summaryrefslogtreecommitdiffstats
path: root/mkosi.conf.d
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-09-16 18:20:20 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-09-16 18:20:20 +0000
commit8612d3d858fa108e5732a586d4e2d0227ae34422 (patch)
tree33e7f8b3d5caa6c44b4d6759cb25d3eff4b2d975 /mkosi.conf.d
parentAdding debian version 256.2-1. (diff)
downloadsystemd-8612d3d858fa108e5732a586d4e2d0227ae34422.tar.xz
systemd-8612d3d858fa108e5732a586d4e2d0227ae34422.zip
Merging upstream version 256.4.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'mkosi.conf.d')
-rw-r--r--mkosi.conf.d/10-arch/mkosi.conf54
-rw-r--r--mkosi.conf.d/10-arch/mkosi.conf.d/10-debug.conf7
-rwxr-xr-xmkosi.conf.d/10-arch/mkosi.prepare33
-rw-r--r--mkosi.conf.d/10-centos-fedora/mkosi.conf60
-rw-r--r--mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-debug.conf17
-rw-r--r--mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-selinux.conf13
-rwxr-xr-xmkosi.conf.d/10-centos-fedora/mkosi.prepare19
-rw-r--r--mkosi.conf.d/10-centos.conf11
-rw-r--r--mkosi.conf.d/10-centos/mkosi.conf19
-rw-r--r--mkosi.conf.d/10-centos/mkosi.conf.d/10-epel.conf (renamed from mkosi.conf.d/10-fedora.conf)6
-rw-r--r--mkosi.conf.d/10-centos/mkosi.conf.d/20-epel-packages.conf13
-rw-r--r--mkosi.conf.d/10-debian-ubuntu/mkosi-pinning.pref3
-rw-r--r--mkosi.conf.d/10-debian-ubuntu/mkosi.conf77
-rw-r--r--mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/10-debug.conf29
-rw-r--r--mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf16
-rw-r--r--mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf (renamed from mkosi.conf.d/10-extra-search-paths.conf)6
-rwxr-xr-xmkosi.conf.d/10-debian-ubuntu/mkosi.prepare16
-rw-r--r--mkosi.conf.d/10-debian/mkosi.conf (renamed from mkosi.conf.d/10-debian.conf)6
-rw-r--r--mkosi.conf.d/10-debian/mkosi.conf.d/arm64.conf8
-rw-r--r--mkosi.conf.d/10-debian/mkosi.conf.d/x86-64.conf8
-rw-r--r--mkosi.conf.d/10-fedora/mkosi.conf25
-rw-r--r--mkosi.conf.d/10-opensuse.conf8
-rw-r--r--mkosi.conf.d/10-opensuse/macros.db_backend (renamed from mkosi.conf.d/macros.db_backend)0
-rw-r--r--mkosi.conf.d/10-opensuse/mkosi.conf79
-rw-r--r--mkosi.conf.d/10-opensuse/mkosi.conf.d/10-debug.conf21
-rwxr-xr-xmkosi.conf.d/10-opensuse/mkosi.prepare23
-rw-r--r--mkosi.conf.d/10-tools.conf8
-rw-r--r--mkosi.conf.d/10-ubuntu.conf8
-rw-r--r--mkosi.conf.d/10-ubuntu/mkosi.conf14
-rw-r--r--mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf10
-rw-r--r--mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf10
-rw-r--r--mkosi.conf.d/10-ubuntu/noble-backports-ports.sources6
-rw-r--r--mkosi.conf.d/10-ubuntu/noble-backports.sources6
-rw-r--r--mkosi.conf.d/20-build.conf9
-rw-r--r--mkosi.conf.d/20-none.conf11
-rw-r--r--mkosi.conf.d/20-particle/mkosi.conf15
-rw-r--r--mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/15-swap.conf6
-rw-r--r--mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/20-root.conf6
-rw-r--r--mkosi.conf.d/20-particle/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf3
-rwxr-xr-xmkosi.conf.d/20-particle/mkosi.finalize6
