summaryrefslogtreecommitdiffstats
path: root/upstream/fedora-rawhide/man1/mkosi.1
diff options
context:
space:
mode:
Diffstat (limited to 'upstream/fedora-rawhide/man1/mkosi.1')
-rw-r--r--upstream/fedora-rawhide/man1/mkosi.11852
1 files changed, 0 insertions, 1852 deletions
diff --git a/upstream/fedora-rawhide/man1/mkosi.1 b/upstream/fedora-rawhide/man1/mkosi.1
deleted file mode 100644
index e32d7ccb..00000000
--- a/upstream/fedora-rawhide/man1/mkosi.1
+++ /dev/null
@@ -1,1852 +0,0 @@
-.\" Automatically generated by Pandoc 2.14.0.3
-.\"
-.TH "mkosi" "1" "2016-" "" ""
-.hy
-.SH NAME
-.PP
-mkosi \[em] Build Bespoke OS Images
-.SH SYNOPSIS
-.PP
-\f[C]mkosi [options\&...] build\f[R]
-.PP
-\f[C]mkosi [options\&...] clean\f[R]
-.PP
-\f[C]mkosi [options\&...] summary\f[R]
-.PP
-\f[C]mkosi [options\&...] shell [command line\&...]\f[R]
-.PP
-\f[C]mkosi [options\&...] boot [nspawn settings\&...]\f[R]
-.PP
-\f[C]mkosi [options\&...] qemu\f[R]
-.PP
-\f[C]mkosi [options\&...] ssh\f[R]
-.PP
-\f[C]mkosi [options\&...] serve\f[R]
-.PP
-\f[C]mkosi [options\&...] bump\f[R]
-.PP
-\f[C]mkosi [options\&...] genkey\f[R]
-.PP
-\f[C]mkosi [options\&...] help\f[R]
-.SH DESCRIPTION
-.PP
-\f[C]mkosi\f[R] is a tool for easily building customized OS images.
-It\[cq]s a fancy wrapper around \f[C]dnf --installroot\f[R],
-\f[C]debootstrap\f[R], \f[C]pacstrap\f[R] and \f[C]zypper\f[R] that may
-generate disk images with a number of bells and whistles.
-.SS Command Line Verbs
-.PP
-The following command line verbs are known:
-.TP
-\f[B]\f[CB]build\f[B]\f[R]
-This builds the image, based on the settings passed in on the command
-line or read from a \f[C]mkosi.default\f[R] file.
-This verb is the default if no verb is explicitly specified.
-This command must be executed as \f[C]root\f[R].
-Any arguments passed after \f[C]build\f[R] are passed as arguments to
-the build script (if there is one).
-.TP
-\f[B]\f[CB]clean\f[B]\f[R]
-Remove build artifacts generated on a previous build.
-If combined with \f[C]-f\f[R], also removes incremental build cache
-images.
-If \f[C]-f\f[R] is specified twice, also removes any package cache.
-.TP
-\f[B]\f[CB]summary\f[B]\f[R]
-Outputs a human-readable summary of all options used for building an
-image.
-This will parse the command line and \f[C]mkosi.default\f[R] file as it
-would do on \f[C]build\f[R], but only output what it is configured for
-and not actually build anything.\[ga]
-.TP
-\f[B]\f[CB]shell\f[B]\f[R]
-This builds the image if it is not built yet, and then invokes
-\f[C]systemd-nspawn\f[R] to acquire an interactive shell prompt in it.
-If this verb is used an optional command line may be specified which is
-then invoked in place of the shell in the container.
-Combine this with \f[C]-f\f[R] in order to rebuild the image
-unconditionally before acquiring the shell, see below.
-This command must be executed as \f[C]root\f[R].
-.TP
-\f[B]\f[CB]boot\f[B]\f[R]
-Similar to \f[C]shell\f[R] but boots the image up using
-\f[C]systemd-nspawn\f[R].
-If this verb is used an optional command line may be specified which is
-passed as \[lq]kernel command line\[rq] to the init system in the image.
-.TP
-\f[B]\f[CB]qemu\f[B]\f[R]
-Similar to \f[C]boot\f[R] but uses \f[C]qemu\f[R] to boot up the image,
-i.e.\ instead of container virtualization VM virtualization is used.
-This verb is only supported on images that contain a boot loader,
-i.e.\ those built with \f[C]Bootable=yes\f[R] (see below).
-This command must be executed as \f[C]root\f[R] unless the image already
-exists and \f[C]-f\f[R] is not specified.
-.TP
-\f[B]\f[CB]ssh\f[B]\f[R]
-When the image is built with the \f[C]Ssh=yes\f[R] option, this command
-connects to a booted (\f[C]boot\f[R], \f[C]qemu\f[R] verbs) container/VM
-via SSH.
-Make sure to run \f[C]mkosi ssh\f[R] with the same config as
-\f[C]mkosi build\f[R] was run with so that it has the necessary
-information available to connect to the running container/VM via SSH.
-.TP
-\f[B]\f[CB]serve\f[B]\f[R]
-This builds the image if it is not built yet, and then serves the output
-directory (i.e.\ usually \f[C]mkosi.output/\f[R], see below) via a small
-embedded HTTP server, listening on port 8081.
-Combine with \f[C]-f\f[R] in order to rebuild the image unconditionally
-before serving it.
-This command is useful for testing network based acquisition of OS
-images, for example via \f[C]machinectl pull-raw \&...\f[R] and
-\f[C]machinectl pull-tar \&...\f[R].
-.TP
-\f[B]\f[CB]bump\f[B]\f[R]
-Determines the current image version string (as configured with
-\f[C]ImageVersion=\f[R]/\f[C]--image-version=\f[R]), increases its last
-dot-separated component by one and writes the resulting version string
-to \f[C]mkosi.version\f[R].
-This is useful for implementing a simple versioning scheme: each time
-this verb is called the version is bumped in preparation for the
-subsequent build.
-Note that \f[C]--auto-bump\f[R]/\f[C]-B\f[R] may be used to
-automatically bump the version after each successful build.
-.TP
-\f[B]\f[CB]genkey\f[B]\f[R]
-Generate a pair of SecureBoot keys for usage with the
-\f[C]SecureBootKey=\f[R]/\f[C]--secure-boot-key=\f[R] and
-\f[C]SecureBootCertificate=\f[R]/\f[C]--secure-boot-certificate=\f[R]
-options.
-.TP
-\f[B]\f[CB]help\f[B]\f[R]
-This verb is equivalent to the \f[C]--help\f[R] switch documented below:
-it shows a brief usage explanation.
-.SS Execution flow
-.PP
-Execution flow for \f[C]mkosi build\f[R].
-Columns represent the execution context.
-Default values/calls are shown in parentheses.
-When building with \f[C]--incremental\f[R] mkosi creates a cache of the
-distribution installation for both images if not already existing and
-replaces the distribution installation in consecutive runs with data
-from the cached one.
-.IP
-.nf
-\f[C]
- HOST . BUILD . FINAL
- . IMAGE . IMAGE
- . .
- start . .
- | . .
- v . .
-build script? -------exists-----> copy .
- | . skeleton trees .
- | . (mkosi.skeleton/) .
- none . | .
- | . v .
- v . install .
- skip . distribution, .
- build image . packages and .
- | . build packages, .
- | . run .
- | . prepare script .
- | . (mkosi.prepare build) .
- | . or if incremental .
- | . use cached build image .
- | . | .
- | . v .
- | . copy .
- | . build sources .
- | . (./) .
- | . | .
- | . v .
- | . copy .
- | . extra trees .
- | . (mkosi.extra/) .
- | . | .
- | . v .
- | . run .
- | . postinstall script .
- | . (mkosi.postinst build) .
- | . | .
- | .-------------------------\[aq] .
- | | . .
- | v . .
- | run . .
- | finalize script . .
- |(mkosi.finalize build). .
- | | . .
- | \[aq]-------------------------. .
- | . | .
- | . v .
- | . run .
- | . build script .
- | . (mkosi.build) .
- | . | .
- \[aq]-----------------------------------+------------------------.
- . . |
- . . v
- . . copy
- . . skeleton trees
- . . (mkosi.skeleton/)
- . . |
- . . v
- . . install
- . . distribution
- . . and packages,
- . . run
- . . prepare script
- . . (mkosi.prepare final)
- . . or if incremental
- . . use cached final image
- . . |
- . . v
- . . copy
- . . build results
- . . |
- . . v
- . . copy
- . . extra trees
- . . (mkosi.extra/)
- . . |
- . . v
- . . run
- . . postinstall script
- . . (mkosi.postinst final)
- . . |
- . . v
- . . |
- . . perform cleanup
- . . (remove files, packages,
- . . package metadata)
- . . |
- .--------------------------------------------------\[aq]
- | . .
- v . .
- run . .
- finalize script . .
- (mkosi.finalize final) . .
- | . .
- .---------\[aq] . .
- | . .
- v . .
- end . .
- . .
- HOST . BUILD . FINAL
- . IMAGE . IMAGE
- . .
-\f[R]
-.fi
-.SS Supported output formats
-.PP
-The following output formats are supported:
-.IP \[bu] 2
-Raw \f[I]GPT\f[R] disk image, with ext4 as root (\f[I]gpt_ext4\f[R])
-.IP \[bu] 2
-Raw \f[I]GPT\f[R] disk image, with xfs as root (\f[I]gpt_xfs\f[R])
-.IP \[bu] 2
-Raw \f[I]GPT\f[R] disk image, with btrfs as root (\f[I]gpt_btrfs\f[R])
-.IP \[bu] 2
-Raw \f[I]GPT\f[R] disk image, with squashfs as read-only root
-(\f[I]gpt_squashfs\f[R])
-.IP \[bu] 2
-Plain squashfs image, without partition table, as read-only root
-(\f[I]plain_squashfs\f[R])
-.IP \[bu] 2
-Plain directory, containing the OS tree (\f[I]directory\f[R])
-.IP \[bu] 2
-btrfs subvolume, with separate subvolumes for \f[C]/var\f[R],
-\f[C]/home\f[R], \f[C]/srv\f[R], \f[C]/var/tmp\f[R]
-(\f[I]subvolume\f[R])
-.IP \[bu] 2
-Tar archive (\f[I]tar\f[R])
-.IP \[bu] 2
-CPIO archive (\f[I]cpio\f[R]) in the format appropriate for a kernel
-initrd
-.PP
-When a \f[I]GPT\f[R] disk image is created, the following additional
-options are available:
-.IP \[bu] 2
-A swap partition may be added in
-.IP \[bu] 2
-The image may be made bootable on \f[I]EFI\f[R] and \f[I]BIOS\f[R]
-systems
-.IP \[bu] 2
-Separate partitions for \f[C]/srv\f[R] and \f[C]/home\f[R] may be added
-in
-.IP \[bu] 2
-The root, \f[C]/srv\f[R] and \f[C]/home\f[R] partitions may optionally
-be encrypted with LUKS.
-.IP \[bu] 2
-A dm-verity partition may be added in that adds runtime integrity data
-for the root partition
-.SS Configuration Settings
-.PP
-The following settings can be set through configuration files (the
-syntax with \f[C]SomeSetting=value\f[R]) and on the command line (the
-syntax with \f[C]--some-setting=value\f[R]).
-For some command line parameters, a single-letter shortcut is also
-allowed.
-In the configuration files, the setting must be in the appropriate
-section, so the settings are grouped by section below.
-.PP
-Command line options that take no argument are shown without \[lq]=\[rq]
-in their long version.
-In the config files, they should be specified with a boolean argument:
-either \[lq]1\[rq], \[lq]yes\[rq], or \[lq]true\[rq] to enable, or
-\[lq]0\[rq], \[lq]no\[rq], \[lq]false\[rq] to disable.
-.SS [Distribution] Section
-.TP
-\f[B]\f[CB]Distribution=\f[B]\f[R], \f[B]\f[CB]--distribution=\f[B]\f[R], \f[B]\f[CB]-d\f[B]\f[R]
-The distribution to install in the image.
