summaryrefslogtreecommitdiffstats
path: root/mkosi.images
diff options
context:
space:
mode:
Diffstat (limited to 'mkosi.images')
-rw-r--r--mkosi.images/build/mkosi.conf (renamed from mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf.d/x86-64.conf)10
-rwxr-xr-xmkosi.images/build/mkosi.conf.d/arch/mkosi.build.chroot (renamed from mkosi.images/system/mkosi.conf.d/10-arch/mkosi.build.chroot)36
-rw-r--r--mkosi.images/build/mkosi.conf.d/arch/mkosi.conf18
-rwxr-xr-xmkosi.images/build/mkosi.conf.d/arch/mkosi.prepare18
-rwxr-xr-xmkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.build.chroot (renamed from mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.build.chroot)32
-rw-r--r--mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.conf19
-rwxr-xr-xmkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.prepare (renamed from mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.prepare)43
-rw-r--r--mkosi.images/build/mkosi.conf.d/centos/mkosi.conf9
-rw-r--r--mkosi.images/build/mkosi.conf.d/centos/mkosi.conf.d/epel-packages.conf9
-rwxr-xr-xmkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot (renamed from mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.build.chroot)23
-rw-r--r--mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf20
-rwxr-xr-xmkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.prepare15
-rw-r--r--mkosi.images/build/mkosi.conf.d/fedora/mkosi.conf (renamed from mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf.d/arm64.conf)5
-rwxr-xr-xmkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot (renamed from mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.build.chroot)41
-rw-r--r--mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf18
-rwxr-xr-xmkosi.images/build/mkosi.conf.d/opensuse/mkosi.prepare (renamed from mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.prepare)44
-rwxr-xr-xmkosi.images/build/mkosi.sync (renamed from mkosi.images/system/mkosi.sync)27
-rw-r--r--mkosi.images/exitrd/mkosi.conf13
-rw-r--r--mkosi.images/exitrd/mkosi.conf.d/10-arch.conf3
-rw-r--r--mkosi.images/exitrd/mkosi.conf.d/10-centos-fedora.conf2
-rw-r--r--mkosi.images/exitrd/mkosi.conf.d/10-debian.conf2
-rw-r--r--mkosi.images/exitrd/mkosi.conf.d/10-opensuse.conf5
-rw-r--r--mkosi.images/exitrd/mkosi.conf.d/10-ubuntu.conf5
-rw-r--r--mkosi.images/exitrd/mkosi.conf.d/20-build.conf9
-rw-r--r--mkosi.images/initrd/mkosi.conf16
-rw-r--r--mkosi.images/initrd/mkosi.conf.d/arch.conf14
-rw-r--r--mkosi.images/initrd/mkosi.conf.d/build.conf9
-rw-r--r--mkosi.images/initrd/mkosi.conf.d/centos-fedora.conf14
-rw-r--r--mkosi.images/initrd/mkosi.conf.d/debian-ubuntu.conf19
-rw-r--r--mkosi.images/initrd/mkosi.conf.d/fedora.conf (renamed from mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf)4
-rw-r--r--mkosi.images/initrd/mkosi.conf.d/opensuse.conf17
-rw-r--r--mkosi.images/initrd/mkosi.extra/usr/lib/encrypted-var.repart.d/00-root.conf (renamed from mkosi.images/system/initrd/mkosi.extra/usr/lib/encrypted-var.repart.d/00-root.conf)0
-rw-r--r--mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/encrypted-var.service (renamed from mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/encrypted-var.service)0
-rw-r--r--mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/initrd-run-mount.service (renamed from mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/initrd-run-mount.service)0
-rw-r--r--mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/initrdcred.service (renamed from mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/initrdcred.service)0
-rw-r--r--mkosi.images/minimal-0/mkosi.conf12
-rw-r--r--mkosi.images/minimal-1/mkosi.conf12
-rw-r--r--mkosi.images/minimal-base/mkosi.conf13
-rw-r--r--mkosi.images/minimal-base/mkosi.conf.d/10-arch.conf5
-rw-r--r--mkosi.images/minimal-base/mkosi.conf.d/10-centos-fedora.conf5
-rw-r--r--mkosi.images/minimal-base/mkosi.conf.d/10-debian-ubuntu.conf (renamed from mkosi.images/minimal-base/mkosi.conf.d/10-debian-ubuntu-opensuse.conf)6
-rw-r--r--mkosi.images/minimal-base/mkosi.conf.d/10-opensuse.conf6
-rw-r--r--mkosi.images/minimal-base/mkosi.conf.d/20-build.conf9
-rw-r--r--mkosi.images/system/coredump-journal-storage.conf4
-rw-r--r--mkosi.images/system/initrd/mkosi.conf7
-rw-r--r--mkosi.images/system/leak-sanitizer-suppressions1
-rwxr-xr-xmkosi.images/system/mkosi.clean5
-rw-r--r--mkosi.images/system/mkosi.conf78
-rw-r--r--mkosi.images/system/mkosi.conf.d/10-arch/mkosi.conf70
-rw-r--r--mkosi.images/system/mkosi.conf.d/10-arch/mkosi.conf.d/10-debug.conf7
-rwxr-xr-xmkosi.images/system/mkosi.conf.d/10-arch/mkosi.prepare29
-rw-r--r--mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf76
-rw-r--r--mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-debug.conf17
-rw-r--r--mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-selinux.conf20
-rw-r--r--mkosi.images/system/mkosi.conf.d/10-centos/mkosi.conf17
-rw-r--r--mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf92
-rw-r--r--mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/10-debug.conf29
-rw-r--r--mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf16
-rw-r--r--mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf7
-rwxr-xr-xmkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.postinst29
-rwxr-xr-xmkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.prepare18
-rw-r--r--mkosi.images/system/mkosi.conf.d/10-fedora/mkosi.conf19
-rwxr-xr-xmkosi.images/system/mkosi.conf.d/10-opensuse/initrd/mkosi.postinst7
-rw-r--r--mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf100
-rw-r--r--mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf.d/10-debug.conf21
-rw-r--r--mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf10
-rw-r--r--mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf10
-rw-r--r--mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf10
-rw-r--r--mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports-ports.sources6
-rw-r--r--mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports.sources6
-rw-r--r--mkosi.images/system/mkosi.conf.d/20-images.conf22
-rw-r--r--mkosi.images/system/mkosi.conf.d/20-particle/mkosi.conf15
-rw-r--r--mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/15-swap.conf6
-rw-r--r--mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/20-root.conf6
-rw-r--r--mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf3
-rwxr-xr-xmkosi.images/system/mkosi.conf.d/20-particle/mkosi.finalize6
-rwxr-xr-xmkosi.images/system/mkosi.conf.d/20-particle/mkosi.postinst.chroot12
-rw-r--r--mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/00-esp.conf9
-rw-r--r--mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/10-usr.conf9
-rw-r--r--mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/11-usr-verity.conf7
-rw-r--r--mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/12-usr-verity-sig.conf6
-rw-r--r--mkosi.images/system/mkosi.extra/.autorelabel1
-rw-r--r--mkosi.images/system/mkosi.extra/etc/iscsi/iscsid.conf3
-rw-r--r--mkosi.images/system/mkosi.extra/etc/issue2
-rw-r--r--mkosi.images/system/mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf4
-rw-r--r--mkosi.images/system/mkosi.extra/usr/lib/systemd/journald.conf.d/ratelimit.conf5
-rw-r--r--mkosi.images/system/mkosi.extra/usr/lib/systemd/system-preset/00-mkosi.preset41
-rw-r--r--mkosi.images/system/mkosi.extra/usr/lib/systemd/system-preset/99-mkosi.preset4
-rw-r--r--mkosi.images/system/mkosi.extra/usr/lib/systemd/system/iscsi-init.service.d/asan.conf7
-rw-r--r--mkosi.images/system/mkosi.extra/usr/lib/systemd/system/user@.service.d/99-SYSTEMD_UNIT_PATH.conf4
-rw-r--r--mkosi.images/system/mkosi.extra/usr/lib/tmpfiles.d/locale.conf1
-rw-r--r--mkosi.images/system/mkosi.extra/usr/share/dbus-1/system.d/systemd.test.ExecStopPost.conf13
-rwxr-xr-xmkosi.images/system/mkosi.postinst.chroot172
-rw-r--r--mkosi.images/system/mkosi.repart/00-esp.conf9
-rw-r--r--mkosi.images/system/mkosi.repart/10-root.conf8
-rwxr-xr-xmkosi.images/system/mkosi.sanitizers.chroot127
96 files changed, 390 insertions, 1410 deletions
diff --git a/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf.d/x86-64.conf b/mkosi.images/build/mkosi.conf
index 615de52..8a67c76 100644
--- a/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf.d/x86-64.conf
+++ b/mkosi.images/build/mkosi.conf
@@ -1,8 +1,10 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
-[Match]
-Architecture=x86-64
-
[Content]
Packages=
- linux-image-cloud-amd64
+ clang
+ lld
+ llvm
+
+[Output]
+Format=none
diff --git a/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.build.chroot b/mkosi.images/build/mkosi.conf.d/arch/mkosi.build.chroot
index 2c99a67..3ffde85 100755
--- a/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.build.chroot
+++ b/mkosi.images/build/mkosi.conf.d/arch/mkosi.build.chroot
@@ -2,24 +2,20 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e
-if ((NO_BUILD)); then
- exit 0
-fi
-
-# shellcheck source=/dev/null
-. /usr/lib/os-release
-
-if [ ! -f "pkg/$ID/PKGBUILD" ]; then
- echo "PKGBUILD not found at pkg/$ID/PKGBUILD, run mkosi once with -ff to make sure the PKGBUILD is cloned" >&2
+if [[ ! -f "pkg/$PKG_SUBDIR/PKGBUILD" ]]; then
+ echo "PKGBUILD not found at pkg/$PKG_SUBDIR/PKGBUILD, run mkosi once with -ff to make sure the PKGBUILD is cloned" >&2
exit 1
fi
# We can't configure the source or build directory so we use symlinks instead to make sure they are in the
-# expected locations.
-ln --symbolic "$SRCDIR" "pkg/$ID/systemd"
-ln --symbolic "$BUILDDIR" "pkg/$ID/build"
-# Because we run with --noextract we are responsible for making sure the source files appear in src/.
-ln --symbolic . "pkg/$ID/src"
+# expected locations. Because we run with --noextract we are responsible for making sure the source files
+# appear in src/. This means not only the systemd source directory, but also the patches and configuration
+# files that are shipped in the packaging repository. To achieve this, instead of symlinking the systemd
+# sources and build directory directly into "pkg/$PKG_SUBDIR/src", we symlink them into "pkg/$PKG_SUBDIR" and
+# then symlink "pkg/$PKG_SUBDIR" to "pkg/$PKG_SUBDIR/src".
+ln --symbolic "$SRCDIR" "pkg/$PKG_SUBDIR/systemd"
+ln --symbolic "$BUILDDIR" "pkg/$PKG_SUBDIR/build"
+ln --symbolic . "pkg/$PKG_SUBDIR/src"
MKOSI_CFLAGS="-O0 -Wp,-U_FORTIFY_SOURCE"
if ((LLVM)); then
@@ -29,11 +25,11 @@ fi
MKOSI_LDFLAGS=""
if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then
- MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(clang --print-file-name="")lib/linux"
+ MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(realpath "$(clang --print-runtime-dir)")"
fi
MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}"
-if ((WIPE)); then
+if ((WIPE)) && [[ -d "$BUILDDIR/meson-private" ]]; then
MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe"
fi
@@ -65,19 +61,19 @@ EOF
# Linting the PKGBUILD takes multiple seconds every build so avoid that by nuking all the linting functions.
rm /usr/share/makepkg/lint_pkgbuild/*
-if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then
+if [[ -d .git/ ]] && [[ -z "$(git status --porcelain)" ]]; then
TS="$(git show --no-patch --format=%ct HEAD)"
else
TS="${SOURCE_DATE_EPOCH:-$(date +%s)}"
fi
-sed --in-place "pkg/$ID/PKGBUILD" \
+sed --in-place "pkg/$PKG_SUBDIR/PKGBUILD" \
--expression "s/^_tag=.*/_tag=$(cat meson.version)/" \
--expression "s/^pkgrel=.*/pkgrel=$(date "+%Y%m%d%H%M%S" --date "@$TS")/"
