From ca5ecaae7a8f75e18ba85b29839752da76e3b7b9 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Mon, 16 Sep 2024 20:20:44 +0200 Subject: Merging upstream version 256.4. Signed-off-by: Daniel Baumann --- .github/workflows/build_test.yml | 2 +- .github/workflows/codeql.yml | 2 +- .github/workflows/coverity.yml | 2 +- .github/workflows/development_freeze.yml | 2 +- .github/workflows/differential-shellcheck.yml | 2 +- .github/workflows/gather-pr-metadata.yml | 2 +- .github/workflows/issue_labeler.yml | 2 +- .github/workflows/labeler.yml | 2 +- .github/workflows/linter.yml | 2 +- .github/workflows/mkosi.yml | 22 ++- .github/workflows/scorecards.yml | 2 +- .github/workflows/unit_tests.yml | 2 +- docs/ENVIRONMENT.md | 4 + docs/HACKING.md | 41 ++-- docs/RELEASE.md | 6 + hwdb.d/60-evdev.hwdb | 14 ++ hwdb.d/60-input-id.hwdb | 4 + hwdb.d/60-keyboard.hwdb | 61 +++++- hwdb.d/60-sensor.hwdb | 49 ++++- hwdb.d/70-av-production.hwdb | 36 ++++ hwdb.d/70-cameras.hwdb | 10 + hwdb.d/70-hardware-wallets.hwdb | 24 +++ hwdb.d/70-mouse.hwdb | 8 + hwdb.d/meson.build | 1 + hwdb.d/parse_hwdb.py | 1 + man/systemctl.xml | 6 +- man/systemd-repart.xml | 118 ++++++------ man/systemd.resource-control.xml | 3 +- man/systemd.service.xml | 4 +- man/systemd.unit.xml | 12 +- man/ukify.xml | 8 +- meson.build | 25 +-- meson.version | 2 +- meson_options.txt | 2 + mkosi.clean | 5 + mkosi.conf | 162 ++++++++++++---- mkosi.conf.d/10-arch/mkosi.conf | 54 ++++++ mkosi.conf.d/10-arch/mkosi.conf.d/10-debug.conf | 7 + mkosi.conf.d/10-arch/mkosi.prepare | 33 ++++ mkosi.conf.d/10-centos-fedora/mkosi.conf | 60 ++++++ .../10-centos-fedora/mkosi.conf.d/10-debug.conf | 17 ++ .../10-centos-fedora/mkosi.conf.d/10-selinux.conf | 13 ++ mkosi.conf.d/10-centos-fedora/mkosi.prepare | 19 ++ mkosi.conf.d/10-centos.conf | 11 -- mkosi.conf.d/10-centos/mkosi.conf | 19 ++ mkosi.conf.d/10-centos/mkosi.conf.d/10-epel.conf | 9 + .../10-centos/mkosi.conf.d/20-epel-packages.conf | 13 ++ mkosi.conf.d/10-debian-ubuntu/mkosi-pinning.pref | 3 + mkosi.conf.d/10-debian-ubuntu/mkosi.conf | 77 ++++++++ .../10-debian-ubuntu/mkosi.conf.d/10-debug.conf | 29 +++ .../10-debian-ubuntu/mkosi.conf.d/efi.conf | 16 ++ .../10-debian-ubuntu/mkosi.conf.d/network.conf | 7 + mkosi.conf.d/10-debian-ubuntu/mkosi.prepare | 16 ++ mkosi.conf.d/10-debian.conf | 7 - mkosi.conf.d/10-debian/mkosi.conf | 11 ++ mkosi.conf.d/10-debian/mkosi.conf.d/arm64.conf | 8 + mkosi.conf.d/10-debian/mkosi.conf.d/x86-64.conf | 8 + mkosi.conf.d/10-extra-search-paths.conf | 7 - mkosi.conf.d/10-fedora.conf | 7 - mkosi.conf.d/10-fedora/mkosi.conf | 25 +++ mkosi.conf.d/10-opensuse.conf | 8 - mkosi.conf.d/10-opensuse/macros.db_backend | 1 + mkosi.conf.d/10-opensuse/mkosi.conf | 79 ++++++++ .../10-opensuse/mkosi.conf.d/10-debug.conf | 21 ++ mkosi.conf.d/10-opensuse/mkosi.prepare | 23 +++ mkosi.conf.d/10-tools.conf | 8 - mkosi.conf.d/10-ubuntu.conf | 8 - mkosi.conf.d/10-ubuntu/mkosi.conf | 14 ++ mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf | 10 + mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf | 10 + .../10-ubuntu/noble-backports-ports.sources | 6 + mkosi.conf.d/10-ubuntu/noble-backports.sources | 6 + mkosi.conf.d/20-build.conf | 9 + mkosi.conf.d/20-none.conf | 11 ++ mkosi.conf.d/20-particle/mkosi.conf | 15 ++ .../mkosi.extra/usr/lib/repart.d/15-swap.conf | 6 + .../mkosi.extra/usr/lib/repart.d/20-root.conf | 6 + .../mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf | 3 + mkosi.conf.d/20-particle/mkosi.finalize | 6 + mkosi.conf.d/20-particle/mkosi.postinst.chroot | 12 ++ mkosi.conf.d/20-particle/mkosi.repart/00-esp.conf | 9 + mkosi.conf.d/20-particle/mkosi.repart/10-usr.conf | 9 + .../20-particle/mkosi.repart/11-usr-verity.conf | 7 + .../mkosi.repart/12-usr-verity-sig.conf | 6 + mkosi.conf.d/20-sanitizers.conf | 4 + mkosi.conf.d/macros.db_backend | 1 - mkosi.coredump-journal-storage.conf | 4 + mkosi.extra/etc/iscsi/iscsid.conf | 3 + mkosi.extra/etc/issue | 2 + .../lib/sysctl.d/99-apparmor-unpriv-userns.conf | 4 + .../usr/lib/systemd/journald.conf.d/ratelimit.conf | 5 + .../usr/lib/systemd/system-preset/00-mkosi.preset | 41 ++++ .../usr/lib/systemd/system-preset/99-mkosi.preset | 4 + .../systemd/system/iscsi-init.service.d/asan.conf | 7 + .../user@.service.d/99-SYSTEMD_UNIT_PATH.conf | 4 + mkosi.extra/usr/lib/tmpfiles.d/locale.conf | 1 + .../dbus-1/system.d/systemd.test.ExecStopPost.conf | 13 ++ mkosi.functions | 57 ++++++ mkosi.images/build/mkosi.conf | 10 + .../build/mkosi.conf.d/arch/mkosi.build.chroot | 95 +++++++++ mkosi.images/build/mkosi.conf.d/arch/mkosi.conf | 18 ++ mkosi.images/build/mkosi.conf.d/arch/mkosi.prepare | 18 ++ .../mkosi.conf.d/centos-fedora/mkosi.build.chroot | 116 +++++++++++ .../build/mkosi.conf.d/centos-fedora/mkosi.conf | 19 ++ .../build/mkosi.conf.d/centos-fedora/mkosi.prepare | 60 ++++++ mkosi.images/build/mkosi.conf.d/centos/mkosi.conf | 9 + .../centos/mkosi.conf.d/epel-packages.conf | 9 + .../mkosi.conf.d/debian-ubuntu/mkosi.build.chroot | 140 ++++++++++++++ .../build/mkosi.conf.d/debian-ubuntu/mkosi.conf | 20 ++ .../build/mkosi.conf.d/debian-ubuntu/mkosi.prepare | 15 ++ mkosi.images/build/mkosi.conf.d/fedora/mkosi.conf | 9 + .../build/mkosi.conf.d/opensuse/mkosi.build.chroot | 134 +++++++++++++ .../build/mkosi.conf.d/opensuse/mkosi.conf | 18 ++ .../build/mkosi.conf.d/opensuse/mkosi.prepare | 58 ++++++ mkosi.images/build/mkosi.sync | 51 +++++ mkosi.images/exitrd/mkosi.conf | 13 +- mkosi.images/exitrd/mkosi.conf.d/10-arch.conf | 3 +- .../exitrd/mkosi.conf.d/10-centos-fedora.conf | 2 +- mkosi.images/exitrd/mkosi.conf.d/10-debian.conf | 2 +- mkosi.images/exitrd/mkosi.conf.d/10-opensuse.conf | 5 + mkosi.images/exitrd/mkosi.conf.d/10-ubuntu.conf | 5 +- mkosi.images/exitrd/mkosi.conf.d/20-build.conf | 9 + mkosi.images/initrd/mkosi.conf | 16 ++ mkosi.images/initrd/mkosi.conf.d/arch.conf | 14 ++ mkosi.images/initrd/mkosi.conf.d/build.conf | 9 + .../initrd/mkosi.conf.d/centos-fedora.conf | 14 ++ .../initrd/mkosi.conf.d/debian-ubuntu.conf | 19 ++ mkosi.images/initrd/mkosi.conf.d/fedora.conf | 8 + mkosi.images/initrd/mkosi.conf.d/opensuse.conf | 17 ++ .../usr/lib/encrypted-var.repart.d/00-root.conf | 15 ++ .../usr/lib/systemd/system/encrypted-var.service | 20 ++ .../lib/systemd/system/initrd-run-mount.service | 11 ++ .../usr/lib/systemd/system/initrdcred.service | 9 + mkosi.images/minimal-0/mkosi.conf | 12 -- mkosi.images/minimal-1/mkosi.conf | 12 -- mkosi.images/minimal-base/mkosi.conf | 13 +- .../minimal-base/mkosi.conf.d/10-arch.conf | 5 +- .../mkosi.conf.d/10-centos-fedora.conf | 5 +- .../mkosi.conf.d/10-debian-ubuntu-opensuse.conf | 12 -- .../mkosi.conf.d/10-debian-ubuntu.conf | 16 ++ .../minimal-base/mkosi.conf.d/10-opensuse.conf | 6 +- .../minimal-base/mkosi.conf.d/20-build.conf | 9 + mkosi.images/system/coredump-journal-storage.conf | 4 - mkosi.images/system/initrd/mkosi.conf | 7 - .../usr/lib/encrypted-var.repart.d/00-root.conf | 15 -- .../usr/lib/systemd/system/encrypted-var.service | 20 -- .../lib/systemd/system/initrd-run-mount.service | 11 -- .../usr/lib/systemd/system/initrdcred.service | 9 - mkosi.images/system/leak-sanitizer-suppressions | 1 - mkosi.images/system/mkosi.clean | 5 - mkosi.images/system/mkosi.conf | 78 -------- .../system/mkosi.conf.d/10-arch/mkosi.build.chroot | 99 ---------- .../system/mkosi.conf.d/10-arch/mkosi.conf | 70 ------- .../10-arch/mkosi.conf.d/10-debug.conf | 7 - .../system/mkosi.conf.d/10-arch/mkosi.prepare | 29 --- .../10-centos-fedora/mkosi.build.chroot | 122 ------------ .../mkosi.conf.d/10-centos-fedora/mkosi.conf | 76 -------- .../10-centos-fedora/mkosi.conf.d/10-debug.conf | 17 -- .../10-centos-fedora/mkosi.conf.d/10-selinux.conf | 20 -- .../mkosi.conf.d/10-centos-fedora/mkosi.prepare | 65 ------- .../system/mkosi.conf.d/10-centos/mkosi.conf | 17 -- .../10-debian-ubuntu/mkosi.build.chroot | 147 -------------- .../mkosi.conf.d/10-debian-ubuntu/mkosi.conf | 92 --------- .../10-debian-ubuntu/mkosi.conf.d/10-debug.conf | 29 --- .../10-debian-ubuntu/mkosi.conf.d/efi.conf | 16 -- .../10-debian-ubuntu/mkosi.conf.d/network.conf | 7 - .../mkosi.conf.d/10-debian-ubuntu/mkosi.postinst | 29 --- .../mkosi.conf.d/10-debian-ubuntu/mkosi.prepare | 18 -- .../system/mkosi.conf.d/10-debian/mkosi.conf | 8 - .../mkosi.conf.d/10-debian/mkosi.conf.d/arm64.conf | 8 - .../10-debian/mkosi.conf.d/x86-64.conf | 8 - .../system/mkosi.conf.d/10-fedora/mkosi.conf | 19 -- .../mkosi.conf.d/10-opensuse/initrd/mkosi.postinst | 7 - .../mkosi.conf.d/10-opensuse/mkosi.build.chroot | 141 -------------- .../system/mkosi.conf.d/10-opensuse/mkosi.conf | 100 ---------- .../10-opensuse/mkosi.conf.d/10-debug.conf | 21 -- .../system/mkosi.conf.d/10-opensuse/mkosi.prepare | 64 ------- .../system/mkosi.conf.d/10-ubuntu/mkosi.conf | 10 - .../10-ubuntu/mkosi.conf.d/non-x86.conf | 10 - .../mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf | 10 - .../10-ubuntu/noble-backports-ports.sources | 6 - .../mkosi.conf.d/10-ubuntu/noble-backports.sources | 6 - mkosi.images/system/mkosi.conf.d/20-images.conf | 22 --- .../system/mkosi.conf.d/20-particle/mkosi.conf | 15 -- .../mkosi.extra/usr/lib/repart.d/15-swap.conf | 6 - .../mkosi.extra/usr/lib/repart.d/20-root.conf | 6 - .../mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf | 3 - .../system/mkosi.conf.d/20-particle/mkosi.finalize | 6 - .../mkosi.conf.d/20-particle/mkosi.postinst.chroot | 12 -- .../20-particle/mkosi.repart/00-esp.conf | 9 - .../20-particle/mkosi.repart/10-usr.conf | 9 - .../20-particle/mkosi.repart/11-usr-verity.conf | 7 - .../mkosi.repart/12-usr-verity-sig.conf | 6 - mkosi.images/system/mkosi.extra/.autorelabel | 1 - .../system/mkosi.extra/etc/iscsi/iscsid.conf | 3 - mkosi.images/system/mkosi.extra/etc/issue | 2 - .../lib/sysctl.d/99-apparmor-unpriv-userns.conf | 4 - .../usr/lib/systemd/journald.conf.d/ratelimit.conf | 5 - .../usr/lib/systemd/system-preset/00-mkosi.preset | 41 ---- .../usr/lib/systemd/system-preset/99-mkosi.preset | 4 - .../systemd/system/iscsi-init.service.d/asan.conf | 7 - .../user@.service.d/99-SYSTEMD_UNIT_PATH.conf | 4 - .../mkosi.extra/usr/lib/tmpfiles.d/locale.conf | 1 - .../dbus-1/system.d/systemd.test.ExecStopPost.conf | 13 -- mkosi.images/system/mkosi.postinst.chroot | 172 ----------------- mkosi.images/system/mkosi.repart/00-esp.conf | 9 - mkosi.images/system/mkosi.repart/10-root.conf | 8 - mkosi.images/system/mkosi.sanitizers.chroot | 127 ------------ mkosi.images/system/mkosi.sync | 48 ----- mkosi.leak-sanitizer-suppressions | 1 + mkosi.postinst.chroot | 172 +++++++++++++++++ mkosi.repart/00-esp.conf | 9 + mkosi.repart/10-root.conf | 7 + mkosi.sanitizers/mkosi.conf | 5 + mkosi.sanitizers/mkosi.conf.d/arch.conf | 9 + mkosi.sanitizers/mkosi.conf.d/debian-ubuntu.conf | 11 ++ mkosi.sanitizers/mkosi.conf.d/opensuse.conf | 10 + mkosi.sanitizers/mkosi.postinst | 131 +++++++++++++ pkg/ubuntu | 1 - po/fr.po | 2 +- rules.d/70-uaccess.rules.in | 4 + shell-completion/zsh/_networkctl | 2 +- shell-completion/zsh/_varlinkctl | 52 +++++ shell-completion/zsh/meson.build | 1 + src/basic/meson.build | 2 +- src/basic/terminal-util.c | 6 +- src/boot/efi/boot.c | 2 +- src/core/cgroup.c | 212 ++++++++++----------- src/core/cgroup.h | 16 +- src/core/core-varlink.c | 50 ++--- src/core/core-varlink.h | 2 + src/core/import-creds.c | 4 +- src/core/manager-serialize.c | 2 +- src/core/meson.build | 32 +++- src/core/path.c | 2 +- src/core/unit.c | 27 ++- src/id128/id128.c | 37 ++-- src/kernel-install/90-loaderentry.install.in | 5 + src/kernel-install/90-uki-copy.install | 6 + src/libsystemd/meson.build | 2 +- src/libsystemd/sd-device/device-enumerator.c | 34 ++-- src/login/logind-dbus.c | 5 +- src/login/logind-user.c | 26 +-- src/partition/meson.build | 2 +- src/partition/repart.c | 32 ++++ src/shared/bootspec.c | 27 ++- src/shared/exec-util.c | 1 + src/shared/gpt.c | 21 ++ src/shared/gpt.h | 1 + src/shared/install.c | 14 +- src/shared/meson.build | 2 +- src/shared/spawn-polkit-agent.c | 11 +- src/shared/varlink-internal.h | 40 ++++ src/shared/varlink.c | 40 ---- src/shutdown/meson.build | 2 +- src/systemctl/systemctl-util.c | 17 +- src/sysusers/meson.build | 2 +- src/test/meson.build | 8 +- src/test/test-install-root.c | 32 +++- src/tmpfiles/meson.build | 2 +- src/ukify/test/test_ukify.py | 49 +++-- src/vmspawn/vmspawn-util.h | 2 + test/README.testsuite | 39 +++- test/TEST-06-SELINUX/meson.build | 5 +- test/TEST-13-NSPAWN/test.sh | 2 +- test/TEST-46-HOMED/test.sh | 1 + test/TEST-55-OOMD/meson.build | 3 + test/TEST-55-OOMD/test.sh | 2 +- test/TEST-64-UDEV-STORAGE/nvme_basic.configure | 2 +- test/TEST-73-LOCALE/meson.build | 1 + test/TEST-74-AUX-UTILS/test.sh | 1 + test/integration-test-wrapper.py | 6 +- test/test-execute/exec-set-credential.service | 4 +- test/test-functions | 2 +- test/test-network/systemd-networkd-tests.py | 3 + test/units/TEST-07-PID1.exec-context.sh | 20 +- test/units/TEST-07-PID1.issue-2467.sh | 2 +- test/units/TEST-07-PID1.issue-3171.sh | 8 +- test/units/TEST-07-PID1.issue-33672.sh | 40 ++++ test/units/TEST-13-NSPAWN.nspawn.sh | 12 +- test/units/TEST-29-PORTABLE.sh | 15 +- test/units/TEST-55-OOMD-testbloat.service | 4 +- test/units/TEST-55-OOMD-testmunch.service | 2 +- test/units/TEST-55-OOMD.sh | 8 - test/units/TEST-73-LOCALE.sh | 23 +++ tools/fetch-distro.py | 126 ++++++++++++ tools/update-distro-hash.py | 89 --------- tools/vcs-tag.sh | 17 ++ units/systemd-bsod.service.in | 2 +- units/systemd-fsck@.service.in | 3 +- 290 files changed, 3529 insertions(+), 2734 deletions(-) create mode 100644 hwdb.d/70-hardware-wallets.hwdb create mode 100755 mkosi.clean create mode 100644 mkosi.conf.d/10-arch/mkosi.conf create mode 100644 mkosi.conf.d/10-arch/mkosi.conf.d/10-debug.conf create mode 100755 mkosi.conf.d/10-arch/mkosi.prepare create mode 100644 mkosi.conf.d/10-centos-fedora/mkosi.conf create mode 100644 mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-debug.conf create mode 100644 mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-selinux.conf create mode 100755 mkosi.conf.d/10-centos-fedora/mkosi.prepare delete mode 100644 mkosi.conf.d/10-centos.conf create mode 100644 mkosi.conf.d/10-centos/mkosi.conf create mode 100644 mkosi.conf.d/10-centos/mkosi.conf.d/10-epel.conf create mode 100644 mkosi.conf.d/10-centos/mkosi.conf.d/20-epel-packages.conf create mode 100644 mkosi.conf.d/10-debian-ubuntu/mkosi-pinning.pref create mode 100644 mkosi.conf.d/10-debian-ubuntu/mkosi.conf create mode 100644 mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/10-debug.conf create mode 100644 mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf create mode 100644 mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf create mode 100755 mkosi.conf.d/10-debian-ubuntu/mkosi.prepare delete mode 100644 mkosi.conf.d/10-debian.conf create mode 100644 mkosi.conf.d/10-debian/mkosi.conf create mode 100644 mkosi.conf.d/10-debian/mkosi.conf.d/arm64.conf create mode 100644 mkosi.conf.d/10-debian/mkosi.conf.d/x86-64.conf delete mode 100644 mkosi.conf.d/10-extra-search-paths.conf delete mode 100644 mkosi.conf.d/10-fedora.conf create mode 100644 mkosi.conf.d/10-fedora/mkosi.conf delete mode 100644 mkosi.conf.d/10-opensuse.conf