-rwxr-xr-xmkosi.conf.d/20-particle/mkosi.postinst.chroot12
-rw-r--r--mkosi.conf.d/20-particle/mkosi.repart/00-esp.conf9
-rw-r--r--mkosi.conf.d/20-particle/mkosi.repart/10-usr.conf9
-rw-r--r--mkosi.conf.d/20-particle/mkosi.repart/11-usr-verity.conf7
-rw-r--r--mkosi.conf.d/20-particle/mkosi.repart/12-usr-verity-sig.conf6
-rw-r--r--mkosi.conf.d/20-sanitizers.conf4
46 files changed, 701 insertions, 41 deletions
diff --git a/mkosi.conf.d/10-arch/mkosi.conf b/mkosi.conf.d/10-arch/mkosi.conf
new file mode 100644
index 0000000..5a4015e
--- /dev/null
+++ b/mkosi.conf.d/10-arch/mkosi.conf
@@ -0,0 +1,54 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+Distribution=arch
+
+[Content]
+VolatilePackages=
+ systemd
+ systemd-libs
+ systemd-resolvconf
+ systemd-sysvcompat
+ systemd-tests
+ systemd-ukify
+
+Packages=
+ bind
+ bpf
+ btrfs-progs
+ compsize
+ cryptsetup
+ dbus-broker
+ dbus-broker-units
+ dhcp
+ erofs-utils
+ f2fs-tools
+ git
+ gnutls
+ iproute
+ iputils
+ knot
+ linux
+ man-db
+ multipath-tools
+ nmap
+ open-iscsi
+ openssh
+ openssl
+ pacman
+ perf
+ polkit
+ procps-ng
+ psmisc
+ python-pexpect
+ python-psutil
+ qrencode
+ quota-tools
+ sbsigntools
+ shadow
+ softhsm
+ squashfs-tools
+ stress-ng
+ tgt
+ tpm2-tools
+ vim
diff --git a/mkosi.conf.d/10-arch/mkosi.conf.d/10-debug.conf b/mkosi.conf.d/10-arch/mkosi.conf.d/10-debug.conf
new file mode 100644
index 0000000..4a6d2e9
--- /dev/null
+++ b/mkosi.conf.d/10-arch/mkosi.conf.d/10-debug.conf
@@ -0,0 +1,7 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+Environment=WITH_DEBUG=1
+
+[Content]
+VolatilePackages=systemd-debug
diff --git a/mkosi.conf.d/10-arch/mkosi.prepare b/mkosi.conf.d/10-arch/mkosi.prepare
new file mode 100755
index 0000000..aac7b3d
--- /dev/null
+++ b/mkosi.conf.d/10-arch/mkosi.prepare
@@ -0,0 +1,33 @@
+#!/bin/bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -e
+
+if [[ "$1" == "build" ]]; then
+ exit 0
+fi
+
+DEPS=""
+
+while read -r PACKAGE; do
+ DEPS="$DEPS $(
+ pacman --sync --info "$PACKAGE" |
+ sed '1,/^$/d' | # Only keep result from first repository (delete everything after first blank line).
+ sed --quiet 's/^Depends On *: //p' # Filter out everything except "Depends On:" line and fetch dependencies from it.
+ )"
+
+ DEPS="$DEPS $(
+ pacman --sync --info "$PACKAGE" |
+ sed '1,/^$/d' | # Only keep result from first repository (delete everything after first blank line).
+ sed --quiet '/Optional Deps/,/Conflicts With/{/Conflicts With/!p}' | # Get every line from "Optional Deps" (inclusive) until "Conflicts With" (exclusive).
+ sed 's/Optional Deps *: //' | # Drop "Optional Deps :" from first line.
+ sed 's/ *\(.*\):.*/\1/' | # Drop descriptions (everything after first colon for all lines).
+ tr '\n' ' ' # Transform newlines to whitespace.
+ )"
+done < <(jq --raw-output .VolatilePackages[] <"$MKOSI_CONFIG")
+
+echo "$DEPS" |
+ xargs | # Remove extra whitespace.
+ tr ' ' '\n' |
+ grep --invert-match --regexp systemd --regexp None | # systemd packages will be installed later on.
