diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-09-16 18:20:44 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-09-16 18:20:44 +0000 |
| commit | ca5ecaae7a8f75e18ba85b29839752da76e3b7b9 (patch) | |
| tree | 6f62ddc7fbe8ae132441a0b25e2a76e423e66e9f /mkosi.images/system | |
| parent | Releasing progress-linux version 256.2-1~progress7.99u1. (diff) | |
| download | systemd-ca5ecaae7a8f75e18ba85b29839752da76e3b7b9.tar.xz systemd-ca5ecaae7a8f75e18ba85b29839752da76e3b7b9.zip | |
Merging upstream version 256.4.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'mkosi.images/system')
67 files changed, 0 insertions, 1978 deletions
diff --git a/mkosi.images/system/coredump-journal-storage.conf b/mkosi.images/system/coredump-journal-storage.conf deleted file mode 100644 index cde9785..0000000 --- a/mkosi.images/system/coredump-journal-storage.conf +++ /dev/null @@ -1,4 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Coredump] -Storage=journal diff --git a/mkosi.images/system/initrd/mkosi.conf b/mkosi.images/system/initrd/mkosi.conf deleted file mode 100644 index ed9bfdc..0000000 --- a/mkosi.images/system/initrd/mkosi.conf +++ /dev/null @@ -1,7 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Content] -PostInstallationScripts=../mkosi.sanitizers.chroot -ExtraTrees= - ../leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions - ../coredump-journal-storage.conf:/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf diff --git a/mkosi.images/system/initrd/mkosi.extra/usr/lib/encrypted-var.repart.d/00-root.conf b/mkosi.images/system/initrd/mkosi.extra/usr/lib/encrypted-var.repart.d/00-root.conf deleted file mode 100644 index b252491..0000000 --- a/mkosi.images/system/initrd/mkosi.extra/usr/lib/encrypted-var.repart.d/00-root.conf +++ /dev/null @@ -1,15 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Partition] -Type=var -# This label is the partition's label. The filesystem inside may have its own label. -Label=varcrypt -# This UUID is the decrypted partition UUID, there are also filesystem and luks UUIDs. -# The original test finds the partition by this UUID, but it doesn't appear -# since the luks UUID, which is derived by hash of this UUID, is different -# and the luks UUID is needed before the decrypted partition UUID. -# The resulting luks UUID is 0d318174-56b0-4d6e-a324-ac1e7e7d235d. -UUID=deadbeef-dead-dead-beef-000000000000 -Format=ext4 -Encrypt=key-file -SizeMinBytes=1G diff --git a/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/encrypted-var.service b/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/encrypted-var.service deleted file mode 100644 index 54a9b8a..0000000 --- a/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/encrypted-var.service +++ /dev/null @@ -1,20 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Unit] -Description=Add encrypted var partition to root disk -Documentation=man:systemd-repart.service(8) - -ConditionVirtualization=!container - -DefaultDependencies=no -Wants=modprobe@loop.service modprobe@dm_mod.service -After=modprobe@loop.service modprobe@dm_mod.service sysroot.mount -Before=initrd-root-fs.target -Conflicts=shutdown.target initrd-switch-root.target -Before=shutdown.target initrd-switch-root.target - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=systemd-repart --definitions /usr/lib/encrypted-var.repart.d --key-file %d/keyfile --dry-run=no /sysroot -ImportCredential=keyfile diff --git a/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/initrd-run-mount.service b/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/initrd-run-mount.service deleted file mode 100644 index 845ac57..0000000 --- a/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/initrd-run-mount.service +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Unit] -Description=Create a mount in /run that should survive the transition from initrd - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=mkdir /run/initrd-mount-source /run/initrd-mount-target -ExecStart=mount -v --bind /run/initrd-mount-source /run/initrd-mount-target -ExecStart=cp -v /etc/initrd-release /run/initrd-mount-target/hello-world diff --git a/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/initrdcred.service b/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/initrdcred.service deleted file mode 100644 index 2c709bc..0000000 --- a/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/initrdcred.service +++ /dev/null @@ -1,9 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Unit] -Description=populate initrd credential dir for TEST-54-CREDS - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=sh -c "mkdir -m 0755 -p /run/credentials && mkdir -m 0700 /run/credentials/@initrd && umask 0077 && echo guatemala > /run/credentials/@initrd/myinitrdcred" diff --git a/mkosi.images/system/leak-sanitizer-suppressions b/mkosi.images/system/leak-sanitizer-suppressions deleted file mode 100644 index 639abb8..0000000 --- a/mkosi.images/system/leak-sanitizer-suppressions +++ /dev/null @@ -1 +0,0 @@ -leak:libselinux diff --git a/mkosi.images/system/mkosi.clean b/mkosi.images/system/mkosi.clean deleted file mode 100755 index 64810b7..0000000 --- a/mkosi.images/system/mkosi.clean +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash -set -e -set -o nounset - -rm -f "$OUTPUTDIR"/*.{rpm,deb,pkg.tar} diff --git a/mkosi.images/system/mkosi.conf b/mkosi.images/system/mkosi.conf deleted file mode 100644 index f8a91df..0000000 --- a/mkosi.images/system/mkosi.conf +++ /dev/null @@ -1,78 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Config] -InitrdInclude=initrd/ - -[Output] -RepartDirectories=mkosi.repart - -[Content] -Autologin=yes -ExtraTrees= - %D/mkosi.crt:/usr/lib/verity.d/mkosi.crt # sysext verification key - leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions - coredump-journal-storage.conf:/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf - -PostInstallationScripts=mkosi.sanitizers.chroot - -InitrdPackages= - btrfs-progs - findutils - grep - sed - -Packages= - acl - attr - bash-completion - bpftrace - btrfs-progs - clang - coreutils - curl - diffutils - dnsmasq - dosfstools - e2fsprogs - findutils - gdb - grep - gzip - jq - kbd - kexec-tools - kmod - knot - less - lld - llvm - lvm2 - man - mdadm - mtools - nano - nftables - nvme-cli - opensc - openssl - p11-kit - pciutils - python3 - qrencode - radvd - rsync - sed - socat - strace - systemd - tar - tmux - tree - udev - util-linux - valgrind - which - wireguard-tools - xfsprogs - zsh - zstd diff --git a/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.build.chroot b/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.build.chroot deleted file mode 100755 index 2c99a67..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.build.chroot +++ /dev/null @@ -1,99 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e - -if ((NO_BUILD)); then - exit 0 -fi - -# shellcheck source=/dev/null -. /usr/lib/os-release - -if [ ! -f "pkg/$ID/PKGBUILD" ]; then - echo "PKGBUILD not found at pkg/$ID/PKGBUILD, run mkosi once with -ff to make sure the PKGBUILD is cloned" >&2 - exit 1 -fi - -# We can't configure the source or build directory so we use symlinks instead to make sure they are in the -# expected locations. -ln --symbolic "$SRCDIR" "pkg/$ID/systemd" -ln --symbolic "$BUILDDIR" "pkg/$ID/build" -# Because we run with --noextract we are responsible for making sure the source files appear in src/. -ln --symbolic . "pkg/$ID/src" - -MKOSI_CFLAGS="-O0 -Wp,-U_FORTIFY_SOURCE" -if ((LLVM)); then - # TODO: Remove -fno-sanitize-function when https://github.com/systemd/systemd/issues/29972 is fixed. - MKOSI_CFLAGS="$MKOSI_CFLAGS -shared-libasan -fno-sanitize=function" -fi - -MKOSI_LDFLAGS="" -if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then - MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(clang --print-file-name="")lib/linux" -fi - -MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}" -if ((WIPE)); then - MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe" -fi - -# Override the default options. We specifically disable "strip", "zipman" and "lto" as they slow down builds -# significantly. OPTIONS= cannot be overridden on the makepkg command line so we append to /etc/makepkg.conf -# instead. The rootfs is overlaid with a writable tmpfs during the build script so these changes don't end up -# in the image itself. -tee --append /etc/makepkg.conf >/dev/null <<EOF -export CC="$( ((LLVM)) && echo clang || echo gcc)" -export CXX="$( ((LLVM)) && echo clang++ || echo g++)" -export CC_LD="$( ((LLVM)) && echo lld)" -export CXX_LD="$( ((LLVM)) && echo lld)" -export CFLAGS="\$CFLAGS $MKOSI_CFLAGS $CFLAGS" -export CXXFLAGS="\$CXXFLAGS $MKOSI_CFLAGS $CFLAGS" -export LDFLAGS="\$LDFLAGS $MKOSI_LDFLAGS $LDFLAGS" -OPTIONS=( - docs - !libtool - !staticlibs - emptydirs - !zipman - purge - $( ((WITH_DEBUG)) && echo strip || echo !strip) - $( ((WITH_DEBUG)) && echo debug || echo !debug) - !lto -) -EOF - -# Linting the PKGBUILD takes multiple seconds every build so avoid that by nuking all the linting functions. -rm /usr/share/makepkg/lint_pkgbuild/* - -if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then - TS="$(git show --no-patch --format=%ct HEAD)" -else - TS="${SOURCE_DATE_EPOCH:-$(date +%s)}" -fi - -sed --in-place "pkg/$ID/PKGBUILD" \ - --expression "s/^_tag=.