-Takes one of the following arguments: \f[C]fedora\f[R],
-\f[C]debian\f[R], \f[C]ubuntu\f[R], \f[C]arch\f[R], \f[C]opensuse\f[R],
-\f[C]mageia\f[R], \f[C]centos\f[R], \f[C]centos_epel\f[R],
-\f[C]clear\f[R], \f[C]photon\f[R], \f[C]openmandriva\f[R],
-\f[C]rocky\f[R], \f[C]rocky_epel\f[R], \f[C]alma\f[R],
-\f[C]alma_epel\f[R].
-If not specified, defaults to the distribution of the host.
-.TP
-\f[B]\f[CB]Release=\f[B]\f[R], \f[B]\f[CB]--release=\f[B]\f[R], \f[B]\f[CB]-r\f[B]\f[R]
-The release of the distribution to install in the image.
-The precise syntax of the argument this takes depends on the
-distribution used, and is either a numeric string (in case of Fedora
-Linux, CentOS, \&..., e.g.\ \f[C]29\f[R]), or a distribution version
-name (in case of Debian, Ubuntu, \&..., e.g.\ \f[C]artful\f[R]).
-If neither this option, nor \f[C]Distribution=\f[R] is specified,
-defaults to the distribution version of the host.
-If the distribution is specified, defaults to a recent version of it.
-.TP
-\f[B]\f[CB]Mirror=\f[B]\f[R], \f[B]\f[CB]--mirror=\f[B]\f[R], \f[B]\f[CB]-m\f[B]\f[R]
-The mirror to use for downloading the distribution packages.
-Expects a mirror URL as argument.
-.TP
-\f[B]\f[CB]Repositories=\f[B]\f[R], \f[B]\f[CB]--repositories=\f[B]\f[R]
-Additional package repositories to use during installation.
-Expects one or more URLs as argument, separated by commas.
-This option may be used multiple times, in which case the list of
-repositories to use is combined.
-Use \[lq]!*\[rq] to remove all repositories from to the list or use
-e.g.\ \[lq]!repo-url\[rq] to remove just one specific repository.
-For Arch Linux, additional repositories must be passed in the form
-\f[C]<name>::<url>\f[R] (e.g.\ \f[C]myrepo::https://myrepo.net\f[R]).
-.TP
-\f[B]\f[CB]UseHostRepositories=\f[B]\f[R], \f[B]\f[CB]--use-host-repositories\f[B]\f[R]
-This option is only applicable for RPM-based distributions:
-\f[I]CentOS\f[R], \f[I]Fedora Linux\f[R], \f[I]Mageia\f[R],
-\f[I]Photon\f[R], \f[I]Rocky Linux\f[R], \f[I]Alma Linux\f[R] and
-\f[I]OpenMandriva\f[R].
-Allows use of the host\[cq]s existing RPM repositories.
-By default, a hardcoded set of default RPM repositories is generated and
-used.
-Use \f[C]--repositories=\f[R] to identify a custom set of repositories
-to be enabled and used for the build.
-.TP
-\f[B]\f[CB]RepositoryDirectory\f[B]\f[R], \f[B]\f[CB]--repository-directory\f[B]\f[R]
-This option can (for now) only be used with RPM-based istributions and
-Arch Linux.
-It identifies a directory containing extra repository definitions that
-will be used when installing packages.
-The files are passed directly to the corresponding package manager and
-should be written in the format expected by the package manager of the
-image\[cq]s distro.
-.TP
-\f[B]\f[CB]Architecture=\f[B]\f[R], \f[B]\f[CB]--architecture=\f[B]\f[R]
-The architecture to build the image for.
-Note that this currently only works for architectures compatible with
-the host\[cq]s architecture.
-.SS [Output] Section
-.TP
-\f[B]\f[CB]Format=\f[B]\f[R], \f[B]\f[CB]--format=\f[B]\f[R], \f[B]\f[CB]-t\f[B]\f[R]
-The image format type to generate.
-One of \f[C]directory\f[R] (for generating OS images inside a local
-directory), \f[C]subvolume\f[R] (similar, but as a btrfs subvolume),
-\f[C]tar\f[R] (similar, but a tarball of the image is generated),
-\f[C]cpio\f[R] (similar, but a cpio archive is generated),
-\f[C]gpt_ext4\f[R] (a block device image with an ext4 file system inside
-a GPT partition table), \f[C]gpt_xfs\f[R] (similar, but with an xfs file
-system), \f[C]gpt_btrfs\f[R] (similar, but with an btrfs file system),
-\f[C]gpt_squashfs\f[R] (similar, but with a squashfs file system),
-\f[C]plain_squashfs\f[R] (a plain squashfs file system without a
-partition table).
-.TP
-\f[B]\f[CB]ManifestFormat=\f[B]\f[R], \f[B]\f[CB]--manifest-format=\f[B]\f[R]
-The manifest format type or types to generate.
-A comma-delimited list consisting of \f[C]json\f[R] (the standard JSON
-output format that describes the packages installed),
-\f[C]changelog\f[R] (a human-readable text format designed for diffing).
-Defaults to \f[C]json\f[R].
-.TP
-\f[B]\f[CB]Output=\f[B]\f[R], \f[B]\f[CB]--output=\f[B]\f[R], \f[B]\f[CB]-o\f[B]\f[R]
-Path for the output image file to generate.
-Takes a relative or absolute path where the generated image will be
-placed.
-If neither this option nor \f[C]OutputDirectory=\f[R] is used, the image
-is generated under the name \f[C]image\f[R], but its name suffixed with
-an appropriate file suffix (e.g.\ \f[C]image.raw.xz\f[R] in case
-\f[C]gpt_ext4\f[R] is used in combination with \f[C]xz\f[R]
-compression).
-If the \f[C]ImageId=\f[R] option is configured it is used instead of
-\f[C]image\f[R] in the default output name.
-If an image version is specified via \f[C]ImageVersion=\f[R], it is
-included in the default name, e.g.\ a specified image version of
-\f[C]7.8\f[R] might result in an image file name of
-\f[C]image_7.8.raw.xz\f[R].
-.TP
-\f[B]\f[CB]OutputSplitRoot=\f[B]\f[R], \f[B]\f[CB]--output-split-root=\f[B]\f[R], \f[B]\f[CB]OutputSplitVerify=\f[B]\f[R], \f[B]\f[CB]--output-split-verity=\f[B]\f[R], \f[B]\f[CB]OutputSplitKernel=\f[B]\f[R], \f[B]\f[CB]--output-split-kernel=\f[B]\f[R]
-Paths for the split-out output image files, when
-\f[C]SplitArtifacts=yes\f[R] is used.
-If unspecified, the relevant split artifact files will be named like the
-main image, but with \f[C].root\f[R], \f[C].verity\f[R], and
-\f[C].efi\f[R] suffixes inserted (and in turn possibly suffixed by
-compression suffix, if compression is enabled).
-.TP
-\f[B]\f[CB]OutputDirectory=\f[B]\f[R], \f[B]\f[CB]--output-dir=\f[B]\f[R], \f[B]\f[CB]-O\f[B]\f[R]
-Path to a directory where to place all generated artifacts (i.e.\ the
-generated image when an output path is not given, \f[C]SHA256SUMS\f[R]
-file, etc.).
-If this is not specified and the directory \f[C]mkosi.output/\f[R]
-exists in the local directory, it is automatically used for this
-purpose.
-If the setting is not used and \f[C]mkosi.output/\f[R] does not exist,
-all output artifacts are placed adjacent to the output image file.
-.TP
-\f[B]\f[CB]WorkspaceDirectory=\f[B]\f[R], \f[B]\f[CB]--workspace-dir=\f[B]\f[R]
-Path to a directory where to store data required temporarily while
-building the image.
-This directory should have enough space to store the full OS image,
-though in most modes the actually used disk space is smaller.
-If not specified, and \f[C]mkosi.workspace/\f[R] exists in the local
-directory, it is used for this purpose.
-Otherwise, a subdirectory in the temporary storage area is used
-(\f[C]$TMPDIR\f[R] if set, \f[C]/var/tmp/\f[R] otherwise).
-The data in this directory is removed automatically after each build.
-It\[cq]s safe to manually remove the contents of this directory should
-an \f[C]mkosi\f[R] invocation be aborted abnormally (for example, due to
-reboot/power failure).
-If the \f[C]btrfs\f[R] output modes are selected this directory must be
-backed by \f[C]btrfs\f[R] too.
-.TP
-\f[B]\f[CB]Force=\f[B]\f[R], \f[B]\f[CB]--force\f[B]\f[R], \f[B]\f[CB]-f\f[B]\f[R]
-Replace the output file if it already exists, when building an image.
-By default when building an image and an output artifact already exists
-\f[C]mkosi\f[R] will refuse operation.
-Specify this option once to delete all build artifacts from a previous
-run before re-building the image.
-If incremental builds are enabled, specifying this option twice will
-ensure the intermediary cache files are removed, too, before the
-re-build is initiated.
-If a package cache is used (also see the \[lq]Files\[rq] section below),
-specifying this option thrice will ensure the package cache is removed
-too, before the re-build is initiated.
-For the \f[C]clean\f[R] operation this option has a slightly different
-effect: by default the verb will only remove build artifacts from a
-previous run, when specified once the incremental cache files are
-deleted too, and when specified twice the package cache is also removed.
-.PP
-.TP
-\f[B]\f[CB]GPTFirstLBA=\f[B]\f[R], \f[B]\f[CB]--gpt-first-lba=\f[B]\f[R]
-Override the first usable LBA (Logical Block Address) within the GPT
-header.
-This defaults to \f[C]2048\f[R], which is actually the desired value.
-However, some tools, e.g.\ the \f[C]prl_disk_tool\f[R] utility from the
-Parallels virtualization suite require this to be set to \f[C]34\f[R],
-otherwise they might fail to resize the disk image and/or partitions
-inside it.
-.TP
-\f[B]\f[CB]Bootable=\f[B]\f[R], \f[B]\f[CB]--bootable\f[B]\f[R], \f[B]\f[CB]-b\f[B]\f[R]
-Generate a bootable image.
-By default this will generate an image bootable on UEFI systems.
-Use \f[C]BootProtocols=\f[R] to select support for a different boot
-protocol.
-.TP
-\f[B]\f[CB]BootProtocols=\f[B]\f[R], \f[B]\f[CB]--boot-protocols=\f[B]\f[R]
-Pick one or more boot protocols to support when generating a bootable
-image, as enabled with \f[C]Bootable=\f[R].
-Takes a comma-separated list of \f[C]uefi\f[R] or \f[C]bios\f[R].
-May be specified more than once in which case the specified lists are
-merged.
-If \f[C]uefi\f[R] is specified the \f[C]sd-boot\f[R] UEFI boot loader is
-used, if \f[C]bios\f[R] is specified the GNU Grub boot loader is used.
-Use \[lq]!*\[rq] to remove all previously added protocols or
-\[lq]!protocol\[rq] to remove one protocol.
-.TP
-\f[B]\f[CB]KernelCommandLine=\f[B]\f[R], \f[B]\f[CB]--kernel-command-line=\f[B]\f[R]
-Use the specified kernel command line when building bootable images.
-By default command line arguments get appended.
-To remove all arguments from the current list pass \[lq]!*\[rq].
-To remove specific arguments add a space separated list of \[lq]!\[rq]
-prefixed arguments.
-For example adding \[lq]!* console=ttyS0 rw\[rq] to a
-\f[C]mkosi.default\f[R] file or the command line arguments passes
-\[lq]console=ttyS0 rw\[rq] to the kernel in any case.
-Just adding \[lq]console=ttyS0 rw\[rq] would append these two arguments
-to the kernel command line created by lower priority configuration files
-or previous \f[C]KernelCommandLine=\f[R] command line arguments.
-.TP
-\f[B]\f[CB]SecureBoot=\f[B]\f[R], \f[B]\f[CB]--secure-boot\f[B]\f[R]
-Sign the resulting kernel/initrd image for UEFI SecureBoot.
