pacman/aur # chown user:user /var/cache/pacman/aur $ cd /var/cache/pacman/aur $ repose -vf aur
Now use aurutils or aurbuild to create packages that are put in the local database.
Pacman hooks
Get notified when a package become an orphan.
/etc/pacman.d/hooks/orphans.hook
[Trigger] Operation = Upgrade Operation = Install Operation = Remove Type = Package Target = * [Action] Description = Checking for orphans... When = PostTransaction Exec = /usr/bin/bash -c "/usr/bin/pacman -Qtd || true"
Clean up pacman cache on transactions.
/etc/pacman.d/hooks/paccache.hook
[Trigger] Operation = Upgrade Operation = Install Operation = Remove Type = Package Target = * [Action] Description = Cleaning pacman cache... When = PostTransaction Exec = /usr/bin/paccache -rv
Get notified when a package is no longer in a repository.
/etc/pacman.d/hooks/repocheck.hook
[Trigger] Operation = Upgrade Operation = Install Operation = Remove Type = Package Target = * [Action] Description = Checking for dropped packages... When = PostTransaction Exec = /usr/bin/bash -c "/usr/bin/pacman -Qqm || true"