Adding upstream version 256.upstream/256

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-06-12 03:50:40 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-06-12 03:50:40 +0000
commit: fc53809803cd2bc2434e312b19a18fa36776da12 (patch)
tree: b4b43bd6538f51965ce32856e9c053d0f90919c8 /mkosi.conf
parent: Adding upstream version 255.5. (diff)
download: systemd-fc53809803cd2bc2434e312b19a18fa36776da12.tar.xz
systemd-fc53809803cd2bc2434e312b19a18fa36776da12.zip
7 files changed, 68 insertions, 42 deletions
diff --git a/mkosi.conf b/mkosi.conf
index 9961407..38d6e83 100644
--- a/mkosi.conf
+++ b/mkosi.conf
@@ -1,39 +1,55 @@
 # SPDX-License-Identifier: LGPL-2.1-or-later
 
 [Config]
-Images=system
+@Images=system
+MinimumVersion=23~devel
 
 [Output]
-OutputDirectory=mkosi.output
-BuildDirectory=mkosi.builddir
-CacheDirectory=mkosi.cache
+@OutputDirectory=build/mkosi.output
+@BuildDirectory=build/mkosi.builddir
+@CacheDirectory=build/mkosi.cache
 
 [Content]
-# Prevent ASAN warnings when building the image and ship the real ASAN options prefixed with MKOSI_.
-Environment=ASAN_OPTIONS=verify_asan_link_order=false
-            MKOSI_ASAN_OPTIONS=strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1:disable_coredump=0:use_madv_dontdump=1
-            MKOSI_UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1
+@SELinuxRelabel=no
+BuildSourcesEphemeral=yes
+
+# Adding more kernel command line arguments is likely to hit the kernel command line limit (512 bytes) in
+# various scenarios. Consider adding support for a credential instead if possible and using that.
+KernelCommandLine=systemd.crash_shell
+                  systemd.log_level=debug,console:info
+                  systemd.log_ratelimit_kmsg=0
+                  # Disable the kernel's ratelimiting on userspace logging to kmsg.
+                  printk.devkmsg=on
+                  # Make sure /sysroot is mounted rw in the initrd.
+                  rw
+                  # Lower the default device timeout so we get a shell earlier if the root device does
+                  # not appear for some reason.
+                  systemd.default_device_timeout_sec=30
+                  # Make sure no LSMs are enabled by default.
+                  apparmor=0
+                  selinux=0
+                  enforcing=0
+                  systemd.early_core_pattern=/core
+                  systemd.firstboot=no
+                  raid=noautodetect
+                  oops=panic
+                  panic=-1
+                  softlockup_panic=1
+                  panic_on_warn=1
+                  # These don't ship proper units with [Install] directives so we have to mask them instead.
+                  systemd.mask=isc-dhcp-server.service
+                  systemd.mask=mdmonitor.service
+
+KernelModulesInitrdExclude=.*
+KernelModulesInitrdInclude=default
 
 [Host]
+Credentials=journal.storage=persistent
 @Incremental=yes
-@QemuMem=2G
-@RuntimeSize=8G
-# Make sure we don't trigger systemd-firstboot prompting for the root password.
-Credentials=passwd.plaintext-password.root=
-KernelCommandLineExtra=systemd.crash_shell
-                       systemd.log_level=debug
-                       systemd.log_ratelimit_kmsg=0
-                       systemd.journald.forward_to_console
-                       systemd.journald.max_level_console=warning
-                       # Disable the kernel's ratelimiting on userspace logging to kmsg.
-                       printk.devkmsg=on
-                       # Make sure /sysroot is mounted rw in the initrd.
-                       rw
-                       # Lower the default device timeout so we get a shell earlier if the root device does
-                       # not appear for some reason.
-                       systemd.default_device_timeout_sec=10
-                       # Make sure no LSMs are enabled by default.
-                       apparmor=0
-                       selinux=0
-                       enforcing=0
-                       systemd.early_core_pattern=/core
+@RuntimeBuildSources=yes
+@RuntimeScratch=no
+@QemuSmp=2
+@QemuSwtpm=yes
+@QemuVsock=yes
+@QemuKvm=yes
+ToolsTreePackages=virtiofsd
diff --git a/mkosi.conf.d/05-qemu-mem.conf b/mkosi.conf.d/05-qemu-mem.conf
deleted file mode 100644
index 3a6f24a..0000000
--- a/mkosi.conf.d/05-qemu-mem.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-# Arch and CentOS 8 Stream initrds are rather big so we need to give QEMU more memory so the kernel can load
-# them without OOMing.
-
-[Match]
-Distribution=|arch
-Distribution=|centos
-
-[Host]
-@QemuMem=3G
diff --git a/mkosi.conf.d/10-fedora.conf b/mkosi.conf.d/10-fedora.conf
index 006cded..71948d8 100644
--- a/mkosi.conf.d/10-fedora.conf
+++ b/mkosi.conf.d/10-fedora.conf
@@ -4,4 +4,4 @@
 Distribution=fedora
 
