#!/usr/bin/env bash
#
# SPDX-License-Identifier: GPL-3.0-or-later

set -e -u
shopt -s extglob

# Control the environment
umask 0022
export LC_ALL="C.UTF-8"
export LC_ALL="C"
[[ -v SOURCE_DATE_EPOCH ]] || printf -v SOURCE_DATE_EPOCH '%(%s)T' -1
export SOURCE_DATE_EPOCH
SCRIPTUSER="${SUDO_USER:-}"

# Set application name from the script's file name
app_name="${0##*/}"

# Global variables.
airootfs_image_type="squashfs"
airootfs_image_tool_options=()
arch="$(uname -m)"
bootmodes=()
bootstrap_packages=""
bootstrap_parent=""
bootstrap_pkg_list=()
bootstrap_tarball_compression=""
buildmodes=()
cert_list=()
directory_profiles="/usr/share/archuseriso/profiles"
desktop=""
efiboot_imgsize="0"
efiboot_files=()
efibootimg=""
embed_dir=""
gpg_key=""
gpg_sender=""
ia32_uefi_default_bootloader=""
image_name=""
install_dir=""
iso_application=""
iso_label=""
iso_uuid=""
iso_name="${app_name}"
iso_publisher=""
iso_version=""
iso_version_options=()
lang=""
lts=""
out_dir=""
packages=""
packages_locales=""
pacman_conf=""
pacman_testing_conf=""
pacstrap_dir=""
pkg_list=()
pkg_list_additions=()
pkg_testing_list=()
profile=""
quiet=""
search_filename=""
user_pkg_dir=""
work_dir=""
x64_uefi_default_bootloader=""
zfs_support="no"
declare -A file_permissions=()
declare -i rm_work_dir=0
# adapted from GRUB_EARLY_INITRD_LINUX_STOCK in https://git.savannah.gnu.org/cgit/grub.git/tree/util/grub-mkconfig.in
readonly ucodes=('intel-uc.img' 'intel-ucode.img' 'amd-uc.img' 'amd-ucode.img' 'early_ucode.cpio' 'microcode.cpio')
declare -i need_external_ucodes=0

# Show an INFO message
# $1: message string
_msg_info() {
    local _msg="${1}"
    printf '[%s] INFO: %s\n' "${app_name}" "${_msg}"
}

# Show a WARNING message
# $1: message string
_msg_warning() {
    local _msg="${1}"
    printf '[%s] WARNING: %s\n' "${app_name}" "${_msg}" >&2
}

# Show an ERROR message then exit with status
# $1: message string
# $2: exit code number (with 0 does not exit)
_msg_error() {
    local _msg="${1}"
    local _error=${2}
    printf '[%s] ERROR: %s\n' "${app_name}" "${_msg}" >&2
    if (( _error > 0 )); then
        exit "${_error}"
    fi
}

# Show help usage, with an exit status.
# $1: exit status number.
_usage() {
    IFS='' read -r -d '' usagetext <<ENDUSAGETEXT || true
usage: ${app_name} [options] <profile_dir>
  options:
     -A, --application  <application>   Set an application name for the ISO
                                        Default: '${iso_application}'
     --add-pkg, -p     PACKAGE(S)       Package(s) to install, comma seperated list
     --add-pkg-testing PACKAGE(S)       Package(s) to install from testing repositories,
                                        comma seperated list
     -c, --cert [cert ..]               Provide certificates for codesigning of netboot artifacts as
                                        well as the rootfs artifact.
                                        Multiple files are provided as quoted, comma delimited list.
                                        The first file is considered as the signing certificate,
                                        the second as the key and the third as the optional certificate
                                        authority.
     -C <file>                          pacman configuration file.
                                        Default: '${pacman_conf}'
     -D, --install-dir  <install_dir>   Set an install_dir. All files will be located here.
                                        Default: '${install_dir}'
                                        NOTE: Max 8 characters, use only [a-z0-9]
     --embed-dir <path>                 Embed directory contents in the iso image,
                                        data available from the live's session.
     -g, --gpgkey <gpg_key>             Set the PGP key ID to be used for signing the rootfs image.
                                        Passed to gpg as the value for --default-key
     -G, --gpgsender <mbox>             Set the PGP signer (must include an email address)
                                        Passed to gpg as the value for --sender
     --graphics=<option>                Graphics driver options:
               =nvidia                  Install Nvidia proprietary driver.
               =nvidia-open             Install Nvidia open source driver.
                                        Nvidia Optimus on laptops (Intel iGPU & Nvidia dGPU):
               =optimus-nvidia          Install Nvidia proprietary driver, set Nvidia dGPU the
                                        default rendering provider
               =optimus-prime           Install Nvidia proprietary driver in PRIME render offload mode 
     -h                                 This message
     -L <label>                         Set the ISO volume label
                                        Default: '${iso_label}'
     -l, --language <lang>              Set default language, select one from:
                                        cz, de, es, fr, gr, hu, it, nl, pl, pt, ro, rs, ru, tr, ua
     --lts                              Replace the linux package and the nvidia package with the long
                                        term support version. Only available for the default iso build mode.
     -m, --build-modes [build modes]    Build modes, comma separeted list. Valid modes are: 'bootstrap', 'img'
                                        and 'iso'. Default build mode is 'iso'.
     -o <out_dir>                       Set the output directory
                                        Default: '${out_dir}'
     --pacman-testing-conf <file>       pacman configuration file with testing repositories enabled.
                                        Default: '${pacman_testing_conf}'
     --pkg-dir <path>                   Directory containing user packages to install,
                                        pkg.tar.xz or pkg.tar.zst package files.
     -P <publisher>                     Set the ISO publisher
                                        Default: '${iso_publisher}'
     -r, --remove-work-dir              Delete the working directory at the end.
     -v, --verbose                      Enable verbose output
     -w, --work-dir <work_dir>          Set the working directory
                                        Default: '${work_dir}'
     --zfs-support                      Build packages zfs-utils, zfs-linux and zfs-linux against current
                                        linux kernel, then add ZFS support to live ISO image.

  profile_dir:        Directory of the archuseriso profile to build. Available directory profiles
                      under /usr/share/archuseriso/profiles

  Build example:
  sudo ${app_name} /usr/share/archuseriso/profiles/xfce

  Customization:
  Copy the directory profile to an new location then edit profiledef.sh and packages.x86_64
                     

ENDUSAGETEXT
    printf '%s' "${usagetext}"
    exit "${1}"
}

# Shows configuration options.
_show_config() {
    local build_date
    printf -v build_date '%(%FT%R%z)T' "${SOURCE_DATE_EPOCH}"
    _msg_info "${app_name} configuration settings"
    _msg_info "             Architecture:   ${arch}"
    _msg_info "        Working directory:   ${work_dir}"
    _msg_info "   Installation directory:   ${install_dir}"
    _msg_info "               Build date:   ${build_date}"
    _msg_info "         Output directory:   ${out_dir}"
    _msg_info "       Current build mode:   ${buildmode}"
    _msg_info "              Build modes:   ${buildmodes[*]}"
    _msg_info "                  GPG key:   ${gpg_key:-None}"
    _msg_info "               GPG signer:   ${gpg_sender:-None}"
    _msg_info "                  Profile:   ${profile}"
    _msg_info "Code signing certificates:   ${cert_list[*]:-None}"
    _msg_info "Pacman configuration file:   ${pacman_conf}"
    _msg_info "Pacman testing conf. file:   ${pacman_testing_conf}"
    _msg_info "         ISO volume label:   ${iso_label}"
    _msg_info "            ISO publisher:   ${iso_publisher}"
    _msg_info "          ISO application:   ${iso_application}"
    _msg_info "               Boot modes:   ${bootmodes[*]:-None}"
    _msg_info "    Packages from testing:   ${pkg_testing_list[*]}"
    _msg_info "  User packages directory:   ${user_pkg_dir}"
    _msg_info "            Packages File:   ${buildmode_packages}"
    _msg_info "                 Packages:   ${buildmode_pkg_list[*]}"
}

# Cleanup airootfs
_cleanup_pacstrap_dir() {
    _msg_info "Cleaning up in pacstrap location..."

    # Delete all files in /boot
    [[ -d "${pacstrap_dir}/boot" ]] && find "${pacstrap_dir}/boot" -mindepth 1 -delete
    # Delete pacman database sync cache files (*.tar.gz)
    [[ -d "${pacstrap_dir}/var/lib/pacman" ]] && find "${pacstrap_dir}/var/lib/pacman" -maxdepth 1 -type f -delete
    # Delete pacman database sync cache
    [[ -d "${pacstrap_dir}/var/lib/pacman/sync" ]] && find "${pacstrap_dir}/var/lib/pacman/sync" -delete
    # Delete pacman package cache
    [[ -d "${pacstrap_dir}/var/cache/pacman/pkg" ]] && find "${pacstrap_dir}/var/cache/pacman/pkg" -type f -delete
    # Delete all log files, keeps empty dirs.
    [[ -d "${pacstrap_dir}/var/log" ]] && find "${pacstrap_dir}/var/log" -type f -delete
    # Delete all temporary files and dirs
    [[ -d "${pacstrap_dir}/var/tmp" ]] && find "${pacstrap_dir}/var/tmp" -mindepth 1 -delete
    # Delete package pacman related files.
    find "${work_dir}" \( -name '*.pacnew' -o -name '*.pacsave' -o -name '*.pacorig' \) -delete
    # Create /etc/machine-id with special value 'uninitialized': the final id is
    # generated on first boot, systemd's first-boot mechanism applies (see machine-id(5))
    rm -f -- "${pacstrap_dir}/etc/machine-id"
    printf 'uninitialized\n' > "${pacstrap_dir}/etc/machine-id"

    _msg_info "Done!"
}

# Create a squashfs image and place it in the ISO 9660 file system.
# $@: options to pass to mksquashfs
_run_mksquashfs() {
    # Set default mksquashfs options
    local mksquashfs_options=() image_path="${isofs_dir}/${install_dir}/${arch}/airootfs.sfs"
    rm -f -- "${image_path}"
    [[ ! "${quiet}" == "y" ]] || mksquashfs_options+=('-no-progress' '-quiet')
    mksquashfs "$@" "${image_path}" -noappend "${airootfs_image_tool_options[@]}" "${mksquashfs_options[@]}"
}

# Create an ext4 image containing the root file system and pack it inside a squashfs image.
# Save the squashfs image on the ISO 9660 file system.
_mkairootfs_ext4+squashfs() {
    local ext4_hash_seed mkfs_ext4_options=()
    [[ -e "${pacstrap_dir}" ]] || _msg_error "The path '${pacstrap_dir}' does not exist" 1

    _msg_info "Creating ext4 image of 32 GiB and copying '${pacstrap_dir}/' to it..."

    ext4_hash_seed="$(uuidgen --sha1 --namespace 93a870ff-8565-4cf3-a67b-f47299271a96 \
        --name "${SOURCE_DATE_EPOCH} ext4 hash seed")"
    mkfs_ext4_options=(
        '-d' "${pacstrap_dir}"
        '-O' '^has_journal,^resize_inode'
        '-E' "lazy_itable_init=0,root_owner=0:0,hash_seed=${ext4_hash_seed}"
        '-m' '0'
        '-F'
        '-U' 'clear'
    )
    [[ ! "${quiet}" == "y" ]] || mkfs_ext4_options+=('-q')
    rm -f -- "${pacstrap_dir}.img"
    mkfs.ext4 "${mkfs_ext4_options[@]}" -- "${pacstrap_dir}.img" 32G
    _msg_info "Done!"

    install -d -m 0755 -- "${isofs_dir}/${install_dir}/${arch}"
    echo
    _msg_info "Creating SquashFS image, this may take some time..."
    _run_mksquashfs "${pacstrap_dir}.img"
    _msg_info "Done!"
    rm -- "${pacstrap_dir}.img"
}

# Create a squashfs image containing the root file system and saves it on the ISO 9660 file system.
_mkairootfs_squashfs() {
    if [[ ! -e "${pacstrap_dir}" ]]; then
        _msg_error "The path '${pacstrap_dir}' does not exist" 1
    fi

    install -d -m 0755 -- "${isofs_dir}/${install_dir}/${arch}"
    echo
    _msg_info "Creating SquashFS image, this may take some time..."
    _run_mksquashfs "${pacstrap_dir}"
    _msg_info "Done!"
}

# Create an EROFS image containing the root file system and saves it on the ISO 9660 file system.
_mkairootfs_erofs() {
    local mkfs_erofs_options=()

    [[ -e "${pacstrap_dir}" ]] || _msg_error "The path '${pacstrap_dir}' does not exist" 1

    install -d -m 0755 -- "${isofs_dir}/${install_dir}/${arch}"
    local image_path="${isofs_dir}/${install_dir}/${arch}/airootfs.erofs"
    rm -f -- "${image_path}"
    [[ ! "${quiet}" == "y" ]] || mkfs_erofs_options+=('--quiet')
    # Generate reproducible file system UUID from SOURCE_DATE_EPOCH
    fsuuid="$(uuidgen --sha1 --namespace 93a870ff-8565-4cf3-a67b-f47299271a96 --name "${SOURCE_DATE_EPOCH}")"
    mkfs_erofs_options+=('-U' '00000000-0000-0000-0000-000000000000' "${airootfs_image_tool_options[@]}")
    _msg_info "Creating EROFS image, this may take some time..."
    mkfs.erofs "${mkfs_erofs_options[@]}" -- "${image_path}" "${pacstrap_dir}"
    _msg_info "Done!"
}

# Create checksum file for the rootfs image.
_mkchecksum() {
    _msg_info "Creating checksum file for self-test..."
    cd -- "${isofs_dir}/${install_dir}/${arch}"
    if [[ -e "${isofs_dir}/${install_dir}/${arch}/airootfs.sfs" ]]; then
        sha512sum airootfs.sfs > airootfs.sha512
    elif [[ -e "${isofs_dir}/${install_dir}/${arch}/airootfs.erofs" ]]; then
        sha512sum airootfs.erofs > airootfs.sha512
    fi
    cd -- "${OLDPWD}"
    _msg_info "Done!"
}

# GPG sign the root file system image.
_mk_pgp_signature() {
    local gpg_options=()
    local airootfs_image_filename="${1}"
    _msg_info "Signing rootfs image using GPG..."

    rm -f -- "${airootfs_image_filename}.sig"
    # Add gpg sender option if the value is provided
        [[ -z "${gpg_sender}" ]] || gpg_options+=('--sender' "${gpg_sender}")
    # always use the .sig file extension, as that is what mkinitcpio-archiso's hooks expect
    gpg --batch --no-armor --no-include-key-block --output "${airootfs_image_filename}.sig" --detach-sign \
        --default-key "${gpg_key}" "${gpg_options[@]}" "${airootfs_image_filename}"
    _msg_info "Done!"
}

_mkchecksum_iso() {
    _msg_info "Creating checksum file..."
    cd -- "${out_dir}"
    sha512sum "${image_name}" > "${image_name}.sha512"
    cd -- "${OLDPWD}"
    _msg_info "Done!"
}

_mksignature_iso() {
    _msg_info "Signing iso image..."
    cd -- "${out_dir}"
    gpg --detach-sign --default-key "${gpg_key}" "${image_name}"
    cd -- "${OLDPWD}"
    _msg_info "Done!"
}

# Helper function to run functions only one time.
# $1: function name
_run_once() {
    if [[ ! -e "${work_dir}/${run_once_mode}.${1}" ]]; then
        "$1"
        touch "${work_dir}/${run_once_mode}.${1}"
    fi
}

# Set up custom pacman.conf with custom cache and pacman hook directories.
_make_pacman_conf() {
    local _cache_dirs _system_cache_dirs _profile_cache_dirs
    _system_cache_dirs="$(pacman-conf CacheDir| tr '\n' ' ')"
    _profile_cache_dirs="$(pacman-conf --config "${pacman_conf}" CacheDir| tr '\n' ' ')"

    # Only use the profile's CacheDir, if it is not the default and not the same as the system cache dir.
    if [[ "${_profile_cache_dirs}" != "/var/cache/pacman/pkg" ]] && \
        [[ "${_system_cache_dirs}" != "${_profile_cache_dirs}" ]]; then
        _cache_dirs="${_profile_cache_dirs}"
    else
        _cache_dirs="${_system_cache_dirs}"
    fi

    echo
    _msg_info "Copying custom pacman.conf to work directory..."
    # take the profile pacman.conf and strip all settings that would break in chroot when using pacman -r
    # see `man 8 pacman` for further info
    pacman-conf --config "${pacman_conf}" | \
        sed '/CacheDir/d;/DBPath/d;/HookDir/d;/LogFile/d;/RootDir/d' > "${work_dir}/${buildmode}.pacman.conf"
    _msg_info "Done!"

    _msg_info "Using pacman CacheDir: ${_cache_dirs}"
    # append CacheDir and HookDir to [options] section
    # HookDir is *always* set to the airootfs' override directory
    sed "/\[options\]/a CacheDir = ${_cache_dirs}
         /\[options\]/a HookDir = ${pacstrap_dir}/etc/pacman.d/hooks/" \
        -i "${work_dir}/${buildmode}.pacman.conf"
    _msg_info "Done!"
}

# Set up custom pacman-testing.conf with custom cache and pacman hook directories.
_make_pacman_testing_conf() {
    local _cache_dirs _system_cache_dirs _profile_cache_dirs
    _system_cache_dirs="$(pacman-conf CacheDir| tr '\n' ' ')"
    _profile_cache_dirs="$(pacman-conf --config "${pacman_testing_conf}" CacheDir| tr '\n' ' ')"

    # only use the profile's CacheDir, if it is not the default and not the same as the system cache dir
    if [[ "${_profile_cache_dirs}" != "/var/cache/pacman/pkg" ]] && \
        [[ "${_system_cache_dirs}" != "${_profile_cache_dirs}" ]]; then
        _cache_dirs="${_profile_cache_dirs}"
    else
        _cache_dirs="${_system_cache_dirs}"
    fi

    _msg_info "Copying custom pacman-testing.conf to work directory..."
    # take the profile pacman-testing.conf and strip all settings that would break in chroot when using pacman -r
    # see `man 8 pacman` for further info
    pacman-conf --config "${pacman_testing_conf}" | \
        sed '/CacheDir/d;/DBPath/d;/HookDir/d;/LogFile/d;/RootDir/d' > "${work_dir}/pacman-testing.conf"
    _msg_info "Done!"