-.TP
-\f[B]\f[CB]SecureBootKey=\f[B]\f[R], \f[B]\f[CB]--secure-boot-key=\f[B]\f[R]
-Path to the PEM file containing the secret key for signing the UEFI
-kernel image, if \f[C]SecureBoot=\f[R] is used.
-.TP
-\f[B]\f[CB]SecureBootCertificate=\f[B]\f[R], \f[B]\f[CB]--secure-boot-certificate=\f[B]\f[R]
-Path to the X.509 file containing the certificate for the signed UEFI
-kernel image, if \f[C]SecureBoot=\f[R] is used.
-.TP
-\f[B]\f[CB]SecureBootCommonName=\f[B]\f[R], \f[B]\f[CB]--secure-boot-common-name=\f[B]\f[R]
-Common name to be used when generating SecureBoot keys via mkosi\[cq]s
-\f[C]genkey\f[R] command.
-Defaults to \f[C]mkosi of %u\f[R], where \f[C]%u\f[R] expands to the
-username of the user invoking mkosi.
-.TP
-\f[B]\f[CB]SecureBootValidDays=\f[B]\f[R], \f[B]\f[CB]--secure-boot-valid-days=\f[B]\f[R]
-Number of days that the keys should remain valid when generating
-SecureBoot keys via mkosi\[cq]s \f[C]genkey\f[R] command.
-Defaults to two years (730 days).
-.TP
-\f[B]\f[CB]ReadOnly=\f[B]\f[R], \f[B]\f[CB]--read-only\f[B]\f[R]
-Set the read-only flag on the root partition in the partition table.
-Only applies to \f[C]gpt_ext4\f[R], \f[C]gpt_xfs\f[R],
-\f[C]gpt_btrfs\f[R], \f[C]subvolume\f[R] output formats, and is implied
-on \f[C]gpt_squashfs\f[R] and \f[C]plain_squashfs\f[R].
-The read-only flag is essentially a hint to tools using the image (see
-https://systemd.io/DISCOVERABLE_PARTITIONS/).
-In particular, all systemd tools like \f[C]systemd-nspawn\f[R] and
-\f[C]systemd-gpt-auto-generator\f[R] will mount such partitions
-read-only, but tools from other project may ignore the flag.
-.TP
-\f[B]\f[CB]Minimize=\f[B]\f[R], \f[B]\f[CB]--minimize\f[B]\f[R]
-Attempt to make the resulting root file system as small as possible by
-removing free space from the file system.
-Only supported for \f[C]gpt_ext4\f[R] and \f[C]gpt_btrfs\f[R].
-For ext4 this relies on \f[C]resize2fs -M\f[R], which reduces the free
-disk space but is not perfect and generally leaves some free space.
-For btrfs the results are optimal and no free space is left.
-.TP
-\f[B]\f[CB]Encrypt=\f[B]\f[R], \f[B]\f[CB]--encrypt\f[B]\f[R]
-Encrypt all partitions in the file system or just the root file system.
-Takes either \f[C]all\f[R] or \f[C]data\f[R] as argument.
-If \f[C]all\f[R], the root, \f[C]/home\f[R] and \f[C]/srv\f[R] file
-systems will be encrypted using dm-crypt/LUKS (with its default
-settings).
-If \f[C]data\f[R], the root file system will be left unencrypted, but
-\f[C]/home\f[R] and \f[C]/srv\f[R] will be encrypted.
-The passphrase to use is read from the \f[C]mkosi.passphrase\f[R] file
-in the current working directory.
-Note that the UEFI System Partition (ESP) containing the boot loader and
-kernel to boot is never encrypted since it needs to be accessible by the
-firmware.
-.TP
-\f[B]\f[CB]Verity=\f[B]\f[R], \f[B]\f[CB]--verity\f[B]\f[R]
-Add a \[lq]Verity\[rq] integrity partition to the image.
-Takes a boolean or the special value \f[C]signed\f[R], and defaults to
-disabled.
-If enabled, the root partition (or \f[C]/usr/\f[R] partition, in case
-\f[C]UsrOnly=\f[R] is enabled) is protected with \f[C]dm-verity\f[R]
-against offline modification, the verification data is placed in an
-additional GPT partition.
-Implies \f[C]ReadOnly=yes\f[R].
-If this is enabled, the Verity root hash is written to an output file
-with \f[C].roothash\f[R] or \f[C].usrhash\f[R] suffix.
-If set to \f[C]signed\f[R], Verity is also enabled, but the resulting
-root hash is then also signed (in PKCS#7 format) with the signature key
-configured with \f[C]SecureBootKey=\f[R].
-Or in other words: the SecureBoot key pair is then used to both sign the
-kernel, if that is enabled, and the root/\f[C]/usr/\f[R] file system.
-This signature is then stored in an additional output file with the
-\f[C].roothash.p7s\f[R] or \f[C].usrhash.p7s\f[R] suffix in DER format.
-It is also written to an additional partition in the image.
-The latter allows generating self-contained signed disk images,
-implementing the Verity provisions described in the Discoverable
-Partitions Specification (https://systemd.io/DISCOVERABLE_PARTITIONS).
-.TP
-\f[B]\f[CB]CompressFs=\f[B]\f[R], \f[B]\f[CB]--compress-fs=\f[B]\f[R]
-Enable or disable internal compression in the file system.
-Only applies to output formats with squashfs or btrfs.
-Takes one of \f[C]zlib\f[R], \f[C]lzo\f[R], \f[C]zstd\f[R],
-\f[C]lz4\f[R], \f[C]xz\f[R] or a boolean value as argument.
-If the latter is used compression is enabled/disabled and the default
-algorithm is used.
-In case of the \f[C]squashfs\f[R] output formats compression is implied,
-but this option may be used to select the algorithm.
-.TP
-\f[B]\f[CB]CompressOutput=\f[B]\f[R], \f[B]\f[CB]--compress-output=\f[B]\f[R]
-Configure compression for the resulting image or archive.
-The argument can be either a boolean or a compression algorithm
-(\f[C]xz\f[R], \f[C]zstd\f[R]).
-\f[C]xz\f[R] compression is used by default.
-Note that when applied to block device image types this means the image
-cannot be started directly but needs to be decompressed first.
-This also means that the \f[C]shell\f[R], \f[C]boot\f[R], \f[C]qemu\f[R]
-verbs are not available when this option is used.
-Implied for \f[C]tar\f[R] and \f[C]cpio\f[R].
-.TP
-\f[B]\f[CB]Compress=\f[B]\f[R], \f[B]\f[CB]--compress=\f[B]\f[R]
-Enable compression.
-Using this option is equivalent to either \f[C]CompressFs=\f[R] or
-\f[C]CompressOutput=\f[R]; the appropriate type of compression is
-selected automatically.
-.TP
-\f[B]\f[CB]Mksquashfs=\f[B]\f[R], \f[B]\f[CB]--mksquashfs=\f[B]\f[R]
-Set the path to the \f[C]mksquashfs\f[R] executable to use.
-This is useful in case the parameters for the tool shall be augmented,
-as the tool may be replaced by a script invoking it with the right
-parameters, this way.
-.TP
-\f[B]\f[CB]QCow2=\f[B]\f[R], \f[B]\f[CB]--qcow2\f[B]\f[R]
-Encode the resulting image as QEMU QCOW2 image.
-This only applies to \f[C]gpt_ext4\f[R], \f[C]gpt_xfs\f[R],
-\f[C]gpt_btrfs\f[R], \f[C]gpt_squashfs\f[R].
-QCOW2 images can be read natively by \f[C]qemu\f[R], but not by the
-Linux kernel.
-This means the \f[C]shell\f[R] and \f[C]boot\f[R] verbs are not
-available when this option is used, however \f[C]qemu\f[R] will work.
-.TP
-\f[B]\f[CB]Hostname=\f[B]\f[R], \f[B]\f[CB]--hostname=\f[B]\f[R]
-Set the image\[cq]s hostname to the specified name.
-.TP
-\f[B]\f[CB]ImageVersion=\f[B]\f[R], \f[B]\f[CB]--image-version=\f[B]\f[R]
-Configure the image version.
-This accepts any string, but it is recommended to specify a series of
-dot separated components.
-The version may also be configured in a file \f[C]mkosi.version\f[R] in
-which case it may be conveniently managed via the \f[C]bump\f[R] verb or
-the \f[C]--auto-bump\f[R] switch.
-When specified the image version is included in the default output file
-name, i.e.\ instead of \f[C]image.raw\f[R] the default will be
-\f[C]image_0.1.raw\f[R] for version \f[C]0.1\f[R] of the image, and
-similar.
-The version is also passed via the \f[C]$IMAGE_VERSION\f[R] to any build
-scripts invoked (which may be useful to patch it into
-\f[C]/etc/os-release\f[R] or similar, in particular the
-\f[C]IMAGE_VERSION=\f[R] field of it).
-.TP
-\f[B]\f[CB]ImageId=\f[B]\f[R], \f[B]\f[CB]--image-id=\f[B]\f[R]
-Configure the image identifier.
-This accepts a freeform string that shall be used to identify the image
-with.
-If set the default output file will be named after it (possibly suffixed
-with the version).
-If this option is used the root, \f[C]/usr/\f[R] and Verity partitions
-in the image will have their labels set to this (possibly suffixed by
-the image version).
-The identifier is also passed via the \f[C]$IMAGE_ID\f[R] to any build
-scripts invoked (which may be useful to patch it into
-\f[C]/etc/os-release\f[R] or similar, in particular the
-\f[C]IMAGE_ID=\f[R] field of it).
-.TP
-\f[B]\f[CB]WithUnifiedKernelImages=\f[B]\f[R], \f[B]\f[CB]--without-unified-kernel-images\f[B]\f[R]
-If specified, mkosi does not build unified kernel images and instead
-installs kernels with a separate initrd and boot loader config to the
-efi or bootloader partition.
-.TP
-\f[B]\f[CB]HostonlyInitrd=\f[B]\f[R], \f[B]\f[CB]--hostonly-initrd\f[B]\f[R]
-If specified, mkosi will run the tool to create the initrd such that a
-non-generic initrd is created that will only be able to run on the
-system mkosi is run on.
-Currently mkosi uses dracut for all supported distributions except Clear
-Linux and this option translates to enabling dracut\[cq]s hostonly
-option.
-.TP
-\f[B]\f[CB]UsrOnly=\f[B]\f[R], \f[B]\f[CB]--usr-only\f[B]\f[R]
-If specified, \f[C]mkosi\f[R] will only add the \f[C]/usr/\f[R]
-directory tree (instead of the whole root file system) to the image.
-This is useful for fully stateless systems that come up pristine on
-every single boot, where \f[C]/etc/\f[R] and \f[C]/var/\f[R] are
-populated by \f[C]systemd-tmpfiles\f[R]/\f[C]systemd-sysusers\f[R] and
-related calls, or systems that are originally shipped without a root
-file system, but where \f[C]systemd-repart\f[R] adds one on the first
-boot.
-.TP
-\f[B]\f[CB]SplitArtifacts=\f[B]\f[R], \f[B]\f[CB]--split-artifacts\f[B]\f[R]
-If specified and building an image with a partition table, also write
-out the root file system partition, its Verity partition (if configured)
-and the generated unified kernel (if configured) into separate output
-files.
-This is useful in A/B update scenarios where an existing disk image
-shall be augmented with a new version of a root or \f[C]/usr\f[R]
-partition along with its Verity partition and unified kernel.
-.TP
-\f[B]\f[CB]NoChown=\f[B]\f[R], \f[B]\f[CB]--no-chown\f[B]\f[R]
-By default, if \f[C]mkosi\f[R] is run inside a \f[C]sudo\f[R]
-environment all generated artifacts have their UNIX user/group ownership
-changed to the user which invoked \f[C]sudo\f[R].
-With this option this may be turned off and all generated files are
-owned by \f[C]root\f[R].