# We get around makepkg's root check by setting EUID to something else.
# shellcheck disable=SC2046
-env --chdir="pkg/$ID" \
+env --chdir="pkg/$PKG_SUBDIR" \
EUID=123 \
makepkg \
--noextract \
@@ -85,7 +81,7 @@ env --chdir="pkg/$ID" \
--force \
_systemd_UPSTREAM=1 \
_systemd_QUIET=$( ((MESON_VERBOSE)); echo $? ) \
- BUILDDIR="$PWD/pkg/$ID" \
+ BUILDDIR="$PWD/pkg/$PKG_SUBDIR" \
PKGDEST="$OUTPUTDIR" \
PKGEXT=".pkg.tar" \
MESON_EXTRA_CONFIGURE_OPTIONS="$MKOSI_MESON_OPTIONS $MESON_OPTIONS"
diff --git a/mkosi.images/build/mkosi.conf.d/arch/mkosi.conf b/mkosi.images/build/mkosi.conf.d/arch/mkosi.conf
new file mode 100644
index 0000000..c071468
--- /dev/null
+++ b/mkosi.images/build/mkosi.conf.d/arch/mkosi.conf
@@ -0,0 +1,18 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+Distribution=arch
+
+[Content]
+Environment=
+ GIT_URL=https://gitlab.archlinux.org/archlinux/packaging/packages/systemd.git
+ GIT_BRANCH=main
+ GIT_COMMIT=1d577a62688419ee4af01b847e55845cd9780301
+ PKG_SUBDIR=arch
+
+Packages=
+ base
+ base-devel
+ diffutils
+ erofs-utils
+ git
diff --git a/mkosi.images/build/mkosi.conf.d/arch/mkosi.prepare b/mkosi.images/build/mkosi.conf.d/arch/mkosi.prepare
new file mode 100755
index 0000000..d9e3221
--- /dev/null
+++ b/mkosi.images/build/mkosi.conf.d/arch/mkosi.prepare
@@ -0,0 +1,18 @@
+#!/bin/bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -e
+
+if [[ "$1" == "build" ]]; then
+ exit 0
+fi
+
+if [[ ! -f "pkg/$PKG_SUBDIR/PKGBUILD" ]]; then
+ echo "PKGBUILD not found at pkg/$PKG_SUBDIR/PKGBUILD, run mkosi once with -ff to make sure the PKGBUILD is cloned" >&2
+ exit 1
+fi
+
+# shellcheck source=/dev/null
+_systemd_UPSTREAM=1 . "pkg/$PKG_SUBDIR/PKGBUILD"
+
+# shellcheck disable=SC2154
+mkosi-install "${makedepends[@]}"
diff --git a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.build.chroot b/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.build.chroot
index 21f1062..466699c 100755
--- a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.build.chroot
+++ b/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.build.chroot
@@ -2,25 +2,20 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e
-if ((NO_BUILD)); then
- exit 0
-fi
-
-# shellcheck source=/dev/null
-. /usr/lib/os-release
+. mkosi.functions
-if [ ! -f "pkg/$ID/systemd.spec" ]; then
- echo "spec not found at pkg/$ID/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2
+if [[ ! -f "pkg/$PKG_SUBDIR/systemd.spec" ]]; then
+ echo "spec not found at pkg/$PKG_SUBDIR/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2
exit 1
fi
-if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then
+if [[ -d .git/ ]] && [[ -z "$(git status --porcelain)" ]]; then
TS="$(git show --no-patch --format=%ct HEAD)"
else
TS="${SOURCE_DATE_EPOCH:-$(date +%s)}"
fi
-if systemd-analyze compare-versions "$(rpm --version | cut -d ' ' -f3)" lt "4.19.91"; then
+if [[ "$(rpm --eval "%{lua:print(rpm.vercmp('$(rpm --version | cut -d ' ' -f3)', '4.19.91'))}")" == "-1" ]]; then
# Fix the %install override so debuginfo packages are generated even when --build-in-place is used.
# See https://github.com/rpm-software-management/rpm/issues/3042.
tee --append /usr/lib/rpm/redhat/macros <<'EOF'
@@ -33,10 +28,6 @@ fi
VERSION="$(cat meson.version)"
RELEASE="$(date "+%Y%m%d%H%M%S" --date "@$TS")"
-DIST="$(rpm --eval %dist)"
-ARCH="$(rpm --eval %_arch)"
-SRCDEST="/usr/src/debug/systemd-$VERSION-${RELEASE}${DIST}.$ARCH"
-
COMMON_MACRO_OVERRIDES=(
--define "toolchain $( ((LLVM)) && echo clang || echo gcc)"
--define "_fortify_level 0"
@@ -49,7 +40,7 @@ COMMON_MACRO_OVERRIDES=(
# TODO: Drop -U_FORTIFY_SOURCE when we switch to CentOS Stream 10.
MKOSI_CFLAGS="-O0 -Wp,-U_FORTIFY_SOURCE"
if ((WITH_DEBUG)); then
- MKOSI_CFLAGS="$MKOSI_CFLAGS -fdebug-prefix-map=../src=$SRCDEST"
+ MKOSI_CFLAGS="$MKOSI_CFLAGS -fdebug-prefix-map=../src=/usr/src/debug/systemd"
fi
if ((LLVM)); then
# TODO: Remove -fno-sanitize-function when https://github.com/systemd/systemd/issues/29972 is fixed.
@@ -58,11 +49,11 @@ fi
MKOSI_LDFLAGS=""
if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then
- MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(dirname "$(clang --print-file-name=libclang_rt.asan.so)")"
+ MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(realpath "$(clang --print-runtime-dir)")"
fi
MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}"
-if ((WIPE)); then
+if ((WIPE)) && [[ -d "$BUILDDIR/meson-private" ]]; then
MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe"
fi
@@ -84,7 +75,7 @@ CXX_LD="$( ((LLVM)) && echo lld)" \
$( ((WITH_TESTS)) || echo "--nocheck") \
$( ((WITH_DOCS)) || echo "--without=docs") \
--define "_topdir /var/tmp" \
- --define "_sourcedir pkg/$ID" \
+ --define "_sourcedir pkg/$PKG_SUBDIR" \
--define "_rpmdir $OUTPUTDIR" \
${BUILDDIR:+"--define=_vpath_builddir $BUILDDIR"} \
--define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \
@@ -107,11 +98,12 @@ CXX_LD="$( ((LLVM)) && echo lld)" \
--define "__brp_check_rpaths %{nil}" \
--define "__elf_exclude_path ^/usr/lib/systemd/tests/unit-tests/.*$" \
--define "__script_requires %{nil}" \
+ --define "_find_debuginfo_opts --unique-debug-src-base \"%{name}\"" \
--define "_find_debuginfo_dwz_opts %{nil}" \
--define "_fixperms true" \
--undefine _package_note_flags \
--noclean \
- "pkg/$ID/systemd.spec"
+ "pkg/$PKG_SUBDIR/systemd.spec"
(
shopt -s nullglob
@@ -120,3 +112,5 @@ CXX_LD="$( ((LLVM)) && echo lld)" \
cp "$OUTPUTDIR"/*.rpm "$PACKAGEDIR"
cp "$OUTPUTDIR"/*.rpm "$BUILDDIR"
+
+make_sysext_unsigned /var/tmp/BUILD/*/BUILDROOT
diff --git a/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.conf b/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.conf
new file mode 100644
index 0000000..f3afd55
--- /dev/null
+++ b/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.conf
@@ -0,0 +1,19 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+Distribution=|centos
+Distribution=|fedora
+
+[Content]
+Environment=
+ GIT_URL=https://src.fedoraproject.org/rpms/systemd.git
+ GIT_BRANCH=rawhide
+ GIT_COMMIT=00babccdea1576d96edfdb7ab12958564cc4f1b6
+ PKG_SUBDIR=fedora
+
+Packages=
+ compiler-rt
+ git-core
+ libasan
+ libubsan
+ rpm-build
diff --git a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.prepare b/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.prepare
index 1b86073..6028dc3 100755
--- a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.prepare
+++ b/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.prepare
@@ -2,37 +2,32 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e
-if [ "$1" = "build" ] || ((NO_BUILD)); then
+if [[ "$1" == "build" ]]; then
exit 0
fi
-# shellcheck source=/dev/null
-. "$BUILDROOT/usr/lib/os-release"
-
-if [ ! -f "pkg/$ID/systemd.spec" ]; then
- echo "spec not found at pkg/$ID/systemd.spec, run mkosi with -ff to make sure the spec is cloned" >&2
+if [[ ! -f "pkg/$PKG_SUBDIR/systemd.spec" ]]; then
+ echo "spec not found at pkg/$PKG_SUBDIR/systemd.spec, run mkosi with -ff to make sure the spec is cloned" >&2
exit 1
fi
-for DEPS in --requires --buildrequires; do
- mkosi-chroot \
- rpmspec \
- --with upstream \
- --query \
- "$DEPS" \
- --define "_topdir /var/tmp" \
- --define "_sourcedir pkg/$ID" \
- "pkg/$ID/systemd.spec" |
- grep --invert-match --regexp systemd --regexp /bin/sh --regexp "rpmlib(" --regexp udev --regexp grubby --regexp sdubby |
- sort --unique |
- tee /tmp/buildrequires |
- xargs --delimiter '\n' mkosi-install
-done
+mkosi-chroot \
+ rpmspec \
+ --with upstream \
+ --query \
+ --buildrequires \
+ --define "_topdir /var/tmp" \
+ --define "_sourcedir pkg/$PKG_SUBDIR" \
+ "pkg/$PKG_SUBDIR/systemd.spec" |
+ grep --invert-match --regexp systemd --regexp /bin/sh --regexp "rpmlib(" --regexp udev --regexp grubby --regexp sdubby |
+ sort --unique |
+ tee /tmp/buildrequires |
+ xargs --delimiter '\n' mkosi-install
# rpmbuild -br tries to build a source package which means all source files have to exist which isn't the
# case when using --build-in-place so we get rid of the source file that doesn't exist to make it happy.
# TODO: Use -bd instead of -br and get rid of this once we don't need to build on CentOS Stream 9 anymore.
-sed '/Source0/d' --in-place "pkg/$ID/systemd.spec"
+sed '/Source0/d' --in-place "pkg/$PKG_SUBDIR/systemd.spec"
until mkosi-chroot \
rpmbuild \
@@ -40,12 +35,12 @@ until mkosi-chroot \
--build-in-place \
--with upstream \
--define "_topdir /var/tmp" \
- --define "_sourcedir pkg/$ID" \
+ --define "_sourcedir pkg/$PKG_SUBDIR" \
--define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \
- "pkg/$ID/systemd.spec"
+ "pkg/$PKG_SUBDIR/systemd.spec"
do
EXIT_STATUS=$?
- if [ $EXIT_STATUS -ne 11 ]; then
+ if [[ $EXIT_STATUS -ne 11 ]]; then
exit $EXIT_STATUS
fi
diff --git a/mkosi.images/build/mkosi.conf.d/centos/mkosi.conf b/mkosi.images/build/mkosi.conf.d/centos/mkosi.conf
new file mode 100644
index 0000000..f3d19e3
--- /dev/null
+++ b/mkosi.images/build/mkosi.conf.d/centos/mkosi.conf
@@ -0,0 +1,9 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+Distribution=centos
+
+[Content]
+Packages=
+ rsync # TODO: Drop when CentOS Stream 9 CI is removed.
+ squashfs-tools
diff --git a/mkosi.images/build/mkosi.conf.d/centos/mkosi.conf.d/epel-packages.conf b/mkosi.images/build/mkosi.conf.d/centos/mkosi.conf.d/epel-packages.conf
new file mode 100644
index 0000000..15849c5
--- /dev/null
+++ b/mkosi.images/build/mkosi.conf.d/centos/mkosi.conf.d/epel-packages.conf
@@ -0,0 +1,9 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+Repositories=epel
+
+[Content]
+Packages=
+ erofs-utils
+ rpmautospec-rpm-macros
diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.build.chroot b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot
index f1eed03..2d50afb 100755
--- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.build.chroot
+++ b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot
@@ -2,20 +2,13 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e
-if ((NO_BUILD)); then
- exit 0
-fi
-
-# shellcheck source=/dev/null
-. /usr/lib/os-release
-
-if [ ! -d "pkg/$ID/debian" ]; then
- echo "deb rules not found at pkg/$ID/debian, run mkosi once with -ff to make sure the rules are cloned" >&2
+if [[ ! -d "pkg/$PKG_SUBDIR/debian" ]]; then
+ echo "deb rules not found at pkg/$PKG_SUBDIR/debian, run mkosi once with -ff to make sure the rules are cloned" >&2