+ sort --unique |
+ xargs --delimiter '\n' --no-run-if-empty mkosi-install
diff --git a/mkosi.conf.d/10-centos-fedora/mkosi.conf b/mkosi.conf.d/10-centos-fedora/mkosi.conf
new file mode 100644
index 0000000..5b1865a
--- /dev/null
+++ b/mkosi.conf.d/10-centos-fedora/mkosi.conf
@@ -0,0 +1,60 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+Distribution=|centos
+Distribution=|fedora
+
+[Content]
+VolatilePackages=
+ systemd
+ systemd-boot
+ systemd-container
+ systemd-devel
+ systemd-journal-remote
+ systemd-libs
+ systemd-networkd
+ systemd-networkd-defaults
+ systemd-oomd-defaults
+ systemd-pam
+ systemd-resolved
+ systemd-tests
+ systemd-udev
+ systemd-ukify
+
+Packages=
+ bind-utils
+ bpftool
+ cryptsetup
+ device-mapper-event
+ device-mapper-multipath
+ dnf
+ git-core
+ glibc-langpack-de
+ glibc-langpack-en
+ gnutls-utils
+ integritysetup
+ iproute
+ iproute-tc
+ iputils
+ iscsi-initiator-utils
+ kernel-core
+ libcap-ng-utils
+ man-db
+ nmap-ncat
+ openssh-clients
+ openssh-server
+ pam
+ passwd
+ perf
+ policycoreutils
+ polkit
+ procps-ng
+ python3-pexpect
+ quota
+ rpm
+ softhsm
+ squashfs-tools
+ stress-ng
+ tpm2-tools
+ veritysetup
+ vim-common
diff --git a/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-debug.conf b/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-debug.conf
new file mode 100644
index 0000000..0c3707b
--- /dev/null
+++ b/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-debug.conf
@@ -0,0 +1,17 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+Environment=WITH_DEBUG=1
+
+[Content]
+VolatilePackages=
+ systemd-container-debuginfo
+ systemd-debuginfo
+ systemd-debugsource
+ systemd-journal-remote-debuginfo
+ systemd-libs-debuginfo
+ systemd-networkd-debuginfo
+ systemd-pam-debuginfo
+ systemd-resolved-debuginfo
+ systemd-tests-debuginfo
+ systemd-udev-debuginfo
diff --git a/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-selinux.conf b/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-selinux.conf
new file mode 100644
index 0000000..0a388f3
--- /dev/null
+++ b/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-selinux.conf
@@ -0,0 +1,13 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+# libselinux does not work in the slightest with /usr-only images so don't install the packages if we're
+# building a /usr-only image.
+
+[Match]
+Profile=!particle
+
+[Content]
+Packages=
+ selinux-policy
+ selinux-policy-targeted
+ setools-console
diff --git a/mkosi.conf.d/10-centos-fedora/mkosi.prepare b/mkosi.conf.d/10-centos-fedora/mkosi.prepare
new file mode 100755
index 0000000..2a890bc
--- /dev/null
+++ b/mkosi.conf.d/10-centos-fedora/mkosi.prepare
@@ -0,0 +1,19 @@
+#!/bin/bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -e
+
+if [[ "$1" == "build" ]]; then
+ exit 0
+fi
+
+mapfile -t PACKAGES < <(jq --raw-output .VolatilePackages[] <"$MKOSI_CONFIG")
+
+for DEPS in --requires --recommends --suggests; do
+ # We need --latest-limit=1 to only consider the newest version of the packages.
+ # --latest-limit=1 is per <name>.<arch> so we have to pass --arch= explicitly to make sure i686 packages
+ # are not considerd on x86-64.
+ dnf repoquery --arch="$DISTRIBUTION_ARCHITECTURE" --latest-limit=1 --quiet "$DEPS" "${PACKAGES[@]}" |
+ grep --invert-match --regexp systemd --regexp udev --regexp /bin/sh --regexp grubby --regexp sdubby --regexp libcurl-minimal |
+ sort --unique |
+ xargs --delimiter '\n' --no-run-if-empty mkosi-install
+done
diff --git a/mkosi.conf.d/10-centos.conf b/mkosi.conf.d/10-centos.conf
deleted file mode 100644
index ee8d0e5..0000000
--- a/mkosi.conf.d/10-centos.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-Distribution=centos
-
-[Distribution]
-@Release=9
-Repositories=epel
- epel-next
- hyperscale-packages-main
- hyperscale-packages-experimental
diff --git a/mkosi.conf.d/10-centos/mkosi.conf b/mkosi.conf.d/10-centos/mkosi.conf
new file mode 100644
index 0000000..d97b081
--- /dev/null
+++ b/mkosi.conf.d/10-centos/mkosi.conf
@@ -0,0 +1,19 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+Distribution=centos
+
+[Distribution]
+Release=10
+
+[Content]
+Environment=
+ # We'd prefer to use XFS here but it fails to mount on duplicate filesystem UUIDs which
+ # happens when running tests in parallel so we use ext4 instead.
+ SYSTEMD_REPART_OVERRIDE_FSTYPE_ROOT=ext4
+ # The kernel versions in CentOS Stream 9 doesn't support orphan_file, but later versions of
+ # mkfs.ext4 enabled it by default, so we disable it explicitly.