create mode 100644 mkosi.conf.d/10-opensuse/macros.db_backend create mode 100644 mkosi.conf.d/10-opensuse/mkosi.conf create mode 100644 mkosi.conf.d/10-opensuse/mkosi.conf.d/10-debug.conf create mode 100755 mkosi.conf.d/10-opensuse/mkosi.prepare delete mode 100644 mkosi.conf.d/10-tools.conf delete mode 100644 mkosi.conf.d/10-ubuntu.conf create mode 100644 mkosi.conf.d/10-ubuntu/mkosi.conf create mode 100644 mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf create mode 100644 mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf create mode 100644 mkosi.conf.d/10-ubuntu/noble-backports-ports.sources create mode 100644 mkosi.conf.d/10-ubuntu/noble-backports.sources create mode 100644 mkosi.conf.d/20-build.conf create mode 100644 mkosi.conf.d/20-none.conf create mode 100644 mkosi.conf.d/20-particle/mkosi.conf create mode 100644 mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/15-swap.conf create mode 100644 mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/20-root.conf create mode 100644 mkosi.conf.d/20-particle/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf create mode 100755 mkosi.conf.d/20-particle/mkosi.finalize create mode 100755 mkosi.conf.d/20-particle/mkosi.postinst.chroot create mode 100644 mkosi.conf.d/20-particle/mkosi.repart/00-esp.conf create mode 100644 mkosi.conf.d/20-particle/mkosi.repart/10-usr.conf create mode 100644 mkosi.conf.d/20-particle/mkosi.repart/11-usr-verity.conf create mode 100644 mkosi.conf.d/20-particle/mkosi.repart/12-usr-verity-sig.conf delete mode 100644 mkosi.conf.d/macros.db_backend create mode 100644 mkosi.coredump-journal-storage.conf create mode 100644 mkosi.extra/etc/iscsi/iscsid.conf create mode 100644 mkosi.extra/etc/issue create mode 100644 mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf create mode 100644 mkosi.extra/usr/lib/systemd/journald.conf.d/ratelimit.conf create mode 100644 mkosi.extra/usr/lib/systemd/system-preset/00-mkosi.preset create mode 100644 mkosi.extra/usr/lib/systemd/system-preset/99-mkosi.preset create mode 100644 mkosi.extra/usr/lib/systemd/system/iscsi-init.service.d/asan.conf create mode 100644 mkosi.extra/usr/lib/systemd/system/user@.service.d/99-SYSTEMD_UNIT_PATH.conf create mode 100644 mkosi.extra/usr/lib/tmpfiles.d/locale.conf create mode 100644 mkosi.extra/usr/share/dbus-1/system.d/systemd.test.ExecStopPost.conf create mode 100644 mkosi.functions create mode 100644 mkosi.images/build/mkosi.conf create mode 100755 mkosi.images/build/mkosi.conf.d/arch/mkosi.build.chroot create mode 100644 mkosi.images/build/mkosi.conf.d/arch/mkosi.conf create mode 100755 mkosi.images/build/mkosi.conf.d/arch/mkosi.prepare create mode 100755 mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.build.chroot create mode 100644 mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.conf create mode 100755 mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.prepare create mode 100644 mkosi.images/build/mkosi.conf.d/centos/mkosi.conf create mode 100644 mkosi.images/build/mkosi.conf.d/centos/mkosi.conf.d/epel-packages.conf create mode 100755 mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot create mode 100644 mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf create mode 100755 mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.prepare create mode 100644 mkosi.images/build/mkosi.conf.d/fedora/mkosi.conf create mode 100755 mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot create mode 100644 mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf create mode 100755 mkosi.images/build/mkosi.conf.d/opensuse/mkosi.prepare create mode 100755 mkosi.images/build/mkosi.sync create mode 100644 mkosi.images/exitrd/mkosi.conf.d/20-build.conf create mode 100644 mkosi.images/initrd/mkosi.conf create mode 100644 mkosi.images/initrd/mkosi.conf.d/arch.conf create mode 100644 mkosi.images/initrd/mkosi.conf.d/build.conf create mode 100644 mkosi.images/initrd/mkosi.conf.d/centos-fedora.conf create mode 100644 mkosi.images/initrd/mkosi.conf.d/debian-ubuntu.conf create mode 100644 mkosi.images/initrd/mkosi.conf.d/fedora.conf create mode 100644 mkosi.images/initrd/mkosi.conf.d/opensuse.conf create mode 100644 mkosi.images/initrd/mkosi.extra/usr/lib/encrypted-var.repart.d/00-root.conf create mode 100644 mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/encrypted-var.service create mode 100644 mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/initrd-run-mount.service create mode 100644 mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/initrdcred.service delete mode 100644 mkosi.images/minimal-base/mkosi.conf.d/10-debian-ubuntu-opensuse.conf create mode 100644 mkosi.images/minimal-base/mkosi.conf.d/10-debian-ubuntu.conf create mode 100644 mkosi.images/minimal-base/mkosi.conf.d/20-build.conf delete mode 100644 mkosi.images/system/coredump-journal-storage.conf delete mode 100644 mkosi.images/system/initrd/mkosi.conf delete mode 100644 mkosi.images/system/initrd/mkosi.extra/usr/lib/encrypted-var.repart.d/00-root.conf delete mode 100644 mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/encrypted-var.service delete mode 100644 mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/initrd-run-mount.service delete mode 100644 mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/initrdcred.service delete mode 100644 mkosi.images/system/leak-sanitizer-suppressions delete mode 100755 mkosi.images/system/mkosi.clean delete mode 100644 mkosi.images/system/mkosi.conf delete mode 100755 mkosi.images/system/mkosi.conf.d/10-arch/mkosi.build.chroot delete mode 100644 mkosi.images/system/mkosi.conf.d/10-arch/mkosi.conf delete mode 100644 mkosi.images/system/mkosi.conf.d/10-arch/mkosi.conf.d/10-debug.conf delete mode 100755 mkosi.images/system/mkosi.conf.d/10-arch/mkosi.prepare delete mode 100755 mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.build.chroot delete mode 100644 mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf delete mode 100644 mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-debug.conf delete mode 100644 mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-selinux.conf delete mode 100755 mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.prepare delete mode 100644 mkosi.images/system/mkosi.conf.d/10-centos/mkosi.conf delete mode 100755 mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.build.chroot delete mode 100644 mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf delete mode 100644 mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/10-debug.conf delete mode 100644 mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf delete mode 100644 mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf delete mode 100755 mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.postinst delete mode 100755 mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.prepare delete mode 100644 mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf delete mode 100644 mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf.d/arm64.conf delete mode 100644 mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf.d/x86-64.conf delete mode 100644 mkosi.images/system/mkosi.conf.d/10-fedora/mkosi.conf delete mode 100755 mkosi.images/system/mkosi.conf.d/10-opensuse/initrd/mkosi.postinst delete mode 100755 mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.build.chroot delete mode 100644 mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf delete mode 100644 mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf.d/10-debug.conf delete mode 100755 mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.prepare delete mode 100644 mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf delete mode 100644 mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf delete mode 100644 mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf delete mode 100644 mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports-ports.sources delete mode 100644 mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports.sources delete mode 100644 mkosi.images/system/mkosi.conf.d/20-images.conf delete mode 100644 mkosi.images/system/mkosi.conf.d/20-particle/mkosi.conf delete mode 100644 mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/15-swap.conf delete mode 100644 mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/20-root.conf delete mode 100644 mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf delete mode 100755 mkosi.images/system/mkosi.conf.d/20-particle/mkosi.finalize delete mode 100755 mkosi.images/system/mkosi.conf.d/20-particle/mkosi.postinst.chroot delete mode 100644 mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/00-esp.conf delete mode 100644 mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/10-usr.conf delete mode 100644 mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/11-usr-verity.conf delete mode 100644 mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/12-usr-verity-sig.conf delete mode 100644 mkosi.images/system/mkosi.extra/.autorelabel delete mode 100644 mkosi.images/system/mkosi.extra/etc/iscsi/iscsid.conf delete mode 100644 mkosi.images/system/mkosi.extra/etc/issue delete mode 100644 mkosi.images/system/mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf delete mode 100644 mkosi.images/system/mkosi.extra/usr/lib/systemd/journald.conf.d/ratelimit.conf delete mode 100644 mkosi.images/system/mkosi.extra/usr/lib/systemd/system-preset/00-mkosi.preset delete mode 100644 mkosi.images/system/mkosi.extra/usr/lib/systemd/system-preset/99-mkosi.preset delete mode 100644 mkosi.images/system/mkosi.extra/usr/lib/systemd/system/iscsi-init.service.d/asan.conf delete mode 100644 mkosi.images/system/mkosi.extra/usr/lib/systemd/system/user@.service.d/99-SYSTEMD_UNIT_PATH.conf delete mode 100644 mkosi.images/system/mkosi.extra/usr/lib/tmpfiles.d/locale.conf delete mode 100644 mkosi.images/system/mkosi.extra/usr/share/dbus-1/system.d/systemd.test.ExecStopPost.conf delete mode 100755 mkosi.images/system/mkosi.postinst.chroot delete mode 100644 mkosi.images/system/mkosi.repart/00-esp.conf delete mode 100644 mkosi.images/system/mkosi.repart/10-root.conf delete mode 100755 mkosi.images/system/mkosi.sanitizers.chroot delete mode 100755 mkosi.images/system/mkosi.sync create mode 100644 mkosi.leak-sanitizer-suppressions create mode 100755 mkosi.postinst.chroot create mode 100644 mkosi.repart/00-esp.conf create mode 100644 mkosi.repart/10-root.conf create mode 100644 mkosi.sanitizers/mkosi.conf create mode 100644 mkosi.sanitizers/mkosi.conf.d/arch.conf create mode 100644 mkosi.sanitizers/mkosi.conf.d/debian-ubuntu.conf create mode 100644 mkosi.sanitizers/mkosi.conf.d/opensuse.conf create mode 100755 mkosi.sanitizers/mkosi.postinst delete mode 120000 pkg/ubuntu create mode 100644 shell-completion/zsh/_varlinkctl create mode 100755 test/units/TEST-07-PID1.issue-33672.sh create mode 100755 tools/fetch-distro.py delete mode 100755 tools/update-distro-hash.py create mode 100755 tools/vcs-tag.sh diff --git a/.github/workflows/build_test.yml b/.github/workflows/build_test.yml index 164b3a0..284a284 100644 --- a/.github/workflows/build_test.yml +++ b/.github/workflows/build_test.yml @@ -33,6 +33,6 @@ jobs: env: ${{ matrix.env }} steps: - name: Repository checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Build check run: .github/workflows/build_test.sh diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 0d284f7..4065cae 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -42,7 +42,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Initialize CodeQL uses: github/codeql-action/init@3ab4101902695724f9365a384f86c1074d94e18c diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index ad7a5d2..06f4f5f 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -22,7 +22,7 @@ jobs: COVERITY_SCAN_NOTIFICATION_EMAIL: "${{ secrets.COVERITY_SCAN_NOTIFICATION_EMAIL }}" steps: - name: Repository checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # Reuse the setup phase of the unit test script to avoid code duplication - name: Install build dependencies run: sudo -E .github/workflows/unit_tests.sh SETUP diff --git a/.github/workflows/development_freeze.yml b/.github/workflows/development_freeze.yml index c2360a3..becbbdc 100644 --- a/.github/workflows/development_freeze.yml +++ b/.github/workflows/development_freeze.yml @@ -30,7 +30,7 @@ jobs: name: Pull Request Metadata - name: Repository checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 with: fetch-depth: 0 diff --git a/.github/workflows/differential-shellcheck.yml b/.github/workflows/differential-shellcheck.yml index 244f5d5..68c2c72 100644 --- a/.github/workflows/differential-shellcheck.yml +++ b/.github/workflows/differential-shellcheck.yml @@ -23,7 +23,7 @@ jobs: steps: - name: Repository checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 with: fetch-depth: 0 diff --git a/.github/workflows/gather-pr-metadata.yml b/.github/workflows/gather-pr-metadata.yml index e4a0caf..633cca1 100644 --- a/.github/workflows/gather-pr-metadata.yml +++ b/.github/workflows/gather-pr-metadata.yml @@ -16,7 +16,7 @@ jobs: steps: - name: Repository checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - id: metadata name: Gather Pull Request Metadata diff --git a/.github/workflows/issue_labeler.yml b/.github/workflows/issue_labeler.yml index 4bedf0d..fb26d4f 100644 --- a/.github/workflows/issue_labeler.yml +++ b/.github/workflows/issue_labeler.yml @@ -20,7 +20,7 @@ jobs: template: [ bug_report.yml, feature_request.yml ] steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Parse issue form uses: stefanbuck/github-issue-parser@1e5bdee70d4b3e066a33aa0669ab782943825f94 diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml index 57e8c89..2058d22 100644 --- a/.github/workflows/labeler.yml +++ b/.github/workflows/labeler.yml @@ -30,7 +30,7 @@ jobs: steps: - name: Repository checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 if: github.event_name == 'pull_request' - name: Label PR based on policy in labeler.yml diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index cf0bc09..b66720a 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -23,7 +23,7 @@ jobs: steps: - name: Repo checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 with: # We need a full repo clone fetch-depth: 0 diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml index 1b2f77c..7070e9c 100644 --- a/.github/workflows/mkosi.yml +++ b/.github/workflows/mkosi.yml @@ -59,40 +59,53 @@ jobs: sanitizers: "" llvm: 0 cflags: "-O2 -D_FORTIFY_SOURCE=3" + relabel: no - distro: debian release: testing sanitizers: "" llvm: 0 cflags: "-Og" + relabel: no - distro: ubuntu release: noble sanitizers: "" llvm: 0 cflags: "-Og" + relabel: no - distro: fedora release: "40" sanitizers: "" llvm: 0 cflags: "-Og" + relabel: yes - distro: fedora release: rawhide sanitizers: address,undefined llvm: 1 cflags: "-Og" + relabel: yes - distro: opensuse release: tumbleweed sanitizers: "" llvm: 0 cflags: "-Og" + relabel: no - distro: centos release: "9" sanitizers: "" llvm: 0 cflags: "-Og" + relabel: yes + - distro: centos + release: "10" + sanitizers: "" + llvm: 0 + cflags: "-Og" + relabel: yes steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 - - uses: systemd/mkosi@70aa901697f12182ccaa24e2325867d275479b55 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 + - uses: systemd/mkosi@7e975957a6af65c2e70428b6cda0c163ca7e1adc # Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space # immediately, we remove the files in the background. However, we first move them to a different location @@ -140,6 +153,9 @@ jobs: SANITIZERS=${{ matrix.sanitizers }} MESON_OPTIONS=--werror LLVM=${{ matrix.llvm }} + SYSEXT=1 + + SELinuxRelabel=${{ matrix.relabel }} [Host] QemuMem=4G @@ -187,7 +203,7 @@ jobs: -Dvmspawn=enabled - name: Build image - run: meson compile -C build mkosi + run: sudo meson compile -C build mkosi - name: Run integration tests run: sudo --preserve-env meson test -C build --no-rebuild --suite integration-tests --print-errorlogs --no-stdsplit --num-processes "$(($(nproc) - 1))" diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 44ee6f1..c7bd6c4 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -29,7 +29,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: persist-credentials: false diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml index 895068c..a83b485 100644 --- a/.github/workflows/unit_tests.yml +++ b/.github/workflows/unit_tests.yml @@ -30,7 +30,7 @@ jobs: cryptolib: gcrypt steps: - name: Repository checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Install build dependencies run: | # Drop XDG_* stuff from /etc/environment, so we don't get the user diff --git a/docs/ENVIRONMENT.md b/docs/ENVIRONMENT.md index b661f18..c8b75ac 100644 --- a/docs/ENVIRONMENT.md +++ b/docs/ENVIRONMENT.md @@ -634,6 +634,10 @@ SYSTEMD_HOME_DEBUG_SUFFIX=foo \ * `$SYSTEMD_REPART_OVERRIDE_FSTYPE` – if set the value will override the file system type specified in Format= lines in partition definition files. + Additionally, the filesystem for all partitions with a specific designator can + be overridden via a correspondingly named environment variable. For example, + to override the filesystem type for all partitions with `Type=root`, you can + set `SYSTEMD_REPART_OVERRIDE_FSTYPE_ROOT=ext4`. `systemd-nspawn`, `systemd-networkd`: diff --git a/docs/HACKING.md b/docs/HACKING.md index 5b1e355..a905fc7 100644 --- a/docs/HACKING.md +++ b/docs/HACKING.md @@ -29,8 +29,7 @@ For some components (most importantly, systemd/PID 1 itself) this is not possibl In order to simplify testing for cases like this we provide a set of `mkosi` config files directly in the source tree. [mkosi](https://mkosi.systemd.io/) is a tool for building clean OS images from an upstream distribution in combination with a fresh build of the project in the local working directory. -To make use of this, please install `mkosi` v19 or newer using your distribution's package manager or from the -[GitHub repository](https://github.com/systemd/mkosi). +To make use of this, please install `mkosi` from the [GitHub repository](https://github.com/systemd/mkosi#running-mkosi-from-the-repository). `mkosi` will build an image for the host distro by default. First, run `mkosi genkey` to generate a key and certificate to be used for secure boot and verity signing. After that is done, it is sufficient to type `mkosi` in the systemd project directory to generate a disk image you can boot either in `systemd-nspawn` or in a UEFI-capable VM: @@ -45,6 +44,24 @@ or: $ mkosi qemu ``` +By default, the tools from your host system are used to build the image. To have +`mkosi` use the systemd tools from the `build/` directory, add the following to +`mkosi.local.conf`: + +```conf +[Host] +ExtraSearchPaths=build/ +``` + +And if you want `mkosi` to build a tools image and use the tools from there +instead of looking for tools on the host, add the following to +`mkosi.local.conf`: + +```conf +[Host] +ToolsTree=default +``` + Every time you rerun the `mkosi` command a fresh image is built, incorporating all current changes you made to the project tree. To avoid having to build a new image all the time when iterating on a patch, add the following to @@ -52,21 +69,21 @@ image all the time when iterating on a patch, add the following to ```conf [Host] -RuntimeBuildSources=yes +@RuntimeBuildSources=yes ``` After enabling this setting, the source and build directories will be mounted to `/work/src` and `/work/build` respectively when booting the image as a container or virtual machine. To build the latest changes and re-install after booting the -image, run `mkosi -t none` in another terminal on the host and run one of the -following commands in the container or virtual machine depending on the -distribution: +image, run one of the following commands in another terminal on your host ( +choose the right one depending on the distribution of the container or virtual +machine): ```sh -dnf upgrade --disablerepo="*" /work/build/*.rpm # CentOS/Fedora -apt install --reinstall /work/build/*.deb # Debian/Ubuntu -pacman -U /work/build/*.pkg.tar # Arch Linux -zypper install --allow-unsigned-rpm /work/build/*.rpm # OpenSUSE +mkosi -t none && mkosi ssh dnf upgrade --disablerepo="*" "/work/build/*.rpm" # CentOS/Fedora +mkosi -t none && mkosi ssh apt install --reinstall "/work/build/*.deb" # Debian/Ubuntu +mkosi -t none && mkosi ssh pacman -U "/work/build/*.pkg.tar" # Arch Linux +mkosi -t none && mkosi ssh zypper install --allow-unsigned-rpm "/work/build/*.rpm" # OpenSUSE ``` and optionally restart the daemon(s) you're working on using @@ -76,8 +93,8 @@ pid1 or `systemctl soft-reboot` to restart everything. Putting this all together, here's a series of commands for preparing a patch for systemd: ```sh -$ git clone https://github.com/systemd/mkosi.git # If mkosi v19 or newer is not packaged by your distribution -$ ln -s $PWD/mkosi/bin/mkosi /usr/local/bin/mkosi # If mkosi v19 or newer is not packaged by your distribution +$ git clone https://github.com/systemd/mkosi.git +$ ln -s $PWD/mkosi/bin/mkosi /usr/local/bin/mkosi $ git clone https://github.com/systemd/systemd.git $ cd systemd $ git checkout -b # where BRANCH is the name of the branch diff --git a/docs/RELEASE.md b/docs/RELEASE.md index 0d8c0b9..cbd43dc 100644 --- a/docs/RELEASE.md +++ b/docs/RELEASE.md @@ -27,3 +27,9 @@ SPDX-License-Identifier: LGPL-2.1-or-later 18. [FINAL] Build and upload the documentation (on the -stable branch): `ninja -C build doc-sync` 20. [FINAL] Change the Github Pages branch to the newly created branch (https://github.com/systemd/systemd/settings/pages) and set the 'Custom domain' to 'systemd.io' 21. [FINAL] Update version number in `meson.version` to the devel version of the next release (e.g. from `v256` to `v257~devel`) + +# Steps to a Successful Stable Release + +1. Backport at least the commits from all PRs tagged with `needs-stable-backport` on Github with `git cherry-pick -x`. Any other commits that fix bugs, change documentation, tests, CI or mkosi can generally be backported as well. Since 256 the stable branches live [here](https://github.com/systemd/systemd/). Stable branches for older releases are available [here](https://github.com/systemd/systemd-stable/). Check each commit to see if it makes sense to backport and check the comments on the PR to see if the author indicated that only specific commits should be backported. +2. Update the version number in `meson.version` (e.g. from `256.2` to `256.3`) (only for 256-stable or newer) +3. Tag the release: `version="v$(cat meson.version)" && git tag -s "${version}" -m "systemd-stable ${version}"` (Fill in the version manually on releases older than 256) diff --git a/hwdb.d/60-evdev.hwdb b/hwdb.d/60-evdev.hwdb index a4431e2..0b70a82 100644 --- a/hwdb.d/60-evdev.hwdb +++ b/hwdb.d/60-evdev.hwdb @@ -76,6 +76,11 @@ evdev:input:b0003v08CAp0020* EVDEV_ABS_00=::20 EVDEV_ABS_01=::20 +# AIPTEK Media Tablet Ultimate (detected as Waltop International Corp. Batteryless Tablet) +evdev:input:b0003v172Fp0503* + EVDEV_ABS_00=::160 + EVDEV_ABS_01=::160 + ######################################### # Apple ######################################### @@ -373,6 +378,8 @@ evdev:input:b0003v0430p0530* evdev:input:b0003v256Cp006F* EVDEV_ABS_00=::210 EVDEV_ABS_01=::323 + EVDEV_ABS_35=::210 + EVDEV_ABS_36=::323 ######################################### # Google @@ -616,6 +623,13 @@ evdev:name:SynPS/2 Synaptics TouchPad:dmi:*svnLENOVO:*pvrThinkPadL14Gen1** EVDEV_ABS_35=::44 EVDEV_ABS_36=::50 +# Lenovo Thinkpad E16 Gen1 (Intel) +evdev:name:SYNA801A:00 06CB:CEC6 Touchpad:dmi:*svnLENOVO:*pvrThinkPadE16Gen1** + EVDEV_ABS_00=::11 + EVDEV_ABS_01=::11 + EVDEV_ABS_35=::11 + EVDEV_ABS_36=::11 + # Lenovo T460 evdev:name:SynPS/2 Synaptics TouchPad:dmi:*svnLENOVO*:pn*ThinkPad*T460:* EVDEV_ABS_00=1266:5677:44 diff --git a/hwdb.d/60-input-id.hwdb b/hwdb.d/60-input-id.hwdb index b9d1ce0..dfb035d 100644 --- a/hwdb.d/60-input-id.hwdb +++ b/hwdb.d/60-input-id.hwdb @@ -59,6 +59,10 @@ id-input:modalias:input:b0003v28bdp0078* id-input:modalias:input:b0003v04B3p301Ee0100-e0,1,2,4* ID_INPUT_POINTINGSTICK=1 +# Logitech G915 TKL Keyboard (Bluetooth) +id-input:modalias:input:b0005v046DpB35Fe0022* + ID_INPUT_MOUSE=0 + # Logitech Ultrathin Touch Mouse id-input:modalias:input:b0005v046DpB00De0700* ID_INPUT_MOUSE=1 diff --git a/hwdb.d/60-keyboard.hwdb b/hwdb.d/60-keyboard.hwdb index f1ea0f5..15c0d4c 100644 --- a/hwdb.d/60-keyboard.hwdb +++ b/hwdb.d/60-keyboard.hwdb @@ -252,6 +252,15 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svnAlienware*:pn*:* evdev:atkbd:dmi:bvn*:bvr*:bd*:svnAlienware*:pnM17xR3:* KEYBOARD_KEY_89=ejectcd +########################################################### +# Aquarius +########################################################### + +# Aquarius Cmp NS483 +evdev:atkbd:dmi:bvn*:bvr*:bd*:svnAquarius*:pnCmp*NS483*:* + KEYBOARD_KEY_56=backslash + KEYBOARD_KEY_76=f21 # Touchpad Toggle + ########################################################### # Asus ########################################################### @@ -290,10 +299,22 @@ evdev:name:gpio-keys:phys:gpio-keys/input0:ev:100003:dmi:*:svnASUSTeKCOMPUTERINC # All four of these buttons generate a multi-scancode sequence # consisting of Left_Meta, Right_Ctrl and another scancode. evdev:atkbd:dmi:bvn*:bvr*:bd*:svnAYANEO:pnKUN:pvr* - KEYBOARD_KEY_18=f13 # LC (next to the left shoulder button) - KEYBOARD_KEY_20=f14 # RC (next to the right shoulder button) - KEYBOARD_KEY_30=f15 # Start (upper-right corner of screen) - KEYBOARD_KEY_28=f16 # Ayaneo (lower-right corner of screen) + KEYBOARD_KEY_18=f15 # LC (next to the left shoulder button) + KEYBOARD_KEY_20=f16 # RC (next to the right shoulder button) + KEYBOARD_KEY_28=f17 # Ayaneo (lower-right corner of screen) + KEYBOARD_KEY_30=f18 # Touchpad Mode (top-right corner of screen) + +# Most AYANEO devices expose an AT Translated Set 2 Keyboard +# for either three or four additional buttons not available +# on the Xbox360 controller. These buttons all generate a +# multi-scancode sequence. The specific preceding codes +# depend on the model, but the final scancode is always the +# same. +evdev:name:AT Translated Set 2 keyboard:dmi:*:svnAYANEO:* + KEYBOARD_KEY_66=f15 # LC (All models) + KEYBOARD_KEY_67=f16 # RC (All models) + KEYBOARD_KEY_68=f17 # Ayaneo (All models) + KEYBOARD_KEY_69=f18 # Touchpad Mode (Kun only) ########################################################### # BenQ @@ -453,6 +474,8 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svnDell*:pnXPS12-9Q33*:* KEYBOARD_KEY_88=wlan KEYBOARD_KEY_65=direction # Screen Rotate +# Dell Pro Rugged microphone mute +evdev:name:Dell WMI hotkeys:dmi:bvn*:bvr*:bd*:svnDell*:pnDellProRugged*:* # Dell G16 microphone mute evdev:name:Dell WMI hotkeys:dmi:bvn*:bvr*:bd*:svnDell*:pnDellG16*:* # Dell Latitude microphone mute @@ -1525,6 +1548,11 @@ evdev:name:MSI Laptop hotkeys:dmi:bvn*:bvr*:bd*:svn*:pnM[iI][cC][rR][oO]-S[tT][a KEYBOARD_KEY_0213=f22 KEYBOARD_KEY_0214=f23 +# MSI Claw +evdev:name:AT Translated Set 2 keyboard:dmi:*:svnMicro-StarInternationalCo.,Ltd.:pnClawA1M:* + KEYBOARD_KEY_b9=f15 # Right Face Button + KEYBOARD_KEY_ba=f16 # Left Face Button + ########################################## # NEC ########################################## @@ -1645,6 +1673,15 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svnOQO*Inc.*:pnOQO*Model*2*:* KEYBOARD_KEY_f2=volumedown KEYBOARD_KEY_f3=volumeup +########################################################### +# OrangePi +########################################################### + +# NEO +evdev:name:AT Translated Set 2 keyboard:dmi:*:svnOrangePi:pnNEO-01:* + KEYBOARD_KEY_66=f15 # Gamepad (front, bottom right) + KEYBOARD_KEY_67=f16 # Home (front, bottom left) + ########################################################### # Ortek ########################################################### @@ -1732,6 +1769,15 @@ evdev:input:b0003v047FpC006* evdev:atkbd:dmi:bvn*:bvr*:bd*:svn*:pn*:pvr*:rvnQuanta:rn30B7:rvr65.2B:* KEYBOARD_KEY_88=media # "quick play +########################################################### +# Redmi +########################################################### + +# RedmiBook Pro 15 2022 +evdev:atkbd:dmi:bvn*:bvr*:bd*:svnTIMI:pnRedmiBookPro152022:pvr* + KEYBOARD_KEY_9c=enter # KP_enter in the main area is wrong + KEYBOARD_KEY_dd=rightctrl # Right Ctrl is preferrable over Menu + ########################################################### # Samsung ########################################################### @@ -2184,6 +2230,13 @@ evdev:name:SIPODEV USB Composite Device:dmi:bvn*:bvr*:svnPositivoTecnologiaSA:pn KEYBOARD_KEY_7006d=prog3 # Programmable button KEYBOARD_KEY_7006e=prog4 # Programmable button +########################################################### +# Multilaser +########################################################### +# Multilaser Ultra (UL154) +evdev:name:AT Translated Set 2 keyboard:dmi:bvn*bvr*:svnMultilaserIndustrial:pn*:pvr*:rvn*:rnUL154* + KEYBOARD_KEY_76=f21 # Fn+f2 toggle touchpad + ########################################################### # Other ########################################################### diff --git a/hwdb.d/60-sensor.hwdb b/hwdb.d/60-sensor.hwdb index b45db62..21f4380 100644 --- a/hwdb.d/60-sensor.hwdb +++ b/hwdb.d/60-sensor.hwdb @@ -116,6 +116,11 @@ sensor:modalias:acpi:BOSC0200*:dmi:*svnAcer*:*pnSpinSP111-34:* # Aquarius ######################################### +# Aquarius Cmp NS483 +sensor:modalias:acpi:MXC6655*:dmi:*:svnAquarius*:pnCmp*NS483:* + ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, -1, 0; 0, 0, 1 + +sensor:modalias:acpi:MXC4005*:dmi:*:svnAquarius*:pnCmp*NS483:* # Aquarius NS483 sensor:modalias:acpi:MXC6655*:dmi:*:svnAquarius*:pnNS483:* ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1 @@ -195,13 +200,33 @@ sensor:modalias:acpi:SMO8500*:dmi:*:svnStandard:pnWCBT1011::* # AYANEO ######################################### -# AYANEO AIR +# AYANEO 2021, 2021 Pro, 2021 Pro Retro Power +sensor:modalias:acpi:10EC5280*:dmi:*:svnAYANEO:pn*2021*:* + ACCEL_MOUNT_MATRIX=-0, -1, 0; 0, 0, -1; 1, 0, 0 + +# AYANEO 2, 2S +sensor:modalias:acpi:BMI0160*:dmi:*:svnAYANEO:pnAYANEO 2*:* + ACCEL_MOUNT_MATRIX=-0, -1, 