exit 1
fi
# We transplant the debian/ folder from the deb package sources into the upstream sources.
-mount --mkdir --bind "$SRCDIR/pkg/$ID/debian" "$SRCDIR"/debian
+mount --mkdir --bind "$SRCDIR/pkg/$PKG_SUBDIR/debian" "$SRCDIR"/debian
# We remove the patches so they don't get applied.
rm -rf "$SRCDIR"/debian/patches/*
@@ -25,7 +18,7 @@ rm -rf "$SRCDIR"/debian/patches/*
DEB_HOST_GNU_TYPE="$(dpkg-architecture --query DEB_HOST_GNU_TYPE)"
mount --mkdir --bind "$BUILDDIR" "$SRCDIR/obj-$DEB_HOST_GNU_TYPE"
-if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then
+if [[ -d .git/ ]] && [[ -z "$(git status --porcelain)" ]]; then
TS="$(git show --no-patch --format=%ct HEAD)"
else
TS="${SOURCE_DATE_EPOCH:-$(date +%s)}"
@@ -52,11 +45,11 @@ fi
MKOSI_LDFLAGS=""
if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then
- MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(clang --print-file-name="")lib/linux"
+ MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(realpath "$(clang --print-runtime-dir)")"
fi
MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}"
-if ((WIPE)); then
+if ((WIPE)) && [[ -d "$BUILDDIR/meson-private" ]]; then
MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe"
fi
@@ -116,7 +109,7 @@ if ! build; then
# by meson install.
(cd debian/tmp/ && find . ! -type d ! -path "*dh-exec*" -printf '%P\n') >/tmp/installed-files
- if [ -f debian/not-installed ]; then
+ if [[ -f debian/not-installed ]]; then
grep --invert-match "^#" debian/not-installed >>/tmp/installed-files
fi
@@ -126,7 +119,7 @@ if ! build; then
# not in the packaged file.
comm -23 /tmp/installed-files /tmp/packaged-files > /tmp/unpackaged-files
# If there are no unpackaged files something else went wrong.
- if [ ! -s /tmp/unpackaged-files ]; then
+ if [[ ! -s /tmp/unpackaged-files ]]; then
exit 1
fi
diff --git a/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf
new file mode 100644
index 0000000..132ee1b
--- /dev/null
+++ b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf
@@ -0,0 +1,20 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+Distribution=|debian
+Distribution=|ubuntu
+
+[Content]
+Environment=
+ GIT_URL=https://salsa.debian.org/systemd-team/systemd.git
+ GIT_SUBDIR=debian
+ GIT_BRANCH=ci/v256-stable
+ GIT_COMMIT=c004a150e78c0453848480485b2e3eb0ac7dff8b
+ PKG_SUBDIR=debian
+
+Packages=
+ apt
+ erofs-utils
+ git-core
+ libclang-rt-dev
+ dpkg-dev
diff --git a/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.prepare b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.prepare
new file mode 100755
index 0000000..cec81ec
--- /dev/null
+++ b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.prepare
@@ -0,0 +1,15 @@
+#!/bin/bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -e
+
+if [[ "$1" == "build" ]]; then
+ exit 0
+fi
+
+if [[ ! -d "pkg/$PKG_SUBDIR/debian" ]]; then
+ echo "deb rules not found at pkg/$PKG_SUBDIR/debian, run mkosi once with -ff to make sure the rules are cloned" >&2
+ exit 1
+fi
+
+cd "pkg/$PKG_SUBDIR"
+DEB_BUILD_PROFILES="pkg.systemd.upstream" apt-get build-dep .
diff --git a/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf.d/arm64.conf b/mkosi.images/build/mkosi.conf.d/fedora/mkosi.conf
index af923fa..0e02dcb 100644
--- a/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf.d/arm64.conf
+++ b/mkosi.images/build/mkosi.conf.d/fedora/mkosi.conf
@@ -1,8 +1,9 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Match]
-Architecture=arm64
+Distribution=fedora
[Content]
Packages=
- linux-image-cloud-arm64
+ erofs-utils
+ rpmautospec
diff --git a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.build.chroot b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot
index 67481d0..a1fb83c 100755
--- a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.build.chroot
+++ b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot
@@ -2,20 +2,14 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e
-if ((NO_BUILD)); then
- exit 0
-fi
-
-# shellcheck source=/dev/null
-. /usr/lib/os-release
-ID="${ID%-*}"
+. mkosi.functions
-if [ ! -f "pkg/$ID/systemd.spec" ]; then
- echo "spec not found at pkg/$ID/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2
+if [[ ! -f "pkg/$PKG_SUBDIR/systemd.spec" ]]; then
+ echo "spec not found at pkg/$PKG_SUBDIR/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2
exit 1
fi
-if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then
+if [[ -d .git/ ]] && [[ -z "$(git status --porcelain)" ]]; then
TS="$(git show --no-patch --format=%ct HEAD)"
else
TS="${SOURCE_DATE_EPOCH:-$(date +%s)}"
@@ -24,9 +18,9 @@ fi
# The openSUSE filelists hardcode the manpage compression extension. This causes rpmbuild errors since we
# disable manpage compression as the files cannot be found. Fix the issue by removing the compression
# extension.
-find "pkg/$ID" -name "files.*" -exec sed --in-place 's/\.gz$//' {} \;
+find "pkg/$PKG_SUBDIR" -name "files.*" -exec sed --in-place 's/\.gz$//' {} \;
-if systemd-analyze compare-versions "$(rpm --version | cut -d ' ' -f3)" lt "4.20"; then
+if [[ "$(rpm --eval "%{lua:print(rpm.vercmp('$(rpm --version | cut -d ' ' -f3)', '4.20'))}")" == "-1" ]]; then
# Fix the %install override so debuginfo packages are generated.
tee --append /usr/lib/rpm/suse/macros <<'EOF'
%install %{debug_package}\
@@ -38,13 +32,9 @@ fi
VERSION="$(cat meson.version)"
RELEASE="$(date "+%Y%m%d%H%M%S" --date "@$TS")"
-DIST="$(rpm --eval %dist)"
-ARCH="$(rpm --eval %_arch)"
-SRCDEST="/usr/src/debug/systemd-$VERSION-${RELEASE}${DIST}.$ARCH"
-
MKOSI_CFLAGS="-O0 -Wp,-U_FORTIFY_SOURCE"
if ((WITH_DEBUG)); then
- MKOSI_CFLAGS="$MKOSI_CFLAGS -fdebug-prefix-map=../src=$SRCDEST"
+ MKOSI_CFLAGS="$MKOSI_CFLAGS -fdebug-prefix-map=../src=/usr/src/debug/systemd"
fi
if ((LLVM)); then
# TODO: Remove -fno-sanitize-function when https://github.com/systemd/systemd/issues/29972 is fixed.
@@ -53,7 +43,7 @@ fi
MKOSI_LDFLAGS="$(rpm --eval "%{?build_ldflags}")"
if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then
- MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(clang --print-file-name="")lib/linux"
+ MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(realpath "$(clang --print-runtime-dir)")"
fi
# A macro can't have an empty body and currently opensuse does not specify any of its own linker flags so
@@ -63,12 +53,12 @@ if [[ -z "${MKOSI_LDFLAGS// }" ]]; then
fi
MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}"
-if ((WIPE)); then
+if ((WIPE)) && [[ -d "$BUILDDIR/meson-private" ]]; then
MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe"
fi
# TODO: Drop when the spec is fixed (either the patch is adapted or not applied when building for upstream).
-sed --in-place '/0009-pid1-handle-console-specificities-weirdness-for-s390.patch/d' "pkg/$ID/systemd.spec"
+sed --in-place '/0009-pid1-handle-console-specificities-weirdness-for-s390.patch/d' "pkg/$PKG_SUBDIR/systemd.spec"
build() {
IFS=
@@ -87,7 +77,7 @@ build() {
--with upstream \
$( ((WITH_TESTS)) || echo "--nocheck") \
--define "_topdir /var/tmp" \
- --define "_sourcedir pkg/$ID" \
+ --define "_sourcedir pkg/$PKG_SUBDIR" \
--define "_rpmdir $OUTPUTDIR" \
${BUILDDIR:+"--define=_vpath_builddir $BUILDDIR"} \
--define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \
@@ -106,10 +96,11 @@ build() {
--define "__elf_exclude_path ^/usr/lib/systemd/tests/unit-tests/.*$" \
--define "__script_requires %{nil}" \
--define "_find_debuginfo_dwz_opts %{nil}" \
+ --define "_find_debuginfo_opts --unique-debug-src-base \"%{name}\"" \
--define "_fixperms true" \
--noclean \
"$@" \
- "pkg/$ID/systemd.spec"
+ "pkg/$PKG_SUBDIR/systemd.spec"
EXIT_STATUS=$?
@@ -120,7 +111,7 @@ build() {
}
if ! build; then
- if [ ! -s /tmp/unpackaged-files ]; then
+ if [[ ! -s /tmp/unpackaged-files ]]; then
exit 1
fi
@@ -128,7 +119,7 @@ if ! build; then
# warnings.
rm systemd.lang
- grep -v ".debug" /tmp/unpackaged-files >>"pkg/$ID/files.systemd"
+ grep -v ".debug" /tmp/unpackaged-files >>"pkg/$PKG_SUBDIR/files.systemd"
build --noprep --nocheck
fi
@@ -139,3 +130,5 @@ fi
cp "$OUTPUTDIR"/*.rpm "$PACKAGEDIR"
cp "$OUTPUTDIR"/*.rpm "$BUILDDIR"
+
+make_sysext_unsigned /var/tmp/BUILD/*/BUILDROOT
diff --git a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf
new file mode 100644
index 0000000..1d55a91
--- /dev/null
+++ b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf
@@ -0,0 +1,18 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+Distribution=opensuse
+
+[Content]
+Environment=
+ GIT_URL=https://code.opensuse.org/package/systemd
+ GIT_BRANCH=master
+ GIT_COMMIT=6812406e52a474568744c267e7bade1496bb26a5
+ PKG_SUBDIR=opensuse
+
+Packages=
+ gcc-c++
+ erofs-utils
+ git-core
+ patterns-base-minimal_base
+ rpm-build
diff --git a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.prepare b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.prepare
index c57aa87..24f07fd 100755
--- a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.prepare
+++ b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.prepare
@@ -2,36 +2,30 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e
-if [ "$1" = "build" ] || ((NO_BUILD)); then
+if [[ "$1" == "build" ]]; then
exit 0
fi
-# shellcheck source=/dev/null
-. "$BUILDROOT/usr/lib/os-release"
-ID="${ID%-*}"
-
-if [ ! -f "pkg/$ID/systemd.spec" ]; then
- echo "spec not found at pkg/$ID/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2
+if [[ ! -f "pkg/$PKG_SUBDIR/systemd.spec" ]]; then
+ echo "spec not found at pkg/$PKG_SUBDIR/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2
exit 1
fi
# TODO: Drop when the spec is fixed (either the patch is adapted or not applied when building for upstream).
-sed --in-place '/0009-pid1-handle-console-specificities-weirdness-for-s390.patch/d' "pkg/$ID/systemd.spec"
+sed --in-place '/0009-pid1-handle-console-specificities-weirdness-for-s390.patch/d' "pkg/$PKG_SUBDIR/systemd.spec"
-for DEPS in --requires --buildrequires; do
- mkosi-chroot \
- rpmspec \
- --with upstream \
- --query \
- "$DEPS" \
- --define "_topdir /var/tmp" \
- --define "_sourcedir pkg/$ID" \
- "pkg/$ID/systemd.spec" |
- grep --invert-match --regexp systemd --regexp /bin/sh --regexp "rpmlib(" --regexp udev |
- sort --unique |
- tee /tmp/buildrequires |
- xargs --delimiter '\n' mkosi-install
-done
+mkosi-chroot \
+ rpmspec \
+ --with upstream \
+ --query \
+ --buildrequires \
+ --define "_topdir /var/tmp" \
+ --define "_sourcedir pkg/$PKG_SUBDIR" \
+ "pkg/$PKG_SUBDIR/systemd.spec" |
+ grep --invert-match --regexp systemd --regexp /bin/sh --regexp "rpmlib(" --regexp udev |
+ sort --unique |
+ tee /tmp/buildrequires |
+ xargs --delimiter '\n' mkosi-install
until mkosi-chroot \
rpmbuild \
@@ -39,12 +33,12 @@ until mkosi-chroot \
--build-in-place \
--with upstream \
--define "_topdir /var/tmp" \
- --define "_sourcedir pkg/$ID" \
+ --define "_sourcedir pkg/$PKG_SUBDIR" \
--define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \
- "pkg/$ID/systemd.spec"
+ "pkg/$PKG_SUBDIR/systemd.spec"
do
EXIT_STATUS=$?
