59 changed files with 528 additions and 947 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,19 +1,14 @@
 # We don't want local build settings in case someone's using
 # the git dir as a place to store their build.ini
 /build.ini
 /build.ini.*
 /dist.build.ini
 *.bak
 # These are user-controlled.
-/overlay
+#/overlay/*
 !/overlay/x86_64
 !/overlay/i686
-!/overlay/etc
+!/overlay/etc/
 extra/templates/overlay
 !extra/templates/overlay/x86_64
 !extra/templates/overlay/i686
 !extra/templates/overlay/etc
 # The default doesn't store these in the git working dir,
 # but better safe than sorry.
 /root.x86_64
@ -40,6 +35,7 @@ extra/templates/overlay
 **/etc/systemd/system/multi-user.target.wants/openvpn@*
 **/etc/ssh
 **/home
 **/root
 **ssl/
 !**ssl/.keepme
 !**ssl/openssl.cnf
--- a/bdisk/bGPG.py
+++ b/bdisk/bGPG.py
@ -12,15 +12,8 @@ def genGPG(conf):
    dlpath = build['dlpath']
    bdisk = conf['bdisk']
    gpghome = conf['gpg']['mygpghome']
-    distkeys = []
+    distkey = build['gpgkey']
-    gpgkeyserver = []
+    gpgkeyserver = build['gpgkeyserver']
    for a in conf['build']['arch']:
        keysrv = conf['src'][a]['gpgkeyserver']
        distkey = conf['src'][a]['gpgkey']
        if keysrv and (keysrv not in gpgkeyserver):
            gpgkeyserver.append(keysrv)
        if distkey and(distkey not in distkeys):
            distkeys.append(distkey)
    templates_dir = '{0}/extra/templates'.format(build['basedir'])
    mykey = False
    pkeys = []
@ -35,30 +28,28 @@ def genGPG(conf):
        if gpghome == '':
            # We'll generate a key if we can't find one here.
            gpghome = build['dlpath'] + '/.gnupg'
    killStaleAgent(conf)
    os.environ['GNUPGHOME'] = gpghome
    gpg = gpgme.Context()
    # do we need to add a keyserver?
-    if len(gpgkeyserver) != 0:
+    if gpgkeyserver != '':
        dirmgr = '{0}/dirmngr.conf'.format(gpghome)
        for s in gpgkeyserver:
        if os.path.isfile(dirmgr):
            with open(dirmgr, 'r+') as f:
-                    findme = any(s in line for line in f)
+                findme = any(gpgkeyserver in line for line in f)
                if not findme:
                    f.seek(0, os.SEEK_END)
                    f.write("\n# Added by {0}.\nkeyserver {1}\n".format(
                                                        bdisk['pname'],
-                                                            s))
+                                                        gpgkeyserver))
    if mykey:
        try:
-            pkeys.append(gpg.get_key(mykey, True))
+            privkey = gpg.get_key(mykey, True)
        except:
            exit('{0}: ERROR: You specified using {1} but we have no secret key for that ID!'.format(
                                                        datetime.datetime.now(),
                                                        mykey))
    else:
-        for key in gpg.keylist(None, True):
+        for key in gpg.keylist(None,True):
            if key.can_sign:
                pkeys.append(key)
                break
@ -71,22 +62,25 @@ def genGPG(conf):
            privkey = gpg.get_key(gpg.genkey(tpl_out).fpr, True)
            pkeys.append(privkey)
            # do we need to add a keyserver? this is for the freshly-generated GNUPGHOME
-            if len(gpgkeyserver) != 0:
+            if build['gpgkeyserver'] != '':
                dirmgr = '{0}/dirmngr.conf'.format(gpghome)
                for s in gpgkeyserver:
                with open(dirmgr, 'r+') as f:
-                        findme = any(s in line for line in f)
+                    findme = any(gpgkeyserver in line for line in f)
                    if not findme:
                        f.seek(0, os.SEEK_END)
                        f.write("\n# Added by {0}.\nkeyserver {1}\n".format(
                                                            bdisk['pname'],
-                                                                s))
+                                                            build['gpgkeyserver']))
    gpg.signers = pkeys
    # Now we try to find and add the key for the base image.
    gpg.keylist_mode = gpgme.KEYLIST_MODE_EXTERN  # remote (keyserver)
-    if len(distkeys) > 0: # testing
+    if distkey: # testing
-        for k in distkeys:
+    #try:
-            key = gpg.get_key(k)
+        key = gpg.get_key(distkey)
    #except:
    #    exit('{0}: ERROR: We cannot find key ID {1}!'.format(
    #                                datetime.datetime.now(),
    #                                distkey))
    importkey = key.subkeys[0].fpr
    gpg.keylist_mode = gpgme.KEYLIST_MODE_LOCAL # local keyring (default)
    DEVNULL = open(os.devnull, 'w')
@ -100,8 +94,8 @@ def genGPG(conf):
            '0x{0}'.format(importkey)]
    subprocess.call(cmd, stdout = DEVNULL, stderr = subprocess.STDOUT)
    sigkeys = []
-            for i in gpg.get_key(importkey).subkeys:
+    for k in gpg.get_key(importkey).subkeys:
-                sigkeys.append(i.fpr)
+        sigkeys.append(k.fpr)
    cmd = ['/usr/bin/gpg',
            '--batch',
            '--yes',
@ -117,13 +111,13 @@ def killStaleAgent(conf):
    # Kill off any stale GPG agents running.
    # Probably not even needed, but good to have.
    chrootdir = conf['build']['chrootdir']
-    gpgpath = conf['gpg']['mygpghome']
+    dlpath = conf['build']['dlpath']
    procs = psutil.process_iter()
    plst = []
    for p in procs:
        if (p.name() in ('gpg-agent', 'dirmngr') and p.uids()[0] == os.getuid()):
            pd = psutil.Process(p.pid).as_dict()
-            for d in (chrootdir, gpgpath):
+            for d in (chrootdir, dlpath):
                if pd['cwd'].startswith('{0}'.format(d)):
                    plst.append(p.pid)
    if len(plst) >= 1:
@ -131,7 +125,7 @@ def killStaleAgent(conf):
            psutil.Process(p).terminate()
 def signIMG(path, conf):
-    if conf['build']['sign']:
+    if conf['build']['gpg']:
        # Do we want to kill off any stale gpg-agents? (So we spawn a new one)
        # Requires further testing.
        #killStaleAgent()
--- a/bdisk/bchroot.py
+++ b/bdisk/bchroot.py
@ -138,12 +138,11 @@ def chrootTrim(build):
                                                        humanize.naturalsize(
                                                            os.path.getsize(tarball)),
                                                        dbdir))
-        #for d in ('etc/pacman.d/gnupg', 'var/empty/.gnupg'):  # actually, we should probably keep these.
+        for d in ('etc/pacman.d/gnupg', 'var/empty/.gnupg'):
-        # they don't take much space, and it's a PITA to pacman-key --init && pacman-key --populate again on boot.
+            if os.path.isdir('{0}/root.{1}/{2}'.format(chrootdir, a, d)):
-        #    if os.path.isdir('{0}/root.{1}/{2}'.format(chrootdir, a, d)):
+                shutil.rmtree('{0}/root.{1}/{2}'.format(chrootdir, a, d))
        #        shutil.rmtree('{0}/root.{1}/{2}'.format(chrootdir, a, d))
        # TODO: move the self-cleanup in pre-build.sh to here.
-        delme = [#'/root/.gnupg',  # see above
+        delme = ['/root/.gnupg',
                '/root/.bash_history',
                #'/var/log/chroot_install.log',  # disable for now. maybe always disable if debug is enabled? TODO.
                '/.git',
--- a/bdisk/bdisk.py
+++ b/bdisk/bdisk.py
@ -1,6 +1,4 @@
 #!/bin/env python3
 import argparse
 import host
 import prep
 import bchroot
@ -10,17 +8,14 @@ import bSSL
 import ipxe
 import bsync
 import bGPG
 import os
-
+# we need to:
-def bdisk(args):
+# we also need to figure out how to implement "mentos" (old bdisk) like functionality, letting us reuse an existing chroot install if possible to save time for future builds.
-    # we also need to figure out how to implement "mentos" (old bdisk) like functionality, letting us reuse an
+#   if not, though, it's no big deal.
-    # existing chroot install if possible to save time for future builds.
+# still on the todo: iPXE
-    # if not, though, it's no big deal.
+if __name__ == '__main__':
    if os.getuid() != 0:
        exit('{0}: ERROR: BDisk *must* be run as the root user or with sudo!'.format(datetime.datetime.now()))
    print('{0}: Starting.'.format(datetime.datetime.now()))
-    conf = host.parseConfig(host.getConfig(conf_file = args['buildini']))[1]
+    conf = host.parseConfig(host.getConfig())[1]
    prep.dirChk(conf)
    conf['gpgobj'] = bGPG.genGPG(conf)
    prep.buildChroot(conf, keep = False)
@ -52,20 +47,3 @@ def bdisk(args):
    bsync.git(conf)
    bsync.rsync(conf)
    print('{0}: Finish.'.format(datetime.datetime.now()))
 def parseArgs():
    args = argparse.ArgumentParser(description = 'BDisk - a tool for building live/rescue media.',
                                   epilog = 'brent s. || 2017 || https://bdisk.square-r00t.net')
    args.add_argument('buildini',
                      metavar = '/path/to/build.ini',
                      default = '/etc/bdisk/build.ini',
                      nargs = '?',
                      help = 'The full/absolute path to the build.ini to use for this run. The default is /etc/bdisk/build.ini, but see https://bdisk.square-r00t.net/#the_code_build_ini_code_file.')
    return(args)
 def main():
    args = vars(parseArgs().parse_args())
    bdisk(args)
 if __name__ == '__main__':
    main()
--- a/bdisk/bsync.py
+++ b/bdisk/bsync.py
@ -32,12 +32,12 @@ def http(conf):
                                                    datetime.datetime.now(),
                                                    httpdir))
        for a in arch:
-            for i in ('md5', 'sfs', 'sha256', 'sha512'):
+            for i in ('md5', 'sfs', 'sha256'):
                httpfiles['{0}/{1}/airootfs.{2}'.format(bdisk['name'], a, i)] = '{0}/{1}/airootfs.{2}'.format(bdisk['name'], a, i)
        httpfiles['VERSION_INFO.txt'] = 'VERSION_INFO.txt'
        if 'x86_64' in arch:
            httpfiles['boot/{0}.64.kern'.format(bdisk['uxname'])] = '{0}.64.kern'.format(bdisk['uxname'])
-            httpfiles['boot/{0}.64.img'.format(bdisk['uxname'])] = '{0}.64.img'.format(bdisk['uxname'])
+            httpfiles['boot/{0}.64.img'.format(bdisk['uxname'])] = '{0}.32.img'.format(bdisk['uxname'])
        if 'i686' in arch:
            httpfiles['boot/{0}.32.kern'.format(bdisk['uxname'])] = '{0}.32.kern'.format(bdisk['uxname'])
            httpfiles['boot/{0}.32.img'.format(bdisk['uxname'])] = '{0}.32.img'.format(bdisk['uxname'])
@ -48,7 +48,6 @@ def http(conf):
            fulldest = '{0}/{1}'.format(httpdir, destpath)
            parentdir = os.path.split(fulldest)[0]
            os.makedirs(parentdir, exist_ok = True)
            if os.path.lexists('{0}/{1}'.format(prepdir, k)):
            shutil.copy2('{0}/{1}'.format(prepdir, k), '{0}/{1}'.format(httpdir, httpfiles[k]))
        for root, dirs, files in os.walk(httpdir):
            for d in dirs:
@ -81,7 +80,7 @@ def tftp(conf):
                                                datetime.datetime.now(),
                                                tftpdir))
        for a in arch:
-            for i in ('md5', 'sfs', 'sha256', 'sha512'):
+            for i in ('md5', 'sfs', 'sha256'):
                tftpfiles['{0}/{1}/airootfs.{2}'.format(bdisk['name'], a, i)] = '{0}/{1}/airootfs.{2}'.format(bdisk['name'], a, i)
        tftpfiles['VERSION_INFO.txt'] = 'VERSION_INFO.txt'
        if 'x86_64' in arch:
--- a/bdisk/build.py
+++ b/bdisk/build.py
@ -21,7 +21,6 @@ def genImg(conf):
    basedir = build['basedir']
    prepdir = build['prepdir']
    hashes = {}
    hashes['sha512'] = {}
    hashes['sha256'] = {}
    hashes['md5'] = {}
    squashfses = []
@ -53,10 +52,9 @@ def genImg(conf):
                                            humanize.naturalsize(
                                                os.path.getsize(squashimg))))
        # Generate the checksum files
-        print("{0}: [BUILD] Generating SHA512 SHA256, MD5 checksums ({1})...".format(
+        print("{0}: [BUILD] Generating SHA256, MD5 checksums ({1})...".format(
                                                datetime.datetime.now(),
                                                squashimg))
        hashes['sha512'][a] = hashlib.sha512()
        hashes['sha256'][a] = hashlib.sha256()
        hashes['md5'][a] = hashlib.md5()
        with open(squashimg, 'rb') as f:
@ -65,11 +63,8 @@ def genImg(conf):
                if not stream:
                    break
                # NOTE: these items are hashlib objects, NOT strings!
                hashes['sha512'][a].update(stream)
                hashes['sha256'][a].update(stream)
                hashes['md5'][a].update(stream)
        with open(airoot + 'airootfs.sha512', 'w+') as f:
            f.write("{0}  airootfs.sfs\n".format(hashes['sha512'][a].hexdigest()))
        with open(airoot + 'airootfs.sha256', 'w+') as f:
            f.write("{0}  airootfs.sfs\n".format(hashes['sha256'][a].hexdigest()))
        with open(airoot + 'airootfs.md5', 'w+') as f:
@ -334,7 +329,7 @@ def genISO(conf):
    tpl_loader = jinja2.FileSystemLoader(templates_dir)
    env = jinja2.Environment(loader = tpl_loader)
    tpl = env.get_template(isolinux_cfg)
-    tpl_out = tpl.render(build = build, bdisk = bdisk, bitness = bitness)
+    tpl_out = tpl.render(build = build, bdisk = bdisk)
    with open(sysl_tmp + '/isolinux.cfg', "w+") as f:
        f.write(tpl_out)