0; 0, 0, -1; 1, 0, 0 + +# AYANEO AIR, AIR Pro, and 1S sensor:modalias:acpi:BMI0160*:dmi:*:svnAYANEO:pnAIR*:* - ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1 + ACCEL_MOUNT_MATRIX=-0, -1, 0; 0, 0, -1; 1, 0, 0 + +# AYANEO AIR Plus AMD, Plus Mendocino, and Plus Intel +sensor:modalias:acpi:BOSC0200*:dmi:*:svnAYANEO:pnAIR Plus*:* + ACCEL_MOUNT_MATRIX=-0, -1, 0; 0, 0, 1; -1, 0, 0 + +# AYANEO FLIP DS, FLIP KB +sensor:modalias:acpi:BMI0160*:dmi:*:svnAYANEO:pnFLIP**:* + ACCEL_MOUNT_MATRIX=-0, -1, 0; 0, 0, -1; 1, 0, 0 + +# AYANEO GEEK, GEEK 1S +sensor:modalias:acpi:BMI0160*:dmi:*:svnAYANEO:pnAYANEO GEEK*:* + ACCEL_MOUNT_MATRIX=-0, -1, 0; 0, 0, -1; 1, 0, 0 -# AYANEO NEXT +# AYANEO NEXT, NEXT Lite, NEXT Advance, and NEXT Pro sensor:modalias:acpi:BMI0160*:dmi:*:svnAYANEO:pn*NEXT*:* - ACCEL_MOUNT_MATRIX=1, 0, 0; 0, -1, 0; 0, 0, 1 + ACCEL_MOUNT_MATRIX=-0, -1, 0; 0, 0, -1; 1, 0, 0 ######################################### # BMAX @@ -316,6 +341,10 @@ sensor:modalias:acpi:BOSC0200*:dmi:*:svnHampoo*:pnC3W6_AP108_4GB:* sensor:modalias:acpi:MXC6655*:dmi:*:svnCHUWIInnovationAndTechnology*:pnUBookX:* ACCEL_MOUNT_MATRIX=0, -1, 0; -1, 0, 0; 0, 0, -1 +# Chuwi Freebook N100 +sensor:modalias:acpi:MDA6655*:dmi:*:svnCHUWI*:pnFreeBook:* + ACCEL_MOUNT_MATRIX=0, -1, 0;1, 0, 0;0, 0, 1 + ######################################### # Connect ######################################### @@ -534,6 +563,10 @@ sensor:modalias:acpi:KIOX000A*:dmi:bvnAmericanMegatrendsInc.:bvr5.11:bd05/25/201 sensor:modalias:acpi:MXC6655*:dmi:*:svnGPD:pnG1621-02:* ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1 +# GPD WinMax2 +sensor:modalias:acpi:BMI0160*:dmi:*:svnGPD:pnG1619*:* + ACCEL_MOUNT_MATRIX=0, -1, 0; -1, 0, 0; 0, 0, 1 + ######################################### # Hometech ######################################## @@ -881,6 +914,14 @@ sensor:modalias:acpi:BOSC0200*:dmi:bvnAmericanMegatrendsInc.:bvr5.12:bd07/17/201 sensor:modalias:acpi:BMI0160*:dmi:*:rnONEXPLAYER:rvrV01:* ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, -1 +######################################### +# OrangePi +######################################### + +# OrangePi NEO +sensor:modalias:acpi:BMI0260*:dmi:*:svnOrangePi:pnNEO-01:* + ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 0, -1; 0, -1, 0 + ######################################### # Passion ######################################### diff --git a/hwdb.d/70-av-production.hwdb b/hwdb.d/70-av-production.hwdb index a701d1c..91c757b 100644 --- a/hwdb.d/70-av-production.hwdb +++ b/hwdb.d/70-av-production.hwdb @@ -18,6 +18,21 @@ usb:v2982p1967* ID_AV_PRODUCTION_CONTROLLER=1 +################ +# Contour +################ +# Shuttle Pro +usb:v0B33p0011* + ID_AV_PRODUCTION_CONTROLLER=1 + +# Shuttle Pro V2 +usb:v0B33p0030* + ID_AV_PRODUCTION_CONTROLLER=1 + +# ShuttleXpress +usb:v0B33p0020* + ID_AV_PRODUCTION_CONTROLLER=1 + ################ # Eks ################ @@ -83,6 +98,13 @@ usb:v06F8pB100* usb:v06F8pB107* ID_AV_PRODUCTION_CONTROLLER=1 +#################### +# ICOM +#################### +# RC-28 Remote Encoder +usb:v0C26p001E* + ID_AV_PRODUCTION_CONTROLLER=1 + ##################### # Native Instruments ##################### @@ -161,3 +183,17 @@ usb:v17CCp1130* # CDJ 2000 NXS 2 usb:v2B73p0005* ID_AV_PRODUCTION_CONTROLLER=1 + +#################### +# SunSDR +#################### +# E-Coder 2 Controller +usb:v1FC9p0003* + ID_AV_PRODUCTION_CONTROLLER=1 + +#################### +# Xencelabs +#################### +# Quick Keys +usb:v28BDp5202* + ID_AV_PRODUCTION_CONTROLLER=1 diff --git a/hwdb.d/70-cameras.hwdb b/hwdb.d/70-cameras.hwdb index 3a84792..0fd0baf 100644 --- a/hwdb.d/70-cameras.hwdb +++ b/hwdb.d/70-cameras.hwdb @@ -12,6 +12,16 @@ camera:usb:v*p*:name:*IR Camera*: ID_INFRARED_CAMERA=1 +########################################################### +# Hewlett-Packard +########################################################### + +# Chicony Electronics Co., Ltd HP Wide Vision FHD Camera (IR function) +camera:usb:v04f2pb634:name:*I: +# Realtek Semiconductor Corp. HP Wide Vision FHD Camera (IR function) +camera:usb:v0bdap58e6:name:*I: + ID_INFRARED_CAMERA=1 + ########################################################### # Philips ########################################################### diff --git a/hwdb.d/70-hardware-wallets.hwdb b/hwdb.d/70-hardware-wallets.hwdb new file mode 100644 index 0000000..77d8bfa --- /dev/null +++ b/hwdb.d/70-hardware-wallets.hwdb @@ -0,0 +1,24 @@ +# This file is part of systemd. +# +# Database for Hardware Wallets that should be accessible to the seat owner. +## +# To add local entries, copy this file to +# /etc/udev/hwdb.d/ +# and add your rules there. To load the new rules execute (as root): +# systemd-hwdb update +# udevadm trigger + +################ +# Trezor Hardware Wallets +################ + +# Trezor v1 +usb:v534Cp0001* + ID_HARDWARE_WALLET=1 + +# Trezor v2 +usb:v1209p53C0* + ID_HARDWARE_WALLET=1 + +usb:v1209p53C1* + ID_HARDWARE_WALLET=1 diff --git a/hwdb.d/70-mouse.hwdb b/hwdb.d/70-mouse.hwdb index 0379eec..20079d6 100644 --- a/hwdb.d/70-mouse.hwdb +++ b/hwdb.d/70-mouse.hwdb @@ -248,6 +248,14 @@ mouse:usb:v1ea7p000b:name:2.4G RF Mouse:* mouse:usb:v04d9p0499:name:*:* MOUSE_DPI=800@125 +########################################## +# Glorious +########################################## + +# Glorious Model O Minus +mouse:usb:v258ap0036:name:Glorious Model O:* + MOUSE_DPI=400@1000 800@1000 *1600@1000 3200@1000 + ########################################## # HandShoe Mouse ########################################## diff --git a/hwdb.d/meson.build b/hwdb.d/meson.build index 32e6505..b69b6d8 100644 --- a/hwdb.d/meson.build +++ b/hwdb.d/meson.build @@ -29,6 +29,7 @@ hwdb_files_test = files( '70-analyzers.hwdb', '70-av-production.hwdb', '70-cameras.hwdb', + '70-hardware-wallets.hwdb', '70-joystick.hwdb', '70-mouse.hwdb', '70-pda.hwdb', diff --git a/hwdb.d/parse_hwdb.py b/hwdb.d/parse_hwdb.py index 64382db..b2580c8 100755 --- a/hwdb.d/parse_hwdb.py +++ b/hwdb.d/parse_hwdb.py @@ -174,6 +174,7 @@ def property_grammar(): ('ID_INPUT_TOUCHSCREEN', id_input_setting), ('ID_INPUT_TRACKBALL', id_input_setting), ('ID_SIGNAL_ANALYZER', Or((Literal('0'), Literal('1')))), + ('ID_HARDWARE_WALLET', Or((Literal('0'), Literal('1')))), ('POINTINGSTICK_SENSITIVITY', INTEGER), ('ID_INPUT_JOYSTICK_INTEGRATION', Or(('internal', 'external'))), ('ID_INPUT_TOUCHPAD_INTEGRATION', Or(('internal', 'external'))), diff --git a/man/systemctl.xml b/man/systemctl.xml index 70fd91f..25b8930 100644 --- a/man/systemctl.xml +++ b/man/systemctl.xml @@ -2440,9 +2440,9 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err - When used with enable and - disable, do not implicitly reload daemon - configuration after executing the changes. + When used with enable, disable, preset, + mask, or unmask, do not implicitly reload daemon configuration + after executing the changes. diff --git a/man/systemd-repart.xml b/man/systemd-repart.xml index 8f48081..471eddd 100644 --- a/man/systemd-repart.xml +++ b/man/systemd-repart.xml @@ -35,31 +35,34 @@ Description - systemd-repart grows and adds partitions to a partition table, based on the - configuration files described in + systemd-repart creates partition tables, and adds or grows partitions, + based on the configuration files described in repart.d5. - If invoked with no arguments, it operates on the block device backing the root file system - partition of the running OS, thus growing and adding partitions of the booted OS image itself. If - --image= is used it will operate on the specified image file. When called in the - initrd it operates on the block device backing /sysroot/ instead, i.e. on the block - device the system will soon transition into. The systemd-repart.service service is - generally run at boot in the initrd, in order to augment the partition table of the OS before its - partitions are mounted. systemd-repart (mostly) operates in a purely incremental mode: - it only grows existing and adds new partitions; it does not shrink, delete or move existing partitions. - The service is intended to be run on every boot, but when it detects that the partition table already - matches the installed repart.d/*.conf configuration files, it executes no - operation. - - systemd-repart is intended to be used when deploying OS images, to automatically - adjust them to the system they are running on, during first boot. This way the deployed image can be - minimal in size and may be augmented automatically at boot when needed, taking possession of disk space - available but not yet used. Specifically the following use cases are among those covered: + systemd-repart is used when building OS images, and also + when deploying images to automatically adjust them, during boot, to the system they + are running on. This way the image can be minimal in size and may be augmented automatically at boot, + taking possession of the disk space available. + + If invoked with no arguments, systemd-repart operates on the block device + backing the root file system partition of the running OS, thus adding and growing partitions of the + booted OS itself. When called in the initrd, it operates on the block device backing + /sysroot/ instead, i.e. on the block device the system will soon transition into. If + --image= is used, it will operate on the specified device or image file. The + systemd-repart.service service is generally run at boot in the initrd, in order to + augment the partition table of the OS before its partitions are mounted. + + systemd-repart operations are mostly incremental: it grows existing partitions + or adds new ones, but does not shrink, delete, or move existing partitions. The service is intended to be + run on every boot, but when it detects that the partition table already matches the installed + repart.d/*.conf configuration files, it executes no operation. + + The following use cases are among those covered: The root partition may be grown to cover the whole available disk space. - A /home/, swap or /srv/ partition can be + A /home/, swap, or /srv/ partition can be added. A second (or third, …) root partition may be added, to cover A/B style setups where a second version of the root file system is alternatingly used for implementing update @@ -70,23 +73,22 @@ The algorithm executed by systemd-repart is roughly as follows: - The repart.d/*.conf configuration files are loaded and parsed, - and ordered by filename (without the directory prefix). For each configuration file, - drop-in files are looked for in directories with same name as the configuration file - with a suffix ".d" added. - - The partition table already existing on the block device is loaded and - parsed. - - The existing partitions in the partition table are matched up with the - repart.d/*.conf files by GPT partition type UUID. The first existing partition - of a specific type is assigned the first configuration file declaring the same type. The second - existing partition of a specific type is then assigned the second configuration file declaring the same - type, and so on. After this iterative assigning is complete any left-over existing partitions that have - no matching configuration file are considered "foreign" and left as they are. And any configuration - files for which no partition currently exists are understood as a request to create such a partition. + The repart.d/*.conf configuration files are loaded and parsed, and + ordered by filename (without the directory prefix). For each configuration file, drop-in files are + loaded from directories with same name as the configuration file with the suffix ".d" added. + + + The partition table on the block device is loaded and parsed, if present. + The existing partitions in the partition table are matched with the + repart.d/*.conf files by GPT partition type UUID. The first existing partition of + a specific type is assigned the first configuration file declaring the same type. The second existing + partition of a specific type is then assigned the second configuration file declaring the same type, + and so on. After this iterative assigning is complete, any existing partitions that have no matching + configuration file are considered "foreign" and left as they are. And any configuration files for which + no partition was matched are treated as requests to create a partition. + Partitions that shall be created are now allocated on the disk, taking the size constraints and weights declared in the configuration files into account. Free space is used within the limits set by size and padding requests. In addition, existing partitions that should be grown are @@ -124,12 +126,11 @@ partition table. - As exception to the normally strictly incremental operation, when called in a special "factory - reset" mode, systemd-repart may also be used to erase existing partitions to - reset an installation back to vendor defaults. This mode of operation is used when either the - switch is passed on the tool's command line, or the - option specified on the kernel command line, or the - FactoryReset EFI variable (vendor UUID + As an exception to the normal incremental operation, when called in a special "factory reset" mode, + systemd-repart may be used to erase existing partitions to reset an installation back + to vendor defaults. This mode of operation is used when either the + switch is passed on the tool's command line, or the option is + specified on the kernel command line, or the FactoryReset EFI variable (vendor UUID 8cf2644b-4b0b-428f-9387-6d876050dc67) is set to "yes". It alters the algorithm above slightly: between the 3rd and the 4th step above any partition marked explicitly via the FactoryReset= boolean is deleted, and the algorithm restarted, thus immediately @@ -153,11 +154,9 @@ from a common seed images prepared with this tool become reproducible and the result of the algorithm above deterministic. - The positional argument should specify the block device to operate on. Instead of a block device - node path a regular file may be specified too, in which case the command operates on it like it would if - a loopback block device node was specified with the file attached. If is - specified the specified path is created as regular file, which is useful for generating disk images from - scratch. + The positional argument should specify the block device or a regular file to operate on. If + is specified, the specified path is created as regular file, which is + useful for generating disk images from scratch. @@ -168,6 +167,7 @@ + Takes a boolean. If this switch is not specified is the implied default. Controls whether systemd-repart executes the requested re-partition operations or whether it should only show what it would do. Unless @@ -179,6 +179,7 @@ + Takes one of refuse, allow, require, force or create. Controls how to operate on block devices that are entirely empty, i.e. carry no partition table/disk label yet. If @@ -623,7 +624,7 @@ Exit status - On success, 0 is returned, a non-zero failure code otherwise. + On success, 0 is returned, and a non-zero failure