*/_tag=$(cat meson.version)/" \ - --expression "s/^pkgrel=.*/pkgrel=$(date "+%Y%m%d%H%M%S" --date "@$TS")/" - -# We get around makepkg's root check by setting EUID to something else. -# shellcheck disable=SC2046 -env --chdir="pkg/$ID" \ - EUID=123 \ - makepkg \ - --noextract \ - $( ((WITH_TESTS)) || echo --nocheck) \ - --force \ - _systemd_UPSTREAM=1 \ - _systemd_QUIET=$( ((MESON_VERBOSE)); echo $? ) \ - BUILDDIR="$PWD/pkg/$ID" \ - PKGDEST="$OUTPUTDIR" \ - PKGEXT=".pkg.tar" \ - MESON_EXTRA_CONFIGURE_OPTIONS="$MKOSI_MESON_OPTIONS $MESON_OPTIONS" - -( - shopt -s nullglob - rm -f "$BUILDDIR"/*.pkg.tar -) - -cp "$OUTPUTDIR"/*.pkg.tar "$PACKAGEDIR" -cp "$OUTPUTDIR"/*.pkg.tar "$BUILDDIR" diff --git a/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.conf deleted file mode 100644 index 96ae8c8..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.conf +++ /dev/null @@ -1,70 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=arch - -[Content] -Environment= - GIT_URL=https://gitlab.archlinux.org/archlinux/packaging/packages/systemd.git - GIT_BRANCH=main - GIT_COMMIT=d74b24c7c6077740c35a876445febe6d26bf013c - -VolatilePackages= - systemd - systemd-libs - systemd-resolvconf - systemd-sysvcompat - systemd-tests - systemd-ukify - -Packages= - bind - bpf - compiler-rt - compsize - cryptsetup - dbus-broker - dbus-broker-units - debugedit - dhcp - f2fs-tools - fakeroot - git - gnutls - gnutls - iproute - iputils - linux - man-db - multipath-tools - open-iscsi - openbsd-netcat - openssh - openssl - pacman - perf - pkgconf - polkit - procps-ng - psmisc - python-pexpect - python-psutil - quota-tools - sbsigntools - shadow - softhsm - squashfs-tools - stress - tgt - tpm2-tools - tpm2-tss - vim - -InitrdPackages= - compiler-rt - tpm2-tools - -InitrdVolatilePackages= - systemd - systemd-libs - systemd-sysvcompat diff --git a/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.conf.d/10-debug.conf b/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.conf.d/10-debug.conf deleted file mode 100644 index 4a6d2e9..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.conf.d/10-debug.conf +++ /dev/null @@ -1,7 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Environment=WITH_DEBUG=1 - -[Content] -VolatilePackages=systemd-debug diff --git a/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.prepare b/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.prepare deleted file mode 100755 index fd78e81..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.prepare +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e - -if [ "$1" = "build" ] || ((NO_BUILD)); then - exit 0 -fi - -# shellcheck source=/dev/null -. "$BUILDROOT/usr/lib/os-release" - -if [ ! -f "pkg/$ID/PKGBUILD" ]; then - echo "PKGBUILD not found at pkg/$ID/PKGBUILD, run mkosi once with -ff to make sure the PKGBUILD is cloned" >&2 - exit 1 -fi - -# We get depends and optdepends from .SRCINFO as getting them from the PKGBUILD is rather complex. -sed --expression 's/^[ \t]*//' "pkg/$ID/.SRCINFO" | - grep --regexp '^depends =' --regexp '^optdepends =' | - sed --expression 's/^depends = //' --expression 's/^optdepends = //' --expression 's/:.*//' --expression 's/=.*//' | - xargs --delimiter '\n' mkosi-install - -# We get makedepends from the PKGBUILD as .SRCINFO can't encode conditional dependencies depending on -# whether some environment variable is set or not. -# shellcheck source=/dev/null -_systemd_UPSTREAM=1 . "pkg/$ID/PKGBUILD" - -# shellcheck disable=SC2154 -mkosi-install "${makedepends[@]}" diff --git a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.build.chroot b/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.build.chroot deleted file mode 100755 index 21f1062..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.build.chroot +++ /dev/null @@ -1,122 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e - -if ((NO_BUILD)); then - exit 0 -fi - -# shellcheck source=/dev/null -. /usr/lib/os-release - -if [ ! -f "pkg/$ID/systemd.spec" ]; then - echo "spec not found at pkg/$ID/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2 - exit 1 -fi - -if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then - TS="$(git show --no-patch --format=%ct HEAD)" -else - TS="${SOURCE_DATE_EPOCH:-$(date +%s)}" -fi - -if systemd-analyze compare-versions "$(rpm --version | cut -d ' ' -f3)" lt "4.19.91"; then - # Fix the %install override so debuginfo packages are generated even when --build-in-place is used. - # See https://github.com/rpm-software-management/rpm/issues/3042. - tee --append /usr/lib/rpm/redhat/macros <<'EOF' -%install %{?_enable_debug_packages:%{debug_package}}\ -%%install\ -%{nil} -EOF -fi - -VERSION="$(cat meson.version)" -RELEASE="$(date "+%Y%m%d%H%M%S" --date "@$TS")" - -DIST="$(rpm --eval %dist)" -ARCH="$(rpm --eval %_arch)" -SRCDEST="/usr/src/debug/systemd-$VERSION-${RELEASE}${DIST}.$ARCH" - -COMMON_MACRO_OVERRIDES=( - --define "toolchain $( ((LLVM)) && echo clang || echo gcc)" - --define "_fortify_level 0" - --undefine _lto_cflags - # TODO: Remove once redhat-rpm-config 292 is available everywhere. - --define "_hardening_clang_cflags --config=/usr/lib/rpm/redhat/redhat-hardened-clang.cfg" - --define "_hardening_clang_ldflags --config=/usr/lib/rpm/redhat/redhat-hardened-clang-ld.cfg" -) - -# TODO: Drop -U_FORTIFY_SOURCE when we switch to CentOS Stream 10. -MKOSI_CFLAGS="-O0 -Wp,-U_FORTIFY_SOURCE" -if ((WITH_DEBUG)); then - MKOSI_CFLAGS="$MKOSI_CFLAGS -fdebug-prefix-map=../src=$SRCDEST" -fi -if ((LLVM)); then - # TODO: Remove -fno-sanitize-function when https://github.com/systemd/systemd/issues/29972 is fixed. - MKOSI_CFLAGS="$MKOSI_CFLAGS -shared-libasan -fno-sanitize=function" -fi - -MKOSI_LDFLAGS="" -if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then - MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(dirname "$(clang --print-file-name=libclang_rt.asan.so)")" -fi - -MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}" -if ((WIPE)); then - MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe" -fi - -IFS= -# TODO: Replace meson_build and meson_install overrides with "--undefine __meson_verbose" once -# https://github.com/mesonbuild/meson/pull/12835 is available. -# shellcheck disable=SC2046 -env \ ---unset=CFLAGS \ ---unset=CXXFLAGS \ ---unset=LDFLAGS \ -ANNOBIN="no-active-checks" \ -CC_LD="$( ((LLVM)) && echo lld)" \ -CXX_LD="$( ((LLVM)) && echo lld)" \ - rpmbuild \ - -bb \ - --build-in-place \ - --with upstream \ - $( ((WITH_TESTS)) || echo "--nocheck") \ - $( ((WITH_DOCS)) || echo "--without=docs") \ - --define "_topdir /var/tmp" \ - --define "_sourcedir pkg/$ID" \ - --define "_rpmdir $OUTPUTDIR" \ - ${BUILDDIR:+"--define=_vpath_builddir $BUILDDIR"} \ - --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \ - --define "_binary_payload w.ufdio" \ - $( ((WITH_DEBUG)) || echo "--define=debug_package %{nil}") \ - --define "version_override $VERSION" \ - --define "release_override $RELEASE" \ - "${COMMON_MACRO_OVERRIDES[@]}" \ - --define "build_cflags $(rpm "${COMMON_MACRO_OVERRIDES[@]}" --eval "%{?build_cflags}") $MKOSI_CFLAGS $CFLAGS" \ - --define "build_cxxflags $(rpm "${COMMON_MACRO_OVERRIDES[@]}" --eval "%{?build_cxxflags}") $MKOSI_CFLAGS $CFLAGS" \ - --define "build_ldflags $(rpm "${COMMON_MACRO_OVERRIDES[@]}" --eval "%{?build_ldflags}") $MKOSI_LDFLAGS $LDFLAGS" \ - --define "meson_build %{shrink:%{__meson} compile -C %{_vpath_builddir} -j %{_smp_build_ncpus} $( ((MESON_VERBOSE)) && echo --verbose) %{nil}}" \ - --define "meson_install %{shrink:DESTDIR=%{buildroot} %{__meson} install -C %{_vpath_builddir} --no-rebuild --quiet %{nil}}" \ - --define "meson_extra_configure_options $MKOSI_MESON_OPTIONS $MESON_OPTIONS" \ - $( ((WITH_DEBUG)) || echo "--define=__brp_strip %{nil}") \ - --define "__brp_compress %{nil}" \ - --define "__brp_mangle_shebangs %{nil}" \ - --define "__brp_strip_comment_note %{nil}" \ - --define "__brp_strip_static_archive %{nil}" \ - --define "__brp_check_rpaths %{nil}" \ - --define "__elf_exclude_path ^/usr/lib/systemd/tests/unit-tests/.*$" \ - --define "__script_requires %{nil}" \ - --define "_find_debuginfo_dwz_opts %{nil}" \ - --define "_fixperms true" \ - --undefine _package_note_flags \ - --noclean \ - "pkg/$ID/systemd.spec" - -( - shopt -s nullglob - rm -f "$BUILDDIR"/*.rpm -) - -cp "$OUTPUTDIR"/*.rpm "$PACKAGEDIR" -cp "$OUTPUTDIR"/*.rpm "$BUILDDIR" diff --git a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf deleted file mode 100644 index f200409..