diff options
Diffstat (limited to 'mkosi.images/system/mkosi.conf.d/10-centos-fedora')
5 files changed, 293 insertions, 0 deletions
diff --git a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.build.chroot b/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.build.chroot new file mode 100755 index 0000000..2c05787 --- /dev/null +++ b/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.build.chroot @@ -0,0 +1,116 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +if ((NO_BUILD)); then + exit 0 +fi + +# shellcheck source=/dev/null +. /usr/lib/os-release + +if [ ! -f "pkg/$ID/systemd.spec" ]; then + echo "spec not found at pkg/$ID/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2 + exit 1 +fi + +if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then + TS="$(git show --no-patch --format=%ct HEAD)" +else + TS="${SOURCE_DATE_EPOCH:-$(date +%s)}" +fi + +if systemd-analyze compare-versions "$(rpm --version | cut -d ' ' -f3)" lt "4.19.91"; then + # Fix the %install override so debuginfo packages are generated even when --build-in-place is used. + # See https://github.com/rpm-software-management/rpm/issues/3042. + tee --append /usr/lib/rpm/redhat/macros <<'EOF' +%install %{?_enable_debug_packages:%{debug_package}}\ +%%install\ +%{nil} +EOF +fi + +VERSION="$(cat meson.version)" +RELEASE="$(date "+%Y%m%d%H%M%S" --date "@$TS")" + +DIST="$(rpm --eval %dist)" +ARCH="$(rpm --eval %_arch)" +SRCDEST="/usr/src/debug/systemd-$VERSION-${RELEASE}${DIST}.$ARCH" + +COMMON_MACRO_OVERRIDES=( + --define "toolchain $( ((LLVM)) && echo clang || echo gcc)" + --define "_fortify_level 0" + --undefine _lto_cflags + # TODO: Remove once redhat-rpm-config 292 is available everywhere. + --define "_hardening_clang_cflags --config=/usr/lib/rpm/redhat/redhat-hardened-clang.cfg" + --define "_hardening_clang_ldflags --config=/usr/lib/rpm/redhat/redhat-hardened-clang-ld.cfg" +) + +# TODO: Drop -U_FORTIFY_SOURCE when we switch to CentOS Stream 10. +MKOSI_CFLAGS="-O0 -Wp,-U_FORTIFY_SOURCE" +if ((WITH_DEBUG)); then + MKOSI_CFLAGS="$MKOSI_CFLAGS -fdebug-prefix-map=../src=$SRCDEST" +fi +if ((LLVM)); then + # TODO: Remove -fno-sanitize-function when https://github.com/systemd/systemd/issues/29972 is fixed. + MKOSI_CFLAGS="$MKOSI_CFLAGS -shared-libasan -fno-sanitize=function" +fi + +MKOSI_LDFLAGS="" +if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then + MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(dirname "$(clang --print-file-name=libclang_rt.asan.so)")" +fi + +MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}" +if ((WIPE)); then + MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe" +fi + +IFS= +# TODO: Replace meson_build and meson_install overrides with "--undefine __meson_verbose" once +# https://github.com/mesonbuild/meson/pull/12835 is available. +# shellcheck disable=SC2046 +env \ +--unset=CFLAGS \ +--unset=CXXFLAGS \ +--unset=LDFLAGS \ +ANNOBIN="no-active-checks" \ +CC_LD="$( ((LLVM)) && echo lld)" \ +CXX_LD="$( ((LLVM)) && echo lld)" \ + rpmbuild \ + -bb \ + --build-in-place \ + --with upstream \ + $( ((WITH_TESTS)) || echo "--nocheck") \ + $( ((WITH_DOCS)) || echo "--without=docs") \ + --define "_topdir /var/tmp" \ + --define "_sourcedir pkg/$ID" \ + --define "_rpmdir $OUTPUTDIR" \ + ${BUILDDIR:+"--define=_vpath_builddir $BUILDDIR"} \ + --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \ + --define "_binary_payload w.ufdio" \ + $( ((WITH_DEBUG)) || echo "--define=debug_package %{nil}") \ + --define "version_override $VERSION" \ + --define "release_override $RELEASE" \ + "${COMMON_MACRO_OVERRIDES[@]}" \ + --define "build_cflags $(rpm "${COMMON_MACRO_OVERRIDES[@]}" --eval "%{?build_cflags}") $MKOSI_CFLAGS $CFLAGS" \ + --define "build_cxxflags $(rpm "${COMMON_MACRO_OVERRIDES[@]}" --eval "%{?build_cxxflags}") $MKOSI_CFLAGS $CFLAGS" \ + --define "build_ldflags $(rpm "${COMMON_MACRO_OVERRIDES[@]}" --eval "%{?build_ldflags}") $MKOSI_LDFLAGS $LDFLAGS" \ + --define "meson_build %{shrink:%{__meson} compile -C %{_vpath_builddir} -j %{_smp_build_ncpus} $( ((MESON_VERBOSE)) && echo --verbose) %{nil}}" \ + --define "meson_install %{shrink:DESTDIR=%{buildroot} %{__meson} install -C %{_vpath_builddir} --no-rebuild --quiet %{nil}}" \ + --define "meson_extra_configure_options $MKOSI_MESON_OPTIONS $MESON_OPTIONS" \ + $( ((WITH_DEBUG)) || echo "--define=__brp_strip %{nil}") \ + --define "__brp_compress %{nil}" \ + --define "__brp_mangle_shebangs %{nil}" \ + --define "__brp_strip_comment_note %{nil}" \ + --define "__brp_strip_static_archive %{nil}" \ + --define "__brp_check_rpaths %{nil}" \ + --define "__elf_exclude_path ^/usr/lib/systemd/tests/unit-tests/.