From 5db3302173ae1924bf732e888b300a89a2f10de2 Mon Sep 17 00:00:00 2001
From: hayao <shun819.mail@gmail.com>
Date: Wed, 29 Jul 2020 18:58:11 +0900
Subject: [PATCH] [add] : reflector (archiso 45)

Add reflector and enable reflector.service

reflector.service will update pacman's mirrorlist after a network connection is established in the live system.
Fixes https://gitlab.archlinux.org/archlinux/archiso/-/issues/26 .
---
 .../etc/systemd/system/reflector.service           | 42 ++++++++++++++++++++++
 channels/share/packages.i686/pacman.i686           |  1 +
 channels/share/packages.x86_64/pacman.x86_64       |  1 +
 3 files changed, 44 insertions(+)
 create mode 100644 channels/share/airootfs.any/etc/systemd/system/reflector.service

diff --git a/channels/share/airootfs.any/etc/systemd/system/reflector.service b/channels/share/airootfs.any/etc/systemd/system/reflector.service
new file mode 100644
index 00000000..28cb51c9
--- /dev/null
+++ b/channels/share/airootfs.any/etc/systemd/system/reflector.service
@@ -0,0 +1,42 @@
+[Unit]
+Description=pacman mirrorlist update
+Wants=network-online.target
+After=network-online.target nss-lookup.target
+ConditionKernelCommandLine=!mirror
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/reflector --protocol https --age 1 --sort rate --save /etc/pacman.d/mirrorlist
+Restart=on-failure
+RestartSec=10
+CacheDirectory=reflector
+CapabilityBoundingSet=~CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_CHOWN CAP_FSETID CAP_SETFCAP CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_FOWNER CAP_IPC_OWNER CAP_NET_ADMIN CAP_SYS_TIME CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE CAP_KILL CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYS_RESOURCE CAP_MAC_ADMIN CAP_MAC_OVERRIDE CAP_SYS_BOOT CAP_LINUX_IMMUTABLE CAP_IPC_LOCK CAP_SYS_CHROOT CAP_BLOCK_SUSPEND CAP_LEASE CAP_SYS_PACCT CAP_SYS_TTY_CONFIG CAP_WAKE_ALARM
+Environment=XDG_CACHE_HOME=/var/cache/reflector
+LockPersonality=true
+MemoryDenyWriteExecute=true
+NoNewPrivileges=true
+PrivateDevices=true
+PrivateTmp=true
+PrivateUsers=true
+ProtectClock=true
+ProtectControlGroups=true
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelLogs=true
+ProtectKernelModules=true
+ProtectSystem=strict
+ReadWritePaths=/etc/pacman.d/mirrorlist
+ReadOnlyPaths=/etc/reflector/reflector.conf
+RemoveIPC=true
+RestrictAddressFamilies=~AF_AX25 AF_IPX AF_APPLETALK AF_X25 AF_DECnet AF_KEY AF_NETLINK AF_PACKET AF_RDS AF_PPPOX AF_LLC AF_IB AF_MPLS AF_CAN AF_TIPC AF_BLUETOOTH AF_ALG AF_VSOCK AF_KCM AF_UNIX AF_XDP
+RestrictNamespaces=true
+RestrictRealtime=true
+RestrictSUIDSGID=true
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+SystemCallFilter=~@resources @privileged
+UMask=177
+
+[Install]
+WantedBy=multi-user.target
\ No newline at end of file
diff --git a/channels/share/packages.i686/pacman.i686 b/channels/share/packages.i686/pacman.i686
index 6505eca8..ac75fd0b 100644
--- a/channels/share/packages.i686/pacman.i686
+++ b/channels/share/packages.i686/pacman.i686
@@ -25,3 +25,4 @@ alterlinux-keyring
 
 #-- mirrorlist --#
 alterlinux-mirrorlist
+reflector
diff --git a/channels/share/packages.x86_64/pacman.x86_64 b/channels/share/packages.x86_64/pacman.x86_64
index 29b4c58a..c05bbb88 100644
--- a/channels/share/packages.x86_64/pacman.x86_64
+++ b/channels/share/packages.x86_64/pacman.x86_64
@@ -25,3 +25,4 @@ alterlinux-keyring
 
 #-- mirrorlist --#
 alterlinux-mirrorlist
+reflector
-- 
2.11.0