diff options
Diffstat (limited to 'mkosi.images')
96 files changed, 390 insertions, 1410 deletions
diff --git a/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf.d/x86-64.conf b/mkosi.images/build/mkosi.conf index 615de52..8a67c76 100644 --- a/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf.d/x86-64.conf +++ b/mkosi.images/build/mkosi.conf @@ -1,8 +1,10 @@ # SPDX-License-Identifier: LGPL-2.1-or-later -[Match] -Architecture=x86-64 - [Content] Packages= - linux-image-cloud-amd64 + clang + lld + llvm + +[Output] +Format=none diff --git a/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.build.chroot b/mkosi.images/build/mkosi.conf.d/arch/mkosi.build.chroot index 2c99a67..3ffde85 100755 --- a/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.build.chroot +++ b/mkosi.images/build/mkosi.conf.d/arch/mkosi.build.chroot @@ -2,24 +2,20 @@ # SPDX-License-Identifier: LGPL-2.1-or-later set -e -if ((NO_BUILD)); then - exit 0 -fi - -# shellcheck source=/dev/null -. /usr/lib/os-release - -if [ ! -f "pkg/$ID/PKGBUILD" ]; then - echo "PKGBUILD not found at pkg/$ID/PKGBUILD, run mkosi once with -ff to make sure the PKGBUILD is cloned" >&2 +if [[ ! -f "pkg/$PKG_SUBDIR/PKGBUILD" ]]; then + echo "PKGBUILD not found at pkg/$PKG_SUBDIR/PKGBUILD, run mkosi once with -ff to make sure the PKGBUILD is cloned" >&2 exit 1 fi # We can't configure the source or build directory so we use symlinks instead to make sure they are in the -# expected locations. -ln --symbolic "$SRCDIR" "pkg/$ID/systemd" -ln --symbolic "$BUILDDIR" "pkg/$ID/build" -# Because we run with --noextract we are responsible for making sure the source files appear in src/. -ln --symbolic . "pkg/$ID/src" +# expected locations. Because we run with --noextract we are responsible for making sure the source files +# appear in src/. This means not only the systemd source directory, but also the patches and configuration +# files that are shipped in the packaging repository. To achieve this, instead of symlinking the systemd +# sources and build directory directly into "pkg/$PKG_SUBDIR/src", we symlink them into "pkg/$PKG_SUBDIR" and +# then symlink "pkg/$PKG_SUBDIR" to "pkg/$PKG_SUBDIR/src". +ln --symbolic "$SRCDIR" "pkg/$PKG_SUBDIR/systemd" +ln --symbolic "$BUILDDIR" "pkg/$PKG_SUBDIR/build" +ln --symbolic . "pkg/$PKG_SUBDIR/src" MKOSI_CFLAGS="-O0 -Wp,-U_FORTIFY_SOURCE" if ((LLVM)); then @@ -29,11 +25,11 @@ fi MKOSI_LDFLAGS="" if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then - MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(clang --print-file-name="")lib/linux" + MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(realpath "$(clang --print-runtime-dir)")" fi MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}" -if ((WIPE)); then +if ((WIPE)) && [[ -d "$BUILDDIR/meson-private" ]]; then MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe" fi @@ -65,19 +61,19 @@ EOF # Linting the PKGBUILD takes multiple seconds every build so avoid that by nuking all the linting functions. rm /usr/share/makepkg/lint_pkgbuild/* -if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then +if [[ -d .git/ ]] && [[ -z "$(git status --porcelain)" ]]; then TS="$(git show --no-patch --format=%ct HEAD)" else TS="${SOURCE_DATE_EPOCH:-$(date +%s)}" fi -sed --in-place "pkg/$ID/PKGBUILD" \ +sed --in-place "pkg/$PKG_SUBDIR/PKGBUILD" \ --expression "s/^_tag=.*/_tag=$(cat meson.version)/" \ --expression "s/^pkgrel=.*/pkgrel=$(date "+%Y%m%d%H%M%S" --date "@$TS")/" # We get around makepkg's root check by setting EUID to something else. # shellcheck disable=SC2046 -env --chdir="pkg/$ID" \ +env --chdir="pkg/$PKG_SUBDIR" \ EUID=123 \ makepkg \ --noextract \ @@ -85,7 +81,7 @@ env --chdir="pkg/$ID" \ --force \ _systemd_UPSTREAM=1 \ _systemd_QUIET=$( ((MESON_VERBOSE)); echo $? ) \ - BUILDDIR="$PWD/pkg/$ID" \ + BUILDDIR="$PWD/pkg/$PKG_SUBDIR" \ PKGDEST="$OUTPUTDIR" \ PKGEXT=".pkg.tar" \ MESON_EXTRA_CONFIGURE_OPTIONS="$MKOSI_MESON_OPTIONS $MESON_OPTIONS" diff --git a/mkosi.images/build/mkosi.conf.d/arch/mkosi.conf b/mkosi.images/build/mkosi.conf.d/arch/mkosi.conf new file mode 100644 index 0000000..c071468 --- /dev/null +++ b/mkosi.images/build/mkosi.conf.d/arch/mkosi.conf @@ -0,0 +1,18 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=arch + +[Content] +Environment= + GIT_URL=https://gitlab.archlinux.org/archlinux/packaging/packages/systemd.git + GIT_BRANCH=main + GIT_COMMIT=1d577a62688419ee4af01b847e55845cd9780301 + PKG_SUBDIR=arch + +Packages= + base + base-devel + diffutils + erofs-utils + git diff --git a/mkosi.images/build/mkosi.conf.d/arch/mkosi.prepare b/mkosi.images/build/mkosi.conf.d/arch/mkosi.prepare new file mode 100755 index 0000000..d9e3221 --- /dev/null +++ b/mkosi.images/build/mkosi.conf.d/arch/mkosi.prepare @@ -0,0 +1,18 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +if [[ "$1" == "build" ]]; then + exit 0 +fi + +if [[ ! -f "pkg/$PKG_SUBDIR/PKGBUILD" ]]; then + echo "PKGBUILD not found at pkg/$PKG_SUBDIR/PKGBUILD, run mkosi once with -ff to make sure the PKGBUILD is cloned" >&2 + exit 1 +fi + +# shellcheck source=/dev/null +_systemd_UPSTREAM=1 . "pkg/$PKG_SUBDIR/PKGBUILD" + +# shellcheck disable=SC2154 +mkosi-install "${makedepends[@]}" diff --git a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.build.chroot b/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.build.chroot index 21f1062..466699c 100755 --- a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.build.chroot +++ b/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.build.chroot @@ -2,25 +2,20 @@ # SPDX-License-Identifier: LGPL-2.1-or-later set -e -if ((NO_BUILD)); then - exit 0 -fi - -# shellcheck source=/dev/null -. /usr/lib/os-release +. mkosi.functions -if [ ! -f "pkg/$ID/systemd.spec" ]; then - echo "spec not found at pkg/$ID/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2 +if [[ ! -f "pkg/$PKG_SUBDIR/systemd.spec" ]]; then + echo "spec not found at pkg/$PKG_SUBDIR/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2 exit 1 fi -if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then +if [[ -d .git/ ]] && [[ -z "$(git status --porcelain)" ]]; then TS="$(git show --no-patch --format=%ct HEAD)" else TS="${SOURCE_DATE_EPOCH:-$(date +%s)}" fi -if systemd-analyze compare-versions "$(rpm --version | cut -d ' ' -f3)" lt "4.19.91"; then +if [[ "$(rpm --eval "%{lua:print(rpm.vercmp('$(rpm --version | cut -d ' ' -f3)', '4.19.91'))}")" == "-1" ]]; then # Fix the %install override so debuginfo packages are generated even when --build-in-place is used. # See https://github.com/rpm-software-management/rpm/issues/3042. tee --append /usr/lib/rpm/redhat/macros <<'EOF' @@ -33,10 +28,6 @@ fi VERSION="$(cat meson.version)" RELEASE="$(date "+%Y%m%d%H%M%S" --date "@$TS")" -DIST="$(rpm --eval %dist)" -ARCH="$(rpm --eval %_arch)" -SRCDEST="/usr/src/debug/systemd-$VERSION-${RELEASE}${DIST}.$ARCH" - COMMON_MACRO_OVERRIDES=( --define "toolchain $( ((LLVM)) && echo clang || echo gcc)" --define "_fortify_level 0" @@ -49,7 +40,7 @@ COMMON_MACRO_OVERRIDES=( # TODO: Drop -U_FORTIFY_SOURCE when we switch to CentOS Stream 10. MKOSI_CFLAGS="-O0 -Wp,-U_FORTIFY_SOURCE" if ((WITH_DEBUG)); then - MKOSI_CFLAGS="$MKOSI_CFLAGS -fdebug-prefix-map=../src=$SRCDEST" + MKOSI_CFLAGS="$MKOSI_CFLAGS -fdebug-prefix-map=../src=/usr/src/debug/systemd" fi if ((LLVM)); then # TODO: Remove -fno-sanitize-function when https://github.com/systemd/systemd/issues/29972 is fixed. @@ -58,11 +49,11 @@ fi MKOSI_LDFLAGS="" if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then - MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(dirname "$(clang --print-file-name=libclang_rt.asan.so)")" + MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(realpath "$(clang --print-runtime-dir)")" fi MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}" -if ((WIPE)); then +if ((WIPE)) && [[ -d "$BUILDDIR/meson-private" ]]; then MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe" fi @@ -84,7 +75,7 @@ CXX_LD="$( ((LLVM)) && echo lld)" \ $( ((WITH_TESTS)) || echo "--nocheck") \ $( ((WITH_DOCS)) || echo "--without=docs") \ --define "_topdir /var/tmp" \ - --define "_sourcedir pkg/$ID" \ + --define "_sourcedir pkg/$PKG_SUBDIR" \ --define "_rpmdir $OUTPUTDIR" \ ${BUILDDIR:+"--define=_vpath_builddir $BUILDDIR"} \ --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \ @@ -107,11 +98,12 @@ CXX_LD="$( ((LLVM)) && echo lld)" \ --define "__brp_check_rpaths %{nil}" \ --define "__elf_exclude_path ^/usr/lib/systemd/tests/unit-tests/.*$" \ --define "__script_requires %{nil}" \ + --define "_find_debuginfo_opts --unique-debug-src-base \"%{name}\"" \ --define "_find_debuginfo_dwz_opts %{nil}" \ --define "_fixperms true" \ --undefine _package_note_flags \ --noclean \ - "pkg/$ID/systemd.spec" + "pkg/$PKG_SUBDIR/systemd.spec" ( shopt -s nullglob @@ -120,3 +112,5 @@ CXX_LD="$( ((LLVM)) && echo lld)" \ cp "$OUTPUTDIR"/*.rpm "$PACKAGEDIR" cp "$OUTPUTDIR"/*.rpm "$BUILDDIR" + +make_sysext_unsigned /var/tmp/BUILD/*/BUILDROOT diff --git a/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.conf b/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.conf new file mode 100644 index 0000000..f3afd55 --- /dev/null +++ b/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.conf @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=|centos +Distribution=|fedora + +[Content] +Environment= + GIT_URL=https://src.fedoraproject.org/rpms/systemd.git + GIT_BRANCH=rawhide + GIT_COMMIT=00babccdea1576d96edfdb7ab12958564cc4f1b6 + PKG_SUBDIR=fedora + +Packages= + compiler-rt + git-core + libasan + libubsan + rpm-build diff --git a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.prepare b/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.prepare index 1b86073..6028dc3 100755 --- a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.prepare +++ b/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.prepare @@ -2,37 +2,32 @@ # SPDX-License-Identifier: LGPL-2.1-or-later set -e -if [ "$1" = "build" ] || ((NO_BUILD)); then +if [[ "$1" == "build" ]]; then exit 0 fi -# shellcheck source=/dev/null -. "$BUILDROOT/usr/lib/os-release" - -if [ ! -f "pkg/$ID/systemd.spec" ]; then - echo "spec not found at pkg/$ID/systemd.spec, run mkosi with -ff to make sure the spec is cloned" >&2 +if [[ ! -f "pkg/$PKG_SUBDIR/systemd.spec" ]]; then + echo "spec not found at pkg/$PKG_SUBDIR/systemd.spec, run mkosi with -ff to make sure the spec is cloned" >&2 exit 1 fi -for DEPS in --requires --buildrequires; do - mkosi-chroot \ - rpmspec \ - --with upstream \ - --query \ - "$DEPS" \ - --define "_topdir /var/tmp" \ - --define "_sourcedir pkg/$ID" \ - "pkg/$ID/systemd.spec" | - grep --invert-match --regexp systemd --regexp /bin/sh --regexp "rpmlib(" --regexp udev --regexp grubby --regexp sdubby | - sort --unique | - tee /tmp/buildrequires | - xargs --delimiter '\n' mkosi-install -done +mkosi-chroot \ + rpmspec \ + --with upstream \ + --query \ + --buildrequires \ + --define "_topdir /var/tmp" \ + --define "_sourcedir pkg/$PKG_SUBDIR" \ + "pkg/$PKG_SUBDIR/systemd.spec" | + grep --invert-match --regexp systemd --regexp /bin/sh --regexp "rpmlib(" --regexp udev --regexp grubby --regexp sdubby | + sort --unique | + tee /tmp/buildrequires | + xargs --delimiter '\n' mkosi-install # rpmbuild -br tries to build a source package which means all source files have to exist which isn't the # case when using --build-in-place so we get rid of the source file that doesn't exist to make it happy. # TODO: Use -bd instead of -br and get rid of this once we don't need to build on CentOS Stream 9 anymore. -sed '/Source0/d' --in-place "pkg/$ID/systemd.spec" +sed '/Source0/d' --in-place "pkg/$PKG_SUBDIR/systemd.spec" until mkosi-chroot \ rpmbuild \ @@ -40,12 +35,12 @@ until mkosi-chroot \ --build-in-place \ --with upstream \ --define "_topdir /var/tmp" \ - --define "_sourcedir pkg/$ID" \ + --define "_sourcedir pkg/$PKG_SUBDIR" \ --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \ - "pkg/$ID/systemd.spec" + "pkg/$PKG_SUBDIR/systemd.spec" do EXIT_STATUS=$? - if [ $EXIT_STATUS -ne 11 ]; then + if [[ $EXIT_STATUS -ne 11 ]]; then exit $EXIT_STATUS fi diff --git a/mkosi.images/build/mkosi.conf.d/centos/mkosi.conf b/mkosi.images/build/mkosi.conf.d/centos/mkosi.conf new file mode 100644 index 0000000..f3d19e3 --- /dev/null +++ b/mkosi.images/build/mkosi.conf.d/centos/mkosi.conf @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=centos + +[Content] +Packages= + rsync # TODO: Drop when CentOS Stream 9 CI is removed. + squashfs-tools diff --git a/mkosi.images/build/mkosi.conf.d/centos/mkosi.conf.d/epel-packages.conf b/mkosi.images/build/mkosi.conf.d/centos/mkosi.conf.d/epel-packages.conf new file mode 100644 index 0000000..15849c5 --- /dev/null +++ b/mkosi.images/build/mkosi.conf.d/centos/mkosi.conf.d/epel-packages.conf @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Repositories=epel + +[Content] +Packages= + erofs-utils + rpmautospec-rpm-macros diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.build.chroot b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot index f1eed03..2d50afb 100755 --- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.build.chroot +++ b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot @@ -2,20 +2,13 @@ # SPDX-License-Identifier: LGPL-2.1-or-later set -e -if ((NO_BUILD)); then - exit 0 -fi - -# shellcheck source=/dev/null -. /usr/lib/os-release - -if [ ! -d "pkg/$ID/debian" ]; then - echo "deb rules not found at pkg/$ID/debian, run mkosi once with -ff to make sure the rules are cloned" >&2 +if [[ ! -d "pkg/$PKG_SUBDIR/debian" ]]; then + echo "deb rules not found at pkg/$PKG_SUBDIR/debian, run mkosi once with -ff to make sure the rules are cloned" >&2 exit 1 fi # We transplant the debian/ folder from the deb package sources into the upstream sources. -mount --mkdir --bind "$SRCDIR/pkg/$ID/debian" "$SRCDIR"/debian +mount --mkdir --bind "$SRCDIR/pkg/$PKG_SUBDIR/debian" "$SRCDIR"/debian # We remove the patches so they don't get applied. rm -rf "$SRCDIR"/debian/patches/* @@ -25,7 +18,7 @@ rm -rf "$SRCDIR"/debian/patches/* DEB_HOST_GNU_TYPE="$(dpkg-architecture --query DEB_HOST_GNU_TYPE)" mount --mkdir --bind "$BUILDDIR" "$SRCDIR/obj-$DEB_HOST_GNU_TYPE" -if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then +if [[ -d .git/ ]] && [[ -z "$(git status --porcelain)" ]]; then TS="$(git show --no-patch --format=%ct HEAD)" else TS="${SOURCE_DATE_EPOCH:-$(date +%s)}" @@ -52,11 +45,11 @@ fi MKOSI_LDFLAGS="" if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then - MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(clang --print-file-name="")lib/linux" + MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(realpath "$(clang --print-runtime-dir)")" fi MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}" -if ((WIPE)); then +if ((WIPE)) && [[ -d "$BUILDDIR/meson-private" ]]; then MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe" fi @@ -116,7 +109,7 @@ if ! build; then # by meson install. (cd debian/tmp/ && find . ! -type d ! -path "*dh-exec*" -printf '%P\n') >/tmp/installed-files - if [ -f debian/not-installed ]; then + if [[ -f debian/not-installed ]]; then grep --invert-match "^#" debian/not-installed >>/tmp/installed-files fi @@ -126,7 +119,7 @@ if ! build; then # not in the packaged file. comm -23 /tmp/installed-files /tmp/packaged-files > /tmp/unpackaged-files # If there are no unpackaged files something else went wrong. - if [ ! -s /tmp/unpackaged-files ]; then + if [[ ! -s /tmp/unpackaged-files ]]; then exit 1 fi diff --git a/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf new file mode 100644 index 0000000..132ee1b --- /dev/null +++ b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf @@ -0,0 +1,20 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=|debian +Distribution=|ubuntu + +[Content] +Environment= + GIT_URL=https://salsa.debian.org/systemd-team/systemd.git + GIT_SUBDIR=debian + GIT_BRANCH=ci/v256-stable + GIT_COMMIT=c004a150e78c0453848480485b2e3eb0ac7dff8b + PKG_SUBDIR=debian + +Packages= + apt + erofs-utils + git-core + libclang-rt-dev + dpkg-dev diff --git a/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.prepare b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.prepare new file mode 100755 index 0000000..cec81ec --- /dev/null +++ b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.prepare @@ -0,0 +1,15 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +if [[ "$1" == "build" ]]; then + exit 0 +fi + +if [[ ! -d "pkg/$PKG_SUBDIR/debian" ]]; then + echo "deb rules not found at pkg/$PKG_SUBDIR/debian, run mkosi once with -ff to make sure the rules are cloned" >&2 + exit 1 +fi + +cd "pkg/$PKG_SUBDIR" +DEB_BUILD_PROFILES="pkg.systemd.upstream" apt-get build-dep . diff --git a/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf.d/arm64.conf b/mkosi.images/build/mkosi.conf.d/fedora/mkosi.conf index af923fa..0e02dcb 100644 --- a/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf.d/arm64.conf +++ b/mkosi.images/build/mkosi.conf.d/fedora/mkosi.conf @@ -1,8 +1,9 @@ # SPDX-License-Identifier: LGPL-2.1-or-later [Match] -Architecture=arm64 +Distribution=fedora [Content] Packages= - linux-image-cloud-arm64 + erofs-utils + rpmautospec diff --git a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.build.chroot b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot index 67481d0..a1fb83c 100755 --- a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.build.chroot +++ b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot @@ -2,20 +2,14 @@ # SPDX-License-Identifier: LGPL-2.1-or-later set -e -if ((NO_BUILD)); then - exit 0 -fi - -# shellcheck source=/dev/null -. /usr/lib/os-release -ID="${ID%-*}" +. mkosi.functions -if [ ! -f "pkg/$ID/systemd.spec" ]; then - echo "spec not found at pkg/$ID/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2 +if [[ ! -f "pkg/$PKG_SUBDIR/systemd.spec" ]]; then + echo "spec not found at pkg/$PKG_SUBDIR/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2 exit 1 fi -if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then +if [[ -d .git/ ]] && [[ -z "$(git status --porcelain)" ]]; then TS="$(git show --no-patch --format=%ct HEAD)" else TS="${SOURCE_DATE_EPOCH:-$(date +%s)}" @@ -24,9 +18,9 @@ fi # The openSUSE filelists hardcode the manpage compression extension. This causes rpmbuild errors since we # disable manpage compression as the files cannot be found. Fix the issue by removing the compression # extension. -find "pkg/$ID" -name "files.*" -exec sed --in-place 's/\.gz$//' {} \; +find "pkg/$PKG_SUBDIR" -name "files.*" -exec sed --in-place 's/\.gz$//' {} \; -if systemd-analyze compare-versions "$(rpm --version | cut -d ' ' -f3)" lt "4.20"; then +if [[ "$(rpm --eval "%{lua:print(rpm.vercmp('$(rpm --version | cut -d ' ' -f3)', '4.20'))}")" == "-1" ]]; then # Fix the %install override so debuginfo packages are generated. tee --append /usr/lib/rpm/suse/macros <<'EOF' %install %{debug_package}\ @@ -38,13 +32,9 @@ fi VERSION="$(cat meson.version)" RELEASE="$(date "+%Y%m%d%H%M%S" --date "@$TS")" -DIST="$(rpm --eval %dist)" -ARCH="$(rpm --eval %_arch)" -SRCDEST="/usr/src/debug/systemd-$VERSION-${RELEASE}${DIST}.$ARCH" - MKOSI_CFLAGS="-O0 -Wp,-U_FORTIFY_SOURCE" if ((WITH_DEBUG)); then - MKOSI_CFLAGS="$MKOSI_CFLAGS -fdebug-prefix-map=../src=$SRCDEST" + MKOSI_CFLAGS="$MKOSI_CFLAGS -fdebug-prefix-map=../src=/usr/src/debug/systemd" fi if ((LLVM)); then # TODO: Remove -fno-sanitize-function when https://github.com/systemd/systemd/issues/29972 is fixed. @@ -53,7 +43,7 @@ fi MKOSI_LDFLAGS="$(rpm --eval "%{?build_ldflags}")" if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then - MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(clang --print-file-name="")lib/linux" + MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(realpath "$(clang --print-runtime-dir)")" fi # A macro can't have an empty body and currently opensuse does not specify any of its own linker flags so @@ -63,12 +53,12 @@ if [[ -z "${MKOSI_LDFLAGS// }" ]]; then fi MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}" -if ((WIPE)); then +if ((WIPE)) && [[ -d "$BUILDDIR/meson-private" ]]; then MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe" fi # TODO: Drop when the spec is fixed (either the patch is adapted or not applied when building for upstream). -sed --in-place '/0009-pid1-handle-console-specificities-weirdness-for-s390.patch/d' "pkg/$ID/systemd.spec" +sed --in-place '/0009-pid1-handle-console-specificities-weirdness-for-s390.patch/d' "pkg/$PKG_SUBDIR/systemd.spec" build() { IFS= @@ -87,7 +77,7 @@ build() { --with upstream \ $( ((WITH_TESTS)) || echo "--nocheck") \ --define "_topdir /var/tmp" \ - --define "_sourcedir pkg/$ID" \ + --define "_sourcedir pkg/$PKG_SUBDIR" \ --define "_rpmdir $OUTPUTDIR" \ ${BUILDDIR:+"--define=_vpath_builddir $BUILDDIR"} \ --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \ @@ -106,10 +96,11 @@ build() { --define "__elf_exclude_path ^/usr/lib/systemd/tests/unit-tests/.