    # And we need to build the ISO!
--- a/bdisk/host.py
+++ b/bdisk/host.py
@ -24,13 +24,10 @@ def getHostname():
    hostname = platform.node()
    return(hostname)
-def getConfig(conf_file = '/etc/bdisk/build.ini'):
+def getConfig(conf_file='/etc/bdisk/build.ini'):
    conf = False
    # define some defailt conf paths in case we're installed by
    # a package manager. in order of the paths we should search.
    currentdir = os.path.dirname(os.path.realpath(__file__))
    currentdir_user = os.path.abspath('{0}/../build.ini'.format(currentdir))
    currentdir_def = os.path.abspath('{0}/../extra/dist.build.ini'.format(currentdir))
    default_conf_paths = ['/etc/bdisk/build.ini',
                        '/usr/share/bdisk/build.ini',
                        '/usr/share/bdisk/extra/build.ini',
@ -39,8 +36,7 @@ def getConfig(conf_file = '/etc/bdisk/build.ini'):
                        '/usr/local/share/docs/bdisk/build.ini',
                        '/opt/dev/bdisk/build.ini',
                        '/opt/dev/bdisk/extra/build.ini',
-                        '/opt/dev/bdisk/extra/dist.build.ini',
+                        '/opt/dev/bdisk/extra/dist.build.ini']
                        currentdir_user]
        # if we weren't given one/using the default...
    if conf_file == '/etc/bdisk/build.ini':
        if not os.path.isfile(conf_file):
@ -50,9 +46,7 @@ def getConfig(conf_file = '/etc/bdisk/build.ini'):
                    break
    else:
        conf = conf_file
-    else:
+    defconf = '{0}/../extra/dist.build.ini'.format(os.path.dirname(os.path.realpath(__file__)))
        conf = conf_file
    defconf = os.path.abspath('{0}/../extra/dist.build.ini'.format(os.path.dirname(os.path.realpath(__file__))))
    if not conf:
        # okay, so let's check for distributed/"blank" ini's
        # since we can't seem to find one.
@ -74,9 +68,9 @@ def parseConfig(confs):
    config_dict = {s:dict(config.items(s)) for s in config.sections()}
    # Convert the booleans to pythonic booleans in the dict...
    config_dict['bdisk']['user'] = config['bdisk'].getboolean('user')
    config_dict['build']['gpg'] = config['build'].getboolean('gpg')
    config_dict['build']['i_am_a_racecar'] = config['build'].getboolean('i_am_a_racecar')
    config_dict['build']['ipxe'] = config['build'].getboolean('ipxe')
    config_dict['build']['sign'] = config['build'].getboolean('sign')
    config_dict['build']['multiarch'] = (config_dict['build']['multiarch']).lower()
    config_dict['ipxe']['iso'] = config['ipxe'].getboolean('iso')
    config_dict['ipxe']['usb'] = config['ipxe'].getboolean('usb')
@ -97,17 +91,12 @@ def parseConfig(confs):
    # commits on top of a new tagged release). e.g. for build Y:
    # v#.##-Y or v#.##rX-Y
    if config_dict['bdisk']['ver'] == '':
        try:
        repo = git.Repo(config_dict['build']['basedir'])
        refs = repo.git.describe(repo.head.commit).split('-')
        if len(refs) >= 2:
            config_dict['bdisk']['ver'] = refs[0] + 'r' + refs[1]
        else:
            config_dict['bdisk']['ver'] = refs[0]
        except:
            exit(('{0}: ERROR: {1} is NOT a valid git repository, and you did not specify bdisk:ver in your build.ini! ' +
                  'Did you perhaps install from a package manager? Please refer to the documentation.').format(datetime.datetime.now(),
                                                                                                               config_dict['build']['basedir']))
    # And the build number.
    # TODO: support tracking builds per version. i.e. in buildnum:
    # v2.51r13:0
@ -137,20 +126,16 @@ def parseConfig(confs):
                                        config_dict['build']['multiarch']))
    ## VALIDATORS ##
    # Validate bootstrap mirror
-    config_dict['src'] = {}
+    if (validators.domain(config_dict['build']['mirror']) or validators.ipv4(
-    for a in config_dict['build']['arch']:
+                                config_dict['build']['mirror']) or validatords.ipv6(
-        config_dict['src'][a] = config_dict['source_' + a]
+                                config_dict['build']['mirror'])):
        if (validators.domain(config_dict['src'][a]['mirror']) or validators.ipv4(
                                    config_dict['src'][a]['mirror']) or validatords.ipv6(
                                    config_dict['src'][a]['mirror'])):
        try:
-                getaddrinfo(config_dict['src'][a]['mirror'], None)
+            getaddrinfo(config_dict['build']['mirror'], None)
        except:
            exit(('{0}: ERROR: {1} does not resolve and cannot be used as a ' + 
                'mirror for the bootstrap tarballs. Check your configuration.').format(
                                        datetime.datetime.now(),
-                                            config_dict['src'][a]['host']))
+                                        config_dict['build']['host']))
        config_dict['src'][a]['gpg'] = config['source_' + a].getboolean('gpg')
    # Are we rsyncing? If so, validate the rsync host.
    # Works for IP address too. It does NOT check to see if we can
    # actually *rsync* to it; that'll come later.
--- a/bdisk/ipxe.py
+++ b/bdisk/ipxe.py
@ -21,8 +21,7 @@ def buildIPXE(conf):
    srcdir = build['srcdir']
    embedscript = build['dlpath'] + '/EMBED'
    ipxe_src = srcdir + '/ipxe'
-    #ipxe_git_uri = 'git://git.ipxe.org/ipxe.git'
+    ipxe_git_uri = 'git://git.ipxe.org/ipxe.git'
    ipxe_git_uri = 'http://git.ipxe.org/ipxe.git'
    print('{0}: [IPXE] Prep/fetch sources...'.format(
                                        datetime.datetime.now()))
    # Get the source
--- a/bdisk/prep.py
+++ b/bdisk/prep.py
@ -25,34 +25,27 @@ def dirChk(conf):
 def downloadTarball(conf):
    build = conf['build']
    dlpath = build['dlpath']
    src = conf['src']
    arch = build['arch']
-    tarball_path = {}
+    #mirror = 'http://mirrors.kernel.org/archlinux'
-    for a in arch:
+    mirror = build['mirrorproto'] + '://' + build['mirror']
-        locsrc = conf['source_' + a]
+    rlsdir = mirror + build['mirrorpath']
-        mirror = locsrc['mirrorproto'] + '://' + locsrc['mirror']
+    sha_in = urlopen(mirror + build['mirrorchksum'])
        rlsdir = mirror + locsrc['mirrorpath']
        if locsrc['mirrorchksum'] != '':
            if locsrc['chksumtype'] == '':
                exit("{0}: source_{1}:chksumtype is unset!".format(datetime.datetime.now(), a))
            hash_type = locsrc['chksumtype']
            hash_in = urlopen(mirror + locsrc['mirrorchksum'])
            hashsums = hash_in.read()
            hash_in.close()
            hash_raw = hashsums.decode("utf-8")
            hash_list = list(filter(None, hash_raw.split('\n')))
            hash_dict = {x.split()[1]: x.split()[0] for x in hash_list}
    # returns path/filename e.g. /some/path/to/file.tar.gz
    # we use .gnupg since we'll need it later.
    os.makedirs(dlpath + '/.gnupg', exist_ok = True)
-        tarball_path[a] = dlpath + '/.latest.' + a + '.tar'
+    tarball_path = {}
    for x in arch:
        tarball_path[x] = dlpath + '/.latest.' + x + '.tar'
    sha1sums = sha_in.read()
    sha_in.close()
    sha_raw = sha1sums.decode("utf-8")
    sha_list = list(filter(None, sha_raw.split('\n')))
    sha_dict = {x.split()[1]: x.split()[0] for x in sha_list}
    # all that lousy work just to get a sha1 sum. okay. so.
    for a in arch:
        pattern = re.compile('^.*' + a + '\.tar(\.(gz|bz2|xz))?$')
-        if locsrc['mirrorfile'] != '':
+        tarball = [filename.group(0) for l in list(sha_dict.keys()) for filename in [pattern.search(l)] if filename][0]
-            tarball = locsrc['mirrorfile']
+        sha1 = sha_dict[tarball]
        else:
            tarball = [filename.group(0) for l in list(hash_dict.keys()) for filename in [pattern.search(l)] if filename][0]
        if locsrc['mirrorchksum'] != '':
            hashsum = hash_dict[tarball]
        if os.path.isfile(tarball_path[a]):
            pass
        else:
@ -60,6 +53,7 @@ def downloadTarball(conf):
            print("{0}: [PREP] Fetching tarball ({1} architecture)...".format(
                                                            datetime.datetime.now(),
                                                            a))
            #dl_file = urllib.URLopener()
            tarball_dl = urlopen(rlsdir + tarball)
            with open(tarball_path[a], 'wb') as f:
                f.write(tarball_dl.read())
@ -69,32 +63,20 @@ def downloadTarball(conf):
                                                    tarball_path[a],
                                                    humanize.naturalsize(
                                                        os.path.getsize(tarball_path[a]))))
        if locsrc['mirrorchksum'] != '':
        print("{0}: [PREP] Checking hash checksum {1} against {2}...".format(
                                                    datetime.datetime.now(),
-                                                        hashsum,
+                                                    sha1,
                                                    tarball_path[a]))
-            # Calculate the checksum according to type specified.
+        tarball_hash = hashlib.sha1(open(tarball_path[a], 'rb').read()).hexdigest()
-            tarball_hash = False
+        if tarball_hash != sha1:
            for i in hashlib.algorithms_available:
                if hash_type == i:
                    hashfunc = getattr(hashlib, i)
                    tarball_hash = hashfunc(open(tarball_path[a], 'rb').read()).hexdigest()
                    break
            if not tarball_hash:
                exit("{0}: source_{1}:chksumtype '{2}' is not supported on this machine!".format(
                                                            datetime.datetime.now(),
                                                            a,
                                                            hash_type))
            if tarball_hash != hashsum:
            exit(("{0}: {1} either did not download correctly\n\t\t\t    or a wrong (probably old) version exists on the filesystem.\n\t\t\t    " +
                                "Please delete it and try again.").format(datetime.datetime.now(), tarball))
-        if locsrc['mirrorgpgsig'] != '':
+        elif build['mirrorgpgsig'] != '':
-            # let's verify the signature.
+            # okay, so the sha1 matches. let's verify the signature.
-            if locsrc['mirrorgpgsig'] == '.sig':
+            if build['mirrorgpgsig'] == '.sig':
                gpgsig_remote = rlsdir + tarball + '.sig'
            else:
-                gpgsig_remote = locsrc['mirrorgpgsig']
+                gpgsig_remote = build['mirrorgpgsig']
            sig_dl = urlopen(gpgsig_remote)
            sig = tarball_path[a] + '.sig'
            with open(sig, 'wb+') as f:
--- a/docs/TODO
+++ b/docs/TODO
@ -1,13 +1,5 @@
-investigate weird signing issue- if you specify a key to sign with, it appears that the squashed images (at least in the http dir) doesn't have a sig/asc. do they need to copy it over? or is it not even signing them?
+## Missing v2.x functionality ##
 -switch from python-pygpgme to python-gpgme for better performance. also clean up bGPG in general; reference KANT.
 -more pythonic! classes (because inits help), use list or tuple constant for checksums, try vars-ing the configparser stuff (and move defaults to in-code?),
   change path combinations to use os.path.join etc.
 -modularity: https://stackoverflow.com/a/8719100
 -mtree-like functionality; if mtree spec is found, apply that to files in overlay (or chroot even); otherwise copy from overlay and don't touch chroot 
 -i_am_a_racecar optimizations
 - different distro guests (debian, etc.)- https://stackoverflow.com/questions/2349991/python-how-to-import-other-python-files/20749411#20749411
 -incorporate this into the manual?
 -TFTP configs generated for pxelinux
 -fix the branding, etc. on ipxe. :(
@ -17,27 +9,25 @@
 -- https://code.google.com/p/byte-unixbench/
 -- https://github.com/akopytov/sysbench
 -- (http://blog.due.io/2014/linode-digitalocean-and-vultr-comparison/ etc.)
-There *has* to be a better way of handling package installation in the chroots.
+-implement pyalpm to decreate dependency on chroot pacman-ing?
 --implement pyalpm to decreate dependency on chroot pacman-ing?
 --or even maybe https://wiki.archlinux.org/index.php/offline_installation_of_packages in pure python!
 -set up automatic exporting to PDF of the user manual server-side. https://pypi.python.org/pypi/unoconv/0.6
 -There *has* to be a better way of handling package installation in the chroots.
 -maybe remove lxde, firefox, chrome and replace with enlightenment/midori?
 -custom repo? https://brainwreckedtech.wordpress.com/2013/01/27/making-your-own-arch-linux-repository/
--https://wiki.archlinux.org/index.php/Building_32-bit_packages_on_a_64-bit_system # NOTE: arch has dropped i686, now continued as archlinux32
+--https://wiki.archlinux.org/index.php/Building_32-bit_packages_on_a_64-bit_system
 -implement better "additional" packages list. specify for path in build.ini- these should be more easily changed by end users. DON'T TOUCH iso.pkgs.lst since those are necessary for booting.
-automatic shorewall/some other firewall?
+-shorewall/some other firewall?
 -autodetection/configuration of network. DHCP is currently running by default, but does it need to support IPv6? if so, how would the user configure their network?
 -DISABLE NETWORKMANAGER AND "fi.w1.wpa_supplicant1"??? keeps spawning wpa_supplicant (and thusly killing networking proper)
 -for netboot, custom user agent (should be defined by build.ini)
 --iPXE's curl
 --initrd's curl
 -WISH: Better logging/debugging
 https://web.archive.org/web/20170726052946/http://www.lexev.org/en/2013/python-logging-every-day/
 -WISH: signing for secureboot releases (PreLoader and loader.efi handle this okay, but require manual intervention)
 -does loader.efi support splash backgrounds? can i implement that differently somehow?
 --yes, see e.g. https://www.reddit.com/r/archlinux/comments/3bwgf0/where_put_the_splasharchbmp_to_splash_screen_boot/
-strip out/remove unnecessary and orphan packages (e.g. gcc, make, automake, etc.) before building ISO
+-strip out/remove unnecessary and orphan packages (e.g. gcc, make, automake, etc.)
 -incorporate iPXE tweaks:
 --http://ipxe.org/crypto 
 --http://ipxe.org/cmd/imgtrust
@ -49,7 +39,6 @@ https://web.archive.org/web/20170726052946/http://www.lexev.org/en/2013/python-l
 ---#imgverify initrd path/to/initrd.sig
 ---DONE, partially. need to incorporate codesign certs/keys. routines, conf variables
 -enable mirror= kernel commandline.
 -NOTE: Following should be implemented via AIF-NG (https://git.square-r00t.net/AIF-NG, work pending for fix to BDisk for i686/x86_64 split) 
 --if mirror_(NAME) is present, use that as repo name.