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf +++ /dev/null @@ -1,76 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=|centos -Distribution=|fedora - -[Content] -VolatilePackages= - systemd - systemd-boot - systemd-container - systemd-devel - systemd-journal-remote - systemd-networkd - systemd-networkd-defaults - systemd-oomd-defaults - systemd-pam - systemd-resolved - systemd-tests - systemd-udev - systemd-ukify - -Packages= - bind-utils - bpftool - compiler-rt - cryptsetup - device-mapper-event - device-mapper-multipath - dfuzzer - dhcp-server - dnf - git-core - glibc-langpack-de - glibc-langpack-en - gnutls - gnutls-utils - integritysetup - iproute - iproute-tc - iputils - iscsi-initiator-utils - kernel-core - libasan - libcap-ng-utils - libubsan - man-db - netcat - openssh-clients - openssh-server - pam - passwd - perf - policycoreutils - polkit - procps-ng - python3-pexpect - quota - rpm - rpm-build - rpmautospec - sbsigntools - softhsm - squashfs-tools - stress - tpm2-tools - util-linux - veritysetup - vim-common - -InitrdPackages= - tpm2-tools - -InitrdVolatilePackages= - systemd - systemd-udev diff --git a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-debug.conf b/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-debug.conf deleted file mode 100644 index 0c3707b..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-debug.conf +++ /dev/null @@ -1,17 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Environment=WITH_DEBUG=1 - -[Content] -VolatilePackages= - systemd-container-debuginfo - systemd-debuginfo - systemd-debugsource - systemd-journal-remote-debuginfo - systemd-libs-debuginfo - systemd-networkd-debuginfo - systemd-pam-debuginfo - systemd-resolved-debuginfo - systemd-tests-debuginfo - systemd-udev-debuginfo diff --git a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-selinux.conf b/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-selinux.conf deleted file mode 100644 index 9fe5509..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-selinux.conf +++ /dev/null @@ -1,20 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Profile=!particle - -[Content] -# libselinux does not work in the slightest with /usr-only images so don't install the packages if we're -# building a /usr-only image. -Packages= - selinux-policy - selinux-policy-targeted - setools-console - -# We relabel on first boot instead of at build time because it is only possible to label without root -# if the labels exist in the host system, and we want to be able to cross-build to other distributions. -SELinuxRelabel=no - -InitrdPackages= - selinux-policy - selinux-policy-targeted diff --git a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.prepare b/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.prepare deleted file mode 100755 index 1b86073..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.prepare +++ /dev/null @@ -1,65 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e - -if [ "$1" = "build" ] || ((NO_BUILD)); then - exit 0 -fi - -# shellcheck source=/dev/null -. "$BUILDROOT/usr/lib/os-release" - -if [ ! -f "pkg/$ID/systemd.spec" ]; then - echo "spec not found at pkg/$ID/systemd.spec, run mkosi with -ff to make sure the spec is cloned" >&2 - exit 1 -fi - -for DEPS in --requires --buildrequires; do - mkosi-chroot \ - rpmspec \ - --with upstream \ - --query \ - "$DEPS" \ - --define "_topdir /var/tmp" \ - --define "_sourcedir pkg/$ID" \ - "pkg/$ID/systemd.spec" | - grep --invert-match --regexp systemd --regexp /bin/sh --regexp "rpmlib(" --regexp udev --regexp grubby --regexp sdubby | - sort --unique | - tee /tmp/buildrequires | - xargs --delimiter '\n' mkosi-install -done - -# rpmbuild -br tries to build a source package which means all source files have to exist which isn't the -# case when using --build-in-place so we get rid of the source file that doesn't exist to make it happy. -# TODO: Use -bd instead of -br and get rid of this once we don't need to build on CentOS Stream 9 anymore. -sed '/Source0/d' --in-place "pkg/$ID/systemd.spec" - -until mkosi-chroot \ - rpmbuild \ - -br \ - --build-in-place \ - --with upstream \ - --define "_topdir /var/tmp" \ - --define "_sourcedir pkg/$ID" \ - --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \ - "pkg/$ID/systemd.spec" -do - EXIT_STATUS=$? - if [ $EXIT_STATUS -ne 11 ]; then - exit $EXIT_STATUS - fi - - mkosi-chroot \ - rpm \ - --query \ - --package \ - --requires \ - /var/tmp/SRPMS/systemd-*.buildreqs.nosrc.rpm | - grep --invert-match '^rpmlib(' | - sort --unique >/tmp/dynamic-buildrequires - - sort /tmp/buildrequires /tmp/dynamic-buildrequires | - uniq --unique | - tee --append /tmp/buildrequires | - xargs --delimiter '\n' mkosi-install -done diff --git a/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.conf deleted file mode 100644 index 25059c2..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.conf +++ /dev/null @@ -1,17 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=centos - -[Content] -Environment= - # The kernel versions in CentOS Stream 9 doesn't support orphan_file, but later versions of - # mkfs.ext4 enabled it by default, so we disable it explicitly. - Environment=SYSTEMD_REPART_MKFS_OPTIONS_EXT4="-O ^orphan_file" - GIT_URL=https://git.centos.org/rpms/systemd.git - GIT_BRANCH=c9s-sig-hyperscale - GIT_COMMIT=8cf2aed0181920611421384f7374720db269d6c7 - -Packages= - kernel-modules # For squashfs - rpmautospec-rpm-macros diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.build.chroot b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.build.chroot deleted file mode 100755 index f1eed03..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.build.chroot +++ /dev/null @@ -1,147 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e - -if ((NO_BUILD)); then - exit 0 -fi - -# shellcheck source=/dev/null -. /usr/lib/os-release - -if [ ! -d "pkg/$ID/debian" ]; then - echo "deb rules not found at pkg/$ID/debian, run mkosi once with -ff to make sure the rules are cloned" >&2 - exit 1 -fi - -# We transplant the debian/ folder from the deb package sources into the upstream sources. -mount --mkdir --bind "$SRCDIR/pkg/$ID/debian" "$SRCDIR"/debian - -# We remove the patches so they don't get applied. -rm -rf "$SRCDIR"/debian/patches/* - -# While the build directory can be specified through DH_OPTIONS, the default one is hardcoded everywhere so -# we have to use that. Because it is architecture dependent, we query it using dpkg-architecture first. -DEB_HOST_GNU_TYPE="$(dpkg-architecture --query DEB_HOST_GNU_TYPE)" -mount --mkdir --bind "$BUILDDIR" "$SRCDIR/obj-$DEB_HOST_GNU_TYPE" - -if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then - TS="$(git show --no-patch --format=%ct HEAD)" -else - TS="${SOURCE_DATE_EPOCH:-$(date +%s)}" -fi - -# Add a new changelog entry to update the version. We use a fixed date since a dynamic one causes a full -# rebuild every time. -cat >debian/changelog.new <<EOF -systemd ($(cat meson.version)-$(date "+%Y%m%d%H%M%S" --date "@$TS")) UNRELEASED; urgency=low - - * Automatic build from mkosi - - -- systemd test <systemd-devel@lists.freedesktop.org> $(date --rfc-email --date "@$TS") - -EOF -cat debian/changelog >>debian/changelog.new -mv debian/changelog.new debian/changelog - -MKOSI_CFLAGS="-O0" -if ((LLVM)); then - # TODO: Remove -fno-sanitize-function when https://github.com/systemd/systemd/issues/29972 is fixed. - MKOSI_CFLAGS="$MKOSI_CFLAGS -shared-libasan -fno-sanitize=function" -fi - -MKOSI_LDFLAGS="" -if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then - MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(clang --print-file-name="")lib/linux" -fi - -MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}" -if ((WIPE)); then - MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe" -fi - -# TODO: Drop GENSYMBOLS_LEVEL once https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986746 is fixed. -build() { - env \ - CC="$( ((LLVM)) && echo clang || echo gcc)" \ - CXX="$( ((LLVM)) && echo clang++ || echo g++)" \ - CC_LD="$( ((LLVM)) && echo lld)" \ - CXX_LD="$( ((LLVM)) && echo lld)" \ - DEB_BUILD_OPTIONS="$(awk '$1=$1' <<<"\ - $( ((WITH_TESTS)) || echo nocheck) \ - $( ((WITH_DOCS)) || echo nodoc) \ - $( ((WITH_DEBUG)) && echo debug || echo nostrip) \ - $( ! ((MESON_VERBOSE)) && echo terse) \ - optimize=-lto \ - hardening=-fortify \ - ")" \ - DEB_BUILD_PROFILES="$(awk '$1=$1' <<<"\ - $( ((WITH_TESTS)) || echo nocheck) \ - $( ((WITH_DOCS)) || echo nodoc) \ - pkg.systemd.upstream \ - ")" \ - DEB_CFLAGS_APPEND="$MKOSI_CFLAGS $CFLAGS" \ - DEB_CXXFLAGS_APPEND="$MKOSI_CFLAGS $CFLAGS" \ - DEB_LDFLAGS_APPEND="$MKOSI_LDFLAGS $LDFLAGS" \ - DPKG_FORCE="unsafe-io" \ - DPKG_DEB_COMPRESSOR_TYPE="none" \ - DH_MISSING="--fail-missing" \ - CONFFLAGS_UPSTREAM="$MKOSI_MESON_OPTIONS $MESON_OPTIONS" \ - GENSYMBOLS_LEVEL="$( ((LLVM)) && echo 0 || echo 1)" \ - dpkg-buildpackage \ - --no-pre-clean \ - --unsigned-changes \ - --build=binary - - EXIT_STATUS=$? - - # Make sure we don't reconfigure twice. - MKOSI_MESON_OPTIONS="${MKOSI_MESON_OPTIONS//"--wipe"/}" - - return $EXIT_STATUS -} - -if ! build; then - # debhelper installs files for each package to debian/<package> so we figure out which files were - # packaged by querying all the package names from debian/control and running find on each of the - # corresponding package directory in debian/. - grep "Package:" debian/control | - sed "s/Package: //" | - xargs -d '\n' -I {} sh -c "[ -d debian/{} ] && (cd debian/{} && find . ! -type d ! -path "*dh-exec*" -printf '%P\n')" | - # Remove compression suffix from compressed manpages as the manpages in debian/tmp will be uncompressed. - sed --regexp-extended 's/([0-9])\.gz$/\1/' | - sort --unique >/tmp/packaged-files - - # We figure out the installed files by running find on debian/tmp/ which contains the files installed - # by meson install. - (cd debian/tmp/ && find . ! -type d ! -path "*dh-exec*" -printf '%P\n') >/tmp/installed-files - - if [ -f debian/not-installed ]; then - grep --invert-match "^#" debian/not-installed >>/tmp/installed-files - fi - - sort --unique --output /tmp/installed-files /tmp/installed-files - - # We get all the installed files that were not packaged by finding entries in the installed file that are - # not in the packaged file. - comm -23 /tmp/installed-files /tmp/packaged-files > /tmp/unpackaged-files - # If there are no unpackaged files something else went wrong. - if [ ! -s /tmp/unpackaged-files ]; then - exit 1 - fi - - # Otherwise, we append the unpackaged files to the filelist for the systemd package and retry the build. - cat /tmp/unpackaged-files >>debian/systemd.install - build -fi - -( - shopt -s nullglob - rm -f "$BUILDDIR"/*.deb "$BUILDDIR"/*.ddeb - - cp ../*.deb ../*.ddeb "$PACKAGEDIR" - cp ../*.deb ../*.ddeb "$OUTPUTDIR" - cp ../*.deb ../*.ddeb "$BUILDDIR" - # These conflict with the packages that we actually want to install, so remove them - rm -f "$BUILDDIR"/systemd-standalone-*.deb "$BUILDDIR"/systemd-standalone-*.ddeb -) diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf deleted file mode 100644 index c6b8154..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf +++ /dev/null @@ -1,92 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=|debian -Distribution=|ubuntu - -[Content] -Environment= - GIT_URL=https://salsa.debian.org/systemd-team/systemd.git - GIT_SUBDIR=debian - GIT_BRANCH=ci/v256-stable - GIT_COMMIT=5f07b24c429e854db1afad5f14729804a46a59af - -VolatilePackages= - libnss-myhostname - libnss-mymachines - libnss-resolve - libnss-systemd - libpam-systemd - libsystemd-dev - libudev-dev - systemd - systemd-container - systemd-coredump - systemd-cryptsetup - systemd-dev - systemd-homed - systemd-journal-remote - systemd-oomd - systemd-repart - systemd-resolved - systemd-sysv - systemd-tests - systemd-timesyncd - systemd-ukify - systemd-userdbd - udev - -Packages= - ^libasan[0-9]+$ - ^libtss2-esys-[0-9.]+-0$ - ^libtss2-mu-[0-9.]+-0$ - ^libubsan[0-9]+$ - apt - bind9-dnsutils - cryptsetup-bin - dbus-broker - dbus-user-session - dmsetup - dpkg-dev - f2fs-tools - fdisk - git-core - gnutls-bin - iproute2 - iputils-ping - isc-dhcp-server - libcap-ng-utils - libclang-rt-dev - libtss2-rc0 - libtss2-tcti-device0 - locales - man-db - multipath-tools - netcat-openbsd - open-iscsi - openssh-client - openssh-server - passwd - policykit-1 - procps - psmisc - python3-pexpect - python3-psutil - quota - softhsm2 - squashfs-tools - stress - tgt - tpm2-tools - tzdata - xxd - -InitrdPackages= - libclang-rt-dev - tpm2-tools - -InitrdVolatilePackages= - systemd - systemd-cryptsetup - systemd-repart - udev diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/10-debug.conf b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/10-debug.conf deleted file mode 100644 index 2bb6164..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/10-debug.conf +++ /dev/null @@ -1,29 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Environment=WITH_DEBUG=1 - -[Content] -VolatilePackages= - libnss-myhostname-dbgsym - libnss-mymachines-dbgsym - libnss-resolve-dbgsym - libnss-systemd-dbgsym - libpam-systemd-dbgsym - libsystemd-shared-dbgsym - libsystemd0-dbgsym - libudev1-dbgsym - systemd-boot-dbgsym - systemd-container-dbgsym - systemd-coredump-dbgsym - systemd-cryptsetup-dbgsym - systemd-dbgsym - systemd-homed-dbgsym - systemd-journal-remote-dbgsym - systemd-oomd-dbgsym - systemd-repart-dbgsym - systemd-resolved-dbgsym - systemd-tests-dbgsym - systemd-timesyncd-dbgsym - systemd-userdbd-dbgsym - udev-dbgsym diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf deleted file mode 100644 index 781670a..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf +++ /dev/null @@ -1,16 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later -# sbsigntool exists only on UEFI architectures - -[Match] -Architecture=|x86 -Architecture=|x86-64 -Architecture=|arm -Architecture=|arm64 -Architecture=|riscv32 -Architecture=|riscv64 - -[Content] -Packages= - sbsigntool - systemd-boot - systemd-boot-efi diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf deleted file mode 100644 index 4fb4f46..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf +++ /dev/null @@ -1,7 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Environment=NO_BUILD=1 - -[Content] -WithNetwork=yes diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.postinst b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.postinst deleted file mode 100755 index 314f235..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.postinst +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e - -# By default Suggests are not installed (and often Recommends are disabled too), which means we will miss -# the dlopen optional dependencies, but the tests need them, so parse them from the package metadata and -# install them. This is not an issue when building locally, as the build and runtime images are the same, -# so they would get installed as build dependencies anyway. - -if [ "$1" = "build" ] || ! ((NO_BUILD)); then - exit 0 -fi - -# Query the Recommends and Suggests of all systemd packages, by matching on the version -systemd_version="$(dpkg-query --showformat '${Version}' --show systemd)" -mapfile -t systemd_packages < <( dpkg --list | grep '^ii' | grep "$systemd_version" | awk '{print $2}' | tr '\n' ' ' ) -extra_packages=() -# shellcheck disable=SC2068 -for package in ${systemd_packages[@]}; do - # We are looking for dlopens, so filter for libraries - mapfile -t -O "${#extra_packages[@]}" extra_packages < <(dpkg-query --showformat '${Suggests}' --show "$package" | sed -e "s/, /\n/g" -e "s/|.*//" | grep "lib") - mapfile -t -O "${#extra_packages[@]}" extra_packages < <(dpkg-query --showformat '${Recommends}' --show "$package" | sed -e "s/, /\n/g" -e "s/|.*//" | grep "lib") -done - -if [ "${#extra_packages[@]}" -eq 0 ]; then - exit 0 -fi - -apt install "${extra_packages[@]}" diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.prepare b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.prepare deleted file mode 100755 index 645671a..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.prepare +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e - -if [ "$1" = "build" ] || ((NO_BUILD)); then - exit 0 -fi - -# shellcheck source=/dev/null -. "$BUILDROOT/usr/lib/os-release" - -if [ ! -d "pkg/$ID/debian" ]; then - echo "deb rules not found at pkg/$ID/debian, run mkosi once with -ff to make sure the rules are cloned" >&2 - exit 1 -fi - -cd "pkg/$ID" -DEB_BUILD_PROFILES="pkg.systemd.upstream" apt-get build-dep . diff --git a/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf deleted file mode 100644 index 50dfa11..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf +++ /dev/null @@ -1,8 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=debian - -[Content] -Packages= - linux-perf diff --git a/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf.d/arm64.conf b/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf.d/arm64.conf deleted file mode 100644 index af923fa..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf.d/arm64.conf +++ /dev/null @@ -1,8 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Architecture=arm64 - -[Content] -Packages= - linux-image-cloud-arm64 diff --git a/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf.d/x86-64.conf b/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf.d/x86-64.conf deleted file mode 100644 index 615de52..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf.d/x86-64.conf +++ /dev/null @@ -1,8 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Architecture=x86-64 - -[Content] -Packages= - linux-image-cloud-amd64 diff --git a/mkosi.images/system/mkosi.conf.d/10-fedora/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-fedora/mkosi.conf deleted file mode 100644 index c4617d2..