    _msg_info "Using pacman CacheDir: ${_cache_dirs}"
    # append CacheDir and HookDir to [options] section
    # HookDir is *always* set to the airootfs' override directory
    sed "/\[options\]/a CacheDir = ${_cache_dirs}
         /\[options\]/a HookDir = ${pacstrap_dir}/etc/pacman.d/hooks/" \
        -i "${work_dir}/pacman-testing.conf"
    _msg_info "Done!"
}

# Prepare working directory and copy custom root file system files.
_make_custom_airootfs() {
    local passwd=()
    local filename permissions

    install -d -m 0755 -o 0 -g 0 -- "${pacstrap_dir}"

    if [[ -d "${profile}/airootfs" ]]; then
        _msg_info "Copying custom airootfs files..."
        cp -af --no-preserve=ownership -- "${profile}/airootfs/." "${pacstrap_dir}"

        if [[ -n "${lts}" ]]; then
            if [[ -f "${pacstrap_dir}/etc/mkinitcpio.d/linux.preset" ]]; then
                sed -i -- "s|vmlinuz-linux|vmlinuz-linux-lts|;
                           s|initramfs-linux|initramfs-linux-lts|" \
                          "${pacstrap_dir}/etc/mkinitcpio.d/linux.preset"
                mv "${pacstrap_dir}/etc/mkinitcpio.d/linux.preset" "${pacstrap_dir}/etc/mkinitcpio.d/linux-lts.preset"
            fi
        fi

        # Nvidia airootfs tree
        if [[ "${iso_version_options[@]}" =~ 'nvidia-open' ]]; then
            [[ -d "${profile}/airootfs-options/graphics/nvidia-open" ]] && \
                cp -afL --no-preserve=ownership -- "${profile}/airootfs-options/graphics/nvidia-open/." "${pacstrap_dir}"
        elif [[ "${iso_version_options[@]}" =~ 'nvidia' ]]; then
            [[ -d "${profile}/airootfs-options/graphics/nvidia" ]] && \
                cp -afL --no-preserve=ownership -- "${profile}/airootfs-options/graphics/nvidia/." "${pacstrap_dir}"
        elif [[ "${iso_version_options[@]}" =~ 'optimus-nvidia' ]]; then
            [[ -d "${profile}/airootfs-options/graphics/optimus-nvidia" ]] && \
                cp -afL --no-preserve=ownership -- "${profile}/airootfs-options/graphics/optimus-nvidia/." "${pacstrap_dir}"
        elif [[ "${iso_version_options[@]}" =~ 'optimus-prime' ]]; then
            [[ -d "${profile}/airootfs-options/graphics/optimus-prime" ]] && \
                cp -afL --no-preserve=ownership -- "${profile}/airootfs-options/graphics/optimus-prime/." "${pacstrap_dir}"
        fi

        # airootfs localization
        if [[ -n "${lang}" ]]; then
            cp -af --no-preserve=ownership -- "${profile}/lang/${lang}/airootfs/." "${pacstrap_dir}"
        fi
        # Set ownership and mode for files and directories
        for filename in "${!file_permissions[@]}"; do
            IFS=':' read -ra permissions <<< "${file_permissions["${filename}"]}"
            # Prevent file path traversal outside of $pacstrap_dir
            if [[ "$(realpath -q -- "${pacstrap_dir}${filename}")" != "${pacstrap_dir}"* ]]; then
                _msg_error "Failed to set permissions on '${pacstrap_dir}${filename}'. Outside of valid path." 1
            # Warn if the file does not exist
            elif [[ ! -e "${pacstrap_dir}${filename}" ]]; then
                _msg_warning "Cannot change permissions of '${pacstrap_dir}${filename}'. The file or directory does not exist."
            else
                if [[ "${filename: -1}" == "/" ]]; then
                    chown -fhR -- "${permissions[0]}:${permissions[1]}" "${pacstrap_dir}${filename}"
                    chmod -fR -- "${permissions[2]}" "${pacstrap_dir}${filename}"
                else
                    chown -fh -- "${permissions[0]}:${permissions[1]}" "${pacstrap_dir}${filename}"
                    chmod -f -- "${permissions[2]}" "${pacstrap_dir}${filename}"
                fi
            fi
        done
    fi

    # Set archiso cow_spacesize to 50% ram size
    # Set copytoram default to no
    sed -i 's|\x27256M\x27|"$(( $(awk \x27/MemTotal:/ { print $2 }\x27 /proc/meminfo) / 2 / 1024 ))M"|;
            s|\x27copytoram\x27 \x27auto\x27|\x27copytoram\x27 \x27no\x27|' \
           "${work_dir}/x86_64/airootfs/etc/initcpio/hooks/archiso"
    _msg_info "Done!"
}

# Install desired packages to the root file system
_make_packages() {
     _msg_info "Installing packages to '${pacstrap_dir}/'..."

    if [[ -v gpg_publickey ]]; then
        exec {ARCHISO_GNUPG_FD}<"${gpg_publickey}"
        export ARCHISO_GNUPG_FD
    fi
    if [[ -v cert_list[0] ]]; then
        exec {ARCHISO_TLS_FD}<"${cert_list[0]}"
        export ARCHISO_TLS_FD
    fi
    if [[ -v cert_list[2] ]]; then
        exec {ARCHISO_TLSCA_FD}<"${cert_list[2]}"
        export ARCHISO_TLSCA_FD
    fi

    # Unset TMPDIR to work around https://bugs.archlinux.org/task/70580
    if [[ "${quiet}" = "y" ]]; then
        env -u TMPDIR \
          pacstrap -C "${work_dir}/${buildmode}.pacman.conf" -c -G -M -- "${pacstrap_dir}" "${buildmode_pkg_list[@]}" > /dev/null || \
          _msg_error 'Package installation failed! Use --verbose option for details.' 1
    else
        env -u TMPDIR \
          pacstrap -C "${work_dir}/${buildmode}.pacman.conf" -c -G -M -- "${pacstrap_dir}" "${buildmode_pkg_list[@]}"
    fi

    if [[ -v cert_list[0] ]]; then
        exec {ARCHISO_TLS_FD}<&-
        unset ARCHISO_TLS_FD
    fi
    if [[ -v cert_list[2] ]]; then
        exec {ARCHISO_TLSCA_FD}<&-
        unset ARCHISO_TLSCA_FD
    fi
    if [[ -v gpg_publickey ]]; then
        exec {ARCHISO_GNUPG_FD}<&-
        unset ARCHISO_GNUPG_FD
    fi

    _msg_info "Done!"
}

# Packages in testing (airootfs)
_make_packages_testing() {
    _msg_info "Installing testing packages to '${pacstrap_dir}/'..."

    if [[ -n "${gpg_key}" ]]; then
        exec {ARCHISO_GNUPG_FD}<>"${work_dir}/pubkey.gpg"
        export ARCHISO_GNUPG_FD
    fi

    # Unset TMPDIR to work around https://bugs.archlinux.org/task/70580
    if [[ "${quiet}" = "y" ]]; then
        env -u TMPDIR \
          pacstrap -C "${work_dir}/pacman-testing.conf" -c -G -M -- "${pacstrap_dir}" "${pkg_testing_list[@]}" > /dev/null || \
          _msg_error 'Package installation failed! Use --verbose option for details.' 1
    else
        env -u TMPDIR \
          pacstrap -C "${work_dir}/pacman-testing.conf" -c -G -M -- "${pacstrap_dir}" "${pkg_testing_list[@]}"
    fi

    if [[ -n "${gpg_key}" ]]; then
        exec {ARCHISO_GNUPG_FD}<&-
        unset ARCHISO_GNUPG_FD
    fi

    _msg_info "Done!"
}

_umount_chroot-dir() {
    if findmnt -nr -- "${pacstrap_dir}" > /dev/null; then
        umount "${pacstrap_dir}"
    fi
}

# airootfs install user provided packages
_make_packages_upgrade() {
    trap "_umount_chroot-dir" EXIT HUP INT TERM
    local _pkg_upgrade
    mapfile -t _pkg_upgrade < <(find "${user_pkg_dir}" -maxdepth 1 \( -name "*.pkg.tar.xz" -o -name "*.pkg.tar.zst" \))

    _msg_info "Installing user packages to '${pacstrap_dir}/'..."

    if [[ -n "${gpg_key}" ]]; then
        exec {ARCHISO_GNUPG_FD}<>"${work_dir}/pubkey.gpg"
        export ARCHISO_GNUPG_FD
    fi

    # bind mount chroot-dir on itself to make it a mountpoint
    mount -o bind -- "${pacstrap_dir}" "${pacstrap_dir}"
    # Unset TMPDIR to work around https://bugs.archlinux.org/task/70580
    if [[ "${quiet}" = "y" ]]; then
        env -u TMPDIR \
          pacstrap -C "${work_dir}/${buildmode}.pacman.conf" -c -G -M -U -- "${pacstrap_dir}" "${_pkg_upgrade[@]}" > /dev/null || \
          _msg_error 'Package installation failed! Use --verbose option for details.' 1
    else
        pacstrap -C "${work_dir}/${buildmode}.pacman.conf" -c -G -M -U -- "${pacstrap_dir}" "${_pkg_upgrade[@]}"
    fi
    umount "${pacstrap_dir}"

    if [[ -n "${gpg_key}" ]]; then
        exec {ARCHISO_GNUPG_FD}<&-
        unset ARCHISO_GNUPG_FD
    fi

    _msg_info "Done!"
}

# Customize installation.
_make_customize_airootfs() {
    local passwd=()

    # Set up user home directories and permissions
    if [[ -e "${profile}/airootfs/etc/passwd" ]]; then
        _msg_info "Copying /etc/skel/* to user homes..."
        while IFS=':' read -a passwd -r; do
            # Only operate on UIDs in range 1000–59999
            (( passwd[2] >= 1000 && passwd[2] < 60000 )) || continue
            # Skip invalid home directories
            [[ "${passwd[5]}" == '/' ]] && continue
	        [[ -z "${passwd[5]}" ]] && continue
            # Prevent path traversal outside of $pacstrap_dir
            if [[ "$(realpath -q -- "${pacstrap_dir}${passwd[5]}")" == "${pacstrap_dir}"* ]]; then
                if [[ ! -d "${pacstrap_dir}${passwd[5]}" ]]; then
                    install -d -m 0750 -o "${passwd[2]}" -g "${passwd[3]}" -- "${pacstrap_dir}${passwd[5]}"
                fi
                cp -dRT --update=none --preserve=mode,timestamps,links -- "${pacstrap_dir}/etc/skel/." "${pacstrap_dir}${passwd[5]}"
                chown -hR -- "${passwd[2]}:${passwd[3]}" "${pacstrap_dir}${passwd[5]}"
            else
                _msg_error "Failed to set permissions on '${pacstrap_dir}${passwd[5]}'. Outside of valid path." 1
            fi
        done < "${profile}/airootfs/etc/passwd" 
        _msg_info "Done!"
    fi

    if [[ -e "${pacstrap_dir}/root/customize_airootfs_lang.sh" ]]; then
        _msg_info "Running customize_airootfs_lang.sh in '${pacstrap_dir}' chroot..."
        chmod -f -- +x "${pacstrap_dir}/root/customize_airootfs_lang.sh"
        # Unset TMPDIR to work around https://bugs.archlinux.org/task/70580
        if [[ "${quiet}" == "y" ]]; then
            eval -- env -u TMPDIR arch-chroot "${pacstrap_dir}" "/root/customize_airootfs_lang.sh"  > /dev/null || \
              _msg_error 'customize_airootfs_lang.sh failed! Use --verbose option for details.' 1
        else
            eval -- env -u TMPDIR arch-chroot "${pacstrap_dir}" "/root/customize_airootfs_lang.sh"
        fi
        rm -- "${pacstrap_dir}/root/customize_airootfs_lang.sh"
        _msg_info "Done!"
    fi
    if [[ -e "${pacstrap_dir}/root/customize_airootfs.sh" ]]; then
        _msg_info "Running customize_airootfs.sh in '${pacstrap_dir}' chroot..."
        chmod -f -- +x "${pacstrap_dir}/root/customize_airootfs.sh"
        if [[ "${quiet}" == "y" ]]; then
            eval -- env -i "SOURCE_DATE_EPOCH=${SOURCE_DATE_EPOCH}" \
              arch-chroot "${pacstrap_dir}" "/root/customize_airootfs.sh" &> /dev/null || \
              _msg_error 'customize_airootfs.sh failed! Use --verbose option for details.' 1
        else
            eval -- env -i "SOURCE_DATE_EPOCH=${SOURCE_DATE_EPOCH}" \
              arch-chroot "${pacstrap_dir}" "/root/customize_airootfs.sh"
        fi
        rm -- "${pacstrap_dir}/root/customize_airootfs.sh"
        _msg_info "Done!"
    fi
}

# rebuild initramfs (airootfs)
_make_setup_mkinitcpio() {
    if [[ -n "${gpg_key}" ]]; then
        exec {ARCHISO_GNUPG_FD}<>"${work_dir}/pubkey.gpg"
        export ARCHISO_GNUPG_FD
    fi

    if [[ "${quiet}" = "y" ]]; then
        arch-chroot "${pacstrap_dir}" mkinitcpio -P &> /dev/null || \
          _msg_error 'Building initramfs failed! Use --verbose option for details.' 1
    else
        arch-chroot "${pacstrap_dir}" mkinitcpio -P
    fi

    if [[ -n "${gpg_key}" ]]; then
        exec {ARCHISO_GNUPG_FD}<&-
        unset ARCHISO_GNUPG_FD
    fi
}

_profile_bootmode_syslinux_common() {
    local _cfg
    cp -rT --remove-destination "${profile}/syslinux/" "${work_dir}/syslinux/"
    for _cfg in "${work_dir}/syslinux/"*.cfg; do
        sed -i -- "s|%DESKTOP%|${desktop}|g;
                   s|%ARCHISO_LABEL%|${iso_label}|g;
                   s|%ARCHISO_UUID%|${iso_uuid}|g;
                   s|%INSTALL_DIR%|${install_dir}|g;
                   s|%ARCH%|${arch}|g"               \
                  "${_cfg}"
        if [[ -n "${lts}" ]]; then
            sed -i -- "s|vmlinuz-linux|vmlinuz-linux-lts|;
                       s|initramfs-linux|initramfs-linux-lts|" \
                      "${_cfg}"
        fi
    done
}

_profile_bootmode_bios.syslinux.eltorito() {
    _run_once _profile_bootmode_syslinux_common
}

_profile_bootmode_bios.syslinux.mbr() {
    _run_once _profile_bootmode_syslinux_common
}

_profile_bootmode_grub_common() {
    local _cfg

    install -d -m 0755 "${work_dir}/grub" 

    cp -rT --remove-destination "${profile}/efiboot/grub/" "${work_dir}/grub/"

    for _cfg in "${work_dir}/grub/"*'.cfg'; do
        sed -i -- "s|%DESKTOP%|${desktop}|g;
                   s|%ARCHISO_LABEL%|${iso_label}|g;
                   s|%ARCHISO_UUID%|${iso_uuid}|g;
                   s|%INSTALL_DIR%|${install_dir}|g;
                   s|%ARCH%|${arch}|g;
                   s|%ARCHISO_SEARCH_FILENAME%|${search_filename}|g" \
                  "${_cfg}"
        if [[ -n "${lts}" ]]; then
            sed -i -- "s|vmlinuz-linux|vmlinuz-linux-lts|;
                       s|initramfs-linux|initramfs-linux-lts|" \
                      "${_cfg}"
        fi
    done
}

_profile_bootmode_uefi-ia32.grub.eltorito() {
    _run_once _profile_bootmode_grub_common
}

_profile_bootmode_uefi-ia32.grub.esp() {
    _run_once _profile_bootmode_grub_common
}

_profile_bootmode_uefi-x64.grub.eltorito() {
    _run_once _profile_bootmode_grub_common
}

_profile_bootmode_uefi-x64.grub.esp() {
    _run_once _profile_bootmode_grub_common
}

_profile_bootmode_refind_common() {
    cp -rT --remove-destination "${profile}/efiboot/refind/" "${work_dir}/refind/"
}

_profile_bootmode_uefi-x64.refind.eltorito() {
    _run_once _profile_bootmode_refind_common
}

_profile_bootmode_uefi-x64.refind.esp() {
    _run_once _profile_bootmode_refind_common
}

_profile_bootmode_systemd-boot_common() {
    local _conf

    cp -rT --remove-destination "${profile}/efiboot/loader/" "${work_dir}/loader/"

    for _conf in "${work_dir}/loader/entries/"*".conf"; do
        sed -i -- "s|%DESKTOP%|${desktop}|g;
                   s|%ARCHISO_LABEL%|${iso_label}|g;
                   s|%ARCHISO_UUID%|${iso_uuid}|g;
                   s|%INSTALL_DIR%|${install_dir}|g;
                   s|%ARCH%|${arch}|g" \
                  "${_conf}"
        if [[ -n "${lts}" ]]; then
            sed -i -- "s|vmlinuz-linux|vmlinuz-linux-lts|;
                       s|initramfs-linux|initramfs-linux-lts|" \
                      "${_conf}"
        fi
    done
}

_profile_bootmode_uefi-ia32.systemd-boot.eltorito() {
    _run_once _profile_bootmode_systemd-boot_common
}

_profile_bootmode_uefi-ia32.systemd-boot.esp() {
    _run_once _profile_bootmode_systemd-boot_common
}

_profile_bootmode_uefi-x64.systemd-boot.eltorito() {
    _run_once _profile_bootmode_systemd-boot_common
}

_profile_bootmode_uefi-x64.systemd-boot.esp() {
    _run_once _profile_bootmode_systemd-boot_common
}

_fat_image_efiboot_files_common() {
    local _file
    local _available_ucodes=()

    if (( need_external_ucodes )); then
        for _file in "${ucodes[@]}"; do
            if [[ -e "${pacstrap_dir}/boot/${_file}" ]]; then
                _available_ucodes+=("${pacstrap_dir}/boot/${_file}")
            fi
        done
    fi

    efiboot_files+=("${pacstrap_dir}/boot/vmlinuz-"*
                    "${pacstrap_dir}/boot/initramfs-"*".img"
                    "${_available_ucodes[@]}")
}

_fat_image_efiboot_files_common_ia32() {
    [[ -f "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi" ]] && \
        efiboot_files+=("${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi")
}

_fat_image_efiboot_files_common_x64() {
    [[ -f "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" ]] && \
        efiboot_files+=("${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi")
    [[ -f "${pacstrap_dir}/boot/memtest86+/memtest.efi" ]] && efiboot_files+=("${pacstrap_dir}/boot/memtest86+/memtest.efi")
}