 --if it starts with /, treat as mirrorlist (Include); otherwise use Server = 
 --if it has mirror_SIG-X, set signature options e.g. _SIG-N would be "SigLevel = Never"
@ -58,3 +47,5 @@ https://web.archive.org/web/20170726052946/http://www.lexev.org/en/2013/python-l
 -include WinMTR, build Mac OS X MTR for dist/tools on CD
 -include pre-compiled LibreCrypt for opening LUKS parts on Windows (https://github.com/t-d-k/LibreCrypt)
 --curl -s https://raw.githubusercontent.com/t-d-k/LibreCrypt/master/README.md | egrep 'InstallLibreCrypt_v[A-Za-z0-9\.]*.exe' | cut -f2 -d'"'
--- a/docs/manual/HEAD.adoc
+++ b/docs/manual/HEAD.adoc
@ -1,6 +1,6 @@
 = BDisk User and Developer Manual
 Brent Saner <bts@square-r00t.net>
-v1.3, 2017-08-20
+v1.0, 2016-12
 :doctype: book
 :data-uri:
 :imagesdir: images
--- a/docs/manual/further/BUGS.adoc
+++ b/docs/manual/further/BUGS.adoc
@ -2,17 +2,17 @@
 NOTE: It is possible to submit a bug or feature request without registering in my bugtracker. One of my pet peeves is needing to create an account/register on a bugtracker simply to report a bug! The following links only require an email address to file a bug (which is necessary in case I need any further clarification from you or to keep you updated on the status of the bug/feature request -- so please be sure to use a valid email address).
 === Bugs
-If you encounter any bugs in *BDisk*, you can file a bug report https://bugs.square-r00t.net/index.php?do=newtask&project=2&task_type=1&product_category=5[here^].
+If you encounter any bugs in *BDisk*, you can file a bug report https://bugs.square-r00t.net/index.php?do=newtask&project=2&task_type=1[here^].
-If you encounter any bugs (inaccurate information, typos, misformatting, etc.) in *this documentation*, you can file a bug report https://bugs.square-r00t.net/index.php?do=newtask&project=2&task_type=1&product_category=26[here^].
+If you encounter any bugs (inaccurate information, typos, misformatting, etc.) in *this documentation*, you can file a bug report https://bugs.square-r00t.net/index.php?do=newtask&project=8&task_type=1[here^].
 === Feature Requests
-If you have any features you'd like to see or you think would help *BDisk* become even more useful, please file a feature request https://bugs.square-r00t.net/index.php?do=newtask&project=2&task_type=2&product_category=5[here^].
+If you have any features you'd like to see or you think would help *BDisk* become even more useful, please file a feature request https://bugs.square-r00t.net/index.php?do=newtask&project=2&task_type=2[here^].
-If you have any suggestions on how to improve *this documentation* or feel it's missing information that could be useful, please file a feature request https://bugs.square-r00t.net/index.php?do=newtask&project=2&task_type=2&product_category=26[here^].
+If you have any suggestions on how to improve *this documentation* or feel it's missing information that could be useful, please file a feature request https://bugs.square-r00t.net/index.php?do=newtask&project=8&task_type=2[here^].
 === Patches
-I gladly welcome https://www.gnu.org/software/diffutils/manual/html_node/Unified-Format.html[patches^], but I deplore using GitHub (even though I https://github.com/johnnybubonic/BDisk[have a mirror there^]). For this reason, please follow the same https://www.kernel.org/doc/Documentation/process/submitting-patches.rst[patch/pull request process] for the Linux kernel and email it to bts@square-r00t.net.
+I gladly welcome https://www.gnu.org/software/diffutils/manual/html_node/Unified-Format.html[patches^], but I deplore using GitHub (even though I https://github.com/johnnybubonic/BDisk[have a mirror there^]). For this reason, please follow the same https://www.kernel.org/doc/Documentation/SubmittingPatches[patch/pull request process] for the Linux kernel and email it to bts@square-r00t.net.
 Alternatively, you may attach a patch to a <<bugs,bug report>>/<<feature_requests,feature request>>.
--- a/docs/manual/images/fig1.1.png
+++ b/docs/manual/images/fig1.1.png
--- a/docs/manual/user/BUILDING.adoc
+++ b/docs/manual/user/BUILDING.adoc
@ -7,8 +7,6 @@ NOTE: Due to requiring various mounting and chrooting, BDisk must be run as the
 To initiate a build, simply run `<basedir>/bdisk/bdisk.py`. That's it! Everything should continue automatically.
 If you'd like to specify a path to a specific build configuration, you can use `<basedir>/bdisk/bdisk.py path/to/build.ini`. The default is _/etc/bdisk/build.ini_ (plus <<the_code_build_ini_code_,other locations>>).
 If you're using a packaged version you installed from your distro's package manager, you instead should run wherever it installs to. Most likely this is going to be `/usr/sbin/bdisk`. (On systemd build hosts that have done the https://www.freedesktop.org/wiki/Software/systemd/TheCaseForTheUsrMerge/[/usr merge^], you can use `/usr/sbin/bdisk` or `/sbin/bdisk`.)
 If you encounter any issues during the process, make sure you read the documentation -- if your issue still isn't addressed, please be sure to file a <<bug_reports_feature_requests,bug report>>!
--- a/docs/manual/user/BUILDINI.adoc
+++ b/docs/manual/user/BUILDINI.adoc
@ -3,7 +3,7 @@ This file is where you can specify some of the very basics of BDisk building. It
 It's single-level, but divided into "sections". This is unfortunately a limitation of ConfigParser, but it should be easy enough to follow.
-Blank lines are ignored, as well as any lines beginning with `#` and `;`. There are some restrictions and recommendations for some values, so be sure to note them when they occur. Variables referencing other values in the `build.ini` are allowed in the format of `${keyname}` if it's in the same section; otherwise, `${section:keyname}` can be used.
+Blank lines are ignored, as well as any lines beginning with `#` and `;`. There are some restrictions and recommendations for some values, so be sure to note them when they occur. Variables referencing other values in the `build.ini` are allowed in the format of `${value}` if it's in the same section; otherwise, `${section:value}` can be used.
 If you want to use your own `build.ini` file (and you should!), the following paths are searched in order. The first one found will be used.
@ -16,7 +16,6 @@ If you want to use your own `build.ini` file (and you should!), the following pa
 * `/opt/dev/bdisk/build.ini`
 * `/opt/dev/bdisk/extra/build.ini`
 * `/opt/dev/bdisk/extra/dist.build.ini`
 * `<bdisk.py directory>/../build.ini`
 We'll go into more detail for each section below.
@ -35,29 +34,17 @@ We'll go into more detail for each section below.
 [user]
 username = ${bdisk:uxname}
 name = Default user
 groups = ${bdisk:uxname},admin
 password = $$6$$t92Uvm1ETLocDb1D$$BvI0Sa6CSXxzIKBinIaJHb1gLJWheoXp7WzdideAJN46aChFu3hKg07QaIJNk4dfIJ2ry3tEfo3FRvstKWasg/
- [source_x86_64]
+ [build]
 mirror = mirror.us.leaseweb.net
 mirrorproto = https
 mirrorpath = /archlinux/iso/latest/
 mirrorfile = .sig
 mirrorchksum = ${mirrorpath}sha1sums.txt
 chksumtype = sha1
 mirrorgpgsig =
 gpgkey = 7F2D434B9741E8AC
 gpgkeyserver =
 [source_i686]
 mirror = mirror.us.leaseweb.net
 mirrorproto = https
 mirrorpath = /archlinux/iso/latest/
 mirrorfile =
 mirrorchksum = ${mirrorpath}sha1sums.txt
 chksumtype = sha1
 mirrorgpgsig =
- gpgkey =
+ gpgkey = 7F2D434B9741E8AC
 gpgkeyserver =
- [build]
+ gpg = no
 dlpath = /var/tmp/${bdisk:uxname}
 chrootdir = /var/tmp/chroots
 basedir = /opt/dev/bdisk
@ -66,8 +53,7 @@ We'll go into more detail for each section below.
 prepdir = ${dlpath}/temp
 archboot = ${prepdir}/${bdisk:name}
 mountpt = /mnt/${bdisk:uxname}
- multiarch = x86_64
+ multiarch = yes
 sign = yes
 ipxe = no
 i_am_a_racecar = no
 [gpg]
@ -128,7 +114,7 @@ This string is used for "pretty-printing" of the project name; it should be a mo
 . ASCII only
 ==== `ver`
-The version string. If this isn't specified, we'll try to guess based on the current git commit and tags in `<<code_basedir_code,build:basedir>>`. If `<<code_basedir_code,build:basedir>>` is *not* a git repository (i.e. you installed BDisk from a package manager), you MUST specify a version number.
+The version string. If this isn't specified, we'll try to guess based on the current git commit and tags in `<<code_basedir_code,build:basedir>>`.
 . No whitespace
@ -193,37 +179,20 @@ What comment/description/real name should be used for the user? For more informa
 . ASCII only
 ==== `groups`
 What groups this user should be added to, comma-separated. They will be created if they don't exist yet. Standard *nix group names rules apply:
 . ASCII only
 . 32 characters or less
 . Can only contain lower-case letters, numeric digits, underscores, or dashes (and can end with a dollar sign)
 . Must start with a (lower-case) letter or underscore
 . No whitespace
 ==== `password`
 The escaped, salted, hashed string to use for the non-root user.
 Please see <<passwords,the section on passwords>> for information on this value. In the <<example,example above>>, the string `$$6$$t92Uvm1ETLocDb1D$$BvI0Sa6CSXxzIKBinIaJHb1gLJWheoXp7WzdideAJN46aChFu3hKg07QaIJNk4dfIJ2ry3tEfo3FRvstKWasg/` is created from the password `test`. I cannot stress this enough, do not use a plaintext password here nor just use a regular `/etc/shadow` file/`crypt(3)` hash here. Read the section. I promise it's short.
-=== `[source_<arch>]`
+=== `[build]`
-This section controls where to fetch the "base" tarballs.
+This section controls some aspects about the host and things like filesystem paths, etc.
 NOTE: Previously, these settings were *not* architecture-specific, and included in the <<code_build_code,`build`>> section.
 It was necessary to create this section per architecture, because https://www.archlinux.org/news/phasing-out-i686-support/[Arch Linux has dropped i686 support^]. However, plenty of other distros also have removed support and other third-party projects have ported. (You can find the Arch Linux 32-bit/i686 port project http://archlinux32.org/[here^].)
 The directives here are only covered once, however, since both sections are identical- they just allow you to specify different mirrors. Note that the two settings are `[source_i686]` (for 32-bit) and `[source_x86_64]` (for 64-bit/multilib).
 Which section is used (or both) depends on what <<code_multiarch_code, architectures you have enabled>> for the build.
 ==== `mirror`
 A mirror that hosts the bootstrap tarball. It is *highly* recommended you use an Arch Linux https://wiki.archlinux.org/index.php/Install_from_existing_Linux#Method_A:_Using_the_bootstrap_image_.28recommended.29[bootstrap tarball^] as the build process is highly specialized to this (but <<bug_reports_feature_requests,patches/feature requests>> are welcome for other built distros). You can find a list of mirrors at the bottom of Arch's https://www.archlinux.org/download/[download page^].
 . No whitespace
 . Must be accessible remotely/via a WAN-recognized address
-. Must be a domain/FQDN (or IP address) only; no paths (those come later!)
+. Must be a domain/FQDN only; no paths (those come later!)
 ==== `mirrorproto`
 What protocol should we use for the <<code_mirror_code,`mirror`>>?
@ -239,42 +208,14 @@ What is the path to the tarball directory on the <<code_mirror_code,`mirror`>>?
 . No whitespace
 ==== `mirrorfile`
-What is the filename for the tarball found in the path specified in <<code_mirrorpath_code,`mirrorpath`>> ? If left blank, we will use the hash <<code_mirrorchksum_code,checksum>> file to try to guess the most recent file.
+What is the filename for the tarball found in the path specified in <<code_mirrorpath_code,`mirrorpath`>> ? If left blank, we will use the sha1 <<code_mirrorchksum_code,checksum>> file to try to guess the most recent file.
 ==== `mirrorchksum`
-*[optional]* +
+The path to a sha1 checksum file of the bootstrap tarball.
 *default: (no hash checking done)* +
 *requires: <<code_chksumtype_code,`chksumtype`>>*
 The path to a checksum file of the bootstrap tarball.
 . No whitespace
 . Must be the full path
-. Don't include the <<code_mirror_code,mirror domain>> or <<code_mirrorproto_code,protocol>>
+. Don't include the mirror domain or protocol
 ==== `chksumtype`
 The algorithm that <<code_mirrorchksum_code,`mirrorchksum`>>'s hashes are in.
 [options="header"]
 |======================
 7+^|Accepts one of:
 ^m|blake2b
 ^m|blake2s
 ^m|md5
 ^m|sha1
 ^m|sha224
 ^m|sha256
 ^m|sha384
 ^m|sha512
 ^m|sha3_224
 ^m|sha3_256
 ^m|sha3_384
 ^m|sha3_512
 ^m|shake_128
 ^m|shake_256
 |======================
 TIP: You may have support for additional hashing algorithms, but these are the ones gauranteed to be supported by Python's https://docs.python.org/3/library/hashlib.html[hashlib module^]. To get a full list of algorithms the computer you're building on supports, you can run `python3 -c 'import hashlib;print(hashlib.algorithms_available)'`. Most likely, however, <<code_mirrorchksum_code,`mirrorchksum`>> is going to be hashes of one of the above.
 ==== `mirrorgpgsig`
 *[optional]* +
@ -284,7 +225,7 @@ TIP: You may have support for additional hashing algorithms, but these are the o
 If the bootstrap tarball file has a GPG signature, we can use it for extra checking. If it's blank, GPG checking will be disabled.
-If you specify just `.sig` (or use the default and don't specify a <<code_mirrorfile_code,`mirrorfile`>>), BDisk will try to guess based on the file from the hash <<code_mirrorchksum_code,checksum>> file. Note that unless you're using the `.sig` "autodetection", this must evaluate to a full URL. (e.g. `${mirrorproto}://${mirror}${mirrorpath}somefile.sig`)
+If you specify just `.sig` (or use the default and don't specify a <<code_mirrorfile_code,`mirrorfile`>>), BDisk will try to guess based on the file from the sha1 <<code_mirrorchksum_code,checksum>> file. Note that this must evaluate to a full URL. (e.g. `${mirrorproto}://${mirror}${mirrorpath}somefile.sig`)
 ==== `gpgkey`
 *requires: <<optional,_gpg/gnupg_>>*
@ -304,18 +245,6 @@ What is a valid keyserver we should use to fetch <<code_gpgkey_code,`gpgkey`>>?
 . The default (blank) is probably fine. If you don't specify a personal GPG config, then you'll most likely want to leave this blank.
 . If set, make sure it is a valid keyserver URI (e.g. `hkp://keys.gnupg.net`)
 [options="header"]
 |======================
 2+^|Accepts (case-insensitive) one of:
 ^m|yes ^m|no
 ^m|true ^m|false
 ^m|1 ^m|0
 |======================
 === `[build]`
 This section controls some aspects about the host and things like filesystem paths, etc.
 ==== `gpg`
 Should we sign our release files? See the <<code_gpg_code_2,`[gpg]`>> section.