-.TP
-\f[B]\f[CB]TarStripSELinuxContext=\f[B]\f[R], \f[B]\f[CB]--tar-strip-selinux-context\f[B]\f[R]
-If running on a SELinux-enabled system (Fedora Linux, CentOS, Rocky
-Linux, Alma Linux), files inside the container are tagged with SELinux
-context extended attributes (\f[C]xattrs\f[R]), which may interfere with
-host SELinux rules in building or further container import stages.
-This option strips SELinux context attributes from the resulting tar
-archive.
-.TP
-\f[B]\f[CB]MachineID=\f[B]\f[R], \f[B]\f[CB]--machine-id\f[B]\f[R]
-Set the machine\[cq]s ID to the specified value.
-If unused, a random ID will be used while building the image and the
-final image will be shipped without a machine ID.
-.SS [Content] Section
-.TP
-\f[B]\f[CB]BasePackages=\f[B]\f[R], \f[B]\f[CB]--base-packages\f[B]\f[R]
-Takes a boolean or the special value \f[C]conditional\f[R].
-If true, automatically install packages to ensure basic functionality,
-as appropriate for the given image type.
-For example, \f[C]systemd\f[R] is always included,
-\f[C]systemd-udev\f[R] and \f[C]dracut\f[R] if the image is bootable,
-and so on.
-If false, only packages specified with \f[C]Packages=\f[R] will be
-installed.
-If \f[C]conditional\f[R], the list of packages to install will be
-extended with boolean dependencies (c.f.
-https://rpm.org/user_doc/boolean_dependencies.html), to install specific
-packages when \f[I]other\f[R] packages are in the list.
-For example, \f[C]systemd-udev\f[R] may be automatically included if the
-image is bootable and \f[C]systemd\f[R] is installed.
-With this, various \[lq]base\[rq] packages still need to be specified if
-they should be included, but the corresponding \[lq]extension\[rq]
-packages will be added automatically when appropriate.
-This feature depends on support in the package manager, so it is not
-implemented for all distributions.
-.TP
-\f[B]\f[CB]Packages=\f[B]\f[R], \f[B]\f[CB]--package=\f[B]\f[R], \f[B]\f[CB]-p\f[B]\f[R]
-Install the specified distribution packages (i.e.\ RPM, DEB, \&...) in
-the image.
-Takes a comma separated list of package specifications.
-This option may be used multiple times in which case the specified
-package lists are combined.
-Packages specified this way will be installed both in the development
-and the final image.
-Use \f[C]BuildPackages=\f[R] to specify packages that shall only be used
-for the image generated in the build image, but that shall not appear in
-the final image.
-The types and syntax of \[lq]package specifications\[rq] that are
-allowed depend on the package installer (e.g.\ \f[C]dnf\f[R] or
-\f[C]yum\f[R] for \f[C]rpm\f[R]-based distros or \f[C]apt\f[R] for
-\f[C]deb\f[R]-based distros), but may include package names, package
-names with version and/or architecture, package name globs, paths to
-packages in the file system, package groups, and virtual provides,
-including file paths.
-To remove a package e.g.\ added by a \f[C]mkosi.default\f[R]
-configuration file prepend the package name with \f[C]!\f[R].
-For example -p \[lq]!apache2\[rq] would remove the apache2 package.
-To replace the apache2 package by the httpd package just add -p
-\[lq]!apache2,httpd\[rq] to the command line arguments.
-To remove all packages use \[lq]!*\[rq].
-Example: when using an distro that uses \f[C]dnf\f[R],
-\f[C]Packages=meson libfdisk-devel.i686 git-* prebuilt/rpms/systemd-249-rc1.local.rpm /usr/bin/ld \[at]development-tools python3dist(mypy)\f[R]
-would install the \f[C]meson\f[R] package (in the latest version), the
-32-bit version of the \f[C]libfdisk-devel\f[R] package, all available
-packages that start with the \f[C]git-\f[R] prefix, a \f[C]systemd\f[R]
-rpm from the local file system, one of the packages that provides
-\f[C]/usr/bin/ld\f[R], the packages in the \[lq]Development Tools\[rq]
-group, and the package that contains the \f[C]mypy\f[R] python module.
-.TP
-\f[B]\f[CB]WithDocs=\f[B]\f[R], \f[B]\f[CB]--with-docs\f[B]\f[R]
-Include documentation in the image built.
-By default if the underlying distribution package manager supports it
-documentation is not included in the image built.
-The \f[C]$WITH_DOCS\f[R] environment variable passed to the
-\f[C]mkosi.build\f[R] script indicates whether this option was used or
-not.
-.TP
-\f[B]\f[CB]WithTests=\f[B]\f[R], \f[B]\f[CB]--without-tests\f[B]\f[R], \f[B]\f[CB]-T\f[B]\f[R]
-If set to false (or when the command-line option is used), the
-\f[C]$WITH_TESTS\f[R] environment variable is set to \f[C]0\f[R] when
-the \f[C]mkosi.build\f[R] script is invoked.
-This is supposed to be used by the build script to bypass any unit or
-integration tests that are normally run during the source build process.
-Note that this option has no effect unless the \f[C]mkosi.build\f[R]
-build script honors it.
-.TP
-\f[B]\f[CB]Cache=\f[B]\f[R], \f[B]\f[CB]--cache=\f[B]\f[R]
-Takes a path to a directory to use as package cache for the distribution
-package manager used.
-If this option is not used, but a \f[C]mkosi.cache/\f[R] directory is
-found in the local directory it is automatically used for this purpose.
-The directory configured this way is mounted into both the development
-and the final image while the package manager is running.
-.TP
-\f[B]\f[CB]SkeletonTree=\f[B]\f[R], \f[B]\f[CB]--skeleton-tree=\f[B]\f[R]
-Takes a path to a directory to copy into the OS tree before invoking the
-package manager.
-Use this to insert files and directories into the OS tree before the
-package manager installs any packages.
-If this option is not used, but the \f[C]mkosi.skeleton/\f[R] directory
-is found in the local directory it is automatically used for this
-purpose (also see the \[lq]Files\[rq] section below).
-Instead of a directory, a tar file may be provided.
-In this case it is unpacked into the OS tree before the package manager
-is invoked.
-This mode of operation allows setting permissions and file ownership
-explicitly, in particular for projects stored in a version control
-system such as \f[C]git\f[R] which retain full file ownership and access
-mode metadata for committed files.
-If the tar file \f[C]mkosi.skeleton.tar\f[R] is found in the local
-directory it will be automatically used for this purpose.
-.TP
-\f[B]\f[CB]ExtraTree=\f[B]\f[R], \f[B]\f[CB]--extra-tree=\f[B]\f[R]
-Takes a path to a directory to copy on top of the OS tree the package
-manager generated.
-Use this to override any default configuration files shipped with the
-distribution.
-If this option is not used, but the \f[C]mkosi.extra/\f[R] directory is
-found in the local directory it is automatically used for this purpose
-(also see the \[lq]Files\[rq] section below).
-As with the skeleton tree logic above, instead of a directory, a tar
-file may be provided too.
-\f[C]mkosi.skeleton.tar\f[R] will be automatically used if found in the
-local directory.
-.TP
-\f[B]\f[CB]CleanPackageMetadata=\f[B]\f[R], \f[B]\f[CB]--clean-package-metadata=\f[B]\f[R]
-Enable/disable removal of package manager databases, caches, and logs at
-the end of installation.
-Can be specified as true, false, or \[lq]\f[C]auto\f[R]\[rq] (the
-default).
-With \[lq]\f[C]auto\f[R]\[rq], files will be removed if the respective
-package manager executable is \f[I]not\f[R] present at the end of the
-installation.
-.TP
-\f[B]\f[CB]RemoveFiles=\f[B]\f[R], \f[B]\f[CB]--remove-files=\f[B]\f[R]
-Takes a comma-separated list of globs.
-Files in the image matching the globs will be purged at the end.
-.TP
-\f[B]\f[CB]RemovePackages=\f[B]\f[R], \f[B]\f[CB]--remove-package=\f[B]\f[R]
-Takes a comma-separated list of package specifications for removal, in
-the same format as \f[C]Packages=\f[R].
-The removal will be performed as one of the last steps.
-This step is skipped if \f[C]CleanPackageMetadata=no\f[R] is used.
-This option is currently only implemented for distributions using
-\f[C]dnf\f[R].
-.TP
-\f[B]\f[CB]Environment=\f[B]\f[R], \f[B]\f[CB]--environment=\f[B]\f[R]
-Adds variables to the environment that the
-build/prepare/postinstall/finalize scripts are executed with.
-Takes a space-separated list of variable assignments or just variable
-names.
-In the latter case, the values of those variables will be passed through
-from the environment in which \f[C]mkosi\f[R] was invoked.
-This option may be specified more than once, in which case all listed
-variables will be set.
-If the same variable is set twice, the later setting overrides the
-earlier one.
-.TP
-\f[B]\f[CB]BuildSources=\f[B]\f[R], \f[B]\f[CB]--build-sources=\f[B]\f[R]
-Takes a path to a source tree to copy into the development image, if the
-build script is used.
-This only applies if a build script is used, and defaults to the local
-directory.
-Use \f[C]SourceFileTransfer=\f[R] to configure how the files are
-transferred from the host to the container image.
-.TP
-\f[B]\f[CB]BuildDirectory=\f[B]\f[R], \f[B]\f[CB]--build-dir=\f[B]\f[R]
-Takes a path of a directory to use as build directory for build systems
-that support out-of-tree builds (such as Meson).
-The directory used this way is shared between repeated builds, and
-allows the build system to reuse artifacts (such as object files,
-executable, \&...) generated on previous invocations.
-This directory is mounted into the development image when the build
-script is invoked.
-The build script can find the path to this directory in the
-\f[C]$BUILDDIR\f[R] environment variable.
-If this option is not specified, but a directory
-\f[C]mkosi.builddir/\f[R] exists in the local directory it is
-automatically used for this purpose (also see the \[lq]Files\[rq]
-section below).
-.TP
-\f[B]\f[CB]IncludeDirectory=\f[B]\f[R], \f[B]\f[CB]--include-directory=\f[B]\f[R]
-Takes a path of a directory to use as the include directory.
-This directory is mounted at \f[C]/usr/include\f[R] when building the
-build image and running the build script.
-This means all include files installed to \f[C]/usr/include\f[R] will be
-stored in this directory.
-This is useful to make include files available on the host system for
-use by language servers to provide code completion.
-If this option is not specified, but a directory
-\f[C]mkosi.includedir/\f[R] exists in the local directory, it is
-automatically used for this purpose (also see the \[lq]Files\[rq]
-section below).
-.TP
-\f[B]\f[CB]InstallDirectory=\f[B]\f[R], \f[B]\f[CB]--install-directory=\f[B]\f[R]
-Takes a path of a directory to use as the install directory.
-The directory used this way is shared between builds and allows the
-build system to not have to reinstall files that were already installed
-by a previous build and didn\[cq]t change.
-The build script can find the path to this directory in the
-\f[C]$DESTDIR\f[R] environment variable.
-If this option is not specified, but a directory
-\f[C]mkosi.installdir\f[R] exists in the local directory, it is
-automatically used for this purpose (also see the \[lq]Files\[rq]
-section below).
-.TP
-\f[B]\f[CB]BuildPackages=\f[B]\f[R], \f[B]\f[CB]--build-package=\f[B]\f[R]
-Similar to \f[C]Packages=\f[R], but configures packages to install only
-in the first phase of the build, into the development image.
-This option should be used to list packages containing header files,
-compilers, build systems, linkers and other build tools the
-\f[C]mkosi.build\f[R] script requires to operate.
-Note that packages listed here are only included in the image created
-during the first phase of the build, and are absent in the final image.
-Use \f[C]Packages=\f[R] to list packages that shall be included in both.
-Packages are appended to the list.
-Packages prefixed with \[lq]!\[rq] are removed from the list.
-\[lq]!*\[rq] removes all packages from the list.
-.TP
-\f[B]\f[CB]Password=\f[B]\f[R], \f[B]\f[CB]--password=\f[B]\f[R]
-Set the password of the \f[C]root\f[R] user.
-By default the \f[C]root\f[R] account is locked.
-If this option is not used, but a file \f[C]mkosi.rootpw\f[R] exists in
-the local directory, the root password is automatically read from it.
-.TP
-\f[B]\f[CB]PasswordIsHashed=\f[B]\f[R], \f[B]\f[CB]--password-is-hashed\f[B]\f[R]
-Indicate that the password supplied for the \f[C]root\f[R] user has
-already been hashed, so that the string supplied with
-\f[C]Password=\f[R] or \f[C]mkosi.rootpw\f[R] will be written to
-\f[C]/etc/shadow\f[R] literally.
-.TP
-\f[B]\f[CB]Autologin=\f[B]\f[R], \f[B]\f[CB]--autologin\f[B]\f[R]
-Enable autologin for the \f[C]root\f[R] user on \f[C]/dev/pts/0\f[R]
-(nspawn), \f[C]/dev/tty1\f[R] (QEMU) and \f[C]/dev/ttyS0\f[R] (QEMU with
-\f[C]QemuHeadless=yes\f[R]) by patching \f[C]/etc/pam.d/login\f[R].
-.TP
-\f[B]\f[CB]SkipFinalPhase=\f[B]\f[R], \f[B]\f[CB]--skip-final-phase=\f[B]\f[R]
-Causes the (second) final image build stage to be skipped.
-This is useful in combination with a build script, for when you care
-about the artifacts that were created locally in \f[C]$BUILDDIR\f[R],
-but ultimately plan to discard the final image.
-.TP
-\f[B]\f[CB]BuildScript=\f[B]\f[R], \f[B]\f[CB]--build-script=\f[B]\f[R]
-Takes a path to an executable that is used as build script for this
-image.
-If this option is used the build process will be two-phased instead of
-single-phased.
-The specified script is copied onto the development image and executed
-inside an \f[C]systemd-nspawn\f[R] container environment.
-If this option is not used, but the \f[C]mkosi.build\f[R] file found in
-the local directory it is automatically used for this purpose (also see
-the \[lq]Files\[rq] section below).
-Specify an empty value to disable automatic detection.
-.TP
-\f[B]\f[CB]PrepareScript=\f[B]\f[R], \f[B]\f[CB]--prepare-script=\f[B]\f[R]
-Takes a path to an executable that is invoked inside the image right
-after installing the software packages.
-It is the last step before the image is cached (if incremental mode is
-enabled).
-This script is invoked inside a \f[C]systemd-nspawn\f[R] container
-environment, and thus does not have access to host resources.
-If this option is not used, but an executable script
-\f[C]mkosi.prepare\f[R] is found in the local directory, it is
-automatically used for this purpose.
-Specify an empty value to disable automatic detection.
-.TP
-\f[B]\f[CB]PostInstallationScript=\f[B]\f[R], \f[B]\f[CB]--postinst-script=\f[B]\f[R]
-Takes a path to an executable that is invoked inside the final image
-right after copying in the build artifacts generated in the first phase
-of the build.
-This script is invoked inside a \f[C]systemd-nspawn\f[R] container
-environment, and thus does not have access to host resources.
-If this option is not used, but an executable \f[C]mkosi.postinst\f[R]
-is found in the local directory, it is automatically used for this
-purpose.
-Specify an empty value to disable automatic detection.
-.TP
-\f[B]\f[CB]FinalizeScript=\f[B]\f[R], \f[B]\f[CB]--finalize-script=\f[B]\f[R]
-Takes a path to an executable that is invoked outside the final image
-right after copying in the build artifacts generated in the first phase
-of the build, and after having executed the \f[C]mkosi.postinst\f[R]
-script (see \f[C]PostInstallationScript=\f[R]).
-This script is invoked directly in the host environment, and hence has
-full access to the host\[cq]s resources.
-If this option is not used, but an executable \f[C]mkosi.finalize\f[R]
-is found in the local directory, it is automatically used for this
-purpose.
-Specify an empty value to disable automatic detection.
-.TP
-\f[B]\f[CB]SourceFileTransfer=\f[B]\f[R], \f[B]\f[CB]--source-file-transfer=\f[B]\f[R]
-Configures how the source file tree (as configured with
-\f[C]BuildSources=\f[R]) is transferred into the container image during
-the first phase of the build.
-Takes one of \f[C]copy-all\f[R] (to copy all files from the source
-tree), \f[C]copy-git-cached\f[R] (to copy only those files
-\f[C]git ls-files --cached\f[R] lists), \f[C]copy-git-others\f[R] (to
-copy only those files \f[C]git ls-files --others\f[R] lists),
-\f[C]mount\f[R] to bind mount the source tree directly.
-Defaults to \f[C]copy-git-cached\f[R] if a \f[C]git\f[R] source tree is
-detected, otherwise \f[C]copy-all\f[R].
-When you specify \f[C]copy-git-more\f[R], it is the same as
-\f[C]copy-git-cached\f[R], except it also includes the \f[C].git/\f[R]
-directory.
-.TP
-\f[B]\f[CB]SourceFileTransferFinal=\f[B]\f[R], \f[B]\f[CB]--source-file-transfer-final=\f[B]\f[R]
-Same as \f[C]SourceFileTransfer=\f[R], but for the final image instead
-of the build image.
-Takes the same values as \f[C]SourceFileFransfer=\f[R] except
-\f[C]mount\f[R].
-By default, sources are not copied into the final image.
-.TP
-\f[B]\f[CB]SourceResolveSymlinks=\f[B]\f[R], \f[B]\f[CB]--source-resolve-symlinks\f[B]\f[R]
-If given, any symbolic links in the source file tree are resolved and
-the file contents are copied to the build image.
-If not given, they are left as symbolic links.
-This only applies if \f[C]SourceFileTransfer=\f[R] is
-\f[C]copy-all\f[R].
-Defaults to leaving them as symbolic links.
-.TP
-\f[B]\f[CB]SourceResolveSymlinksFinal=\f[B]\f[R], \f[B]\f[CB]--source-resolve-symlinks-final\f[B]\f[R]
-Same as \f[C]SourceResolveSymlinks=\f[R], but for the final image
-instead of the build image.
-.TP
-\f[B]\f[CB]WithNetwork=\f[B]\f[R], \f[B]\f[CB]--with-network\f[B]\f[R]
-When true, enables network connectivity while the build script
-\f[C]mkosi.build\f[R] is invoked.
-By default, the build script runs with networking turned off.
-The \f[C]$WITH_NETWORK\f[R] environment variable is passed to the
-\f[C]mkosi.build\f[R] build script indicating whether the build is done
-with or without network.
-If specified as \f[C]never\f[R], the package manager is instructed not
-to contact the network for updating package data.
-This provides a minimal level of reproducibility, as long as the package
-data cache is already fully populated.
-.TP
-\f[B]\f[CB]Settings=\f[B]\f[R], \f[B]\f[CB]--settings=\f[B]\f[R]
-Specifies a \f[C].nspawn\f[R] settings file for \f[C]systemd-nspawn\f[R]
-to use in the \f[C]boot\f[R] and \f[C]shell\f[R] verbs, and to place
-next to the generated image file.
-This is useful to configure the \f[C]systemd-nspawn\f[R] environment
-when the image is run.
-If this setting is not used but an \f[C]mkosi.nspawn\f[R] file found in
-the local directory it is automatically used for this purpose.
-.SS [Partitions] Section
-.TP
-\f[B]\f[CB]BaseImage=\f[B]\f[R], \f[B]\f[CB]--base-image=\f[B]\f[R]
-Use the specified directory or file system image as the base image, and
-create the output image that consists only of changes from this base.
-The base image is attached as the lower file system in an overlayfs
-structure, and the output filesystem becomes the upper layer, initially
-empty.
-Thus files that are not modified compared to the base image are not
-present in the output image.
-This option may be used to create systemd \[lq]system extensions\[rq] or
-portable services.
-See https://systemd.io/PORTABLE_SERVICES/#extension-images for more
-information.
-.TP
-\f[B]\f[CB]RootSize=\f[B]\f[R], \f[B]\f[CB]--root-size=\f[B]\f[R]
-Takes a size in bytes for the root file system.
-The specified numeric value may be suffixed with \f[C]K\f[R],
-\f[C]M\f[R], \f[C]G\f[R] to indicate kilo-, mega- and gigabytes (all to
-the base of 1024).
-This applies to output formats \f[C]gpt_ext4\f[R], \f[C]gpt_xfs\f[R],
-\f[C]gpt_btrfs\f[R].
-Defaults to 3G.
-.TP
-\f[B]\f[CB]ESPSize=\f[B]\f[R], \f[B]\f[CB]--esp-size=\f[B]\f[R]
-Similar to \f[C]RootSize=\f[R], configures the size of the UEFI System
-Partition (ESP).
-This is only relevant if the \f[C]Bootable=\f[R] option is used to
-generate a bootable image.
-Defaults to 256 MB.
-.TP
-\f[B]\f[CB]SwapSize=\f[B]\f[R], \f[B]\f[CB]--swap-size=\f[B]\f[R]
-Similar to \f[C]RootSize=\f[R], configures the size of a swap partition
-on the image.
-If omitted, no swap partition is created.
-.TP
-\f[B]\f[CB]HomeSize=\f[B]\f[R], \f[B]\f[CB]--home-size=\f[B]\f[R]
-Similar to \f[C]RootSize=\f[R], configures the size of the
-\f[C]/home\f[R] partition.
-If omitted, no separate \f[C]/home\f[R] partition is created.
-.TP
-\f[B]\f[CB]SrvSize=\f[B]\f[R], \f[B]\f[CB]--srv-size=\f[B]\f[R]
-Similar to \f[C]RootSize=\f[R], configures the size of the
-\f[C]/srv\f[R] partition.
-If omitted, no separate \f[C]/srv\f[R] partition is created.
-.SS [Validation] Section
-.TP
-\f[B]\f[CB]Checksum=\f[B]\f[R], \f[B]\f[CB]--checksum\f[B]\f[R]
-Generate a \f[C]SHA256SUMS\f[R] file of all generated artifacts after
-the build is complete.
-.TP
-\f[B]\f[CB]Sign=\f[B]\f[R], \f[B]\f[CB]--sign\f[B]\f[R]
-Sign the generated \f[C]SHA256SUMS\f[R] using \f[C]gpg\f[R] after
-completion.
-.TP
-\f[B]\f[CB]Key=\f[B]\f[R], \f[B]\f[CB]--key=\f[B]\f[R]
-Select the \f[C]gpg\f[R] key to use for signing \f[C]SHA256SUMS\f[R].
-This key must be already present in the \f[C]gpg\f[R] keyring.
-.TP
-\f[B]\f[CB]BMap=\f[B]\f[R], \f[B]\f[CB]--bmap\f[B]\f[R]
-Generate a \f[C]bmap\f[R] file for usage with \f[C]bmaptool\f[R] from
-the generated image file.
-.SS [Host] Section
-.TP
-\f[B]\f[CB]ExtraSearchPaths=\f[B]\f[R], \f[B]\f[CB]--extra-search-paths=\f[B]\f[R]
-List of colon-separated paths to look for tools in, before using the
-regular \f[C]$PATH\f[R] search path.
-.TP
-\f[B]\f[CB]QemuHeadless=\f[B]\f[R], \f[B]\f[CB]--qemu-headless=\f[B]\f[R]
-When used with the \f[C]build\f[R] verb, this option adds
-\f[C]console=ttyS0\f[R] to the image\[cq]s kernel command line and sets
-the terminal type of the serial console in the image to the terminal
-type of the host (more specifically, the value of the \f[C]$TERM\f[R]
-environment variable passed to mkosi).
-This makes sure that all terminal features such as colors and shortcuts
-still work as expected when connecting to the qemu VM over the serial
-console (for example via \f[C]-nographic\f[R]).
-When used with the \f[C]qemu\f[R] verb, this option adds the
-\f[C]-nographic\f[R] option to \f[C]qemu\f[R]\[cq]s command line so qemu
-starts a headless vm and connects to its serial console from the current
-terminal instead of launching the VM in a separate window.
-.TP
-\f[B]\f[CB]QemuSmp=\f[B]\f[R], \f[B]\f[CB]--qemu-smp=\f[B]\f[R]
-When used with the \f[C]qemu\f[R] verb, this options sets
-\f[C]qemu\f[R]\[cq]s \f[C]-smp\f[R] argument which controls the number
-of guest\[cq]s CPUs.
-Defaults to \f[C]2\f[R].
-.TP
-\f[B]\f[CB]QemuMem=\f[B]\f[R], \f[B]\f[CB]--qemu-mem=\f[B]\f[R]
-When used with the \f[C]qemu\f[R] verb, this options sets
-\f[C]qemu\f[R]\[cq]s \f[C]-m\f[R] argument which controls the amount of
-guest\[cq]s RAM.
-Defaults to \f[C]1G\f[R].
-.TP
-\f[B]\f[CB]QemuKvm=\f[B]\f[R], \f[B]\f[CB]--qemu-kvm=\f[B]\f[R]
-When used with the \f[C]qemu\f[R] verb, this option specifies whether
-QEMU should use KVM acceleration.
-Defaults to yes if the host machine supports KVM acceleration, no
-otherwise.
-.TP
-\f[B]\f[CB]NspawnKeepUnit=\f[B]\f[R], \f[B]\f[CB]--nspawn-keep-unit\f[B]\f[R]
-When used, this option instructs underlying calls of systemd-nspawn to
-use the current unit scope, instead of creating a dedicated transcient
-scope unit for the containers.
-This option should be used when mkosi is run by a service unit.
-.TP
-\f[B]\f[CB]Netdev=\f[B]\f[R], \f[B]\f[CB]--netdev\f[B]\f[R]
-When used with the boot or qemu verbs, this option creates a virtual
-ethernet link between the host and the container/VM.
-The host interface is automatically picked up by systemd-networkd as
-documented in systemd-nspawn\[cq]s man page:
-https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#-n
-.TP
-\f[B]\f[CB]Ephemeral=\f[B]\f[R], \f[B]\f[CB]--ephemeral\f[B]\f[R]
-When used with the \f[C]shell\f[R], \f[C]boot\f[R], or \f[C]qemu\f[R]
-verbs, this option runs the specified verb on a temporary snapshot of
-the output image that is removed immediately when the container
-terminates.
-Taking the temporary snapshot is more efficient on file systems that
-support subvolume snapshots or `reflinks' natively (\[lq]btrfs\[rq] or
-new \[lq]xfs\[rq]) than on more traditional file systems that do not
-(\[lq]ext4\[rq]).
-.TP
-\f[B]\f[CB]Ssh=\f[B]\f[R], \f[B]\f[CB]--ssh\f[B]\f[R]
-If specified, installs and enables \f[C]sshd\f[R] in the final image and
-generates a SSH keypair and adds the public key to root\[cq]s
-\f[C]authorized_keys\f[R] in the final image.
-The private key is stored in mkosi\[cq]s output directory.
-When building with this option and running the image using
-\f[C]mkosi boot\f[R] or \f[C]mkosi qemu\f[R], the \f[C]mkosi ssh\f[R]
-command can be used to connect to the container/VM via SSH.
-.TP
-\f[B]\f[CB]SshKey=\f[B]\f[R], \f[B]\f[CB]--ssh-key=\f[B]\f[R]
-If specified, use the given private key when connecting to the guest
-machine via \f[C]mkosi ssh\f[R].
-This requires the public key counterpart to be present in the same
-location, suffixed with \f[C].pub\f[R] (as done by
-\f[C]ssh-keygen\f[R]).
-If this option is not present, \f[C]mkosi\f[R] generates a new key pair
-automatically.
-.TP
-\f[B]\f[CB]SshAgent=\f[B]\f[R], \f[B]\f[CB]--ssh-agent=\f[B]\f[R]
-If specified as a path, use the given socket to connect to the ssh agent
-when building an image and when connecting via \f[C]mkosi ssh\f[R]
-instead of hard-coding a key.
-If specified as \f[C]true\f[R], \f[C]$SSH_AUTH_SOCK\f[R] will be parsed
-instead (hint: use \f[C]sudo\f[R] with \f[C]-E\f[R]).
-The keys listed by \f[C]ssh-add -L\f[R] will be installed as authorized
-keys in the built image.
-The \f[C]ssh\f[R] invocation done by \f[C]mkosi ssh\f[R] will inherit
-\f[C]$SSH_AUTH_SOCK\f[R] for authentication purposes.
-.TP
-\f[B]\f[CB]SshPort=\f[B]\f[R], \f[B]\f[CB]--ssh-port=\f[B]\f[R]
-In the image, sshd will be configured to listen on this port.
-\f[C]mkosi ssh\f[R] will connect to this port.
-.TP
-\f[B]\f[CB]SshTimeout=\f[B]\f[R], \f[B]\f[CB]--ssh-timeout=\f[B]\f[R]
-When used with the \f[C]ssh\f[R] verb, \f[C]mkosi\f[R] will attempt to
-retry the SSH connection up to given timeout (in seconds) in case it
-fails.
-This option is useful mainly in scripted environments where the
-\f[C]qemu\f[R] and \f[C]ssh\f[R] verbs are used in a quick succession
-and the virtual device might not get enough time to configure itself.
-.SS Commandline-only Options
-.PP
-Those settings cannot be configured in the configuration files.
-.TP
-\f[B]\f[CB]--directory=\f[B]\f[R], \f[B]\f[CB]-C\f[B]\f[R]
-Takes a path to a directory.
-\f[C]mkosi\f[R] switches to this directory before doing anything.
-Note that the various \f[C]mkosi.*\f[R] files are searched for only
-after changing to this directory, hence using this option is an
-effective way to build a project located in a specific directory.
-.TP
-\f[B]\f[CB]--default=\f[B]\f[R]
-Loads additional settings from the specified settings file.
-Most command line options may also be configured in a settings file.
-See the table below to see which command line options match which
-settings file option.
-If this option is not used, but a file \f[C]mkosi.default\f[R] is found
-in the local directory it is automatically used for this purpose.
-If a setting is configured both on the command line and in the settings
-file, the command line generally wins, except for options taking lists
-in which case both lists are combined.
-.TP
-\f[B]\f[CB]--all\f[B]\f[R], \f[B]\f[CB]-a\f[B]\f[R]
-Iterate through all files \f[C]mkosi.*\f[R] in the
-\f[C]mkosi.files/\f[R] subdirectory, and build each as if
-\f[C]--default=mkosi.files/mkosi.\&...\f[R] was invoked.
-This is a quick way to build a large number of images in one go.
-Any additional specified command line arguments override the relevant
-options in all files processed this way.
-.TP
-\f[B]\f[CB]--all-directory=\f[B]\f[R]
-If specified, overrides the directory the \f[C]--all\f[R] logic
-described above looks for settings files in.
-If unspecified, defaults to \f[C]mkosi.files/\f[R] in the current
-working directory.
-.TP
-\f[B]\f[CB]--incremental\f[B]\f[R], \f[B]\f[CB]-i\f[B]\f[R]
-Enable incremental build mode.
-This only applies if the two-phase \f[C]mkosi.build\f[R] build script
-logic is used.
-In this mode, a copy of the OS image is created immediately after all OS
-packages are unpacked but before the \f[C]mkosi.build\f[R] script is
-invoked in the development container.
-Similarly, a copy of the final image is created immediately before the
-build artifacts from the \f[C]mkosi.build\f[R] script are copied in.
-On subsequent invocations of \f[C]mkosi\f[R] with the \f[C]-i\f[R]
-switch these cached images may be used to skip the OS package unpacking,
-thus drastically speeding up repetitive build times.
-Note that when this is used and a pair of cached incremental images
-exists they are not automatically regenerated, even if options such as
-\f[C]Packages=\f[R] are modified.
-In order to force rebuilding of these cached images, combine
-\f[C]-i\f[R] with \f[C]-ff\f[R] to ensure cached images are first
-removed and then re-created.
-.TP
-\f[B]\f[CB]--debug=\f[B]\f[R]
-Enable additional debugging output.
-Takes a comma-separated list of arguments specifying the area of
-interest.
-Pass any invalid value (e.g.\ empty) to list currently accepted values.
-.TP
-\f[B]\f[CB]--version\f[B]\f[R]
-Show package version.
-.TP
-\f[B]\f[CB]--help\f[B]\f[R], \f[B]\f[CB]-h\f[B]\f[R]
-Show brief usage information.
-.TP
-\f[B]\f[CB]--auto-bump\f[B]\f[R], \f[B]\f[CB]-B\f[B]\f[R]
-If specified, after each successful build the the version is bumped in a
-fashion equivalent to the \f[C]bump\f[R] verb, in preparation for the
-next build.
-This is useful for simple, linear version management: each build in a
-series will have a version number one higher then the previous one.
-.SS Supported distributions
-.PP
-Images may be created containing installations of the following
-operating systems:
-.IP \[bu] 2
-\f[I]Fedora Linux\f[R]
-.IP \[bu] 2
-\f[I]Debian\f[R]
-.IP \[bu] 2
-\f[I]Ubuntu\f[R]
-.IP \[bu] 2
-\f[I]Arch Linux\f[R]
-.IP \[bu] 2
-\f[I]openSUSE\f[R]
-.IP \[bu] 2
-\f[I]Mageia\f[R]
-.IP \[bu] 2
-\f[I]CentOS\f[R]
-.IP \[bu] 2
-\f[I]Clear Linux\f[R]
-.IP \[bu] 2
-\f[I]Photon\f[R]
-.IP \[bu] 2
-\f[I]OpenMandriva\f[R]
-.IP \[bu] 2
-\f[I]Rocky Linux\f[R]
-.IP \[bu] 2
-\f[I]Alma Linux\f[R]
-.IP \[bu] 2
-\f[I]Gentoo\f[R]
-.PP
-In theory, any distribution may be used on the host for building images
-containing any other distribution, as long as the necessary tools are
-available.
-Specifically, any distribution that packages \f[C]debootstrap\f[R] may
-be used to build \f[I]Debian\f[R] or \f[I]Ubuntu\f[R] images.
-Any distribution that packages \f[C]dnf\f[R] may be used to build
-\f[I]Fedora Linux\f[R], \f[I]Mageia\f[R] or \f[I]OpenMandriva\f[R]
-images.
-Any distro that packages \f[C]pacstrap\f[R] may be used to build
-\f[I]Arch Linux\f[R] images.
-Any distribution that packages \f[C]zypper\f[R] may be used to build
-\f[I]openSUSE\f[R] images.
-Any distribution that packages \f[C]yum\f[R] (or the newer replacement
-\f[C]dnf\f[R]) may be used to build \f[I]CentOS\f[R], \f[I]Rocky
-Linux\f[R], or \f[I]Alma Linux\f[R] images.
-Any distribution that packages \f[C]emerge\f[R] may be used to build
-\f[I]Gentoo\f[R] images.
-.PP
-Currently, \f[I]Fedora Linux\f[R] packages all relevant tools as of
-Fedora 28.
-.SS Compatibility
-.PP
-Legacy concepts are avoided: generated images use \f[I]GPT\f[R] disk
-labels (and no \f[I]MBR\f[R] labels), and only systemd-based images may
-be generated.
-.PP
-All generated \f[I]GPT\f[R] disk images may be booted in a local
-container directly with:
-.IP
-.nf
-\f[C]
-systemd-nspawn -bi image.raw
-\f[R]
-.fi
-.PP
-Additionally, bootable \f[I]GPT\f[R] disk images (as created with the
-\f[C]--bootable\f[R] flag) work when booted directly by \f[I]EFI\f[R]
-and \f[I]BIOS\f[R] systems, for example in \f[I]KVM\f[R] via:
-.IP
-.nf
-\f[C]
-qemu-kvm -m 512 -smp 2 -bios /usr/share/edk2/ovmf/OVMF_CODE.fd -drive format=raw,file=image.raw
-\f[R]
-.fi
-.PP
-\f[I]EFI\f[R] bootable \f[I]GPT\f[R] images are larger than plain
-\f[I]GPT\f[R] images, as they additionally carry an \f[I]EFI\f[R] system
-partition containing a boot loader, as well as a kernel, kernel modules,
-udev and more.
