summaryrefslogtreecommitdiffstats
path: root/mkosi.images/base/mkosi.build.chroot
diff options
context:
space:
mode:
Diffstat (limited to '')
-rwxr-xr-xmkosi.images/base/mkosi.build.chroot224
1 files changed, 0 insertions, 224 deletions
diff --git a/mkosi.images/base/mkosi.build.chroot b/mkosi.images/base/mkosi.build.chroot
deleted file mode 100755
index 02dcbc7..0000000
--- a/mkosi.images/base/mkosi.build.chroot
+++ /dev/null
@@ -1,224 +0,0 @@
-#!/bin/bash
-# SPDX-License-Identifier: LGPL-2.1-or-later
-set -e
-
-# This is a build script for OS image generation using mkosi (https://github.com/systemd/mkosi).
-# Simply invoke "mkosi" in the project directory to build an OS image.
-
-# We don't want to install our build of systemd in the base image, but use it as an extra tree for the
-# initrd and system images, so override DESTDIR to store it in the output directory so we can reference it as
-# an extra tree in the initrd and system image builds.
-DESTDIR="$OUTPUTDIR/systemd"
-
-# If mkosi.builddir/ exists mkosi will set $BUILDDIR to it, let's then use it
-# as out-of-tree build dir. Otherwise, let's make up our own builddir.
-[ -z "$BUILDDIR" ] && BUILDDIR="$PWD"/build
-
-# Let's make sure we're using stuff from the build directory first if available there.
-PATH="$BUILDDIR:$PATH"
-export PATH
-
-# The bpftool script shipped by Ubuntu tries to find the actual program to run via querying `uname -r` and
-# using the current kernel version. This obviously doesn't work in containers. As a workaround, we override
-# the ubuntu script with a symlink to the first bpftool program we can find.
-for bpftool in /usr/lib/linux-tools/*/bpftool; do
- [ -x "$bpftool" ] || continue
- ln -sf "$bpftool" "$BUILDDIR"/bpftool
- break
-done
-
-# CentOS Stream 8 includes bpftool 4.18.0 which is lower than what we need. However, they've backported the
-# specific feature we need ("gen skeleton") to this version, so we replace bpftool with a script that reports
-# version 5.6.0 to satisfy meson which makes bpf work on CentOS Stream 8 as well.
-. /usr/lib/os-release
-if [ "$ID" = "centos" ] && [ "$VERSION" = "8" ]; then
- cat >"$BUILDDIR"/bpftool <<EOF
-#!/bin/sh
-if [ "\$1" = --version ]; then
- echo 5.6.0
-else
- exec /usr/sbin/bpftool \$@
-fi
-EOF
- chmod +x "$BUILDDIR"/bpftool
-fi
-
-if [ ! -f "$BUILDDIR"/build.ninja ]; then
- sysvinit_path=$(realpath /etc/init.d)
-
- if [ "$ID" = "centos" ] && [ "$VERSION" = "8" ]; then
- UKIFY="disabled"
- else
- UKIFY="enabled"
- fi
-
- # On Debian 'loadkeys us' fails
- if [ "$ID" = "debian" ] || [ "$ID_LIKE" = "debian" ]; then
- DEFAULT_KEYMAP=""
- else
- DEFAULT_KEYMAP="us"
- fi
-
- CONFIGURE_OPTS=(
- -D sysvinit-path="$sysvinit_path"
- -D man=disabled
- -D translations=false
- -D version-tag="${VERSION_TAG}"
- -D mode=developer
- -D b_sanitize="${SANITIZERS:-none}"
- -D install-tests=true
- -D tests=unsafe
- -D slow-tests="${SLOW_TESTS:-false}"
- -D create-log-dirs=false
- -D pamconfdir=no
- -D utmp=true
- -D hibernate=true
- -D ldconfig=true
- -D resolve=true
- -D efi=true
- -D tpm=true
- -D environment-d=true
- -D binfmt=true
- -D repart=enabled
- -D sysupdate=enabled
- -D coredump=true
- -D pstore=true
- -D oomd=true
- -D logind=true
- -D hostnamed=true
- -D localed=true
- -D machined=true
- -D portabled=true
- -D sysext=true
- -D userdb=true
- -D homed=enabled
- -D networkd=true
- -D timedated=true
- -D timesyncd=true
- -D remote=enabled
- -D nss-myhostname=true