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-fedora/mkosi.conf +++ /dev/null @@ -1,19 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=fedora - -[Content] -Environment= - GIT_URL=https://src.fedoraproject.org/rpms/systemd.git - GIT_BRANCH=rawhide - GIT_COMMIT=f9fe17dbdee7242ccd4fd2858128c8952890bdb8 - -Packages= - compsize - dnf5 - f2fs-tools - scsi-target-utils - # Required for systemd-networkd-tests.py (netdevsim and sch_xxx modules) - kernel-modules-extra - kernel-modules-internal diff --git a/mkosi.images/system/mkosi.conf.d/10-opensuse/initrd/mkosi.postinst b/mkosi.images/system/mkosi.conf.d/10-opensuse/initrd/mkosi.postinst deleted file mode 100755 index 417132f..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-opensuse/initrd/mkosi.postinst +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e - -# OpenSUSE insists on blacklisting erofs by default because its supposedly a legacy filesystem. -# See https://github.com/openSUSE/suse-module-tools/pull/71 -rm -f "$BUILDROOT/usr/lib/modprobe.d/60-blacklist_fs-erofs.conf" diff --git a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.build.chroot b/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.build.chroot deleted file mode 100755 index 67481d0..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.build.chroot +++ /dev/null @@ -1,141 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e - -if ((NO_BUILD)); then - exit 0 -fi - -# shellcheck source=/dev/null -. /usr/lib/os-release -ID="${ID%-*}" - -if [ ! -f "pkg/$ID/systemd.spec" ]; then - echo "spec not found at pkg/$ID/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2 - exit 1 -fi - -if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then - TS="$(git show --no-patch --format=%ct HEAD)" -else - TS="${SOURCE_DATE_EPOCH:-$(date +%s)}" -fi - -# The openSUSE filelists hardcode the manpage compression extension. This causes rpmbuild errors since we -# disable manpage compression as the files cannot be found. Fix the issue by removing the compression -# extension. -find "pkg/$ID" -name "files.*" -exec sed --in-place 's/\.gz$//' {} \; - -if systemd-analyze compare-versions "$(rpm --version | cut -d ' ' -f3)" lt "4.20"; then - # Fix the %install override so debuginfo packages are generated. - tee --append /usr/lib/rpm/suse/macros <<'EOF' -%install %{debug_package}\ -%%install\ -%{nil} -EOF -fi - -VERSION="$(cat meson.version)" -RELEASE="$(date "+%Y%m%d%H%M%S" --date "@$TS")" - -DIST="$(rpm --eval %dist)" -ARCH="$(rpm --eval %_arch)" -SRCDEST="/usr/src/debug/systemd-$VERSION-${RELEASE}${DIST}.$ARCH" - -MKOSI_CFLAGS="-O0 -Wp,-U_FORTIFY_SOURCE" -if ((WITH_DEBUG)); then - MKOSI_CFLAGS="$MKOSI_CFLAGS -fdebug-prefix-map=../src=$SRCDEST" -fi -if ((LLVM)); then - # TODO: Remove -fno-sanitize-function when https://github.com/systemd/systemd/issues/29972 is fixed. - MKOSI_CFLAGS="$MKOSI_CFLAGS -shared-libasan -fno-sanitize=function" -fi - -MKOSI_LDFLAGS="$(rpm --eval "%{?build_ldflags}")" -if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then - MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(clang --print-file-name="")lib/linux" -fi - -# A macro can't have an empty body and currently opensuse does not specify any of its own linker flags so -# set LDFLAGS to %{nil} if there are no linker flags. -if [[ -z "${MKOSI_LDFLAGS// }" ]]; then - MKOSI_LDFLAGS="%{nil}" -fi - -MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}" -if ((WIPE)); then - MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe" -fi - -# TODO: Drop when the spec is fixed (either the patch is adapted or not applied when building for upstream). -sed --in-place '/0009-pid1-handle-console-specificities-weirdness-for-s390.patch/d' "pkg/$ID/systemd.spec" - -build() { - IFS= - # shellcheck disable=SC2046 - env \ - --unset CFLAGS \ - --unset CXXFLAGS \ - --unset LDFLAGS \ - CC="$( ((LLVM)) && echo clang || echo gcc)" \ - CXX="$( ((LLVM)) && echo clang++ || echo g++)" \ - CC_LD="$( ((LLVM)) && echo lld)" \ - CXX_LD="$( ((LLVM)) && echo lld)" \ - rpmbuild \ - -bb \ - --build-in-place \ - --with upstream \ - $( ((WITH_TESTS)) || echo "--nocheck") \ - --define "_topdir /var/tmp" \ - --define "_sourcedir pkg/$ID" \ - --define "_rpmdir $OUTPUTDIR" \ - ${BUILDDIR:+"--define=_vpath_builddir $BUILDDIR"} \ - --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \ - --define "_binary_payload w.ufdio" \ - $( ((WITH_DEBUG)) || echo "--define=debug_package %{nil}") \ - --define "vendor openSUSE" \ - --define "version_override $VERSION" \ - --define "release_override $RELEASE" \ - --define "__check_files sh -c '$(rpm --define "_topdir /var/tmp" --eval %__check_files) | tee /tmp/unpackaged-files'" \ - --define "build_cflags $(rpm --eval "%{?build_cflags}") $MKOSI_CFLAGS $CFLAGS" \ - --define "build_cxxflags $(rpm --eval "%{?build_cxxflags}") $MKOSI_CFLAGS $CFLAGS" \ - --define "build_ldflags $MKOSI_LDFLAGS $LDFLAGS" \ - $( ((MESON_VERBOSE)) || echo "--undefine=__meson_verbose") \ - --define "meson_extra_configure_options $MKOSI_MESON_OPTIONS $MESON_OPTIONS" \ - --define "__os_install_post /usr/lib/rpm/brp-suse %{nil}" \ - --define "__elf_exclude_path ^/usr/lib/systemd/tests/unit-tests/.*$" \ - --define "__script_requires %{nil}" \ - --define "_find_debuginfo_dwz_opts %{nil}" \ - --define "_fixperms true" \ - --noclean \ - "$@" \ - "pkg/$ID/systemd.spec" - - EXIT_STATUS=$? - - # Make sure we don't reconfigure twice. - MKOSI_MESON_OPTIONS="${MKOSI_MESON_OPTIONS//"--wipe"/}" - - return $EXIT_STATUS -} - -if ! build; then - if [ ! -s /tmp/unpackaged-files ]; then - exit 1 - fi - - # rpm will append to any existing systemd.lang so delete it explicitly so we don't get duplicate file - # warnings. - rm systemd.lang - - grep -v ".debug" /tmp/unpackaged-files >>"pkg/$ID/files.systemd" - build --noprep --nocheck -fi - -( - shopt -s nullglob - rm -f "$BUILDDIR"/*.rpm -) - -cp "$OUTPUTDIR"/*.rpm "$PACKAGEDIR" -cp "$OUTPUTDIR"/*.rpm "$BUILDDIR" diff --git a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf deleted file mode 100644 index e488b2d..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf +++ /dev/null @@ -1,100 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=opensuse - -[Config] -InitrdInclude=initrd/ - -[Content] -Environment= - GIT_URL=https://src.opensuse.org/rpm/systemd - GIT_BRANCH=devel - GIT_COMMIT=23bfa9d83b6e24a5395a704b816a351f3dc5b5316e580cacedd1b5d9e068c117 - -VolatilePackages= - systemd - systemd-boot - systemd-container - systemd-devel - systemd-doc - systemd-experimental - systemd-homed - systemd-lang - systemd-network - systemd-portable - systemd-sysvcompat - systemd-testsuite - udev - -# We install gawk, gzip, grep, xz, sed, rsync and docbook-xsl-stylesheets here explicitly so that the busybox -# versions don't get installed instead. -Packages= - bind-utils - bpftool - cryptsetup - device-mapper - dhcp-server - docbook-xsl-stylesheets - f2fs-tools - gawk - gcc-c++ - git-core - glibc-locale-base - gnutls - grep - group(bin) - group(daemon) - group(games) - group(nobody) - group(root) - gzip - iputils - kernel-default - kmod - libasan8 - libkmod2 - libubsan1 - multipath-tools - open-iscsi - openssh-clients - openssh-server - pam - patterns-base-minimal_base - perf - procps4 - psmisc - python3-pefile - python3-pexpect - python3-psutil - quota - rpm-build - rsync - sbsigntools - sed - shadow - softhsm - squashfs - tgt - timezone - tpm2.0-tools - user(bin) - user(daemon) - user(games) - user(nobody) - user(root) - veritysetup - vim - xz - zypper - -InitrdPackages= - clang - kmod - libkmod2 - tpm2.0-tools - -InitrdVolatilePackages= - systemd - udev - systemd-experimental diff --git a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf.d/10-debug.conf b/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf.d/10-debug.conf deleted file mode 100644 index 6c57d04..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf.d/10-debug.conf +++ /dev/null @@ -1,21 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Environment=WITH_DEBUG=1 - -[Content] -VolatilePackages= - libsystemd0-debuginfo - libudev1-debuginfo - systemd-boot-debuginfo - systemd-container-debuginfo - systemd-debuginfo - systemd-debugsource - systemd-experimental-debuginfo - systemd-homed-debuginfo - systemd-journal-remote-debuginfo - systemd-network-debuginfo - systemd-portable-debuginfo - systemd-sysvcompat-debuginfo - systemd-testsuite-debuginfo - udev-debuginfo diff --git a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.prepare b/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.prepare deleted file mode 100755 index c57aa87..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.prepare +++ /dev/null @@ -1,64 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e - -if [ "$1" = "build" ] || ((NO_BUILD)); then - exit 0 -fi - -# shellcheck source=/dev/null -. "$BUILDROOT/usr/lib/os-release" -ID="${ID%-*}" - -if [ ! -f "pkg/$ID/systemd.spec" ]; then - echo "spec not found at pkg/$ID/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2 - exit 1 -fi - -# TODO: Drop when the spec is fixed (either the patch is adapted or not applied when building for upstream). -sed --in-place '/0009-pid1-handle-console-specificities-weirdness-for-s390.patch/d' "pkg/$ID/systemd.spec" - -for DEPS in --requires --buildrequires; do - mkosi-chroot \ - rpmspec \ - --with upstream \ - --query \ - "$DEPS" \ - --define "_topdir /var/tmp" \ - --define "_sourcedir pkg/$ID" \ - "pkg/$ID/systemd.spec" | - grep --invert-match --regexp systemd --regexp /bin/sh --regexp "rpmlib(" --regexp udev | - sort --unique | - tee /tmp/buildrequires | - xargs --delimiter '\n' mkosi-install -done - -until mkosi-chroot \ - rpmbuild \ - -bd \ - --build-in-place \ - --with upstream \ - --define "_topdir /var/tmp" \ - --define "_sourcedir pkg/$ID" \ - --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \ - "pkg/$ID/systemd.spec" -do - EXIT_STATUS=$? - if [ $EXIT_STATUS -ne 11 ]; then - exit $EXIT_STATUS - fi - - mkosi-chroot \ - rpm \ - --query \ - --package \ - --requires \ - /var/tmp/SRPMS/systemd-*.buildreqs.nosrc.rpm | - grep --invert-match '^rpmlib(' | - sort --unique >/tmp/dynamic-buildrequires - - sort /tmp/buildrequires /tmp/dynamic-buildrequires | - uniq --unique | - tee --append /tmp/buildrequires | - xargs --delimiter '\n' mkosi-install -done diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf deleted file mode 100644 index 86f9736..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf +++ /dev/null @@ -1,10 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=ubuntu - -[Content] -Packages= - linux-image-generic - linux-tools-common - linux-tools-virtual diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf deleted file mode 100644 index 582f038..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf +++ /dev/null @@ -1,10 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later -# The ports Ubuntu archive is for non i386/amd64 repositories - -[Match] -Architecture=!x86-64 -Architecture=!x86 -Release=noble - -[Distribution] -PackageManagerTrees=noble-backports-ports.sources:/etc/apt/sources.list.d/noble-backports-ports.sources diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf deleted file mode 100644 index 7347be9..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf +++ /dev/null @@ -1,10 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later -# The main Ubuntu archive is only for i386/amd64 repositories - -[Match] -Architecture=|x86-64 -Architecture=|x86 -Release=noble - -[Distribution] -PackageManagerTrees=noble-backports.sources:/etc/apt/sources.list.d/noble-backports.sources diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports-ports.sources b/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports-ports.sources deleted file mode 100644 index 5b96dc5..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports-ports.sources +++ /dev/null @@ -1,6 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later -Types: deb -URIs: http://ports.ubuntu.com -Suites: noble-backports -Components: main universe -Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports.sources b/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports.sources deleted file mode 100644 index d10c1e8..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports.sources +++ /dev/null @@ -1,6 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later -Types: deb -URIs: http://archive.ubuntu.com/ubuntu -Suites: noble-backports -Components: main universe -Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg diff --git a/mkosi.images/system/mkosi.conf.d/20-images.conf b/mkosi.images/system/mkosi.conf.d/20-images.conf deleted file mode 100644 index 8641984..0000000 --- a/mkosi.images/system/mkosi.conf.d/20-images.conf +++ /dev/null @@ -1,22 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Format=!none - -[Config] -Dependencies= - exitrd - minimal-base - minimal-0 - minimal-1 - -[Content] -ExtraTrees= - %O/minimal-0.root-%a.raw:/usr/share/minimal_0.raw - %O/minimal-0.root-%a-verity.raw:/usr/share/minimal_0.verity - %O/minimal-0.root-%a-verity-sig.raw:/usr/share/minimal_0.verity.sig - %O/minimal-1.root-%a.raw:/usr/share/minimal_1.raw - %O/minimal-1.root-%a-verity.raw:/usr/share/minimal_1.verity - %O/minimal-1.root-%a-verity-sig.raw:/usr/share/minimal_1.verity.sig - %O/minimal-base:/usr/share/TEST-13-NSPAWN-container-template - %O/exitrd:/exitrd diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.conf deleted file mode 100644 index 8c1920b..0000000 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.conf +++ /dev/null @@ -1,15 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Profile=particle - -[Output] -RepartDirectories= -RepartDirectories=mkosi.repart - -[Validation] -@SecureBoot=yes -@SignExpectedPcr=yes - -[Host] -@RuntimeSize=8G diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/15-swap.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/15-swap.conf deleted file mode 100644 index 3755278..0000000 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/15-swap.conf +++ /dev/null @@ -1,6 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Partition] -Type=swap -SizeMinBytes=100M -SizeMaxBytes=100M diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/20-root.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/20-root.conf deleted file mode 100644 index 2f92af2..0000000 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/20-root.conf +++ /dev/null @@ -1,6 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Partition] -Type=root -Format=btrfs -SizeMinBytes=1G diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf deleted file mode 100644 index dac79ba..0000000 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf +++ /dev/null @@ -1,3 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -C+! /etc - - - - /usr/share/factory/mkosi diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.finalize b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.finalize deleted file mode 100755 index 69f9554..0000000 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.finalize +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e - -mkdir -p "$BUILDROOT"/usr/share/factory/mkosi -cp --archive --recursive --no-target-directory --reflink=auto "$BUILDROOT"/etc "$BUILDROOT"/usr/share/factory/mkosi diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.postinst.chroot b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.postinst.chroot deleted file mode 100755 index 95e0552..0000000 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.postinst.chroot +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e - -# sbsign is not available on CentOS Stream -if command -v sbsign &>/dev/null; then - # Ensure that side-loaded PE addons are loaded if signed, and ignored if not - addons_dir=/efi/loader/addons - mkdir -p "$addons_dir" - ukify build --secureboot-private-key mkosi.key --secureboot-certificate mkosi.crt --cmdline this_should_be_here -o "$addons_dir/good.addon.efi" - ukify build --cmdline this_should_not_be_here -o "$addons_dir/bad.addon.efi" -fi diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/00-esp.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/00-esp.conf deleted file mode 100644 index 391543d..0000000 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/00-esp.conf +++ /dev/null @@ -1,9 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Partition] -Type=esp -Format=vfat -CopyFiles=/boot:/ -CopyFiles=/efi:/ -SizeMinBytes=1G -SizeMaxBytes=1G diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/10-usr.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/10-usr.conf deleted file mode 100644 index 343761d..0000000 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/10-usr.conf +++ /dev/null @@ -1,9 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Partition] -Type=usr -Format=erofs -CopyFiles=/usr:/ -Verity=data -VerityMatchKey=usr -Minimize=yes diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/11-usr-verity.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/11-usr-verity.conf deleted file mode 100644 index b4d45dd..0000000 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/11-usr-verity.conf +++ /dev/null @@ -1,7 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Partition] -Type=usr-verity -Verity=hash -VerityMatchKey=usr -Minimize=yes diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/12-usr-verity-sig.