+ SYSTEMD_REPART_MKFS_OPTIONS_EXT4="-O ^orphan_file"
+
+Packages=
+ kernel-modules # For squashfs
diff --git a/mkosi.conf.d/10-fedora.conf b/mkosi.conf.d/10-centos/mkosi.conf.d/10-epel.conf
index 71948d8..9e92a4f 100644
--- a/mkosi.conf.d/10-fedora.conf
+++ b/mkosi.conf.d/10-centos/mkosi.conf.d/10-epel.conf
@@ -1,7 +1,9 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Match]
-Distribution=fedora
+Release=9
[Distribution]
-@Release=rawhide
+Repositories=
+ epel
+ epel-next
diff --git a/mkosi.conf.d/10-centos/mkosi.conf.d/20-epel-packages.conf b/mkosi.conf.d/10-centos/mkosi.conf.d/20-epel-packages.conf
new file mode 100644
index 0000000..11dc969
--- /dev/null
+++ b/mkosi.conf.d/10-centos/mkosi.conf.d/20-epel-packages.conf
@@ -0,0 +1,13 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+Repositories=epel
+
+[Content]
+Packages=
+ dfuzzer
+ dhcp-server
+ erofs-utils
+ knot
+ qrencode
+ sbsigntools
diff --git a/mkosi.conf.d/10-debian-ubuntu/mkosi-pinning.pref b/mkosi.conf.d/10-debian-ubuntu/mkosi-pinning.pref
new file mode 100644
index 0000000..5649b70
--- /dev/null
+++ b/mkosi.conf.d/10-debian-ubuntu/mkosi-pinning.pref
@@ -0,0 +1,3 @@
+Package: *
+Pin: release l=mkosi
+Pin-Priority: 1100
diff --git a/mkosi.conf.d/10-debian-ubuntu/mkosi.conf b/mkosi.conf.d/10-debian-ubuntu/mkosi.conf
new file mode 100644
index 0000000..43e0781
--- /dev/null
+++ b/mkosi.conf.d/10-debian-ubuntu/mkosi.conf
@@ -0,0 +1,77 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+Distribution=|debian
+Distribution=|ubuntu
+
+[Distribution]
+PackageManagerTrees=mkosi-pinning.pref:/etc/apt/preferences.d/mkosi-pinning.pref
+
+[Content]
+VolatilePackages=
+ libnss-myhostname
+ libnss-mymachines
+ libnss-resolve
+ libnss-systemd
+ libpam-systemd
+ libsystemd-dev
+ libsystemd-shared
+ libsystemd0
+ libudev-dev
+ systemd
+ systemd-container
+ systemd-coredump
+ systemd-cryptsetup
+ systemd-dev
+ systemd-homed
+ systemd-journal-remote
+ systemd-oomd
+ systemd-repart
+ systemd-resolved
+ systemd-sysv
+ systemd-tests
+ systemd-timesyncd
+ systemd-ukify
+ systemd-userdbd
+ udev
+
+Packages=
+ btrfs-progs
+ apt
+ bind9-dnsutils
+ cryptsetup-bin
+ dbus-broker
+ dbus-user-session
+ dmsetup
+ erofs-utils
+ f2fs-tools
+ fdisk
+ git-core
+ gnutls-bin
+ iproute2
+ iputils-ping
+ isc-dhcp-server
+ knot
+ libcap-ng-utils
+ locales
+ man-db
+ multipath-tools
+ ncat
+ open-iscsi
+ openssh-client
+ openssh-server
+ passwd
+ polkitd
+ procps
+ psmisc
+ python3-pexpect
+ python3-psutil
+ qrencode
+ quota
+ softhsm2
+ squashfs-tools
+ stress-ng
+ tgt
+ tpm2-tools
+ tzdata
+ xxd
diff --git a/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/10-debug.conf b/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/10-debug.conf
new file mode 100644
index 0000000..2bb6164
--- /dev/null
+++ b/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/10-debug.conf
@@ -0,0 +1,29 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+Environment=WITH_DEBUG=1
+
+[Content]
+VolatilePackages=
+ libnss-myhostname-dbgsym
+ libnss-mymachines-dbgsym
+ libnss-resolve-dbgsym
+ libnss-systemd-dbgsym
+ libpam-systemd-dbgsym
+ libsystemd-shared-dbgsym
+ libsystemd0-dbgsym
+ libudev1-dbgsym
+ systemd-boot-dbgsym
+ systemd-container-dbgsym
+ systemd-coredump-dbgsym
+ systemd-cryptsetup-dbgsym
+ systemd-dbgsym
+ systemd-homed-dbgsym
+ systemd-journal-remote-dbgsym
+ systemd-oomd-dbgsym
+ systemd-repart-dbgsym
+ systemd-resolved-dbgsym
+ systemd-tests-dbgsym
+ systemd-timesyncd-dbgsym
+ systemd-userdbd-dbgsym
+ udev-dbgsym
diff --git a/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf b/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf
new file mode 100644
index 0000000..781670a
--- /dev/null
+++ b/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf
@@ -0,0 +1,16 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+# sbsigntool exists only on UEFI architectures
+
+[Match]
+Architecture=|x86
+Architecture=|x86-64
+Architecture=|arm
+Architecture=|arm64
+Architecture=|riscv32
+Architecture=|riscv64
+
+[Content]
+Packages=
+ sbsigntool
+ systemd-boot
+ systemd-boot-efi
diff --git a/mkosi.conf.d/10-extra-search-paths.conf b/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf
index bd3cdb1..4fb4f46 100644
--- a/mkosi.conf.d/10-extra-search-paths.conf
+++ b/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf
@@ -1,7 +1,7 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Match]
-PathExists=build/
+Environment=NO_BUILD=1
-[Host]
-ExtraSearchPaths=build/
+[Content]
+WithNetwork=yes
diff --git a/mkosi.conf.d/10-debian-ubuntu/mkosi.prepare b/mkosi.conf.d/10-debian-ubuntu/mkosi.prepare
new file mode 100755
index 0000000..acab113
--- /dev/null
+++ b/mkosi.conf.d/10-debian-ubuntu/mkosi.prepare
@@ -0,0 +1,16 @@
+#!/bin/bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -e
+
+if [[ "$1" == "build" ]]; then
+ exit 0
+fi
+
+mapfile -t PACKAGES < <(jq --raw-output .VolatilePackages[] <"$MKOSI_CONFIG")
+
+apt-cache depends "${PACKAGES[@]}" |
+ grep --invert-match --regexp "<" --regexp "|" --regexp systemd | # Remove e.g. <python3:any> and |dbus-broker like results
+ grep --extended-regexp "Depends|Suggests|Recommends" |
+ sed --quiet 's/.*: //p' | # Get every line with ": " in it and strip it at the same time.
+ sort --unique |
+ xargs --delimiter '\n' --no-run-if-empty mkosi-install
diff --git a/mkosi.conf.d/10-debian.conf b/mkosi.conf.d/10-debian/mkosi.conf
index 8674e88..c960a1b 100644
--- a/mkosi.conf.d/10-debian.conf
+++ b/mkosi.conf.d/10-debian/mkosi.conf
@@ -4,4 +4,8 @@
Distribution=debian
[Distribution]
-@Release=testing
+Release=testing
+
+[Content]
+Packages=
+ linux-perf
diff --git a/mkosi.conf.d/10-debian/mkosi.conf.d/arm64.conf b/mkosi.conf.d/10-debian/mkosi.conf.d/arm64.conf
new file mode 100644
index 0000000..af923fa
--- /dev/null
+++ b/mkosi.conf.d/10-debian/mkosi.conf.d/arm64.conf
@@ -0,0 +1,8 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+Architecture=arm64
+
+[Content]
+Packages=
+ linux-image-cloud-arm64
diff --git a/mkosi.conf.d/10-debian/mkosi.conf.d/x86-64.conf b/mkosi.conf.d/10-debian/mkosi.conf.d/x86-64.conf
new file mode 100644
index 0000000..615de52
--- /dev/null
+++ b/mkosi.conf.d/10-debian/mkosi.conf.d/x86-64.conf
@@ -0,0 +1,8 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+Architecture=x86-64
+
+[Content]
+Packages=
+ linux-image-cloud-amd64
diff --git a/mkosi.conf.d/10-fedora/mkosi.conf b/mkosi.conf.d/10-fedora/mkosi.conf
new file mode 100644
index 0000000..adb7779
--- /dev/null
+++ b/mkosi.conf.d/10-fedora/mkosi.conf
@@ -0,0 +1,25 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+Distribution=fedora
+
+[Distribution]
+Release=rawhide
+
+[Content]
+Packages=
+ btrfs-progs
+ compsize
+ dfuzzer
+ dhcp-server
+ dnf5
+ erofs-utils
+ f2fs-tools
+ # Required for systemd-networkd-tests.py (netdevsim and sch_xxx modules)
+ kernel-modules-extra
+ kernel-modules-internal
+ knot
+ qrencode
+ rpmautospec
+ sbsigntools
+ scsi-target-utils
diff --git a/mkosi.conf.d/10-opensuse.conf b/mkosi.conf.d/10-opensuse.conf
deleted file mode 100644
index f976fc8..0000000
--- a/mkosi.conf.d/10-opensuse.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-Distribution=opensuse
-
-[Distribution]
-@Release=tumbleweed
-PackageManagerTrees=mkosi.conf.d/macros.db_backend:/etc/rpm/macros.db_backend
diff --git a/mkosi.conf.d/macros.db_backend b/mkosi.conf.d/10-opensuse/macros.db_backend
index 4a58f06..4a58f06 100644
--- a/mkosi.conf.d/macros.db_backend
+++ b/mkosi.conf.d/10-opensuse/macros.db_backend
diff --git a/mkosi.conf.d/10-opensuse/mkosi.conf b/mkosi.conf.d/10-opensuse/mkosi.conf
new file mode 100644
index 0000000..e741aa4
--- /dev/null
+++ b/mkosi.conf.d/10-opensuse/mkosi.conf
@@ -0,0 +1,79 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+Distribution=opensuse
+
+[Distribution]
+Release=tumbleweed
+Repositories=non-oss
+PackageManagerTrees=macros.db_backend:/etc/rpm/macros.db_backend
+
+[Content]
+VolatilePackages=
+ libsystemd0
+ libudev1
+ systemd
+ systemd-boot
+ systemd-container
+ systemd-devel
+ systemd-doc
+ systemd-experimental
+ systemd-homed
+ systemd-lang
+ systemd-network
+ systemd-portable
+ systemd-sysvcompat
+ systemd-testsuite
+ udev
+
+# We install gawk, gzip, grep, xz, sed, rsync and docbook-xsl-stylesheets here explicitly so that the busybox
+# versions don't get installed instead.
