diff options
Diffstat (limited to 'archsetup')
| -rwxr-xr-x | archsetup | 50 |
1 files changed, 20 insertions, 30 deletions
@@ -493,14 +493,6 @@ is_btrfs_root() { [ "$(findmnt -n -o FSTYPE /)" = "btrfs" ] } -# CPU Detection -is_amd_zen5() { - # Returns 0 (true) if CPU is AMD Zen 5 (family 26/0x1a) - # Used to detect CPUs affected by RDSEED32 bug (CVE-2025-62626) - grep -q "AuthenticAMD" /proc/cpuinfo && \ - grep -E "^cpu family" /proc/cpuinfo | head -1 | grep -q ": 26$" -} - # Encryption Detection is_encrypted_root() { # Returns 0 (true) if root filesystem is on an encrypted volume @@ -833,7 +825,7 @@ user_customizations() { dotfiles_dir="$user_archsetup_dir/dotfiles" action="linking dotfiles into place" && display "task" "$action" - (cd "$dotfiles_dir" && stow --target="/home/$username" --no-folding --adopt system \ + (cd "$dotfiles_dir" && stow --target="/home/$username" --no-folding --adopt common \ >> "$logfile" 2>&1 ) || error_warn "$action" "$?" # Stow desktop-environment-specific dotfiles @@ -1089,6 +1081,24 @@ EOF action="enabling geoclue geolocation service" && display "task" "$action" systemctl enable geoclue.service >> "$logfile" 2>&1 || error_warn "$action" "$?" + # Enable BeaconDB as geoclue wifi location provider (default MLS/Ichnaea API is defunct) + action="configuring geoclue to use BeaconDB location service" && display "task" "$action" + if grep -q '^#url=https://api.beacondb.net/v1/geolocate' /etc/geoclue/geoclue.conf 2>/dev/null; then + sed -i 's|^#url=https://api.beacondb.net/v1/geolocate|url=https://api.beacondb.net/v1/geolocate|' /etc/geoclue/geoclue.conf + fi + + # Whitelist gammastep in geoclue config (geoclue demo agent is started via hyprland.conf exec-once) + action="whitelisting gammastep in geoclue" && display "task" "$action" + if ! grep -q "^\[gammastep\]" /etc/geoclue/geoclue.conf 2>/dev/null; then + cat >> /etc/geoclue/geoclue.conf << 'EOF' + +[gammastep] +allowed=true +system=false +users= +EOF + fi + # Fix dbus-broker race condition with sysusers (geoclue user must exist before dbus parses service files) action="configuring dbus-broker to wait for sysusers" && display "task" "$action" mkdir -p /etc/systemd/system/dbus-broker.service.d @@ -1602,7 +1612,7 @@ desktop_environment() { pacman_install "$software" done - for software in vimix-cursors \ + for software in bibata-cursor-theme-bin \ papirus-icon-theme qt6ct qt5ct; do aur_install "$software" done @@ -1951,26 +1961,6 @@ EOF sed -i "s/.*GRUB_CMDLINE_LINUX_DEFAULT=.*/GRUB_CMDLINE_LINUX_DEFAULT=\"rw loglevel=2 rd.systemd.show_status=auto rd.udev.log_level=2 nvme.noacpi=1 mem_sleep_default=deep nowatchdog random.trust_cpu=off quiet splash\"/g" /etc/default/grub fi - # Hardware-specific workarounds - display "subtitle" "Hardware Workarounds" - - # AMD Zen 5 RDSEED32 bug (CVE-2025-62626) - # Zen 5 CPUs have a broken RDSEED instruction that causes kernel warnings at boot. - # Adding clearcpuid=rdseed disables the instruction via CPUID masking, suppressing - # the "RDSEED32 is broken. Disabling the corresponding CPUID bit." message. - # This is cosmetic - the kernel already disables RDSEED when it detects the bug. - if is_amd_zen5; then - action="applying AMD Zen 5 RDSEED32 workaround (CVE-2025-62626)" && display "task" "$action" - if [ -f /etc/default/grub ]; then - # Add clearcpuid=rdseed if not already present - if ! grep -q "clearcpuid=rdseed" /etc/default/grub; then - sed -i 's/GRUB_CMDLINE_LINUX_DEFAULT="\(.*\)"/GRUB_CMDLINE_LINUX_DEFAULT="\1 clearcpuid=rdseed"/' /etc/default/grub - fi - fi - else - display "task" "no hardware workarounds needed" - fi - # Regenerate GRUB config after all modifications if [ -f /etc/default/grub ]; then action="generating grub configuration" && display "task" "$action" |