 [Distribution]
-@Release=39
+@Release=rawhide
diff --git a/mkosi.conf.d/10-opensuse.conf b/mkosi.conf.d/10-opensuse.conf
index 832c0d1..f976fc8 100644
--- a/mkosi.conf.d/10-opensuse.conf
+++ b/mkosi.conf.d/10-opensuse.conf
@@ -5,3 +5,4 @@ Distribution=opensuse
 
 [Distribution]
 @Release=tumbleweed
+PackageManagerTrees=mkosi.conf.d/macros.db_backend:/etc/rpm/macros.db_backend
diff --git a/mkosi.conf.d/10-ubuntu.conf b/mkosi.conf.d/10-ubuntu.conf
index b0ebbad..da2d318 100644
--- a/mkosi.conf.d/10-ubuntu.conf
+++ b/mkosi.conf.d/10-ubuntu.conf
@@ -4,5 +4,5 @@
 Distribution=ubuntu
 
 [Distribution]
-@Release=jammy
+@Release=noble
 Repositories=universe
diff --git a/mkosi.conf.d/20-sanitizers.conf b/mkosi.conf.d/20-sanitizers.conf
new file mode 100644
index 0000000..235b233
--- /dev/null
+++ b/mkosi.conf.d/20-sanitizers.conf
@@ -0,0 +1,19 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+Environment=SANITIZERS
+
+[Content]
+# Set verify_asan_link_order=0 to prevent ASAN warnings when building the image and make sure the real ASAN
+# options are set when booting the image.
+# Set intercept_tls_get_addr=0 to work around leak sanitizer segmentation fault in test-dlopen-so on CentOS
+# Stream 9.
+# TODO: Drop intercept_tls_get_addr=0 when we remove CentOS Stream 9 builds.
+Environment=ASAN_OPTIONS=verify_asan_link_order=0:intercept_tls_get_addr=0
+KernelCommandLine=
+        ASAN_OPTIONS=strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1:disable_coredump=0:use_madv_dontdump=1
+        systemd.setenv=ASAN_OPTIONS=strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1:disable_coredump=0:use_madv_dontdump=1
+        UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1
+        systemd.setenv=UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1
+        LSAN_OPTIONS=suppressions=/usr/lib/systemd/leak-sanitizer-suppressions
+        systemd.setenv=LSAN_OPTIONS=suppressions=/usr/lib/systemd/leak-sanitizer-suppressions
diff --git a/mkosi.conf.d/macros.db_backend b/mkosi.conf.d/macros.db_backend
new file mode 100644
index 0000000..4a58f06
--- /dev/null
+++ b/mkosi.conf.d/macros.db_backend
@@ -0,0 +1 @@
+%_db_backend ndb
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-06-12 03:50:40 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-06-12 03:50:40 +0000
commit	fc53809803cd2bc2434e312b19a18fa36776da12 (patch)
tree	b4b43bd6538f51965ce32856e9c053d0f90919c8 /mkosi.conf
parent	Adding upstream version 255.5. (diff)
download	systemd-fc53809803cd2bc2434e312b19a18fa36776da12.tar.xz systemd-fc53809803cd2bc2434e312b19a18fa36776da12.zip