_make_common_bootmode_grub_cfg() {

    # Prepare grub.cfg that will be embedded inside the GRUB binaries
    IFS='' read -r -d '' grubembedcfg <<'EOF' || true
regexp --set=1:archiso_bootdevice '^\(([^)]+)\)\/?[Ee][Ff][Ii]\/?' "$cmdpath"
if ! [ -d "$cmdpath" ]; then
     # On some firmware, GRUB has a wrong cmdpath when booted from an optical disc. During El Torito boot, GRUB is
     # launched from a case-insensitive FAT-formatted EFI system partition, but it seemingly cannot access that partition
     # and sets cmdpath to the whole cd# device which has case-sensitive ISO 9660 + Rock Ridge + Joliet file systems.
     # See https://gitlab.archlinux.org/archlinux/archiso/-/issues/183 and https://savannah.gnu.org/bugs/?62886
     if regexp '^\(([^)]+)\)\/?[Ee][Ff][Ii]\/[Bb][Oo][Oo][Tt]\/?$' "$cmdpath"; then
         set cmdpath="(${archiso_bootdevice})/EFI/BOOT"
         set ARCHISO_HINT="${archiso_bootdevice}"
     fi
     if regexp '^\(([^)]+)\)\/?[Ee][Ff][Ii]\/[Gg][Rr][Uu][Bb]\/?$' "$cmdpath"; then
         set cmdpath="(${archiso_bootdevice})/EFI/grub"
         set ARCHISO_HINT="${archiso_bootdevice}"
     fi
fi

# Prepare a hint for the search command using the device in cmdpath
if [ -z "${ARCHISO_HINT}" ]; then
    regexp --set=1:ARCHISO_HINT '^\(([^)]+)\)' "${cmdpath}"
fi

# Search for the ISO volume
if search --no-floppy --set=archiso_device --file '%ARCHISO_SEARCH_FILENAME%' --hint "${ARCHISO_HINT}"; then
    set ARCHISO_HINT="${archiso_device}"
    if probe --set ARCHISO_UUID --fs-uuid "${ARCHISO_HINT}"; then
        export ARCHISO_UUID
    fi
else
    echo "Could not find a volume with a '%ARCHISO_SEARCH_FILENAME%' file on it!"
fi

# Load grub.cfg
if [ "${ARCHISO_HINT}" == 'memdisk' -o -z "${ARCHISO_HINT}" ]; then
    echo 'Could not find the ISO volume!'
elif [ -e "(${ARCHISO_HINT})/boot/grub/grub.cfg" ]; then
    export ARCHISO_HINT
    set root="${ARCHISO_HINT}"
    configfile "(${ARCHISO_HINT})/boot/grub/grub.cfg"
else
    echo "File '(${ARCHISO_HINT})/boot/grub/grub.cfg' not found!"
fi
EOF
    grubembedcfg="${grubembedcfg//'%ARCHISO_SEARCH_FILENAME%'/"${search_filename}"}"
    printf '%s\n' "$grubembedcfg" > "${work_dir}/grub-embed.cfg"

    # Write grubenv
    printf '%.1024s' \
        "$(printf '# GRUB Environment Block\nNAME=%s\nVERSION=%s\nARCHISO_LABEL=%s\nINSTALL_DIR=%s\nARCH=%s\nARCHISO_SEARCH_FILENAME=%s\n%s' \
            "${iso_name}" \
            "${iso_version}" \
            "${iso_label}" \
            "${install_dir}" \
            "${arch}" \
            "${search_filename}" \
            "$(printf '%0.1s' "#"{1..1024})")" \
        > "${work_dir}/grub/grubenv"
}

_fat_image_efiboot_files_uefi-ia32.grub.esp() {
    local _grubmodules=()

    _run_once _make_common_bootmode_grub_cfg

    # Create EFI binary
    # Module list from https://bugs.archlinux.org/task/71382#comment202911
    _grubmodules=(all_video at_keyboard boot btrfs cat chain configfile echo efifwsetup efinet exfat ext2 f2fs fat \
                  font gfxmenu gfxterm gzio halt hfsplus iso9660 jpeg keylayouts linux loadenv loopback lsefi      \
                  lsefimmap minicmd normal ntfs ntfscomp part_apple part_gpt part_msdos png read reboot regexp     \
                  search search_fs_file search_fs_uuid search_label serial sleep tpm udf usb usbserial_common      \
                  usbserial_ftdi usbserial_pl2303 usbserial_usbdebug video xfs zstd)
    grub-mkstandalone -O i386-efi                     \
                      --modules="${_grubmodules[*]}"  \
                      --locales="en@quot"             \
                      --themes=""                     \
                      --sbat=/usr/share/grub/sbat.csv \
                      --disable-shim-lock             \
                      -o "${work_dir}/grubia32.efi" "boot/grub/grub.cfg=${work_dir}/grub-embed.cfg"

    # Add GRUB to the list of files used to calculate the required FAT image size.
    efiboot_files+=("${work_dir}/grubia32.efi"
                    "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi")

    _run_once _fat_image_efiboot_files_common_ia32
    _run_once _fat_image_efiboot_files_common
}

_fat_image_efiboot_files_uefi-x64.grub.esp() {
    local _grubmodules=()

    _run_once _make_common_bootmode_grub_cfg

    # Create EFI binary
    # Module list from https://bugs.archlinux.org/task/71382#comment202911
    _grubmodules=(all_video at_keyboard boot btrfs cat chain configfile echo efifwsetup efinet exfat ext2 f2fs fat \
                  font gfxmenu gfxterm gzio halt hfsplus iso9660 jpeg keylayouts linux loadenv loopback lsefi      \
                  lsefimmap minicmd normal ntfs ntfscomp part_apple part_gpt part_msdos png read reboot regexp     \
                  search search_fs_file search_fs_uuid search_label serial sleep tpm udf usb usbserial_common      \
                  usbserial_ftdi usbserial_pl2303 usbserial_usbdebug video xfs zstd)
    grub-mkstandalone -O x86_64-efi                   \
                      --modules="${_grubmodules[*]}"  \
                      --locales="en@quot"             \
                      --themes=""                     \
                      --sbat=/usr/share/grub/sbat.csv \
                      --disable-shim-lock             \
                      -o "${work_dir}/grubx64.efi" "boot/grub/grub.cfg=${work_dir}/grub-embed.cfg"

    # Add GRUB to the list of files used to calculate the required FAT image size.
    efiboot_files+=("${work_dir}/grubx64.efi")

    _run_once _fat_image_efiboot_files_common_x64
    _run_once _fat_image_efiboot_files_common
}

_fat_image_efiboot_files_uefi-x64.refind.esp() {
    _run_once _fat_image_efiboot_files_common_x64
    _run_once _fat_image_efiboot_files_common
    efiboot_files+=("${work_dir}/refind/refind-dvd.conf"
                    "${pacstrap_dir}/usr/share/refind")
}

_fat_image_efiboot_files_uefi-ia32.systemd-boot.esp() {
    _run_once _fat_image_efiboot_files_common_ia32
    efiboot_files+=("${pacstrap_dir}/usr/lib/systemd/boot/efi/systemd-bootx64.efi"
                    "${pacstrap_dir}/usr/share/refind/icons/os_arch.png"
                    "${work_dir}/loader/")
}

_fat_image_efiboot_files_uefi-x64.systemd-boot.esp() {
    _run_once _fat_image_efiboot_files_common_x64
    efiboot_files+=("${pacstrap_dir}/usr/lib/systemd/boot/efi/systemd-bootx64.efi"
                    "${pacstrap_dir}/usr/share/refind/icons/os_arch.png"
                    "${work_dir}/loader/")
}

# Check if initramfs files contain microcode update files
_check_if_initramfs_has_ucode() {
    local initrd

    for initrd in $(compgen -G "${pacstrap_dir}"'/boot/initramfs-*.img'); do
        if ! bsdtar -tf "$initrd" 'early_cpio' 'kernel/x86/microcode/*.bin' &>/dev/null; then
            need_external_ucodes=1
            _msg_info "Initramfs file does not contain microcode update files. External microcode initramfs images will be copied."
            return
        fi
    done
}

# Copy kernel and initramfs to ISO 9660
_make_boot_on_iso9660() {
    _msg_info "Preparing kernel and initramfs for the ISO 9660 file system..."
    install -d -m 0755 -- "${isofs_dir}/${install_dir}/boot/${arch}"
    install -m 0644 -- "${pacstrap_dir}/boot/initramfs-"*".img" "${isofs_dir}/${install_dir}/boot/${arch}/"
    install -m 0644 -- "${pacstrap_dir}/boot/vmlinuz-"* "${isofs_dir}/${install_dir}/boot/${arch}/"

    if (( need_external_ucodes )); then
        for _ucode_image in "${ucodes[@]}"; do
            if [[ -e "${pacstrap_dir}/boot/${_ucode_image}" ]]; then
                install -m 0644 -- "${pacstrap_dir}/boot/${_ucode_image}" "${isofs_dir}/${install_dir}/boot/"
                if [[ -e "${pacstrap_dir}/usr/share/licenses/${_ucode_image%.*}/" ]]; then
                    install -d -m 0755 -- "${isofs_dir}/${install_dir}/boot/licenses/${_ucode_image%.*}/"
                    install -m 0644 -- "${pacstrap_dir}/usr/share/licenses/${_ucode_image%.*}/"* \
                        "${isofs_dir}/${install_dir}/boot/licenses/${_ucode_image%.*}/"
                fi
            fi
        done
    fi
    _msg_info "Done!"
}

_efiboot_image_size() {
    # Calculate the required FAT image size in bytes
    efiboot_imgsize="$(du -bc "${efiboot_files[@]}" \
                     2>/dev/null | awk 'END { print $1 }')"
}

# Create a FAT image (efiboot.img) which will serve as the EFI system partition
# $1: image size in bytes
_make_efibootimg() {
    local _imgsize="0"
    local _mkfs_fat_opts=(-C -n LIVEMEDIUM)

    # Convert from bytes to KiB and round up to the next full MiB with an additional 8 MiB for reserved sectors,
    # file and directory entries and to allow adding custom files when repacking the ISO.
    _imgsize="$(awk 'function ceil(x){return int(x)+(x>int(x))}
            function byte_to_kib(x){return x/1024}
            function mib_to_kib(x){return x*1024}
            END {print mib_to_kib(ceil((byte_to_kib($1)+8192)/1024))}' <<< "${efiboot_imgsize}"
    )"

    # Use FAT32 as early as possible. mkfs.fat selects FAT32 if the size ≥ 512 MiB, but a FAT32 file system can
    # already be created at 36 MiB size (assuming 512 byte logical sector size).
    if (( _imgsize >= 36864 )); then
        _mkfs_fat_opts+=(-F 32)
    fi

    # The FAT image must be created with mkfs.fat not mformat, as some systems have issues with mformat made images:
    # https://lists.gnu.org/archive/html/grub-devel/2019-04/msg00099.html
    rm -f -- "${efibootimg}"
    _msg_info "Creating FAT image of size: ${_imgsize} KiB..."
    if [[ "${quiet}" == "y" ]]; then
        # mkfs.fat does not have a -q/--quiet option, so redirect stdout to /dev/null instead
        # https://github.com/dosfstools/dosfstools/issues/103
        mkfs.fat "${_mkfs_fat_opts[@]}" "${efibootimg}" "${_imgsize}" &> /dev/null
    else
        mkfs.fat "${_mkfs_fat_opts[@]}" "${efibootimg}" "${_imgsize}"
    fi
    _msg_info "Done!"

    # Create the default/fallback boot path in which a boot loaders will be placed later.
    mmd -i "${efibootimg}" \
           ::/EFI ::/EFI/BOOT
}

# Create the EFI paths in which a boot loader will be placed.
_make_efibootimg_grub_path() {
    mmd -D s -i "${efibootimg}" \
           ::/EFI/grub
}

# Copy kernel and initramfs to FAT image
_make_boot_on_fat() {
    local -a _all_ucode_images=()
    _msg_info "Preparing kernel and initramfs for the FAT file system..."
    mmd -i "${efibootimg}" \
        "::/${install_dir}" "::/${install_dir}/boot" "::/${install_dir}/boot/${arch}" \
        "::/boot" "::/boot/memtest86+"
    mcopy -i "${efibootimg}" "${pacstrap_dir}/boot/vmlinuz-"* \
        "${pacstrap_dir}/boot/initramfs-"*".img" "::/${install_dir}/boot/${arch}/"
    if (( need_external_ucodes )); then
        for _ucode_image in "${ucodes[@]}"; do
            if [[ -e "${pacstrap_dir}/boot/${_ucode_image}" ]]; then
                _all_ucode_images+=("${pacstrap_dir}/boot/${_ucode_image}")
            fi
        done
        if (( ${#_all_ucode_images[@]} )); then
            mcopy -i "${efibootimg}" "${_all_ucode_images[@]}" "::/${install_dir}/boot/"
        fi
    fi
    _msg_info "Done!"
}

_ed2k-shellia32.esp() {
    # shellia32.efi is picked up automatically when on /
    if [[ -e "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi" ]]; then
        mcopy -i "${efibootimg}" \
                 "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi" ::/shellia32.efi
    fi
}

_ed2k-shellx64.esp() {
    # shellx64.efi is picked up automatically when on /
    if [[ -e "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" ]]; then
        mcopy -i "${efibootimg}" \
                 "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" ::/shellx64.efi
    fi
}

_ed2k-shellia32.eltorito() {
    # edk2-shell based UEFI shell
    # shellia32.efi is picked up automatically when on /
    if [[ -e "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi" ]]; then
        install -m 0644 -- "${work_dir}/x86_64/airootfs/usr/share/edk2-shell/ia32/Shell_Full.efi" "${isofs_dir}/shellia32.efi"
    fi
}

_ed2k-shellx64.eltorito() {
    # edk2-shell based UEFI shell
    # shellx64.efi is picked up automatically when on /
    if [[ -e "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" ]]; then
        install -m 0644 -- "${work_dir}/x86_64/airootfs/usr/share/edk2-shell/x64/Shell_Full.efi" "${isofs_dir}/shellx64.efi"
    fi
}

_memtest86.esp() {
    # Add other aditional/extra files to efibootimg ${install_dir}/boot/
    if [[ -e "${pacstrap_dir}/boot/memtest86+/memtest.efi" ]]; then
        mcopy -i "${efibootimg}" "${pacstrap_dir}/boot/memtest86+/memtest.efi" "::/boot/memtest86+/"
    fi
}

_memtest86.eltorito() {
    # Add other aditional/extra files to ${install_dir}/boot/
    if [[ -e "${pacstrap_dir}/boot/memtest86+/memtest.efi" ]]; then
        install -d -m 0755 -- "${isofs_dir}/boot/memtest86+/"
        install -m 0644 -- "${pacstrap_dir}/boot/memtest86+/memtest.efi" "${isofs_dir}/boot/memtest86+/memtest.efi"
        install -m 0644 -- "${pacstrap_dir}/usr/share/licenses/spdx/GPL-2.0-only.txt" "${isofs_dir}/boot/memtest86+/LICENSE"
    fi
}

# Copy GRUB files to ISO 9660 which is used by both IA32 UEFI and x64 UEFI
_make_common_bootmode_grub_copy_to_isofs() {
    local _files_to_copy=()

    _files_to_copy+=("${work_dir}/grub/"*)
    if compgen -G "${profile}/efiboot/grub/!(*.cfg)" &> /dev/null; then
        _files_to_copy+=("${profile}/efiboot/grub/"!(*.cfg))
    fi
    install -d -m 0755 -- "${isofs_dir}/boot/grub/"
    cp -r --remove-destination -- "${_files_to_copy[@]}" "${isofs_dir}/boot/grub/"
}

# Prepare syslinux for booting from MBR (isohybrid)
_make_bootmode_bios.syslinux.mbr() {
    _msg_info "Setting up SYSLINUX for BIOS booting from a disk..."
    install -d -m 0755 -- "${isofs_dir}/boot/syslinux"
    for _cfg in "${work_dir}/syslinux/"*.cfg; do
            install -m 0644 -- "${_cfg}" "${isofs_dir}/boot/syslinux/${_cfg##*/}"
    done
    if [[ -e "${work_dir}/syslinux/splash.png" ]]; then
        install -m 0644 -- "${work_dir}/syslinux/splash.png" "${isofs_dir}/boot/syslinux/"
    fi
    install -m 0644 -- "${work_dir}/x86_64/airootfs/usr/lib/syslinux/bios/"*.c32 "${isofs_dir}/boot/syslinux/"
    install -m 0644 -- "${work_dir}/x86_64/airootfs/usr/lib/syslinux/bios/lpxelinux.0" "${isofs_dir}/boot/syslinux/"
    install -m 0644 -- "${work_dir}/x86_64/airootfs/usr/lib/syslinux/bios/memdisk" "${isofs_dir}/boot/syslinux/"

    _run_once _make_boot_on_iso9660

    if [[ -e "${isofs_dir}/boot/syslinux/hdt.c32" ]]; then
        install -d -m 0755 -- "${isofs_dir}/boot/syslinux/hdt"
        if [[ -e "${pacstrap_dir}/usr/share/hwdata/pci.ids" ]]; then
            gzip -cn9 "${pacstrap_dir}/usr/share/hwdata/pci.ids" > \
                "${isofs_dir}/boot/syslinux/hdt/pciids.gz"
        fi
        find "${pacstrap_dir}/usr/lib/modules" -name 'modules.alias' -print -exec gzip -cn9 '{}' ';' -quit > \
            "${isofs_dir}/boot/syslinux/hdt/modalias.gz"
    fi

    # Add other aditional/extra files to ${install_dir}/boot/
    if [[ -e "${pacstrap_dir}/boot/memtest86+/memtest.bin" ]]; then
        # rename for PXE: https://wiki.archlinux.org/title/Syslinux#Using_memtest
        install -d -m 0755 -- "${isofs_dir}/boot/memtest86+/"
        install -m 0644 -- "${pacstrap_dir}/boot/memtest86+/memtest.bin" "${isofs_dir}/boot/memtest86+/memtest"
        install -m 0644 -- "${pacstrap_dir}/usr/share/licenses/spdx/GPL-2.0-only.txt" "${isofs_dir}/boot/memtest86+/LICENSE"
    fi
    _msg_info "Done!"
}

# Prepare syslinux for El-Torito booting
_make_bootmode_bios.syslinux.eltorito() {
    _msg_info "Setting up SYSLINUX for BIOS booting from an optical disc..."
    install -d -m 0755 -- "${isofs_dir}/boot/syslinux"
    install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/isolinux.bin" "${isofs_dir}/boot/syslinux/"
    install -m 0644 -- "${pacstrap_dir}/usr/lib/syslinux/bios/isohdpfx.bin" "${isofs_dir}/boot/syslinux/"

    # ISOLINUX and SYSLINUX installation is shared
    _run_once _make_bootmode_bios.syslinux.mbr

    _msg_info "Done!"
}

_make_bootmode_uefi-ia32.grub.esp() {
    _msg_info "Setting up IA32 GRUB for UEFI booting..."