- -D nss-mymachines=enabled
- -D nss-resolve=enabled
- -D nss-systemd=true
- -D firstboot=true
- -D randomseed=true
- -D backlight=true
- -D vconsole=true
- -D quotacheck=true
- -D sysusers=true
- -D tmpfiles=true
- -D importd=enabled
- -D hwdb=true
- -D rfkill=true
- -D xdg-autostart=true
- -D translations=true
- -D polkit=enabled
- -D acl=enabled
- -D audit=enabled
- -D blkid=enabled
- -D fdisk=enabled
- -D kmod=enabled
- -D pam=enabled
- -D pwquality=enabled
- -D microhttpd=enabled
- -D libcryptsetup=enabled
- -D libcurl=enabled
- -D idn=true
- -D libidn2=enabled
- -D qrencode=enabled
- -D gcrypt=enabled
- -D gnutls=enabled
- -D openssl=enabled
- -D cryptolib=openssl
- -D p11kit=enabled
- -D libfido2=enabled
- -D tpm2=enabled
- -D elfutils=enabled
- -D zstd=enabled
- -D xkbcommon=enabled
- -D pcre2=enabled
- -D glib=enabled
- -D dbus=enabled
- -D bootloader=enabled
- -D kernel-install=true
- -D analyze=true
- -D bpf-framework=enabled
- -D ukify="$UKIFY"
- -D seccomp=enabled
- -D selinux=auto
- -D apparmor=auto
- -D smack=true
- -D ima=true
- -D first-boot-full-preset=true
- -D initrd=true
- -D fexecve=true
- -D default-keymap="$DEFAULT_KEYMAP"
- )
-
- # On debian-like systems the library directory is not /usr/lib64 but /usr/lib/<arch-triplet>/.
- # It is important to use the right one especially for cryptsetup plugins, otherwise they will be
- # installed in the wrong directory and not be found by cryptsetup. Assume native build.
- if grep -q -e "ID=debian" -e "ID_LIKE=debian" /usr/lib/os-release && command -v dpkg 2>/dev/null; then
- CONFIGURE_OPTS+=(
- -D libdir="/usr/lib/$(dpkg-architecture -qDEB_HOST_MULTIARCH)"
- -D pamlibdir="/usr/lib/$(dpkg-architecture -qDEB_HOST_MULTIARCH)/security"
- )
- fi
-
- # Set various uids and gids for which Fedora has "soft static" allocations.
- # Without this, we would get warning about mismatched sysusers.d entries
- # between the files that we and Fedora's setup package install.
- if grep -q '^ID=fedora' /usr/lib/os-release; then
- CONFIGURE_OPTS+=(
- -Dadm-gid=4
- -Daudio-gid=63
- -Dcdrom-gid=11
- -Ddialout-gid=18
- -Ddisk-gid=6
- -Dinput-gid=104
- -Dkmem-gid=9
- -Dkvm-gid=36
- -Dlp-gid=7
- -Drender-gid=105
- -Dsgx-gid=106
- -Dtape-gid=33
- -Dtty-gid=5
- -Dusers-gid=100
- -Dutmp-gid=22
- -Dvideo-gid=39
- -Dwheel-gid=10
- -Dsystemd-journal-gid=190
- -Dsystemd-network-uid=192
- -Dsystemd-resolve-uid=193
- )
- fi
-
- ( set -x; meson setup "$BUILDDIR" "$SRCDIR" "${CONFIGURE_OPTS[@]}" )
-fi
-
-( set -x; ninja -C "$BUILDDIR" "$@" )
-if [ "$WITH_TESTS" = 1 ]; then
- if [ -n "$SANITIZERS" ]; then
- export ASAN_OPTIONS="$MKOSI_ASAN_OPTIONS"
- export UBSAN_OPTIONS="$MKOSI_UBSAN_OPTIONS"
- TIMEOUT_MULTIPLIER=3
- else
- TIMEOUT_MULTIPLIER=1
- fi
-
- ( set -x; meson test -C "$BUILDDIR" --print-errorlogs --timeout-multiplier=$TIMEOUT_MULTIPLIER )
-fi
-
-( set -x; meson install -C "$BUILDDIR" --quiet --no-rebuild --only-changed )
-
-# Ensure that side-loaded PE addons are loaded if signed, and ignored if not
-if [ -d "${DESTDIR}/boot/loader" ]; then
- addons_dir="${DESTDIR}/boot/loader/addons"
-elif [ -d "${DESTDIR}/efi/loader" ]; then
- addons_dir="${DESTDIR}/efi/loader/addons"
-fi
-if [ -n "${addons_dir}" ]; then
- mkdir -p "${addons_dir}"
- ukify --secureboot-private-key mkosi.secure-boot.key --secureboot-certificate mkosi.secure-boot.crt --cmdline this_should_be_here -o "${addons_dir}/good.addon.efi"
- ukify --cmdline this_should_not_be_here -o "${addons_dir}/bad.addon.efi"
-fi