Initial commit.

.editorconfig

@@ -0,0 +1,7 @@
+root = true
+[*]
+indent_style = space
+end_of_line = lf
+charset = utf-8
+[Makefile]
+indent_style = tab

.gitignore

@@ -0,0 +1,2 @@
+build
+output

Dockerfile.template

@@ -0,0 +1,4 @@
+FROM scratch
+ADD TEMPLATE_ROOTFS_FILE /
+ENV LANG=en_US.UTF-8
+CMD ["/usr/bin/bash"]

Makefile

@@ -0,0 +1,68 @@
+BUILDDIR=$(shell pwd)/build
+OUTPUTDIR=$(shell pwd)/output
+
+define rootfs
+	mkdir -vp $(BUILDDIR)/alpm-hooks/usr/share/libalpm/hooks
+	find /usr/share/libalpm/hooks -exec ln -sf /dev/null $(BUILDDIR)/alpm-hooks{} \;
+
+	mkdir -vp $(BUILDDIR)/var/lib/pacman/ $(OUTPUTDIR)
+	install -Dm644 /usr/share/devtools/pacman-extra.conf $(BUILDDIR)/etc/pacman.conf
+	cat pacman-conf.d-blackarch.conf >> $(BUILDDIR)/etc/pacman.conf
+
+	fakechroot -- fakeroot -- pacman -Sy -r $(BUILDDIR) \
+		--noconfirm --dbpath $(BUILDDIR)/var/lib/pacman \
+		--config $(BUILDDIR)/etc/pacman.conf \
+		--noscriptlet \
+		--hookdir $(BUILDDIR)/alpm-hooks/usr/share/libalpm/hooks/ $(2)
+
+	cp --recursive --preserve=timestamps --backup --suffix=.pacnew rootfs/* $(BUILDDIR)/
+
+fakechroot -- fakeroot -- chroot $(BUILDDIR) update-ca-trust
+	fakechroot -- fakeroot -- chroot $(BUILDDIR) locale-gen
+	fakechroot -- fakeroot -- chroot $(BUILDDIR) sh -c 'pacman-key --init && pacman-key --populate archlinux blackarch && bash -c "rm -rf etc/pacman.d/gnupg/{openpgp-revocs.d/,private-keys-v1.d/,pubring.gpg~,gnupg.S.}*"'
+
+	ln -fs /etc/os-release $(BUILDDIR)/usr/lib/os-release
+
+	# add system users
+	fakechroot -- fakeroot -- chroot $(BUILDDIR) /usr/bin/systemd-sysusers --root "/"
+
+	# remove passwordless login for root (see CVE-2019-5021 for reference)
+	sed -i -e 's/^root::/root:!:/' "$(BUILDDIR)/etc/shadow"
+
+	# Use BlackArch shell configs and os-release
+	fakechroot -- fakeroot -- chroot $(BUILDDIR) cp /etc/skel/{.bashrc,.zshrc,.bash_profile} /root/
+
+	# fakeroot to map the gid/uid of the builder process to root
+	fakeroot -- tar --numeric-owner --xattrs --acls --exclude-from=exclude -C $(BUILDDIR) -c . -f $(OUTPUTDIR)/$(1).tar
+
+	cd $(OUTPUTDIR); xz -9 -T0 -f $(1).tar; sha256sum $(1).tar.xz > $(1).tar.xz.SHA256
+endef
+
+define dockerfile
+	sed -e "s|TEMPLATE_ROOTFS_FILE|$(1).tar.xz|" \
+	    Dockerfile.template > $(OUTPUTDIR)/Dockerfile.$(1)
+endef
+
+.PHONY: clean
+clean:
+	rm -rf $(BUILDDIR) $(OUTPUTDIR)
+
+$(OUTPUTDIR)/blackarch-base.tar.xz:
+	$(call rootfs,blackarch-base,base blackarch-keyring)
+
+$(OUTPUTDIR)/blackarch-base-devel.tar.xz:
+	$(call rootfs,blackarch-base-devel,base base-devel blackarch-keyring)
+
+$(OUTPUTDIR)/Dockerfile.base: $(OUTPUTDIR)/blackarch-base.tar.xz
+	$(call dockerfile,blackarch-base)
+
+$(OUTPUTDIR)/Dockerfile.base-devel: $(OUTPUTDIR)/blackarch-base-devel.tar.xz
+	$(call dockerfile,blackarch-base-devel)
+
+.PHONY: docker-blackarch-base
+blackarch-base: $(OUTPUTDIR)/Dockerfile.base
+	docker build -f $(OUTPUTDIR)/Dockerfile.blackarch-base -t blackarchlinux/blackarch:base $(OUTPUTDIR)
+
+.PHONY: docker-blackarch-base-devel
+blackarch-base-devel: $(OUTPUTDIR)/Dockerfile.base-devel
+	docker build -f $(OUTPUTDIR)/Dockerfile.blackarch-base-devel -t blackarchlinux/blackarch:base-devel $(OUTPUTDIR)