+Packages=
+ bind-utils
+ bpftool
+ btrfs-progs
+ cryptsetup
+ device-mapper
+ dhcp-server
+ docbook-xsl-stylesheets
+ erofs-utils
+ f2fs-tools
+ gawk
+ git-core
+ glibc-locale-base
+ gnutls
+ grep
+ gzip
+ iputils
+ kernel-default
+ kmod
+ knot
+ multipath-tools
+ ncat
+ open-iscsi
+ openssh-clients
+ openssh-server
+ pam
+ patterns-base-minimal_base
+ perf
+ procps4
+ psmisc
+ python3-pefile
+ python3-pexpect
+ python3-psutil
+ qrencode
+ quota
+ rsync
+ sbsigntools
+ sed
+ shadow
+ softhsm
+ squashfs
+ stress-ng
+ tgt
+ timezone
+ tpm2.0-tools
+ veritysetup
+ vim
+ xz
+ zypper
diff --git a/mkosi.conf.d/10-opensuse/mkosi.conf.d/10-debug.conf b/mkosi.conf.d/10-opensuse/mkosi.conf.d/10-debug.conf
new file mode 100644
index 0000000..6c57d04
--- /dev/null
+++ b/mkosi.conf.d/10-opensuse/mkosi.conf.d/10-debug.conf
@@ -0,0 +1,21 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+Environment=WITH_DEBUG=1
+
+[Content]
+VolatilePackages=
+ libsystemd0-debuginfo
+ libudev1-debuginfo
+ systemd-boot-debuginfo
+ systemd-container-debuginfo
+ systemd-debuginfo
+ systemd-debugsource
+ systemd-experimental-debuginfo
+ systemd-homed-debuginfo
+ systemd-journal-remote-debuginfo
+ systemd-network-debuginfo
+ systemd-portable-debuginfo
+ systemd-sysvcompat-debuginfo
+ systemd-testsuite-debuginfo
+ udev-debuginfo
diff --git a/mkosi.conf.d/10-opensuse/mkosi.prepare b/mkosi.conf.d/10-opensuse/mkosi.prepare
new file mode 100755
index 0000000..6ee0af2
--- /dev/null
+++ b/mkosi.conf.d/10-opensuse/mkosi.prepare
@@ -0,0 +1,23 @@
+#!/bin/bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -e
+
+if [[ "$1" == "build" ]]; then
+ exit 0
+fi
+
+DEPS=""
+
+while read -r PACKAGE; do
+ # zypper's output is not machine readable so we make do with sed instead.