    _run_once _efiboot_image_size

    # Create a FAT image for the EFI system partition
    _run_once _make_efibootimg

    # Create the EFI paths in which a boot loader will be placed.
    _run_once _make_efibootimg_grub_path

    # Copy GRUB EFI binary to the default/fallback boot path
    mcopy -i "${efibootimg}" \
             "${work_dir}/grubia32.efi" ::/EFI/grub

    _run_once _ed2k-shellia32.esp

    _msg_info "Done! GRUB set up for UEFI booting successfully."
}

# Prepare GRUB for El Torito booting
_make_bootmode_uefi-ia32.grub.eltorito() {
    # El Torito UEFI boot requires an image containing the EFI system partition.
    # uefi-ia32.grub.eltorito has the same requirements as uefi-ia32.grub.esp
    _run_once _make_bootmode_uefi-ia32.grub.esp

    # Additionally set up systemd-boot in ISO 9660. This allows creating a medium for the live environment by using
    # manual partitioning and simply copying the ISO 9660 file system contents.
    # This is not related to El Torito booting and no firmware uses these files.
    _msg_info "Grub IA32: preparing EFI directory for the ISO 9660 file system..."
    install -d -m 0755 -- "${isofs_dir}"/EFI/{BOOT,grub}

    # Copy GRUB EFI binary to the default/fallback boot path
    install -m 0644 -- "${work_dir}/grubia32.efi" "${isofs_dir}/EFI/grub/grubia32.efi"

    # Copy GRUB files
    _run_once _make_common_bootmode_grub_copy_to_isofs

    _run_once _ed2k-shellia32.eltorito

    _msg_info "Done!"
}

_make_bootmode_uefi-x64.grub.esp() {
    _msg_info "Setting up x86-64 GRUB for UEFI booting..."

    _run_once _efiboot_image_size

    # Create a FAT image for the EFI system partition
    _run_once _make_efibootimg

    # Create the EFI paths in which a boot loader will be placed.
    _run_once _make_efibootimg_grub_path

    # Copy GRUB EFI binary to the default/fallback boot path
    mcopy -i "${efibootimg}" \
        "${work_dir}/grubx64.efi" ::/EFI/grub/

    # Copy GRUB files
    _run_once _make_common_bootmode_grub_copy_to_isofs

    _run_once _ed2k-shellx64.esp

    _msg_info "Done! GRUB set up for UEFI booting successfully."
}

# Prepare GRUB for El Torito booting
_make_bootmode_uefi-x64.grub.eltorito() {
    # El Torito UEFI boot requires an image containing the EFI system partition.
    # uefi-x64.grub.eltorito has the same requirements as uefi-x64.grub.esp
    _run_once _make_bootmode_uefi-x64.grub.esp

    # Additionally set up systemd-boot in ISO 9660. This allows creating a medium for the live environment by using
    # manual partitioning and simply copying the ISO 9660 file system contents.
    # This is not related to El Torito booting and no firmware uses these files.
    _msg_info "Grub x64: preparing EFI directory for the ISO 9660 file system..."
    install -d -m 0755 -- "${isofs_dir}"/EFI/{BOOT,grub}

    # Copy GRUB EFI binary to the default/fallback boot path
    install -m 0644 -- "${work_dir}/grubx64.efi" "${isofs_dir}/EFI/grub/"

    # Copy GRUB files
    _run_once _make_common_bootmode_grub_copy_to_isofs

    _run_once _ed2k-shellx64.eltorito

    _run_once _memtest86.eltorito

    _msg_info "Done!"
}

# Prepare refind for booting when written to a disk (isohybrid)
_make_bootmode_uefi-x64.refind.esp() {
    _msg_info "Setting up refind for UEFI booting..."

    _run_once _efiboot_image_size

    # Create a FAT image for the EFI system partition
    _run_once _make_efibootimg

    # Create the EFI paths in which a boot loader will be placed.
    mmd -i "${efibootimg}" \
           ::/EFI/refind ::/EFI/refind/drivers_x64 ::/EFI/refind/icons

    # Copy rEFInd files to EFI path
    mcopy -i "${efibootimg}" \
             "${work_dir}/x86_64/airootfs/usr/share/refind/refind_x64.efi" ::/EFI/refind/
    mcopy -i "${efibootimg}" \
             "${work_dir}"/x86_64/airootfs/usr/share/refind/drivers_x64/* ::/EFI/refind/drivers_x64/
    mcopy -i "${efibootimg}" \
             "${work_dir}"/x86_64/airootfs/usr/share/refind/icons/* ::/EFI/refind/icons/
    mcopy -i "${efibootimg}" \
             "${work_dir}/refind/refind-dvd.conf" ::/EFI/refind/refind.conf

    # Copy kernel and initramfs to FAT image.
    _run_once _make_boot_on_fat

    _run_once _ed2k-shellx64.esp
    
    _run_once _memtest86.esp

    _msg_info "Done!"
}

# Prepare refind for El Torito booting
_make_bootmode_uefi-x64.refind.eltorito() {
    # El Torito UEFI boot requires an image containing the EFI system partition.
    # uefi-x64.refind.eltorito has the same requirements as uefi-x64.refind.esp
    _run_once _make_bootmode_uefi-x64.systemd-boot.esp
    # Additionally set up refind in ISO 9660. This allows creating a medium for the live environment by using
    # manual partitioning and simply copying the ISO 9660 file system contents.
    # This is not related to El Torito booting and no firmware uses these files.
    _msg_info "rEFInd: preparing EFI directory for the ISO 9660 file system..."
    install -d -m 0755 -- "${isofs_dir}"/EFI/{BOOT,refind}

    # Copy rEFInd files to EFI path
    install -m 0644 -- "${work_dir}/x86_64/airootfs/usr/share/refind/refind_x64.efi" "${isofs_dir}/EFI/refind/"
    cp -r --remove-destination -- "${work_dir}/x86_64/airootfs/usr/share/refind"/{drivers_x64,icons}/ \
                                   "${isofs_dir}/EFI/refind/"

    install -m 0644 -- "${work_dir}/refind/refind-usb.conf" "${isofs_dir}/EFI/refind/refind.conf"

    _run_once _ed2k-shellx64.eltorito
    
    _run_once _memtest86.eltorito

    _msg_info "Done!"
}

_make_bootmode_uefi.systemd-boot.common_config_files() {
    install -d -m 0755 -- "${isofs_dir}/loader/entries"
    install -m 0644 -- "${work_dir}/loader/loader.conf" "${isofs_dir}/loader/"
    for _entry in  "${work_dir}/loader/entries/"*".conf"; do
        install -m 0644 -- "${_entry}" "${isofs_dir}/loader/entries/${_entry##*/}"
    done
}

_make_bootmode_uefi.systemd-boot.common() {
    local _entry

    # Create the EFI paths in which a boot loader will be placed.
    mmd -i "${efibootimg}" \
           ::/EFI/systemd ::/loader ::/loader/entries

    # Copy systemd-boot configuration files
    mcopy -i "${efibootimg}" \
             "${work_dir}/loader/loader.conf" ::loader/

    for _entry in  "${work_dir}/loader/entries/"*".conf"; do
        mcopy -i "${efibootimg}" "${_entry}" "::/loader/entries/${_entry##*/}"
    done
}

# Prepare system-boot for booting when written to a disk (isohybrid)
_make_bootmode_uefi-ia32.systemd-boot.esp() {
    _msg_info "Setting up systemd-boot ia32 for UEFI booting..."

    _run_once _efiboot_image_size

    # Create a FAT image for the EFI system partition
    _run_once _make_efibootimg
    
    # systemd-boot uefi common
    _run_once _make_bootmode_uefi.systemd-boot.common

    # Copy systemd-boot EFI binary to EFI path
    mcopy -i "${efibootimg}" \
             "${work_dir}/x86_64/airootfs/usr/lib/systemd/boot/efi/systemd-bootia32.efi" ::/EFI/systemd/
    mcopy -i "${efibootimg}" \
             "${work_dir}/x86_64/airootfs/usr/share/refind/icons/os_arch.png" ::/EFI/systemd/systemd-bootia32.png

    # Copy kernel and initramfs to FAT image.
    # systemd-boot can only access files from the EFI system partition it was launched from.
    _run_once _make_boot_on_fat

    _run_once _ed2k-shellia32.esp
    
    _msg_info "Done!"
}

# Prepare system-boot for booting when written to a disk (isohybrid)
_make_bootmode_uefi-x64.systemd-boot.esp() {
    _msg_info "Setting up systemd-boot x64 for UEFI booting..."

    _run_once _efiboot_image_size

    # Create a FAT image for the EFI system partition
    _run_once _make_efibootimg
    
    # systemd-boot uefi common
    _run_once _make_bootmode_uefi.systemd-boot.common

    # Copy systemd-boot EFI binary to EFI path
    mcopy -i "${efibootimg}" \
             "${work_dir}/x86_64/airootfs/usr/lib/systemd/boot/efi/systemd-bootx64.efi" ::/EFI/systemd/
    mcopy -i "${efibootimg}" \
             "${work_dir}/x86_64/airootfs/usr/share/refind/icons/os_arch.png" ::/EFI/systemd/systemd-bootx64.png

    # Copy kernel and initramfs to FAT image.
    # systemd-boot can only access files from the EFI system partition it was launched from.
    _run_once _make_boot_on_fat

    _run_once _ed2k-shellx64.esp
    
    _run_once _memtest86.esp

    _msg_info "Done!"
}

# Prepare system-boot for El Torito booting
_make_bootmode_uefi-ia32.systemd-boot.eltorito() {
    # El Torito UEFI boot requires an image containing the EFI system partition.
    # uefi-ia32.systemd-boot.eltorito has the same requirements as uefi-x64.systemd-boot.esp
    _run_once _make_bootmode_uefi-ia32.systemd-boot.esp

    # Additionally set up systemd-boot in ISO 9660. This allows creating a medium for the live environment by using
    # manual partitioning and simply copying the ISO 9660 file system contents.
    # This is not related to El Torito booting and no firmware uses these files.
    _msg_info "Systemd-boot ia32: preparing EFI directory for the ISO 9660 file system..."
    install -d -m 0755 -- "${isofs_dir}"/EFI/{BOOT,systemd}

    # Copy systemd-boot EFI binary to EFI path
    install -m 0644 -- "${work_dir}/x86_64/airootfs/usr/lib/systemd/boot/efi/systemd-bootia32.efi" "${isofs_dir}/EFI/systemd/"

    # Copy systemd-boot configuration files
    _run_once _make_bootmode_uefi.systemd-boot.common_config_files
    install -m 0644 -- "${pacstrap_dir}/usr/share/refind/icons/os_arch.png" "${isofs_dir}/EFI/systemd/systemd-bootia32.png"

    _run_once _ed2k-shellia32.eltorito

    _msg_info "Done!"
}

# Prepare system-boot for El Torito booting
_make_bootmode_uefi-x64.systemd-boot.eltorito() {
    # El Torito UEFI boot requires an image containing the EFI system partition.
    # uefi-x64.systemd-boot.eltorito has the same requirements as uefi-x64.systemd-boot.esp
    _run_once _make_bootmode_uefi-x64.systemd-boot.esp
    # Additionally set up systemd-boot in ISO 9660. This allows creating a medium for the live environment by using
    # manual partitioning and simply copying the ISO 9660 file system contents.
    # This is not related to El Torito booting and no firmware uses these files.
    _msg_info "Systemd-boot x64: preparing EFI directory for the ISO 9660 file system..."
    install -d -m 0755 -- "${isofs_dir}"/EFI/{BOOT,systemd}

    # Copy systemd-boot EFI binary to EFI path
    install -m 0644 -- "${work_dir}/x86_64/airootfs/usr/lib/systemd/boot/efi/systemd-bootx64.efi" "${isofs_dir}/EFI/systemd/"

    # Copy systemd-boot configuration files
    _run_once _make_bootmode_uefi.systemd-boot.common_config_files
    install -m 0644 -- "${pacstrap_dir}/usr/share/refind/icons/os_arch.png" "${isofs_dir}/EFI/systemd/systemd-bootx64.png"

    _run_once _ed2k-shellx64.eltorito

    _run_once _memtest86.eltorito

    _msg_info "Done!"
}

# Set up boot loaders
_make_bootmodes() {
    local _bootmode
    # Prepare profile bootmodes
    for _bootmode in "${bootmodes[@]}"; do
        if typeset -f "_profile_bootmode_${_bootmode}" &> /dev/null; then
            _run_once "_profile_bootmode_${_bootmode}"
        fi
    done
    # Calculate the required FAT image size in bytes for x64 EFI booting
    for _bootmode in "${bootmodes[@]}"; do
        if typeset -f "_fat_image_efiboot_files_${_bootmode}" &> /dev/null; then
            _run_once "_fat_image_efiboot_files_${_bootmode}"
        fi
    done
    # Make bootmodes
    for _bootmode in "${bootmodes[@]}"; do
        _run_once "_make_bootmode_${_bootmode}"
    done
}

# Set GRUB ia32 as the default EFI boot loader
_make_ia32_uefi_default_bootloader_uefi-ia32.grub.esp() {
    # EFI boot image
    mmove -i "${efibootimg}" ::/EFI/grub/grubia32.efi ::/EFI/BOOT/BOOTIA32.EFI

    # ISO 9660 file system
    mv -- "${isofs_dir}/EFI/grub/grubia32.efi" "${isofs_dir}/EFI/BOOT/BOOTIA32.EFI"
}

# Set GRUB x64 as the default EFI boot loader
_make_x64_uefi_default_bootloader_uefi-x64.grub.esp() {
    # EFI boot image
    mmove -i "${efibootimg}" ::/EFI/grub/grubx64.efi ::/EFI/BOOT/BOOTx64.EFI

    # ISO 9660 file system
    mv -- "${isofs_dir}/EFI/grub/grubx64.efi" "${isofs_dir}/EFI/BOOT/BOOTx64.EFI"
}

# Set rEFInd as the default EFI bootloader
_make_x64_uefi_default_bootloader_uefi-x64.refind.esp() {
    # EFI boot image
    mmove -i "${efibootimg}" ::/EFI/refind/* ::/EFI/BOOT/
    mmove -i "${efibootimg}" ::/EFI/BOOT/refind_x64.efi ::/EFI/BOOT/BOOTx64.EFI

    # ISO 9660 file system
    mv -- "${isofs_dir}/EFI/refind/"* "${isofs_dir}/EFI/BOOT/"
    mv -- "${isofs_dir}/EFI/BOOT/refind_x64.efi" "${isofs_dir}/EFI/BOOT/BOOTx64.EFI"
}

# Set systemd-boot ia32 as the default EFI boot loader
_make_ia32_uefi_default_bootloader_uefi-ia32.systemd-boot.esp() {
    # EFI boot image
    mmove -i "${efibootimg}" ::/EFI/systemd/systemd-bootia32.efi ::/EFI/BOOT/BOOTIA32.EFI
    mmove -i "${efibootimg}" ::/EFI/systemd/systemd-bootia32.png ::/EFI/BOOT/

    # ISO 9660 file system
    mv -- "${isofs_dir}/EFI/systemd/systemd-bootia32.efi" "${isofs_dir}/EFI/BOOT/BOOTIA32.EFI"
    mv -- "${isofs_dir}/EFI/systemd/systemd-bootia32.png" "${isofs_dir}/EFI/BOOT/"
}

# Set systemd-boot x64 as the default EFI boot loader
_make_x64_uefi_default_bootloader_uefi-x64.systemd-boot.esp() {
    # EFI boot image
    mmove -i "${efibootimg}" ::/EFI/systemd/systemd-bootx64.efi ::/EFI/BOOT/BOOTx64.EFI
    mmove -i "${efibootimg}" ::/EFI/systemd/systemd-bootx64.png ::/EFI/BOOT/

    # ISO 9660 file system
    mv -- "${isofs_dir}/EFI/systemd/systemd-bootx64.efi" "${isofs_dir}/EFI/BOOT/BOOTx64.EFI"
    mv -- "${isofs_dir}/EFI/systemd/systemd-bootx64.png" "${isofs_dir}/EFI/BOOT/"
}

# Run uefi ia32 default boot loader configuration
_make_ia32_uefi_default_bootloader() {
    _run_once _make_ia32_uefi_default_bootloader_"${ia32_uefi_default_bootloader}"
}

# Run uefi x64 default boot loader configuration
_make_x64_uefi_default_bootloader() {
    _run_once _make_x64_uefi_default_bootloader_"${x64_uefi_default_bootloader}"
}

# Archuseriso drive config
# ISO data used by aui-mkusb, aui-mkhybrid and aui-mkinstall tools
_make_drive() {
    if [[ -z "${image_name}" ]]; then
        image_name="${iso_name}-${iso_version}-x64"
    fi

    # Copy drive profile
    cp -aT --no-preserve=ownership -- "${profile}/drive/" "${isofs_dir}/.drive/"
    printf 'bootmodes=( %s )\n' "${bootmodes[*]}" >> "${isofs_dir}/.drive/mediumdef.sh"
    printf 'x64_uefi_default_bootloader="%s"\n' "${x64_uefi_default_bootloader}" >> "${isofs_dir}/.drive/mediumdef.sh"
    printf 'ia32_uefi_default_bootloader="%s"\n' "${ia32_uefi_default_bootloader}" >> "${isofs_dir}/.drive/mediumdef.sh"

    mv -- "${isofs_dir}/.drive/liveusb/persistent" "${isofs_dir}/.drive/liveusb/persistent_${iso_label}"

    ### esp framework
    install -d -m 0755 -- "${isofs_dir}/.drive/liveusb/esp/"
    install -d -m 0755 -- "${isofs_dir}/.drive/liveusb/esp/${install_dir}/"
    install -d -m 0755 -- "${isofs_dir}/.drive/liveusb/esp/${install_dir}/boot/"
    install -d -m 0755 -- "${isofs_dir}/.drive/liveusb/esp/${install_dir}/boot/x86_64/"
    install -d -m 0755 -- "${isofs_dir}/.drive/liveusb/esp/${install_dir}/boot/licenses/"
    ln -s -- "../liveusb/esp" "${isofs_dir}/.drive/hybrid/esp"
    ln -s -- "../liveusb/esp" "${isofs_dir}/.drive/install/esp"

    # syslinux
    if [[ -d "${isofs_dir}/boot/syslinux" ]]; then
        ln -s -- "../../../boot/syslinux" "${isofs_dir}/.drive/liveusb/esp/syslinux"
    fi

    # live kernel, live initramfs, efi shell
    for _ucode_image in {intel-uc.img,intel-ucode.img,amd-uc.img,amd-ucode.img,early_ucode.cpio,microcode.cpio}; do
            if [[ -e "${isofs_dir}/${install_dir}/boot/${_ucode_image}" ]]; then
                ln -s -- "../../../../../${install_dir}/boot/${_ucode_image}" "${isofs_dir}/.drive/liveusb/esp/${install_dir}/boot/"
            fi
    done
    if [[ -d "${isofs_dir}/${install_dir}/boot/licenses" ]]; then
        for _license in "${isofs_dir}/${install_dir}/boot/licenses/"*; do
            ln -s -- "../../../../../../${install_dir}/boot/licenses/${_license##*/}/" \
                     "${isofs_dir}/.drive/liveusb/esp/${install_dir}/boot/licenses/${_license##*/}"
        done
    fi
    for _kernel in "${isofs_dir}/${install_dir}/boot/x86_64/vmlinuz-"* \
                   "${isofs_dir}/${install_dir}/boot/x86_64/initramfs-"*".img"; do
            ln -s -- "../../../../../../${install_dir}/boot/x86_64/${_kernel##*/}" \
                  "${isofs_dir}/.drive/liveusb/esp/${install_dir}/boot/x86_64/"
    done