exclude

@@ -0,0 +1,17 @@
+./.dockerenv
+./.dockerinit
+./sys
+./proc
+./dev
+./etc/hostname
+./etc/machine-id
+./etc/resolv.conf
+./etc/pacman.d/gnupg/openpgp-revocs.d/*
+./etc/pacman.d/gnupg/private-keys-v1.d/*
+./etc/pacman.d/gnupg/pubring.gpg~
+./etc/pacman.d/gnupg/S.*
+./tmp/*
+./var/cache/pacman/pkg/*
+./var/lib/pacman/sync/*
+./var/tmp/*
+./alpm-hooks

pacman-conf.d-blackarch.conf

@@ -0,0 +1,16 @@
+[multilib]
+Include = /etc/pacman.d/mirrorlist
+
+[blackarch]
+Include = /etc/pacman.d/blackarch-mirrorlist
+
+[options]
+NoExtract  = usr/lib/os-release
+NoExtract  = usr/share/help/* !usr/share/help/en*
+NoExtract  = usr/share/gtk-doc/html/* usr/share/doc/*
+NoExtract  = usr/share/locale/* usr/share/X11/locale/* usr/share/i18n/*
+NoExtract   = !*locale*/en*/* !usr/share/i18n/charmaps/UTF-8.gz !usr/share/*locale*/locale.*
+NoExtract   = !usr/share/*locales/en_?? !usr/share/*locales/i18n* !usr/share/*locales/iso*
+NoExtract   = !usr/share/*locales/trans*
+NoExtract  = usr/share/man/* usr/share/info/*
+NoExtract  = usr/share/vim/vim*/lang/*

pacman.conf

@@ -0,0 +1,91 @@
+#
+# /etc/pacman.conf
+#
+# See the pacman.conf(5) manpage for option and repository directives
+
+#
+# GENERAL OPTIONS
+#
+[options]
+# The following paths are commented out with their default values listed.
+# If you wish to use different paths, uncomment and update the paths.
+#RootDir     = /
+#DBPath      = /var/lib/pacman/
+#CacheDir    = /var/cache/pacman/pkg/
+#LogFile     = /var/log/pacman.log
+#GPGDir      = /etc/pacman.d/gnupg/
+#HookDir     = /etc/pacman.d/hooks/
+#HoldPkg     = pacman glibc
+#XferCommand = /usr/bin/curl -C - -f %u > %o
+#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
+#CleanMethod = KeepInstalled
+#UseDelta    = 0.7
+Architecture = auto
+
+# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
+#IgnorePkg   =
+#IgnoreGroup =
+
+#NoUpgrade   =
+#NoExtract   =
+
+# Misc options
+#UseSyslog
+#Color
+#TotalDownload
+CheckSpace
+#VerbosePkgLists
+
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
+SigLevel    = Required DatabaseOptional
+LocalFileSigLevel = Optional
+#RemoteFileSigLevel = Required
+
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
+
+#
+# REPOSITORIES
+#   - can be defined here or included from another file
+#   - pacman will search repositories in the order defined here
+#   - local/custom mirrors can be added here or in separate files
+#   - repositories listed first will take precedence when packages
+#     have identical names, regardless of version number
+#   - URLs will have $repo replaced by the name of the current repo
+#   - URLs will have $arch replaced by the name of the architecture
+#
+# Repository entries are of the format:
+#       [repo-name]
+#       Server = ServerName
+#       Include = IncludePath
+#
+# The header [repo-name] is crucial - it must be present and
+# uncommented to enable the repo.
+#
+
+# The testing repositories are disabled by default. To enable, uncomment the
+# repo name header and Include lines. You can add preferred servers immediately
+# after the header, and they will be used before the default mirrors.
+
+[core]
+Include = rootfs/etc/pacman.d/mirrorlist
+
+[extra]
+Include = rootfs/etc/pacman.d/mirrorlist
+
+[community]
+Include = rootfs/etc/pacman.d/mirrorlist
+
+# If you want to run 32 bit applications on your x86_64 system,
+# enable the multilib repositories as required here.
+
+#[multilib]
+#Include = /etc/pacman.d/mirrorlist
+#
+# An example of a custom package repository.  See the pacman manpage for
+# tips on creating your own repositories.
+#[custom]
+#SigLevel = Optional TrustAll
+#Server = file:///home/custompkgs

rootfs/etc/locale.conf

@@ -0,0 +1 @@
+LANG=en_US.UTF-8

rootfs/etc/locale.gen

@@ -0,0 +1 @@
+en_US.UTF-8 UTF-8

rootfs/etc/os-release

@@ -0,0 +1,5 @@
+NAME="BlackArch"
+PRETTY_NAME="BlackArch"
+ANSI_COLOR="38;2;23;147;209"
+HOME_URL="https://www.blackarch.org/"
+LOGO=blackarch

rootfs/etc/pacman.d/blackarch-mirrorlist

@@ -0,0 +1,3 @@
+# Worldwide
+Server = https://mirrors.fosshost.org/blackarch/$repo/os/$arch
+Server = https://mirrors.fossho.st/blackarch/$repo/os/$arch

rootfs/etc/pacman.d/mirrorlist

@@ -0,0 +1,3 @@
+Server = https://mirror.pkgbuild.com/$repo/os/$arch
+Server = https://mirror.rackspace.com/archlinux/$repo/os/$arch
+Server = https://mirror.leaseweb.net/archlinux/$repo/os/$arch

rootfs/etc/skel/.bashrc

@@ -0,0 +1,31 @@
+# colors
+darkgrey="$(tput bold ; tput setaf 0)"
+white="$(tput bold ; tput setaf 7)"
+blue="$(tput bold; tput setaf 4)"
+cyan="$(tput bold; tput setaf 6)"
+nc="$(tput sgr0)"
+
+# exports
+export PATH="${HOME}/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:"
+export PATH="${PATH}/usr/local/sbin:/opt/bin:/usr/bin/core_perl:/usr/games/bin:"
+
+if [[ $EUID -eq 0 ]]; then
+  export PS1="\[$blue\][ \[$cyan\]\H \[$darkgrey\]\w\[$darkgrey\] \[$blue\]]\\[$darkgrey\]# \[$nc\]"
+else
+  export PS1="\[$blue\][ \[$cyan\]\H \[$darkgrey\]\w\[$darkgrey\] \[$blue\]]\\[$cyan\]\$ \[$nc\]"
+fi
+
+export LD_PRELOAD=""
+export EDITOR="vim"
+
+# alias
+alias ls="ls --color"
+alias vi="vim"
+alias shred="shred -zf"
+#alias python="python2"
+alias wget="wget -U 'noleak'"
+alias curl="curl --user-agent 'noleak'"
+
+# source files
+[ -r /usr/share/bash-completion/completions ] &&
+  . /usr/share/bash-completion/completions/*

rootfs/etc/skel/.zshrc

@@ -0,0 +1,75 @@
+# Load colours and then set prompt
+# Prompt preview:
+# [user@hostname]-[~]
+# >>>
+autoload -U colors && colors
+PS1="%{$fg[blue]%}%B[%b%{$fg[cyan]%}%n%{$fg[grey]%}%B@%b%{$fg[cyan]%}%m%{$fg[blue]%}%B]-%b%{$fg[blue]%}%B[%b%{$fg[white]%}%~%{$fg[blue]%}%B]%b
+%{$fg[cyan]%}%B>>>%b%{$reset_color%} "
+
+# ZSH history file
+HISTSIZE=100
+SAVEHIST=100
+HISTFILE=~/.zsh_history
+
+# Fancy auto-complete
+autoload -Uz compinit
+zstyle ':completion:*' menu select=0
+zmodload zsh/complist
+zstyle ':completion:*' format '>>> %d'
+compinit
+_comp_options+=(globdots) # hidden files are included
+
+# Keybindings section
+bindkey -e
+bindkey '^[[7~' beginning-of-line                               # Home key
+bindkey '^[[H' beginning-of-line                                # Home key
+if [[ "${terminfo[khome]}" != "" ]]; then
+  bindkey "${terminfo[khome]}" beginning-of-line                # [Home] - Go to beginning of line
+fi
+bindkey '^[[8~' end-of-line                                     # End key
+bindkey '^[[F' end-of-line                                     # End key
+if [[ "${terminfo[kend]}" != "" ]]; then
+  bindkey "${terminfo[kend]}" end-of-line                       # [End] - Go to end of line
+fi
+bindkey '^[[2~' overwrite-mode                                  # Insert key
+bindkey '^[[3~' delete-char                                     # Delete key
+bindkey '^[[C'  forward-char                                    # Right key
+bindkey '^[[D'  backward-char                                   # Left key
+bindkey '^[[5~' history-beginning-search-backward               # Page up key
+bindkey '^[[6~' history-beginning-search-forward                # Page down key
+
+# Navigate words with ctrl+arrow keys
+bindkey '^[Oc' forward-word                                     #
+bindkey '^[Od' backward-word                                    #
+bindkey '^[[1;5D' backward-word                                 #
+bindkey '^[[1;5C' forward-word                                  #
+bindkey '^H' backward-kill-word                                 # delete previous word with ctrl+backspace
+bindkey '^[[Z' undo                                             # Shift+tab undo last action
+
+export LD_PRELOAD=""
+export EDITOR="vim"
+export PATH="$HOME/bin:/usr/lib/ccache/bin/:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin:/usr/bin/core_perl:/usr/games/bin:$PATH"
+
+# alias
+alias c="clear"
+alias cd..="cd .."
+alias curl="curl --user-agent 'noleak'"
+alias l="ls -ahls --color=auto"
+alias r="reset"
+alias shred="shred -zf"
+alias sl="ls --color=auto"
+alias vi="vim"
+alias ls="ls --color=auto"
+alias dir="dir --color=auto"
+alias vdir="vdir --color=auto"
+alias grep="grep --color=auto"
+alias fgrep="fgrep --color=auto"
+alias egrep="egrep --color=auto"
+alias wget="wget -c --user-agent 'noleak'"
+alias dd="dd status=progress"
+alias cp="cp -i"                          # confirm before overwriting something
+alias rm="rm -i"
+alias mv="mv -i"
+alias df="df -h"                          # human-readable sizes
+alias free="free -h"
+alias du="du -h"