+ DEPS="$DEPS\n$(
+ zypper info --requires --recommends --suggests "$PACKAGE" |
+ sed '/Requires/,$!d' | # Remove everything before Requires line
+ sed --quiet 's/^ //p' # All indented lines have dependencies
+ )"
+done < <(jq --raw-output .VolatilePackages[] <"$MKOSI_CONFIG")
+
+echo -e "$DEPS" |
+ grep --invert-match --regexp systemd --regexp udev --regexp qemu |
+ sort --unique |
+ xargs --delimiter '\n' --no-run-if-empty mkosi-install
diff --git a/mkosi.conf.d/10-tools.conf b/mkosi.conf.d/10-tools.conf
deleted file mode 100644
index 9d276d4..0000000
--- a/mkosi.conf.d/10-tools.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-PathExists=!build/
-SystemdVersion=<254
-
-[Host]
-@ToolsTree=default
diff --git a/mkosi.conf.d/10-ubuntu.conf b/mkosi.conf.d/10-ubuntu.conf
deleted file mode 100644
index da2d318..0000000
--- a/mkosi.conf.d/10-ubuntu.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-Distribution=ubuntu
-
-[Distribution]
-@Release=noble
-Repositories=universe
diff --git a/mkosi.conf.d/10-ubuntu/mkosi.conf b/mkosi.conf.d/10-ubuntu/mkosi.conf
new file mode 100644
index 0000000..1ffa3ab
--- /dev/null
+++ b/mkosi.conf.d/10-ubuntu/mkosi.conf
@@ -0,0 +1,14 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+Distribution=ubuntu
+
+[Distribution]
+Release=noble
+Repositories=universe
+
+[Content]
+Packages=
+ linux-image-generic
+ linux-tools-common
+ linux-tools-virtual
diff --git a/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf b/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf
new file mode 100644
index 0000000..582f038
--- /dev/null
+++ b/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf
@@ -0,0 +1,10 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+# The ports Ubuntu archive is for non i386/amd64 repositories
+
+[Match]
+Architecture=!x86-64
+Architecture=!x86
+Release=noble
+
+[Distribution]
+PackageManagerTrees=noble-backports-ports.sources:/etc/apt/sources.list.d/noble-backports-ports.sources
diff --git a/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf b/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf
new file mode 100644
index 0000000..7347be9
--- /dev/null
+++ b/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf
@@ -0,0 +1,10 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+# The main Ubuntu archive is only for i386/amd64 repositories
+
+[Match]
+Architecture=|x86-64
+Architecture=|x86
+Release=noble
+
+[Distribution]
+PackageManagerTrees=noble-backports.sources:/etc/apt/sources.list.d/noble-backports.sources
diff --git a/mkosi.conf.d/10-ubuntu/noble-backports-ports.sources b/mkosi.conf.d/10-ubuntu/noble-backports-ports.sources
new file mode 100644
index 0000000..5b96dc5
--- /dev/null
+++ b/mkosi.conf.d/10-ubuntu/noble-backports-ports.sources
@@ -0,0 +1,6 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+Types: deb
+URIs: http://ports.ubuntu.com
+Suites: noble-backports
+Components: main universe
+Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
diff --git a/mkosi.conf.d/10-ubuntu/noble-backports.sources b/mkosi.conf.d/10-ubuntu/noble-backports.sources
new file mode 100644
index 0000000..d10c1e8
--- /dev/null
+++ b/mkosi.conf.d/10-ubuntu/noble-backports.sources
@@ -0,0 +1,6 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+Types: deb
+URIs: http://archive.ubuntu.com/ubuntu
+Suites: noble-backports
+Components: main universe
+Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
diff --git a/mkosi.conf.d/20-build.conf b/mkosi.conf.d/20-build.conf
new file mode 100644
index 0000000..8c16d9b
--- /dev/null
+++ b/mkosi.conf.d/20-build.conf
@@ -0,0 +1,9 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+# Add a dependency on the build image unless NO_BUILD=1.
+
+[Match]
+Environment=!NO_BUILD=1
+
+[Config]
+Dependencies=build
diff --git a/mkosi.conf.d/20-none.conf b/mkosi.conf.d/20-none.conf
new file mode 100644
index 0000000..0e4d919
--- /dev/null
+++ b/mkosi.conf.d/20-none.conf
@@ -0,0 +1,11 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+# If we're only rerunning the build script, remove all subimage dependencies except the build image to speed
+# up builds.