- if [ $EXIT_STATUS -ne 11 ]; then
+ if [[ $EXIT_STATUS -ne 11 ]]; then
exit $EXIT_STATUS
fi
diff --git a/mkosi.images/system/mkosi.sync b/mkosi.images/build/mkosi.sync
index d56ddf5..febe893 100755
--- a/mkosi.images/system/mkosi.sync
+++ b/mkosi.images/build/mkosi.sync
@@ -3,19 +3,22 @@
set -e
set -o nounset
-if ((${NO_SYNC:-0})); then
+if ((${NO_SYNC:-0})) || ((${NO_BUILD:-0})); then
exit 0
fi
-PKG_SUBDIR="$(realpath --canonicalize-missing "pkg/$DISTRIBUTION" --relative-to "$PWD")"
-
-if [[ -d "$PKG_SUBDIR/.git" ]]; then
- if [[ "$(git -C "$PKG_SUBDIR" rev-parse HEAD)" == "$GIT_COMMIT" ]]; then
+if [[ -d "pkg/$PKG_SUBDIR/.git" ]]; then
+ if [[ "$(git -C "pkg/$PKG_SUBDIR" rev-parse HEAD)" == "$GIT_COMMIT" ]]; then
exit 0
fi
+ if ! git -C "pkg/$PKG_SUBDIR" show-ref --quiet "origin/$GIT_BRANCH"; then
+ git -C "pkg/$PKG_SUBDIR" remote set-url origin "$GIT_URL"
+ git -C "pkg/$PKG_SUBDIR" fetch origin "$GIT_BRANCH"
+ fi
+
# If work is being done on the packaging rules in a separate branch, don't touch the checkout.
- if ! git -C "$PKG_SUBDIR" merge-base --is-ancestor HEAD "origin/$GIT_BRANCH"; then
+ if ! git -C "pkg/$PKG_SUBDIR" merge-base --is-ancestor HEAD "origin/$GIT_BRANCH"; then
EXIT_STATUS=$?
if [[ $EXIT_STATUS -eq 1 ]]; then
exit 0
@@ -25,7 +28,7 @@ if [[ -d "$PKG_SUBDIR/.git" ]]; then
fi
fi
-if [[ ! -e "$PKG_SUBDIR" ]] || [[ -z "$(ls --almost-all "$PKG_SUBDIR")" ]]; then
+if [[ ! -e "pkg/$PKG_SUBDIR" ]] || [[ -z "$(ls --almost-all "pkg/$PKG_SUBDIR")" ]]; then
# The repository on Salsa has the full upstream sources, so it's a waste of
# space to redownload and duplicate everything, so do a sparse checkout as
# we only need the packaging directory anyway.
@@ -35,14 +38,14 @@ if [[ ! -e "$PKG_SUBDIR" ]] || [[ -z "$(ls --almost-all "$PKG_SUBDIR")" ]]; then
sparse=()
fi
- git clone "$GIT_URL" --branch "$GIT_BRANCH" "${sparse[@]}" "$PKG_SUBDIR"
+ git clone "$GIT_URL" --branch "$GIT_BRANCH" "${sparse[@]}" "pkg/$PKG_SUBDIR"
if [[ -n "${GIT_SUBDIR:-}" ]]; then
# --no-cone is needed to check out only one top-level directory
- git -C "$PKG_SUBDIR" sparse-checkout set --no-cone "${GIT_SUBDIR:-}"
+ git -C "pkg/$PKG_SUBDIR" sparse-checkout set --no-cone "${GIT_SUBDIR:-}"
fi
else
- git -C "$PKG_SUBDIR" remote set-url origin "$GIT_URL"
- git -C "$PKG_SUBDIR" fetch origin "$GIT_BRANCH"
+ git -C "pkg/$PKG_SUBDIR" remote set-url origin "$GIT_URL"
+ git -C "pkg/$PKG_SUBDIR" fetch origin "$GIT_BRANCH"
fi
-git -C "$PKG_SUBDIR" -c advice.detachedHead=false checkout "$GIT_COMMIT"
+git -C "pkg/$PKG_SUBDIR" -c advice.detachedHead=false checkout "$GIT_COMMIT"
diff --git a/mkosi.images/exitrd/mkosi.conf b/mkosi.images/exitrd/mkosi.conf
index 2e867cb..28da8a5 100644
--- a/mkosi.images/exitrd/mkosi.conf
+++ b/mkosi.images/exitrd/mkosi.conf
@@ -1,22 +1,17 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
-[Config]
-ConfigureScripts=
-
[Output]
Format=directory
[Content]
Bootable=no
-@Locale=C.UTF-8
+Locale=C.UTF-8
WithDocs=no
CleanPackageMetadata=yes
MakeInitrd=yes
-BuildSources=
-Packages=
-BuildPackages=
-VolatilePackages=
-
Packages=
bash
+
+[Config]
+Include=%D/mkosi.sanitizers
diff --git a/mkosi.images/exitrd/mkosi.conf.d/10-arch.conf b/mkosi.images/exitrd/mkosi.conf.d/10-arch.conf
index c8b1904..b5f3194 100644
--- a/mkosi.images/exitrd/mkosi.conf.d/10-arch.conf
+++ b/mkosi.images/exitrd/mkosi.conf.d/10-arch.conf
@@ -4,8 +4,9 @@
Distribution=arch
[Content]
-Packages=
+VolatilePackages=
systemd
+ systemd-libs
RemoveFiles=
# Arch Linux doesn't split their gcc-libs package so we manually remove
diff --git a/mkosi.images/exitrd/mkosi.conf.d/10-centos-fedora.conf b/mkosi.images/exitrd/mkosi.conf.d/10-centos-fedora.conf
index 8458dee..a1fa32b 100644
--- a/mkosi.images/exitrd/mkosi.conf.d/10-centos-fedora.conf
+++ b/mkosi.images/exitrd/mkosi.conf.d/10-centos-fedora.conf
@@ -5,5 +5,5 @@ Distribution=|centos
Distribution=|fedora
[Content]
-Packages=
+VolatilePackages=
systemd-standalone-shutdown
diff --git a/mkosi.images/exitrd/mkosi.conf.d/10-debian.conf b/mkosi.images/exitrd/mkosi.conf.d/10-debian.conf
index 68b0aa5..6ca310c 100644
--- a/mkosi.images/exitrd/mkosi.conf.d/10-debian.conf
+++ b/mkosi.images/exitrd/mkosi.conf.d/10-debian.conf
@@ -4,5 +4,5 @@
Distribution=debian
[Content]
-Packages=
+VolatilePackages=
systemd-standalone-shutdown
diff --git a/mkosi.images/exitrd/mkosi.conf.d/10-opensuse.conf b/mkosi.images/exitrd/mkosi.conf.d/10-opensuse.conf
index 3f6df21..5fd6466 100644
--- a/mkosi.images/exitrd/mkosi.conf.d/10-opensuse.conf
+++ b/mkosi.images/exitrd/mkosi.conf.d/10-opensuse.conf
@@ -5,4 +5,9 @@ Distribution=opensuse
[Content]
Packages=
+ patterns-base-minimal_base
+
+VolatilePackages=
+ libsystemd0
+ libudev1
systemd
diff --git a/mkosi.images/exitrd/mkosi.conf.d/10-ubuntu.conf b/mkosi.images/exitrd/mkosi.conf.d/10-ubuntu.conf
index ddd68dc..9a7e1d8 100644
--- a/mkosi.images/exitrd/mkosi.conf.d/10-ubuntu.conf
+++ b/mkosi.images/exitrd/mkosi.conf.d/10-ubuntu.conf
@@ -4,5 +4,8 @@
Distribution=ubuntu
[Content]
-Packages=
+VolatilePackages=
+ libsystemd-shared
+ libsystemd0
+ libudev1
systemd
diff --git a/mkosi.images/exitrd/mkosi.conf.d/20-build.conf b/mkosi.images/exitrd/mkosi.conf.d/20-build.conf
new file mode 100644
index 0000000..8c16d9b
--- /dev/null
+++ b/mkosi.images/exitrd/mkosi.conf.d/20-build.conf
@@ -0,0 +1,9 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+# Add a dependency on the build image unless NO_BUILD=1.
+
+[Match]
+Environment=!NO_BUILD=1
+
+[Config]
+Dependencies=build
diff --git a/mkosi.images/initrd/mkosi.conf b/mkosi.images/initrd/mkosi.conf
new file mode 100644
index 0000000..3f2c5c7
--- /dev/null
+++ b/mkosi.images/initrd/mkosi.conf
@@ -0,0 +1,16 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Config]
+Include=
+ mkosi-initrd
+ %D/mkosi.sanitizers
+
+[Content]
+ExtraTrees=
+ %D/mkosi.leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions
+ %D/mkosi.coredump-journal-storage.conf:/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf
+
+Packages=
+ findutils
+ grep
+ sed
diff --git a/mkosi.images/initrd/mkosi.conf.d/arch.conf b/mkosi.images/initrd/mkosi.conf.d/arch.conf
new file mode 100644
index 0000000..99e039d
--- /dev/null
+++ b/mkosi.images/initrd/mkosi.conf.d/arch.conf
@@ -0,0 +1,14 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+Distribution=arch
+
+[Content]
+Packages=
+ btrfs-progs
+ tpm2-tools
+
+VolatilePackages=
+ systemd
+ systemd-libs
+ systemd-sysvcompat
diff --git a/mkosi.images/initrd/mkosi.conf.d/build.conf b/mkosi.images/initrd/mkosi.conf.d/build.conf
new file mode 100644
index 0000000..8c16d9b
--- /dev/null
+++ b/mkosi.images/initrd/mkosi.conf.d/build.conf
@@ -0,0 +1,9 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+# Add a dependency on the build image unless NO_BUILD=1.
+
+[Match]
+Environment=!NO_BUILD=1
+
+[Config]
+Dependencies=build
diff --git a/mkosi.images/initrd/mkosi.conf.d/centos-fedora.conf b/mkosi.images/initrd/mkosi.conf.d/centos-fedora.conf
new file mode 100644
index 0000000..6607dab
--- /dev/null
+++ b/mkosi.images/initrd/mkosi.conf.d/centos-fedora.conf
@@ -0,0 +1,14 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+Distribution=|centos
+Distribution=|fedora
+
+[Content]
+Packages=
+ tpm2-tools
+
+VolatilePackages=
+ systemd
+ systemd-libs
+ systemd-udev
diff --git a/mkosi.images/initrd/mkosi.conf.d/debian-ubuntu.conf b/mkosi.images/initrd/mkosi.conf.d/debian-ubuntu.conf
new file mode 100644
index 0000000..093c1bd
--- /dev/null
+++ b/mkosi.images/initrd/mkosi.conf.d/debian-ubuntu.conf
@@ -0,0 +1,19 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+Distribution=|debian
+Distribution=|ubuntu
+
+[Content]
+Packages=
+ btrfs-progs
+ tpm2-tools
+
+VolatilePackages=
+ libsystemd-shared
+ libsystemd0
+ libudev1
+ systemd
+ systemd-cryptsetup
+ systemd-repart
+ udev
diff --git a/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf b/mkosi.images/initrd/mkosi.conf.d/fedora.conf
index 50dfa11..634b5a0 100644
--- a/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf
+++ b/mkosi.images/initrd/mkosi.conf.d/fedora.conf
@@ -1,8 +1,8 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Match]
-Distribution=debian
+Distribution=fedora
[Content]
Packages=
- linux-perf
+ btrfs-progs
diff --git a/mkosi.images/initrd/mkosi.conf.d/opensuse.conf b/mkosi.images/initrd/mkosi.conf.d/opensuse.conf
new file mode 100644
index 0000000..9f685e6
--- /dev/null
+++ b/mkosi.images/initrd/mkosi.conf.d/opensuse.conf
@@ -0,0 +1,17 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+Distribution=opensuse
+
+[Content]
+Packages=
+ btrfs-progs
+ kmod
+ tpm2.0-tools
+
+VolatilePackages=
+ libsystemd0
+ libudev1
+ systemd
+ udev
+ systemd-experimental
diff --git a/mkosi.images/system/initrd/mkosi.extra/usr/lib/encrypted-var.repart.d/00-root.conf b/mkosi.images/initrd/mkosi.extra/usr/lib/encrypted-var.repart.d/00-root.conf
index b252491..b252491 100644
--- a/mkosi.images/system/initrd/mkosi.extra/usr/lib/encrypted-var.repart.d/00-root.conf
+++ b/mkosi.images/initrd/mkosi.extra/usr/lib/encrypted-var.repart.d/00-root.conf
diff --git a/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/encrypted-var.service b/mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/encrypted-var.service
index 54a9b8a..54a9b8a 100644
--- a/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/encrypted-var.service
+++ b/mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/encrypted-var.service
diff --git a/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/initrd-run-mount.service b/mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/initrd-run-mount.service
index 845ac57..845ac57 100644
--- a/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/initrd-run-mount.service
+++ b/mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/initrd-run-mount.service
diff --git a/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/initrdcred.service b/mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/initrdcred.service
index 2c709bc..2c709bc 100644
--- a/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/initrdcred.service
+++ b/mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/initrdcred.service
diff --git a/mkosi.images/minimal-0/mkosi.conf b/mkosi.images/minimal-0/mkosi.conf
index a929fb6..5ef80b8 100644
--- a/mkosi.images/minimal-0/mkosi.conf
+++ b/mkosi.images/minimal-0/mkosi.conf
@@ -2,10 +2,6 @@
[Config]
Dependencies=minimal-base
-ConfigureScripts=
-
-[Distribution]
-CacheOnly=always
[Output]
Format=portable
@@ -15,11 +11,3 @@ SplitArtifacts=yes
BaseTrees=%O/minimal-base
Environment=SYSTEMD_REPART_OVERRIDE_FSTYPE=squashfs
Bootable=no
-
-BuildSources=
-Packages=
-BuildPackages=
-VolatilePackages=
-
-[Host]
-Incremental=no
diff --git a/mkosi.images/minimal-1/mkosi.conf b/mkosi.images/minimal-1/mkosi.conf
index a929fb6..5ef80b8 100644
--- a/mkosi.images/minimal-1/mkosi.conf
+++ b/mkosi.images/minimal-1/mkosi.conf
@@ -2,10 +2,6 @@
[Config]
Dependencies=minimal-base
-ConfigureScripts=
-
-[Distribution]
-CacheOnly=always
[Output]
Format=portable
@@ -15,11 +11,3 @@ SplitArtifacts=yes
BaseTrees=%O/minimal-base
Environment=SYSTEMD_REPART_OVERRIDE_FSTYPE=squashfs
Bootable=no
-
-BuildSources=
-Packages=
-BuildPackages=
-VolatilePackages=
-
-[Host]
-Incremental=no
diff --git a/mkosi.images/minimal-base/mkosi.conf b/mkosi.images/minimal-base/mkosi.conf
index 7eb1473..d841f9b 100644
--- a/mkosi.images/minimal-base/mkosi.conf
+++ b/mkosi.images/minimal-base/mkosi.conf
@@ -1,24 +1,19 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
-[Config]
-ConfigureScripts=
-
[Output]
Format=directory
[Content]
Bootable=no
-@Locale=C.UTF-8
+Locale=C.UTF-8
WithDocs=no
CleanPackageMetadata=yes
-BuildSources=
-Packages=
-BuildPackages=
-VolatilePackages=
-
Packages=
bash
coreutils
grep
util-linux
+
+[Config]
+Include=%D/mkosi.sanitizers
diff --git a/mkosi.images/minimal-base/mkosi.conf.d/10-arch.conf b/mkosi.images/minimal-base/mkosi.conf.d/10-arch.conf
index 9b03397..044199a 100644
--- a/mkosi.images/minimal-base/mkosi.conf.d/10-arch.conf
+++ b/mkosi.images/minimal-base/mkosi.conf.d/10-arch.conf
@@ -7,7 +7,10 @@ Distribution=arch
Packages=
inetutils
iproute
- openbsd-netcat
+ nmap
+
+VolatilePackages=
+ systemd-libs
RemoveFiles=
# Arch Linux doesn't split their gcc-libs package so we manually remove
diff --git a/mkosi.images/minimal-base/mkosi.conf.d/10-centos-fedora.conf b/mkosi.images/minimal-base/mkosi.conf.d/10-centos-fedora.conf
index 3a3e528..e9893ad 100644
--- a/mkosi.images/minimal-base/mkosi.conf.d/10-centos-fedora.conf
+++ b/mkosi.images/minimal-base/mkosi.conf.d/10-centos-fedora.conf
@@ -9,4 +9,7 @@ Packages=
hostname
iproute
iproute-tc
- netcat
+ nmap-ncat
+
+VolatilePackages=
+ systemd-libs
diff --git a/mkosi.images/minimal-base/mkosi.conf.d/10-debian-ubuntu-opensuse.conf b/mkosi.images/minimal-base/mkosi.conf.d/10-debian-ubuntu.conf
index a715ec1..d524ec1 100644
--- a/mkosi.images/minimal-base/mkosi.conf.d/10-debian-ubuntu-opensuse.conf
+++ b/mkosi.images/minimal-base/mkosi.conf.d/10-debian-ubuntu.conf
@@ -9,4 +9,8 @@ Packages=
hostname
iproute2
mount
- netcat-openbsd
+ ncat
+
+VolatilePackages=
+ libsystemd0
+ libudev1
diff --git a/mkosi.images/minimal-base/mkosi.conf.d/10-opensuse.conf b/mkosi.images/minimal-base/mkosi.conf.d/10-opensuse.conf
index 2e370ec..9bd40cf 100644
--- a/mkosi.images/minimal-base/mkosi.conf.d/10-opensuse.conf
+++ b/mkosi.images/minimal-base/mkosi.conf.d/10-opensuse.conf
@@ -7,5 +7,9 @@ Distribution=opensuse
Packages=
hostname
iproute2
- netcat-openbsd
+ ncat
patterns-base-minimal_base
+
+VolatilePackages=
+ libsystemd0
+ libudev1
diff --git a/mkosi.images/minimal-base/mkosi.conf.d/20-build.conf b/mkosi.images/minimal-base/mkosi.conf.d/20-build.conf
new file mode 100644
index 0000000..8c16d9b
--- /dev/null
+++ b/mkosi.images/minimal-base/mkosi.conf.d/20-build.conf
@@ -0,0 +1,9 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+# Add a dependency on the build image unless NO_BUILD=1.
+
+[Match]
+Environment=!NO_BUILD=1
+
+[Config]
+Dependencies=build
diff --git a/mkosi.images/system/coredump-journal-storage.conf b/mkosi.images/system/coredump-journal-storage.conf
deleted file mode 100644
index cde9785..0000000
--- a/mkosi.images/system/coredump-journal-storage.conf
+++ /dev/null
@@ -1,4 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Coredump]
-Storage=journal
diff --git a/mkosi.images/system/initrd/mkosi.conf b/mkosi.images/system/initrd/mkosi.conf
deleted file mode 100644
index ed9bfdc..0000000
--- a/mkosi.images/system/initrd/mkosi.conf
+++ /dev/null
@@ -1,7 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Content]
-PostInstallationScripts=../mkosi.sanitizers.chroot
-ExtraTrees=
- ../leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions
- ../coredump-journal-storage.conf:/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf
diff --git a/mkosi.images/system/leak-sanitizer-suppressions b/mkosi.images/system/leak-sanitizer-suppressions
deleted file mode 100644
index 639abb8..0000000
--- a/mkosi.images/system/leak-sanitizer-suppressions
+++ /dev/null
@@ -1 +0,0 @@
-leak:libselinux
diff --git a/mkosi.images/system/mkosi.clean b/mkosi.images/system/mkosi.clean
deleted file mode 100755
index 64810b7..0000000
--- a/mkosi.images/system/mkosi.clean
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/bash
-set -e
-set -o nounset
-
-rm -f "$OUTPUTDIR"/*.{rpm,deb,pkg.tar}
diff --git a/mkosi.images/system/mkosi.conf b/mkosi.images/system/mkosi.conf
deleted file mode 100644
index f8a91df..0000000
--- a/mkosi.images/system/mkosi.conf
+++ /dev/null
@@ -1,78 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Config]
-InitrdInclude=initrd/
-
-[Output]
-RepartDirectories=mkosi.repart
-
-[Content]
-Autologin=yes
-ExtraTrees=
- %D/mkosi.crt:/usr/lib/verity.d/mkosi.crt # sysext verification key
- leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions
- coredump-journal-storage.conf:/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf
-
-PostInstallationScripts=mkosi.sanitizers.chroot
-
-InitrdPackages=
- btrfs-progs
- findutils
- grep
- sed
-
-Packages=
- acl
- attr
- bash-completion
- bpftrace
- btrfs-progs
- clang
- coreutils
- curl
- diffutils
- dnsmasq
- dosfstools
- e2fsprogs
- findutils
- gdb
- grep
- gzip
- jq
- kbd
- kexec-tools
- kmod
- knot
- less
- lld
- llvm
- lvm2
- man
- mdadm
- mtools
- nano
- nftables
- nvme-cli
- opensc
- openssl
- p11-kit
- pciutils
- python3
- qrencode
- radvd
- rsync
- sed
- socat
- strace
- systemd
- tar
- tmux
- tree
- udev
- util-linux
- valgrind
- which
- wireguard-tools
- xfsprogs
- zsh
- zstd
diff --git a/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.conf
deleted file mode 100644
index 96ae8c8..0000000
--- a/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.conf
+++ /dev/null
@@ -1,70 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-Distribution=arch
-
-[Content]
-Environment=
- GIT_URL=https://gitlab.archlinux.org/archlinux/packaging/packages/systemd.git
- GIT_BRANCH=main
- GIT_COMMIT=d74b24c7c6077740c35a876445febe6d26bf013c
-
-VolatilePackages=
- systemd
- systemd-libs
- systemd-resolvconf
- systemd-sysvcompat
- systemd-tests
- systemd-ukify
-
-Packages=
- bind
- bpf
- compiler-rt
- compsize
- cryptsetup
- dbus-broker
- dbus-broker-units
- debugedit
- dhcp
- f2fs-tools
- fakeroot
- git
- gnutls
- gnutls
- iproute
- iputils
- linux
- man-db
- multipath-tools
- open-iscsi
- openbsd-netcat
- openssh
- openssl
- pacman
- perf
- pkgconf
- polkit
- procps-ng
- psmisc
- python-pexpect
- python-psutil
- quota-tools
- sbsigntools
- shadow
- softhsm
- squashfs-tools
- stress
- tgt
- tpm2-tools
- tpm2-tss
- vim
-
-InitrdPackages=
- compiler-rt
- tpm2-tools
-
-InitrdVolatilePackages=
- systemd
- systemd-libs
- systemd-sysvcompat
diff --git a/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.conf.d/10-debug.conf b/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.conf.d/10-debug.conf
deleted file mode 100644
index 4a6d2e9..0000000
--- a/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.conf.d/10-debug.conf
+++ /dev/null
@@ -1,7 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-Environment=WITH_DEBUG=1
-
-[Content]
-VolatilePackages=systemd-debug
diff --git a/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.prepare b/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.prepare
deleted file mode 100755
index fd78e81..0000000
--- a/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.prepare
+++ /dev/null
@@ -1,29 +0,0 @@
-#!/bin/bash
-# SPDX-License-Identifier: LGPL-2.1-or-later
-set -e
-
-if [ "$1" = "build" ] || ((NO_BUILD)); then
- exit 0
-fi
-
-# shellcheck source=/dev/null
-. "$BUILDROOT/usr/lib/os-release"
-
-if [ ! -f "pkg/$ID/PKGBUILD" ]; then
- echo "PKGBUILD not found at pkg/$ID/PKGBUILD, run mkosi once with -ff to make sure the PKGBUILD is cloned" >&2
- exit 1
-fi
-
-# We get depends and optdepends from .SRCINFO as getting them from the PKGBUILD is rather complex.
-sed --expression 's/^[ \t]*//' "pkg/$ID/.SRCINFO" |
- grep --regexp '^depends =' --regexp '^optdepends =' |
- sed --expression 's/^depends = //' --expression 's/^optdepends = //' --expression 's/:.*//' --expression 's/=.*//' |
- xargs --delimiter '\n' mkosi-install
-
-# We get makedepends from the PKGBUILD as .SRCINFO can't encode conditional dependencies depending on
-# whether some environment variable is set or not.
-# shellcheck source=/dev/null
-_systemd_UPSTREAM=1 . "pkg/$ID/PKGBUILD"
-
-# shellcheck disable=SC2154
-mkosi-install "${makedepends[@]}"
diff --git a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf
deleted file mode 100644
index f200409..0000000
--- a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf
+++ /dev/null
@@ -1,76 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-Distribution=|centos
-Distribution=|fedora
-
-[Content]
-VolatilePackages=
- systemd
- systemd-boot
- systemd-container
- systemd-devel
- systemd-journal-remote
- systemd-networkd
- systemd-networkd-defaults
- systemd-oomd-defaults
- systemd-pam
- systemd-resolved
- systemd-tests
- systemd-udev
- systemd-ukify
-
-Packages=
- bind-utils
- bpftool
- compiler-rt
- cryptsetup
- device-mapper-event
- device-mapper-multipath
- dfuzzer
- dhcp-server
- dnf
- git-core
- glibc-langpack-de
- glibc-langpack-en
- gnutls
- gnutls-utils
- integritysetup
- iproute
- iproute-tc
- iputils
- iscsi-initiator-utils
- kernel-core
- libasan
- libcap-ng-utils
- libubsan
- man-db
- netcat
- openssh-clients
- openssh-server
- pam
- passwd
- perf
- policycoreutils
- polkit
- procps-ng
- python3-pexpect
- quota
- rpm
- rpm-build
- rpmautospec
- sbsigntools
- softhsm
- squashfs-tools
- stress
- tpm2-tools
- util-linux
- veritysetup
- vim-common
-
-InitrdPackages=
- tpm2-tools
-
-InitrdVolatilePackages=
- systemd
- systemd-udev
diff --git a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-debug.conf b/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-debug.conf
deleted file mode 100644
index 0c3707b..0000000
--- a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-debug.conf
+++ /dev/null
@@ -1,17 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-Environment=WITH_DEBUG=1
-
-[Content]
-VolatilePackages=
- systemd-container-debuginfo
- systemd-debuginfo
- systemd-debugsource
- systemd-journal-remote-debuginfo
- systemd-libs-debuginfo
- systemd-networkd-debuginfo
- systemd-pam-debuginfo
- systemd-resolved-debuginfo
- systemd-tests-debuginfo
- systemd-udev-debuginfo
diff --git a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-selinux.conf b/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-selinux.conf
deleted file mode 100644
index 9fe5509..0000000
--- a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-selinux.conf
+++ /dev/null
@@ -1,20 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-Profile=!particle
-
-[Content]
-# libselinux does not work in the slightest with /usr-only images so don't install the packages if we're
-# building a /usr-only image.