@ -525,7 +454,7 @@ What group the HTTP files should be owned as. This is most likely going to be ei
 . Group must exist on build system
 |======================
-^s|Can be one of: ^.^m|groupname ^.^m|https://linux.die.net/man/5/group[GID]
+^s|Can be one of: ^.^m|group name ^.^m|https://linux.die.net/man/5/group[UID]
 |======================
 === `[tftp]`
@ -557,7 +486,7 @@ What group the TFTP files should be owned as. This is most likely going to be ei
 . Group must exist on build system
 |======================
-^s|Can be one of: ^.^m|groupname ^.^m|https://linux.die.net/man/5/group[GID]
+^s|Can be one of: ^.^m|group name ^.^m|https://linux.die.net/man/5/group[UID]
 |======================
 === `[ipxe]`
--- a/docs/manual/user/GETTING_STARTED.adoc
+++ b/docs/manual/user/GETTING_STARTED.adoc
@ -7,13 +7,13 @@ image::fig1.1.png[cgit,align="center"]
 If you know the tag of the commit you want, you can use curl:
- curl -sL -o bdisk.tar.xz https://git.square-r00t.net/BDisk/snapshot/BDisk-3.00-BETA.tar.xz
+ curl -sL -o bdisk.tar.xz https://git.square-r00t.net/BDisk/snapshot/BDisk-3.11.tar.xz
 or wget:
- wget -O bdisk.tar.xz https://git.square-r00t.net/BDisk/snapshot/BDisk-3.00-BETA.tar.xz
+ wget -O bdisk.tar.xz https://git.square-r00t.net/BDisk/snapshot/BDisk-3.11.tar.xz
-You can use `https://git.square-r00t.net/BDisk/snapshot/BDisk-master.tar.xz` for the URL if you want the latest working version. If you want a snapshot of a specific commit, you can use e.g. `https://git.square-r00t.net/BDisk/snapshot/BDisk-a1fe1dbc0a0ce2b2a5d1b470d30b60636f9b2efa.tar.xz` and so on.
+You can use `https://git.square-r00t.net/BDisk/snapshot/BDisk-master.tar.xz` for the URL if you want the latest working version. If you want a snapshot of a specific commit, you can use e.g. `https://git.square-r00t.net/BDisk/snapshot/BDisk-5ac510762ce00eef213957825de0e6d07186e7f8.tar.xz` and so on.
 Alternatively, you can use https://git-scm.com/[git^]. Git most definitely _should_ be in your distro's repositories.
@ -50,13 +50,9 @@ These are needed for using BDisk.
 These are required Python modules:
 * https://pypi.python.org/pypi/GitPython[GitPython^]
 * https://pypi.python.org/pypi/humanize[Humanize^]
 * http://jinja.pocoo.org/[Jinja2^]
 * https://pypi.python.org/pypi/psutil[PSUtil^]
 * https://pypi.python.org/pypi/patch[Patch^]
 * https://pypi.python.org/pypi/pygpgme[PyGPGME^]
 * https://pypi.python.org/pypi/pyOpenSSL[PyOpenSSL^]
 * https://pypi.python.org/pypi/validators[Validators^]
 ==== Optional
@ -64,8 +60,6 @@ While not strictly necessary, these will greatly enhance your BDisk usage. I've
 NOTE: If you do not wish to install any of these or cannot install them, be sure to disable the relevant options in the `build.ini` file (we'll talk about that later). The default `extra/dist.build.ini` should be sane enough to not require any of these.
 * http://cdrtools.sourceforge.net/private/cdrecord.html[cdrtools^]
 ** Needed for building iPXE.
 * http://gcc.gnu.org[gcc (multilib)^] (>=6.x)
 ** Needed for building iPXE.
 * http://gcc.gnu.org[gcc-libs (multilib)^] (>=6.x)
@ -77,4 +71,14 @@ NOTE: If you do not wish to install any of these or cannot install them, be sure
 * https://rsync.samba.org/[rsync^]
 ** For syncing built ISOs to a fileserver, syncing to a remote iPXE server, syncing to a traditional PXE/TFTP server, etc.
 These are optional Python modules:
 * https://pypi.python.org/pypi/GitPython[GitPython^]
 ** (Same reasons as _git_)
 * https://pypi.python.org/pypi/pygpgme[PyGPGME^]
 ** (Same reasons as _gpg/gnupg_)
 * https://pypi.python.org/pypi/patch[Patch^]
 ** For branding iPXE environments per your `build.ini`.
 * https://pypi.python.org/pypi/pyOpenSSL[PyOpenSSL^]
 ** To set up a PKI when building iPXE; used to create trusted/verified images.
--- a/docs/manual/user/advanced/SSH.adoc
+++ b/docs/manual/user/advanced/SSH.adoc
@ -17,7 +17,7 @@ First, create a file: `<basedir>/overlay/etc/ssh/sshd_config` using the followin
 Subsystem	sftp	/usr/lib/ssh/sftp-server
 KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
 Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
- MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
+ MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
 We'll also want to implement a more secure `ssh_config` file to avoid possible leaks. The following is `<basedir>/overlay/etc/ssh/ssh_config`:
@ -28,7 +28,7 @@ We'll also want to implement a more secure `ssh_config` file to avoid possible l
     PubkeyAuthentication yes
     HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa
     Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
-     MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
+     MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
 We'll want to create our own moduli. This can take a long time, but only needs to be done once -- it doesn't need to be done for every build. The following commands should be run in `<basedir>/overlay/etc/ssh/`:
--- a/docs/manual/user/fslayout/TEMPLATES.adoc
+++ b/docs/manual/user/fslayout/TEMPLATES.adoc
@ -38,7 +38,7 @@ The `EFI/` directory is similar to <<efi, EFI/>> above also, but needs fewer con
 The `patches/` directory largely control branding of the mini ISO. They are in https://www.gnu.org/software/diffutils/manual/html_node/Unified-Format.html[unified diff^] (or "patch") format.
 ===== overlay/
-This directory contains *templated* overlays. These are intended to be templated by the user. See <<overlay_2, the overlay section>> for more information on how to use this. Remember to suffix your template files with the `.j2` extension.
+This directory contains *templated* overlays. These are intended to be templated by the user. See <<overlay, the overlay section>> for more information on how to use this. Remember to suffix your template files with the `.j2` extension.
 ===== pre-build.d/
 This directory contains *templated* overlays. These are intended to not be managed by the user, as they handle configuration necessary for building an ISO. See <<pre_build_d, the pre-build.d section>> for more information on this.
--- a/extra/aif.png
+++ b/extra/aif.png
--- a/extra/dist.build.ini
+++ b/extra/dist.build.ini
@ -26,32 +26,17 @@ user = yes
 [user]
 username = ${bdisk:uxname}
 name = Default user
 groups = ${bdisk:uxname},admin
 password =
 [source_x86_64]
 mirror = mirror.us.leaseweb.net
 mirrorproto = https
 mirrorpath = /archlinux/iso/latest/
 mirrorfile = 
 mirrorchksum = ${mirrorpath}sha1sums.txt
 chksumtype = sha1
 mirrorgpgsig =
 gpgkey = 7F2D434B9741E8AC
 gpgkeyserver =
 [source_i686]
 mirror = mirror.us.leaseweb.net
 mirrorproto = https
 mirrorpath = /archlinux/iso/latest/
 mirrorfile = 
 mirrorchksum = ${mirrorpath}sha1sums.txt
 chksumtype = sha1
 mirrorgpgsig =
 gpgkey = 7F2D434B9741E8AC
 gpgkeyserver =
 [build]
 mirror = mirror.us.leaseweb.net
 mirrorproto = https
 mirrorpath = /archlinux/iso/latest/
 mirrorfile = 
 mirrorchksum = ${mirrorpath}sha1sums.txt
 mirrorgpgsig =
 gpgkey = 7F2D434B9741E8AC
 gpgkeyserver =
 gpg = no
 dlpath = /var/tmp/${bdisk:uxname}
 chrootdir = /var/tmp/chroots
@ -61,15 +46,13 @@ srcdir = ${dlpath}/src
 prepdir = ${dlpath}/temp
 archboot = ${prepdir}/${bdisk:name}
 mountpt = /mnt/${bdisk:uxname}
-#multiarch = yes
+multiarch = yes
-multiarch = x86_64
+ipxe =
 sign = yes
 ipxe = no
 i_am_a_racecar = yes
 [gpg]
 mygpgkey =
-mygpghome = ${build:dlpath}/.gnupg
+mygpghome =
 [sync]
 http = no
--- a/extra/modules/distro/TEMPLATE
+++ b/extra/modules/distro/TEMPLATE
@ -1,48 +0,0 @@
 # The modules found in here are for distro-specific differences in the builds.
 # For instance, if you want to build a Debian-based BDisk, you'd specify pkg['install'] = ['apt-get', '-y', 'install', '%PKG%'],
 # name this file as "debian.py", and set bdisk:distro as 'debian'.
 # Note that the guest will need python installed. If distro is set as "NOCHECK", a distro check of the tarball won't be performed
 # (as the distro check requires python be installed first).
 # Special variables to be used in strings:
 # %PKG%	= the name of a package would be inserted here.
 # This template uses Debian as an example.
 # The name of the distro. Must match the output from platform.linux_distribution()[0].lower()
 # Regex is supported.
 distro = 'debian'
 # The path to python. Can be either python 2.x (2.6 or higher) or 3.x.
 pybin = '/usr/bin/python'
 guestenv = {}
 # The following environment variables will be set for the guest.
 guestenv['DEBIAN_FRONTEND'] = 'noninteractive'
 scripts = {}
 # This variable can be used to perform some additional system tweaks and such. This is run before package installation.
 # It must be formatted as a complete script- i.e. include a shebang etc.
 script['pre'] = """#!/bin/bash
 touch /root/BDISK
 """
 # This variable can be used to perform some additional system tweaks and such. This is run after package installation.
 script['post'] = """#!/bin/bash
 rm -f /root/BDISK
 """
 pkg = {}
 # The command, with arguments, in list format that should be run before we install software in the guest.
 # For instance, if your guest distro requires a local package listing cache (nearly all of them do) to be
 # updated first, this is where it would be run.
 pkg['pre'] = ['apt-get', '-y', 'update']
 # The command, with arguments, in a list format to install a package.
 # Note that the command must be constructed in a way that does not require user interaction.
 pkg['install'] = ['apt-get', '-y', 'install', '%PKG%']
