summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xconfig/chroot_local-hooks/52-update-rc.d1
-rw-r--r--config/chroot_local-hooks/99-zzzzzz_reproducible-builds-post-processing1
-rw-r--r--config/chroot_local-includes/lib/systemd/system/tails-reconfigure-fontconfig.service21
3 files changed, 23 insertions, 0 deletions
diff --git a/config/chroot_local-hooks/52-update-rc.d b/config/chroot_local-hooks/52-update-rc.d
index 4633d6c..34617ff 100755
--- a/config/chroot_local-hooks/52-update-rc.d
+++ b/config/chroot_local-hooks/52-update-rc.d
@@ -11,6 +11,7 @@ systemctl enable memlockd.service
systemctl enable initramfs-shutdown.service
systemctl enable onion-grater.service
systemctl enable tails-autotest-remote-shell.service
+systemctl enable tails-reconfigure-fontconfig.service
systemctl enable tails-set-wireless-devices-state.service
systemctl enable tails-shutdown-on-media-removal.service
systemctl enable tails-tor-has-bootstrapped.target
diff --git a/config/chroot_local-hooks/99-zzzzzz_reproducible-builds-post-processing b/config/chroot_local-hooks/99-zzzzzz_reproducible-builds-post-processing
index e0dab44..f30bc2d 100644
--- a/config/chroot_local-hooks/99-zzzzzz_reproducible-builds-post-processing
+++ b/config/chroot_local-hooks/99-zzzzzz_reproducible-builds-post-processing
@@ -23,6 +23,7 @@ rm /var/lib/dpkg/info/*.md5sums
# we'll require a bit more RAM and startup times, while the image will
# be smaller (and more reproducible!).
rm /etc/console-setup/cached_setup_keyboard.sh
+rm /var/cache/fontconfig/*
rm /var/cache/ldconfig/aux-cache
rm /var/lib/systemd/catalog/database
diff --git a/config/chroot_local-includes/lib/systemd/system/tails-reconfigure-fontconfig.service b/config/chroot_local-includes/lib/systemd/system/tails-reconfigure-fontconfig.service
new file mode 100644
index 0000000..fce7007
--- /dev/null
+++ b/config/chroot_local-includes/lib/systemd/system/tails-reconfigure-fontconfig.service
@@ -0,0 +1,21 @@
+# We need to generate the fontconfig cache.
+# For a deterministic build we do that at boot time.
+
+[Unit]
+Description=Generate fontconfig caches
+After=local-fs.target systemd-tmpfiles-setup.service
+Before=systemd-user-sessions.service
+DefaultDependencies=no
+
+[Service]
+Type=oneshot
+ExecStart=/usr/sbin/dpkg-reconfigure fontconfig
+RemainAfterExit=yes
+CapabilityBoundingSet=
+PrivateDevices=yes
+PrivateTmp=yes
+ProtectHome=yes
+ProtectSystem=full
+
+[Install]
+WantedBy=multi-user.target