    # persistent kernel & initramfs
    install -d -m 0755 -- "${isofs_dir}/.drive/liveusb/esp/EFI/"
    for _ucode_image in {intel-uc.img,intel-ucode.img,amd-uc.img,amd-ucode.img,early_ucode.cpio,microcode.cpio}; do
        if [[ -e "${isofs_dir}/${install_dir}/boot/${_ucode_image}" ]]; then
            ln -s -- "../../../${install_dir}/boot/${_ucode_image}" "${work_dir}/iso/.drive/liveusb/esp/"
        fi
    done
    for _kernel in "${isofs_dir}/${install_dir}/boot/x86_64/vmlinuz-"* \
                   "${isofs_dir}/${install_dir}/boot/x86_64/initramfs-"*".img"; do
        ln -s -- "../../../${install_dir}/boot/x86_64/${_kernel##*/}" "${work_dir}/iso/.drive/liveusb/esp/"
    done

    # other symbolic links
    [[ -d "${isofs_dir}/boot/grub" ]] && ln -s -- ../../../boot/grub "${isofs_dir}/.drive/liveusb/esp/grub"
    [[ -d "${isofs_dir}/loader" ]] && ln -s -- ../../../loader "${isofs_dir}/.drive/liveusb/esp/loader"
    [[ -d "${isofs_dir}/EFI/BOOT" ]] && ln -s -- ../../../../EFI/BOOT "${isofs_dir}/.drive/liveusb/esp/EFI/BOOT"
    [[ -d "${isofs_dir}/EFI/grub" ]] && ln -s -- ../../../../EFI/grub "${isofs_dir}/.drive/liveusb/esp/EFI/grub"
    [[ -d "${isofs_dir}/EFI/refind" ]] && ln -s -- ../../../../EFI/refind "${isofs_dir}/.drive/liveusb/esp/EFI/refind"
    [[ -d "${isofs_dir}/EFI/systemd" ]] && ln -s -- ../../../../EFI/systemd "${isofs_dir}/.drive/liveusb/esp/EFI/systemd"
    [[ -f "${isofs_dir}/shellx64.efi" ]] && ln -s -- ../../../shellx64.efi "${isofs_dir}/.drive/liveusb/esp/shellx64.efi"
    [[ -f "${isofs_dir}/shellia32.efi" ]] && ln -s -- ../../../shellia32.efi "${isofs_dir}/.drive/liveusb/esp/shellia32.efi"
    if [[ -f "${isofs_dir}/boot/memtest86+/memtest" ]]; then
        install -d -m 0755 -- "${isofs_dir}/.drive/liveusb/esp/memtest86+/"
        ln -s -- "../../../../boot/memtest86+/memtest" "${isofs_dir}/.drive/liveusb/esp/memtest86+/"
    fi
    if [[ -f "${isofs_dir}/boot/memtest86+/memtest.efi" ]]; then
        install -d -m 0755 -- "${isofs_dir}/.drive/liveusb/esp/memtest86+/"
        ln -s -- "../../../../boot/memtest86+/memtest.efi" "${isofs_dir}/.drive/liveusb/esp/memtest86+/"
    fi

    # mediumdef.sh data used for making usb drives
    if [[ -f "${isofs_dir}/.drive/mediumdef.sh" ]]; then
        # Set medium def
        sed -i "s|%DESKTOP%|${desktop}|g;
                s|%INSTALL_DIR%|${install_dir}|g;
                s|%ARCHISO_LABEL%|${iso_label}|g;
                s|%ISO_NAME%|${iso_name}|g;
                s|%ISO_VERSION%|${iso_version}|g;
                s|%LANG%|${lang}|g" \
                "${isofs_dir}/.drive/mediumdef.sh"
    fi

    # bootloaders configs used for making removable usb drives
    for _drivefile in "${isofs_dir}/.drive/liveusb/loader/entries/"*.conf           \
                      "${isofs_dir}/.drive/hybrid/loader/entries/"*.conf           \
                      "${isofs_dir}/.drive/install/loader/entries/"*.conf          \
                      "${isofs_dir}/.drive/liveusb/grub/grub.cfg"                  \
                      "${isofs_dir}/.drive/hybrid/grub/grub.cfg"                   \
                      "${isofs_dir}/.drive/install/grub/grub.cfg"                  \
                      "${isofs_dir}/.drive/liveusb/syslinux/archiso_sys-linux.cfg" \
                      "${isofs_dir}/.drive/liveusb/syslinux/archiso_pxe-linux.cfg" \
                      "${isofs_dir}/.drive/hybrid/syslinux/archiso_sys-linux.cfg"  \
                      "${isofs_dir}/.drive/hybrid/syslinux/archiso_pxe-linux.cfg"  \
                      "${isofs_dir}/.drive/install/syslinux/archiso_sys-linux.cfg"; do
        if [[ -f "${_drivefile}" ]]; then
            sed -i "s|%INSTALL_DIR%|${install_dir}|g;s|%DESKTOP%|${desktop}|g" "${_drivefile}"
            if [[ -n "${lts}" ]]; then
                sed -i -- "s|vmlinuz-linux|vmlinuz-linux-lts|;
                           s|initramfs-linux|initramfs-linux-lts|" \
                          "${_drivefile}"
            fi
        fi
    done
    if [[ -n "${lts}" ]]; then
        for _drivefile in "${isofs_dir}/.drive/hybrid/auirootfs/etc/mkinitcpio.d/linux.preset" \
                          "${isofs_dir}/.drive/install/auirootfs/etc/mkinitcpio.d/linux.preset" \
                          "${isofs_dir}/.drive/liveusb/persistent_${iso_label}/x86_64/upperdir/etc/mkinitcpio.d/linux.preset"; do
            if [[ -f "${_drivefile}" ]]; then
                sed -i -- "s|vmlinuz-linux|vmlinuz-linux-lts|;
                           s|initramfs-linux|initramfs-linux-lts|" \
                          "${_drivefile}"
                mv "${_drivefile%/*}/linux.preset" "${_drivefile%/*}/linux-lts.preset"
            fi
        done
    fi

    # user data added to iso image
    if [[ -n "${embed_dir}" && -d "${embed_dir}" ]]; then
        cp -aT --no-preserve=ownership "${embed_dir}" "${isofs_dir}/data"
    fi

    # Link to package list
    ln -s -- "../${install_dir}/pkglist.${arch}.txt" "${isofs_dir}/.drive/pkglist.${arch}.txt"
}

_validate_requirements_bootmode_bios.syslinux.mbr() {
    # bios.syslinux.mbr requires bios.syslinux.eltorito
    # shellcheck disable=SC2076
    if [[ ! " ${bootmodes[*]} " =~ ' bios.syslinux.eltorito ' ]]; then
        (( validation_error=validation_error+1 ))
        _msg_error "Using 'bios.syslinux.mbr' boot mode without 'bios.syslinux.eltorito' is not supported." 0
    fi

    # Check if the syslinux package is in the package list
    # shellcheck disable=SC2076
    if [[ ! " ${pkg_list[*]} " =~ ' syslinux ' ]]; then
        (( validation_error=validation_error+1 ))
        _msg_error "Validating '${bootmode}': The 'syslinux' package is missing from the package list!" 0
    fi

    # Check if syslinux configuration files exist
    if [[ ! -d "${profile}/syslinux" ]]; then
        (( validation_error=validation_error+1 ))
        _msg_error "Validating '${bootmode}': The '${profile}/syslinux' directory is missing!" 0
    else
        local cfgfile
        for cfgfile in "${profile}/syslinux/"*'.cfg'; do
            if [[ -e "${cfgfile}" ]]; then
                break
            else
                (( validation_error=validation_error+1 ))
                _msg_error "Validating '${bootmode}': No configuration file found in '${profile}/syslinux/'!" 0
            fi
        done
    fi

    # Check for optional packages
    # shellcheck disable=SC2076
    if [[ ! " ${pkg_list[*]} " =~ ' memtest86+ ' ]]; then
        _msg_info "Validating '${bootmode}': 'memtest86+' is not in the package list. Memmory testing will not be available from syslinux."
    fi
}

_validate_requirements_bootmode_bios.syslinux.eltorito() {
    # bios.syslinux.eltorito has the exact same requirements as bios.syslinux.mbr
    _run_once _validate_requirements_bootmode_bios.syslinux.mbr
}

_validate_requirements_bootmode_uefi-x64.common.esp() {
    # Check for optional packages
    # shellcheck disable=SC2076
    if [[ ! " ${pkg_list[*]} " =~ ' edk2-shell ' ]]; then
        _msg_info "'edk2-shell' is not in the package list. The ISO will not contain a bootable UEFI shell."
    fi
    # shellcheck disable=SC2076
    if [[ ! " ${pkg_list[*]} " =~ ' memtest86+-efi ' ]]; then
        _msg_info "Validating '${bootmode}': 'memtest86+-efi' is not in the package list. Memory testing will not be available from boot menu."
    fi
}

_validate_requirements_bootmode_uefi-ia32.systemd-boot.esp() {
    # uefi-ia32.systemd-boot.esp has the exact same requirements as uefi-x64.systemd-boot.esp
    _run_once _validate_requirements_bootmode_uefi-x64.systemd-boot.esp
}

_validate_requirements_bootmode_uefi-x64.systemd-boot.esp() {
    # Check if mkfs.fat is available
    if ! command -v mkfs.fat &> /dev/null; then
        (( validation_error=validation_error+1 ))
        _msg_error "Validating '${bootmode}': mkfs.fat is not available on this host. Install 'dosfstools'!" 0
    fi

    # Check if mmd and mcopy are available
    if ! { command -v mmd &> /dev/null && command -v mcopy &> /dev/null; }; then
        (( validation_error=validation_error+1 ))
        _msg_error "Validating '${bootmode}': mmd and/or mcopy are not available on this host. Install 'mtools'!" 0
    fi

    # Check if systemd-boot configuration files exist
    if [[ ! -d "${profile}/efiboot/loader/entries" ]]; then
        (( validation_error=validation_error+1 ))
        _msg_error "Validating '${bootmode}': The '${profile}/efiboot/loader/entries' directory is missing!" 0
    else
        if [[ ! -e "${profile}/efiboot/loader/loader.conf" ]]; then
            (( validation_error=validation_error+1 ))
            _msg_error "Validating '${bootmode}': File '${profile}/efiboot/loader/loader.conf' not found!" 0
        fi
        local conffile
        for conffile in "${profile}/efiboot/loader/entries/"*'.conf'; do
            if [[ -e "${conffile}" ]]; then
                break
            else
                (( validation_error=validation_error+1 ))
                _msg_error "Validating '${bootmode}': No configuration file found in '${profile}/efiboot/loader/entries/'!" 0
            fi
        done
    fi

    _run_once _validate_requirements_bootmode_uefi-x64.common.esp
}

_validate_requirements_bootmode_uefi-ia32.systemd-boot.eltorito() {
    # uefi-ia32.systemd-boot.eltorito has the exact same requirements as uefi-ia32.systemd-boot.esp
    _run_once _validate_requirements_bootmode_uefi-ia32.systemd-boot.esp
}

_validate_requirements_bootmode_uefi-x64.systemd-boot.eltorito() {
    # uefi-x64.systemd-boot.eltorito has the exact same requirements as uefi-x64.systemd-boot.esp
    _run_once _validate_requirements_bootmode_uefi-x64.systemd-boot.esp
}

_validate_requirements_bootmode_uefi-x64.refind.esp() {
    # Check if mkfs.fat is available
    if ! command -v mkfs.fat &> /dev/null; then
        (( validation_error=validation_error+1 ))
        _msg_error "Validating '${bootmode}': mkfs.fat is not available on this host. Install 'dosfstools'!" 0
    fi

    # Check if mmd and mcopy are available
    if ! { command -v mmd &> /dev/null && command -v mcopy &> /dev/null; }; then
        (( validation_error=validation_error+1 ))
        _msg_error "Validating '${bootmode}': mmd and/or mcopy are not available on this host. Install 'mtools'!" 0
    fi

    # Check if refind configuration files exist
    if [[ ! -d "${profile}/efiboot/refind" ]]; then
        (( validation_error=validation_error+1 ))
        _msg_error "Validating '${bootmode}': The '${profile}/efiboot/refind' directory is missing!" 0
    else
        if [[ ! -e "${profile}/efiboot/refind/refind-dvd.conf" ]]; then
            (( validation_error=validation_error+1 ))
            _msg_error "Validating '${bootmode}': File '${profile}/efiboot/refind/refind-dvd.conf' not found!" 0
        fi
        if [[ ! -e "${profile}/efiboot/refind/refind-usb.conf" ]]; then
            (( validation_error=validation_error+1 ))
            _msg_error "Validating '${bootmode}': File '${profile}/efiboot/refind/refind-usb.conf' not found!" 0
        fi
    fi

    _run_once _validate_requirements_bootmode_uefi-x64.common.esp
}

_validate_requirements_bootmode_uefi-x64.refind.eltorito() {
    # uefi-x64.refind.eltorito has the exact same requirements as uefi-x64.refind.esp
    _run_once _validate_requirements_bootmode_uefi-x64.refind.esp
}

_validate_requirements_bootmode_uefi-ia32.grub.esp() {
     _run_once _validate_requirements_bootmode_uefi-x64.grub.esp
}

_validate_requirements_bootmode_uefi-ia32.grub.eltorito() {
    # uefi-ia32.grub.eltorito has the exact same requirements as uefi-ia32.grub.esp
    _run_once _validate_requirements_bootmode_uefi-ia32.grub.esp
}

_validate_requirements_bootmode_uefi-x64.grub.esp() {
    # Check if GRUB is available
    if ! command -v grub-mkstandalone &> /dev/null; then
        (( validation_error=validation_error+1 ))
        _msg_error "Validating '${bootmode}': grub-install is not available on this host. Install 'grub'!" 0
    fi

        # Check if mkfs.fat is available
    if ! command -v mkfs.fat &> /dev/null; then
        (( validation_error=validation_error+1 ))
        _msg_error "Validating '${bootmode}': mkfs.fat is not available on this host. Install 'dosfstools'!" 0
    fi

    # Check if mmd and mcopy are available
    if ! { command -v mmd &> /dev/null && command -v mcopy &> /dev/null; }; then
        _msg_error "Validating '${bootmode}': mmd and/or mcopy are not available on this host. Install 'mtools'!" 0
    fi

    # Check if GRUB configuration files exist
    if [[ ! -d "${profile}//efiboot/grub" ]]; then
        (( validation_error=validation_error+1 ))
        _msg_error "Validating '${bootmode}': The '${profile}/efiboot/grub' directory is missing!" 0
    else
        if [[ ! -e "${profile}/efiboot/grub/grub.cfg" ]]; then
            (( validation_error=validation_error+1 ))
            _msg_error "Validating '${bootmode}': File '${profile}/efiboot/grub/grub.cfg' not found!" 0
        fi
        local conffile
        for conffile in "${profile}/efiboot/grub/"*'.cfg'; do
            if [[ -e "${conffile}" ]]; then
                break
            else
                (( validation_error=validation_error+1 ))
                _msg_error "Validating '${bootmode}': No configuration file found in '${profile}/efiboot/grub/'!" 0
            fi
        done
    fi

    _run_once _validate_requirements_bootmode_uefi-x64.common.esp
}

_validate_requirements_bootmode_uefi-x64.grub.eltorito() {
    # uefi-x64.grub.eltorito has the exact same requirements as uefi-x64.grub.esp
    _run_once _validate_requirements_bootmode_uefi-x64.grub.esp
}

# Build airootfs filesystem image
_prepare_airootfs_image() {
    _run_once "_mkairootfs_${airootfs_image_type}"
    _mkchecksum

    if [[ -e "${isofs_dir}/${install_dir}/${arch}/airootfs.sfs" ]]; then
        airootfs_image_filename="${isofs_dir}/${install_dir}/${arch}/airootfs.sfs"
    elif [[ -e "${isofs_dir}/${install_dir}/${arch}/airootfs.erofs" ]]; then
        airootfs_image_filename="${isofs_dir}/${install_dir}/${arch}/airootfs.erofs"
    fi

    if [[ -n "${gpg_key}" ]]; then
        _mk_pgp_signature "${airootfs_image_filename}"
    fi
    if [[ -v cert_list ]]; then
        _cms_sign_artifact "${airootfs_image_filename}"
    fi
}

# export build artifacts for netboot
_export_netboot_artifacts() {
    _msg_info "Exporting netboot artifacts..."
    install -d -m 0755 "${out_dir}"
    cp -a -- "${isofs_dir}/${install_dir}/" "${out_dir}/"

    # Remove grubenv since it serves no purpose in netboot artifacts
    rm -f -- "${out_dir}/${install_dir}/grubenv"

    _msg_info "Done!"
    du -hs -- "${out_dir}/${install_dir}"
}

_cms_sign_artifact() {
    local artifact="${1}"
    local openssl_flags=(
        "-sign"
        "-binary"
        "-nocerts"
        "-noattr"
        "-outform" "DER" "-out" "${artifact}.cms.sig"
        "-in" "${artifact}"
        "-signer" "${cert_list[0]}"
        "-inkey" "${cert_list[1]}"
    )

    if (( ${#cert_list[@]} > 2 )); then
        openssl_flags+=("-certfile" "${cert_list[2]}")
    fi

    _msg_info "Signing ${artifact} image using openssl cms..."
   
    rm -f -- "${artifact}.cms.sig"

    openssl cms "${openssl_flags[@]}"

    _msg_info "Done!"
}

# sign build artifacts for netboot
_sign_netboot_artifacts() {
    local _file _dir
    local _files_to_sign=()
    _msg_info "Signing netboot artifacts..."
    _dir="${isofs_dir}/${install_dir}/boot/"
    for _file in "${ucodes[@]}"; do
        if [[ -e "${_dir}${_file}" ]]; then
            _files_to_sign+=("${_dir}${_file}")
        fi
    done
    for _file in "${_files_to_sign[@]}" "${_dir}${arch}/vmlinuz-"!(*.sig) "${_dir}${arch}/initramfs-"*.img; do
        rm -f -- "${_file}".ipxe.sig
        openssl cms \
            -sign \
            -binary \
            -noattr \
            -in "${_file}" \
            -signer "${cert_list[0]}" \
            -inkey "${cert_list[1]}" \
            -outform DER \
            -out "${_file}".ipxe.sig
    done
    _msg_info "Done!"
}