code otherwise. @@ -635,15 +636,19 @@ The following creates a configuration extension DDI (confext) for an /etc/motd update: - mkdir tree tree/etc tree/etc/extension-release.d -echo "Hello World" > tree/etc/motd -cat > tree/etc/extension-release.d/extension-release.my-motd <<EOF + mkdir -p tree/etc/extension-release.d +echo "Hello World" >tree/etc/motd +cat >tree/etc/extension-release.d/extension-release.my-motd <<EOF ID=fedora VERSION_ID=38 IMAGE_ID=my-motd IMAGE_VERSION=7 EOF -systemd-repart -C --private-key=privkey.pem --certificate=cert.crt -s tree/ /var/lib/confexts/my-motd.confext.raw +systemd-repart -C \ + --private-key=privkey.pem \ + --certificate=cert.crt \ + -s tree/ \ + /var/lib/confexts/my-motd.confext.raw systemd-confext refresh The DDI generated that way may be applied to the system with @@ -656,15 +661,20 @@ systemd-confext refresh The following creates a system extension DDI (sysext) for an /usr/foo update and signs it with a hardware token via PKCS11. - mkdir tree tree/usr tree/usr/lib/extension-release.d -echo "Hello World" > tree/usr/foo -cat > tree/usr/lib/extension-release.d/extension-release.my-foo <<EOF + mkdir -p tree/usr/lib/extension-release.d +echo "Hello World" >tree/usr/foo +cat >tree/usr/lib/extension-release.d/extension-release.my-foo <<EOF ID=fedora VERSION_ID=38 IMAGE_ID=my-foo IMAGE_VERSION=7 EOF -systemd-repart --make-ddi=sysext --private-key-source=engine:pkcs11 --private-key="pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=0123456789abcdef;token=Some%20Cert" --certificate=cert.crt -s tree/ /var/lib/extensions/my-foo.sysext.raw +systemd-repart --make-ddi=sysext \ + --private-key-source=engine:pkcs11 \ + --private-key="pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=0123456789abcdef;token=Some%20Cert" \ + --certificate=cert.crt \ + -s tree/ \ + /var/lib/extensions/my-foo.sysext.raw systemd-sysext refresh The DDI generated that way may be applied to the system with diff --git a/man/systemd.resource-control.xml b/man/systemd.resource-control.xml index 3773a38..2ffc279 100644 --- a/man/systemd.resource-control.xml +++ b/man/systemd.resource-control.xml @@ -462,7 +462,8 @@ CPUWeight=20 DisableControllers=cpu / \ Specify the absolute limit on swap usage of the executed processes in this unit. Takes a swap size in bytes. If the value is suffixed with K, M, G or T, the specified swap size is - parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes (with the base 1024), respectively. If assigned the + parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes (with the base 1024), respectively. Alternatively, a + percentage value may be specified, which is taken relative to the specified swap size on the system. If assigned the special value infinity, no swap limit is applied. These settings control the memory.swap.max control group attribute. For details about this control group attribute, see Memory Interface Files. diff --git a/man/systemd.service.xml b/man/systemd.service.xml index 58439df..6667ac5 100644 --- a/man/systemd.service.xml +++ b/man/systemd.service.xml @@ -727,8 +727,8 @@ Configures a maximum time for the service to run. If this is used and the service has been active for longer than the specified time it is terminated and put into a failure state. Note that this setting does not have any effect on Type=oneshot services, as they terminate immediately after - activation completed. Pass infinity (the default) to configure no runtime - limit. + activation completed (use TimeoutStartSec= to limit their activation). + Pass infinity (the default) to configure no runtime limit. If a service of Type=notify/Type=notify-reload sends EXTEND_TIMEOUT_USEC=…, this may cause the runtime to be extended beyond diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml index 919e641..dfc9f6f 100644 --- a/man/systemd.unit.xml +++ b/man/systemd.unit.xml @@ -173,13 +173,13 @@ section. When the unit is enabled, symlinks will be created for those names, and removed when the unit is disabled. For example, reboot.target specifies Alias=ctrl-alt-del.target, so when enabled, the symlink - /etc/systemd/system/ctrl-alt-del.service pointing to the + /etc/systemd/system/ctrl-alt-del.target pointing to the reboot.target file will be created, and when CtrlAltDel is invoked, - systemd will look for the ctrl-alt-del.service and execute - reboot.service. systemd does not look at the [Install] section at - all during normal operation, so any directives in that section only have an effect through the symlinks - created during enablement. + systemd will look for ctrl-alt-del.target, follow the symlink to + reboot.target, and execute reboot.service as part of that target. + systemd does not look at the [Install] section at all during normal operation, so any + directives in that section only have an effect through the symlinks created during enablement. Along with a unit file foo.service, the directory foo.service.wants/ may exist. All unit files symlinked from such a directory are @@ -832,7 +832,7 @@ type when precisely a unit has finished starting up. Most importantly, for service units start-up is considered completed for the purpose of Before=/After= when all its configured start-up commands have been invoked and they either failed or reported start-up - success. Note that this does includes ExecStartPost= (or + success. Note that this includes ExecStartPost= (or ExecStopPost= for the shutdown case). Note that those settings are independent of and orthogonal to the requirement dependencies as diff --git a/man/ukify.xml b/man/ukify.xml index bf6f328..216b368 100644 --- a/man/ukify.xml +++ b/man/ukify.xml @@ -648,7 +648,7 @@ $ ukify -c ukify.conf build \ - Kernel command line auxiliary PE + Kernel command line PE addon ukify build \ --secureboot-private-key=sb.key \ @@ -656,7 +656,7 @@ $ ukify -c ukify.conf build \ --cmdline='debug' \ --sbat='sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md uki-addon.author,1,UKI Addon for System,uki-addon.author,1,https://www.freedesktop.org/software/systemd/man/systemd-stub.html' - --output=debug.cmdline + --output=debug.addon.efi This creates a signed PE binary that contains the additional kernel command line parameter @@ -664,9 +664,9 @@ $ ukify -c ukify.conf build \ - Decide signing policy and create certificate and keys + Decide signing policy, and create certificate and keys - First, let's create an config file that specifies what signatures shall be made: + First, let's create a configuration file that specifies what signatures shall be made: # cat >/etc/kernel/uki.conf <<EOF EOF diff --git a/meson.build b/meson.build index b1a110c..0548e2e 100644 --- a/meson.build +++ b/meson.build @@ -1102,6 +1102,9 @@ else # Check if 'clang -target bpf' is supported. clang_supports_bpf = run_command(clang, '-target', 'bpf', '--print-supported-cpus', check : false).returncode() == 0 endif + if bpf_framework.enabled() and not clang_supports_bpf + error('bpf-framework was enabled but clang does not support bpf') + endif elif bpf_compiler == 'gcc' bpf_gcc = find_program('bpf-gcc', 'bpf-none-gcc', @@ -1992,14 +1995,11 @@ endif conf.set_quoted('VERSION_TAG', version_tag) vcs_tag = get_option('vcs-tag') -command = ['sh', '-c', - vcs_tag and fs.exists(project_source_root / '.git') ? - 'echo "-g$(git -C . describe --abbrev=7 --match="" --always --dirty=^)"' : ':'] version_h = vcs_tag( input : 'src/version/version.h.in', output : 'version.h', fallback : '', - command : command, + command : [vcs_tag ? 'tools/vcs-tag.sh' : 'true', get_option('mode')], ) shared_lib_tag = get_option('shared-lib-tag') @@ -2089,7 +2089,7 @@ libsystemd = shared_library( # Make sure our library is never deleted from memory, so that our open logging fds don't leak on dlopen/dlclose cycles. '-z', 'nodelete', '-Wl,--version-script=' + libsystemd_sym_path], - link_with : [libbasic], + link_with : [libbasic_static], link_whole : [libsystemd_static], dependencies : [librt, threads, @@ -2254,7 +2254,7 @@ nss_template = { 'link_with' : [ libsystemd_static, libshared_static, - libbasic, + libbasic_static, ], 'dependencies' : [ librt, @@ -2660,12 +2660,6 @@ foreach executable : ['systemd-journal-remote', 'systemd-measure'] endforeach if mkosi.found() - genkey = custom_target('genkey', - output : ['mkosi.key', 'mkosi.crt'], - command : [mkosi, '--force', 'genkey'], - depends : mkosi_depends, - ) - custom_target('mkosi', build_always_stale : true, build_by_default: false, @@ -2677,14 +2671,11 @@ if mkosi.found() '--output-dir', meson.current_build_dir() / 'mkosi.output', '--cache-dir', meson.current_build_dir() / 'mkosi.cache', '--build-dir', meson.current_build_dir() / 'mkosi.builddir', - '--secure-boot-key', meson.current_build_dir() / 'mkosi.key', - '--secure-boot-certificate', meson.current_build_dir() / 'mkosi.crt', - '--verity-key', meson.current_build_dir() / 'mkosi.key', - '--verity-certificate', meson.current_build_dir() / 'mkosi.crt', + '--extra-search-path', meson.current_build_dir(), '--force', 'build', ], - depends : mkosi_depends + [genkey], + depends : mkosi_depends, ) endif diff --git a/meson.version b/meson.version index 47da505..86facc5 100644 --- a/meson.version +++ b/meson.version @@ -1 +1 @@ -256.2 +256.4 diff --git a/meson_options.txt b/meson_options.txt index 667340c..909e2d5 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -21,6 +21,8 @@ option('rootprefix', type : 'string', deprecated: true, description : 'This option is deprecated and will be removed in a future release') option('link-udev-shared', type : 'boolean', description : 'link systemd-udevd and its helpers to libsystemd-shared.so') +option('link-executor-shared', type : 'boolean', + description : 'link systemd-executor to libsystemd-shared.so and libsystemd-core.so') option('link-systemctl-shared', type: 'boolean', description : 'link systemctl against libsystemd-shared.so') option('link-networkd-shared', type: 'boolean', diff --git a/mkosi.clean b/mkosi.clean new file mode 100755 index 0000000..bcd1ae4 --- /dev/null +++ b/mkosi.clean @@ -0,0 +1,5 @@ +#!/bin/bash +set -e +set -o nounset + +rm -f "$OUTPUTDIR"/*.{rpm,deb,pkg.tar} "$OUTPUTDIR"/systemd.raw diff --git a/mkosi.conf b/mkosi.conf index 38d6e83..527d08a 100644 --- a/mkosi.conf +++ b/mkosi.conf @@ -1,55 +1,145 @@ # SPDX-License-Identifier: LGPL-2.1-or-later [Config] -@Images=system MinimumVersion=23~devel +Dependencies= + exitrd + initrd + minimal-base + minimal-0 + minimal-1 + +PassEnvironment= + NO_BUILD + NO_SYNC + WIPE + SANITIZERS + CFLAGS + LDFLAGS + LLVM + MESON_VERBOSE + MESON_OPTIONS + SYSEXT + WITH_DEBUG [Output] -@OutputDirectory=build/mkosi.output -@BuildDirectory=build/mkosi.builddir -@CacheDirectory=build/mkosi.cache +RepartDirectories=mkosi.repart +OutputDirectory=build/mkosi.output +BuildDirectory=build/mkosi.builddir +CacheDirectory=build/mkosi.cache [Content] -@SELinuxRelabel=no BuildSourcesEphemeral=yes +Autologin=yes + +ExtraTrees= + mkosi.crt:/usr/lib/verity.d/mkosi.crt # sysext verification key + mkosi.leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions + mkosi.coredump-journal-storage.conf:/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf + %O/minimal-0.root-%a.raw:/usr/share/minimal_0.raw + %O/minimal-0.root-%a-verity.raw:/usr/share/minimal_0.verity + %O/minimal-0.root-%a-verity-sig.raw:/usr/share/minimal_0.verity.sig + %O/minimal-1.root-%a.raw:/usr/share/minimal_1.raw + %O/minimal-1.root-%a-verity.raw:/usr/share/minimal_1.verity + %O/minimal-1.root-%a-verity-sig.raw:/usr/share/minimal_1.verity.sig + %O/minimal-base:/usr/share/TEST-13-NSPAWN-container-template + %O/exitrd:/exitrd + +Initrds=%O/initrd + +Environment= + SYSTEMD_REPART_OVERRIDE_FSTYPE_ROOT=%F + +# Disable relabeling by default as it only matters for TEST-06-SELINUX, takes a non-trivial amount of time +# and results in lots of errors when building images as a regular user. +SELinuxRelabel=no # Adding more kernel command line arguments is likely to hit the kernel command line limit (512 bytes) in # various scenarios. Consider adding support for a credential instead if possible and using that. -KernelCommandLine=systemd.crash_shell - systemd.log_level=debug,console:info - systemd.log_ratelimit_kmsg=0 - # Disable the kernel's ratelimiting on userspace logging to kmsg. - printk.devkmsg=on - # Make sure /sysroot is mounted rw in the initrd. - rw - # Lower the default device timeout so we get a shell earlier if the root device does - # not appear for some reason. - systemd.default_device_timeout_sec=30 - # Make sure no LSMs are enabled by default. - apparmor=0 - selinux=0 - enforcing=0 - systemd.early_core_pattern=/core - systemd.firstboot=no - raid=noautodetect - oops=panic - panic=-1 - softlockup_panic=1 - panic_on_warn=1 - # These don't ship proper units with [Install] directives so we have to mask them instead. - systemd.mask=isc-dhcp-server.service - systemd.mask=mdmonitor.service +KernelCommandLine= + systemd.crash_shell + systemd.log_level=debug,console:info + systemd.log_ratelimit_kmsg=0 + # Disable the kernel's ratelimiting on userspace logging to kmsg. + printk.devkmsg=on + # Make sure /sysroot is mounted rw in the initrd. + rw + # Lower the default device timeout so we get a shell earlier if the root device does + # not appear for some reason. + systemd.default_device_timeout_sec=90 + # Make sure no LSMs are enabled by default. + selinux=0 + systemd.early_core_pattern=/core + systemd.firstboot=no + raid=noautodetect + oops=panic + panic=-1 + softlockup_panic=1 + panic_on_warn=1 + # These don't ship proper units with [Install] directives so we have to mask them instead. + systemd.mask=isc-dhcp-server.service + systemd.mask=mdmonitor.service + psi=1 KernelModulesInitrdExclude=.