 # The command, with arguments, in list format to use to check if a package is installed.
 # It should return 0 on exist status if it's installed. Any other exit status assumes the package is not installed.
 pkg['check'] = ['dpkg-query', '-f', '${binary:Package}\n', '-W', '%PKG']
--- a/extra/modules/distro/arch.py
+++ b/extra/modules/distro/arch.py
@ -1,11 +0,0 @@
 distro = 'arch'
 pybin = '/usr/bin/python'
 script['pre'] = """#!/bin/bash
 touch /root/BDISK
 """
 script['post'] = """#!/bin/bash
 rm -f /root/BDISK
 """
 pkg['pre'] = ['pacman', '-Syyy']
 pkg['install'] = ['apacman', '-S', '%PKG%']
 pkg['check'] = ['pacman', '-Q', '%PKG']
--- a/extra/modules/distro/centos.py
+++ b/extra/modules/distro/centos.py
@ -1,11 +0,0 @@
 distro = 'centos linux'
 pybin = '/usr/bin/python'
 script['pre'] = """#!/bin/bash
 touch /root/BDISK
 """
 script['post'] = """#!/bin/bash
 rm -f /root/BDISK
 """
 pkg['pre'] = ['yum', 'makecache']
 pkg['install'] = ['yum', '-y', 'install', '%PKG%']
 pkg['check'] = ['rpm', '-qi', '%PKG']
--- a/extra/modules/distro/debian.py
+++ b/extra/modules/distro/debian.py
@ -1,12 +0,0 @@
 distro = 'debian'
 pybin = '/usr/bin/python'
 guestenv['DEBIAN_FRONTEND'] = 'noninteractive'
 script['pre'] = """#!/bin/bash
 touch /root/BDISK
 """
 script['post'] = """#!/bin/bash
 rm -f /root/BDISK
 """
 pkg['pre'] = ['apt-get', '-q', '-y', 'update']
 pkg['install'] = ['apt-get', '-q', '-y', '-o Dpkg::Options::="--force-confdef"', '-o Dpkg::Options::="--force-confold"', 'install', '%PKG%']
 pkg['check'] = ['dpkg-query', '-f', "'${binary:Package}\n'", '-W', '%PKG']
--- a/extra/modules/distro/fedora.py
+++ b/extra/modules/distro/fedora.py
@ -1,11 +0,0 @@
 distro = 'fedora'
 pybin = '/usr/bin/python3'
 script['pre'] = """#!/bin/bash
 touch /root/BDISK
 """
 script['post'] = """#!/bin/bash
 rm -f /root/BDISK
 """
 pkg['pre'] = ['yum', 'makecache']
 pkg['install'] = ['yum', '-y', 'install', '%PKG%']
 pkg['check'] = ['rpm', '-qi', '%PKG']
--- a/extra/modules/distro/rhel.py
+++ b/extra/modules/distro/rhel.py
@ -1,11 +0,0 @@
 distro = 'red hat enterprise linux (server|desktop)'
 pybin = '/usr/bin/python'
 script['pre'] = """#!/bin/bash
 touch /root/BDISK
 """
 script['post'] = """#!/bin/bash
 rm -f /root/BDISK
 """
 pkg['pre'] = ['yum', 'makecache']
 pkg['install'] = ['yum', '-y', 'install', '%PKG%']
 pkg['check'] = ['rpm', '-qi', '%PKG']
--- a/extra/modules/distro/sles.py
+++ b/extra/modules/distro/sles.py
@ -1,11 +0,0 @@
 distro = 'suse linux enterprise server'
 pybin = '/usr/bin/python'
 script['pre'] = """#!/bin/bash
 touch /root/BDISK
 """
 script['post'] = """#!/bin/bash
 rm -f /root/BDISK
 """
 pkg['pre'] = ['zypper', 'refresh']
 pkg['install'] = ['zypper', 'install', '--no-confirm', '-l', '%PKG%']
 pkg['check'] = ['rpm', '-qi', '%PKG']
--- a/extra/modules/distro/ubuntu.py
+++ b/extra/modules/distro/ubuntu.py
@ -1,12 +0,0 @@
 distro = 'ubuntu'
 pybin = '/usr/bin/python'
 guestenv['DEBIAN_FRONTEND'] = 'noninteractive'
 script['pre'] = """#!/bin/bash
 touch /root/BDISK
 """
 script['post'] = """#!/bin/bash
 rm -f /root/BDISK
 """
 pkg['pre'] = ['apt-get', '-q', '-y', 'update']
 pkg['install'] = ['apt-get', '-q', '-y', '-o Dpkg::Options::="--force-confdef"', '-o Dpkg::Options::="--force-confold"', 'install', '%PKG%']
 pkg['check'] = ['dpkg-query', '-f', "'${binary:Package}\n'", '-W', '%PKG']
--- a/extra/pkg.build.ini
+++ b/extra/pkg.build.ini
@ -26,49 +26,33 @@ user = yes
 [user]
 username = ${bdisk:uxname}
 name = Default user
 groups = ${bdisk:uxname},admin
 password =
 [source_x86_64]
 mirror = mirror.us.leaseweb.net
 mirrorproto = https
 mirrorpath = /archlinux/iso/latest/
 mirrorfile = 
 mirrorchksum = ${mirrorpath}sha1sums.txt
 chksumtype = sha1
 mirrorgpgsig =
 gpgkey = 7F2D434B9741E8AC
 gpgkeyserver =
 [source_i686]
 mirror = mirror.us.leaseweb.net
 mirrorproto = https
 mirrorpath = /archlinux/iso/latest/
 mirrorfile = 
 mirrorchksum = ${mirrorpath}sha1sums.txt
 chksumtype = sha1
 mirrorgpgsig =
 gpgkey = 7F2D434B9741E8AC
 gpgkeyserver =
 [build]
 mirror = mirror.us.leaseweb.net
 mirrorproto = https
 mirrorpath = /archlinux/iso/latest/
 mirrorfile =
 mirrorchksum = ${mirrorpath}sha1sums.txt
 mirrorgpgsig =
 gpgkey = 7F2D434B9741E8AC
 gpgkeyserver =
 gpg = no
 dlpath = /var/tmp/${bdisk:uxname}
 chrootdir = /var/tmp/chroots
-basedir = /var/lib/bdisk
+basedir = /opt/dev/bdisk
 isodir = ${dlpath}/iso
 srcdir = ${dlpath}/src
 prepdir = ${dlpath}/temp
 archboot = ${prepdir}/${bdisk:name}
 mountpt = /mnt/${bdisk:uxname}
-#multiarch = yes
+multiarch = yes
 multiarch = x86_64
 ipxe = no
 i_am_a_racecar = no
 [gpg]
 mygpgkey =
-mygpghome = ${build:dlpath}/.gnupg
+mygpghome =
 [sync]
 http = no
--- a/extra/pre-build.d/etc/hostname
+++ b/extra/pre-build.d/etc/hostname
@ -0,0 +1 @@
 bdisk-live.loc.lan
--- a/extra/pre-build.d/etc/initcpio/install/livecd
+++ b/extra/pre-build.d/etc/initcpio/install/livecd
@ -14,7 +14,6 @@ build()
        add_binary "/usr/bin/sed"
        add_binary "/usr/bin/pkill"
        add_binary "/usr/bin/curl"
        add_binary "/usr/bin/pv"
 	add_full_dir /etc/ssl
    	add_full_dir /etc/ca-certificates
--- a/extra/pre-build.d/etc/issue
+++ b/extra/pre-build.d/etc/issue
@ -0,0 +1,90 @@
 [H[J
 MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMW0dc,..      ..;cxKWMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
 MMMMMMMMMMMMMMMMMMMMMMMMW0d:'.                    .,cx0WMMMMMMMMMMMMMMMMMMMMMMMM
 MMMMMMMMMMMMMMMMMMMMNx:.     .';cldxkkOOOOkkxdl:,..     .ckNMMMMMMMMMMMMMMMMMMMM
 MMMMMMMMMMMMMMMMMKl.    .;okKXXXXXXXXXXXXXXXXXXXXXX0xl;.    'oXMMMMMMMMMMMMMMMMM
 MMMMMMMMMMMMMMXl.   .:d0XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX0d;.   .dNMMMMMMMMMMMMMM
 MMMMMMMMMMMM0;   .cOXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXKk:    :KMMMMMMMMMMMM
 MMMMMMMMMMO'   'xKXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXKd.   ,KMMMMMMMMMM
 MMMMMMMMX,   ,OXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXx'   :NMMMMMMMM
 MMMMMMMd   .kXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXd.  .kMMMMMMM
 MMMMMN'   oKKxl:;,;:lkKXXXXXXXXXXXXXXXXXXXXXXXX0dl:;,;:ld0XXXXXXXXXXKc   ;WMMMMM
 MMMMK.  .O0;  ':ool:.  ;kXXXXXXXXXXXXXXXXXXX0l. .,coooc'  .c0XXXXXXXXXk.  .NMMMM
 MMMK.  'Kx  cNMMMMK.     ,0XXXXXXXXXXXXXXXKc  :0MMMMMMk.     cKXXXXXXXX0.  .NMMM
 MMN.  'Kd  kMMMMMM'       .OXXXXXXXXXXXXX0. 'XMMMMMMMN        'KXXXXXXXX0.  .WMM
 MW.  .K0  xMMMMMMMd        .KXXXXXXXXXXXK' ;WMMMMMMMMM:        'KXXXXXXXX0.  ;MM
 Mo   OXc .MMMMMMMMMXo:;ckN. dXXXXXXXXXXXd  NMMMMMMMMMMM0l::l0N  dXXXXXXXXXx   xM
 N   :XX, :MMMMMMMMMMMMMMMM; :XXXXXXXXXXX; ,MMMMMMMMMMMMMMMMMMM' :XXXXXXXXXX,  .M
 d   OXX; ,MMMMMMMMMMMMMMMM, :XXXXXXXXXXX: ,MMMMMMMMMMMMMMMMMMM' :XXXXXXXXXXx   O
 ,  .XXXx  dxxxxxxxxxxxxxxd  xXXXXXXXXXXXx  dxxxxxxxxxxxxxxxxxd  xXXXXXXXXXXK.  c
 .  :XXXXc'''''''''''''''''':XXXXXXXXXXXXXc'''''''''''''''''''''cXXXXXXXXXXXX,  '
   lXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:  .
   lXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX;  .
 .  :XXXXXK0000000000000000000000000000000000000000000000000000KXXXXXXXXXXXXX,  '
 ,  .XXXXXk                                                    .KXXXXXXXXXXXK.  c
 x   OXXXXXKKo  ..............................................  lXXXXXXXXXXXx   0
 W.  ;XXXXXXXO  ............................................... .XXXXXXXXXXX'  .M
 Md   kXXXXXXX,  ..............................................  KXXXXXXXXXd   OM
 MM,  .0XXXXXX0. ..............................................  KXXXXXXXXO   cMM
 MMN.  .KXXXXXXk  ............................................  ;XXXXXXXX0.  ,WMM
 MMMX.  .0XXXXXXk  .........................'''............... .0XXXXXXXO.  'WMMM
 MMMMX.  .kXXXXXXO.  .................,cdkO0KKK0Oxo:'........ .kXXXXXXXd   ,WMMMM
 MMMMMW;   cKXXXXXK;  .............'ckKKKKKKKKKKKKKK0x;....  '0XXXXXX0;   cWMMMMM
 MMMMMMMk.  .dXXXXXXx.  ..........:OKKKKKKKKKKKKKKKKKKKo.  .oXXXXXXKl   .0MMMMMMM
 MMMMMMMMNc   .xXXXXXKo.  .......lKKKKKKKKKKKKKKKKKK0o'  .dKXXXXXKd.   lWMMMMMMMM
 MMMMMMMMMMK;   .oKXXXXKd'   ...:KKKKKKKKKKKKKKK0xc'  .:kXXXXXX0l.   cXMMMMMMMMMM
 MMMMMMMMMMMMXc    ;xKXXXX0o,.  .;ldxkkOkkxol:'.  .,lOXXXXXXKd,   .lNMMMMMMMMMMMM
 MMMMMMMMMMMMMMWx,    ,lOXXXXX0xl:,.........';cok0XXXXXXKkl'    ;kWMMMMMMMMMMMMMM
 MMMMMMMMMMMMMMMMMNx,    .'cdOKXXXXXXXXXXXXXXXXXXXXKOd:'     ;kWMMMMMMMMMMMMMMMMM
 MMMMMMMMMMMMMMMMMMMMW0o,      .';:loddxxxxddol:,..     .,o0MMMMMMMMMMMMMMMMMMMMM
 MMMMMMMMMMMMMMMMMMMMMMMMMXko:'.                  .':oONMMMMMMMMMMMMMMMMMMMMMMMMM
 MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMW0dc;'......,:lx0WMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
                                 ':ox0KXXK0koc'.                                
                          .;ok000kxollcccclodxOKXKko;.                          
                      ;d00dc'.                    .;lkXKd;.                     
                  .o0Oc.     .,codkO0KKKKK0Okxdl;'.    .;dXKo'                  
               .oKx,    .:d0XXXXXXXXXXXXXXXXXXXXXXXKkl,.   .c0Nd.               
             ,0O;   .:xKXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXOl'   .oN0;             
           ;Kx.   ;xKXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX0l.   :KX:           
         ,Kx.  .lKXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXk,   ;XX,         
        k0.  .oKXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXO,   oWO.       
      ,No   :KXX0Okk0XXXXXXXXXXXXXXXXXXXXXXXXXXXK0Okk0KXXXXXXXXXXXk.  .KW;      
     cN,  .kKl'  ...  'l0XXXXXXXXXXXXXXXXXXXXk:.  ...  .;dKXXXXXXXXK:   kMo     
    oN.  '0d. c0WMMWo    ;0XXXXXXXXXXXXXXXKo. 'dKWMMMX,   .cKXXXXXXXXo   xMd    
   lW.  'Kl .KMMMMM:       xXXXXXXXXXXXXX0' ,KMMMMMMM.      .OXXXXXXXXx   xMd   
  ;M;  .Kd .NMMMMMMl        kXXXXXXXXXXXK. lMMMMMMMMM.       .OXXXXXXXXd   0M:  
  Nx   0X. dMMMMMMMMk;..;dl 'XXXXXXXXXXXc 'MMMMMMMMMMWd,..:Oc ,XXXXXXXXX:  .WW. 
 dW.  lXK  KMMMMMMMMMMMMMMK  KXXXXXXXXXX. dMMMMMMMMMMMMMMMMM0  KXXXXXXXXK.  dMk 
 Wx   KXK  0MMMMMMMMMMMMMMK  KXXXXXXXXXX. xMMMMMMMMMMMMMMMMM0  KXXXXXXXXXc  .MM.
 :M;  ;XXX; ,xxxxxxxxxxxxxx: 'XXXXXXXXXXXc 'xxxxxxxxxxxxxxxxx; ,XXXXXXXXXXO   KMl
 xM.  oXXX0,,,,,,,,,,,,,,,,,,kXXXXXXXXXXXK;,,,,,,,,,,,,,,,,,,,,OXXXXXXXXXXX.  xMO
 0M   xXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.  oMK
 0M   dXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.  oMK
 xM.  lXXXXXkdddddddddddddddddddddddddddddddddddddddddddddddddKXXXXXXXXXXXK   kMk
 :Mc  'XXXXXc'.                                               :XXXXXXXXXXXx   XMc
 W0   OXXXXXX0  ............................................  OXXXXXXXXXX;  ,MM.
 oM'  ,XXXXXXX, ............................................  oXXXXXXXXXO   0Mx 
  NK   dXXXXXXO  ...........................................  lXXXXXXXXK.  ;MN. 
  ,Md   kXXXXXXd  ..........................................  xXXXXXXXX;  .NM;  
   cMl   kXXXXXXo  ......................................... .KXXXXXXK;  .XMl   
    lMl   dXXXXXXd  ..................':lodxxdol:'......... .0XXXXXXK'  .XMo    
     :Wx   :KXXXXXk. ..............,lkKKKKKKKKKKKKkc'....  .0XXXXXXk.  'NMc     
      .XK.  .xXXXXXK:  ..........'oKKKKKKKKKKKKKKKKK0l..  lKXXXXX0;   oMN'      
        dWo   .xXXXXXO;  .......,OKKKKKKKKKKKKKKKKKkc. .c0XXXXX0c   'KMx        
         .0Nc   .oKXXXXO:.  ...'0KKKKKKKKKKKKKK0d:.  ,xKXXXXXO:   .OM0'         
           ,0No.   ;xKXXXKx:.  .;ldxkOOkkxol;'.  'cxKXXXXX0l.   ,OMK;           
             'kWk,    ,o0XXXXKko:,.........,:ldOKXXXXXKkc.   .lXMO,             
               .cKNx;    .,cxOKXXXXXXXXXXXXXXXXXXKko:.    .lKMKl.               
                  .cOWKd;.     ..,;cllooollc:;'.      'ckNM0c.                  
                      'lONW0xl;..              .,:okXMNOo,                      
                          .,cdOXWMWNXKK00KKXNMMWXOdc,.                          
                                 .,cokO00Okdc,.
 [H[J
 bdisk
 \d \t
 \4
 \4{tun0}
 https://bdisk.square-r00t.net/
--- a/extra/pre-build.d/etc/locale.conf
+++ b/extra/pre-build.d/etc/locale.conf
@ -1,14 +1,14 @@
 LANG=en_US.UTF-8
-#LC_CTYPE="en_US.UTF-8"
+LC_CTYPE="en_US.UTF-8"
-#LC_NUMERIC="en_US.UTF-8"
+LC_NUMERIC="en_US.UTF-8"
-#LC_TIME="en_US.UTF-8"
+LC_TIME="en_US.UTF-8"
-#LC_COLLATE="en_US.UTF-8"
+LC_COLLATE="en_US.UTF-8"
-#LC_MONETARY="en_US.UTF-8"
+LC_MONETARY="en_US.UTF-8"
-#LC_MESSAGES="en_US.UTF-8"
+LC_MESSAGES="en_US.UTF-8"
-#LC_PAPER="en_US.UTF-8"
+LC_PAPER="en_US.UTF-8"
-#LC_NAME="en_US.UTF-8"
+LC_NAME="en_US.UTF-8"
-#LC_ADDRESS="en_US.UTF-8"
+LC_ADDRESS="en_US.UTF-8"
-#LC_TELEPHONE="en_US.UTF-8"
+LC_TELEPHONE="en_US.UTF-8"
-#LC_MEASUREMENT="en_US.UTF-8"
+LC_MEASUREMENT="en_US.UTF-8"
-#LC_IDENTIFICATION="en_US.UTF-8"
+LC_IDENTIFICATION="en_US.UTF-8"
-#LC_ALL=
+LC_ALL=
--- a/extra/pre-build.d/etc/motd
+++ b/extra/pre-build.d/etc/motd
@ -1 +1,40 @@
-((Generated by BDisk. https://bdisk.square-r00t.net/))
+                                 ':ox0KXXK0koc'.
                          .;ok000kxollcccclodxOKXKko;.
                      ;d00dc'.                    .;lkXKd;.
                  .o0Oc.     .,codkO0KKKKK0Okxdl;'.    .;dXKo'
               .oKx,    .:d0XXXXXXXXXXXXXXXXXXXXXXXKkl,.   .c0Nd.