_validate_requirements_airootfs_image_type_squashfs() {
    if ! command -v mksquashfs &> /dev/null; then
        (( validation_error=validation_error+1 ))
        _msg_error "Validating '${airootfs_image_type}': mksquashfs is not available on this host. Install 'squashfs-tools'!" 0
    fi
}

_validate_requirements_airootfs_image_type_ext4+squashfs() {
    if ! { command -v mkfs.ext4 &> /dev/null && command -v tune2fs &> /dev/null; }; then
        (( validation_error=validation_error+1 ))
        _msg_error "Validating '${airootfs_image_type}': mkfs.ext4 and/or tune2fs is not available on this host. Install 'e2fsprogs'!" 0
    fi
    _validate_requirements_airootfs_image_type_squashfs
}

_validate_requirements_airootfs_image_type_erofs() {
    if ! command -v mkfs.erofs &> /dev/null; then
        (( validation_error=validation_error+1 ))
        _msg_error "Validating '${airootfs_image_type}': mkfs.erofs is not available on this host. Install 'erofs-utils'!" 0
    fi
}

_validate_common_requirements_buildmode_all() {
    if ! command -v pacman &> /dev/null; then
        (( validation_error=validation_error+1 ))
        _msg_error "Validating build mode '${_buildmode}': pacman is not available on this host. Install 'pacman'!" 0
    fi
    if ! command -v find &> /dev/null; then
        (( validation_error=validation_error+1 ))
        _msg_error "Validating build mode '${_buildmode}': find is not available on this host. Install 'findutils'!" 0
    fi
    if ! command -v gzip &> /dev/null; then
        (( validation_error=validation_error+1 ))
        _msg_error "Validating build mode '${_buildmode}': gzip is not available on this host. Install 'gzip'!" 0
    fi
}

_validate_requirements_buildmode_bootstrap() {
    local bootstrap_pkg_list_from_file=()

    # Check if packages for the bootstrap image are specified
    if [[ -e "${bootstrap_packages}" ]]; then
        mapfile -t bootstrap_pkg_list_from_file < <(sed '/^[[:blank:]]*#.*/d;s/#.*//;/^[[:blank:]]*$/d' "${bootstrap_packages}")
        bootstrap_pkg_list+=("${bootstrap_pkg_list_from_file[@]}")
        if (( ${#bootstrap_pkg_list_from_file[@]} < 1 )); then
            (( validation_error=validation_error+1 ))
            _msg_error "No package specified in '${bootstrap_packages}'." 0
        fi
    else
        (( validation_error=validation_error+1 ))
        _msg_error "Bootstrap packages file '${bootstrap_packages}' does not exist." 0
    fi

    _validate_common_requirements_buildmode_all
    if ! command -v bsdtar &> /dev/null; then
        (( validation_error=validation_error+1 ))
        _msg_error "Validating build mode '${_buildmode}': bsdtar is not available on this host. Install 'libarchive'!" 0
    fi

    # Check if the compressor is installed
    if (( ${#bootstrap_tarball_compression[@]} )); then
        case "${bootstrap_tarball_compression[0]}" in
            'bzip'|'gzip'|'lrzip'|'lzip'|'lzop'|'xz'|'zstd'|'zstdmt')
                if ! command -v "${bootstrap_tarball_compression[0]}" &>/dev/null; then
                    (( validation_error=validation_error+1 ))
                    _msg_error "Validating build mode '${_buildmode}': '${bootstrap_tarball_compression[0]}' is not available on this host. Install '${bootstrap_tarball_compression[0]/zstdmt/zstd}'!" 0
                fi
                ;;
            'cat')
                if ! command -v cat &>/dev/null; then
                    (( validation_error=validation_error+1 ))
                    _msg_error "Validating build mode '${_buildmode}': 'cat' is not available on this host. Install 'coreutils'!" 0
                fi
                if (( ${#bootstrap_tarball_compression[@]} > 1 )); then
                    (( validation_error=validation_error+1 ))
                    _msg_error "Validating build mode '${_buildmode}': 'cat' compression does not accept arguments!" 0
                fi
                ;;
            *)
                (( validation_error=validation_error+1 ))
                _msg_error "Validating build mode '${_buildmode}': '${bootstrap_tarball_compression[0]}' is not a supported compression method!" 0
                ;;
        esac
    fi
}

_validate_common_requirements_buildmode_iso_netboot() {
    local bootmode
    local pkg_list_from_file=()

    # Check if the package list file exists and read packages from it
    if [[ -e "${packages}" ]]; then
        mapfile -t pkg_list_from_file < <(sed '/^[[:blank:]]*#.*/d;s/#.*//;/^[[:blank:]]*$/d;s/[[:blank:]]/\n/g' "${packages}" "${packages_locales:-/dev/null}" | sed '/^$/d')
        pkg_list+=("${pkg_list_from_file[@]}")
        if (( ${#pkg_list_from_file[@]} < 1 )); then
            (( validation_error=validation_error+1 ))
            _msg_error "No package specified in '${packages}'." 0
        fi
        pkg_list+=("${pkg_list_additions[@]}")
    else
        (( validation_error=validation_error+1 ))
        _msg_error "Packages file '${packages}' does not exist." 0
    fi

    # Change to linux-lts and nvidia-lts packages if '--lts' option is used
    # Remove broadcom-wl virtualbox-host-modules-arch from the package list because that would install 
    # the linux package as a dependency
    if [[ -n "${lts}" ]]; then
        for i in "${!pkg_list[@]}"; do
            if [[ "${pkg_list[$i]}" == "linux" ]]; then
                pkg_list[$i]="linux-lts"
            elif [[ "${pkg_list[$i]}" == "nvidia" ]]; then
                pkg_list[$i]="nvidia-lts"
            elif [[ "${pkg_list[$i]}" == "broadcom-wl" ]]; then
                pkg_list[$i]="linux-lts"
            elif [[ "${pkg_list[$i]}" == "virtualbox-guest-utils-nox" ]]; then
                pkg_list[$i]="linux-lts"
            fi
        done
    fi

    if [[ -v cert_list ]]; then
        # Check if the certificate files exist
        for _cert in "${cert_list[@]}"; do
            if [[ ! -e "${_cert}" ]]; then
                (( validation_error=validation_error+1 ))
                _msg_error "File '${_cert}' does not exist." 0
            fi
        done
        # Check if there are at least three certificate files to sign netboot and rootfs.
        if (( ${#cert_list[@]} < 2 )); then
            (( validation_error=validation_error+1 ))
            _msg_error "Two certificates are required for codesigning netboot artifacts, but '${cert_list[*]}' is provided." 0
        fi

        if ! command -v openssl &> /dev/null; then
            (( validation_error=validation_error+1 ))
            _msg_error "Validating build mode '${_buildmode}': openssl is not available on this host. Install 'openssl'!" 0
        fi
    fi

    # Check if the specified airootfs_image_type is supported
    if typeset -f "_mkairootfs_${airootfs_image_type}" &> /dev/null; then
        if typeset -f "_validate_requirements_airootfs_image_type_${airootfs_image_type}" &> /dev/null; then
            "_validate_requirements_airootfs_image_type_${airootfs_image_type}"
        else
            _msg_warning "Function '_validate_requirements_airootfs_image_type_${airootfs_image_type}' does not exist. Validating the requirements of '${airootfs_image_type}' airootfs image type will not be possible."
        fi
    else
        (( validation_error=validation_error+1 ))
        _msg_error "Unsupported image type: '${airootfs_image_type}'" 0
    fi
}

_validate_requirements_buildmode_iso() {
    _run_once _validate_common_requirements_buildmode_iso_netboot
    _run_once _validate_common_requirements_buildmode_all
    # Check if the specified bootmodes are supported
    if (( ${#bootmodes[@]} < 1 )); then
        (( validation_error=validation_error+1 ))
        _msg_error "No boot modes specified in '${profile}/profiledef.sh'." 0
    fi
    for bootmode in "${bootmodes[@]}"; do
        if typeset -f "_make_bootmode_${bootmode}" &> /dev/null; then
            if typeset -f "_validate_requirements_bootmode_${bootmode}" &> /dev/null; then
                _run_once "_validate_requirements_bootmode_${bootmode}"
            else
                _msg_warning "Function '_validate_requirements_bootmode_${bootmode}' does not exist. Validating the requirements of '${bootmode}' boot mode will not be possible."
            fi
        else
            (( validation_error=validation_error+1 ))
            _msg_error "${bootmode} is not a valid boot mode!" 0
        fi
    done

    if ! command -v awk &> /dev/null; then
        (( validation_error=validation_error+1 ))
        _msg_error "Validating build mode '${_buildmode}': awk is not available on this host. Install 'awk'!" 0
    fi
}

_validate_requirements_buildmode_img() {
    _validate_requirements_buildmode_iso
}

_validate_requirements_buildmode_netboot() {
    _run_once _validate_common_requirements_buildmode_iso_netboot
    _run_once _validate_common_requirements_buildmode_all
}

_validate_requirements_x64_uefi_default_bootloader_uefi-x64.grub.esp() {
    # All requirements met at this stage
    true
}

_validate_requirements_x64_uefi_default_bootloader_uefi-x64.refind.esp() {
    # All requirements met at this stage
    true
}

_validate_requirements_x64_uefi_default_bootloader_uefi-x64.systemd-boot.esp() {
    # All requirements met at this stage
    true
}

# SYSLINUX El Torito
_add_xorrisofs_options_bios.syslinux.eltorito() {
    xorrisofs_options+=(
        # El Torito boot image for x86 BIOS
        '-eltorito-boot' 'boot/syslinux/isolinux.bin'
        # El Torito boot catalog file
        '-eltorito-catalog' 'boot/syslinux/boot.cat'
        # Required options to boot with ISOLINUX
        '-no-emul-boot' '-boot-load-size' '4' '-boot-info-table'
    )
}

# SYSLINUX MBR (isohybrid)
_add_xorrisofs_options_bios.syslinux.mbr() {
    xorrisofs_options+=(
        # SYSLINUX MBR bootstrap code; does not work without "-eltorito-boot syslinux/isolinux.bin"
        '-isohybrid-mbr' "${isofs_dir}/boot/syslinux/isohdpfx.bin"
        # When GPT is used, create an additional partition in the MBR (besides 0xEE) for sectors 0–1 (MBR
        # bootstrap code area) and mark it as bootable
        # May allow booting on some systems
        # https://wiki.archlinux.org/title/Partitioning#Tricking_old_BIOS_into_booting_from_GPT
        '--mbr-force-bootable'
        # Move the first partition away from the start of the ISO to match the expectations of partition editors
        # May allow booting on some systems
        # https://dev.lovelyhq.com/libburnia/libisoburn/src/branch/master/doc/partition_offset.wiki
        '-partition_offset' '16'
    )
}

# systemd-boot in an attached EFI system partition
_add_xorrisofs_options_uefi-x64.systemd-boot.esp() {
    # Move the first partition away from the start of the ISO, otherwise the GPT will not be valid and ISO 9660
    # partition will not be mountable
    # shellcheck disable=SC2076
    [[ " ${xorrisofs_options[*]} " =~ ' -partition_offset ' ]] || xorrisofs_options+=('-partition_offset' '16')
    # Attach efiboot.img as a second partition and set its partition type to "EFI system partition"
    xorrisofs_options+=('-append_partition' '2' 'C12A7328-F81F-11D2-BA4B-00A0C93EC93B' "${efibootimg}")
    # Ensure GPT is used as some systems do not support UEFI booting without it
    # shellcheck disable=SC2076
    if [[ " ${bootmodes[*]} " =~ ' bios.syslinux.mbr ' ]]; then
        # A valid GPT prevents BIOS booting on some systems, instead use an invalid GPT (without a protective MBR).
        # The attached partition will have the EFI system partition type code in MBR, but in the invalid GPT it will
        # have a Microsoft basic partition type code.
        if [[ ! " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.eltorito ' &&  \
              ! " ${bootmodes[*]} " =~ ' uefi-ia32.grub.eltorito ' ]]; then
            # If '-isohybrid-gpt-basdat' is specified before '-e', then the appended EFI system partition will have the
            # EFI system partition type ID/GUID in both MBR and GPT. If '-isohybrid-gpt-basdat' is specified after '-e',
            # the appended EFI system partition will have the Microsoft basic data type GUID in GPT.
            if [[ ! " ${xorrisofs_options[*]} " =~ ' -isohybrid-gpt-basdat ' ]]; then
                xorrisofs_options+=('-isohybrid-gpt-basdat')
            fi
        fi
    else
        # Use valid GPT if BIOS booting support will not be required
        xorrisofs_options+=('-appended_part_as_gpt')
    fi
}

# systemd-boot via El Torito
_add_xorrisofs_options_uefi-x64.systemd-boot.eltorito() {
    # shellcheck disable=SC2076
    if [[ " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.esp ' || \
          " ${bootmodes[*]} " =~ ' uefi-ia32.grub.esp ' ]]; then
        # systemd-boot in an attached EFI system partition via El Torito
        xorrisofs_options+=(
            # Start a new El Torito boot entry for UEFI
            '-eltorito-alt-boot'
            # Set the second partition as the El Torito UEFI boot image
            '-e' '--interval:appended_partition_2:all::'
            # Boot image is not emulating floppy or hard disk; required for all known boot loaders
            '-no-emul-boot'
        )
        # A valid GPT prevents BIOS booting on some systems, use an invalid GPT instead.
        if [[ " ${bootmodes[*]} " =~ ' bios.syslinux.mbr ' ]]; then
            # If '-isohybrid-gpt-basdat' is specified before '-e', then the appended EFI system partition will have the
            # EFI system partition type ID/GUID in both MBR and GPT. If '-isohybrid-gpt-basdat' is specified after '-e',
            # the appended EFI system partition will have the Microsoft basic data type GUID in GPT.
            if [[ ! " ${xorrisofs_options[*]} " =~ ' -isohybrid-gpt-basdat ' ]]; then
                xorrisofs_options+=('-isohybrid-gpt-basdat')
            fi
        fi
    else
        # The ISO will not contain a GPT partition table, so to be able to reference efiboot.img, place it as a
        # file inside the ISO 9660 file system
        install -d -m 0755 -- "${isofs_dir}/EFI/archiso"
        cp -a -- "${efibootimg}" "${isofs_dir}/EFI/archiso/efiboot.img"
        # systemd-boot in an embedded efiboot.img via El Torito
        xorrisofs_options+=(
            # Start a new El Torito boot entry for UEFI
            '-eltorito-alt-boot'
            # Set efiboot.img as the El Torito UEFI boot image
            '-e' 'EFI/archiso/efiboot.img'
            # Boot image is not emulating floppy or hard disk; required for all known boot loaders
            '-no-emul-boot'
        )
    fi
    # Specify where to save the El Torito boot catalog file in case it is not already set by bios.syslinux.eltorito
    # shellcheck disable=SC2076
    [[ " ${bootmodes[*]} " =~ ' bios.' ]] || xorrisofs_options+=('-eltorito-catalog' 'EFI/boot.cat')
}

# GRUB in an attached EFI system partition.
# Same as _add_xorrisofs_options_uefi-x64.systemd-boot.esp.
_add_xorrisofs_options_uefi-x64.grub.esp() {
    # Move the first partition away from the start of the ISO, otherwise the GPT will not be valid and ISO 9660
    # partition will not be mountable
    # shellcheck disable=SC2076
    [[ " ${xorrisofs_options[*]} " =~ ' -partition_offset ' ]] || xorrisofs_options+=('-partition_offset' '16')
    # Attach efiboot.img as a second partition and set its partition type to "EFI system partition"
    xorrisofs_options+=('-append_partition' '2' 'C12A7328-F81F-11D2-BA4B-00A0C93EC93B' "${efibootimg}")
    # Ensure GPT is used as some systems do not support UEFI booting without it
    # shellcheck disable=SC2076
    if [[ " ${bootmodes[*]} " =~ ' bios.syslinux.mbr ' ]]; then
        # A valid GPT prevents BIOS booting on some systems, instead use an invalid GPT (without a protective MBR).
        # The attached partition will have the EFI system partition type code in MBR, but in the invalid GPT it will
        # have a Microsoft basic partition type code.
        if [[ ! " ${bootmodes[*]} " =~ ' uefi-x64.grub.eltorito ' &&  ! " ${bootmodes[*]} " =~ ' uefi-ia32.grub.eltorito ' ]]; then
            # If '-isohybrid-gpt-basdat' is specified before '-e', then the appended EFI system partition will have the
            # EFI system partition type ID/GUID in both MBR and GPT. If '-isohybrid-gpt-basdat' is specified after '-e',
            # the appended EFI system partition will have the Microsoft basic data type GUID in GPT.
            if [[ ! " ${xorrisofs_options[*]} " =~ ' -isohybrid-gpt-basdat ' ]]; then
                xorrisofs_options+=('-isohybrid-gpt-basdat')
            fi
        fi
    else
        # Use valid GPT if BIOS booting support will not be required
        xorrisofs_options+=('-appended_part_as_gpt')
    fi
}

# GRUB via El Torito
# Same as _add_xorrisofs_options_uefi-x64.systemd-boot.eltorito.
_add_xorrisofs_options_uefi-x64.grub.eltorito() {
    # shellcheck disable=SC2076
    if [[ " ${bootmodes[*]} " =~ ' uefi-x64.grub.esp ' || " ${bootmodes[*]} " =~ ' uefi-ia32.grub.esp ' ]]; then
        # grub in an attached EFI system partition via El Torito
        xorrisofs_options+=(
            # Start a new El Torito boot entry for UEFI
            '-eltorito-alt-boot'
            # Set the second partition as the El Torito UEFI boot image
            '-e' '--interval:appended_partition_2:all::'
            # Boot image is not emulating floppy or hard disk; required for all known boot loaders
            '-no-emul-boot'
        )
        # A valid GPT prevents BIOS booting on some systems, use an invalid GPT instead.
        if [[ " ${bootmodes[*]} " =~ ' bios.syslinux.mbr ' ]]; then
            # If '-isohybrid-gpt-basdat' is specified before '-e', then the appended EFI system partition will have the
            # EFI system partition type ID/GUID in both MBR and GPT. If '-isohybrid-gpt-basdat' is specified after '-e',
            # the appended EFI system partition will have the Microsoft basic data type GUID in GPT.
            if [[ ! " ${xorrisofs_options[*]} " =~ ' -isohybrid-gpt-basdat ' ]]; then
                xorrisofs_options+=('-isohybrid-gpt-basdat')
            fi
        fi
    else
        # The ISO will not contain a GPT partition table, so to be able to reference efiboot.img, place it as a
        # file inside the ISO 9660 file system
        install -d -m 0755 -- "${isofs_dir}/EFI/archiso"
        cp -a -- "${efibootimg}" "${isofs_dir}/EFI/archiso/efiboot.img"
        # grub in an embedded efiboot.img via El Torito
        xorrisofs_options+=(
            # Start a new El Torito boot entry for UEFI
            '-eltorito-alt-boot'
            # Set efiboot.img as the El Torito UEFI boot image
            '-e' 'EFI/archiso/efiboot.img'
            # Boot image is not emulating floppy or hard disk; required for all known boot loaders
            '-no-emul-boot'
        )
    fi
    # Specify where to save the El Torito boot catalog file in case it is not already set by bios.syslinux.eltorito
    # shellcheck disable=SC2076
    [[ " ${bootmodes[*]} " =~ ' bios.' ]] || xorrisofs_options+=('-eltorito-catalog' 'EFI/boot.cat')
}