*$" \ --define "__script_requires %{nil}" \ --define "_find_debuginfo_dwz_opts %{nil}" \ + --define "_find_debuginfo_opts --unique-debug-src-base \"%{name}\"" \ --define "_fixperms true" \ --noclean \ "$@" \ - "pkg/$ID/systemd.spec" + "pkg/$PKG_SUBDIR/systemd.spec" EXIT_STATUS=$? @@ -120,7 +111,7 @@ build() { } if ! build; then - if [ ! -s /tmp/unpackaged-files ]; then + if [[ ! -s /tmp/unpackaged-files ]]; then exit 1 fi @@ -128,7 +119,7 @@ if ! build; then # warnings. rm systemd.lang - grep -v ".debug" /tmp/unpackaged-files >>"pkg/$ID/files.systemd" + grep -v ".debug" /tmp/unpackaged-files >>"pkg/$PKG_SUBDIR/files.systemd" build --noprep --nocheck fi @@ -139,3 +130,5 @@ fi cp "$OUTPUTDIR"/*.rpm "$PACKAGEDIR" cp "$OUTPUTDIR"/*.rpm "$BUILDDIR" + +make_sysext_unsigned /var/tmp/BUILD/*/BUILDROOT diff --git a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf new file mode 100644 index 0000000..1d55a91 --- /dev/null +++ b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf @@ -0,0 +1,18 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=opensuse + +[Content] +Environment= + GIT_URL=https://code.opensuse.org/package/systemd + GIT_BRANCH=master + GIT_COMMIT=6812406e52a474568744c267e7bade1496bb26a5 + PKG_SUBDIR=opensuse + +Packages= + gcc-c++ + erofs-utils + git-core + patterns-base-minimal_base + rpm-build diff --git a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.prepare b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.prepare index c57aa87..24f07fd 100755 --- a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.prepare +++ b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.prepare @@ -2,36 +2,30 @@ # SPDX-License-Identifier: LGPL-2.1-or-later set -e -if [ "$1" = "build" ] || ((NO_BUILD)); then +if [[ "$1" == "build" ]]; then exit 0 fi -# shellcheck source=/dev/null -. "$BUILDROOT/usr/lib/os-release" -ID="${ID%-*}" - -if [ ! -f "pkg/$ID/systemd.spec" ]; then - echo "spec not found at pkg/$ID/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2 +if [[ ! -f "pkg/$PKG_SUBDIR/systemd.spec" ]]; then + echo "spec not found at pkg/$PKG_SUBDIR/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2 exit 1 fi # TODO: Drop when the spec is fixed (either the patch is adapted or not applied when building for upstream). -sed --in-place '/0009-pid1-handle-console-specificities-weirdness-for-s390.patch/d' "pkg/$ID/systemd.spec" +sed --in-place '/0009-pid1-handle-console-specificities-weirdness-for-s390.patch/d' "pkg/$PKG_SUBDIR/systemd.spec" -for DEPS in --requires --buildrequires; do - mkosi-chroot \ - rpmspec \ - --with upstream \ - --query \ - "$DEPS" \ - --define "_topdir /var/tmp" \ - --define "_sourcedir pkg/$ID" \ - "pkg/$ID/systemd.spec" | - grep --invert-match --regexp systemd --regexp /bin/sh --regexp "rpmlib(" --regexp udev | - sort --unique | - tee /tmp/buildrequires | - xargs --delimiter '\n' mkosi-install -done +mkosi-chroot \ + rpmspec \ + --with upstream \ + --query \ + --buildrequires \ + --define "_topdir /var/tmp" \ + --define "_sourcedir pkg/$PKG_SUBDIR" \ + "pkg/$PKG_SUBDIR/systemd.spec" | + grep --invert-match --regexp systemd --regexp /bin/sh --regexp "rpmlib(" --regexp udev | + sort --unique | + tee /tmp/buildrequires | + xargs --delimiter '\n' mkosi-install until mkosi-chroot \ rpmbuild \ @@ -39,12 +33,12 @@ until mkosi-chroot \ --build-in-place \ --with upstream \ --define "_topdir /var/tmp" \ - --define "_sourcedir pkg/$ID" \ + --define "_sourcedir pkg/$PKG_SUBDIR" \ --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \ - "pkg/$ID/systemd.spec" + "pkg/$PKG_SUBDIR/systemd.spec" do EXIT_STATUS=$? - if [ $EXIT_STATUS -ne 11 ]; then + if [[ $EXIT_STATUS -ne 11 ]]; then exit $EXIT_STATUS fi diff --git a/mkosi.images/system/mkosi.sync b/mkosi.images/build/mkosi.sync index d56ddf5..febe893 100755 --- a/mkosi.images/system/mkosi.sync +++ b/mkosi.images/build/mkosi.sync @@ -3,19 +3,22 @@ set -e set -o nounset -if ((${NO_SYNC:-0})); then +if ((${NO_SYNC:-0})) || ((${NO_BUILD:-0})); then exit 0 fi -PKG_SUBDIR="$(realpath --canonicalize-missing "pkg/$DISTRIBUTION" --relative-to "$PWD")" - -if [[ -d "$PKG_SUBDIR/.git" ]]; then - if [[ "$(git -C "$PKG_SUBDIR" rev-parse HEAD)" == "$GIT_COMMIT" ]]; then +if [[ -d "pkg/$PKG_SUBDIR/.git" ]]; then + if [[ "$(git -C "pkg/$PKG_SUBDIR" rev-parse HEAD)" == "$GIT_COMMIT" ]]; then exit 0 fi + if ! git -C "pkg/$PKG_SUBDIR" show-ref --quiet "origin/$GIT_BRANCH"; then + git -C "pkg/$PKG_SUBDIR" remote set-url origin "$GIT_URL" + git -C "pkg/$PKG_SUBDIR" fetch origin "$GIT_BRANCH" + fi + # If work is being done on the packaging rules in a separate branch, don't touch the checkout. - if ! git -C "$PKG_SUBDIR" merge-base --is-ancestor HEAD "origin/$GIT_BRANCH"; then + if ! git -C "pkg/$PKG_SUBDIR" merge-base --is-ancestor HEAD "origin/$GIT_BRANCH"; then EXIT_STATUS=$? if [[ $EXIT_STATUS -eq 1 ]]; then exit 0 @@ -25,7 +28,7 @@ if [[ -d "$PKG_SUBDIR/.git" ]]; then fi fi -if [[ ! -e "$PKG_SUBDIR" ]] || [[ -z "$(ls --almost-all "$PKG_SUBDIR")" ]]; then +if [[ ! -e "pkg/$PKG_SUBDIR" ]] || [[ -z "$(ls --almost-all "pkg/$PKG_SUBDIR")" ]]; then # The repository on Salsa has the full upstream sources, so it's a waste of # space to redownload and duplicate everything, so do a sparse checkout as # we only need the packaging directory anyway. @@ -35,14 +38,14 @@ if [[ ! -e "$PKG_SUBDIR" ]] || [[ -z "$(ls --almost-all "$PKG_SUBDIR")" ]]; then sparse=() fi - git clone "$GIT_URL" --branch "$GIT_BRANCH" "${sparse[@]}" "$PKG_SUBDIR" + git clone "$GIT_URL" --branch "$GIT_BRANCH" "${sparse[@]}" "pkg/$PKG_SUBDIR" if [[ -n "${GIT_SUBDIR:-}" ]]; then # --no-cone is needed to check out only one top-level directory - git -C "$PKG_SUBDIR" sparse-checkout set --no-cone "${GIT_SUBDIR:-}" + git -C "pkg/$PKG_SUBDIR" sparse-checkout set --no-cone "${GIT_SUBDIR:-}" fi else - git -C "$PKG_SUBDIR" remote set-url origin "$GIT_URL" - git -C "$PKG_SUBDIR" fetch origin "$GIT_BRANCH" + git -C "pkg/$PKG_SUBDIR" remote set-url origin "$GIT_URL" + git -C "pkg/$PKG_SUBDIR" fetch origin "$GIT_BRANCH" fi -git -C "$PKG_SUBDIR" -c advice.detachedHead=false checkout "$GIT_COMMIT" +git -C "pkg/$PKG_SUBDIR" -c advice.detachedHead=false checkout "$GIT_COMMIT" diff --git a/mkosi.images/exitrd/mkosi.conf b/mkosi.images/exitrd/mkosi.conf index 2e867cb..28da8a5 100644 --- a/mkosi.images/exitrd/mkosi.conf +++ b/mkosi.images/exitrd/mkosi.conf @@ -1,22 +1,17 @@ # SPDX-License-Identifier: LGPL-2.1-or-later -[Config] -ConfigureScripts= - [Output] Format=directory [Content] Bootable=no -@Locale=C.UTF-8 +Locale=C.UTF-8 WithDocs=no CleanPackageMetadata=yes MakeInitrd=yes -BuildSources= -Packages= -BuildPackages= -VolatilePackages= - Packages= bash + +[Config] +Include=%D/mkosi.sanitizers diff --git a/mkosi.images/exitrd/mkosi.conf.d/10-arch.conf b/mkosi.images/exitrd/mkosi.conf.d/10-arch.conf index c8b1904..b5f3194 100644 --- a/mkosi.images/exitrd/mkosi.conf.d/10-arch.conf +++ b/mkosi.images/exitrd/mkosi.conf.d/10-arch.conf @@ -4,8 +4,9 @@ Distribution=arch [Content] -Packages= +VolatilePackages= systemd + systemd-libs RemoveFiles= # Arch Linux doesn't split their gcc-libs package so we manually remove diff --git a/mkosi.images/exitrd/mkosi.conf.d/10-centos-fedora.conf b/mkosi.images/exitrd/mkosi.conf.d/10-centos-fedora.conf index 8458dee..a1fa32b 100644 --- a/mkosi.images/exitrd/mkosi.conf.d/10-centos-fedora.conf +++ b/mkosi.images/exitrd/mkosi.conf.d/10-centos-fedora.conf @@ -5,5 +5,5 @@ Distribution=|centos Distribution=|fedora [Content] -Packages= +VolatilePackages= systemd-standalone-shutdown diff --git a/mkosi.images/exitrd/mkosi.conf.d/10-debian.conf b/mkosi.images/exitrd/mkosi.conf.d/10-debian.conf index 68b0aa5..6ca310c 100644 --- a/mkosi.images/exitrd/mkosi.conf.d/10-debian.conf +++ b/mkosi.images/exitrd/mkosi.conf.d/10-debian.conf @@ -4,5 +4,5 @@ Distribution=debian [Content] -Packages= +VolatilePackages= systemd-standalone-shutdown diff --git a/mkosi.images/exitrd/mkosi.conf.d/10-opensuse.conf b/mkosi.images/exitrd/mkosi.conf.d/10-opensuse.conf index 3f6df21..5fd6466 100644 --- a/mkosi.images/exitrd/mkosi.conf.d/10-opensuse.conf +++ b/mkosi.images/exitrd/mkosi.conf.d/10-opensuse.conf @@ -5,4 +5,9 @@ Distribution=opensuse [Content] Packages= + patterns-base-minimal_base + +VolatilePackages= + libsystemd0 + libudev1 systemd diff --git a/mkosi.images/exitrd/mkosi.conf.d/10-ubuntu.conf b/mkosi.images/exitrd/mkosi.conf.d/10-ubuntu.conf index ddd68dc..9a7e1d8 100644 --- a/mkosi.images/exitrd/mkosi.conf.d/10-ubuntu.conf +++ b/mkosi.images/exitrd/mkosi.conf.d/10-ubuntu.conf @@ -4,5 +4,8 @@ Distribution=ubuntu [Content] -Packages= +VolatilePackages= + libsystemd-shared + libsystemd0 + libudev1 systemd diff --git a/mkosi.images/exitrd/mkosi.conf.d/20-build.conf b/mkosi.images/exitrd/mkosi.conf.d/20-build.conf new file mode 100644 index 0000000..8c16d9b --- /dev/null +++ b/mkosi.images/exitrd/mkosi.conf.d/20-build.conf @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +# Add a dependency on the build image unless NO_BUILD=1. + +[Match] +Environment=!NO_BUILD=1 + +[Config] +Dependencies=build diff --git a/mkosi.images/initrd/mkosi.conf b/mkosi.images/initrd/mkosi.conf new file mode 100644 index 0000000..3f2c5c7 --- /dev/null +++ b/mkosi.images/initrd/mkosi.conf @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Config] +Include= + mkosi-initrd + %D/mkosi.sanitizers + +[Content] +ExtraTrees= + %D/mkosi.leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions + %D/mkosi.coredump-journal-storage.conf:/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf + +Packages= + findutils + grep + sed diff --git a/mkosi.images/initrd/mkosi.conf.d/arch.conf b/mkosi.images/initrd/mkosi.conf.d/arch.conf new file mode 100644 index 0000000..99e039d --- /dev/null +++ b/mkosi.images/initrd/mkosi.conf.d/arch.conf @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=arch + +[Content] +Packages= + btrfs-progs + tpm2-tools + +VolatilePackages= + systemd + systemd-libs + systemd-sysvcompat diff --git a/mkosi.images/initrd/mkosi.conf.d/build.conf b/mkosi.images/initrd/mkosi.conf.d/build.conf new file mode 100644 index 0000000..8c16d9b --- /dev/null +++ b/mkosi.images/initrd/mkosi.conf.d/build.conf @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +# Add a dependency on the build image unless NO_BUILD=1. + +[Match] +Environment=!NO_BUILD=1 + +[Config] +Dependencies=build diff --git a/mkosi.images/initrd/mkosi.conf.d/centos-fedora.conf b/mkosi.images/initrd/mkosi.conf.d/centos-fedora.conf new file mode 100644 index 0000000..6607dab --- /dev/null +++ b/mkosi.images/initrd/mkosi.conf.d/centos-fedora.conf @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=|centos +Distribution=|fedora + +[Content] +Packages= + tpm2-tools + +VolatilePackages= + systemd + systemd-libs + systemd-udev diff --git a/mkosi.images/initrd/mkosi.conf.d/debian-ubuntu.conf b/mkosi.images/initrd/mkosi.conf.d/debian-ubuntu.conf new file mode 100644 index 0000000..093c1bd --- /dev/null +++ b/mkosi.images/initrd/mkosi.conf.d/debian-ubuntu.conf @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=|debian +Distribution=|ubuntu + +[Content] +Packages= + btrfs-progs + tpm2-tools + +VolatilePackages= + libsystemd-shared + libsystemd0 + libudev1 + systemd + systemd-cryptsetup + systemd-repart + udev diff --git a/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf b/mkosi.images/initrd/mkosi.conf.d/fedora.conf index 50dfa11..634b5a0 100644 --- a/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf +++ b/mkosi.images/initrd/mkosi.conf.d/fedora.conf @@ -1,8 +1,8 @@ # SPDX-License-Identifier: LGPL-2.1-or-later [Match] -Distribution=debian +Distribution=fedora [Content] Packages= - linux-perf + btrfs-progs diff --git a/mkosi.images/initrd/mkosi.conf.d/opensuse.conf b/mkosi.images/initrd/mkosi.conf.d/opensuse.conf new file mode 100644 index 0000000..9f685e6 --- /dev/null +++ b/mkosi.images/initrd/mkosi.conf.d/opensuse.conf @@ -0,0 +1,17 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=opensuse + +[Content] +Packages= + btrfs-progs + kmod + tpm2.0-tools + +VolatilePackages= + libsystemd0 + libudev1 + systemd + udev + systemd-experimental diff --git a/mkosi.images/system/initrd/mkosi.extra/usr/lib/encrypted-var.repart.d/00-root.conf b/mkosi.images/initrd/mkosi.extra/usr/lib/encrypted-var.repart.d/00-root.conf index b252491..b252491 100644 --- a/mkosi.images/system/initrd/mkosi.extra/usr/lib/encrypted-var.repart.d/00-root.conf +++ b/mkosi.images/initrd/mkosi.extra/usr/lib/encrypted-var.repart.d/00-root.conf diff --git a/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/encrypted-var.service b/mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/encrypted-var.service index 54a9b8a..54a9b8a 100644 --- a/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/encrypted-var.service +++ b/mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/encrypted-var.service diff --git a/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/initrd-run-mount.service b/mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/initrd-run-mount.service index 845ac57..845ac57 100644 --- a/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/initrd-run-mount.service +++ b/mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/initrd-run-mount.service diff --git a/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/initrdcred.service b/mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/initrdcred.service index 2c709bc..2c709bc 100644 --- a/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/initrdcred.service +++ b/mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/initrdcred.service diff --git a/mkosi.images/minimal-0/mkosi.conf b/mkosi.images/minimal-0/mkosi.conf index a929fb6..5ef80b8 100644 --- a/mkosi.images/minimal-0/mkosi.conf +++ b/mkosi.images/minimal-0/mkosi.conf @@ -2,10 +2,6 @@ [Config] Dependencies=minimal-base -ConfigureScripts= - -[Distribution] -CacheOnly=always [Output] Format=portable @@ -15,11 +11,3 @@ SplitArtifacts=yes BaseTrees=%O/minimal-base Environment=SYSTEMD_REPART_OVERRIDE_FSTYPE=squashfs Bootable=no - -BuildSources= -Packages= -BuildPackages= -VolatilePackages= - -[Host] -Incremental=no diff --git a/mkosi.images/minimal-1/mkosi.conf b/mkosi.images/minimal-1/mkosi.conf index a929fb6..5ef80b8 100644 --- a/mkosi.images/minimal-1/mkosi.conf +++ b/mkosi.images/minimal-1/mkosi.conf @@ -2,10 +2,6 @@ [Config] Dependencies=minimal-base -ConfigureScripts= - -[Distribution] -CacheOnly=always [Output] Format=portable @@ -15,11 +11,3 @@ SplitArtifacts=yes BaseTrees=%O/minimal-base Environment=SYSTEMD_REPART_OVERRIDE_FSTYPE=squashfs Bootable=no - -BuildSources= -Packages= -BuildPackages= -VolatilePackages= - -[Host] -Incremental=no diff --git a/mkosi.images/minimal-base/mkosi.conf b/mkosi.images/minimal-base/mkosi.conf index 7eb1473..d841f9b 100644 --- a/mkosi.images/minimal-base/mkosi.conf +++ b/mkosi.images/minimal-base/mkosi.conf @@ -1,24 +1,19 @@ # SPDX-License-Identifier: LGPL-2.1-or-later -[Config] -ConfigureScripts= - [Output] Format=directory [Content] Bootable=no -@Locale=C.UTF-8 +Locale=C.UTF-8 WithDocs=no CleanPackageMetadata=yes -BuildSources= -Packages= -BuildPackages= -VolatilePackages= - Packages= bash coreutils grep util-linux + +[Config] +Include=%D/mkosi.sanitizers diff --git a/mkosi.images/minimal-base/mkosi.conf.d/10-arch.conf b/mkosi.images/minimal-base/mkosi.conf.d/10-arch.conf index 9b03397..044199a 100644 --- a/mkosi.images/minimal-base/mkosi.conf.d/10-arch.conf +++ b/mkosi.images/minimal-base/mkosi.conf.d/10-arch.conf @@ -7,7 +7,10 @@ Distribution=arch Packages= inetutils iproute - openbsd-netcat + nmap + +VolatilePackages= + systemd-libs RemoveFiles= # Arch Linux doesn't split their gcc-libs package so we manually remove diff --git a/mkosi.images/minimal-base/mkosi.conf.d/10-centos-fedora.conf b/mkosi.images/minimal-base/mkosi.conf.d/10-centos-fedora.conf index 3a3e528..e9893ad 100644 --- a/mkosi.images/minimal-base/mkosi.conf.d/10-centos-fedora.conf +++ b/mkosi.images/minimal-base/mkosi.conf.d/10-centos-fedora.conf @@ -9,4 +9,7 @@ Packages= hostname iproute iproute-tc - netcat + nmap-ncat + +VolatilePackages= + systemd-libs diff --git a/mkosi.images/minimal-base/mkosi.conf.d/10-debian-ubuntu-opensuse.conf b/mkosi.images/minimal-base/mkosi.conf.d/10-debian-ubuntu.conf index a715ec1..d524ec1 100644 --- a/mkosi.images/minimal-base/mkosi.conf.d/10-debian-ubuntu-opensuse.conf +++ b/mkosi.images/minimal-base/mkosi.conf.d/10-debian-ubuntu.conf @@ -9,4 +9,8 @@ Packages= hostname iproute2 mount - netcat-openbsd + ncat + +VolatilePackages= + libsystemd0 + libudev1 diff --git a/mkosi.images/minimal-base/mkosi.conf.d/10-opensuse.conf b/mkosi.images/minimal-base/mkosi.conf.d/10-opensuse.conf index 2e370ec..9bd40cf 100644 --- a/mkosi.images/minimal-base/mkosi.conf.d/10-opensuse.conf +++ b/mkosi.images/minimal-base/mkosi.conf.d/10-opensuse.conf @@ -7,5 +7,9 @@ Distribution=opensuse Packages= hostname iproute2 - netcat-openbsd + ncat patterns-base-minimal_base + +VolatilePackages= + libsystemd0 + libudev1 diff --git a/mkosi.images/minimal-base/mkosi.conf.d/20-build.conf b/mkosi.images/minimal-base/mkosi.conf.d/20-build.conf new file mode 100644 index 0000000..8c16d9b --- /dev/null +++ b/mkosi.images/minimal-base/mkosi.conf.d/20-build.conf @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +# Add a dependency on the build image unless NO_BUILD=1. + +[Match] +Environment=!NO_BUILD=1 + +[Config] +Dependencies=build diff --git a/mkosi.images/system/coredump-journal-storage.conf b/mkosi.images/system/coredump-journal-storage.conf deleted file mode 100644 index cde9785..0000000 --- a/mkosi.images/system/coredump-journal-storage.conf +++ /dev/null @@ -1,4 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Coredump] -Storage=journal diff --git a/mkosi.images/system/initrd/mkosi.conf b/mkosi.images/system/initrd/mkosi.conf deleted file mode 100644 index ed9bfdc..0000000 --- a/mkosi.images/system/initrd/mkosi.conf +++ /dev/null @@ -1,7 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Content] -PostInstallationScripts=../mkosi.sanitizers.chroot -ExtraTrees= - ../leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions - ../coredump-journal-storage.conf:/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf diff --git a/mkosi.images/system/leak-sanitizer-suppressions b/mkosi.images/system/leak-sanitizer-suppressions deleted file mode 100644 index 639abb8..0000000 --- a/mkosi.images/system/leak-sanitizer-suppressions +++ /dev/null @@ -1 +0,0 @@ -leak:libselinux diff --git a/mkosi.images/system/mkosi.clean b/mkosi.images/system/mkosi.clean deleted file mode 100755 index 64810b7..0000000 --- a/mkosi.images/system/mkosi.clean +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash -set -e -set -o nounset - -rm -f "$OUTPUTDIR"/*.