-.PP
-All directory or btrfs subvolume images may be booted directly with:
-.IP
-.nf
-\f[C]
-systemd-nspawn -bD image
-\f[R]
-.fi
-.SH Files
-.PP
-To make it easy to build images for development versions of your
-projects, mkosi can read configuration data from the local directory,
-under the assumption that it is invoked from a \f[I]source\f[R] tree.
-Specifically, the following files are used if they exist in the local
-directory:
-.IP \[bu] 2
-The \f[B]\f[CB]mkosi.default\f[B]\f[R] file provides the default
-configuration for the image building process.
-For example, it may specify the distribution to use (\f[C]fedora\f[R],
-\f[C]ubuntu\f[R], \f[C]debian\f[R], \f[C]arch\f[R], \f[C]opensuse\f[R],
-\f[C]mageia\f[R], \f[C]openmandriva\f[R], \f[C]gentoo\f[R]) for the
-image, or additional distribution packages to install.
-Note that all options encoded in this configuration file may also be set
-on the command line, and this file is hence little more than a way to
-make sure invoking \f[C]mkosi\f[R] without further parameters in your
-\f[I]source\f[R] tree is enough to get the right image of your choice
-set up.
-.RS 2
-.PP
-Additionally, if a \f[I]\f[CI]mkosi.default.d/\f[I]\f[R] directory
-exists, each file in it is loaded in the same manner adding/overriding
-the values specified in \f[C]mkosi.default\f[R].
-If \f[C]mkosi.default.d/\f[R] contains a directory named after the
-distribution being built, each file in that directory is also processed.
-.PP
-The file format is inspired by Windows \f[C].ini\f[R] files and supports
-multi-line assignments: any line with initial whitespace is considered a
-continuation line of the line before.
-Command-line arguments, as shown in the help description, have to be
-included in a configuration block (e.g.\ \[lq]\f[C][Content]\f[R]\[rq])
-corresponding to the argument group (e.g.\ \[lq]\f[C]Content\f[R]\[rq]),
-and the argument gets converted as follows:
-\[lq]\f[C]--with-network\f[R]\[rq] becomes
-\[lq]\f[C]WithNetwork=yes\f[R]\[rq].
-For further details see the table above.
-.RE
-.IP \[bu] 2
-The \f[B]\f[CB]mkosi.skeleton/\f[B]\f[R] directory or
-\f[B]\f[CB]mkosi.skeleton.tar\f[B]\f[R] archive may be used to insert
-files into the image.
-The files are copied \f[I]before\f[R] the distribution packages are
-installed into the image.
-This allows creation of files that need to be provided early, for
-example to configure the package manager or set systemd presets.
-.RS 2
-.PP
-When using the directory, file ownership is not preserved: all files
-copied will be owned by root.
-To preserve ownership, use a tar archive.
-.RE
-.IP \[bu] 2
-The \f[B]\f[CB]mkosi.extra/\f[B]\f[R] directory or
-\f[B]\f[CB]mkosi.extra.tar\f[B]\f[R] archive may be used to insert
-additional files into the image, on top of what the distribution
-includes in its packages.
-They are similar to \f[C]mkosi.skeleton/\f[R] and
-\f[C]mkosi.skeleton.tar\f[R], but the files are copied into the
-directory tree of the image \f[I]after\f[R] the OS was installed.
-.RS 2
-.PP
-When using the directory, file ownership is not preserved: all files
-copied will be owned by root.
-To preserve ownership, use a tar archive.
-.RE
-.IP \[bu] 2
-\f[B]\f[CB]mkosi.build\f[B]\f[R] may be an executable script.
-If it exists, the image will be built twice: the first iteration will be
-the \f[I]development\f[R] image, the second iteration will be the
-\f[I]final\f[R] image.
-The \f[I]development\f[R] image is used to build the project in the
-current working directory (the \f[I]source\f[R] tree).
-For that the whole directory is copied into the image, along with the
-\f[C]mkosi.build\f[R] script.
-The script is then invoked inside the image (via
-\f[C]systemd-nspawn\f[R]), with \f[C]$SRCDIR\f[R] pointing to the
-\f[I]source\f[R] tree.
-\f[C]$DESTDIR\f[R] points to a directory where the script should place
-any files generated it would like to end up in the \f[I]final\f[R]
-image.
-Note that \f[C]make\f[R]/\f[C]automake\f[R]/\f[C]meson\f[R] based build
-systems generally honor \f[C]$DESTDIR\f[R], thus making it very natural
-to build \f[I]source\f[R] trees from the build script.
-After the \f[I]development\f[R] image was built and the build script ran
-inside of it, it is removed again.
-After that the \f[I]final\f[R] image is built, without any
-\f[I]source\f[R] tree or build script copied in.
-However, this time the contents of \f[C]$DESTDIR\f[R] are added into the
-image.
-.RS 2
-.PP
-When the source tree is copied into the \f[I]build\f[R] image, all files
-are copied, except for \f[C]mkosi.builddir/\f[R], \f[C]mkosi.cache/\f[R]
-and \f[C]mkosi.output/\f[R].
-That said, \f[C].gitignore\f[R] is respected if the source tree is a
-\f[C]git\f[R] checkout.
-If multiple different images shall be built from the same source tree it
-is essential to exclude their output files from this copy operation, as
-otherwise a version of an image built earlier might be included in a
-later build, which is usually not intended.
-An alternative to excluding these built images via \f[C].gitignore\f[R]
-entries is to use the \f[C]mkosi.output/\f[R] directory, which is an
-easy way to exclude all build artifacts.
-.PP
-The \f[C]$MKOSI_DEFAULT\f[R] environment variable will be set inside of
-this script so that you know which \f[C]mkosi.default\f[R] (if any) was
-passed in.
-.RE
-.IP \[bu] 2
-The \f[B]\f[CB]mkosi.prepare\f[B]\f[R] script is invoked directly after
-the software packages are installed, from within the image context, if
-it exists.
-It is once called for the \f[I]development\f[R] image (if this is
-enabled, see above) with the \[lq]build\[rq] command line parameter,
-right before copying the extra tree.
-It is called a second time for the \f[I]final\f[R] image with the
-\[lq]final\[rq] command line parameter.
-This script has network access and may be used to install packages from
-other sources than the distro\[cq]s package manager
-(e.g.\ \f[C]pip\f[R], \f[C]npm\f[R], \&...), after all software packages
-are installed but before the image is cached (if incremental mode is
-enabled).
-This script is executed within \f[C]$SRCDIR\f[R].
-In contrast to a general purpose installation, it is safe to install
-packages to the system (\f[C]pip install\f[R],
-\f[C]npm install -g\f[R]) instead of in \f[C]$SRCDIR\f[R] itself
-because the build image is only used for a single project and can easily
-be thrown away and rebuilt so there\[cq]s no risk of conflicting
-dependencies and no risk of polluting the host system.
-.IP \[bu] 2
-The \f[B]\f[CB]mkosi.postinst\f[B]\f[R] script is invoked as the
-penultimate step of preparing an image, from within the image context,
-if it exists.
-It is called first for the \f[I]development\f[R] image (if this is
-enabled, see above) with the \[lq]build\[rq] command line parameter,
-right before invoking the build script.
-It is called a second time for the \f[I]final\f[R] image with the
-\[lq]final\[rq] command line parameter, right before the image is
-considered complete.
-This script may be used to alter the images without any restrictions,
-after all software packages and built sources have been installed.
-Note that this script is executed directly in the image context with the
-final root directory in place, without any
-\f[C]$SRCDIR\f[R]/\f[C]$DESTDIR\f[R] setup.
-.IP \[bu] 2
-The \f[B]\f[CB]mkosi.finalize\f[B]\f[R] script, if it exists, is invoked
-as last step of preparing an image, from the host system.
-It is once called for the \f[I]development\f[R] image (if this is
-enabled, see above) with the \[lq]build\[rq] command line parameter, as
-the last step before invoking the build script, after the
-\f[C]mkosi.postinst\f[R] script is invoked.
-It is called the second time with the \[lq]final\[rq] command line
-parameter as the last step before the image is considered complete.
-The environment variable \f[C]$BUILDROOT\f[R] points to the root
-directory of the installation image.
-Additional verbs may be added in the future, the script should be
-prepared for that.
-This script may be used to alter the images without any restrictions,
-after all software packages and built sources have been installed.
-This script is more flexible than \f[C]mkosi.postinst\f[R] in two
-regards: it has access to the host file system so it\[cq]s easier to
-copy in additional files or to modify the image based on external
-configuration, and the script is run in the host, so it can be used even
-without emulation even if the image has a foreign architecture.
-.IP \[bu] 2
-The \f[B]\f[CB]mkosi.mksquashfs-tool\f[B]\f[R] script, if it exists,
-will be called wherever \f[C]mksquashfs\f[R] would be called.
-.IP \[bu] 2
-The \f[B]\f[CB]mkosi.nspawn\f[B]\f[R] nspawn settings file will be
-copied into the same place as the output image file, if it exists.
-This is useful since nspawn looks for settings files next to image files
-it boots, for additional container runtime settings.
-.IP \[bu] 2
-The \f[B]\f[CB]mkosi.cache/\f[B]\f[R] directory, if it exists, is
-automatically used as package download cache, in order to speed repeated
-runs of the tool.
-.IP \[bu] 2
-The \f[B]\f[CB]mkosi.builddir/\f[B]\f[R] directory, if it exists, is
-automatically used as out-of-tree build directory, if the build commands
-in the \f[C]mkosi.build\f[R] script support it.
-Specifically, this directory will be mounted into the build container,
-and the \f[C]$BUILDDIR\f[R] environment variable will be set to it when
-the build script is invoked.
-The build script may then use this directory as build directory, for
-automake-style or ninja-style out-of-tree builds.
-This speeds up builds considerably, in particular when \f[C]mkosi\f[R]
-is used in incremental mode (\f[C]-i\f[R]): not only the disk images,
-but also the build tree is reused between subsequent invocations.
-Note that if this directory does not exist the \f[C]$BUILDDIR\f[R]
-environment variable is not set, and it is up to build script to decide
-whether to do in in-tree or an out-of-tree build, and which build
-directory to use.
-.IP \[bu] 2
-The \f[B]\f[CB]mkosi.includedir/\f[B]\f[R] directory, if it exists, is
-automatically used as an out-of-tree include directory for header files.
-Specifically, it will be mounted in the build container at
-\f[C]/usr/include/\f[R] when building the build image and when running
-the build script.
-After building the (cached) build image, this directory will contain all
-the files installed to \f[C]/usr/include\f[R].
-Language servers or other tools can use these files to provide a better
-editing experience for developers working on a project.
-.IP \[bu] 2
-The \f[B]\f[CB]mkosi.installdir/\f[B]\f[R] directory, if it exists, is
-automatically used as the install directory.
-Specifically, this directory will be mounted into the container at
-\f[C]/root/dest\f[R] when running the build script.
-After running the build script, the contents of this directory are
-installed into the final image.
-This is useful to cache the install step of the build.
-If used, subsequent builds will only have to reinstall files that have
-changed since the previous build.
-.IP \[bu] 2
-The \f[B]\f[CB]mkosi.rootpw\f[B]\f[R] file can be used to provide the
-password or hashed password (if \f[C]--password-is-hashed\f[R] is set)
-for the root user of the image.
-The password may optionally be followed by a newline character which is
-implicitly removed.
-The file must have an access mode of 0600 or less.
-If this file does not exist, the distribution\[cq]s default root
-password is set (which usually means access to the root user is
-blocked).