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/12-usr-verity-sig.conf deleted file mode 100644 index 1841d0a..0000000 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/12-usr-verity-sig.conf +++ /dev/null @@ -1,6 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Partition] -Type=usr-verity-sig -Verity=signature -VerityMatchKey=usr diff --git a/mkosi.images/system/mkosi.extra/.autorelabel b/mkosi.images/system/mkosi.extra/.autorelabel deleted file mode 100644 index bd4fba4..0000000 --- a/mkosi.images/system/mkosi.extra/.autorelabel +++ /dev/null @@ -1 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later diff --git a/mkosi.images/system/mkosi.extra/etc/iscsi/iscsid.conf b/mkosi.images/system/mkosi.extra/etc/iscsi/iscsid.conf deleted file mode 100644 index fcf4cd9..0000000 --- a/mkosi.images/system/mkosi.extra/etc/iscsi/iscsid.conf +++ /dev/null @@ -1,3 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -iscsid.startup = /usr/bin/systemctl start iscsid.socket diff --git a/mkosi.images/system/mkosi.extra/etc/issue b/mkosi.images/system/mkosi.extra/etc/issue deleted file mode 100644 index 6aa6fc0..0000000 --- a/mkosi.images/system/mkosi.extra/etc/issue +++ /dev/null @@ -1,2 +0,0 @@ -\S (built from systemd tree) -Kernel \r on an \m (\l) diff --git a/mkosi.images/system/mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf b/mkosi.images/system/mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf deleted file mode 100644 index 657ac72..0000000 --- a/mkosi.images/system/mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf +++ /dev/null @@ -1,4 +0,0 @@ -# Ubuntu since Noble disables unprivileged user namespaces by default, re-enable them as they are needed -# for integration tests -kernel.apparmor_restrict_unprivileged_unconfined = 0 -kernel.apparmor_restrict_unprivileged_userns = 0 diff --git a/mkosi.images/system/mkosi.extra/usr/lib/systemd/journald.conf.d/ratelimit.conf b/mkosi.images/system/mkosi.extra/usr/lib/systemd/journald.conf.d/ratelimit.conf deleted file mode 100644 index 3baede4..0000000 --- a/mkosi.images/system/mkosi.extra/usr/lib/systemd/journald.conf.d/ratelimit.conf +++ /dev/null @@ -1,5 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Journal] -RateLimitIntervalSec=0 -RateLimitBurst=0 diff --git a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system-preset/00-mkosi.preset b/mkosi.images/system/mkosi.extra/usr/lib/systemd/system-preset/00-mkosi.preset deleted file mode 100644 index c364058..0000000 --- a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system-preset/00-mkosi.preset +++ /dev/null @@ -1,41 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -# mkosi adds its own ssh units via the --ssh switch so disable the default ones. -disable ssh.service -disable sshd.service - -# These are started manually in integration tests so don't start them by default. -disable dnsmasq.service -disable isc-dhcp-server.service -disable isc-dhcp-server6.service - -# Pulled in via dracut-network by kexec-tools on Fedora. -disable NetworkManager* - -# Make sure dbus-broker is started by default on Debian/Ubuntu. -enable dbus-broker.service - -# systemd-networkd is disabled by default on Fedora so make sure it is enabled. -enable systemd-networkd.service -enable systemd-networkd-wait-online.service - -# systemd-resolved is disable by default on CentOS so make sure it is enabled. -enable systemd-resolved.service - -# We install dnf in some images but it's only going to be used rarely, -# so let's not have dnf create its cache. -disable dnf-makecache.* - -# We have journald to receive audit data so let's make sure we're not running auditd as well -disable auditd.service - -# systemd-timesyncd is not enabled by default in the default systemd preset so enable it here instead. -enable systemd-timesyncd.service - -# Skipped if selinux is not enabled, required for TEST-06-SELINUX. -enable autorelabel.service - -# Enabled by default on OpenSUSE and not conditioned out in containers, so let's disable these here instead. -disable iscsi.service -disable iscsid.socket -disable iscsiuio.socket diff --git a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system-preset/99-mkosi.preset b/mkosi.images/system/mkosi.extra/usr/lib/systemd/system-preset/99-mkosi.preset deleted file mode 100644 index 710ee7c..0000000 --- a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system-preset/99-mkosi.preset +++ /dev/null @@ -1,4 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -# Make sure that services are disabled by default (primarily for Debian/Ubuntu). -disable * diff --git a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system/iscsi-init.service.d/asan.conf b/mkosi.images/system/mkosi.extra/usr/lib/systemd/system/iscsi-init.service.d/asan.conf deleted file mode 100644 index ebf7899..0000000 --- a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system/iscsi-init.service.d/asan.conf +++ /dev/null @@ -1,7 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -# The iscsi-init.service calls `sh` which might, in certain circumstances, pull in instrumented systemd NSS -# modules causing `sh` to fail. Avoid the issue by setting LD_PRELOAD to load the sanitizer libraries if -# needed. -[Service] -EnvironmentFile=-/usr/lib/systemd/systemd-asan-env diff --git a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system/user@.service.d/99-SYSTEMD_UNIT_PATH.conf b/mkosi.images/system/mkosi.extra/usr/lib/systemd/system/user@.service.d/99-SYSTEMD_UNIT_PATH.conf deleted file mode 100644 index d0093b7..0000000 --- a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system/user@.service.d/99-SYSTEMD_UNIT_PATH.conf +++ /dev/null @@ -1,4 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Service] -PassEnvironment=SYSTEMD_UNIT_PATH diff --git a/mkosi.images/system/mkosi.extra/usr/lib/tmpfiles.d/locale.conf b/mkosi.images/system/mkosi.extra/usr/lib/tmpfiles.d/locale.conf deleted file mode 100644 index e1a8e81..0000000 --- a/mkosi.images/system/mkosi.extra/usr/lib/tmpfiles.d/locale.conf +++ /dev/null @@ -1 +0,0 @@ -L /etc/default/locale - - - - ../locale.conf diff --git a/mkosi.images/system/mkosi.extra/usr/share/dbus-1/system.d/systemd.test.ExecStopPost.conf b/mkosi.images/system/mkosi.extra/usr/share/dbus-1/system.d/systemd.test.ExecStopPost.conf deleted file mode 100644 index ddd36ed..0000000 --- a/mkosi.images/system/mkosi.extra/usr/share/dbus-1/system.d/systemd.test.ExecStopPost.conf +++ /dev/null @@ -1,13 +0,0 @@ -<?xml version="1.0"?> -<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" - "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> - -<!-- - SPDX-License-Identifier: LGPL-2.1-or-later ---> - -<busconfig> - <policy user="root"> - <allow own="systemd.test.ExecStopPost"/> - </policy> -</busconfig> diff --git a/mkosi.images/system/mkosi.postinst.chroot b/mkosi.images/system/mkosi.postinst.chroot deleted file mode 100755 index 4686802..0000000 --- a/mkosi.images/system/mkosi.postinst.chroot +++ /dev/null @@ -1,172 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e -set -o nounset - -useradd --uid 4711 --create-home --user-group testuser - -if command -v authselect >/dev/null; then - # authselect 1.5.0 renamed the minimal profile to the local profile without keeping backwards compat so - # let's use the new name if it exists. - if [ -d /usr/share/authselect/default/local ]; then - PROFILE=local - else - PROFILE=minimal - fi - - authselect select "$PROFILE" - - if authselect list-features "$PROFILE" | grep -q "with-homed"; then - authselect enable-feature with-homed - fi -fi - -# Let tmpfiles.d/systemd-resolve.conf handle the symlink. /etc/resolv.conf might be mounted over so undo that -# if that's the case. -mountpoint -q /etc/resolv.conf && umount /etc/resolv.conf -rm -f /etc/resolv.conf - -for f in "$BUILDROOT"/usr/share/*.verity.sig; do - jq --join-output '.rootHash' "$f" >"${f%.verity.sig}.roothash" -done - -# We want /var/log/journal to be created on first boot so it can be created with the right chattr settings by -# systemd-journald. -rm -r "$BUILDROOT/var/log/journal" - -rm -f /etc/nsswitch.conf -cp "$SRCDIR/factory/etc/nsswitch.conf" /etc/nsswitch.conf - -# Remove to make TEST-73-LOCALE pass on Ubuntu. -rm -f /etc/default/keyboard - -# This is executed inside the chroot so no need to disable any features as the default features will match -# the kernel's supported features. -SYSTEMD_REPART_MKFS_OPTIONS_EXT4="" \ - systemd-repart \ - --empty=create \ - --dry-run=no \ - --size=auto \ - --offline=true \ - --root test/TEST-24-CRYPTSETUP \ - --definitions test/TEST-24-CRYPTSETUP/keydev.repart \ - "$OUTPUTDIR/keydev.raw" - -can_test_pkcs11() { - if ! command -v "softhsm2-util" >/dev/null; then - echo "softhsm2-util not available, skipping the PKCS#11 test" >&2 - return 1 - fi - if ! command -v "pkcs11-tool" >/dev/null; then - echo "pkcs11-tool not available, skipping the PKCS#11 test" >&2 - return 1 - fi - if ! command -v "certtool" >/dev/null; then - echo "certtool not available, skipping the PKCS#11 test" >&2 - return 1 - fi - if ! systemctl --version | grep -q "+P11KIT"; then - echo "Support for p11-kit is disabled, skipping the PKCS#11 test" >&2 - return 1 - fi - if ! systemctl --version | grep -q "+OPENSSL"; then - echo "Support for openssl is disabled, skipping the PKCS#11 test" >&2 - return 1 - fi - if ! systemctl --version | grep -q "+LIBCRYPTSETUP\b"; then - echo "Support for libcryptsetup is disabled, skipping the PKCS#11 test" >&2 - return 1 - fi - if ! systemctl --version | grep -q "+LIBCRYPTSETUP_PLUGINS"; then - echo "Support for libcryptsetup plugins is disabled, skipping the PKCS#11 test" >&2 - return 1 - fi - - return 0 -} - -setup_pkcs11_token() { - echo "Setup PKCS#11 token" >&2 - local P11_MODULE_CONFIGS_DIR P11_MODULE_DIR SOFTHSM_MODULE - - export SOFTHSM2_CONF="/tmp/softhsm2.conf" - mkdir -p /usr/lib/softhsm/tokens/ - cat >$SOFTHSM2_CONF <<EOF -directories.tokendir = /usr/lib/softhsm/tokens/ -objectstore.backend = file -slots.removable = false -slots.mechanisms = ALL -EOF - export GNUTLS_PIN="1234" - export GNUTLS_SO_PIN="12345678" - softhsm2-util --init-token --free --label "TestToken" --pin "$GNUTLS_PIN" --so-pin "$GNUTLS_SO_PIN" - - if ! P11_MODULE_CONFIGS_DIR=$(pkg-config --variable=p11_module_configs p11-kit-1); then - echo "WARNING! Cannot get p11_module_configs from p11-kit-1.pc, assuming /usr/share/p11-kit/modules" >&2 - P11_MODULE_CONFIGS_DIR="/usr/share/p11-kit/modules" - fi - - if ! P11_MODULE_DIR=$(pkg-config --variable=p11_module_path p11-kit-1); then - echo "WARNING! Cannot get p11_module_path from p11-kit-1.pc, assuming /usr/lib/pkcs11" >&2 - P11_MODULE_DIR="/usr/lib/pkcs11" - fi - - SOFTHSM_MODULE=$(grep -F 'module:' "$P11_MODULE_CONFIGS_DIR/softhsm2.module"| cut -d ':' -f 2| xargs) - if [[ "$SOFTHSM_MODULE" =~ ^[^/] ]]; then - SOFTHSM_MODULE="$P11_MODULE_DIR/$SOFTHSM_MODULE" - fi - - # RSA ##################################################### - pkcs11-tool --module "$SOFTHSM_MODULE" --token-label "TestToken" --pin "env:GNUTLS_PIN" --so-pin "env:GNUTLS_SO_PIN" --keypairgen --key-type "RSA:2048" --label "RSATestKey" --usage-decrypt - - certtool --generate-self-signed \ - --load-privkey="pkcs11:token=TestToken;object=RSATestKey;type=private" \ - --load-pubkey="pkcs11:token=TestToken;object=RSATestKey;type=public" \ - --template "test/TEST-24-CRYPTSETUP/template.cfg" \ - --outder --outfile "/tmp/rsa_test.crt" - - pkcs11-tool --module "$SOFTHSM_MODULE" --token-label "TestToken" --pin "env:GNUTLS_PIN" --so-pin "env:GNUTLS_SO_PIN" --write-object "/tmp/rsa_test.crt" --type cert --label "RSATestKey" - rm "/tmp/rsa_test.crt" - - # prime256v1 ############################################## - pkcs11-tool --module "$SOFTHSM_MODULE" --token-label "TestToken" --pin "env:GNUTLS_PIN" --so-pin "env:GNUTLS_SO_PIN" --keypairgen --key-type "EC:prime256v1" --label "ECTestKey" --usage-derive - - certtool --generate-self-signed \ - --load-privkey="pkcs11:token=TestToken;object=ECTestKey;type=private" \ - --load-pubkey="pkcs11:token=TestToken;object=ECTestKey;type=public" \ - --template "test/TEST-24-CRYPTSETUP/template.cfg" \ - --outder --outfile "/tmp/ec_test.crt" - - pkcs11-tool --module "$SOFTHSM_MODULE" --token-label "TestToken" --pin "env:GNUTLS_PIN" --so-pin "env:GNUTLS_SO_PIN" --write-object "/tmp/ec_test.crt" --type cert --label "ECTestKey" - rm "/tmp/ec_test.crt" - - ########################################################### - rm "$SOFTHSM2_CONF" - unset SOFTHSM2_CONF - - cat >/etc/softhsm2.conf <<EOF -directories.tokendir = /usr/lib/softhsm/tokens/ -objectstore.backend = file -slots.removable = false -slots.mechanisms = ALL -log.level = INFO -EOF - - mkdir -p /etc/systemd/system/systemd-cryptsetup@.service.d - cat >/etc/systemd/system/systemd-cryptsetup@.service.d/PKCS11.conf <<EOF -[Unit] -# Make sure we can start systemd-cryptsetup@empty_pkcs11_auto.service many times -StartLimitBurst=10 - -[Service] -Environment="SOFTHSM2_CONF=/etc/softhsm2.conf" -Environment="PIN=$GNUTLS_PIN" -EOF - - unset GNUTLS_PIN - unset GNUTLS_SO_PIN -} - -if can_test_pkcs11; then - setup_pkcs11_token -fi diff --git a/mkosi.images/system/mkosi.repart/00-esp.conf b/mkosi.images/system/mkosi.repart/00-esp.conf deleted file mode 100644 index 391543d..0000000 --- a/mkosi.images/system/mkosi.repart/00-esp.conf +++ /dev/null @@ -1,9 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Partition] -Type=esp -Format=vfat -CopyFiles=/boot:/ -CopyFiles=/efi:/ -SizeMinBytes=1G -SizeMaxBytes=1G diff --git a/mkosi.images/system/mkosi.repart/10-root.conf b/mkosi.images/system/mkosi.repart/10-root.conf deleted file mode 100644 index 3c25dbf..0000000 --- a/mkosi.images/system/mkosi.repart/10-root.conf +++ /dev/null @@ -1,8 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Partition] -Type=root -Format=btrfs -CopyFiles=/ -SizeMinBytes=8G -SizeMaxBytes=8G diff --git a/mkosi.images/system/mkosi.sanitizers.chroot b/mkosi.images/system/mkosi.sanitizers.chroot deleted file mode 100755 index 524e3da..0000000 --- a/mkosi.images/system/mkosi.sanitizers.chroot +++ /dev/null @@ -1,127 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e -set -o nounset - -if [[ -z "${SANITIZERS:-}" ]]; then - exit 0 -fi - -# Sanitizers log to stderr by default. However, journald's stderr is connected to /dev/null, so we lose -# all the sanitizer logs. To rectify that, let's connect journald's stdout to kmsg so that the sanitizer -# failures end up in the journal. -mkdir -p /etc/systemd/system/systemd-journald.service.d -cat >/etc/systemd/system/systemd-journald.service.d/10-stdout-tty.conf <<EOF -[Service] -StandardOutput=kmsg -EOF - -# ASAN and syscall filters aren't compatible with each other. -find /usr /etc -name '*.service' -type f -exec sed -i 's/^\(MemoryDeny\|SystemCall\)/# \1/' {} + - -# 'systemd-hwdb update' takes > 50s when built with sanitizers so let's not run it by default. -systemctl mask systemd-hwdb-update.service - -ASAN_RT_PATH="$(grep libasan.so < <(ldd /usr/lib/systemd/systemd) | cut -d ' ' -f 3)" -if [[ -z "$ASAN_RT_PATH" ]]; then - ASAN_RT_PATH="$(grep libclang_rt.asan < <(ldd /usr/lib/systemd/systemd) | cut -d ' ' -f 3)" - - # As clang's ASan DSO is usually in a non-standard path, let's check if the RUNPATH is set accordingly. - if ldd /usr/lib/systemd/systemd | grep -q "libclang_rt.asan.*not found"; then - echo >&2 "clang's ASan DSO libclang_rt.asan is not present in the runtime library path" - exit 1 - fi -fi -if [[ -z "$ASAN_RT_PATH" ]]; then - echo >&2 "systemd is not linked against the ASan DSO" - echo >&2 "gcc does this by default, for clang compile with -shared-libasan" - exit 1 -fi - -wrap=( - /usr/lib/polkit-1/polkitd - /usr/libexec/polkit-1/polkitd - agetty - btrfs - capsh - chgrp - chown - cryptsetup - curl - dbus-broker-launch - dbus-daemon - delv - dhcpd - dig - dmsetup - dnsmasq - findmnt - getent - getfacl - id - integritysetup - iscsid - kpartx - logger - login - ls - lsblk - lvm - mdadm - mkfs.btrfs - mkfs.erofs - mkfs.ext4 - mkfs.vfat - mkfs.xfs - mksquashfs - mkswap - multipath - multipathd - nvme - p11-kit - pkill - ps - setfacl - setpriv - sshd - stat - su - tar - tgtd - useradd - userdel - veritysetup -) - -for bin in "${wrap[@]}"; do - if ! command -v "$bin" >/dev/null; then - continue - fi - - if [[ "$bin" == getent ]]; then - enable_lsan=1 - else - enable_lsan=0 - fi - - target="$(command -v "$bin")" - - mv "$target" "$target.orig" - - cat >"$target" <<EOF -#!/bin/bash -# Preload the ASan runtime DSO, otherwise ASAn will complain -export LD_PRELOAD="$ASAN_RT_PATH" -# Disable LSan to speed things up, since we don't care about leak reports -# from 'external' binaries -export ASAN_OPTIONS=detect_leaks=$enable_lsan -# Set argv[0] to the original binary name without the ".orig" suffix -exec -a "\$0" -- "${target}.orig" "\$@" -EOF - chmod +x "$target" -done - -cat >/usr/lib/systemd/systemd-asan-env <<EOF -LD_PRELOAD=$ASAN_RT_PATH -LSAN_OPTIONS=detect_leaks=0 -EOF diff --git a/mkosi.images/system/mkosi.sync b/mkosi.images/system/mkosi.sync deleted file mode 100755 index d56ddf5..0000000 --- a/mkosi.images/system/mkosi.sync +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e -set -o nounset - -if ((${NO_SYNC:-0})); then - exit 0 -fi - -PKG_SUBDIR="$(realpath --canonicalize-missing "pkg/$DISTRIBUTION" --relative-to "$PWD")" - -if [[ -d "$PKG_SUBDIR/.git" ]]; then - if [[ "$(git -C "$PKG_SUBDIR" rev-parse HEAD)" == "$GIT_COMMIT" ]]; then - exit 0 - fi - - # If work is being done on the packaging rules in a separate branch, don't touch the checkout. - if ! git -C "$PKG_SUBDIR" merge-base --is-ancestor HEAD "origin/$GIT_BRANCH"; then - EXIT_STATUS=$? - if [[ $EXIT_STATUS -eq 1 ]]; then - exit 0 - else - exit $EXIT_STATUS - fi - fi -fi - -if [[ ! -e "$PKG_SUBDIR" ]] || [[ -z "$(ls --almost-all "$PKG_SUBDIR")" ]]; then - # The repository on Salsa has the full upstream sources, so it's a waste of - # space to redownload and duplicate everything, so do a sparse checkout as - # we only need the packaging directory anyway. - if [[ -n "${GIT_SUBDIR:-}" ]]; then - sparse=(--no-checkout --filter=tree:0) - else - sparse=() - fi - - git clone "$GIT_URL" --branch "$GIT_BRANCH" "${sparse[@]}" "$PKG_SUBDIR" - if [[ -n "${GIT_SUBDIR:-}" ]]; then - # --no-cone is needed to check out only one top-level directory - git -C "$PKG_SUBDIR" sparse-checkout set --no-cone "${GIT_SUBDIR:-}" - fi -else - git -C "$PKG_SUBDIR" remote set-url origin "$GIT_URL" - git -C "$PKG_SUBDIR" fetch origin "$GIT_BRANCH" -fi - -git -C "$PKG_SUBDIR" -c advice.detachedHead=false checkout "$GIT_COMMIT" |