# Build bootstrap image
_build_bootstrap_image() {
    # Set default tarball compression to uncompressed
    if (( ! "${#bootstrap_tarball_compression[@]}" )); then
        bootstrap_tarball_compression=('cat')
    fi

    [[ -d "${out_dir}" ]] || install -d -- "${out_dir}"

    cd -- "${bootstrap_parent}"

    _msg_info "Creating bootstrap image..."
    rm -f -- "${out_dir:?}/${image_name:?}"
    bsdtar -cf - "root.${arch}" "pkglist.${arch}.txt" | "${bootstrap_tarball_compression[@]}" >"${out_dir}/${image_name}"

    _msg_info "Done!"
    du -h -- "${out_dir}/${image_name}"

    cd -- "${OLDPWD}"
}

# Build ISO
_build_iso_image() {
    # Remove the pacstrap directory early to lower the maximum size of the working directory.
    # The creation of the airootfs image has already been completed.
    if (( rm_work_dir )); then
        _msg_info 'Removing pacstrap directory...'
        rm -rf -- "${work_dir:?}/${arch}/airootfs"
    fi

    local xorriso_options=() xorrisofs_options=()
    local bootmode

    image_name="${image_name%.img}.iso"

    [[ -d "${out_dir}" ]] || install -d -- "${out_dir}"
 
   # Do not read xorriso startup files to prevent interference and unintended behavior.
    # For it to work, -no_rc must be the first argument passed to xorriso.
    xorriso_options=('-no_rc')

    if [[ "${quiet}" == "y" ]]; then
        # The when xorriso is run in mkisofs compatibility mode (xorrisofs), the mkisofs option -quiet is interpreted
        # too late (e.g. messages about SOURCE_DATE_EPOCH still get shown).
        # Instead use native xorriso option to silence the output.
        xorriso_options+=('-report_about' 'SORRY')
    fi

    # Add required xorrisofs options for each boot mode
    for bootmode in "${bootmodes[@]}"; do
        typeset -f "_add_xorrisofs_options_${bootmode}" &> /dev/null && "_add_xorrisofs_options_${bootmode}"
    done

    # Remove 300 KiB padding needed for CDs if the ISO exceeds the max size of a CD
    if (( $(du -s --apparent-size -B1M "${isofs_dir}/" | awk '{ print $1 }') > 900 )); then
        xorrisofs_options+=('-no-pad')
    fi

    rm -f -- "${out_dir}/${image_name}"
    _msg_info "Creating ISO image..."
    if [[ "${quiet}" == "y" ]]; then
        xorriso "${xorriso_options[@]}" -as mkisofs \
            -iso-level 3 \
            -full-iso9660-filenames \
            -volid "${iso_label}" \
            -appid "${iso_application}" \
            -publisher "${iso_publisher}" \
            -preparer "prepared by ${app_name}" \
            "${xorrisofs_options[@]}" \
            -output "${out_dir}/${image_name}" \
            "${isofs_dir}/" 2> /dev/null
    else
        xorriso -as mkisofs \
            -iso-level 3 \
            -full-iso9660-filenames \
            -volid "${iso_label}" \
            -appid "${iso_application}" \
            -publisher "${iso_publisher}" \
            -preparer "prepared by ${app_name}" \
            "${xorrisofs_options[@]}" \
            -output "${out_dir}/${image_name}" \
            "${isofs_dir}/"
    fi
    _mkchecksum_iso
    if [[ -n "${gpg_key}" ]]; then
        _mksignature_iso
    fi
    _msg_info "Done!"
    echo
    _msg_info "$(du -h -- "${out_dir}/${image_name}")"
}


_umount_img() {
    local _loopdevice
    _loopdevice="$(losetup -ln -O name -j "${out_dir}/${image_name}")"
    if mountpoint -q -- "${work_dir}/imgp1"; then
        umount "${work_dir}/imgp1"
    fi
    if mountpoint -q -- "${work_dir}/imgp2"; then
        umount "${work_dir}/imgp2"
    fi
    if mountpoint -q -- "${work_dir}/imgp3"; then
        umount "${work_dir}/imgp3"
    fi
    if [[ -n "${_loopdevice}" ]]; then
        losetup -d "${_loopdevice}"
    fi
}

_img_bootmode_bios.syslinux.mbr() {
    cp -rT -- "${work_dir}/iso/.drive/img/syslinux/" "${work_dir}/imgp2/boot/syslinux/"
    _esp_files_settings+=( $(find "${work_dir}/iso/.drive/img/syslinux" -type f | \
                             sed -- "s|^${work_dir}/iso/.drive/img/|boot/|") )
}

_img_bootmode_uefi-ia32.grub.esp() {
    _run_once _img_bootmode_uefi-x64.grub.esp
}

_img_bootmode_uefi-x64.grub.esp() {
    cp -rT -- "${work_dir}/iso/.drive/img/grub/" "${work_dir}/imgp2/boot/grub/"
    _esp_files_settings+=( $(find "${work_dir}/iso/.drive/img/grub" -type f | \
                             sed -- "s|^${work_dir}/iso/.drive/img/|boot/|") )
}

_img_bootmode_uefi-x64.refind.esp() {
    cp -rT -- "${work_dir}/iso/.drive/liveusb/refind/" "${work_dir}/imgp2/EFI/refind/"
    _esp_files_settings+=( $(find "${work_dir}/iso/.drive/liveusb/refind" -type f | \
                             sed -- "s|^${work_dir}/iso/.drive/liveusb/|EFI/|") )
}

_img_bootmode_uefi-x64.systemd-boot.esp() {
    cp -rT -- "${work_dir}/iso/.drive/img/loader/" "${work_dir}/imgp2/loader/"
    _esp_files_settings+=( $(find "${work_dir}/iso/.drive/img/loader" -type f | \
                             sed -- "s|^${work_dir}/iso/.drive/img/||") )
}

# Build IMG
_build_img_image() {
    trap _umount_img EXIT
    local _rosize _espsize _cowsize _loopdevice
    local -a _esp_files_settings _cow_files_settings

    image_name="${image_name%.iso}.img"

    [[ -d "${out_dir}" ]] || install -d -- "${out_dir}"

    rm -f -- "${out_dir}/${image_name}"
    _msg_info "Creating GPT disk image..."

    # Read-only fs size in MiB (sfs image size +  8 %)
    _rosize=$(( $(du -bs "${isofs_dir}/${install_dir}/${arch}" | awk '{print $1}') / 1048576 * 108 / 100 ))

    # Calculate ESP size
    _espsize=$(( $(du -bs "${isofs_dir}" | awk '{print $1}') ))
    _espsize=$(( _espsize - $(du -bs "${isofs_dir}/${install_dir}" | awk '{print $1}') ))
    _espsize=$(( _espsize + ($(du -bs "${isofs_dir}/${install_dir}/boot" | awk '{print $1}') * 2) ))
    # ESP size in MiB
    _espsize=$(( _espsize * 14 / 10 / 1048576 ))

    # COW size = 128 MiB
    _cowsize=128

    # IMG size = RO + ESP + COW size
    # Create IMG file
    truncate -s $(( _rosize + _espsize + _cowsize + 2 ))M "${out_dir}/${image_name}"

    # GPT partitions
    _loopdevice=$(losetup -f --show "${out_dir}/${image_name}" 2> /dev/null || \
                  { echo 'Failed to create loop device'; exit 1; } )
    if ! echo 'label: gpt' | udevadm lock --device="${_loopdevice}" -- \
            sfdisk -W always -- "${_loopdevice}" &> /dev/null; then
        echo 'Failed to create new gpt partition table!'
        exit 1
    fi
    sleep 3
    partprobe -- "${_loopdevice}"

    if ! echo -e ",${_rosize}MiB,L,\n,${_espsize}MiB,EBD0A0A2-B9E5-4433-87C0-68B6B72699C7,\n,+,L,\n" | \
            udevadm lock --device="${_loopdevice}" -- sfdisk --append  -W always -- "${_loopdevice}" &> /dev/null; then
        echo 'Failed to create partitions!'
        exit 1
    fi
    sleep 3
    partprobe -- "${_loopdevice}"

    if ! udevadm lock --device="${_loopdevice}p1" -- \
            mkfs.ext4 -L "RO${iso_label}" -m 0 -q -- "${_loopdevice}p1" &> /dev/null; then
        echo 'Formating partition #1 failed!'
        exit 1
    fi
    if ! udevadm lock --device="${_loopdevice}p2" -- \
            mkfs.fat -F32 -n "ESP${iso_label}" -- "${_loopdevice}p2" &> /dev/null; then
        echo 'Formating partition #2 failed!'
        exit 1
    fi
    if ! udevadm lock --device="${_loopdevice}p3" -- \
            mkfs.ext4 -L "COW${iso_label}" -O encrypt -q -- "${_loopdevice}p3" &> /dev/null; then
        echo 'Formating partition #3 failed!'
        exit 1
    fi

    # Mount partitions
    install -d -m 0755 -- "${work_dir}/imgp1"
    install -d -m 0755 --  "${work_dir}/imgp2"
    install -d -m 0755 --  "${work_dir}/imgp3"
    mount -- "${_loopdevice}p1" "${work_dir}/imgp1"
    install -d -m 0755 -- "${work_dir}/imgp1/${install_dir}"
    mount -- "${_loopdevice}p2" "${work_dir}/imgp2"
    install -d -m 0755 -- "${work_dir}/imgp2/${install_dir}"
    mount -- "${_loopdevice}p3" "${work_dir}/imgp3"

    # Copy to IMG
    cp -rT -- "${work_dir}/iso/${install_dir}/${arch}/" "${work_dir}/imgp1/${install_dir}/${arch}/"
    cp -r -- "${work_dir}/iso/"!("${install_dir}"|.drive) "${work_dir}/imgp2"
    cp -r -- "${work_dir}/iso/${install_dir}/"!("${arch}") "${work_dir}/imgp2/${install_dir}"
    cp -aT -- "${work_dir}/iso/.drive/liveusb/persistent_${iso_label}/" "${work_dir}/imgp3/persistent_RO${iso_label}/"
    _cow_files_settings+=( $(find "${work_dir}/iso/.drive/img/persistent" -type f | \
                             sed -- "s|^${work_dir}/iso/.drive/img/persistent/|persistent_RO${iso_label}/|") )
    cp -aT -- "${work_dir}/iso/.drive/img/persistent/" "${work_dir}/imgp3/persistent_RO${iso_label}/"

    # persistent kernel & initramfs
    for _ucode_image in {intel-uc.img,intel-ucode.img,amd-uc.img,amd-ucode.img,early_ucode.cpio,microcode.cpio}; do
        if [[ -e "${isofs_dir}/${install_dir}/boot/${_ucode_image}" ]]; then
            cp -- "${isofs_dir}/${install_dir}/boot/${_ucode_image}" "${work_dir}/imgp2/"
        fi
    done
    for _kernel_initramfs in "${isofs_dir}/${install_dir}/boot/x86_64/vmlinuz-"* \
                             "${isofs_dir}/${install_dir}/boot/x86_64/initramfs-"*".img"; do
        cp -- "${_kernel_initramfs}" "${work_dir}/imgp2/"
    done
    for bootmode in "${bootmodes[@]}"; do
        typeset -f "_img_bootmode_${bootmode}" &> /dev/null && _run_once "_img_bootmode_${bootmode}"
    done
    if [[ "${x64_uefi_default_bootloader}" == 'uefi-x64.refind.esp' ]]; then
        for _esp_file in "${_esp_files_settings[@]}"; do
            [[ "${_esp_file}" =~ 'refind' ]] && \
            mv "${work_dir}/imgp2/${_esp_file}" "${work_dir}/imgp2/EFI/BOOT/"
            _esp_files_settings+=( "EFI/BOOT/refind.conf" )
        done
    fi

    for _espfile in "${_esp_files_settings[@]}"; do
        if [[ -f "${work_dir}/imgp2/${_espfile}" ]]; then
            sed -i -- "s|%DESKTOP%|${desktop}|g;
                       s|%INSTALL_DIR%|${install_dir}|g;
                       s|%ARCHISO_LABEL%|RO${iso_label}|g;
                       s|%COW_LABEL%|COW${iso_label}|g;
                        s|\scow_flags=%COW_FLAGS%||g;
                       s|%ESP_LABEL%|ESP${iso_label}|g;
                       s|=${iso_label}|=RO${iso_label}|g;
                       s|%IMG_LABEL%|RO${iso_label}|g" \
                       "${work_dir}/imgp2/${_espfile}"
        fi
        if [[ -n "${lts}" ]]; then
            sed -i -- "s|vmlinuz-linux|vmlinuz-linux-lts|;
                       s|initramfs-linux|initramfs-linux-lts|" \
                      "${work_dir}/imgp2/${_espfile}"
        fi
    done
    for _cowfile in "${_cow_files_settings[@]}"; do
            sed -i -- "s|%ESP_LABEL%|ESP${iso_label}|g" "${work_dir}/imgp3/${_cowfile}"
    done

    # Unmount IMG
    umount -- "${work_dir}/imgp1"
    umount -- "${work_dir}/imgp2"
    umount -- "${work_dir}/imgp3"

    # Bios boot loader
    if [[ "${bootmodes[*]}" =~ 'bios.syslinux.mbr' ]]; then
        if ! syslinux --directory boot/syslinux --install -- "${_loopdevice}p2" &> /dev/null; then
            echo 'Syslinux bootloader installation failed!'
            exit 1
        fi
        if ! dd bs=440 count=1 conv=notrunc if=/usr/lib/syslinux/bios/gptmbr.bin of="${_loopdevice}" 2> /dev/null; then
            echo 'Syslinux bootloader installation failed!'
            exit 1
        fi
        if ! sfdisk --lock --part-attrs "${_loopdevice}" 2 LegacyBIOSBootable &> /dev/null; then
            echo 'Syslinux bootloader installation failed!'
            exit 1
        fi
    fi
    # Remove loop device
    losetup -d "${_loopdevice}"

    _mkchecksum_iso
    if [[ -n "${gpg_key}" ]]; then
        _mksignature_iso
    fi
    _msg_info "Done!"
    echo
    _msg_info "$(du -h -- "${out_dir}/${image_name}")"
}

_iso_version_options() {
    iso_version_options=($(sed 's/\s/\n/g' <<< "${iso_version_options[@]}" | sort | sed ':a;N;$!ba;s/\n/-/g'))
}

# Read profile's values from profiledef.sh
_read_profile() {
    if [[ -z "${profile}" ]]; then
        _msg_error "No profile specified!" 1
    fi
    if [[ ! -d "${profile}" ]]; then
        _msg_error "Profile '${profile}' does not exist!" 1
    elif [[ ! -e "${profile}/profiledef.sh" ]]; then
        _msg_error "Profile '${profile}' is missing 'profiledef.sh'!" 1
    else
        cd -- "${profile}"

        # Source profile's variables
        source "${profile}/profiledef.sh"

        # Resolve paths of files that are expected to reside in the profile's directory
        [[ -n "$arch" ]] || arch="$(uname -m)"
        [[ -n "${packages}" ]] || packages="${profile}/packages.${arch}"
        packages="$(realpath -- "${packages}")"
        if [[ -n "${lang}" ]]; then
          packages_locales="$(realpath -- "${profile}/lang/${lang}/packages.${arch}")"
        fi
        pacman_conf="$(realpath -- "${pacman_conf}")"
        [[ -n "${pacman_testing_conf}" ]] && pacman_testing_conf="$(realpath -- "${pacman_testing_conf}")"

        # Resolve paths of files that may reside in the profile's directory
        if [[ -z "$bootstrap_packages" ]] && [[ -e "${profile}/bootstrap_packages.${arch}" ]]; then
            bootstrap_packages="${profile}/bootstrap_packages.${arch}"
            bootstrap_packages="$(realpath -- "${bootstrap_packages}")"
            pacman_conf="$(realpath -- "${pacman_conf}")"
        fi

        cd -- "${OLDPWD}"
    fi
}

# Validate set options
_validate_options() {
    local validation_error=0 _buildmode _certfile
    local run_once_mode="validate"

    _msg_info "Validating options..."
    # Check if pacman configuration file exists
    if [[ ! -e "${pacman_conf}" ]]; then
        (( validation_error=validation_error+1 ))
        _msg_error "File '${pacman_conf}' does not exist." 0
    fi

    # Check if the code signing certificate files exist
    for _certfile in "${cert_list[@]}"; do
        if [[ ! -e "${_certfile}" ]]; then
            (( validation_error=validation_error+1 ))
            _msg_error "Code signing certificate '${_certfile}' does not exist." 0
        fi
    done

    # Check if the specified buildmodes are supported
    for _buildmode in "${buildmodes[@]}"; do
        if typeset -f "_build_buildmode_${_buildmode}" &> /dev/null; then
            if typeset -f "_validate_requirements_buildmode_${_buildmode}" &> /dev/null; then
                "_validate_requirements_buildmode_${_buildmode}"
            else
                _msg_warning "Function '_validate_requirements_buildmode_${_buildmode}' does not exist. Validating the requirements of '${_buildmode}' build mode will not be possible."
            fi
        else
            (( validation_error=validation_error+1 ))
            _msg_error "${_buildmode} is not a valid build mode!" 0
        fi
    done

    # Check if the specified default EFI boot loader is supported
    if typeset -f "_make_x64_uefi_default_bootloader_${x64_uefi_default_bootloader}" &> /dev/null; then
        if typeset -f "_validate_requirements_x64_uefi_default_bootloader_${x64_uefi_default_bootloader}" &> /dev/null; then
            "_validate_requirements_x64_uefi_default_bootloader_${x64_uefi_default_bootloader}"
        else
            _msg_warning "Function '_validate_requirements_x64_uefi_default_bootloader_${x64_uefi_default_bootloader}' does not exist. Validating the requirements of '${x64_uefi_default_bootloader}' boot loader will not be possible."
        fi
    else
        (( validation_error=validation_error+1 ))
        _msg_error "${x64_uefi_default_bootloader} is not a valid EFI boot loader!" 0
    fi