* KernelModulesInitrdInclude=default +Packages= + acl + attr + bash-completion + binutils + bpftrace + coreutils + curl + diffutils + dnsmasq + dosfstools + e2fsprogs + findutils + gdb + grep + gzip + jq + kbd + kexec-tools + kmod + less + lvm2 + man + mdadm + mtools + nano + nftables + nvme-cli + opensc + openssl + p11-kit + pciutils + python3 + radvd + rsync + sed + socat + strace + tar + tmux + tree + util-linux + valgrind + which + wireguard-tools + xfsprogs + zsh + zstd + [Host] Credentials=journal.storage=persistent -@Incremental=yes -@RuntimeBuildSources=yes -@RuntimeScratch=no -@QemuSmp=2 -@QemuSwtpm=yes -@QemuVsock=yes -@QemuKvm=yes +Incremental=yes +RuntimeBuildSources=yes +RuntimeScratch=no +QemuSmp=2 +QemuSwtpm=yes +QemuVsock=yes +QemuKvm=yes ToolsTreePackages=virtiofsd diff --git a/mkosi.conf.d/10-arch/mkosi.conf b/mkosi.conf.d/10-arch/mkosi.conf new file mode 100644 index 0000000..5a4015e --- /dev/null +++ b/mkosi.conf.d/10-arch/mkosi.conf @@ -0,0 +1,54 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=arch + +[Content] +VolatilePackages= + systemd + systemd-libs + systemd-resolvconf + systemd-sysvcompat + systemd-tests + systemd-ukify + +Packages= + bind + bpf + btrfs-progs + compsize + cryptsetup + dbus-broker + dbus-broker-units + dhcp + erofs-utils + f2fs-tools + git + gnutls + iproute + iputils + knot + linux + man-db + multipath-tools + nmap + open-iscsi + openssh + openssl + pacman + perf + polkit + procps-ng + psmisc + python-pexpect + python-psutil + qrencode + quota-tools + sbsigntools + shadow + softhsm + squashfs-tools + stress-ng + tgt + tpm2-tools + vim diff --git a/mkosi.conf.d/10-arch/mkosi.conf.d/10-debug.conf b/mkosi.conf.d/10-arch/mkosi.conf.d/10-debug.conf new file mode 100644 index 0000000..4a6d2e9 --- /dev/null +++ b/mkosi.conf.d/10-arch/mkosi.conf.d/10-debug.conf @@ -0,0 +1,7 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Environment=WITH_DEBUG=1 + +[Content] +VolatilePackages=systemd-debug diff --git a/mkosi.conf.d/10-arch/mkosi.prepare b/mkosi.conf.d/10-arch/mkosi.prepare new file mode 100755 index 0000000..aac7b3d --- /dev/null +++ b/mkosi.conf.d/10-arch/mkosi.prepare @@ -0,0 +1,33 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +if [[ "$1" == "build" ]]; then + exit 0 +fi + +DEPS="" + +while read -r PACKAGE; do + DEPS="$DEPS $( + pacman --sync --info "$PACKAGE" | + sed '1,/^$/d' | # Only keep result from first repository (delete everything after first blank line). + sed --quiet 's/^Depends On *: //p' # Filter out everything except "Depends On:" line and fetch dependencies from it. + )" + + DEPS="$DEPS $( + pacman --sync --info "$PACKAGE" | + sed '1,/^$/d' | # Only keep result from first repository (delete everything after first blank line). + sed --quiet '/Optional Deps/,/Conflicts With/{/Conflicts With/!p}' | # Get every line from "Optional Deps" (inclusive) until "Conflicts With" (exclusive). + sed 's/Optional Deps *: //' | # Drop "Optional Deps :" from first line. + sed 's/ *\(.*\):.*/\1/' | # Drop descriptions (everything after first colon for all lines). + tr '\n' ' ' # Transform newlines to whitespace. + )" +done < <(jq --raw-output .VolatilePackages[] <"$MKOSI_CONFIG") + +echo "$DEPS" | + xargs | # Remove extra whitespace. + tr ' ' '\n' | + grep --invert-match --regexp systemd --regexp None | # systemd packages will be installed later on. + sort --unique | + xargs --delimiter '\n' --no-run-if-empty mkosi-install diff --git a/mkosi.conf.d/10-centos-fedora/mkosi.conf b/mkosi.conf.d/10-centos-fedora/mkosi.conf new file mode 100644 index 0000000..5b1865a --- /dev/null +++ b/mkosi.conf.d/10-centos-fedora/mkosi.conf @@ -0,0 +1,60 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=|centos +Distribution=|fedora + +[Content] +VolatilePackages= + systemd + systemd-boot + systemd-container + systemd-devel + systemd-journal-remote + systemd-libs + systemd-networkd + systemd-networkd-defaults + systemd-oomd-defaults + systemd-pam + systemd-resolved + systemd-tests + systemd-udev + systemd-ukify + +Packages= + bind-utils + bpftool + cryptsetup + device-mapper-event + device-mapper-multipath + dnf + git-core + glibc-langpack-de + glibc-langpack-en + gnutls-utils + integritysetup + iproute + iproute-tc + iputils + iscsi-initiator-utils + kernel-core + libcap-ng-utils + man-db + nmap-ncat + openssh-clients + openssh-server + pam + passwd + perf + policycoreutils + polkit + procps-ng + python3-pexpect + quota + rpm + softhsm + squashfs-tools + stress-ng + tpm2-tools + veritysetup + vim-common diff --git a/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-debug.conf b/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-debug.conf new file mode 100644 index 0000000..0c3707b --- /dev/null +++ b/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-debug.conf @@ -0,0 +1,17 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Environment=WITH_DEBUG=1 + +[Content] +VolatilePackages= + systemd-container-debuginfo + systemd-debuginfo + systemd-debugsource + systemd-journal-remote-debuginfo + systemd-libs-debuginfo + systemd-networkd-debuginfo + systemd-pam-debuginfo + systemd-resolved-debuginfo + systemd-tests-debuginfo + systemd-udev-debuginfo diff --git a/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-selinux.conf b/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-selinux.conf new file mode 100644 index 0000000..0a388f3 --- /dev/null +++ b/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-selinux.conf @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +# libselinux does not work in the slightest with /usr-only images so don't install the packages if we're +# building a /usr-only image. + +[Match] +Profile=!particle + +[Content] +Packages= + selinux-policy + selinux-policy-targeted + setools-console diff --git a/mkosi.conf.d/10-centos-fedora/mkosi.prepare b/mkosi.conf.d/10-centos-fedora/mkosi.prepare new file mode 100755 index 0000000..2a890bc --- /dev/null +++ b/mkosi.conf.d/10-centos-fedora/mkosi.prepare @@ -0,0 +1,19 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +if [[ "$1" == "build" ]]; then + exit 0 +fi + +mapfile -t PACKAGES < <(jq --raw-output .VolatilePackages[] <"$MKOSI_CONFIG") + +for DEPS in --requires --recommends --suggests; do + # We need --latest-limit=1 to only consider the newest version of the packages. + # --latest-limit=1 is per . so we have to pass --arch= explicitly to make sure i686 packages + # are not considerd on x86-64. + dnf repoquery --arch="$DISTRIBUTION_ARCHITECTURE" --latest-limit=1 --quiet "$DEPS" "${PACKAGES[@]}" | + grep --invert-match --regexp systemd --regexp udev --regexp /bin/sh --regexp grubby --regexp sdubby --regexp libcurl-minimal | + sort --unique | + xargs --delimiter '\n' --no-run-if-empty mkosi-install +done diff --git a/mkosi.conf.d/10-centos.conf b/mkosi.conf.d/10-centos.conf deleted file mode 100644 index ee8d0e5..0000000 --- a/mkosi.conf.d/10-centos.conf +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=centos - -[Distribution] -@Release=9 -Repositories=epel - epel-next - hyperscale-packages-main - hyperscale-packages-experimental diff --git a/mkosi.conf.d/10-centos/mkosi.conf b/mkosi.conf.d/10-centos/mkosi.conf new file mode 100644 index 0000000..d97b081 --- /dev/null +++ b/mkosi.conf.d/10-centos/mkosi.conf @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=centos + +[Distribution] +Release=10 + +[Content] +Environment= + # We'd prefer to use XFS here but it fails to mount on duplicate filesystem UUIDs which + # happens when running tests in parallel so we use ext4 instead. + SYSTEMD_REPART_OVERRIDE_FSTYPE_ROOT=ext4 + # The kernel versions in CentOS Stream 9 doesn't support orphan_file, but later versions of + # mkfs.ext4 enabled it by default, so we disable it explicitly. + SYSTEMD_REPART_MKFS_OPTIONS_EXT4="-O ^orphan_file" + +Packages= + kernel-modules # For squashfs diff --git a/mkosi.conf.d/10-centos/mkosi.conf.d/10-epel.conf b/mkosi.conf.d/10-centos/mkosi.conf.d/10-epel.conf new file mode 100644 index 0000000..9e92a4f --- /dev/null +++ b/mkosi.conf.d/10-centos/mkosi.conf.d/10-epel.conf @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Release=9 + +[Distribution] +Repositories= + epel + epel-next diff --git a/mkosi.conf.d/10-centos/mkosi.conf.d/20-epel-packages.conf b/mkosi.conf.d/10-centos/mkosi.conf.d/20-epel-packages.conf new file mode 100644 index 0000000..11dc969 --- /dev/null +++ b/mkosi.conf.d/10-centos/mkosi.conf.d/20-epel-packages.conf @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Repositories=epel + +[Content] +Packages= + dfuzzer + dhcp-server + erofs-utils + knot + qrencode + sbsigntools diff --git a/mkosi.conf.d/10-debian-ubuntu/mkosi-pinning.pref b/mkosi.conf.d/10-debian-ubuntu/mkosi-pinning.pref new file mode 100644 index 0000000..5649b70 --- /dev/null +++ b/mkosi.conf.d/10-debian-ubuntu/mkosi-pinning.pref @@ -0,0 +1,3 @@ +Package: * +Pin: release l=mkosi +Pin-Priority: 1100 diff --git a/mkosi.conf.d/10-debian-ubuntu/mkosi.conf b/mkosi.conf.d/10-debian-ubuntu/mkosi.conf new file mode 100644 index 0000000..43e0781 --- /dev/null +++ b/mkosi.conf.d/10-debian-ubuntu/mkosi.conf @@ -0,0 +1,77 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=|debian +Distribution=|ubuntu + +[Distribution] +PackageManagerTrees=mkosi-pinning.pref:/etc/apt/preferences.d/mkosi-pinning.pref + +[Content] +VolatilePackages= + libnss-myhostname + libnss-mymachines + libnss-resolve + libnss-systemd + libpam-systemd + libsystemd-dev + libsystemd-shared + libsystemd0 + libudev-dev + systemd + systemd-container + systemd-coredump + systemd-cryptsetup + systemd-dev + systemd-homed + systemd-journal-remote + systemd-oomd + systemd-repart + systemd-resolved + systemd-sysv + systemd-tests + systemd-timesyncd + systemd-ukify + systemd-userdbd + udev + +Packages= + btrfs-progs + apt + bind9-dnsutils + cryptsetup-bin + dbus-broker + dbus-user-session + dmsetup + erofs-utils + f2fs-tools + fdisk + git-core + gnutls-bin + iproute2 + iputils-ping + isc-dhcp-server + knot + libcap-ng-utils + locales + man-db + multipath-tools + ncat + open-iscsi + openssh-client + openssh-server + passwd + polkitd + procps + psmisc + python3-pexpect + python3-psutil + qrencode + quota + softhsm2 + squashfs-tools + stress-ng + tgt + tpm2-tools + tzdata + xxd diff --git a/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/10-debug.conf b/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/10-debug.conf new file mode 100644 index 0000000..2bb6164 --- /dev/null +++ b/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/10-debug.conf @@ -0,0 +1,29 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Environment=WITH_DEBUG=1 + +[Content] +VolatilePackages= + libnss-myhostname-dbgsym + libnss-mymachines-dbgsym + libnss-resolve-dbgsym + libnss-systemd-dbgsym + libpam-systemd-dbgsym + libsystemd-shared-dbgsym + libsystemd0-dbgsym + libudev1-dbgsym + systemd-boot-dbgsym + systemd-container-dbgsym + systemd-coredump-dbgsym + systemd-cryptsetup-dbgsym + systemd-dbgsym + systemd-homed-dbgsym + systemd-journal-remote-dbgsym + systemd-oomd-dbgsym + systemd-repart-dbgsym + systemd-resolved-dbgsym + systemd-tests-dbgsym + systemd-timesyncd-dbgsym + systemd-userdbd-dbgsym + udev-dbgsym diff --git a/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf b/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf new file mode 100644 index 0000000..781670a --- /dev/null +++ b/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# sbsigntool exists only on UEFI architectures + +[Match] +Architecture=|x86 +Architecture=|x86-64 +Architecture=|arm +Architecture=|arm64 +Architecture=|riscv32 +Architecture=|riscv64 + +[Content] +Packages= + sbsigntool + systemd-boot + systemd-boot-efi diff --git a/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf b/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf new file mode 100644 index 0000000..4fb4f46 --- /dev/null +++ b/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf @@ -0,0 +1,7 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Environment=NO_BUILD=1 + +[Content] +WithNetwork=yes diff --git a/mkosi.conf.d/10-debian-ubuntu/mkosi.prepare b/mkosi.conf.d/10-debian-ubuntu/mkosi.prepare new file mode 100755 index 0000000..acab113 --- /dev/null +++ b/mkosi.conf.d/10-debian-ubuntu/mkosi.prepare @@ -0,0 +1,16 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +if [[ "$1" == "build" ]]; then + exit 0 +fi + +mapfile -t PACKAGES < <(jq --raw-output .VolatilePackages[] <"$MKOSI_CONFIG") + +apt-cache depends "${PACKAGES[@]}" | + grep --invert-match --regexp "<" --regexp "|" --regexp systemd | # Remove e.g. and |dbus-broker like results + grep --extended-regexp "Depends|Suggests|Recommends" | + sed --quiet 's/.*: //p' | # Get every line with ": " in it and strip it at the same time. + sort --unique | + xargs --delimiter '\n' --no-run-if-empty mkosi-install diff --git a/mkosi.conf.d/10-debian.conf b/mkosi.conf.d/10-debian.conf deleted file mode 100644 index 8674e88..0000000 --- a/mkosi.conf.d/10-debian.conf +++ /dev/null @@ -1,7 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=debian - -[Distribution] -@Release=testing diff --git a/mkosi.conf.d/10-debian/mkosi.conf b/mkosi.conf.d/10-debian/mkosi.conf new file mode 100644 index 0000000..c960a1b --- /dev/null +++ b/mkosi.conf.d/10-debian/mkosi.conf @@ -0,0 +1,11 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=debian + +[Distribution] +Release=testing + +[Content] +Packages= + linux-perf diff --git a/mkosi.conf.d/10-debian/mkosi.conf.d/arm64.conf b/mkosi.conf.d/10-debian/mkosi.conf.d/arm64.conf new file mode 100644 index 0000000..af923fa --- /dev/null +++ b/mkosi.conf.d/10-debian/mkosi.conf.d/arm64.conf @@ -0,0 +1,8 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Architecture=arm64 + +[Content] +Packages= + linux-image-cloud-arm64 diff --git a/mkosi.conf.d/10-debian/mkosi.conf.d/x86-64.conf b/mkosi.conf.d/10-debian/mkosi.conf.d/x86-64.conf new file mode 100644 index 0000000..615de52 --- /dev/null +++ b/mkosi.conf.d/10-debian/mkosi.conf.d/x86-64.conf @@ -0,0 +1,8 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Architecture=x86-64 + +[Content] +Packages= + linux-image-cloud-amd64 diff --git a/mkosi.conf.d/10-extra-search-paths.conf b/mkosi.conf.d/10-extra-search-paths.conf deleted file mode 100644 index bd3cdb1..0000000 --- a/mkosi.conf.d/10-extra-search-paths.conf +++ /dev/null @@ -1,7 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -PathExists=build/ - -[Host] -ExtraSearchPaths=build/ diff --git a/mkosi.conf.d/10-fedora.conf b/mkosi.conf.d/10-fedora.conf deleted file mode 100644 index 71948d8..0000000 --- a/mkosi.conf.d/10-fedora.conf +++ /dev/null @@ -1,7 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=fedora - -[Distribution] -@Release=rawhide diff --git a/mkosi.conf.d/10-fedora/mkosi.conf b/mkosi.conf.d/10-fedora/mkosi.conf new file mode 100644 index 0000000..adb7779 --- /dev/null +++ b/mkosi.conf.d/10-fedora/mkosi.conf @@ -0,0 +1,25 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=fedora + +[Distribution] +Release=rawhide + +[Content] +Packages= + btrfs-progs + compsize + dfuzzer + dhcp-server + dnf5 + erofs-utils + f2fs-tools + # Required for systemd-networkd-tests.py (netdevsim and sch_xxx modules) + kernel-modules-extra + kernel-modules-internal + knot + qrencode + rpmautospec + sbsigntools + scsi-target-utils diff --git a/mkosi.conf.d/10-opensuse.conf b/mkosi.conf.d/10-opensuse.conf deleted file mode 100644 index f976fc8..0000000 --- a/mkosi.conf.d/10-opensuse.conf +++ /dev/null @@ -1,8 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=opensuse - -[Distribution] -@Release=tumbleweed -PackageManagerTrees=mkosi.conf.d/macros.db_backend:/etc/rpm/macros.db_backend diff --git a/mkosi.conf.d/10-opensuse/macros.db_backend b/mkosi.conf.d/10-opensuse/macros.db_backend new file mode 100644 index 0000000..4a58f06 --- /dev/null +++ b/mkosi.conf.d/10-opensuse/macros.db_backend @@ -0,0 +1 @@ +%_db_backend ndb diff --git a/mkosi.conf.d/10-opensuse/mkosi.conf b/mkosi.conf.d/10-opensuse/mkosi.conf new file mode 100644 index 0000000..e741aa4 --- /dev/null +++ b/mkosi.conf.d/10-opensuse/mkosi.conf @@ -0,0 +1,79 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=opensuse + +[Distribution] +Release=tumbleweed +Repositories=non-oss +PackageManagerTrees=macros.db_backend:/etc/rpm/macros.db_backend + +[Content] +VolatilePackages= + libsystemd0 + libudev1 + systemd + systemd-boot + systemd-container + systemd-devel + systemd-doc + systemd-experimental + systemd-homed + systemd-lang + systemd-network + systemd-portable + systemd-sysvcompat + systemd-testsuite + udev + +# We install gawk, gzip, grep, xz, sed, rsync and docbook-xsl-stylesheets here explicitly so that the busybox +# versions don't get installed instead. +Packages= + bind-utils + bpftool + btrfs-progs + cryptsetup + device-mapper + dhcp-server + docbook-xsl-stylesheets + erofs-utils + f2fs-tools + gawk + git-core + glibc-locale-base + gnutls + grep + gzip + iputils + kernel-default + kmod + knot + multipath-tools + ncat + open-iscsi + openssh-clients + openssh-server + pam + patterns-base-minimal_base + perf + procps4 + psmisc + python3-pefile + python3-pexpect + python3-psutil + qrencode + quota + rsync + sbsigntools + sed + shadow + softhsm + squashfs + stress-ng + tgt + timezone + tpm2.0-tools + veritysetup + vim + xz + zypper diff --git a/mkosi.conf.d/10-opensuse/mkosi.conf.d/10-debug.conf b/mkosi.conf.d/10-opensuse/mkosi.conf.d/10-debug.conf new file mode 100644 index 0000000..6c57d04 --- /dev/null +++ b/mkosi.conf.d/10-opensuse/mkosi.conf.d/10-debug.conf @@ -0,0 +1,21 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Environment=WITH_DEBUG=1 + +[Content] +VolatilePackages= + libsystemd0-debuginfo + libudev1-debuginfo + systemd-boot-debuginfo + systemd-container-debuginfo + systemd-debuginfo + systemd-debugsource + systemd-experimental-debuginfo + systemd-homed-debuginfo + systemd-journal-remote-debuginfo + systemd-network-debuginfo + systemd-portable-debuginfo + systemd-sysvcompat-debuginfo + systemd-testsuite-debuginfo + udev-debuginfo diff --git a/mkosi.conf.d/10-opensuse/mkosi.prepare b/mkosi.conf.d/10-opensuse/mkosi.prepare new file mode 100755 index 0000000..6ee0af2 --- /dev/null +++ b/mkosi.conf.d/10-opensuse/mkosi.prepare @@ -0,0 +1,23 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +if [[ "$1" == "build" ]]; then + exit 0 +fi + +DEPS="" + +while read -r PACKAGE; do + # zypper's output is not machine readable so we make do with sed instead. + DEPS="$DEPS\n$( + zypper info --requires --recommends --suggests "$PACKAGE" | + sed '/Requires/,$!d' | # Remove everything before Requires line + sed --quiet 's/^ //p' # All indented lines have dependencies + )" +done < <(jq --raw-output .VolatilePackages[] <"$MKOSI_CONFIG") + +echo -e "$DEPS" | + grep --invert-match --regexp systemd --regexp udev --regexp qemu | + sort --unique | + xargs --delimiter '\n' --no-run-if-empty mkosi-install diff --git a/mkosi.conf.d/10-tools.conf b/mkosi.conf.d/10-tools.conf deleted file mode 100644 index 9d276d4..0000000 --- a/mkosi.conf.d/10-tools.conf +++ /dev/null @@ -1,8 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -PathExists=!build/ -SystemdVersion=<254 - -[Host] -@ToolsTree=default diff --git a/mkosi.conf.d/10-ubuntu.conf b/mkosi.conf.d/10-ubuntu.conf deleted file mode 100644 index da2d318..0000000 --- a/mkosi.conf.d/10-ubuntu.conf +++ /dev/null @@ -1,8 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=ubuntu - -[Distribution] -@Release=noble -Repositories=universe diff --git a/mkosi.conf.d/10-ubuntu/mkosi.conf b/mkosi.conf.d/10-ubuntu/mkosi.conf new file mode 100644 index 0000000..1ffa3ab --- /dev/null +++ b/mkosi.conf.d/10-ubuntu/mkosi.conf @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=ubuntu + +[Distribution] +Release=noble +Repositories=universe + +[Content] +Packages= + linux-image-generic + linux-tools-common + linux-tools-virtual diff --git a/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf b/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf new file mode 100644 index 0000000..582f038 --- /dev/null +++ b/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf @@ -0,0 +1,10 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# The ports Ubuntu archive is for non i386/amd64 repositories + +[Match] +Architecture=!x86-64 +Architecture=!x86 +Release=noble + +[Distribution] +PackageManagerTrees=noble-backports-ports.sources:/etc/apt/sources.list.d/noble-backports-ports.sources diff --git a/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf b/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf new file mode 100644 index 0000000..7347be9 --- /dev/null +++ b/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf @@ -0,0 +1,10 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# The main Ubuntu archive is only for i386/amd64 repositories + +[Match] +Architecture=|x86-64 +Architecture=|x86 +Release=noble + +[Distribution] +PackageManagerTrees=noble-backports.sources:/etc/apt/sources.list.d/noble-backports.sources diff --git a/mkosi.conf.d/10-ubuntu/noble-backports-ports.sources b/mkosi.conf.d/10-ubuntu/noble-backports-ports.sources new file mode 100644 index 0000000..5b96dc5 --- /dev/null +++ b/mkosi.conf.d/10-ubuntu/noble-backports-ports.sources @@ -0,0 +1,6 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +Types: deb +URIs: http://ports.ubuntu.com +Suites: noble-backports +Components: main universe +Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg diff --git a/mkosi.conf.d/10-ubuntu/noble-backports.sources b/mkosi.conf.d/10-ubuntu/noble-backports.sources new file mode 100644 index 0000000..d10c1e8 --- /dev/null +++ b/mkosi.conf.d/10-ubuntu/noble-backports.sources @@ -0,0 +1,6 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +Types: deb +URIs: http://archive.ubuntu.com/ubuntu +Suites: noble-backports +Components: main universe +Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg diff --git a/mkosi.conf.d/20-build.conf b/mkosi.conf.d/20-build.conf new file mode 100644 index 0000000..8c16d9b --- /dev/null +++ b/mkosi.conf.d/20-build.conf @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +# Add a dependency on the build image unless NO_BUILD=1. + +[Match] +Environment=!NO_BUILD=1 + +[Config] +Dependencies=build diff --git a/mkosi.conf.d/20-none.conf b/mkosi.conf.d/20-none.conf new file mode 100644 index 0000000..0e4d919 --- /dev/null +++ b/mkosi.conf.d/20-none.conf @@ -0,0 +1,11 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +# If we're only rerunning the build script, remove all subimage dependencies except the build image to speed +# up builds. + +[Match] +Format=none + +[Config] +Dependencies= +Dependencies=build diff --git a/mkosi.conf.d/20-particle/mkosi.conf b/mkosi.conf.d/20-particle/mkosi.conf new file mode 100644 index 0000000..99dad00 --- /dev/null +++ b/mkosi.conf.d/20-particle/mkosi.conf @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Profile=particle + +[Output] +RepartDirectories= +RepartDirectories=mkosi.repart + +[Validation] +SecureBoot=yes +SignExpectedPcr=yes + +[Host] +RuntimeSize=8G diff --git a/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/15-swap.conf b/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/15-swap.conf new file mode 100644 index 0000000..3755278 --- /dev/null +++ b/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/15-swap.conf @@ -0,0 +1,6 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Partition] +Type=swap +SizeMinBytes=100M +SizeMaxBytes=100M diff --git a/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/20-root.conf b/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/20-root.conf new file mode 100644 index 0000000..2f92af2 --- /dev/null +++ b/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/20-root.conf @@ -0,0 +1,6 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Partition] +Type=root +Format=btrfs +SizeMinBytes=1G diff --git a/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf b/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf new file mode 100644 index 0000000..dac79ba --- /dev/null +++ b/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf @@ -0,0 +1,3 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +C+! /etc - - - - /usr/share/factory/mkosi diff --git a/mkosi.conf.d/20-particle/mkosi.finalize b/mkosi.conf.d/20-particle/mkosi.finalize new file mode 100755 index 0000000..69f9554 --- /dev/null +++ b/mkosi.conf.d/20-particle/mkosi.finalize @@ -0,0 +1,6 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +mkdir -p "$BUILDROOT"/usr/share/factory/mkosi +cp --archive --recursive --no-target-directory --reflink=auto "$BUILDROOT"/etc "$BUILDROOT"/usr/share/factory/mkosi diff --git a/mkosi.conf.d/20-particle/mkosi.postinst.chroot b/mkosi.conf.d/20-particle/mkosi.postinst.chroot new file mode 100755 index 0000000..95e0552 --- /dev/null +++ b/mkosi.conf.d/20-particle/mkosi.postinst.chroot @@ -0,0 +1,12 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +# sbsign is not available on CentOS Stream +if command -v sbsign &>/dev/null; then + # Ensure that side-loaded PE addons are loaded if signed, and ignored if not + addons_dir=/efi/loader/addons + mkdir -p "$addons_dir" + ukify build --secureboot-private-key mkosi.key --secureboot-certificate mkosi.crt --cmdline this_should_be_here -o "$addons_dir/good.addon.efi" + ukify build --cmdline this_should_not_be_here -o "$addons_dir/bad.addon.efi" +fi diff --git a/mkosi.conf.d/20-particle/mkosi.repart/00-esp.conf b/mkosi.conf.d/20-particle/mkosi.repart/00-esp.conf new file mode 100644 index 0000000..391543d --- /dev/null +++ b/mkosi.conf.d/20-particle/mkosi.repart/00-esp.conf @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Partition] +Type=esp +Format=vfat +CopyFiles=/boot:/ +CopyFiles=/efi:/ +SizeMinBytes=1G +SizeMaxBytes=1G diff --git a/mkosi.conf.d/20-particle/mkosi.repart/10-usr.conf b/mkosi.conf.d/20-particle/mkosi.repart/10-usr.conf new file mode 100644 index 0000000..343761d --- /dev/null +++ b/mkosi.conf.d/20-particle/mkosi.repart/10-usr.conf @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Partition] +Type=usr +Format=erofs +CopyFiles=/usr:/ +Verity=data +VerityMatchKey=usr +Minimize=yes diff --git a/mkosi.conf.d/20-particle/mkosi.repart/11-usr-verity.conf b/mkosi.conf.d/20-particle/mkosi.repart/11-usr-verity.conf new file mode 100644 index 0000000..b4d45dd --- /dev/null +++ b/mkosi.conf.d/20-particle/mkosi.repart/11-usr-verity.conf @@ -0,0 +1,7 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Partition] +Type=usr-verity +Verity=hash +VerityMatchKey=usr +Minimize=yes diff --git a/mkosi.conf.d/20-particle/mkosi.repart/12-usr-verity-sig.conf b/mkosi.conf.d/20-particle/mkosi.repart/12-usr-verity-sig.conf new file mode 100644 index 0000000..1841d0a --- /dev/null +++ b/mkosi.conf.d/20-particle/mkosi.repart/12-usr-verity-sig.conf @@ -0,0 +1,6 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Partition] +Type=usr-verity-sig +Verity=signature +VerityMatchKey=usr diff --git a/mkosi.conf.d/20-sanitizers.conf b/mkosi.conf.d/20-sanitizers.conf index 235b233..62d0523 100644 --- a/mkosi.conf.d/20-sanitizers.conf +++ b/mkosi.conf.d/20-sanitizers.conf @@ -2,6 +2,7 @@ [Match] Environment=SANITIZERS +Environment=!SANITIZERS= [Content] # Set verify_asan_link_order=0 to prevent ASAN warnings when building the image and make sure the real ASAN @@ -17,3 +18,6 @@ KernelCommandLine= systemd.setenv=UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1 LSAN_OPTIONS=suppressions=/usr/lib/systemd/leak-sanitizer-suppressions systemd.setenv=LSAN_OPTIONS=suppressions=/usr/lib/systemd/leak-sanitizer-suppressions + +[Config] +Include=%D/mkosi.sanitizers diff --git a/mkosi.conf.d/macros.db_backend b/mkosi.conf.d/macros.db_backend deleted file mode 100644 index 4a58f06..0000000 --- a/mkosi.conf.d/macros.db_backend +++ /dev/null @@ -1 +0,0 @@ -%_db_backend ndb diff --git a/mkosi.coredump-journal-storage.conf b/mkosi.coredump-journal-storage.conf new file mode 100644 index 0000000..cde9785 --- /dev/null +++ b/mkosi.coredump-journal-storage.conf @@ -0,0 +1,4 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Coredump] +Storage=journal diff --git a/mkosi.extra/etc/iscsi/iscsid.conf b/mkosi.extra/etc/iscsi/iscsid.conf new file mode 100644 index 0000000..fcf4cd9 --- /dev/null +++ b/mkosi.extra/etc/iscsi/iscsid.conf @@ -0,0 +1,3 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +iscsid.startup = /usr/bin/systemctl start iscsid.socket diff --git a/mkosi.extra/etc/issue b/mkosi.extra/etc/issue new file mode 100644 index 0000000..6aa6fc0 --- /dev/null +++ b/mkosi.extra/etc/issue @@ -0,0 +1,2 @@ +\S (built from systemd tree) +Kernel \r on an \m (\l) diff --git a/mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf b/mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf new file mode 100644 index 0000000..657ac72 --- /dev/null +++ b/mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf @@ -0,0 +1,4 @@ +# Ubuntu since Noble disables unprivileged user namespaces by default, re-enable them as they are needed +# for integration tests +kernel.apparmor_restrict_unprivileged_unconfined = 0 +kernel.apparmor_restrict_unprivileged_userns = 0 diff --git a/mkosi.extra/usr/lib/systemd/journald.conf.d/ratelimit.conf b/mkosi.extra/usr/lib/systemd/journald.conf.d/ratelimit.conf new file mode 100644 index 0000000..3baede4 --- /dev/null +++ b/mkosi.extra/usr/lib/systemd/journald.conf.d/ratelimit.conf @@ -0,0 +1,5 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Journal] +RateLimitIntervalSec=0 +RateLimitBurst=0 diff --git a/mkosi.extra/usr/lib/systemd/system-preset/00-mkosi.preset b/mkosi.extra/usr/lib/systemd/system-preset/00-mkosi.preset new file mode 100644 index 0000000..5a15e6b --- /dev/null +++ b/mkosi.extra/usr/lib/systemd/system-preset/00-mkosi.preset @@ -0,0 +1,41 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +# mkosi adds its own ssh units via the --ssh switch so disable the default ones. +disable ssh.service +disable sshd.service + +# These are started manually in integration tests so don't start them by default. +disable dnsmasq.service +disable isc-dhcp-server.service +disable isc-dhcp-server6.service + +# Pulled in via dracut-network by kexec-tools on Fedora. +disable NetworkManager* + +# Make sure dbus-broker is started by default on Debian/Ubuntu. +enable dbus-broker.service + +# systemd-networkd is disabled by default on Fedora so make sure it is enabled. +enable systemd-networkd.service +enable systemd-networkd-wait-online.service + +# systemd-resolved is disable by default on CentOS so make sure it is enabled. +enable systemd-resolved.service + +# We install dnf in some images but it's only going to be used rarely, +# so let's not have dnf create its cache. +disable dnf-makecache.