feat: sgid reduction (#392)

* feat: also remove sgid bit

* Update yafti.yml

* Update yafti.yml

files/scripts/removesuid.sh

@@ -72,4 +72,13 @@ find /usr -type f -perm /4000 |
         fi
     done
 
+find /usr -type f -perm /2000 |
+    while IFS= read -r binary; do
+        if ! is_in_whitelist "$binary"; then
+            echo "Removing SGID bit from $binary"
+            chmod g-s "$binary"
+            echo "Removed SGID bit from $binary"
+        fi
+    done
+
 systemctl enable setcapsforunsuidbinaries.service

files/system/usr/share/ublue-os/firstboot/yafti.yml

@@ -82,10 +82,10 @@ screens:
   final-screen:
     source: yafti.screen.title
     values:
-      title: "All done!"
+      title: "Yafti run complete!"
       icon: "/path/to/icon"
       links:
-        - "Website":
+        - "POSTINSTALL-README":
-            run: /usr/bin/xdg-open https://github.com/secureblue/secureblue
+            run: /usr/bin/xdg-open https://github.com/secureblue/secureblue/blob/live/POSTINSTALL-README.md
       description: |
-        Thanks for trying secureblue, we hope you enjoy it!
+        Complete your secureblue installation by following the POSTINSTALL-README.