             ,0O;   .:xKXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXOl'   .oN0;
           ;Kx.   ;xKXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX0l.   :KX:
         ,Kx.  .lKXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXk,   ;XX,
        k0.  .oKXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXO,   oWO.
      ,No   :KXX0Okk0XXXXXXXXXXXXXXXXXXXXXXXXXXXK0Okk0KXXXXXXXXXXXk.  .KW;
     cN,  .kKl'  ...  'l0XXXXXXXXXXXXXXXXXXXXk:.  ...  .;dKXXXXXXXXK:   kMo
    oN.  '0d. c0WMMWo    ;0XXXXXXXXXXXXXXXKo. 'dKWMMMX,   .cKXXXXXXXXo   xMd
   lW.  'Kl .KMMMMM:       xXXXXXXXXXXXXX0' ,KMMMMMMM.      .OXXXXXXXXx   xMd
  ;M;  .Kd .NMMMMMMl        kXXXXXXXXXXXK. lMMMMMMMMM.       .OXXXXXXXXd   0M:
  Nx   0X. dMMMMMMMMk;..;dl 'XXXXXXXXXXXc 'MMMMMMMMMMWd,..:Oc ,XXXXXXXXX:  .WW.
 dW.  lXK  KMMMMMMMMMMMMMMK  KXXXXXXXXXX. dMMMMMMMMMMMMMMMMM0  KXXXXXXXXK.  dMk
 Wx   KXK  0MMMMMMMMMMMMMMK  KXXXXXXXXXX. xMMMMMMMMMMMMMMMMM0  KXXXXXXXXXc  .MM.
 :M;  ;XXX; ,xxxxxxxxxxxxxx: 'XXXXXXXXXXXc 'xxxxxxxxxxxxxxxxx; ,XXXXXXXXXXO   KMl
 xM.  oXXX0,,,,,,,,,,,,,,,,,,kXXXXXXXXXXXK;,,,,,,,,,,,,,,,,,,,,OXXXXXXXXXXX.  xMO
 0M   xXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.  oMK
 0M   dXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.  oMK
 xM.  lXXXXXkdddddddddddddddddddddddddddddddddddddddddddddddddKXXXXXXXXXXXK   kMk
 :Mc  'XXXXXc'.                                               :XXXXXXXXXXXx   XMc
 W0   OXXXXXX0  ............................................  OXXXXXXXXXX;  ,MM.
 oM'  ,XXXXXXX, ............................................  oXXXXXXXXXO   0Mx
  NK   dXXXXXXO  ...........................................  lXXXXXXXXK.  ;MN.
  ,Md   kXXXXXXd  ..........................................  xXXXXXXXX;  .NM;
   cMl   kXXXXXXo  ......................................... .KXXXXXXK;  .XMl
    lMl   dXXXXXXd  ..................':lodxxdol:'......... .0XXXXXXK'  .XMo
     :Wx   :KXXXXXk. ..............,lkKKKKKKKKKKKKkc'....  .0XXXXXXk.  'NMc
      .XK.  .xXXXXXK:  ..........'oKKKKKKKKKKKKKKKKK0l..  lKXXXXX0;   oMN'
        dWo   .xXXXXXO;  .......,OKKKKKKKKKKKKKKKKKkc. .c0XXXXX0c   'KMx
         .0Nc   .oKXXXXO:.  ...'0KKKKKKKKKKKKKK0d:.  ,xKXXXXXO:   .OM0'
           ,0No.   ;xKXXXKx:.  .;ldxkOOkkxol;'.  'cxKXXXXX0l.   ,OMK;
             'kWk,    ,o0XXXXKko:,.........,:ldOKXXXXXKkc.   .lXMO,
               .cKNx;    .,cxOKXXXXXXXXXXXXXXXXXXKko:.    .lKMKl.
                  .cOWKd;.     ..,;cllooollc:;'.      'ckNM0c.
                      'lONW0xl;..              .,:okXMNOo,
                          .,cdOXWMWNXKK00KKXNMMWXOdc,.
                                 .,cokO00Okdc,.
--- a/extra/pre-build.d/etc/pacman.d/hooks/archiso.hook
+++ b/extra/pre-build.d/etc/pacman.d/hooks/archiso.hook
@ -1,10 +0,0 @@
 [Trigger]
 Type = File
 Operation = Install
 Operation = Upgrade
 Target = usr/lib/initcpio/hooks/archiso
 [Action]
 Description = Modifying archiso usable space...
 When = PostTransaction
 Exec = /usr/bin/sed -i -e 's/"size=${cow_spacesize}",//g' -e 's@^[[:space:]]*if\ !\ cp\ "${img}"\ "/run/archiso/copytoram/${img_fullname}"\ ;\ then@if ! pv -pterabT "${img}" > "/run/archiso/copytoram/${img_fullname}" ; then@g' /usr/lib/initcpio/hooks/archiso
--- a/extra/pre-build.d/etc/systemd/system/multi-user.target.wants/NetworkManager-dispatcher.service
+++ b/extra/pre-build.d/etc/systemd/system/multi-user.target.wants/NetworkManager-dispatcher.service
@ -1 +0,0 @@
 /dev/null
--- a/extra/pre-build.d/etc/systemd/system/multi-user.target.wants/NetworkManager.service
+++ b/extra/pre-build.d/etc/systemd/system/multi-user.target.wants/NetworkManager.service
@ -1 +0,0 @@
 /dev/null
--- a/extra/pre-build.d/i686/root/pre-build.arch.sh
+++ b/extra/pre-build.d/i686/root/pre-build.arch.sh
@ -1,2 +0,0 @@
 #!/bin/bash
 # Put any arch-specific tasks here. They will be run after /root/pre-build.sh.
--- a/extra/pre-build.d/root/.ssh/authorized_keys
+++ b/extra/pre-build.d/root/.ssh/authorized_keys
@ -0,0 +1,10 @@
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5+2R7ykAgF/IBOY0gvxWZpLzk+CpmjiCBFtQX2WN54qPYOluPgFudUEZ/zax0wccZG9qXm8fM7Jc11GqFVkxWU7sNEAIirmsE54nnXeIg7BEyamJ6l0FHkqgVV+GCWffe1cJtniIu99kz3KwgcPto4zgqcxE/RH8eSAPAX7SECAZxs3CMfPbOY7DcyUgKXaPynDvebp1Dp9q6lSrW1FBfPJOYzFdO4xGQV9VUQoCBjTqGfRCq5fvJ/tFpZAB5omwjfCis+rvgrWZsur7G5QSdh5Bphkblm9rBHdb8ot1CYSnHjKYfDr6IEDaQjiN1yw7YyjtXAjGF6a6El1AWHTnQPI5lYqXa5sL5XxjIP22NP2AihLeCey/e6sms4RrapKD5f6rnOF4zrMVkU8L40brpe3TsmqnYcmqRvj8h9U/2mMmPHzaUJvgf44JjQEXa57brU5BzQZJKZM7tBbIqGKwgI0VjYyHzfCWRd/TGvccPsCQajqIBrMet8EQc7TY4FLuZZyW+B3Jx7Tr2xSg03PJ+ODNjd1LL3e/vq6NdBXA2gNGY+9GrytfCQd3Oot4KV6JLgk+lHKlvk+24rxwPj/T9koimntQff5V+qS+NUqh/OpQSphecn6gz03rtmOCeOhLPADwdRmqSdbtSYZSr1HA+/yPsgcWBxrM2ag0g6SLC+w== root@maqabi
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5deDSXoounrijOls1qxtKFqT4xhaOdTZ5qWVYvF/2+O/Jq4B88pYbwFxd1YN1Dr67t/WUCToAUDiHBxxq3qSEbwQ1fNXnYPq7/2FvB715K5RIuQicAcHRmBHu70MZ9axPNMA+66I49Ps1t9rtssHBNvytrKHJ7/ACEsl024YQCxRtvM7MJH8iuZEO+pq2FTPHB1q2v4Bv22JY2rYe2/N2I4GMDIOz9sAreKAHSQWo7BX46AUhHqH6yNpLsLXGqq6xT6+/hJ5saUdjtd+zdYS5jsob2eHbwxoKBpsh9S7hwilyBPQ/2MpyYRh23RNu3km3fAKuN3lkbLL6SU+oa2OntfcdMC91p5GL6iYCABAteGKocz+4AxUfCdipPID/A55Q4J8YaN9xWQTHJhQ/mDuXBPZUJD4KwgDyIXBfRAmarWsVO//XzdrzQf/t4eVhkaOYUtRuWC+hFbXBI0tVII13myG1ZqvDD/ApLgQ7/Gx+3xy2ybG3aRJSzzX7C1qrNldarXXSYG6+29R+LOJUGmMj/36NhR1cryWUPxQuPr4//qRMtBOFPCxI2LlDlvXl69ZPbVr67or8iZBJyv9Y53l5rNZ1Vw7DPNwQI+PopP7GPDYjH7gfqtpUVQ6+lbaRX4pmkGwl3CfZvb0e1r71gGaCMwgaNu1LC1jVSZoZyb86zQ== bts@g.rainwreck.com
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5zY/ri5Fiyp4qArfZnBfCegU62QhNb6hUR+jtv7oRKZs7fC79BtUMqN/7NFkvDUmN5mM3sj8dVxAgCg+IabRb460yuklDTII8ojgSIpYCjoLNcOteWT9sclm1HjuH07YOAnZE/aXv0/rzhoQEKDw/9dWXFwJKaal2xw6jMQlyqO1wj21c45YnW83DrpjxUSRDo0T53NVlpLK77xar/guEopk4Q29Cr7A1pSEtHSFbSjqxTkpEBn8jyRHvH9F+S8qMyj0LoyRanAjvsny1snjuJXArDkLAAgGMWav5v8OMMrtTvSgf/2B/D74TeQiLiG1q/cN6FX+lSlOhmbvgT50MCOunuJqVeS9OvQgxw+R7OJcHVtH30wlZiQ/Zu7w4wN9ZSDYApqbtSgsqfUkbh5v3fgdWccsP/mKAYO6/NzII5pP+Xgosmi+ebZR3NutuX7nvclPDaDSHdO6ERYcRHEwxG+DinumssnirwdrNtbTOErEHrqKebf3ehBdcN2LIoyK34p8F4VaBOwE1OxdeEP012//bG4hULpFGryVfDYyItzdXksBgp3ujPjt5lqhvC9mm5UsPlT0792xUycgz8xWPxburJ1svlYoHnUENEApvmXGwiSFtedr3wdk3/Jg2C0LDMGZmIUzd8SEX9vf/+qcw6kMWYxatGbSi920uEO+9ZQ== root@dawid
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCRW5+ErOj0miGagL44vvhdYhYZVVNn7I3r58a67fE2X/R73b5ibPY9ngYZpG37ObzuGDT7Ld3Zx8H8LWpKsWyOGpAhilqM0wiQ4PXiFnZShHhRIZwam7j+9h8NBySbJHsFPBoNDqcmKXu2JCk1sD351N5J/xsVJL5qlpjnfNlcitf1yi6nf95bMiiFcVRF7cWeXqxhFO1Jl4RkHSlsljaDFg/dOlor5cNrv/cMcZ5IKJSAj58lRWHF2Bw0ip/75/1YgdzLxcYrLIeZwDKrg0U+9Mk4oBMCvQ9XUonpEGDWKz+2NyDuGa3nRcuYyv4PnKAlMdsreoGU8b9U9kvLKa3DreI4JdhcoEt5sEpY0wwblVfefRRQbebHE7JuQfFHHNLBLqGi08AwV+/8JwwvIrvoPoHfqnarocxqWSnHbaPr6CIeH764pWzZYvPSjSlf1eneVwCEmiH23zgiifL5pLzrZ56f4u+i9oQw4tSKnvpkOf+fGqnMAPdTGN0qFEOItXECXDCxB2z5mMmkL7rdVETUNpi40of1AABmLCeleeK5M6qht6tx6lTokD8Sgj3rMvRjG81XRJUP98CU2Ea8JJCXJLbXCBIb8AO/pYt4/3Xzw9kGeSKgYasj7PIUPuIIZvhFHM9sKgEfjCO//7FMGswR4Y/U+OF4DqMHMLeMrg85Pw== root@workhorse