-Packages=
- selinux-policy
- selinux-policy-targeted
- setools-console
-
-# We relabel on first boot instead of at build time because it is only possible to label without root
-# if the labels exist in the host system, and we want to be able to cross-build to other distributions.
-SELinuxRelabel=no
-
-InitrdPackages=
- selinux-policy
- selinux-policy-targeted
diff --git a/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.conf
deleted file mode 100644
index 25059c2..0000000
--- a/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.conf
+++ /dev/null
@@ -1,17 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-Distribution=centos
-
-[Content]
-Environment=
- # The kernel versions in CentOS Stream 9 doesn't support orphan_file, but later versions of
- # mkfs.ext4 enabled it by default, so we disable it explicitly.
- Environment=SYSTEMD_REPART_MKFS_OPTIONS_EXT4="-O ^orphan_file"
- GIT_URL=https://git.centos.org/rpms/systemd.git
- GIT_BRANCH=c9s-sig-hyperscale
- GIT_COMMIT=8cf2aed0181920611421384f7374720db269d6c7
-
-Packages=
- kernel-modules # For squashfs
- rpmautospec-rpm-macros
diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf
deleted file mode 100644
index c6b8154..0000000
--- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf
+++ /dev/null
@@ -1,92 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-Distribution=|debian
-Distribution=|ubuntu
-
-[Content]
-Environment=
- GIT_URL=https://salsa.debian.org/systemd-team/systemd.git
- GIT_SUBDIR=debian
- GIT_BRANCH=ci/v256-stable
- GIT_COMMIT=5f07b24c429e854db1afad5f14729804a46a59af
-
-VolatilePackages=
- libnss-myhostname
- libnss-mymachines
- libnss-resolve
- libnss-systemd
- libpam-systemd
- libsystemd-dev
- libudev-dev
- systemd
- systemd-container
- systemd-coredump
- systemd-cryptsetup
- systemd-dev
- systemd-homed
- systemd-journal-remote
- systemd-oomd
- systemd-repart
- systemd-resolved
- systemd-sysv
- systemd-tests
- systemd-timesyncd
- systemd-ukify
- systemd-userdbd
- udev
-
-Packages=
- ^libasan[0-9]+$
- ^libtss2-esys-[0-9.]+-0$
- ^libtss2-mu-[0-9.]+-0$
- ^libubsan[0-9]+$
- apt
- bind9-dnsutils
- cryptsetup-bin
- dbus-broker
- dbus-user-session
- dmsetup
- dpkg-dev
- f2fs-tools
- fdisk
- git-core
- gnutls-bin
- iproute2
- iputils-ping
- isc-dhcp-server
- libcap-ng-utils
- libclang-rt-dev
- libtss2-rc0
- libtss2-tcti-device0
- locales
- man-db
- multipath-tools
- netcat-openbsd
- open-iscsi
- openssh-client
- openssh-server
- passwd
- policykit-1
- procps
- psmisc
- python3-pexpect
- python3-psutil
- quota
- softhsm2
- squashfs-tools
- stress
- tgt
- tpm2-tools
- tzdata
- xxd
-
-InitrdPackages=
- libclang-rt-dev
- tpm2-tools
-
-InitrdVolatilePackages=
- systemd
- systemd-cryptsetup
- systemd-repart
- udev
diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/10-debug.conf b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/10-debug.conf
deleted file mode 100644
index 2bb6164..0000000
--- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/10-debug.conf
+++ /dev/null
@@ -1,29 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-Environment=WITH_DEBUG=1
-
-[Content]
-VolatilePackages=
- libnss-myhostname-dbgsym
- libnss-mymachines-dbgsym
- libnss-resolve-dbgsym
- libnss-systemd-dbgsym
- libpam-systemd-dbgsym
- libsystemd-shared-dbgsym
- libsystemd0-dbgsym
- libudev1-dbgsym
- systemd-boot-dbgsym
- systemd-container-dbgsym
- systemd-coredump-dbgsym
- systemd-cryptsetup-dbgsym
- systemd-dbgsym
- systemd-homed-dbgsym
- systemd-journal-remote-dbgsym
- systemd-oomd-dbgsym
- systemd-repart-dbgsym
- systemd-resolved-dbgsym
- systemd-tests-dbgsym
- systemd-timesyncd-dbgsym
- systemd-userdbd-dbgsym
- udev-dbgsym
diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf
deleted file mode 100644
index 781670a..0000000
--- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf
+++ /dev/null
@@ -1,16 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-# sbsigntool exists only on UEFI architectures
-
-[Match]
-Architecture=|x86
-Architecture=|x86-64
-Architecture=|arm
-Architecture=|arm64
-Architecture=|riscv32
-Architecture=|riscv64
-
-[Content]
-Packages=
- sbsigntool
- systemd-boot
- systemd-boot-efi
diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf
deleted file mode 100644
index 4fb4f46..0000000
--- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf
+++ /dev/null
@@ -1,7 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-Environment=NO_BUILD=1
-
-[Content]
-WithNetwork=yes
diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.postinst b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.postinst
deleted file mode 100755
index 314f235..0000000
--- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.postinst
+++ /dev/null
@@ -1,29 +0,0 @@
-#!/bin/bash
-# SPDX-License-Identifier: LGPL-2.1-or-later
-set -e
-
-# By default Suggests are not installed (and often Recommends are disabled too), which means we will miss
-# the dlopen optional dependencies, but the tests need them, so parse them from the package metadata and
-# install them. This is not an issue when building locally, as the build and runtime images are the same,
-# so they would get installed as build dependencies anyway.
-
-if [ "$1" = "build" ] || ! ((NO_BUILD)); then
- exit 0
-fi
-
-# Query the Recommends and Suggests of all systemd packages, by matching on the version
-systemd_version="$(dpkg-query --showformat '${Version}' --show systemd)"
-mapfile -t systemd_packages < <( dpkg --list | grep '^ii' | grep "$systemd_version" | awk '{print $2}' | tr '\n' ' ' )
-extra_packages=()
-# shellcheck disable=SC2068
-for package in ${systemd_packages[@]}; do
- # We are looking for dlopens, so filter for libraries
- mapfile -t -O "${#extra_packages[@]}" extra_packages < <(dpkg-query --showformat '${Suggests}' --show "$package" | sed -e "s/, /\n/g" -e "s/|.*//" | grep "lib")
- mapfile -t -O "${#extra_packages[@]}" extra_packages < <(dpkg-query --showformat '${Recommends}' --show "$package" | sed -e "s/, /\n/g" -e "s/|.*//" | grep "lib")
-done
-
-if [ "${#extra_packages[@]}" -eq 0 ]; then
- exit 0
-fi
-
-apt install "${extra_packages[@]}"
diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.prepare b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.prepare
deleted file mode 100755
index 645671a..0000000
--- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.prepare
+++ /dev/null
@@ -1,18 +0,0 @@
-#!/bin/bash
-# SPDX-License-Identifier: LGPL-2.1-or-later
-set -e
-
-if [ "$1" = "build" ] || ((NO_BUILD)); then
- exit 0
-fi
-
-# shellcheck source=/dev/null
-. "$BUILDROOT/usr/lib/os-release"
-
-if [ ! -d "pkg/$ID/debian" ]; then
- echo "deb rules not found at pkg/$ID/debian, run mkosi once with -ff to make sure the rules are cloned" >&2
- exit 1
-fi
-
-cd "pkg/$ID"
-DEB_BUILD_PROFILES="pkg.systemd.upstream" apt-get build-dep .
diff --git a/mkosi.images/system/mkosi.conf.d/10-fedora/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-fedora/mkosi.conf
deleted file mode 100644
index c4617d2..0000000
--- a/mkosi.images/system/mkosi.conf.d/10-fedora/mkosi.conf
+++ /dev/null
@@ -1,19 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-Distribution=fedora
-
-[Content]
-Environment=
- GIT_URL=https://src.fedoraproject.org/rpms/systemd.git
- GIT_BRANCH=rawhide
- GIT_COMMIT=f9fe17dbdee7242ccd4fd2858128c8952890bdb8
-
-Packages=
- compsize
- dnf5
- f2fs-tools
- scsi-target-utils
- # Required for systemd-networkd-tests.py (netdevsim and sch_xxx modules)
- kernel-modules-extra
- kernel-modules-internal
diff --git a/mkosi.images/system/mkosi.conf.d/10-opensuse/initrd/mkosi.postinst b/mkosi.images/system/mkosi.conf.d/10-opensuse/initrd/mkosi.postinst
deleted file mode 100755
index 417132f..0000000
--- a/mkosi.images/system/mkosi.conf.d/10-opensuse/initrd/mkosi.postinst
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/bash
-# SPDX-License-Identifier: LGPL-2.1-or-later
-set -e
-
-# OpenSUSE insists on blacklisting erofs by default because its supposedly a legacy filesystem.
-# See https://github.com/openSUSE/suse-module-tools/pull/71
-rm -f "$BUILDROOT/usr/lib/modprobe.d/60-blacklist_fs-erofs.conf"
diff --git a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf
deleted file mode 100644
index e488b2d..0000000
--- a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf
+++ /dev/null
@@ -1,100 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-Distribution=opensuse
-
-[Config]
-InitrdInclude=initrd/
-
-[Content]
-Environment=
- GIT_URL=https://src.opensuse.org/rpm/systemd
- GIT_BRANCH=devel
- GIT_COMMIT=23bfa9d83b6e24a5395a704b816a351f3dc5b5316e580cacedd1b5d9e068c117
-
-VolatilePackages=
- systemd
- systemd-boot
- systemd-container
- systemd-devel
- systemd-doc
- systemd-experimental
- systemd-homed
- systemd-lang
- systemd-network
- systemd-portable
- systemd-sysvcompat
- systemd-testsuite
- udev
-
-# We install gawk, gzip, grep, xz, sed, rsync and docbook-xsl-stylesheets here explicitly so that the busybox
-# versions don't get installed instead.
-Packages=
- bind-utils
- bpftool
- cryptsetup
- device-mapper
- dhcp-server
- docbook-xsl-stylesheets
- f2fs-tools
- gawk
- gcc-c++
- git-core
- glibc-locale-base
- gnutls
- grep
- group(bin)
- group(daemon)
- group(games)
- group(nobody)
- group(root)
- gzip
- iputils
- kernel-default
- kmod
- libasan8
- libkmod2
- libubsan1
- multipath-tools
- open-iscsi
- openssh-clients
- openssh-server
- pam
- patterns-base-minimal_base
- perf
- procps4
- psmisc
- python3-pefile
- python3-pexpect
- python3-psutil
- quota
- rpm-build
- rsync
- sbsigntools
- sed
- shadow
- softhsm
- squashfs
- tgt
- timezone
- tpm2.0-tools
- user(bin)
- user(daemon)
- user(games)
- user(nobody)
- user(root)
- veritysetup
- vim
- xz
- zypper
-
-InitrdPackages=
- clang
- kmod
- libkmod2
- tpm2.0-tools
-
-InitrdVolatilePackages=
- systemd
- udev
- systemd-experimental
diff --git a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf.d/10-debug.conf b/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf.d/10-debug.conf
deleted file mode 100644
index 6c57d04..0000000
--- a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf.d/10-debug.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-Environment=WITH_DEBUG=1
-
-[Content]
-VolatilePackages=
- libsystemd0-debuginfo
- libudev1-debuginfo
- systemd-boot-debuginfo
- systemd-container-debuginfo
- systemd-debuginfo
- systemd-debugsource
- systemd-experimental-debuginfo
- systemd-homed-debuginfo
- systemd-journal-remote-debuginfo
- systemd-network-debuginfo
- systemd-portable-debuginfo
- systemd-sysvcompat-debuginfo
- systemd-testsuite-debuginfo
- udev-debuginfo
diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf
deleted file mode 100644
index 86f9736..0000000
--- a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf
+++ /dev/null
@@ -1,10 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-Distribution=ubuntu
-
-[Content]
-Packages=
- linux-image-generic
- linux-tools-common
- linux-tools-virtual
diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf
deleted file mode 100644
index 582f038..0000000
--- a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf
+++ /dev/null
@@ -1,10 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-# The ports Ubuntu archive is for non i386/amd64 repositories
-
-[Match]
-Architecture=!x86-64
-Architecture=!x86
-Release=noble
-
-[Distribution]
-PackageManagerTrees=noble-backports-ports.sources:/etc/apt/sources.list.d/noble-backports-ports.sources
diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf
deleted file mode 100644
index 7347be9..0000000
--- a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf
+++ /dev/null
@@ -1,10 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-# The main Ubuntu archive is only for i386/amd64 repositories
-
-[Match]
-Architecture=|x86-64
-Architecture=|x86
-Release=noble
-
-[Distribution]
-PackageManagerTrees=noble-backports.sources:/etc/apt/sources.list.d/noble-backports.sources
diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports-ports.sources b/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports-ports.sources
deleted file mode 100644
index 5b96dc5..0000000
--- a/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports-ports.sources
+++ /dev/null
@@ -1,6 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-Types: deb
-URIs: http://ports.ubuntu.com
-Suites: noble-backports
-Components: main universe
-Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports.sources b/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports.sources
deleted file mode 100644
index d10c1e8..0000000
--- a/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports.sources
+++ /dev/null
@@ -1,6 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-Types: deb
-URIs: http://archive.ubuntu.com/ubuntu
-Suites: noble-backports
-Components: main universe
-Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
diff --git a/mkosi.images/system/mkosi.conf.d/20-images.conf b/mkosi.images/system/mkosi.conf.d/20-images.conf
deleted file mode 100644
index 8641984..0000000
--- a/mkosi.images/system/mkosi.conf.d/20-images.conf
+++ /dev/null
@@ -1,22 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-Format=!none
-
-[Config]
-Dependencies=
- exitrd
- minimal-base
- minimal-0
- minimal-1
-
-[Content]
-ExtraTrees=
- %O/minimal-0.root-%a.raw:/usr/share/minimal_0.raw
- %O/minimal-0.root-%a-verity.raw:/usr/share/minimal_0.verity
- %O/minimal-0.root-%a-verity-sig.raw:/usr/share/minimal_0.verity.sig
- %O/minimal-1.root-%a.raw:/usr/share/minimal_1.raw
- %O/minimal-1.root-%a-verity.raw:/usr/share/minimal_1.verity
- %O/minimal-1.root-%a-verity-sig.raw:/usr/share/minimal_1.verity.sig
- %O/minimal-base:/usr/share/TEST-13-NSPAWN-container-template
- %O/exitrd:/exitrd
diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.conf
deleted file mode 100644
index 8c1920b..0000000
--- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.conf
+++ /dev/null
@@ -1,15 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-Profile=particle
-
-[Output]
-RepartDirectories=
-RepartDirectories=mkosi.repart
-
-[Validation]
-@SecureBoot=yes
-@SignExpectedPcr=yes
-
-[Host]
-@RuntimeSize=8G
diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/15-swap.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/15-swap.conf
deleted file mode 100644
index 3755278..0000000
--- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/15-swap.conf
+++ /dev/null
@@ -1,6 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Partition]
-Type=swap
-SizeMinBytes=100M
-SizeMaxBytes=100M
diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/20-root.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/20-root.conf
deleted file mode 100644
index 2f92af2..0000000
--- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/20-root.conf
+++ /dev/null
@@ -1,6 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Partition]
-Type=root
-Format=btrfs
-SizeMinBytes=1G
diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf
deleted file mode 100644
index dac79ba..0000000
--- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf
+++ /dev/null
@@ -1,3 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-C+! /etc - - - - /usr/share/factory/mkosi
diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.finalize b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.finalize
deleted file mode 100755
index 69f9554..0000000
--- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.finalize
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/bash
-# SPDX-License-Identifier: LGPL-2.1-or-later
-set -e
-
-mkdir -p "$BUILDROOT"/usr/share/factory/mkosi
-cp --archive --recursive --no-target-directory --reflink=auto "$BUILDROOT"/etc "$BUILDROOT"/usr/share/factory/mkosi
diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.postinst.chroot b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.postinst.chroot
deleted file mode 100755
index 95e0552..0000000
--- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.postinst.chroot
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/bash
-# SPDX-License-Identifier: LGPL-2.1-or-later
-set -e
-
-# sbsign is not available on CentOS Stream
-if command -v sbsign &>/dev/null; then
- # Ensure that side-loaded PE addons are loaded if signed, and ignored if not
- addons_dir=/efi/loader/addons
- mkdir -p "$addons_dir"
- ukify build --secureboot-private-key mkosi.key --secureboot-certificate mkosi.crt --cmdline this_should_be_here -o "$addons_dir/good.addon.efi"
- ukify build --cmdline this_should_not_be_here -o "$addons_dir/bad.addon.efi"
-fi
diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/00-esp.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/00-esp.conf
deleted file mode 100644
index 391543d..0000000
--- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/00-esp.conf
+++ /dev/null
@@ -1,9 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Partition]
-Type=esp
-Format=vfat
-CopyFiles=/boot:/
-CopyFiles=/efi:/
-SizeMinBytes=1G
-SizeMaxBytes=1G
diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/10-usr.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/10-usr.conf
deleted file mode 100644
index 343761d..0000000
--- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/10-usr.conf
+++ /dev/null
@@ -1,9 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Partition]
-Type=usr
-Format=erofs
-CopyFiles=/usr:/
-Verity=data
-VerityMatchKey=usr
-Minimize=yes
diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/11-usr-verity.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/11-usr-verity.conf
deleted file mode 100644
index b4d45dd..0000000
--- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/11-usr-verity.conf
+++ /dev/null
@@ -1,7 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Partition]
-Type=usr-verity
-Verity=hash
-VerityMatchKey=usr
-Minimize=yes
diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/12-usr-verity-sig.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/12-usr-verity-sig.conf
deleted file mode 100644
index 1841d0a..0000000
--- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/12-usr-verity-sig.conf
+++ /dev/null
@@ -1,6 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Partition]
-Type=usr-verity-sig
-Verity=signature
-VerityMatchKey=usr
diff --git a/mkosi.images/system/mkosi.extra/.autorelabel b/mkosi.images/system/mkosi.extra/.autorelabel
deleted file mode 100644
index bd4fba4..0000000
--- a/mkosi.images/system/mkosi.extra/.autorelabel
+++ /dev/null
@@ -1 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
diff --git a/mkosi.images/system/mkosi.extra/etc/iscsi/iscsid.conf b/mkosi.images/system/mkosi.extra/etc/iscsi/iscsid.conf
deleted file mode 100644
index fcf4cd9..0000000
--- a/mkosi.images/system/mkosi.extra/etc/iscsi/iscsid.conf
+++ /dev/null
@@ -1,3 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-iscsid.startup = /usr/bin/systemctl start iscsid.socket
diff --git a/mkosi.images/system/mkosi.extra/etc/issue b/mkosi.images/system/mkosi.extra/etc/issue
deleted file mode 100644
index 6aa6fc0..0000000
--- a/mkosi.images/system/mkosi.extra/etc/issue
+++ /dev/null
@@ -1,2 +0,0 @@
-\S (built from systemd tree)
-Kernel \r on an \m (\l)
diff --git a/mkosi.images/system/mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf b/mkosi.images/system/mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf
deleted file mode 100644
index 657ac72..0000000
--- a/mkosi.images/system/mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf
+++ /dev/null
@@ -1,4 +0,0 @@
-# Ubuntu since Noble disables unprivileged user namespaces by default, re-enable them as they are needed
-# for integration tests
-kernel.apparmor_restrict_unprivileged_unconfined = 0
-kernel.apparmor_restrict_unprivileged_userns = 0
diff --git a/mkosi.images/system/mkosi.extra/usr/lib/systemd/journald.conf.d/ratelimit.conf b/mkosi.images/system/mkosi.extra/usr/lib/systemd/journald.conf.d/ratelimit.conf
deleted file mode 100644
index 3baede4..0000000
--- a/mkosi.images/system/mkosi.extra/usr/lib/systemd/journald.conf.d/ratelimit.conf
+++ /dev/null
@@ -1,5 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Journal]
-RateLimitIntervalSec=0
-RateLimitBurst=0
diff --git a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system-preset/00-mkosi.preset b/mkosi.images/system/mkosi.extra/usr/lib/systemd/system-preset/00-mkosi.preset
deleted file mode 100644
index c364058..0000000
--- a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system-preset/00-mkosi.preset
+++ /dev/null
@@ -1,41 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-# mkosi adds its own ssh units via the --ssh switch so disable the default ones.
-disable ssh.service
-disable sshd.service
-
-# These are started manually in integration tests so don't start them by default.
-disable dnsmasq.service
-disable isc-dhcp-server.service
-disable isc-dhcp-server6.service
-
-# Pulled in via dracut-network by kexec-tools on Fedora.
-disable NetworkManager*
-
-# Make sure dbus-broker is started by default on Debian/Ubuntu.
-enable dbus-broker.service
-
-# systemd-networkd is disabled by default on Fedora so make sure it is enabled.
-enable systemd-networkd.service
-enable systemd-networkd-wait-online.service
-
-# systemd-resolved is disable by default on CentOS so make sure it is enabled.
-enable systemd-resolved.service
-
-# We install dnf in some images but it's only going to be used rarely,
-# so let's not have dnf create its cache.
-disable dnf-makecache.*
-
-# We have journald to receive audit data so let's make sure we're not running auditd as well
-disable auditd.service
-
-# systemd-timesyncd is not enabled by default in the default systemd preset so enable it here instead.
-enable systemd-timesyncd.service
-
-# Skipped if selinux is not enabled, required for TEST-06-SELINUX.
-enable autorelabel.service
-
-# Enabled by default on OpenSUSE and not conditioned out in containers, so let's disable these here instead.
-disable iscsi.service
-disable iscsid.socket
-disable iscsiuio.socket
diff --git a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system-preset/99-mkosi.preset b/mkosi.images/system/mkosi.extra/usr/lib/systemd/system-preset/99-mkosi.preset
deleted file mode 100644
index 710ee7c..0000000
--- a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system-preset/99-mkosi.preset
+++ /dev/null
@@ -1,4 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-# Make sure that services are disabled by default (primarily for Debian/Ubuntu).
-disable *
diff --git a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system/iscsi-init.service.d/asan.conf b/mkosi.images/system/mkosi.extra/usr/lib/systemd/system/iscsi-init.service.d/asan.conf
deleted file mode 100644
index ebf7899..0000000
--- a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system/iscsi-init.service.d/asan.conf
+++ /dev/null
@@ -1,7 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-# The iscsi-init.service calls `sh` which might, in certain circumstances, pull in instrumented systemd NSS
-# modules causing `sh` to fail. Avoid the issue by setting LD_PRELOAD to load the sanitizer libraries if
-# needed.
-[Service]
-EnvironmentFile=-/usr/lib/systemd/systemd-asan-env
diff --git a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system/user@.service.d/99-SYSTEMD_UNIT_PATH.conf b/mkosi.images/system/mkosi.extra/usr/lib/systemd/system/user@.service.d/99-SYSTEMD_UNIT_PATH.conf
deleted file mode 100644
index d0093b7..0000000
--- a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system/user@.service.d/99-SYSTEMD_UNIT_PATH.conf
+++ /dev/null
@@ -1,4 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Service]
-PassEnvironment=SYSTEMD_UNIT_PATH
diff --git a/mkosi.images/system/mkosi.extra/usr/lib/tmpfiles.d/locale.conf b/mkosi.images/system/mkosi.extra/usr/lib/tmpfiles.d/locale.conf
deleted file mode 100644
index e1a8e81..0000000
--- a/mkosi.images/system/mkosi.extra/usr/lib/tmpfiles.d/locale.conf
+++ /dev/null
@@ -1 +0,0 @@
-L /etc/default/locale - - - - ../locale.conf
diff --git a/mkosi.images/system/mkosi.extra/usr/share/dbus-1/system.d/systemd.test.ExecStopPost.conf b/mkosi.images/system/mkosi.extra/usr/share/dbus-1/system.d/systemd.test.ExecStopPost.conf
deleted file mode 100644
index ddd36ed..0000000
--- a/mkosi.images/system/mkosi.extra/usr/share/dbus-1/system.d/systemd.test.ExecStopPost.conf
+++ /dev/null
@@ -1,13 +0,0 @@
-<?xml version="1.0"?>
-<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
- "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
-
-<!--
- SPDX-License-Identifier: LGPL-2.1-or-later
--->
-
-<busconfig>
- <policy user="root">
- <allow own="systemd.test.ExecStopPost"/>
- </policy>
-</busconfig>
diff --git a/mkosi.images/system/mkosi.postinst.chroot b/mkosi.images/system/mkosi.postinst.chroot
deleted file mode 100755
index 4686802..0000000
--- a/mkosi.images/system/mkosi.postinst.chroot
+++ /dev/null
@@ -1,172 +0,0 @@
-#!/bin/bash
-# SPDX-License-Identifier: LGPL-2.1-or-later
-set -e
-set -o nounset
-
-useradd --uid 4711 --create-home --user-group testuser
-
-if command -v authselect >/dev/null; then
- # authselect 1.5.0 renamed the minimal profile to the local profile without keeping backwards compat so
- # let's use the new name if it exists.