-.IP \[bu] 2
-The \f[B]\f[CB]mkosi.passphrase\f[B]\f[R] file provides the passphrase
-to use when LUKS encryption is selected.
-It should contain the passphrase literally, and not end in a newline
-character (i.e.\ in the same format as cryptsetup and
-\f[C]/etc/crypttab\f[R] expect the passphrase files).
-The file must have an access mode of 0600 or less.
-If this file does not exist and encryption is requested, the user is
-queried instead.
-.IP \[bu] 2
-The \f[B]\f[CB]mkosi.secure-boot.crt\f[B]\f[R] and
-\f[B]\f[CB]mkosi.secure-boot.key\f[B]\f[R] files contain an X.509
-certificate and PEM private key to use when UEFI SecureBoot support is
-enabled.
-All EFI binaries included in the image\[cq]s ESP are signed with this
-key, as a late step in the build process.
-.IP \[bu] 2
-The \f[B]\f[CB]mkosi.output/\f[B]\f[R] directory will be used for all
-build artifacts, if the image output path is not configured (i.e.\ no
-\f[C]--output=\f[R] setting specified), or configured to a filename
-(i.e.\ a path containing no \f[C]/\f[R] character).
-This includes the image itself, the root hash file in case Verity is
-used, the checksum and its signature if that\[cq]s enabled, and the
-nspawn settings file if there is any.
-Note that this directory is not used if the image output path contains
-at least one slash, and has no effect in that case.
-This setting is particularly useful if multiple different images shall
-be built from the same working directory, as otherwise the build result
-of a preceding run might be copied into a build image as part of the
-source tree (see above).
-.IP \[bu] 2
-The \f[B]\f[CB]mkosi.reposdir/\f[B]\f[R] directory, if it exists, is
-automatically used as the repository directory for extra repository
-files.
-See the \f[C]RepositoryDirectory\f[R] option for more information.
-.PP
-All these files are optional.
-.PP
-Note that the location of all these files may also be configured during
-invocation via command line switches, and as settings in
-\f[C]mkosi.default\f[R], in case the default settings are not acceptable
-for a project.
-.SH BUILD PHASES
-.PP
-If no build script \f[C]mkosi.build\f[R] (see above) is used the build
-consists of a single phase only: the final image is generated as the
-combination of \f[C]mkosi.skeleton/\f[R] (see above), the unpacked
-distribution packages and \f[C]mkosi.extra/\f[R].
-.PP
-If a build script \f[C]mkosi.build\f[R] is used the build consists of
-two phases: in the the first \f[C]development\f[R] phase an image that
-includes necessary build tools (i.e.\ the combination of
-\f[C]Packages=\f[R] and \f[C]BuildPackages=\f[R] is installed) is
-generated (i.e.\ the combination of \f[C]mkosi.skeleton/\f[R] and
-unpacked distribution packages).
-Into this image the source tree is copied and \f[C]mkosi.build\f[R]
-executed.
-The artifacts the \f[C]mkosi.build\f[R] generates are saved.
-Then, the second \f[C]final\f[R] phase starts: an image that excludes
-the build tools (i.e.\ only \f[C]Packages=\f[R] is installed,
-\f[C]BuildPackages=\f[R] is not) is generated.
-This time the build artifacts saved from the first phase are copied in,
-and \f[C]mkosi.extra\f[R] copied on top, thus generating the final
-image.
-.PP
-The two-phased approach ensures that source tree is executed in a clean
-and comprehensive environment, while at the same the final image remains
-minimal and contains only those packages necessary at runtime, but
-avoiding those necessary at build-time.
-.PP
-Note that only the package cache \f[C]mkosi.cache/\f[R] is shared
-between the two phases.
-The distribution package manager is executed exactly once in each phase,
-always starting from a directory tree that is populated with
-\f[C]mkosi.skeleton\f[R] but nothing else.
-.SH CACHING
-.PP
-\f[C]mkosi\f[R] supports three different caches for speeding up
-repetitive re-building of images.
-Specifically:
-.IP "1." 3
-The package cache of the distribution package manager may be cached
-between builds.
-This is configured with the \f[C]--cache=\f[R] option or the
-\f[C]mkosi.cache/\f[R] directory.
-This form of caching relies on the distribution\[cq]s package manager,
-and caches distribution packages (RPM, DEB, \&...) after they are
-downloaded, but before they are unpacked.
-.IP "2." 3
-If an \f[C]mkosi.build\f[R] script is used, by enabling incremental
-build mode with \f[C]--incremental\f[R], a cached copy of the
-development and final images can be made immediately before the build
-sources are copied in (for the development image) or the artifacts
-generated by \f[C]mkosi.build\f[R] are copied in (in case of the final
-image).
-This form of caching allows bypassing the time-consuming package
-unpacking step of the distribution package managers, but is only
-effective if the list of packages to use remains stable, but the build
-sources and its scripts change regularly.
-Note that this cache requires manual flushing: whenever the package list
-is modified the cached images need to be explicitly removed before the
-next re-build, using the \f[C]-f\f[R] switch.
-.IP "3." 3
-Finally, between multiple builds the build artifact directory may be
-shared, using the \f[C]mkosi.builddir/\f[R] directory.
-This directory allows build systems such as Meson to reuse already
-compiled sources from a previous built, thus speeding up the build
-process of the \f[C]mkosi.build\f[R] build script.
-.PP
-The package cache (i.e.\ the first item above) is unconditionally
-useful.
-The latter two caches only apply to uses of \f[C]mkosi\f[R] with a
-source tree and build script.
-When all three are enabled together turn-around times for complete image
-builds are minimal, as only changed source files need to be recompiled:
-an OS image rebuilt will be almost as quick to build the source tree
-only.
-.SH ENVIRONMENT VARIABLES
-.PP
-The build script \f[C]mkosi.build\f[R] receives the following
-environment variables:
-.IP \[bu] 2
-\f[C]$SRCDIR\f[R] contains the path to the sources to build.
-.IP \[bu] 2
-\f[C]$DESTDIR\f[R] is a directory into which any artifacts generated by
-the build script shall be placed.
-.IP \[bu] 2
-\f[C]$BUILDDIR\f[R] is only defined if \f[C]mkosi.builddir\f[R] and
-points to the build directory to use.
-This is useful for all build systems that support out-of-tree builds to
-reuse already built artifacts from previous runs.
-.IP \[bu] 2
-\f[C]$WITH_DOCS\f[R] is either \f[C]0\f[R] or \f[C]1\f[R] depending on
-whether a build without or with installed documentation was requested
-(\f[C]WithDocs=yes\f[R]).
-The build script should suppress installation of any package
-documentation to \f[C]$DESTDIR\f[R] in case \f[C]$WITH_DOCS\f[R] is set
-to \f[C]0\f[R].
-.IP \[bu] 2
-\f[C]$WITH_TESTS\f[R] is either \f[C]0\f[R]or \f[C]1\f[R] depending on
-whether a build without or with running the test suite was requested
-(\f[C]WithTests=no\f[R]).
-The build script should avoid running any unit or integration tests in
-case \f[C]$WITH_TESTS\f[R] is \f[C]0\f[R].
-.IP \[bu] 2
-\f[C]$WITH_NETWORK\f[R] is either \f[C]0\f[R]or \f[C]1\f[R] depending on
-whether a build without or with networking is being executed
-(\f[C]WithNetwork=no\f[R]).
-The build script should avoid any network communication in case
-\f[C]$WITH_NETWORK\f[R] is \f[C]0\f[R].
-.SH EXAMPLES
-.PP
-Create and run a raw \f[I]GPT\f[R] image with \f[I]ext4\f[R], as
-\f[C]image.raw\f[R]:
-.IP
-.nf
-\f[C]
-# mkosi --bootable --incremental boot
-\f[R]
-.fi
-.PP
-Create and run a bootable btrfs \f[I]GPT\f[R] image, as
-\f[C]foobar.raw\f[R]:
-.IP
-.nf
-\f[C]
-# mkosi --format gpt_btrfs --bootable -o foobar.raw
-# mkosi --output foobar.raw boot
-# mkosi --output foobar.raw qemu
-\f[R]
-.fi
-.PP
-Create and run a \f[I]Fedora Linux\f[R] image into a plain directory:
-.IP
-.nf
-\f[C]
-# mkosi --distribution fedora --format directory boot
-\f[R]
-.fi
-.PP
-Create a compressed image \f[C]image.raw.xz\f[R] and add a checksum
-file, and install \f[I]SSH\f[R] into it:
-.IP
-.nf
-\f[C]
-# mkosi --distribution fedora --format gpt_squashfs --checksum --compress --package=openssh-clients
-\f[R]
-.fi
-.PP
-Inside the source directory of an \f[C]automake\f[R]-based project,
-configure \f[I]mkosi\f[R] so that simply invoking \f[C]mkosi\f[R]
-without any parameters builds an OS image containing a built version of
-the project in its current state:
-.IP
-.nf
-\f[C]
-# cat >mkosi.default <<EOF
-[Distribution]
-Distribution=fedora
-Release=24
-
-[Output]
-Format=gpt_btrfs
-Bootable=yes
-
-[Content]
-Packages=openssh-clients,httpd
-BuildPackages=make,gcc,libcurl-devel
-EOF
-# cat >mkosi.build <<EOF
-#!/bin/sh
-cd $SRCDIR
-\&./autogen.sh
-\&./configure --prefix=/usr
-make -j \[ga]nproc\[ga]
-make install
-EOF
-# chmod +x mkosi.build
-# mkosi --bootable --incremental boot
-# systemd-nspawn -bi image.raw
-\f[R]
-.fi
-.PP
-To create a \f[I]Fedora Linux\f[R] image with hostname:
-.IP
-.nf
-\f[C]
-# mkosi --distribution fedora --hostname image
-\f[R]
-.fi
-.PP
-Also you could set hostname in configuration file:
-.IP
-.nf
-\f[C]
-# cat mkosi.default
-\&...
-[Output]
-Hostname=image
-\&...
-\f[R]
-.fi
-.SH REQUIREMENTS
-.PP
-mkosi is packaged for various distributions: Debian, Ubuntu, Arch Linux,
-Fedora Linux, OpenMandriva, Gentoo.
-It is usually easiest to use the distribution package.
-.PP
-The current version requires systemd 233 (or actually, systemd-nspawn of
-it).
-.PP
-When not using distribution packages make sure to install the necessary
-dependencies.
-For example, on \f[I]Fedora Linux\f[R] you need:
-.IP
-.nf
-\f[C]
-dnf install arch-install-scripts btrfs-progs debootstrap dosfstools edk2-ovmf e2fsprogs squashfs-tools gnupg python3 tar veritysetup xfsprogs xz zypper sbsigntools
-\f[R]
-.fi
-.PP
-On Debian/Ubuntu it might be necessary to install the
-\f[C]ubuntu-keyring\f[R], \f[C]ubuntu-archive-keyring\f[R] and/or
-\f[C]debian-archive-keyring\f[R] packages explicitly, in addition to
-\f[C]debootstrap\f[R], depending on what kind of distribution images you
-want to build.
-\f[C]debootstrap\f[R] on Debian only pulls in the Debian keyring on its
-own, and the version on Ubuntu only the one from Ubuntu.
-.PP
-Note that the minimum required Python version is 3.7.
-.SH REFERENCES
-.IP \[bu] 2
-Primary mkosi git repository on
-GitHub (https://github.com/systemd/mkosi/)
-.IP \[bu] 2
-mkosi \[em] A Tool for Generating OS
-Images (http://0pointer.net/blog/mkosi-a-tool-for-generating-os-images.html)
-introductory blog post by Lennart Poettering
-.IP \[bu] 2
-The mkosi OS generation tool (https://lwn.net/Articles/726655/) story on
-LWN
-.SH SEE ALSO
-.PP
-\f[C]systemd-nspawn(1)\f[R], \f[C]dnf(8)\f[R], \f[C]debootstrap(8)\f[R]
-.SH AUTHORS
-The mkosi Authors.
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-18 15:32:13 +0000