+
+[Match]
+Format=none
+
+[Config]
+Dependencies=
+Dependencies=build
diff --git a/mkosi.conf.d/20-particle/mkosi.conf b/mkosi.conf.d/20-particle/mkosi.conf
new file mode 100644
index 0000000..99dad00
--- /dev/null
+++ b/mkosi.conf.d/20-particle/mkosi.conf
@@ -0,0 +1,15 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+Profile=particle
+
+[Output]
+RepartDirectories=
+RepartDirectories=mkosi.repart
+
+[Validation]
+SecureBoot=yes
+SignExpectedPcr=yes
+
+[Host]
+RuntimeSize=8G
diff --git a/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/15-swap.conf b/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/15-swap.conf
new file mode 100644
index 0000000..3755278
--- /dev/null
+++ b/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/15-swap.conf
@@ -0,0 +1,6 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Partition]
+Type=swap
+SizeMinBytes=100M
+SizeMaxBytes=100M
diff --git a/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/20-root.conf b/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/20-root.conf
new file mode 100644
index 0000000..2f92af2
--- /dev/null
+++ b/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/20-root.conf
@@ -0,0 +1,6 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Partition]
+Type=root
+Format=btrfs
+SizeMinBytes=1G
diff --git a/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf b/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf
new file mode 100644
index 0000000..dac79ba
--- /dev/null
+++ b/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf
@@ -0,0 +1,3 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+C+! /etc - - - - /usr/share/factory/mkosi
diff --git a/mkosi.conf.d/20-particle/mkosi.finalize b/mkosi.conf.d/20-particle/mkosi.finalize
new file mode 100755
index 0000000..69f9554
--- /dev/null
+++ b/mkosi.conf.d/20-particle/mkosi.finalize
@@ -0,0 +1,6 @@
+#!/bin/bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -e
+
+mkdir -p "$BUILDROOT"/usr/share/factory/mkosi
+cp --archive --recursive --no-target-directory --reflink=auto "$BUILDROOT"/etc "$BUILDROOT"/usr/share/factory/mkosi
diff --git a/mkosi.conf.d/20-particle/mkosi.postinst.chroot b/mkosi.conf.d/20-particle/mkosi.postinst.chroot
new file mode 100755
index 0000000..95e0552
--- /dev/null
+++ b/mkosi.conf.d/20-particle/mkosi.postinst.chroot
@@ -0,0 +1,12 @@
+#!/bin/bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -e
+
+# sbsign is not available on CentOS Stream
+if command -v sbsign &>/dev/null; then
+ # Ensure that side-loaded PE addons are loaded if signed, and ignored if not
+ addons_dir=/efi/loader/addons
+ mkdir -p "$addons_dir"
+ ukify build --secureboot-private-key mkosi.key --secureboot-certificate mkosi.crt --cmdline this_should_be_here -o "$addons_dir/good.addon.efi"
+ ukify build --cmdline this_should_not_be_here -o "$addons_dir/bad.addon.efi"
+fi
diff --git a/mkosi.conf.d/20-particle/mkosi.repart/00-esp.conf b/mkosi.conf.d/20-particle/mkosi.repart/00-esp.conf
new file mode 100644
index 0000000..391543d
--- /dev/null
+++ b/mkosi.conf.d/20-particle/mkosi.repart/00-esp.conf
@@ -0,0 +1,9 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Partition]
+Type=esp
+Format=vfat
+CopyFiles=/boot:/
+CopyFiles=/efi:/
+SizeMinBytes=1G
+SizeMaxBytes=1G
diff --git a/mkosi.conf.d/20-particle/mkosi.repart/10-usr.conf b/mkosi.conf.d/20-particle/mkosi.repart/10-usr.conf
new file mode 100644
index 0000000..343761d
--- /dev/null
+++ b/mkosi.conf.d/20-particle/mkosi.repart/10-usr.conf
@@ -0,0 +1,9 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Partition]
+Type=usr
+Format=erofs
+CopyFiles=/usr:/
+Verity=data
+VerityMatchKey=usr
+Minimize=yes
diff --git a/mkosi.conf.d/20-particle/mkosi.repart/11-usr-verity.conf b/mkosi.conf.d/20-particle/mkosi.repart/11-usr-verity.conf
new file mode 100644
index 0000000..b4d45dd
--- /dev/null
+++ b/mkosi.conf.d/20-particle/mkosi.repart/11-usr-verity.conf
@@ -0,0 +1,7 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Partition]
+Type=usr-verity
+Verity=hash
+VerityMatchKey=usr
+Minimize=yes
diff --git a/mkosi.conf.d/20-particle/mkosi.repart/12-usr-verity-sig.conf b/mkosi.conf.d/20-particle/mkosi.repart/12-usr-verity-sig.conf
new file mode 100644
index 0000000..1841d0a
--- /dev/null
+++ b/mkosi.conf.d/20-particle/mkosi.repart/12-usr-verity-sig.conf
@@ -0,0 +1,6 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Partition]
+Type=usr-verity-sig
+Verity=signature
+VerityMatchKey=usr
diff --git a/mkosi.conf.d/20-sanitizers.conf b/mkosi.conf.d/20-sanitizers.conf
index 235b233..62d0523 100644
--- a/mkosi.conf.d/20-sanitizers.conf
+++ b/mkosi.conf.d/20-sanitizers.conf
@@ -2,6 +2,7 @@
[Match]
Environment=SANITIZERS
+Environment=!SANITIZERS=
[Content]
# Set verify_asan_link_order=0 to prevent ASAN warnings when building the image and make sure the real ASAN
@@ -17,3 +18,6 @@ KernelCommandLine=
systemd.setenv=UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1
LSAN_OPTIONS=suppressions=/usr/lib/systemd/leak-sanitizer-suppressions
systemd.setenv=LSAN_OPTIONS=suppressions=/usr/lib/systemd/leak-sanitizer-suppressions
+
+[Config]
+Include=%D/mkosi.sanitizers