{rpm,deb,pkg.tar} diff --git a/mkosi.images/system/mkosi.conf b/mkosi.images/system/mkosi.conf deleted file mode 100644 index f8a91df..0000000 --- a/mkosi.images/system/mkosi.conf +++ /dev/null @@ -1,78 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Config] -InitrdInclude=initrd/ - -[Output] -RepartDirectories=mkosi.repart - -[Content] -Autologin=yes -ExtraTrees= - %D/mkosi.crt:/usr/lib/verity.d/mkosi.crt # sysext verification key - leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions - coredump-journal-storage.conf:/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf - -PostInstallationScripts=mkosi.sanitizers.chroot - -InitrdPackages= - btrfs-progs - findutils - grep - sed - -Packages= - acl - attr - bash-completion - bpftrace - btrfs-progs - clang - coreutils - curl - diffutils - dnsmasq - dosfstools - e2fsprogs - findutils - gdb - grep - gzip - jq - kbd - kexec-tools - kmod - knot - less - lld - llvm - lvm2 - man - mdadm - mtools - nano - nftables - nvme-cli - opensc - openssl - p11-kit - pciutils - python3 - qrencode - radvd - rsync - sed - socat - strace - systemd - tar - tmux - tree - udev - util-linux - valgrind - which - wireguard-tools - xfsprogs - zsh - zstd diff --git a/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.conf deleted file mode 100644 index 96ae8c8..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.conf +++ /dev/null @@ -1,70 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=arch - -[Content] -Environment= - GIT_URL=https://gitlab.archlinux.org/archlinux/packaging/packages/systemd.git - GIT_BRANCH=main - GIT_COMMIT=d74b24c7c6077740c35a876445febe6d26bf013c - -VolatilePackages= - systemd - systemd-libs - systemd-resolvconf - systemd-sysvcompat - systemd-tests - systemd-ukify - -Packages= - bind - bpf - compiler-rt - compsize - cryptsetup - dbus-broker - dbus-broker-units - debugedit - dhcp - f2fs-tools - fakeroot - git - gnutls - gnutls - iproute - iputils - linux - man-db - multipath-tools - open-iscsi - openbsd-netcat - openssh - openssl - pacman - perf - pkgconf - polkit - procps-ng - psmisc - python-pexpect - python-psutil - quota-tools - sbsigntools - shadow - softhsm - squashfs-tools - stress - tgt - tpm2-tools - tpm2-tss - vim - -InitrdPackages= - compiler-rt - tpm2-tools - -InitrdVolatilePackages= - systemd - systemd-libs - systemd-sysvcompat diff --git a/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.conf.d/10-debug.conf b/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.conf.d/10-debug.conf deleted file mode 100644 index 4a6d2e9..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.conf.d/10-debug.conf +++ /dev/null @@ -1,7 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Environment=WITH_DEBUG=1 - -[Content] -VolatilePackages=systemd-debug diff --git a/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.prepare b/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.prepare deleted file mode 100755 index fd78e81..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.prepare +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e - -if [ "$1" = "build" ] || ((NO_BUILD)); then - exit 0 -fi - -# shellcheck source=/dev/null -. "$BUILDROOT/usr/lib/os-release" - -if [ ! -f "pkg/$ID/PKGBUILD" ]; then - echo "PKGBUILD not found at pkg/$ID/PKGBUILD, run mkosi once with -ff to make sure the PKGBUILD is cloned" >&2 - exit 1 -fi - -# We get depends and optdepends from .SRCINFO as getting them from the PKGBUILD is rather complex. -sed --expression 's/^[ \t]*//' "pkg/$ID/.SRCINFO" | - grep --regexp '^depends =' --regexp '^optdepends =' | - sed --expression 's/^depends = //' --expression 's/^optdepends = //' --expression 's/:.*//' --expression 's/=.*//' | - xargs --delimiter '\n' mkosi-install - -# We get makedepends from the PKGBUILD as .SRCINFO can't encode conditional dependencies depending on -# whether some environment variable is set or not. -# shellcheck source=/dev/null -_systemd_UPSTREAM=1 . "pkg/$ID/PKGBUILD" - -# shellcheck disable=SC2154 -mkosi-install "${makedepends[@]}" diff --git a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf deleted file mode 100644 index f200409..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf +++ /dev/null @@ -1,76 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=|centos -Distribution=|fedora - -[Content] -VolatilePackages= - systemd - systemd-boot - systemd-container - systemd-devel - systemd-journal-remote - systemd-networkd - systemd-networkd-defaults - systemd-oomd-defaults - systemd-pam - systemd-resolved - systemd-tests - systemd-udev - systemd-ukify - -Packages= - bind-utils - bpftool - compiler-rt - cryptsetup - device-mapper-event - device-mapper-multipath - dfuzzer - dhcp-server - dnf - git-core - glibc-langpack-de - glibc-langpack-en - gnutls - gnutls-utils - integritysetup - iproute - iproute-tc - iputils - iscsi-initiator-utils - kernel-core - libasan - libcap-ng-utils - libubsan - man-db - netcat - openssh-clients - openssh-server - pam - passwd - perf - policycoreutils - polkit - procps-ng - python3-pexpect - quota - rpm - rpm-build - rpmautospec - sbsigntools - softhsm - squashfs-tools - stress - tpm2-tools - util-linux - veritysetup - vim-common - -InitrdPackages= - tpm2-tools - -InitrdVolatilePackages= - systemd - systemd-udev diff --git a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-debug.conf b/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-debug.conf deleted file mode 100644 index 0c3707b..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-debug.conf +++ /dev/null @@ -1,17 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Environment=WITH_DEBUG=1 - -[Content] -VolatilePackages= - systemd-container-debuginfo - systemd-debuginfo - systemd-debugsource - systemd-journal-remote-debuginfo - systemd-libs-debuginfo - systemd-networkd-debuginfo - systemd-pam-debuginfo - systemd-resolved-debuginfo - systemd-tests-debuginfo - systemd-udev-debuginfo diff --git a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-selinux.conf b/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-selinux.conf deleted file mode 100644 index 9fe5509..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-selinux.conf +++ /dev/null @@ -1,20 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Profile=!particle - -[Content] -# libselinux does not work in the slightest with /usr-only images so don't install the packages if we're -# building a /usr-only image. -Packages= - selinux-policy - selinux-policy-targeted - setools-console - -# We relabel on first boot instead of at build time because it is only possible to label without root -# if the labels exist in the host system, and we want to be able to cross-build to other distributions. -SELinuxRelabel=no - -InitrdPackages= - selinux-policy - selinux-policy-targeted diff --git a/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.conf deleted file mode 100644 index 25059c2..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.conf +++ /dev/null @@ -1,17 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=centos - -[Content] -Environment= - # The kernel versions in CentOS Stream 9 doesn't support orphan_file, but later versions of - # mkfs.ext4 enabled it by default, so we disable it explicitly. - Environment=SYSTEMD_REPART_MKFS_OPTIONS_EXT4="-O ^orphan_file" - GIT_URL=https://git.centos.org/rpms/systemd.git - GIT_BRANCH=c9s-sig-hyperscale - GIT_COMMIT=8cf2aed0181920611421384f7374720db269d6c7 - -Packages= - kernel-modules # For squashfs - rpmautospec-rpm-macros diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf deleted file mode 100644 index c6b8154..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf +++ /dev/null @@ -1,92 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=|debian -Distribution=|ubuntu - -[Content] -Environment= - GIT_URL=https://salsa.debian.org/systemd-team/systemd.git - GIT_SUBDIR=debian - GIT_BRANCH=ci/v256-stable - GIT_COMMIT=5f07b24c429e854db1afad5f14729804a46a59af - -VolatilePackages= - libnss-myhostname - libnss-mymachines - libnss-resolve - libnss-systemd - libpam-systemd - libsystemd-dev - libudev-dev - systemd - systemd-container - systemd-coredump - systemd-cryptsetup - systemd-dev - systemd-homed - systemd-journal-remote - systemd-oomd - systemd-repart - systemd-resolved - systemd-sysv - systemd-tests - systemd-timesyncd - systemd-ukify - systemd-userdbd - udev - -Packages= - ^libasan[0-9]+$ - ^libtss2-esys-[0-9.]+-0$ - ^libtss2-mu-[0-9.]+-0$ - ^libubsan[0-9]+$ - apt - bind9-dnsutils - cryptsetup-bin - dbus-broker - dbus-user-session - dmsetup - dpkg-dev - f2fs-tools - fdisk - git-core - gnutls-bin - iproute2 - iputils-ping - isc-dhcp-server - libcap-ng-utils - libclang-rt-dev - libtss2-rc0 - libtss2-tcti-device0 - locales - man-db - multipath-tools - netcat-openbsd - open-iscsi - openssh-client - openssh-server - passwd - policykit-1 - procps - psmisc - python3-pexpect - python3-psutil - quota - softhsm2 - squashfs-tools - stress - tgt - tpm2-tools - tzdata - xxd - -InitrdPackages= - libclang-rt-dev - tpm2-tools - -InitrdVolatilePackages= - systemd - systemd-cryptsetup - systemd-repart - udev diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/10-debug.conf b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/10-debug.conf deleted file mode 100644 index 2bb6164..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/10-debug.conf +++ /dev/null @@ -1,29 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Environment=WITH_DEBUG=1 - -[Content] -VolatilePackages= - libnss-myhostname-dbgsym - libnss-mymachines-dbgsym - libnss-resolve-dbgsym - libnss-systemd-dbgsym - libpam-systemd-dbgsym - libsystemd-shared-dbgsym - libsystemd0-dbgsym - libudev1-dbgsym - systemd-boot-dbgsym - systemd-container-dbgsym - systemd-coredump-dbgsym - systemd-cryptsetup-dbgsym - systemd-dbgsym - systemd-homed-dbgsym - systemd-journal-remote-dbgsym - systemd-oomd-dbgsym - systemd-repart-dbgsym - systemd-resolved-dbgsym - systemd-tests-dbgsym - systemd-timesyncd-dbgsym - systemd-userdbd-dbgsym - udev-dbgsym diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf deleted file mode 100644 index 781670a..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf +++ /dev/null @@ -1,16 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later -# sbsigntool exists only on UEFI architectures - -[Match] -Architecture=|x86 -Architecture=|x86-64 -Architecture=|arm -Architecture=|arm64 -Architecture=|riscv32 -Architecture=|riscv64 - -[Content] -Packages= - sbsigntool - systemd-boot - systemd-boot-efi diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf deleted file mode 100644 index 4fb4f46..