    # Check if pacman-testing configuration file exists
    if [[ -n "${pacman_testing_conf}" && ! -e "${pacman_testing_conf}" ]]; then
        (( validation_error=validation_error+1 ))
        _msg_error "File '${pacman_testing_conf}' does not exist." 0
    fi

    if (( validation_error )); then
        _msg_error "${validation_error} errors were encountered while validating the profile. Aborting." 1
    fi
    _msg_info "Done!"
}

# set overrides from mkarchiso option parameters, if present
# Set defaults and, if present, overrides from aui-mkiso command line option parameters
_set_overrides() {
    # Set variables that have command line overrides
    [[ ! -v override_buildmodes ]] || buildmodes=("${override_buildmodes[@]}")
    if (( ${#buildmodes[@]} < 1 )); then
        buildmodes+=('iso')
    fi
    if [[ -v override_work_dir ]]; then
        work_dir="${override_work_dir}"
    elif [[ -z "${work_dir}" ]]; then
        work_dir='./work'
    fi
    work_dir="$(realpath -- "${work_dir}")"
    if [[ -v override_out_dir ]]; then
        out_dir="${override_out_dir}"
    elif [[ -z "${out_dir}" ]]; then
        out_dir='./out'
    fi
    out_dir="$(realpath -- "${out_dir}")"
    if [[ -v override_pacman_conf ]]; then
        pacman_conf="${override_pacman_conf}"
    elif [[ -z "${pacman_conf}" ]]; then
        pacman_conf="/etc/pacman.conf"
    fi
    pacman_conf="$(realpath -- "${pacman_conf}")"
    if [[ -v override_pacman_testing_conf ]]; then
        pacman_testing_conf="${override_pacman_testing_conf}"
    elif [[ -z "${pacman_testing_conf}" ]]; then
        pacman_testing_conf="/etc/pacman_testing.conf"
    fi
    pacman_testing_conf="$(realpath -- "${pacman_testing_conf}")"
    # TODO: allow overriding bootstrap_pkg_list
    if [[ -v override_iso_label ]]; then
        iso_label="${override_iso_label}"
    elif [[ -z "${iso_label}" ]]; then
        iso_label="${app_name^^}"
    fi
    if [[ -v override_iso_publisher ]]; then
        iso_publisher="${override_iso_publisher}"
    elif [[ -z "${iso_publisher}" ]]; then
        iso_publisher="${app_name}"
    fi
    if [[ -v override_iso_application ]]; then
        iso_application="${override_iso_application}"
    elif [[ -z "${iso_application}" ]]; then
        iso_application="${app_name} iso"
    fi
    if [[ -v override_install_dir ]]; then
        install_dir="${override_install_dir}"
    elif [[ -z "${install_dir}" ]]; then
        install_dir="${app_name}"
    fi
    [[ ! -v override_gpg_key ]] || gpg_key="${override_gpg_key}"
    [[ ! -v override_gpg_sender ]] || gpg_sender="$override_gpg_sender"
    [[ ! -v override_cert_list ]] || mapfile -t cert_list < <(realpath -- "${override_cert_list[@]}")
    if [[ -v override_quiet ]]; then
        quiet="${override_quiet}"
    elif [[ -z "${quiet}" ]]; then
        quiet="y"
    fi
    if [[ -v override_rm_work_dir ]]; then
        rm_work_dir="${override_rm_work_dir}"
    fi
    if [[ -v override_iso_name ]]; then
        image_name="${override_iso_name}"
    fi
    # Precalculate the ISO's modification date in UTC, i.e. its "UUID"
    TZ=UTC printf -v iso_uuid '%(%F-%H-%M-%S-00)T' "$SOURCE_DATE_EPOCH"
}

_export_gpg_publickey() {
    gpg_publickey="${work_dir}/pubkey.gpg"
    rm -f -- "${gpg_publickey}"
    gpg --batch --no-armor --output "${gpg_publickey}" --export "${gpg_key}"
    [[ -s "${gpg_publickey}" ]] || return
}

_make_version() {
    local osrelease

    _msg_info "Creating version files..."
    if [[ "${buildmode}" == @("img"|"iso"|"netboot") ]]; then
        if [[ -z "${iso_version}" ]]; then
            iso_version="$(pacman --sysroot "${work_dir}/x86_64/airootfs" -Q linux"${lts:-}" 2> /dev/null | \
                           cut -d' ' -f2 |                                                        \
                           sed s"/\./_/g; s/_arch.*//; s/^/linux${lts:-}_/")${iso_version_options[0]:+-${iso_version_options[0]}}${lang:+-${lang}}-$(date +%m%d)"
        fi
        install -d -m 0755 -- "${isofs_dir}/${install_dir}"
        # Write version file to ISO 9660
        printf '%s\n' "${iso_version}" > "${isofs_dir}/${install_dir}/version"
    fi
    if [[ "${buildmode}" == "iso" ]]; then
        # Write a limited grubenv with version information to install_dir on ISO 9660 for use cases where only the
        #
        rm -f -- "${isofs_dir}/${install_dir}/grubenv"
        printf '%.1024s' "$(printf '# GRUB Environment Block\nNAME=%s\nVERSION=%s\n%s' \
            "${iso_name}" "${iso_version}" "$(printf '%0.1s' "#"{1..1024})")" \
            > "${isofs_dir}/${install_dir}/grubenv"

        # Create a /boot/YYYY-mm-dd-HH-MM-SS-00.uuid file on ISO 9660. GRUB will search for it to find the ISO
        # volume. This is similar to what grub-mkrescue does, except it places the file in /.disk/, but we opt to use a
        # directory that does not start with a dot to avoid it being accidentally missed when copying the ISO's contents.
        search_filename="/boot/${iso_uuid}.uuid"
        install -d -m 755 -- "${isofs_dir}/boot"
        : >"${isofs_dir}${search_filename}"
    fi
    # Write version file to system installation dir
    rm -f -- "${pacstrap_dir}/version"
    printf '%s\n' "${iso_version:="$(date +%m%d)"}" > "${pacstrap_dir}/version"

    # Append IMAGE_ID & IMAGE_VERSION to os-release
    _os_release="$(realpath -- "${pacstrap_dir}/etc/os-release")"
    if [[ ! -e "${pacstrap_dir}/etc/os-release" && -e "${pacstrap_dir}/usr/lib/os-release" ]]; then
        _os_release="$(realpath -- "${pacstrap_dir}/usr/lib/os-release")"
    fi
    if [[ "${_os_release}" != "${pacstrap_dir}"* ]]; then
        _msg_warning "os-release file '${_os_release}' is outside of valid path."
    else
        [[ ! -e "${_os_release}" ]] || sed -i '/^IMAGE_ID=/d;/^IMAGE_VERSION=/d' "${_os_release}"
        printf 'IMAGE_ID=%s\nIMAGE_VERSION=%s\n' "${iso_name}" "${iso_version}" >> "${_os_release}"
    fi

    # Touch /usr/lib/clock-epoch to give another hint on date and time
    # for systems with screwed or broken RTC.
    touch -m -d"@${SOURCE_DATE_EPOCH}" -- "${pacstrap_dir}/usr/lib/clock-epoch"

    _msg_info "Done!"

}

_make_pkglist() {
    _msg_info "Creating a list of installed packages on live-enviroment..."
    case "${buildmode}" in
        "bootstrap")
            pacman -Q --sysroot "${pacstrap_dir}" >"${bootstrap_parent}/pkglist.${arch}.txt"
            ;;
        "img"|"iso"|"netboot")
            install -d -m 0755 -- "${isofs_dir}/${install_dir}"
            pacman -Q --sysroot "${pacstrap_dir}" > "${isofs_dir}/${install_dir}/pkglist.${arch}.txt"
            ;;
    esac
    _msg_info "Done!"
}

# Create working directory
_make_work_dir() {
    if [[ ! -d "${work_dir}" ]]; then
        install -d -- "${work_dir}"
    elif (( rm_work_dir )); then
        rm_work_dir=0
        _msg_warning "Working directory removal requested, but '${work_dir}' already exists. It will not be removed!" 0
    fi
}

# build the base for an ISO and/or a netboot target
_build_iso_base() {
    local run_once_mode="base"
    local buildmode_packages="${packages}"
    # Set the package list to use
    local buildmode_pkg_list=("${pkg_list[@]}")
    # Set up essential directory paths
    pacstrap_dir="${work_dir}/${arch}/airootfs"
    isofs_dir="${work_dir}/iso"

    # Write build date to file if it does not exist already
    [[ -e "${work_dir}/build_date" ]] || printf '%s\n' "$SOURCE_DATE_EPOCH" > "${work_dir}/build_date"

    _show_config
    _run_once _make_pacman_conf
    [[ -n "${pacman_testing_conf}" ]] && _run_once _make_pacman_testing_conf
    [[ -z "${gpg_key}" ]] || _run_once _export_gpg_publickey
    _run_once _make_custom_airootfs
    _run_once _make_packages
    [[ -n "${pkg_testing_list[*]}" ]] && _run_once _make_packages_testing
    [[ -n "${user_pkg_dir}" && -d "${user_pkg_dir}" ]] && _run_once _make_packages_upgrade
    _run_once _make_version
    _run_once _make_customize_airootfs
    _run_once _make_setup_mkinitcpio
    _run_once _make_pkglist
    _run_once _check_if_initramfs_has_ucode
    if [[ "${buildmode}" == 'netboot' ]]; then
        _run_once _make_boot_on_iso9660
    else
        _make_bootmodes
        _run_once _make_ia32_uefi_default_bootloader
        _run_once _make_x64_uefi_default_bootloader
    fi
    _run_once _cleanup_pacstrap_dir
    _run_once _make_drive
    _run_once _prepare_airootfs_image
}

# Build the bootstrap buildmode
_build_buildmode_bootstrap() {
    local image_name="${iso_name}-bootstrap-${iso_version:-"$(date +%m%d)"}-${arch}.tar"
    local run_once_mode="${buildmode}"
    local buildmode_packages="${bootstrap_packages}"
    # Set the package list to use
    local buildmode_pkg_list=("${bootstrap_pkg_list[@]}")

    # Set up essential directory paths
    pacstrap_dir="${work_dir}/${arch}/bootstrap/root.${arch}"
    bootstrap_parent="$(dirname -- "${pacstrap_dir}")"
    install -d -m 0755 -o 0 -g 0 -- "${pacstrap_dir}"

    # Set tarball extension
    case "${bootstrap_tarball_compression[0]}" in
        'bzip') image_name="${image_name}.b2z" ;;
        'gzip') image_name="${image_name}.gz" ;;
        'lrzip') image_name="${image_name}.lrz" ;;
        'lzip') image_name="${image_name}.lz" ;;
        'lzop') image_name="${image_name}.lzo" ;;
        'xz') image_name="${image_name}.xz" ;;
        'zstd'|'zstdmt') image_name="${image_name}.zst" ;;
    esac

    [[ "${quiet}" == "y" ]] || _show_config
    _run_once _make_pacman_conf
    _run_once _make_packages
    _run_once _make_version
    _run_once _make_pkglist
    _run_once _cleanup_pacstrap_dir
    _run_once _build_bootstrap_image
}

# Build the netboot buildmode
_build_buildmode_netboot() {
    local run_once_mode="${buildmode}"

    _build_iso_base

    if [[ -e "${isofs_dir}/${install_dir}/${arch}/airootfs.sfs" ]]; then
        airootfs_image_filename="${isofs_dir}/${install_dir}/${arch}/airootfs.sfs"
    elif [[ -e "${isofs_dir}/${install_dir}/${arch}/airootfs.erofs" ]]; then
        airootfs_image_filename="${isofs_dir}/${install_dir}/${arch}/airootfs.erofs"
    fi

    if [[ -v cert_list ]]; then
        _run_once _sign_netboot_artifacts
    fi
    _run_once _export_netboot_artifacts
}

# Build the ISO buildmode
_build_buildmode_iso() {
    local run_once_mode="${buildmode}"
    _build_iso_base
    _run_once _build_iso_image
}

# Build the IMG buildmode
_build_buildmode_img() {
    local run_once_mode="${buildmode}"
    if [[ -z "${lts}" ]]; then
        _build_iso_base
        _run_once _build_img_image
    fi
}

# build all buildmodes
_build() {
    local buildmode
    local run_once_mode="build"
    efibootimg="${work_dir}/efiboot.img"

    for buildmode in "${buildmodes[@]}"; do
        _run_once "_build_buildmode_${buildmode}"
    done
    if (( rm_work_dir )); then
        _msg_info 'Removing the working directory...'
        rm -rf -- "${work_dir:?}/"
        _msg_info 'Done!'
    fi
}

OPTS=$(getopt -o '?A:C:c:D:g:G:hL:l:m:N:o:P:p:rvw:' \
              -l 'addpkg:,addpkgtesting:,application:,embeddir:' \
              -l 'add-pkg:,add-pkg-testing:,build-modes:,cert:,embed-dir:' \
              -l 'gpgkey:,gpgsender:,graphics:,installdir:,label:,language:' \
              -l 'lts,outdir:,pacman-testing-conf:,pkgdir:,publisher:' \
              -l 'install-dir:,out-dir:,pacmantestingconf:,pkg-dir:' \
              -l 'verbose,workdir:,work-dir:,zfs-support' \
              -l 'remove-work-dir' \
              -l 'help' \
              -n "${app_name}" -- "$@")
[[ $? -eq 0 ]] || _usage 1
eval set -- "${OPTS}"
unset OPTS

while true; do
    case "${1}" in
        '-?'|'-h'|'--help')
            _usage 0 ;;
        '-p'|'--add-pkg'|'--addpkg')
            pkg_list_additions+=($(tr ',' ' ' <<< "${2}"))
            shift 2 ;;
        '--add-pkg-testing'|'--addpkgtesting')
            pkg_testing_list=($(tr ',' ' ' <<< "${2}"))
            shift 2 ;;
        '-A'|'--application')
            override_iso_application="${2}"
            shift 2 ;;
        '-C')
            override_pacman_conf="$(realpath -- "${2}")"
            shift 2 ;;
        '-c'|'--cert')
            read -r -d ',' -a override_cert_list <<< "${2}"
            shift 2 ;;
        '-D'|'--install-dir'|'--installdir')
            override_install_dir="${2}"
            shift 2 ;;        
        '--embed-dir'|'--embeddir')
            embed_dir="${2}"
            shift 2 ;;
        '-g'|'--gpgkey')
            override_gpg_key="${2}"
            shift 2 ;;
        '-G'|'--gpgsender')
            override_gpg_sender="${2}"
            shift 2 ;;
        '--graphics')
            case "${2}" in
                'nvidia')
                    pkg_list_additions+=(nvidia nvidia-settings)
                    iso_version_options+=(nvidia);;
                'nvidia-open')
                    pkg_list_additions+=(nvidia-open nvidia-settings)
                    iso_version_options+=(nvidia-open);;
                'optimus-nvidia')
                    pkg_list_additions+=(nvidia nvidia-settings bbswitch)
                    iso_version_options+=(optimus-nvidia);;
                'optimus-prime')
                    pkg_list_additions+=(nvidia nvidia-settings nvidia-prime)
                    iso_version_options+=(optimus-prime);;
                *)
                   echo "${2}: invalid argument!"
                    _usage 1;;
            esac
            shift 2;;
        '-L'|'--label')
            override_iso_label="${2}"
            shift 2 ;;
        '-l'|'--language')
            case "${2}" in
                'cz'|'cs_CZ') lang="cs_CZ";;
                'de'|'de_DE') lang="de_DE";;
                'es'|'es_ES') lang="es_ES";;
                'fr'|'fr_FR') lang="fr_FR";;
                'gr'|'el_GR') lang="el_GR";;
                'hu'|'hu_HU') lang="hu_HU";;
                'it'|'it_IT') lang="it_IT";;
                'nl'|'nl_NL') lang="nl_NL";;
                'pl'|'pl_PL') lang="pl_PL";;
                'pt'|'pt_PT') lang="pt_PT";;
                'ro'|'ro_RO') lang="ro_RO";;
                'rs'|'sr_RS@latin') lang="sr_RS@latin";;
                'ru'|'ru_RU') lang="ru_RU";;
                'tr'|'tr_TR') lang="tr_TR";;
                'ua'|'uk_UA') lang="uk_UA";;
                *)
                   echo "${2}: invalid argument!"
                    _usage 1;;
            esac
            shift 2 ;;
        '--lts')
            lts="-lts"
            shift ;;
        '-m'|'--build-modes')
            IFS=',' read -r -a override_buildmodes <<< "${2}"
            shift 2 ;;
        '-N'|'--name')
            override_iso_name="${2}"
            shift 2 ;;
        '-o'|'--out-dir'|'--outdir')
            override_out_dir="${2}"
            shift 2 ;;
        '--pacman-testing-conf'|'--pacmantestingconf')
            override_pacman_testing_conf="$(realpath -- "${2}")"
            shift 2 ;;
        '--pkg-dir'|'--pkgdir')
            user_pkg_dir="${2}"
            shift 2 ;;
        '-P'|'--publisher')
            override_iso_publisher="${2}"
            shift 2 ;;
        '-r'|'--remove-work-dir')
            declare -i override_rm_work_dir=1
            shift ;;
        '-v'|'--verbose')
            override_quiet="n"
            shift ;;
        '-w'|'--workdir'|'--work-dir')
            override_work_dir="${2}"
            shift 2 ;;
        '--zfs-support')
            zfs_support="yes"
            shift ;;
        '--')
            shift
            break ;;
    esac
done

if [[ $# -eq 0 ]]; then
    _msg_error "No profile specified" 0
    _usage 1
fi
if (( EUID != 0 )); then
    _msg_error "${app_name} must be run as root." 1
fi

if [[ ! -d "$(realpath -- "${1}")" ]]; then
    set -- "${directory_profiles}/${1}"
fi
profile="$(realpath -- "${1}")"

# Read SOURCE_DATE_EPOCH from file early
build_date_file="$(realpath -q -- "${override_work_dir:-./work}/build_date")" || :
if [[ -f "$build_date_file" ]]; then
    SOURCE_DATE_EPOCH="$(<"$build_date_file")"
fi
unset build_date_file

[[ -n "${iso_version_options[*]}" ]] && _iso_version_options
_read_profile
_set_overrides
echo
if [[ -d "${work_dir}" ]]; then
    _msg_info "WORKING DIRECTORY '${work_dir}' ALREADY EXISTS! REMOVE DIRECTORY BEFORE BUILDING A NEW ISO." && 
    echo
    exit 0
else
    # Create working directory
    _make_work_dir
fi
_validate_options
if [[ "${zfs_support}" == "yes" ]]; then
    user_pkg_dir="${user_pkg_dir:-${work_dir}/out}"
    aui-buildzfs --pkgdest="${user_pkg_dir}"
fi
_build
_msg_info "Success!"

# vim:ts=4:sw=4:et:
