refactor(os): Remove existing initramfs fallback files when we remove them from build instructions (#1)

setup.sh

@@ -269,6 +269,9 @@ function set_initramfs_build_list () {
         -e '/^fallback/d' \
         -e 's'$'\x1''^(PRESETS=)[^\r\n\f]*'$'\x1''\1('"'"'default'"'"')'$'\x1''g' \
         '/mnt/etc/mkinitcpio.d/linux.preset'
+
+    # Remove any existing fallback initramfs files
+    find '/mnt/boot' -type f -regextype posix-extended -iregex '^/mnt/boot/initramfs-.*?-fallback.img' -delete
 }
 
 function add_zfs_files_to_new_os () {
@@ -361,6 +364,37 @@ function paru_install () {
     sudo --user build paru -S --noconfirm "${@}"
 }
 
+function keep_initiramfs_root_only_rw () {
+    declare systemd_local_admin_override_path unit_name
+    systemd_local_admin_override_path='/etc/systemd/system'
+    unit_name='chmod-initramfs'
+    path_unit="${systemd_local_admin_override_path%/}"'/'"${unit_name}"'.path'
+    service_unit="${systemd_local_admin_override_path%/}"'/'"${unit_name}"'.service'
+
+    cat > "${path_unit}" <<"EOF"
+[Unit]
+Description=chmod initramfs to be root-read-writable only
+
+[Path]
+PathChanged=/boot/initramfs-linux.img
+
+[Install]
+WantedBy=multi-user.target
+WantedBy=system-update.target
+EOF
+
+    cat > "${service_unit}" <<"EOF"
+[Unit]
+Description=chmod initramfs to be root-read-writable only
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/chmod 600 /boot/initramfs-linux.img
+EOF
+
+    systemctl enable --now "${path_unit}"
+}
+
 function install_os_in_chroot () {
     ### Reinit keyring
     # As keyring is initialized at boot, and copied to the install dir with pacstrap, and ntp is running
@@ -376,6 +410,7 @@ function install_os_in_chroot () {
     hwclock --systohc
     locale-gen
     source /etc/locale.conf
+    keep_initiramfs_root_only_rw
     mkinitcpio -P
 
     # Install ZFSBootMenu and deps