- if [ -d /usr/share/authselect/default/local ]; then
- PROFILE=local
- else
- PROFILE=minimal
- fi
-
- authselect select "$PROFILE"
-
- if authselect list-features "$PROFILE" | grep -q "with-homed"; then
- authselect enable-feature with-homed
- fi
-fi
-
-# Let tmpfiles.d/systemd-resolve.conf handle the symlink. /etc/resolv.conf might be mounted over so undo that
-# if that's the case.
-mountpoint -q /etc/resolv.conf && umount /etc/resolv.conf
-rm -f /etc/resolv.conf
-
-for f in "$BUILDROOT"/usr/share/*.verity.sig; do
- jq --join-output '.rootHash' "$f" >"${f%.verity.sig}.roothash"
-done
-
-# We want /var/log/journal to be created on first boot so it can be created with the right chattr settings by
-# systemd-journald.
-rm -r "$BUILDROOT/var/log/journal"
-
-rm -f /etc/nsswitch.conf
-cp "$SRCDIR/factory/etc/nsswitch.conf" /etc/nsswitch.conf
-
-# Remove to make TEST-73-LOCALE pass on Ubuntu.
-rm -f /etc/default/keyboard
-
-# This is executed inside the chroot so no need to disable any features as the default features will match
-# the kernel's supported features.
-SYSTEMD_REPART_MKFS_OPTIONS_EXT4="" \
- systemd-repart \
- --empty=create \
- --dry-run=no \
- --size=auto \
- --offline=true \
- --root test/TEST-24-CRYPTSETUP \
- --definitions test/TEST-24-CRYPTSETUP/keydev.repart \
- "$OUTPUTDIR/keydev.raw"
-
-can_test_pkcs11() {
- if ! command -v "softhsm2-util" >/dev/null; then
- echo "softhsm2-util not available, skipping the PKCS#11 test" >&2
- return 1
- fi
- if ! command -v "pkcs11-tool" >/dev/null; then
- echo "pkcs11-tool not available, skipping the PKCS#11 test" >&2
- return 1
- fi
- if ! command -v "certtool" >/dev/null; then
- echo "certtool not available, skipping the PKCS#11 test" >&2
- return 1
- fi
- if ! systemctl --version | grep -q "+P11KIT"; then
- echo "Support for p11-kit is disabled, skipping the PKCS#11 test" >&2
- return 1
- fi
- if ! systemctl --version | grep -q "+OPENSSL"; then
- echo "Support for openssl is disabled, skipping the PKCS#11 test" >&2
- return 1
- fi
- if ! systemctl --version | grep -q "+LIBCRYPTSETUP\b"; then
- echo "Support for libcryptsetup is disabled, skipping the PKCS#11 test" >&2
- return 1
- fi
- if ! systemctl --version | grep -q "+LIBCRYPTSETUP_PLUGINS"; then
- echo "Support for libcryptsetup plugins is disabled, skipping the PKCS#11 test" >&2
- return 1
- fi
-
- return 0
-}
-
-setup_pkcs11_token() {
- echo "Setup PKCS#11 token" >&2
- local P11_MODULE_CONFIGS_DIR P11_MODULE_DIR SOFTHSM_MODULE
-
- export SOFTHSM2_CONF="/tmp/softhsm2.conf"
- mkdir -p /usr/lib/softhsm/tokens/
- cat >$SOFTHSM2_CONF <<EOF
-directories.tokendir = /usr/lib/softhsm/tokens/
-objectstore.backend = file
-slots.removable = false
-slots.mechanisms = ALL
-EOF
- export GNUTLS_PIN="1234"
- export GNUTLS_SO_PIN="12345678"
- softhsm2-util --init-token --free --label "TestToken" --pin "$GNUTLS_PIN" --so-pin "$GNUTLS_SO_PIN"
-
- if ! P11_MODULE_CONFIGS_DIR=$(pkg-config --variable=p11_module_configs p11-kit-1); then
- echo "WARNING! Cannot get p11_module_configs from p11-kit-1.pc, assuming /usr/share/p11-kit/modules" >&2
- P11_MODULE_CONFIGS_DIR="/usr/share/p11-kit/modules"
- fi
-
- if ! P11_MODULE_DIR=$(pkg-config --variable=p11_module_path p11-kit-1); then
- echo "WARNING! Cannot get p11_module_path from p11-kit-1.pc, assuming /usr/lib/pkcs11" >&2
- P11_MODULE_DIR="/usr/lib/pkcs11"
- fi
-
- SOFTHSM_MODULE=$(grep -F 'module:' "$P11_MODULE_CONFIGS_DIR/softhsm2.module"| cut -d ':' -f 2| xargs)
- if [[ "$SOFTHSM_MODULE" =~ ^[^/] ]]; then
- SOFTHSM_MODULE="$P11_MODULE_DIR/$SOFTHSM_MODULE"
- fi
-
- # RSA #####################################################
- pkcs11-tool --module "$SOFTHSM_MODULE" --token-label "TestToken" --pin "env:GNUTLS_PIN" --so-pin "env:GNUTLS_SO_PIN" --keypairgen --key-type "RSA:2048" --label "RSATestKey" --usage-decrypt
-
- certtool --generate-self-signed \
- --load-privkey="pkcs11:token=TestToken;object=RSATestKey;type=private" \
- --load-pubkey="pkcs11:token=TestToken;object=RSATestKey;type=public" \
- --template "test/TEST-24-CRYPTSETUP/template.cfg" \
- --outder --outfile "/tmp/rsa_test.crt"
-
- pkcs11-tool --module "$SOFTHSM_MODULE" --token-label "TestToken" --pin "env:GNUTLS_PIN" --so-pin "env:GNUTLS_SO_PIN" --write-object "/tmp/rsa_test.crt" --type cert --label "RSATestKey"
- rm "/tmp/rsa_test.crt"
-
- # prime256v1 ##############################################
- pkcs11-tool --module "$SOFTHSM_MODULE" --token-label "TestToken" --pin "env:GNUTLS_PIN" --so-pin "env:GNUTLS_SO_PIN" --keypairgen --key-type "EC:prime256v1" --label "ECTestKey" --usage-derive
-
- certtool --generate-self-signed \
- --load-privkey="pkcs11:token=TestToken;object=ECTestKey;type=private" \
- --load-pubkey="pkcs11:token=TestToken;object=ECTestKey;type=public" \
- --template "test/TEST-24-CRYPTSETUP/template.cfg" \
- --outder --outfile "/tmp/ec_test.crt"
-
- pkcs11-tool --module "$SOFTHSM_MODULE" --token-label "TestToken" --pin "env:GNUTLS_PIN" --so-pin "env:GNUTLS_SO_PIN" --write-object "/tmp/ec_test.crt" --type cert --label "ECTestKey"
- rm "/tmp/ec_test.crt"
-
- ###########################################################
- rm "$SOFTHSM2_CONF"
- unset SOFTHSM2_CONF
-
- cat >/etc/softhsm2.conf <<EOF
-directories.tokendir = /usr/lib/softhsm/tokens/
-objectstore.backend = file
-slots.removable = false
-slots.mechanisms = ALL
-log.level = INFO
-EOF
-
- mkdir -p /etc/systemd/system/systemd-cryptsetup@.service.d
- cat >/etc/systemd/system/systemd-cryptsetup@.service.d/PKCS11.conf <<EOF
-[Unit]
-# Make sure we can start systemd-cryptsetup@empty_pkcs11_auto.service many times
-StartLimitBurst=10
-
-[Service]
-Environment="SOFTHSM2_CONF=/etc/softhsm2.conf"
-Environment="PIN=$GNUTLS_PIN"
-EOF
-
- unset GNUTLS_PIN
- unset GNUTLS_SO_PIN
-}
-
-if can_test_pkcs11; then
- setup_pkcs11_token
-fi
diff --git a/mkosi.images/system/mkosi.repart/00-esp.conf b/mkosi.images/system/mkosi.repart/00-esp.conf
deleted file mode 100644
index 391543d..0000000
--- a/mkosi.images/system/mkosi.repart/00-esp.conf
+++ /dev/null
@@ -1,9 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Partition]
-Type=esp
-Format=vfat
-CopyFiles=/boot:/
-CopyFiles=/efi:/
-SizeMinBytes=1G
-SizeMaxBytes=1G
diff --git a/mkosi.images/system/mkosi.repart/10-root.conf b/mkosi.images/system/mkosi.repart/10-root.conf
deleted file mode 100644
index 3c25dbf..0000000
--- a/mkosi.images/system/mkosi.repart/10-root.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Partition]
-Type=root
-Format=btrfs
-CopyFiles=/
-SizeMinBytes=8G
-SizeMaxBytes=8G
diff --git a/mkosi.images/system/mkosi.sanitizers.chroot b/mkosi.images/system/mkosi.sanitizers.chroot
deleted file mode 100755
index 524e3da..0000000
--- a/mkosi.images/system/mkosi.sanitizers.chroot
+++ /dev/null
@@ -1,127 +0,0 @@
-#!/bin/bash
-# SPDX-License-Identifier: LGPL-2.1-or-later
-set -e
-set -o nounset
-
-if [[ -z "${SANITIZERS:-}" ]]; then
- exit 0
-fi
-
-# Sanitizers log to stderr by default. However, journald's stderr is connected to /dev/null, so we lose
-# all the sanitizer logs. To rectify that, let's connect journald's stdout to kmsg so that the sanitizer
-# failures end up in the journal.
-mkdir -p /etc/systemd/system/systemd-journald.service.d
-cat >/etc/systemd/system/systemd-journald.service.d/10-stdout-tty.conf <<EOF
-[Service]
-StandardOutput=kmsg
-EOF
-
-# ASAN and syscall filters aren't compatible with each other.
-find /usr /etc -name '*.service' -type f -exec sed -i 's/^\(MemoryDeny\|SystemCall\)/# \1/' {} +
-
-# 'systemd-hwdb update' takes > 50s when built with sanitizers so let's not run it by default.
-systemctl mask systemd-hwdb-update.service
-
-ASAN_RT_PATH="$(grep libasan.so < <(ldd /usr/lib/systemd/systemd) | cut -d ' ' -f 3)"
-if [[ -z "$ASAN_RT_PATH" ]]; then
- ASAN_RT_PATH="$(grep libclang_rt.asan < <(ldd /usr/lib/systemd/systemd) | cut -d ' ' -f 3)"
-
- # As clang's ASan DSO is usually in a non-standard path, let's check if the RUNPATH is set accordingly.
- if ldd /usr/lib/systemd/systemd | grep -q "libclang_rt.asan.*not found"; then
- echo >&2 "clang's ASan DSO libclang_rt.asan is not present in the runtime library path"
- exit 1
- fi
-fi
-if [[ -z "$ASAN_RT_PATH" ]]; then
- echo >&2 "systemd is not linked against the ASan DSO"
- echo >&2 "gcc does this by default, for clang compile with -shared-libasan"
- exit 1
-fi
-
-wrap=(
- /usr/lib/polkit-1/polkitd
- /usr/libexec/polkit-1/polkitd
- agetty
- btrfs
- capsh
- chgrp
- chown
- cryptsetup
- curl
- dbus-broker-launch
- dbus-daemon
- delv
- dhcpd
- dig
- dmsetup
- dnsmasq
- findmnt
- getent
- getfacl
- id
- integritysetup
- iscsid
- kpartx
- logger
- login
- ls
- lsblk
- lvm
- mdadm
- mkfs.btrfs
- mkfs.erofs
- mkfs.ext4
- mkfs.vfat
- mkfs.xfs
- mksquashfs
- mkswap
- multipath
- multipathd
- nvme
- p11-kit
- pkill
- ps
- setfacl
- setpriv
- sshd
- stat
- su
- tar
- tgtd
- useradd
- userdel
- veritysetup
-)
-
-for bin in "${wrap[@]}"; do
- if ! command -v "$bin" >/dev/null; then
- continue
- fi
-
- if [[ "$bin" == getent ]]; then
- enable_lsan=1
- else
- enable_lsan=0
- fi
-
- target="$(command -v "$bin")"
-
- mv "$target" "$target.orig"
-
- cat >"$target" <<EOF
-#!/bin/bash
-# Preload the ASan runtime DSO, otherwise ASAn will complain
-export LD_PRELOAD="$ASAN_RT_PATH"
-# Disable LSan to speed things up, since we don't care about leak reports
-# from 'external' binaries
-export ASAN_OPTIONS=detect_leaks=$enable_lsan
-# Set argv[0] to the original binary name without the ".orig" suffix
-exec -a "\$0" -- "${target}.orig" "\$@"
-EOF
- chmod +x "$target"
-done
-
-cat >/usr/lib/systemd/systemd-asan-env <<EOF
-LD_PRELOAD=$ASAN_RT_PATH
-LSAN_OPTIONS=detect_leaks=0
-EOF