This can be an attack surface, but because it's shipped with a
user-level systemd service, it gets enabled by default. That's not
ideal.
Instead make it a system-level service to benefit from two effects:
1. It won't be enabled by default
2. Enabling it manually will require authentication
Resolves#477
because we fed the calcs channel from the main thread we'd eventually
get stuck on the calcs workers waiting for space in the results channel
but there'd never be space because the results are processed on the main
thread and that is busy feeding calcs ... instead buffer the channels
and also make sure to feed them from a goroutine so we are starting
processing results while still producing calcs.
I feel like this may be an anti pattern and maybe one should put
everything in a routine and synchronize them all in the main thread.
would prevent this sort of nonesense at least
Currently the script sets the release file to be owned by root so it
can't be accidentally removed, but even though it is owned by root it
can still be deleted by a user because the permissions on the parent
directory are what allow the file to be deleted.
This change instead marks the file as immutable, so that it truly can't
be removed accidentally (one would have to first explicitly remove the
immutable flag).
It's not in the base image and not in an enabled Arch repo. Have it
nowhere temporarily so that we can release an image, then later fix
this mess properly.
Homebrew by default will add itself to the system $PATH if you follow
the official installation instructions from their website and will
override important system binaries which can lead to failures like
experienced in https://invent.kde.org/kde-linux/kde-linux/-/issues/427.
This will make it safe to extend KDE Linux with homebrew again as this
will only add homebrew to the $PATH in interactive shells i.e. when a
user launched a graphical terminal.
Related to: https://invent.kde.org/kde-linux/kde-linux/-/issues/442
Additionally system binaries will be preferred over homebrew
provided ones if they are installed. This avoids a cat & mouse game
where homebrew will override things like systemctl, dbus and bash.
This was further discussed in https://github.com/ublue-os/brew/pull/1.
This has been used in every Universal Blue Bootc Image like Bazzite
for quite some time already.