*$" \ + --define "__script_requires %{nil}" \ + --define "_find_debuginfo_dwz_opts %{nil}" \ + --define "_fixperms true" \ + --undefine _package_note_flags \ + --noclean \ + "pkg/$ID/systemd.spec" + +cp "$OUTPUTDIR"/*.rpm "$PACKAGEDIR" diff --git a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf new file mode 100644 index 0000000..6fbd507 --- /dev/null +++ b/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf @@ -0,0 +1,75 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=|centos +Distribution=|fedora + +[Content] +VolatilePackages= + systemd + systemd-boot + systemd-container + systemd-devel + systemd-journal-remote + systemd-networkd + systemd-networkd-defaults + systemd-oomd-defaults + systemd-pam + systemd-resolved + systemd-tests + systemd-udev + systemd-ukify + +Packages= + bind-utils + bpftool + compiler-rt + cryptsetup + device-mapper-event + device-mapper-multipath + dfuzzer + dhcp-server + dnf + git-core + glibc-langpack-de + glibc-langpack-en + gnutls + gnutls-utils + integritysetup + iproute + iproute-tc + iputils + iscsi-initiator-utils + kernel-core + libasan + libcap-ng-utils + libubsan + man-db + netcat + openssh-clients + openssh-server + pam + passwd + policycoreutils + polkit + procps-ng + python3-pexpect + quota + rpm + rpm-build + rpmautospec + sbsigntools + softhsm + squashfs-tools + stress + tpm2-tools + util-linux + veritysetup + vim-common + +InitrdPackages= + tpm2-tools + +InitrdVolatilePackages= + systemd + systemd-udev diff --git a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-debug.conf b/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-debug.conf new file mode 100644 index 0000000..0c3707b --- /dev/null +++ b/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-debug.conf @@ -0,0 +1,17 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Environment=WITH_DEBUG=1 + +[Content] +VolatilePackages= + systemd-container-debuginfo + systemd-debuginfo + systemd-debugsource + systemd-journal-remote-debuginfo + systemd-libs-debuginfo + systemd-networkd-debuginfo + systemd-pam-debuginfo + systemd-resolved-debuginfo + systemd-tests-debuginfo + systemd-udev-debuginfo diff --git a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-selinux.conf b/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-selinux.conf new file mode 100644 index 0000000..9fe5509 --- /dev/null +++ b/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-selinux.conf @@ -0,0 +1,20 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Profile=!particle + +[Content] +# libselinux does not work in the slightest with /usr-only images so don't install the packages if we're +# building a /usr-only image. +Packages= + selinux-policy + selinux-policy-targeted + setools-console + +# We relabel on first boot instead of at build time because it is only possible to label without root +# if the labels exist in the host system, and we want to be able to cross-build to other distributions. +SELinuxRelabel=no + +InitrdPackages= + selinux-policy + selinux-policy-targeted diff --git a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.prepare b/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.prepare new file mode 100755 index 0000000..1b86073 --- /dev/null +++ b/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.prepare @@ -0,0 +1,65 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +if [ "$1" = "build" ] || ((NO_BUILD)); then + exit 0 +fi + +# shellcheck source=/dev/null +. "$BUILDROOT/usr/lib/os-release" + +if [ ! -f "pkg/$ID/systemd.spec" ]; then + echo "spec not found at pkg/$ID/systemd.spec, run mkosi with -ff to make sure the spec is cloned" >&2 + exit 1 +fi + +for DEPS in --requires --buildrequires; do + mkosi-chroot \ + rpmspec \ + --with upstream \ + --query \ + "$DEPS" \ + --define "_topdir /var/tmp" \ + --define "_sourcedir pkg/$ID" \ + "pkg/$ID/systemd.spec" | + grep --invert-match --regexp systemd --regexp /bin/sh --regexp "rpmlib(" --regexp udev --regexp grubby --regexp sdubby | + sort --unique | + tee /tmp/buildrequires | + xargs --delimiter '\n' mkosi-install +done + +# rpmbuild -br tries to build a source package which means all source files have to exist which isn't the +# case when using --build-in-place so we get rid of the source file that doesn't exist to make it happy. +# TODO: Use -bd instead of -br and get rid of this once we don't need to build on CentOS Stream 9 anymore. +sed '/Source0/d' --in-place "pkg/$ID/systemd.spec" + +until mkosi-chroot \ + rpmbuild \ + -br \ + --build-in-place \ + --with upstream \ + --define "_topdir /var/tmp" \ + --define "_sourcedir pkg/$ID" \ + --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \ + "pkg/$ID/systemd.spec" +do + EXIT_STATUS=$? + if [ $EXIT_STATUS -ne 11 ]; then + exit $EXIT_STATUS + fi + + mkosi-chroot \ + rpm \ + --query \ + --package \ + --requires \ + /var/tmp/SRPMS/systemd-*.buildreqs.nosrc.rpm | + grep --invert-match '^rpmlib(' | + sort --unique >/tmp/dynamic-buildrequires + + sort /tmp/buildrequires /tmp/dynamic-buildrequires | + uniq --unique | + tee --append /tmp/buildrequires | + xargs --delimiter '\n' mkosi-install +done |