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf +++ /dev/null @@ -1,7 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Environment=NO_BUILD=1 - -[Content] -WithNetwork=yes diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.postinst b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.postinst deleted file mode 100755 index 314f235..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.postinst +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e - -# By default Suggests are not installed (and often Recommends are disabled too), which means we will miss -# the dlopen optional dependencies, but the tests need them, so parse them from the package metadata and -# install them. This is not an issue when building locally, as the build and runtime images are the same, -# so they would get installed as build dependencies anyway. - -if [ "$1" = "build" ] || ! ((NO_BUILD)); then - exit 0 -fi - -# Query the Recommends and Suggests of all systemd packages, by matching on the version -systemd_version="$(dpkg-query --showformat '${Version}' --show systemd)" -mapfile -t systemd_packages < <( dpkg --list | grep '^ii' | grep "$systemd_version" | awk '{print $2}' | tr '\n' ' ' ) -extra_packages=() -# shellcheck disable=SC2068 -for package in ${systemd_packages[@]}; do - # We are looking for dlopens, so filter for libraries - mapfile -t -O "${#extra_packages[@]}" extra_packages < <(dpkg-query --showformat '${Suggests}' --show "$package" | sed -e "s/, /\n/g" -e "s/|.*//" | grep "lib") - mapfile -t -O "${#extra_packages[@]}" extra_packages < <(dpkg-query --showformat '${Recommends}' --show "$package" | sed -e "s/, /\n/g" -e "s/|.*//" | grep "lib") -done - -if [ "${#extra_packages[@]}" -eq 0 ]; then - exit 0 -fi - -apt install "${extra_packages[@]}" diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.prepare b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.prepare deleted file mode 100755 index 645671a..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.prepare +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e - -if [ "$1" = "build" ] || ((NO_BUILD)); then - exit 0 -fi - -# shellcheck source=/dev/null -. "$BUILDROOT/usr/lib/os-release" - -if [ ! -d "pkg/$ID/debian" ]; then - echo "deb rules not found at pkg/$ID/debian, run mkosi once with -ff to make sure the rules are cloned" >&2 - exit 1 -fi - -cd "pkg/$ID" -DEB_BUILD_PROFILES="pkg.systemd.upstream" apt-get build-dep . diff --git a/mkosi.images/system/mkosi.conf.d/10-fedora/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-fedora/mkosi.conf deleted file mode 100644 index c4617d2..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-fedora/mkosi.conf +++ /dev/null @@ -1,19 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=fedora - -[Content] -Environment= - GIT_URL=https://src.fedoraproject.org/rpms/systemd.git - GIT_BRANCH=rawhide - GIT_COMMIT=f9fe17dbdee7242ccd4fd2858128c8952890bdb8 - -Packages= - compsize - dnf5 - f2fs-tools - scsi-target-utils - # Required for systemd-networkd-tests.py (netdevsim and sch_xxx modules) - kernel-modules-extra - kernel-modules-internal diff --git a/mkosi.images/system/mkosi.conf.d/10-opensuse/initrd/mkosi.postinst b/mkosi.images/system/mkosi.conf.d/10-opensuse/initrd/mkosi.postinst deleted file mode 100755 index 417132f..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-opensuse/initrd/mkosi.postinst +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e - -# OpenSUSE insists on blacklisting erofs by default because its supposedly a legacy filesystem. -# See https://github.com/openSUSE/suse-module-tools/pull/71 -rm -f "$BUILDROOT/usr/lib/modprobe.d/60-blacklist_fs-erofs.conf" diff --git a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf deleted file mode 100644 index e488b2d..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf +++ /dev/null @@ -1,100 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=opensuse - -[Config] -InitrdInclude=initrd/ - -[Content] -Environment= - GIT_URL=https://src.opensuse.org/rpm/systemd - GIT_BRANCH=devel - GIT_COMMIT=23bfa9d83b6e24a5395a704b816a351f3dc5b5316e580cacedd1b5d9e068c117 - -VolatilePackages= - systemd - systemd-boot - systemd-container - systemd-devel - systemd-doc - systemd-experimental - systemd-homed - systemd-lang - systemd-network - systemd-portable - systemd-sysvcompat - systemd-testsuite - udev - -# We install gawk, gzip, grep, xz, sed, rsync and docbook-xsl-stylesheets here explicitly so that the busybox -# versions don't get installed instead. -Packages= - bind-utils - bpftool - cryptsetup - device-mapper - dhcp-server - docbook-xsl-stylesheets - f2fs-tools - gawk - gcc-c++ - git-core - glibc-locale-base - gnutls - grep - group(bin) - group(daemon) - group(games) - group(nobody) - group(root) - gzip - iputils - kernel-default - kmod - libasan8 - libkmod2 - libubsan1 - multipath-tools - open-iscsi - openssh-clients - openssh-server - pam - patterns-base-minimal_base - perf - procps4 - psmisc - python3-pefile - python3-pexpect - python3-psutil - quota - rpm-build - rsync - sbsigntools - sed - shadow - softhsm - squashfs - tgt - timezone - tpm2.0-tools - user(bin) - user(daemon) - user(games) - user(nobody) - user(root) - veritysetup - vim - xz - zypper - -InitrdPackages= - clang - kmod - libkmod2 - tpm2.0-tools - -InitrdVolatilePackages= - systemd - udev - systemd-experimental diff --git a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf.d/10-debug.conf b/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf.d/10-debug.conf deleted file mode 100644 index 6c57d04..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf.d/10-debug.conf +++ /dev/null @@ -1,21 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Environment=WITH_DEBUG=1 - -[Content] -VolatilePackages= - libsystemd0-debuginfo - libudev1-debuginfo - systemd-boot-debuginfo - systemd-container-debuginfo - systemd-debuginfo - systemd-debugsource - systemd-experimental-debuginfo - systemd-homed-debuginfo - systemd-journal-remote-debuginfo - systemd-network-debuginfo - systemd-portable-debuginfo - systemd-sysvcompat-debuginfo - systemd-testsuite-debuginfo - udev-debuginfo diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf deleted file mode 100644 index 86f9736..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf +++ /dev/null @@ -1,10 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=ubuntu - -[Content] -Packages= - linux-image-generic - linux-tools-common - linux-tools-virtual diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf deleted file mode 100644 index 582f038..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf +++ /dev/null @@ -1,10 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later -# The ports Ubuntu archive is for non i386/amd64 repositories - -[Match] -Architecture=!x86-64 -Architecture=!x86 -Release=noble - -[Distribution] -PackageManagerTrees=noble-backports-ports.sources:/etc/apt/sources.list.d/noble-backports-ports.sources diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf deleted file mode 100644 index 7347be9..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf +++ /dev/null @@ -1,10 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later -# The main Ubuntu archive is only for i386/amd64 repositories - -[Match] -Architecture=|x86-64 -Architecture=|x86 -Release=noble - -[Distribution] -PackageManagerTrees=noble-backports.sources:/etc/apt/sources.list.d/noble-backports.sources diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports-ports.sources b/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports-ports.sources deleted file mode 100644 index 5b96dc5..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports-ports.sources +++ /dev/null @@ -1,6 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later -Types: deb -URIs: http://ports.ubuntu.com -Suites: noble-backports -Components: main universe -Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports.sources b/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports.sources deleted file mode 100644 index d10c1e8..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports.sources +++ /dev/null @@ -1,6 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later -Types: deb -URIs: http://archive.ubuntu.com/ubuntu -Suites: noble-backports -Components: main universe -Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg diff --git a/mkosi.images/system/mkosi.conf.d/20-images.conf b/mkosi.images/system/mkosi.conf.d/20-images.conf deleted file mode 100644 index 8641984..0000000 --- a/mkosi.images/system/mkosi.conf.d/20-images.conf +++ /dev/null @@ -1,22 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Format=!none - -[Config] -Dependencies= - exitrd - minimal-base - minimal-0 - minimal-1 - -[Content] -ExtraTrees= - %O/minimal-0.root-%a.raw:/usr/share/minimal_0.raw - %O/minimal-0.root-%a-verity.raw:/usr/share/minimal_0.verity - %O/minimal-0.root-%a-verity-sig.raw:/usr/share/minimal_0.verity.sig - %O/minimal-1.root-%a.raw:/usr/share/minimal_1.raw - %O/minimal-1.root-%a-verity.raw:/usr/share/minimal_1.verity - %O/minimal-1.root-%a-verity-sig.raw:/usr/share/minimal_1.verity.sig - %O/minimal-base:/usr/share/TEST-13-NSPAWN-container-template - %O/exitrd:/exitrd diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.conf deleted file mode 100644 index 8c1920b..0000000 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.conf +++ /dev/null @@ -1,15 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Profile=particle - -[Output] -RepartDirectories= -RepartDirectories=mkosi.repart - -[Validation] -@SecureBoot=yes -@SignExpectedPcr=yes - -[Host] -@RuntimeSize=8G diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/15-swap.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/15-swap.conf deleted file mode 100644 index 3755278..0000000 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/15-swap.conf +++ /dev/null @@ -1,6 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Partition] -Type=swap -SizeMinBytes=100M -SizeMaxBytes=100M diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/20-root.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/20-root.conf deleted file mode 100644 index 2f92af2..0000000 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/20-root.conf +++ /dev/null @@ -1,6 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Partition] -Type=root -Format=btrfs -SizeMinBytes=1G diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf deleted file mode 100644 index dac79ba..0000000 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf +++ /dev/null @@ -1,3 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -C+! /etc - - - - /usr/share/factory/mkosi diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.finalize b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.finalize deleted file mode 100755 index 69f9554..0000000 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.finalize +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e - -mkdir -p "$BUILDROOT"/usr/share/factory/mkosi -cp --archive --recursive --no-target-directory --reflink=auto "$BUILDROOT"/etc "$BUILDROOT"/usr/share/factory/mkosi diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.postinst.chroot b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.postinst.chroot deleted file mode 100755 index 95e0552..0000000 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.postinst.chroot +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e - -# sbsign is not available on CentOS Stream -if command -v sbsign &>/dev/null; then - # Ensure that side-loaded PE addons are loaded if signed, and ignored if not - addons_dir=/efi/loader/addons - mkdir -p "$addons_dir" - ukify build --secureboot-private-key mkosi.key --secureboot-certificate mkosi.crt --cmdline this_should_be_here -o "$addons_dir/good.addon.efi" - ukify build --cmdline this_should_not_be_here -o "$addons_dir/bad.addon.efi" -fi diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/00-esp.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/00-esp.conf deleted file mode 100644 index 391543d..0000000 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/00-esp.conf +++ /dev/null @@ -1,9 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Partition] -Type=esp -Format=vfat -CopyFiles=/boot:/ -CopyFiles=/efi:/ -SizeMinBytes=1G -SizeMaxBytes=1G diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/10-usr.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/10-usr.conf deleted file mode 100644 index 343761d..0000000 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/10-usr.conf +++ /dev/null @@ -1,9 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Partition] -Type=usr -Format=erofs -CopyFiles=/usr:/ -Verity=data -VerityMatchKey=usr -Minimize=yes diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/11-usr-verity.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/11-usr-verity.conf deleted file mode 100644 index b4d45dd..0000000 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/11-usr-verity.conf +++ /dev/null @@ -1,7 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Partition] -Type=usr-verity -Verity=hash -VerityMatchKey=usr -Minimize=yes diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/12-usr-verity-sig.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/12-usr-verity-sig.conf deleted file mode 100644 index 1841d0a..0000000 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/12-usr-verity-sig.conf +++ /dev/null @@ -1,6 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Partition] -Type=usr-verity-sig -Verity=signature -VerityMatchKey=usr diff --git a/mkosi.images/system/mkosi.extra/.autorelabel b/mkosi.images/system/mkosi.extra/.autorelabel deleted file mode 100644 index bd4fba4..0000000 --- a/mkosi.images/system/mkosi.extra/.autorelabel +++ /dev/null @@ -1 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later diff --git a/mkosi.images/system/mkosi.extra/etc/iscsi/iscsid.conf b/mkosi.images/system/mkosi.extra/etc/iscsi/iscsid.conf deleted file mode 100644 index fcf4cd9..0000000 --- a/mkosi.images/system/mkosi.extra/etc/iscsi/iscsid.conf +++ /dev/null @@ -1,3 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -iscsid.startup = /usr/bin/systemctl start iscsid.socket diff --git a/mkosi.images/system/mkosi.extra/etc/issue b/mkosi.images/system/mkosi.extra/etc/issue deleted file mode 100644 index 6aa6fc0..0000000 --- a/mkosi.images/system/mkosi.extra/etc/issue +++ /dev/null @@ -1,2 +0,0 @@ -\S (built from systemd tree) -Kernel \r on an \m (\l) diff --git a/mkosi.images/system/mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf b/mkosi.images/system/mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf deleted file mode 100644 index 657ac72..0000000 --- a/mkosi.images/system/mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf +++ /dev/null @@ -1,4 +0,0 @@ -# Ubuntu since Noble disables unprivileged user namespaces by default, re-enable them as they are needed -# for integration tests -kernel.apparmor_restrict_unprivileged_unconfined = 0 -kernel.apparmor_restrict_unprivileged_userns = 0 diff --git a/mkosi.images/system/mkosi.extra/usr/lib/systemd/journald.conf.d/ratelimit.conf b/mkosi.images/system/mkosi.extra/usr/lib/systemd/journald.conf.d/ratelimit.conf deleted file mode 100644 index 3baede4..0000000 --- a/mkosi.images/system/mkosi.extra/usr/lib/systemd/journald.conf.d/ratelimit.conf +++ /dev/null @@ -1,5 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Journal] -RateLimitIntervalSec=0 -RateLimitBurst=0 diff --git a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system-preset/00-mkosi.preset b/mkosi.images/system/mkosi.extra/usr/lib/systemd/system-preset/00-mkosi.preset deleted file mode 100644 index c364058..0000000 --- a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system-preset/00-mkosi.preset +++ /dev/null @@ -1,41 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -# mkosi adds its own ssh units via the --ssh switch so disable the default ones. -disable ssh.service -disable sshd.service - -# These are started manually in integration tests so don't start them by default. -disable dnsmasq.service -disable isc-dhcp-server.service -disable isc-dhcp-server6.service - -# Pulled in via dracut-network by kexec-tools on Fedora. -disable NetworkManager* - -# Make sure dbus-broker is started by default on Debian/Ubuntu. -enable dbus-broker.service - -# systemd-networkd is disabled by default on Fedora so make sure it is enabled. -enable systemd-networkd.service -enable systemd-networkd-wait-online.service - -# systemd-resolved is disable by default on CentOS so make sure it is enabled. -enable systemd-resolved.service - -# We install dnf in some images but it's only going to be used rarely, -# so let's not have dnf create its cache. -disable dnf-makecache.* - -# We have journald to receive audit data so let's make sure we're not running auditd as well -disable auditd.service - -# systemd-timesyncd is not enabled by default in the default systemd preset so enable it here instead. -enable systemd-timesyncd.service - -# Skipped if selinux is not enabled, required for TEST-06-SELINUX. -enable autorelabel.service - -# Enabled by default on OpenSUSE and not conditioned out in containers, so let's disable these here instead. -disable iscsi.service -disable iscsid.socket -disable iscsiuio.socket diff --git a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system-preset/99-mkosi.preset b/mkosi.images/system/mkosi.extra/usr/lib/systemd/system-preset/99-mkosi.preset deleted file mode 100644 index 710ee7c..0000000 --- a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system-preset/99-mkosi.preset +++ /dev/null @@ -1,4 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -# Make sure that services are disabled by default (primarily for Debian/Ubuntu). -disable * diff --git a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system/iscsi-init.service.d/asan.conf b/mkosi.images/system/mkosi.extra/usr/lib/systemd/system/iscsi-init.service.d/asan.conf deleted file mode 100644 index ebf7899..0000000 --- a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system/iscsi-init.service.d/asan.conf +++ /dev/null @@ -1,7 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -# The iscsi-init.service calls `sh` which might, in certain circumstances, pull in instrumented systemd NSS -# modules causing `sh` to fail. Avoid the issue by setting LD_PRELOAD to load the sanitizer libraries if -# needed. -[Service] -EnvironmentFile=-/usr/lib/systemd/systemd-asan-env diff --git a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system/user@.service.d/99-SYSTEMD_UNIT_PATH.conf b/mkosi.images/system/mkosi.extra/usr/lib/systemd/system/user@.service.d/99-SYSTEMD_UNIT_PATH.conf deleted file mode 100644 index d0093b7..0000000 --- a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system/user@.service.d/99-SYSTEMD_UNIT_PATH.conf +++ /dev/null @@ -1,4 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Service] -PassEnvironment=SYSTEMD_UNIT_PATH diff --git a/mkosi.images/system/mkosi.extra/usr/lib/tmpfiles.d/locale.conf b/mkosi.images/system/mkosi.extra/usr/lib/tmpfiles.d/locale.conf deleted file mode 100644 index e1a8e81..0000000 --- a/mkosi.images/system/mkosi.extra/usr/lib/tmpfiles.d/locale.conf +++ /dev/null @@ -1 +0,0 @@ -L /etc/default/locale - - - - ../locale.conf diff --git a/mkosi.images/system/mkosi.extra/usr/share/dbus-1/system.d/systemd.test.ExecStopPost.conf b/mkosi.images/system/mkosi.extra/usr/share/dbus-1/system.d/systemd.test.ExecStopPost.conf deleted file mode 100644 index ddd36ed..0000000 --- a/mkosi.images/system/mkosi.extra/usr/share/dbus-1/system.d/systemd.test.ExecStopPost.conf +++ /dev/null @@ -1,13 +0,0 @@ -<?xml version="1.0"?> -<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" - "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> - -<!