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDaJpWY+mWEaZ8VHcm7YWZ+HaIRKW1jOuWc0posfrSTfWaewzmXYWiOFl7axXncEvpqcgO0G7dv3XAgvzaLj3t7TWPv+6sXcZi1VbPTC9R49k/iWm6F1iYVHxEkd4CIFQIpR//O1HZqTOrTLTSV7KuzRvJL74l6Egq8mfCw0LiKhXGLEONMOsjiQqeyivXTqb2CS7SnO/Ep40oUuS5KFbRAu+KIEhs0koSwgXxtT9ro+7BXT9sjC2nYFwEKtvFlMFEOIsBhFTk1zWpQjk79lngO+bNlpmBIuAcGhWr5Eju9nYqUaaf+QuK7oPUI+UPLK3biolg30cfk3U9N/IEUqHjZXHm2QKp3/jof1paa2Xs9twK/YetMpwvS0yshSDVIqMrVckx2foZn9hbfn06hcr6/JuxmV6ZG3Loci1H0CrXhT5T69IK2UDTYdIVqrVcVXOH9SpYZz2WRsJLavkrAfarSLFZsOoYsvYYPkKmN7YnKQFJSgPBzntaUmYpKRe2jXkwGDZBMCtQYOsmVHTwaI3nDAde7n6cad/DqTJO22XKV3EOsfbWFQ57GSX8evhR9N7nGYMs0JZ8dhNYa0rypV4+Us9Krlyi5tTjx9P56UGX5B4cfvkJfMPnojxbSEpxXR4OLjIQwy2WYfj5tzLhqXzD/1MktvRgEkjS1QmGN22k5Iw== bts@dawid
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDaXAvmExdcog1ZnNBgjR6Zd8G/VJamG2S5BU5lhpmk+iu7hRs29tPi1j1vjy1Sky5aDbh1AXM0W1ClvkNfx0QiJzlJWyDzd6bEh985tI3O1++uYiPJa8P9Iz+EMQuaXhfLgAMIZNZUWIRpctHqL2M+LPlgh/+sj5i+N0oELmIoSBVLY1XyO6Iid4J+aKBCht4xmtr/iGhyGb09xBvpvbVs96Fe4v+Yo1U/Wjbbj88Mb2qZ+00J0tANUHqiDwBTt6vBq3gQLjvZTEezd+VWj23nAr/9Z7ta3Vw5B1y+Q4XOJgPsYl59kaeHuestvuH2jSfgJ5DfhcrjaWvM8oFpi27HN1A020WKlt94wDH/F6qucnGGj2w8KN8Y7WKmhZ23tlelzhl38rMaJOQ8d92Pg+vQOQpBf1dkWyZ1K3bTTZ41tahIGvwGJ3qtez20FW31emWLo5dTBQXdn+FTvesUpbUyq9rxBbDNcnCgOSj1yUPP2BCjBOc0fSaYikwpTSCy5o8XlWvVbpRnPAhqTSoL9LUIKUzX3QtCRM7Vws/XKxhIK+ZXKUn3HxihHdC5uKv+JVQEc5yUbPgyjdZFIwAXC76mpOjDZGZiZbSVYVVRD6M8bIqekb/uhVsH5DXtO+54k9yEUladHg9fXSYzwXz2ehAkSWJzMrwYgp8Q7swpasLaPQ== bts@phone
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDEu4B0qHRZ8mm+1TisJ5WmVmniBHkKDOcHvXG2J8gmV1Qe0wtNC0epgM1ekAfMVqoirAc6KllJn76nT0KbzcoQMQOnCPCmqPMQFC4p0uY4pI2GR5WbujrZzSro0RUOjxskPQtPHsq8ppreIlUMRAZd7GDvR1Y7kIjnfEcf99Y+nc2LhcNN9xGn7aOt8sW5EcgAHsq4pvTAw7J7+FMNQN1HQbZoC1F1pY/I8OJd3HpnwSnNlkZG9WD+kc4RNPQk/5RO5HlNYFsUQoooRBGCde3oIhsJgl07f/JolE2wio+Obsx11FD48enOGlq162p3USQQwgTTQaG9kKg/yiiqlmvwuUHBcOJ/zXlPYF72DlMw1UNLxHXV27x0LRpl9KISq1d/lgdRD6612iuYvRaqvxQG3E9ctgylJWKfxxUev5pPiQW5k/Wu0FGFFo3wMUzIZwpLezBAIK2j49u3Jh7+LCcl6Id4rHbFWW9nh1f7GtdGmtuoadEdE4lo5QSXFX58jXuZET4u90fHCqRlxCbzQxLgoXclcAUPmjJJr/HlR9qpGyQt/yNQbya8wTcm6MSjQprY92YpW22MHHxYpBgyx/j1fqno7qDig4QriRfOSSEgDr7KgwAfmO/Kg4ChFVppwe88bbFdAFfiEHTLRZFRIm3Oe+VZBIeq62lkNKKloKSXzQ== bts@maqabi
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDM13PTELuHUE/0mpHPUKQ/vl1SawYdjFjzpMymZ5Z5c/z3+/lSisYFqRx88hzfpiGdJG8gn4z8XlbpFZJz+onH/794m115hPHisOEskgmc2nSXktPDWf92Yxcy9NxM3jE2k2aAhsyKJmJ4X0+g0JGebSSjmEpneMQrT+M68GYJ6Gduk6t9SrQr1xvgUOm6/Vv55yvffzbiYHopZNdnG3J1iP1TsT9teglNmUHarRIH7q3q5jN4NVPwCMGbXjAvO+Q82b6xSnW2J6Sn8n51k5mDvsqHWCgjpF1UO3XrFn6IBxB+MPsZF58QkRI6AkLZmkdqIEUD5tiEMTFEo+xaxDk8rN+IdV2M4obwpefXdN08jOYcNmGjit41e/nSxnYOmJK47IPXaFn/XFSph2w7dJg00YGVkdj2JqaeoAg0GJGnF1PD1LWdUuOXnU/5dbXrzwy0FfAJVjJecItACaYEcg9R98RMKvBW6VOvQldGZ6VxrrrlrNBoG9ZzRmtNYHXz7AhR9x4HNEhUBAnzyQq7yQJ/5fP5L15I1LP6xQYCLnQyWgGjkyLgpDN7YnfHN2AfE+DwzYB8NgkiQ2JAgTPsxj2e0p2jGrS8QeH2Mqc8pPQkx093m687/u1f23wjwNiwe73PAfUz3kFkTTj/SXYVCHc8cQobjVpxLTV+tXm2r7Ne1w== bts@workhorse
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDWLMELTFGG+2SyiyCvr6rtLoEqk2KvloHoR33/4u2KVWDV2D8JHY8FFldY40n/Ek7lhD97v4tdUJwc4t9orRHangU6HeAnkh8eiJ1o+gqNBPMTxWn859IAK2eHQ811gglbSn3YyyuJk3IR6i43ZI4zy7fg0XN8ByOwscHPRrWs3oa7CmjvLQWgl3yKn7ehIsnhZHTQxFOdaG1wTkAiWgWPn92E+npS0pHvg5/6NYs6yRdK8ohLuxuIyzmCTI0rL8KvawpAO0wM9RRkosMheFgwhFOd7j3wWFLxTUEFeOBV/Qv0+77BkH2WGO5jCru/LSBcln/KtTmDFFIIVMjkRyjx87CwqP/TqbVlHCa0ey2uIQhdMVo8dRLqMYVWbxSoSwGtqctRXPfAA6rg5mcxWvJyUV7G1WLnuix11k8ErHsKQmTzhBwE2P5OgIWcrEygptUNykuy5o/ZlD7Uw+EZPeoqZ8z4wE+ECGqGCcuicviXjy6OPLH/+nIBjoqZaEdiQHSz/778xU9C361CKdRXBWVUUgB0yqE+TQOARefsWVTrMXC0/GnSWYipNRKn1GXN1H7ttHCgsym4a7iOguuMfsYzJ7BY1897xylfHrxhgduX62c4S1QJBfvlfMbgCn82myum5ZrS2Vep0Kl5tizgCNl2mqODdtQPpP+PgmBGHf4/hQ== root@guru.square-r00t.net
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDz53DTICmBDfNUfhdnwQGUbFMGWhFBksAy1Vt6/2L7opdNqyxocIJT3qjlllpZA5Stb0frDnzNW3oe0yq6L9g4h7z4O8jaWgsqZeFzUqNJdsBJIpsmuZxA1PrWb5scxyhZz4JJpVoVDCU3bXesBPVA7OOeWL/pq43q55wwiVzV9A9JDI4wScwshyHrfwkaQJoLv9mRUuYfIghUbyi50B2cVAzna2TDjNFxk33V1PIFmWLoxlJHzrB36w9VoRL5geVeUmTvv+LOiKeOJ+LlWP+H6tu4hygdwpS+ktJ7I+RKOKD0KlqqQHeMGDIeXiXRFLoayp1jx4LnzEmaIKxPmwTdvytrNE9Ejr+SzCgNOaWZVA2CmYF/hvlrAsdZC3v8Gv6D18Au2gWIQUA1UAKe40xMtLNlOip9lE1x+Le4gkDTuGRr8pjv45ewzZnNoP6AymXToXlhvCSMDPMja/u/DEz0p7G28JnbLnGUZDX1xrrQLhZ8OtnwBZEoCeDxLsEmTWv/KVTrf/Sels2cCXT9n3xSSwNjTijeMuQ5afyQO2+XXEwxMbpQKAH/KoBt2Da1xRpq0CSsjYtCkddKdksipgwLVVXwFzib/IzxhNMdguMxLgz1bX1c9pzFJI6gA0CdwJrWqfq0SKzZZQJOBDrmhNJEUQcDT+QYBso+8CdcIZh5ew== root@g.rainwreck.com
--- a/extra/pre-build.d/root/packages.both
+++ b/extra/pre-build.d/root/packages.both
@ -14,15 +14,13 @@ atop
 autopsy
 autossh
 backuppc
-## TODO: grab all the bacula packages in here
+#bacula ## TODO: grab all the bacula packages in here
 #bacula 
 beep
 bin86
 bind-tools
 binutils
 bluez-utils
-## TODO: ugh. apacman has a new "regex mode"... that you can't disable. https://github.com/oshazard/apacman/issues/79
+bonnie++ ## TODO: ugh. apacman has a new "regex mode"... that you can't disable. https://github.com/oshazard/apacman/issues/79
 #bonnie++ 
 boxbackup-client
 boxbackup-server
 bozocrack-git
@ -57,15 +55,13 @@ dd_rescue
 dd_rhelp
 debianutils
 debootstrap
-## giving a weird dependency issue
+#dialog #giving a weird dependency issue
 #dialog 
 diffutils
 djohn
 dmidecode
 dnssec-anchors
 dnstracer
-## replaced by bind-tools, https://www.archlinux.org/packages/extra/x86_64/bind-tools/
+#dnsutils #replaced by bind-tools, https://www.archlinux.org/packages/extra/x86_64/bind-tools/
 #dnsutils 
 dos2unix
 dropbear
 dstat
@ -114,7 +110,6 @@ gst-libav
 gst-plugins-ugly
 hashcat
 hashdeep
 haveged
 hddtemp
 hdparm
 hexcurse
@ -149,17 +144,14 @@ keyutils
 kismet-allplugins
 lftp
 links
-## requires a /dev/input, which apparently isn't included in the chroots
+#logkeys-git # requires a /dev/input, which apparently isn't included in the chroots
 #logkeys-git 
 lm_sensors
 lrzsz
 lshw
-## giving intermittent errors when trying to fetch source
+#lsiutil # giving intermittent errors when trying to fetch source
 #lsiutil 
 lsof
 lsscsi
-## apacman currently doesn't like package groups, so...
+#lxde # apacman currently doesn't like package groups, so...
 #lxde 
 gpicview
 lxappearance
 lxappearance-obconf
@ -180,23 +172,21 @@ pcmanfm
 lynx
 #lzip
 macchanger
-## no longer maintained, upstream down
+#magicrescue # no longer maintained, upstream down
 #magicrescue 
 mbr
 mbuffer
 mcelog
 mdadm
 mdcrack
-## superseded by storcli
+# superseded by storcli
 #megaraid-cli
 memtester
 mfoc
 minicom
-## mindi-busybox fails to build 09.23.2016
+#mondo # mindi-busybox fails to build 09.23.2016
 #mondo 
 mtd-utils
 mtr
-mtree-git
+mtree
 multipath-tools
 myrescue
 nbd
@ -207,14 +197,13 @@ net-snmp
 netselect
 nettle
 networkmanager-pptp
-nginx-mainline
+nginx-devel
 ngrep
 nmap
 nmon
 ntfs-3g
 ntfsfixboot
-## broken since they moved to github(?)
+#nwipe #broken since they moved to github(?)
 #nwipe 
 nwipe-git
 obnam
 open-iscsi
@ -283,15 +272,13 @@ smartmontools
 smbclient
 s-nail
 socat
-## do people even USE tape backups anymore?
+#star ## do people even USE tape backups anymore?
 #star 
 storcli
 strace
 stress
 sucrack
 symlinks
 sysstat
 systemd-sysvcompat
 tcpdump
 tcpslice
 tcptraceroute
@ -302,7 +289,6 @@ thttpd
 tmon
 tmux
 tre
 tree
 truecrack-git
 truecrypt
 tor
@ -328,8 +314,7 @@ vncrack
 vnstat
 vpnc
 weplab
-## currently depends on dialog, which is broke as shit
+#whdd #currently depends on dialog, which is broke as shit
 #whdd 
 whois
 wifite-mod-pixiewps-git
 wipe
--- a/extra/pre-build.d/root/packages.both.FULL
+++ b/extra/pre-build.d/root/packages.both.FULL
@ -1,350 +0,0 @@
 # Commented lines are supported (via a preceding # only).
 # Packages from the AUR can be specified.
 # We need to install all X drivers.
 abs
 acpi
 #acpidump
 #afflib
 aircrack-ng
 apr
 apr-util
 arj
 asciidoc
 atop
 autopsy
 autossh
 backuppc
 ## TODO: grab all the bacula packages in here
 #bacula 
 beep
 bin86
 bind-tools
 binutils
 bluez-utils
 ## TODO: ugh. apacman has a new "regex mode"... that you can't disable. https://github.com/oshazard/apacman/issues/79
 #bonnie++ 
 boxbackup-client
 boxbackup-server
 bozocrack-git
 bridge-utils
 burp-backup-git
 btrfs-progs
 cabextract
 cdrtools
 cdw
 cfv
 chapcrack-git
 chntpw
 cifs-utils
 ckermit
 clamav
 clonezilla
 cmospwd
 colordiff
 cowpatty
 cpio
 cpuburn
 cpupower
 crackpkcs12
 cryptcat
 cryptsetup
 csync2
 customizepkg-scripting
 dar
 dcfldd
 ddrescue
 dd_rescue
 dd_rhelp
 debianutils
 debootstrap
 ## giving a weird dependency issue
 #dialog 
 diffutils
 djohn
 dmidecode
 dnssec-anchors
 dnstracer
 ## replaced by bind-tools, https://www.archlinux.org/packages/extra/x86_64/bind-tools/
 #dnsutils 
 dos2unix
 dropbear
 dstat
 dump
 dumpet
 duplicity
 dvd+rw-tools
 e2fsprogs
 easy-rsa
 ecryptfs-utils
 ed
 elfutils
 #elilo-efi
 elinks
 etc-update
 ethtool
 exfat-utils
 ext3grep
 extundelete
 f2fs-tools
 fang
 fbset
 fcgi
 fcgiwrap
 fcrackzip
 fdupes
 file
 findmyhash
 findutils
 firefox
 flac
 flashrom
 foremost
 fsarchiver
 fuse
 gd
 git
 gnu-efi-libs
 gnu-netcat
 gpart
 gparted
 gperftools
 gpm
 gptfdisk
 gst-libav
 gst-plugins-ugly
 hashcat
 hashdeep
 haveged
 hddtemp
 hdparm
 hexcurse
 hexedit
 hfsprogs
 hfsutils
 htop
 httping
 hwdetect
 hwinfo
 hydra
 idnkit
 ifenslave
 iftop
 inetutils
 iotop
 iozone
 ipcalc
 iperf
 iperf3
 ipsec-tools
 iptraf-ng
 ipython
 irssi
 iso-codes
 isomaster
 jasper
 jfsutils
 #john-mpi
 john
 keyutils
 kismet-allplugins
 lftp
 links
 ## requires a /dev/input, which apparently isn't included in the chroots
 #logkeys-git 
 lm_sensors
 lrzsz
 lshw
 ## giving intermittent errors when trying to fetch source
 #lsiutil 
 lsof
 lsscsi
 ## apacman currently doesn't like package groups, so...
 #lxde 
 gpicview
 lxappearance
 lxappearance-obconf
 lxde-common
 lxde-icon-theme
 lxdm
 lxinput
 lxlauncher
 lxmusic
 lxpanel
 lxrandr
 lxsession
 lxtask
 lxterminal
 openbox
 pcmanfm
 # end lxde
 lynx
 #lzip
 macchanger
 ## no longer maintained, upstream down
 #magicrescue 
 mbr
 mbuffer
 mcelog
 mdadm
 mdcrack
 ## superseded by storcli
 #megaraid-cli
 memtester
 mfoc
 minicom
 ## mindi-busybox fails to build 09.23.2016
 #mondo 
 mtd-utils
 mtr
 mtree-git
 multipath-tools
 myrescue
 nbd
 ncftp
 ncompress
 ncrack
 net-snmp
 netselect
 nettle
 networkmanager-pptp
 nginx-mainline
 ngrep
 nmap
 nmon
 ntfs-3g
 ntfsfixboot
 ## broken since they moved to github(?)
 #nwipe 
 nwipe-git
 obnam
 open-iscsi
 openipmi
 ophcrack
 os-prober
 p7zip
 pack
 par2cmdline
 partclone
 partclone-utils
 parted
 partimage
 pax-utils
 pciutils
 pcmciautils
 pdfcrack
 perf
 php
 php-fpm
 php-gd
 php-mcrypt
 phrasendrescher
 pigz
 pkgfile
 pkgtools
 ppp
 pptpclient
 procinfo-ng
 procps-ng
 progsreiserfs
 psmisc
 pwgen
 pixz
 pyrit
 python2-gnuplot
 python2-pyx
 rarcrack
 rcracki_mt
 rdiff-backup
 read-edid
 reaver-wps-fork-t6x-git
 rename
 rfkill
 rp-pppoe
 rpcbind
 rpmextract
 rp-pppoe
 rsnapshot
 rygel
 safecopy
 samba
 scalpel-git
 scapy
 screen
 scrounge-ntfs
 scrub
 scsiadd
 sdparm
 setserial
 sg3_utils
 sharutils
 sipcalc
 sipcrack
 smartmontools
 smbclient
 s-nail
 socat
 ## do people even USE tape backups anymore?
 #star 
 storcli
 strace
 stress
 sucrack
 symlinks
 sysstat
 systemd-sysvcompat
 tcpdump
 tcpslice
 tcptraceroute
 testdisk
 tftp-hpa
 thin-provisioning-tools
 thttpd
 tmon
 tmux
 tre
 tree
 truecrack-git
 truecrypt
 tor
 udftools
 #udpcast
 unace
 unison
 unrar
 unshield
 unzip
 usb_modeswitch
 usbip
 usbutils
 vim-a
 vim-bufexplorer
 vim-indent-object
 vim-minibufexpl
 vim-nerdtree
 vim-syntastic
 vim-workspace
 vlc
 vncrack
 vnstat
 vpnc
 weplab
 ## currently depends on dialog, which is broke as shit
 #whdd 
 whois
 wifite-mod-pixiewps-git
 wipe
 wireshark-cli
 wpscrack
 wput
 x11vnc
 xfburn
 xfsdump
 xfsprogs
 xmlto
 xorg
 xorg-drivers
 xorg-xinit
 xterm
 zerofree
 zip
 zsh
--- a/extra/pre-build.d/root/packages.both.SMALL
+++ b/extra/pre-build.d/root/packages.both.SMALL
@ -1,4 +0,0 @@
 # Commented lines are supported (via a preceding # only).
 # Packages from the AUR can be specified.
 # We need to install all X drivers.
 mtree-git
--- a/extra/pre-build.d/root/pre-build.sh
+++ b/extra/pre-build.d/root/pre-build.sh
@ -141,12 +141,7 @@ then
 fi
 # Add the regular user
 useradd -m -s /bin/bash -c "${USERCOMMENT}" ${REGUSR}
-usermod -aG users,games,video,audio ${REGUSR}  # TODO: remove this in lieu of $REGUSR_GRPS? these are all kind of required, though, for regular users anyways
+usermod -aG users,games,video,audio ${REGUSR}
 for g in $(echo ${REGUSR_GRPS} | sed 's/,[[:space:]]*/ /g');
 do
 	getent group ${g} > /dev/null 2>&1 || groupadd ${g}
 	usermod -aG ${g} ${REGUSR}
 done
 passwd -d ${REGUSR}
 # Add them to sudoers
 mkdir -p /etc/sudoers.d
--- a/extra/pre-build.d/x86_64/root/pre-build.arch.sh
+++ b/extra/pre-build.d/x86_64/root/pre-build.arch.sh
@ -1,2 +0,0 @@
 #!/bin/bash
 # Put any arch-specific tasks here. They will be run after /root/pre-build.sh.
--- a/extra/templates/VERSION_INFO.txt.j2
+++ b/extra/templates/VERSION_INFO.txt.j2
@ -2,5 +2,5 @@ Version:        {{ bdisk['ver'] }}
 Build:          {{ build['buildnum'] }}
 Time:           {{ build['time'] }}
 Machine:        {{ hostname }} ({{ distro }})
-User:           {{ build['user'] }}{% if build['realuser'] is defined and build['realuser']|length > 0 %} ({{ build['realuser'] }}){% endif %}
+User:           {{ build['user'] }}{% if build['realuser'] is defined and build['realuser'] > 0 %} ({{ build['realuser'] }}){% endif %}
--- a/extra/templates/pre-build.d/etc/hostname.j2
+++ b/extra/templates/pre-build.d/etc/hostname.j2
@ -1 +0,0 @@
 {{ bdisk['uxname']|lower }}.loc.lan
--- a/extra/templates/pre-build.d/root/VARS.txt.j2
+++ b/extra/templates/pre-build.d/root/VARS.txt.j2
@ -1,12 +0,0 @@
 export DISTNAME='{{ bdisk['name']|upper }}'
 export UXNAME='{{ bdisk['name']|lower }}'
 export PNAME='{{ bdisk['name'] }}'
 export DISTPUB='{{ bdisk['dev'] }}'
 export DISTDESC='{{ bdisk['desc'] }}'
 export REGUSR='{{ user['username']|lower }}'
 export REGUSR_GRPS='{{ user['groups'] }}'
 export USERCOMMENT='{{ user['name'] }}'
 export REGUSR_PASS='{{ user['password'] }}'
 export ROOT_PASS='{{ bdisk['root_password'] }}'
 export SIGKEY='{{ mygpgkey }}'
--- a/overlay/etc/bash.bashrc
+++ b/overlay/etc/bash.bashrc
@ -0,0 +1,64 @@
 #
 # /etc/bash.bashrc
 #
 # If not running interactively, don't do anything
 [[ $- != *i* ]] && return
 PS1='[\u@\h \W]\$ '
 PS2='> '
 PS3='> '
 PS4='+ '
 case ${TERM} in
  xterm*|rxvt*|Eterm|aterm|kterm|gnome*)
    PROMPT_COMMAND=${PROMPT_COMMAND:+$PROMPT_COMMAND; }'printf "\033]0;%s@%s:%s\007" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/\~}"'
    ;;
  screen)
    PROMPT_COMMAND=${PROMPT_COMMAND:+$PROMPT_COMMAND; }'printf "\033_%s@%s:%s\033\\" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/\~}"'
    ;;
 esac
 [ -r /usr/share/bash-completion/bash_completion   ] && . /usr/share/bash-completion/bash_completion
 alias vi='/usr/bin/vim'
 export EDITOR="vim"
 if [ -f ~/.bashrc ];
 then
 source ~/.bashrc
 fi 
 if [ -d ~/bin ];
 then
 export PATH="$PATH:~/bin"
 fi
 alias grep='grep --color'
 alias egrep='egrep --color'
 alias ls='ls --color=auto'
 PS1='[\u@\h \W]\$ '
 export HISTTIMEFORMAT="%F %T "
 export PATH="${PATH}:/sbin:/bin:/usr/sbin"
 DEFROUTEIF=$(ip route show | egrep '^default' | awk '{print $5}')
 echo
 echo "==================================="
 date
 if [ -n "${DEFROUTEIF}" ];
 then
 IPADDR=$(ip a s dev ${DEFROUTEIF} | egrep '^[[:space:]]*inet\ ' | awk '{print $2}' | cut -f1 -d"/")
 HWADDR=$(ip l show dev ${DEFROUTEIF} | egrep '^[[:space:]]*link' | awk '{print $2}')
 echo
 echo -n "${DEFROUTEIF} (${HWADDR}) is: ${IPADDR}"
 fi
 echo
 echo  -n "tun0 is: "
 ifconfig tun0 | grep inet | grep -v "inet6" | awk '{print $2}'
 echo
 echo "http://bdisk.square-r00t.net/"
 echo "==================================="
 echo
--- a/overlay/etc/lxdm/lxdm.conf
+++ b/overlay/etc/lxdm/lxdm.conf
@ -0,0 +1,62 @@
 [base]
 ## uncomment and set autologin username to enable autologin
 #autologin=bdisk
 ## uncomment and set timeout to enable timeout autologin,
 ## the value should >=5
 # timeout=10
 ## default session or desktop used when no systemwide config
 # session=/usr/bin/startlxde
 ## uncomment and set to set numlock on your keyboard
 # numlock=0
 ## set this if you don't want to put xauth file at ~/.Xauthority
 # xauth_path=/tmp
 # not ask password for users who have empty password
 # skip_password=1
 ## greeter used to welcome the user
 greeter=/usr/lib/lxdm/lxdm-greeter-gtk
 [server]
 ## arg used to start xserver, not fully function
 arg=/usr/bin/X -background vt1
 # uncomment this if you really want xserver listen to tcp
 # tcp_listen=1
 # uncoment this if you want reset the xserver after logou
 # reset=1
 [display]
 ## gtk theme used by greeter
 gtk_theme=Clearlooks
 ## background of the greeter
 # bg=/usr/share/backgrounds/default.png
 ## if show bottom pane
 bottom_pane=1
 ## if show language select control
 lang=1
 ## if show keyboard layout select control
 keyboard=0
 ## the theme of greeter
 theme=Industrial
 [input]
 [userlist]
 ## if disable the user list control at greeter
 disable=0
 ## whitelist user
 white=
 ## blacklist user
 black=
--- a/extra/pre-build.d/etc/systemd/scripts/livecd.fix.sh
+++ b/extra/pre-build.d/etc/systemd/scripts/livecd.fix.sh
@ -1,7 +1,5 @@
 #/bin/sh -
 locale-gen
 #chmod 4755 /opt/google/chrome-beta/chrome-sandbox
 chmod 4755 /usr/bin/sudo
@ -22,7 +20,7 @@ do
 done
 function fuck_you_gimme_net() {
-IFACE=$(ip -o link | awk '{print $2}' | egrep -E '^((en|wl)p?|em)' | sed -e 's/:$//g' | head -n1)
+IFACE=$(ifconfig -a -s | egrep -E '^((en|wl)p?|em)' | awk '{print $1}' | tr '\n' ' ' | sed -e 's/\ $//g')
 for i in ${IFACE};
 do
@ -41,15 +39,15 @@ do
   DEV='wireless-open'
  fi
- ip link set dev ${i} down
+ ifconfig ${i} down
 cp -a /etc/netctl/examples/${DEV} /etc/netctl/${i}
 sed -i -re "s/^([[:space:]]*Interface[[:space:]]*=).*/\1${i}/g" /etc/netctl/${i}
 if [ "${DEV}" == "wireless-open" ];
 then
-  ip link set dev ${i} up && \
+  ifconfig ${i} up && \
  ESSID=$(iwlist ${i} scanning | egrep -A5 -B5 '^[[:space:]]*Encryption key:off' | egrep '^[[:space:]]*ESSID:' | sed -re 's/^[[:space:]]*ESSID:(.*)/\1/g')
  sed -i -re "s/^([[:space:]]*ESSID[[:space:]]*=).*/\1${ESSID}/g" /etc/netctl/${i}
-  ip link set ${i} down
+  ifconfig ${i} down
 fi
 netctl restart ${i} > /dev/null 2>&1
 #cat /etc/resolvconf.conf.failover > /etc/resolvconf.conf
--- a/overlay/etc/systemd/system/dbus-org.freedesktop.NetworkManager.service
+++ b/overlay/etc/systemd/system/dbus-org.freedesktop.NetworkManager.service
@ -0,0 +1 @@
 /usr/lib/systemd/system/NetworkManager.service
--- a/overlay/etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service
+++ b/overlay/etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service
@ -0,0 +1 @@
 /usr/lib/systemd/system/NetworkManager-dispatcher.service
--- a/overlay/etc/systemd/system/getty@tty1.service.d/autologin.conf
+++ b/overlay/etc/systemd/system/getty@tty1.service.d/autologin.conf
@ -0,0 +1,5 @@
 #[Service]
 ##Type=simple
 #Type=idle
 #ExecStart=
 #ExecStart=-/usr/bin/agetty --autologin bdisk --noclear %I 38400 linux
--- a/extra/pre-build.d/etc/systemd/system/livecdfix.service
+++ b/extra/pre-build.d/etc/systemd/system/livecdfix.service
--- a/overlay/etc/systemd/system/multi-user.target.wants/NetworkManager.service
+++ b/overlay/etc/systemd/system/multi-user.target.wants/NetworkManager.service
@ -0,0 +1 @@
 /usr/lib/systemd/system/NetworkManager.service
--- a/extra/pre-build.d/etc/systemd/system/multi-user.target.wants/livecdfix.service
+++ b/extra/pre-build.d/etc/systemd/system/multi-user.target.wants/livecdfix.service
--- a/overlay/etc/systemd/system/multi-user.target.wants/openvpn-client@client.service
+++ b/overlay/etc/systemd/system/multi-user.target.wants/openvpn-client@client.service
@ -0,0 +1 @@
 /usr/lib/systemd/system/openvpn-client@.service
--- a/overlay/etc/systemd/system/multi-user.target.wants/sshd.service
+++ b/overlay/etc/systemd/system/multi-user.target.wants/sshd.service
@ -0,0 +1 @@
 /usr/lib/systemd/system/sshd.service
--- a/overlay/etc/vimrc
+++ b/overlay/etc/vimrc
@ -0,0 +1,22 @@
 " All system-wide defaults are set in $VIMRUNTIME/archlinux.vim (usually just
 " /usr/share/vim/vimfiles/archlinux.vim) and sourced by the call to :runtime
 " you can find below.  If you wish to change any of those settings, you should
 " do it in this file (/etc/vimrc), since archlinux.vim will be overwritten
 " everytime an upgrade of the vim packages is performed.  It is recommended to
 " make changes after sourcing archlinux.vim since it alters the value of the
 " 'compatible' option.
 " This line should not be removed as it ensures that various options are
 " properly set to work with the Vim-related packages.
 runtime! archlinux.vim
 " If you prefer the old-style vim functionalty, add 'runtime! vimrc_example.vim'
 " Or better yet, read /usr/share/vim/vim74/vimrc_example.vim or the vim manual
 " and configure vim to your own liking!
 set number
 syntax on
 set paste
 if has("autocmd")
  au BufReadPost * if line("'\"") > 1 && line("'\"") <= line("$") | exe "normal! g'\"" | endif
 endif
		`@ -1,2 +0,0 @@`
			`#!/bin/bash`
			`# Put any arch-specific tasks here. They will be run after /root/pre-build.sh.`
		`@ -0,0 +1 @@`
							`/usr/lib/systemd/system/NetworkManager.service`
		`@ -0,0 +1 @@`
							`/usr/lib/systemd/system/NetworkManager-dispatcher.service`
		`@ -0,0 +1 @@`
							`/usr/lib/systemd/system/openvpn-client@.service`