-- - SPDX-License-Identifier: LGPL-2.1-or-later ---> - -<busconfig> - <policy user="root"> - <allow own="systemd.test.ExecStopPost"/> - </policy> -</busconfig> diff --git a/mkosi.images/system/mkosi.postinst.chroot b/mkosi.images/system/mkosi.postinst.chroot deleted file mode 100755 index 4686802..0000000 --- a/mkosi.images/system/mkosi.postinst.chroot +++ /dev/null @@ -1,172 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e -set -o nounset - -useradd --uid 4711 --create-home --user-group testuser - -if command -v authselect >/dev/null; then - # authselect 1.5.0 renamed the minimal profile to the local profile without keeping backwards compat so - # let's use the new name if it exists. - if [ -d /usr/share/authselect/default/local ]; then - PROFILE=local - else - PROFILE=minimal - fi - - authselect select "$PROFILE" - - if authselect list-features "$PROFILE" | grep -q "with-homed"; then - authselect enable-feature with-homed - fi -fi - -# Let tmpfiles.d/systemd-resolve.conf handle the symlink. /etc/resolv.conf might be mounted over so undo that -# if that's the case. -mountpoint -q /etc/resolv.conf && umount /etc/resolv.conf -rm -f /etc/resolv.conf - -for f in "$BUILDROOT"/usr/share/*.verity.sig; do - jq --join-output '.rootHash' "$f" >"${f%.verity.sig}.roothash" -done - -# We want /var/log/journal to be created on first boot so it can be created with the right chattr settings by -# systemd-journald. -rm -r "$BUILDROOT/var/log/journal" - -rm -f /etc/nsswitch.conf -cp "$SRCDIR/factory/etc/nsswitch.conf" /etc/nsswitch.conf - -# Remove to make TEST-73-LOCALE pass on Ubuntu. -rm -f /etc/default/keyboard - -# This is executed inside the chroot so no need to disable any features as the default features will match -# the kernel's supported features. -SYSTEMD_REPART_MKFS_OPTIONS_EXT4="" \ - systemd-repart \ - --empty=create \ - --dry-run=no \ - --size=auto \ - --offline=true \ - --root test/TEST-24-CRYPTSETUP \ - --definitions test/TEST-24-CRYPTSETUP/keydev.repart \ - "$OUTPUTDIR/keydev.raw" - -can_test_pkcs11() { - if ! command -v "softhsm2-util" >/dev/null; then - echo "softhsm2-util not available, skipping the PKCS#11 test" >&2 - return 1 - fi - if ! command -v "pkcs11-tool" >/dev/null; then - echo "pkcs11-tool not available, skipping the PKCS#11 test" >&2 - return 1 - fi - if ! command -v "certtool" >/dev/null; then - echo "certtool not available, skipping the PKCS#11 test" >&2 - return 1 - fi - if ! systemctl --version | grep -q "+P11KIT"; then - echo "Support for p11-kit is disabled, skipping the PKCS#11 test" >&2 - return 1 - fi - if ! systemctl --version | grep -q "+OPENSSL"; then - echo "Support for openssl is disabled, skipping the PKCS#11 test" >&2 - return 1 - fi - if ! systemctl --version | grep -q "+LIBCRYPTSETUP\b"; then - echo "Support for libcryptsetup is disabled, skipping the PKCS#11 test" >&2 - return 1 - fi - if ! systemctl --version | grep -q "+LIBCRYPTSETUP_PLUGINS"; then - echo "Support for libcryptsetup plugins is disabled, skipping the PKCS#11 test" >&2 - return 1 - fi - - return 0 -} - -setup_pkcs11_token() { - echo "Setup PKCS#11 token" >&2 - local P11_MODULE_CONFIGS_DIR P11_MODULE_DIR SOFTHSM_MODULE - - export SOFTHSM2_CONF="/tmp/softhsm2.conf" - mkdir -p /usr/lib/softhsm/tokens/ - cat >$SOFTHSM2_CONF <<EOF -directories.tokendir = /usr/lib/softhsm/tokens/ -objectstore.backend = file -slots.removable = false -slots.mechanisms = ALL -EOF - export GNUTLS_PIN="1234" - export GNUTLS_SO_PIN="12345678" - softhsm2-util --init-token --free --label "TestToken" --pin "$GNUTLS_PIN" --so-pin "$GNUTLS_SO_PIN" - - if ! P11_MODULE_CONFIGS_DIR=$(pkg-config --variable=p11_module_configs p11-kit-1); then - echo "WARNING! Cannot get p11_module_configs from p11-kit-1.pc, assuming /usr/share/p11-kit/modules" >&2 - P11_MODULE_CONFIGS_DIR="/usr/share/p11-kit/modules" - fi - - if ! P11_MODULE_DIR=$(pkg-config --variable=p11_module_path p11-kit-1); then - echo "WARNING! Cannot get p11_module_path from p11-kit-1.pc, assuming /usr/lib/pkcs11" >&2 - P11_MODULE_DIR="/usr/lib/pkcs11" - fi - - SOFTHSM_MODULE=$(grep -F 'module:' "$P11_MODULE_CONFIGS_DIR/softhsm2.module"| cut -d ':' -f 2| xargs) - if [[ "$SOFTHSM_MODULE" =~ ^[^/] ]]; then - SOFTHSM_MODULE="$P11_MODULE_DIR/$SOFTHSM_MODULE" - fi - - # RSA ##################################################### - pkcs11-tool --module "$SOFTHSM_MODULE" --token-label "TestToken" --pin "env:GNUTLS_PIN" --so-pin "env:GNUTLS_SO_PIN" --keypairgen --key-type "RSA:2048" --label "RSATestKey" --usage-decrypt - - certtool --generate-self-signed \ - --load-privkey="pkcs11:token=TestToken;object=RSATestKey;type=private" \ - --load-pubkey="pkcs11:token=TestToken;object=RSATestKey;type=public" \ - --template "test/TEST-24-CRYPTSETUP/template.cfg" \ - --outder --outfile "/tmp/rsa_test.crt" - - pkcs11-tool --module "$SOFTHSM_MODULE" --token-label "TestToken" --pin "env:GNUTLS_PIN" --so-pin "env:GNUTLS_SO_PIN" --write-object "/tmp/rsa_test.crt" --type cert --label "RSATestKey" - rm "/tmp/rsa_test.crt" - - # prime256v1 ############################################## - pkcs11-tool --module "$SOFTHSM_MODULE" --token-label "TestToken" --pin "env:GNUTLS_PIN" --so-pin "env:GNUTLS_SO_PIN" --keypairgen --key-type "EC:prime256v1" --label "ECTestKey" --usage-derive - - certtool --generate-self-signed \ - --load-privkey="pkcs11:token=TestToken;object=ECTestKey;type=private" \ - --load-pubkey="pkcs11:token=TestToken;object=ECTestKey;type=public" \ - --template "test/TEST-24-CRYPTSETUP/template.cfg" \ - --outder --outfile "/tmp/ec_test.crt" - - pkcs11-tool --module "$SOFTHSM_MODULE" --token-label "TestToken" --pin "env:GNUTLS_PIN" --so-pin "env:GNUTLS_SO_PIN" --write-object "/tmp/ec_test.crt" --type cert --label "ECTestKey" - rm "/tmp/ec_test.crt" - - ########################################################### - rm "$SOFTHSM2_CONF" - unset SOFTHSM2_CONF - - cat >/etc/softhsm2.conf <<EOF -directories.tokendir = /usr/lib/softhsm/tokens/ -objectstore.backend = file -slots.removable = false -slots.mechanisms = ALL -log.level = INFO -EOF - - mkdir -p /etc/systemd/system/systemd-cryptsetup@.service.d - cat >/etc/systemd/system/systemd-cryptsetup@.service.d/PKCS11.conf <<EOF -[Unit] -# Make sure we can start systemd-cryptsetup@empty_pkcs11_auto.service many times -StartLimitBurst=10 - -[Service] -Environment="SOFTHSM2_CONF=/etc/softhsm2.conf" -Environment="PIN=$GNUTLS_PIN" -EOF - - unset GNUTLS_PIN - unset GNUTLS_SO_PIN -} - -if can_test_pkcs11; then - setup_pkcs11_token -fi diff --git a/mkosi.images/system/mkosi.repart/00-esp.conf b/mkosi.images/system/mkosi.repart/00-esp.conf deleted file mode 100644 index 391543d..0000000 --- a/mkosi.images/system/mkosi.repart/00-esp.conf +++ /dev/null @@ -1,9 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Partition] -Type=esp -Format=vfat -CopyFiles=/boot:/ -CopyFiles=/efi:/ -SizeMinBytes=1G -SizeMaxBytes=1G diff --git a/mkosi.images/system/mkosi.repart/10-root.conf b/mkosi.images/system/mkosi.repart/10-root.conf deleted file mode 100644 index 3c25dbf..0000000 --- a/mkosi.images/system/mkosi.repart/10-root.conf +++ /dev/null @@ -1,8 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Partition] -Type=root -Format=btrfs -CopyFiles=/ -SizeMinBytes=8G -SizeMaxBytes=8G diff --git a/mkosi.images/system/mkosi.sanitizers.chroot b/mkosi.images/system/mkosi.sanitizers.chroot deleted file mode 100755 index 524e3da..0000000 --- a/mkosi.images/system/mkosi.sanitizers.chroot +++ /dev/null @@ -1,127 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e -set -o nounset - -if [[ -z "${SANITIZERS:-}" ]]; then - exit 0 -fi - -# Sanitizers log to stderr by default. However, journald's stderr is connected to /dev/null, so we lose -# all the sanitizer logs. To rectify that, let's connect journald's stdout to kmsg so that the sanitizer -# failures end up in the journal. -mkdir -p /etc/systemd/system/systemd-journald.service.d -cat >/etc/systemd/system/systemd-journald.service.d/10-stdout-tty.conf <<EOF -[Service] -StandardOutput=kmsg -EOF - -# ASAN and syscall filters aren't compatible with each other. -find /usr /etc -name '*.service' -type f -exec sed -i 's/^\(MemoryDeny\|SystemCall\)/# \1/' {} + - -# 'systemd-hwdb update' takes > 50s when built with sanitizers so let's not run it by default. -systemctl mask systemd-hwdb-update.service - -ASAN_RT_PATH="$(grep libasan.so < <(ldd /usr/lib/systemd/systemd) | cut -d ' ' -f 3)" -if [[ -z "$ASAN_RT_PATH" ]]; then - ASAN_RT_PATH="$(grep libclang_rt.asan < <(ldd /usr/lib/systemd/systemd) | cut -d ' ' -f 3)" - - # As clang's ASan DSO is usually in a non-standard path, let's check if the RUNPATH is set accordingly. - if ldd /usr/lib/systemd/systemd | grep -q "libclang_rt.asan.*not found"; then - echo >&2 "clang's ASan DSO libclang_rt.asan is not present in the runtime library path" - exit 1 - fi -fi -if [[ -z "$ASAN_RT_PATH" ]]; then - echo >&2 "systemd is not linked against the ASan DSO" - echo >&2 "gcc does this by default, for clang compile with -shared-libasan" - exit 1 -fi - -wrap=( - /usr/lib/polkit-1/polkitd - /usr/libexec/polkit-1/polkitd - agetty - btrfs - capsh - chgrp - chown - cryptsetup - curl - dbus-broker-launch - dbus-daemon - delv - dhcpd - dig - dmsetup - dnsmasq - findmnt - getent - getfacl - id - integritysetup - iscsid - kpartx - logger - login - ls - lsblk - lvm - mdadm - mkfs.btrfs - mkfs.erofs - mkfs.ext4 - mkfs.vfat - mkfs.xfs - mksquashfs - mkswap - multipath - multipathd - nvme - p11-kit - pkill - ps - setfacl - setpriv - sshd - stat - su - tar - tgtd - useradd - userdel - veritysetup -) - -for bin in "${wrap[@]}"; do - if ! command -v "$bin" >/dev/null; then - continue - fi - - if [[ "$bin" == getent ]]; then - enable_lsan=1 - else - enable_lsan=0 - fi - - target="$(command -v "$bin")" - - mv "$target" "$target.orig" - - cat >"$target" <<EOF -#!/bin/bash -# Preload the ASan runtime DSO, otherwise ASAn will complain -export LD_PRELOAD="$ASAN_RT_PATH" -# Disable LSan to speed things up, since we don't care about leak reports -# from 'external' binaries -export ASAN_OPTIONS=detect_leaks=$enable_lsan -# Set argv[0] to the original binary name without the ".orig" suffix -exec -a "\$0" -- "${target}.orig" "\$@" -EOF - chmod +x "$target" -done - -cat >/usr/lib/systemd/systemd-asan-env <<EOF -LD_PRELOAD=$ASAN_RT_PATH -LSAN_OPTIONS=detect_leaks=0 -EOF |