* + +# We have journald to receive audit data so let's make sure we're not running auditd as well +disable auditd.service + +# systemd-timesyncd is not enabled by default in the default systemd preset so enable it here instead. +enable systemd-timesyncd.service + +# Enabled by default on OpenSUSE and not conditioned out in containers, so let's disable these here instead. +disable iscsi.service +disable iscsid.socket +disable iscsiuio.socket + +# mkosi relabels the image itself so no need to do it on boot. +disable selinux-autorelabel-mark.service diff --git a/mkosi.extra/usr/lib/systemd/system-preset/99-mkosi.preset b/mkosi.extra/usr/lib/systemd/system-preset/99-mkosi.preset new file mode 100644 index 0000000..710ee7c --- /dev/null +++ b/mkosi.extra/usr/lib/systemd/system-preset/99-mkosi.preset @@ -0,0 +1,4 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +# Make sure that services are disabled by default (primarily for Debian/Ubuntu). +disable * diff --git a/mkosi.extra/usr/lib/systemd/system/iscsi-init.service.d/asan.conf b/mkosi.extra/usr/lib/systemd/system/iscsi-init.service.d/asan.conf new file mode 100644 index 0000000..ebf7899 --- /dev/null +++ b/mkosi.extra/usr/lib/systemd/system/iscsi-init.service.d/asan.conf @@ -0,0 +1,7 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +# The iscsi-init.service calls `sh` which might, in certain circumstances, pull in instrumented systemd NSS +# modules causing `sh` to fail. Avoid the issue by setting LD_PRELOAD to load the sanitizer libraries if +# needed. +[Service] +EnvironmentFile=-/usr/lib/systemd/systemd-asan-env diff --git a/mkosi.extra/usr/lib/systemd/system/user@.service.d/99-SYSTEMD_UNIT_PATH.conf b/mkosi.extra/usr/lib/systemd/system/user@.service.d/99-SYSTEMD_UNIT_PATH.conf new file mode 100644 index 0000000..d0093b7 --- /dev/null +++ b/mkosi.extra/usr/lib/systemd/system/user@.service.d/99-SYSTEMD_UNIT_PATH.conf @@ -0,0 +1,4 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Service] +PassEnvironment=SYSTEMD_UNIT_PATH diff --git a/mkosi.extra/usr/lib/tmpfiles.d/locale.conf b/mkosi.extra/usr/lib/tmpfiles.d/locale.conf new file mode 100644 index 0000000..e1a8e81 --- /dev/null +++ b/mkosi.extra/usr/lib/tmpfiles.d/locale.conf @@ -0,0 +1 @@ +L /etc/default/locale - - - - ../locale.conf diff --git a/mkosi.extra/usr/share/dbus-1/system.d/systemd.test.ExecStopPost.conf b/mkosi.extra/usr/share/dbus-1/system.d/systemd.test.ExecStopPost.conf new file mode 100644 index 0000000..ddd36ed --- /dev/null +++ b/mkosi.extra/usr/share/dbus-1/system.d/systemd.test.ExecStopPost.conf @@ -0,0 +1,13 @@ + + + + + + + + + + diff --git a/mkosi.functions b/mkosi.functions new file mode 100644 index 0000000..993f2e8 --- /dev/null +++ b/mkosi.functions @@ -0,0 +1,57 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +make_sysext_unsigned() { + if ! ((SYSEXT)); then + return + fi + + mkdir -p /usr/lib/systemd/repart/definitions/sysext-unsigned.repart.d + cat >/usr/lib/systemd/repart/definitions/sysext-unsigned.repart.d/10-root.conf <"$1"/usr/lib/extension-release.d/extension-release.systemd <>"$1"/usr/lib/extension-release.d/extension-release.systemd <>"$1"/usr/lib/extension-release.d/extension-release.systemd <&2 + exit 1 +fi + +# We can't configure the source or build directory so we use symlinks instead to make sure they are in the +# expected locations. Because we run with --noextract we are responsible for making sure the source files +# appear in src/. This means not only the systemd source directory, but also the patches and configuration +# files that are shipped in the packaging repository. To achieve this, instead of symlinking the systemd +# sources and build directory directly into "pkg/$PKG_SUBDIR/src", we symlink them into "pkg/$PKG_SUBDIR" and +# then symlink "pkg/$PKG_SUBDIR" to "pkg/$PKG_SUBDIR/src". +ln --symbolic "$SRCDIR" "pkg/$PKG_SUBDIR/systemd" +ln --symbolic "$BUILDDIR" "pkg/$PKG_SUBDIR/build" +ln --symbolic . "pkg/$PKG_SUBDIR/src" + +MKOSI_CFLAGS="-O0 -Wp,-U_FORTIFY_SOURCE" +if ((LLVM)); then + # TODO: Remove -fno-sanitize-function when https://github.com/systemd/systemd/issues/29972 is fixed. + MKOSI_CFLAGS="$MKOSI_CFLAGS -shared-libasan -fno-sanitize=function" +fi + +MKOSI_LDFLAGS="" +if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then + MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(realpath "$(clang --print-runtime-dir)")" +fi + +MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}" +if ((WIPE)) && [[ -d "$BUILDDIR/meson-private" ]]; then + MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe" +fi + +# Override the default options. We specifically disable "strip", "zipman" and "lto" as they slow down builds +# significantly. OPTIONS= cannot be overridden on the makepkg command line so we append to /etc/makepkg.conf +# instead. The rootfs is overlaid with a writable tmpfs during the build script so these changes don't end up +# in the image itself. +tee --append /etc/makepkg.conf >/dev/null <&2 + exit 1 +fi + +# shellcheck source=/dev/null +_systemd_UPSTREAM=1 . "pkg/$PKG_SUBDIR/PKGBUILD" + +# shellcheck disable=SC2154 +mkosi-install "${makedepends[@]}" diff --git a/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.build.chroot b/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.build.chroot new file mode 100755 index 0000000..466699c --- /dev/null +++ b/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.build.chroot @@ -0,0 +1,116 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +. mkosi.functions + +if [[ ! -f "pkg/$PKG_SUBDIR/systemd.spec" ]]; then + echo "spec not found at pkg/$PKG_SUBDIR/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2 + exit 1 +fi + +if [[ -d .git/ ]] && [[ -z "$(git status --porcelain)" ]]; then + TS="$(git show --no-patch --format=%ct HEAD)" +else + TS="${SOURCE_DATE_EPOCH:-$(date +%s)}" +fi + +if [[ "$(rpm --eval "%{lua:print(rpm.vercmp('$(rpm --version | cut -d ' ' -f3)', '4.19.91'))}")" == "-1" ]]; then + # Fix the %install override so debuginfo packages are generated even when --build-in-place is used. + # See https://github.com/rpm-software-management/rpm/issues/3042. + tee --append /usr/lib/rpm/redhat/macros <<'EOF' +%install %{?_enable_debug_packages:%{debug_package}}\ +%%install\ +%{nil} +EOF +fi + +VERSION="$(cat meson.version)" +RELEASE="$(date "+%Y%m%d%H%M%S" --date "@$TS")" + +COMMON_MACRO_OVERRIDES=( + --define "toolchain $( ((LLVM)) && echo clang || echo gcc)" + --define "_fortify_level 0" + --undefine _lto_cflags + # TODO: Remove once redhat-rpm-config 292 is available everywhere. + --define "_hardening_clang_cflags --config=/usr/lib/rpm/redhat/redhat-hardened-clang.cfg" + --define "_hardening_clang_ldflags --config=/usr/lib/rpm/redhat/redhat-hardened-clang-ld.cfg" +) + +# TODO: Drop -U_FORTIFY_SOURCE when we switch to CentOS Stream 10. +MKOSI_CFLAGS="-O0 -Wp,-U_FORTIFY_SOURCE" +if ((WITH_DEBUG)); then + MKOSI_CFLAGS="$MKOSI_CFLAGS -fdebug-prefix-map=../src=/usr/src/debug/systemd" +fi +if ((LLVM)); then + # TODO: Remove -fno-sanitize-function when https://github.com/systemd/systemd/issues/29972 is fixed. + MKOSI_CFLAGS="$MKOSI_CFLAGS -shared-libasan -fno-sanitize=function" +fi + +MKOSI_LDFLAGS="" +if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then + MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(realpath "$(clang --print-runtime-dir)")" +fi + +MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}" +if ((WIPE)) && [[ -d "$BUILDDIR/meson-private" ]]; then + MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe" +fi + +IFS= +# TODO: Replace meson_build and meson_install overrides with "--undefine __meson_verbose" once +# https://github.com/mesonbuild/meson/pull/12835 is available. +# shellcheck disable=SC2046 +env \ +--unset=CFLAGS \ +--unset=CXXFLAGS \ +--unset=LDFLAGS \ +ANNOBIN="no-active-checks" \ +CC_LD="$( ((LLVM)) && echo lld)" \ +CXX_LD="$( ((LLVM)) && echo lld)" \ + rpmbuild \ + -bb \ + --build-in-place \ + --with upstream \ + $( ((WITH_TESTS)) || echo "--nocheck") \ + $( ((WITH_DOCS)) || echo "--without=docs") \ + --define "_topdir /var/tmp" \ + --define "_sourcedir pkg/$PKG_SUBDIR" \ + --define "_rpmdir $OUTPUTDIR" \ + ${BUILDDIR:+"--define=_vpath_builddir $BUILDDIR"} \ + --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \ + --define "_binary_payload w.ufdio" \ + $( ((WITH_DEBUG)) || echo "--define=debug_package %{nil}") \ + --define "version_override $VERSION" \ + --define "release_override $RELEASE" \ + "${COMMON_MACRO_OVERRIDES[@]}" \ + --define "build_cflags $(rpm "${COMMON_MACRO_OVERRIDES[@]}" --eval "%{?build_cflags}") $MKOSI_CFLAGS $CFLAGS" \ + --define "build_cxxflags $(rpm "${COMMON_MACRO_OVERRIDES[@]}" --eval "%{?build_cxxflags}") $MKOSI_CFLAGS $CFLAGS" \ + --define "build_ldflags $(rpm "${COMMON_MACRO_OVERRIDES[@]}" --eval "%{?build_ldflags}") $MKOSI_LDFLAGS $LDFLAGS" \ + --define "meson_build %{shrink:%{__meson} compile -C %{_vpath_builddir} -j %{_smp_build_ncpus} $( ((MESON_VERBOSE)) && echo --verbose) %{nil}}" \ + --define "meson_install %{shrink:DESTDIR=%{buildroot} %{__meson} install -C %{_vpath_builddir} --no-rebuild --quiet %{nil}}" \ + --define "meson_extra_configure_options $MKOSI_MESON_OPTIONS $MESON_OPTIONS" \ + $( ((WITH_DEBUG)) || echo "--define=__brp_strip %{nil}") \ + --define "__brp_compress %{nil}" \ + --define "__brp_mangle_shebangs %{nil}" \ + --define "__brp_strip_comment_note %{nil}" \ + --define "__brp_strip_static_archive %{nil}" \ + --define "__brp_check_rpaths %{nil}" \ + --define "__elf_exclude_path ^/usr/lib/systemd/tests/unit-tests/.*$" \ + --define "__script_requires %{nil}" \ + --define "_find_debuginfo_opts --unique-debug-src-base \"%{name}\"" \ + --define "_find_debuginfo_dwz_opts %{nil}" \ + --define "_fixperms true" \ + --undefine _package_note_flags \ + --noclean \ + "pkg/$PKG_SUBDIR/systemd.spec" + +( + shopt -s nullglob + rm -f "$BUILDDIR"/*.rpm +) + +cp "$OUTPUTDIR"/*.rpm "$PACKAGEDIR" +cp "$OUTPUTDIR"/*.rpm "$BUILDDIR" + +make_sysext_unsigned /var/tmp/BUILD/*/BUILDROOT diff --git a/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.conf b/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.conf new file mode 100644 index 0000000..f3afd55 --- /dev/null +++ b/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.conf @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=|centos +Distribution=|fedora + +[Content] +Environment= + GIT_URL=https://src.fedoraproject.org/rpms/systemd.git + GIT_BRANCH=rawhide + GIT_COMMIT=00babccdea1576d96edfdb7ab12958564cc4f1b6 + PKG_SUBDIR=fedora + +Packages= + compiler-rt + git-core + libasan + libubsan + rpm-build diff --git a/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.prepare b/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.prepare new file mode 100755 index 0000000..6028dc3 --- /dev/null +++ b/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.prepare @@ -0,0 +1,60 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +if [[ "$1" == "build" ]]; then + exit 0 +fi + +if [[ ! -f "pkg/$PKG_SUBDIR/systemd.spec" ]]; then + echo "spec not found at pkg/$PKG_SUBDIR/systemd.spec, run mkosi with -ff to make sure the spec is cloned" >&2 + exit 1 +fi + +mkosi-chroot \ + rpmspec \ + --with upstream \ + --query \ + --buildrequires \ + --define "_topdir /var/tmp" \ + --define "_sourcedir pkg/$PKG_SUBDIR" \ + "pkg/$PKG_SUBDIR/systemd.spec" | + grep --invert-match --regexp systemd --regexp /bin/sh --regexp "rpmlib(" --regexp udev --regexp grubby --regexp sdubby | + sort --unique | + tee /tmp/buildrequires | + xargs --delimiter '\n' mkosi-install + +# rpmbuild -br tries to build a source package which means all source files have to exist which isn't the +# case when using --build-in-place so we get rid of the source file that doesn't exist to make it happy. +# TODO: Use -bd instead of -br and get rid of this once we don't need to build on CentOS Stream 9 anymore. +sed '/Source0/d' --in-place "pkg/$PKG_SUBDIR/systemd.spec" + +until mkosi-chroot \ + rpmbuild \ + -br \ + --build-in-place \ + --with upstream \ + --define "_topdir /var/tmp" \ + --define "_sourcedir pkg/$PKG_SUBDIR" \ + --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \ + "pkg/$PKG_SUBDIR/systemd.spec" +do + EXIT_STATUS=$? + if [[ $EXIT_STATUS -ne 11 ]]; then + exit $EXIT_STATUS + fi + + mkosi-chroot \ + rpm \ + --query \ + --package \ + --requires \ + /var/tmp/SRPMS/systemd-*.buildreqs.nosrc.rpm | + grep --invert-match '^rpmlib(' | + sort --unique >/tmp/dynamic-buildrequires + + sort /tmp/buildrequires /tmp/dynamic-buildrequires | + uniq --unique | + tee --append /tmp/buildrequires | + xargs --delimiter '\n' mkosi-install +done diff --git a/mkosi.images/build/mkosi.conf.d/centos/mkosi.conf b/mkosi.images/build/mkosi.conf.d/centos/mkosi.conf new file mode 100644 index 0000000..f3d19e3 --- /dev/null +++ b/mkosi.images/build/mkosi.conf.d/centos/mkosi.conf @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=centos + +[Content] +Packages= + rsync # TODO: Drop when CentOS Stream 9 CI is removed. + squashfs-tools diff --git a/mkosi.images/build/mkosi.conf.d/centos/mkosi.conf.d/epel-packages.conf b/mkosi.images/build/mkosi.conf.d/centos/mkosi.conf.d/epel-packages.conf new file mode 100644 index 0000000..15849c5 --- /dev/null +++ b/mkosi.images/build/mkosi.conf.d/centos/mkosi.conf.d/epel-packages.conf @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Repositories=epel + +[Content] +Packages= + erofs-utils + rpmautospec-rpm-macros diff --git a/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot new file mode 100755 index 0000000..2d50afb --- /dev/null +++ b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot @@ -0,0 +1,140 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +if [[ ! -d "pkg/$PKG_SUBDIR/debian" ]]; then + echo "deb rules not found at pkg/$PKG_SUBDIR/debian, run mkosi once with -ff to make sure the rules are cloned" >&2 + exit 1 +fi + +# We transplant the debian/ folder from the deb package sources into the upstream sources. +mount --mkdir --bind "$SRCDIR/pkg/$PKG_SUBDIR/debian" "$SRCDIR"/debian + +# We remove the patches so they don't get applied. +rm -rf "$SRCDIR"/debian/patches/* + +# While the build directory can be specified through DH_OPTIONS, the default one is hardcoded everywhere so +# we have to use that. Because it is architecture dependent, we query it using dpkg-architecture first. +DEB_HOST_GNU_TYPE="$(dpkg-architecture --query DEB_HOST_GNU_TYPE)" +mount --mkdir --bind "$BUILDDIR" "$SRCDIR/obj-$DEB_HOST_GNU_TYPE" + +if [[ -d .git/ ]] && [[ -z "$(git status --porcelain)" ]]; then + TS="$(git show --no-patch --format=%ct HEAD)" +else + TS="${SOURCE_DATE_EPOCH:-$(date +%s)}" +fi + +# Add a new changelog entry to update the version. We use a fixed date since a dynamic one causes a full +# rebuild every time. +cat >debian/changelog.new < $(date --rfc-email --date "@$TS") + +EOF +cat debian/changelog >>debian/changelog.new +mv debian/changelog.new debian/changelog + +MKOSI_CFLAGS="-O0" +if ((LLVM)); then + # TODO: Remove -fno-sanitize-function when https://github.com/systemd/systemd/issues/29972 is fixed. + MKOSI_CFLAGS="$MKOSI_CFLAGS -shared-libasan -fno-sanitize=function" +fi + +MKOSI_LDFLAGS="" +if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then + MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(realpath "$(clang --print-runtime-dir)")" +fi + +MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}" +if ((WIPE)) && [[ -d "$BUILDDIR/meson-private" ]]; then + MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe" +fi + +# TODO: Drop GENSYMBOLS_LEVEL once https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986746 is fixed. +build() { + env \ + CC="$( ((LLVM)) && echo clang || echo gcc)" \ + CXX="$( ((LLVM)) && echo clang++ || echo g++)" \ + CC_LD="$( ((LLVM)) && echo lld)" \ + CXX_LD="$( ((LLVM)) && echo lld)" \ + DEB_BUILD_OPTIONS="$(awk '$1=$1' <<<"\ + $( ((WITH_TESTS)) || echo nocheck) \ + $( ((WITH_DOCS)) || echo nodoc) \ + $( ((WITH_DEBUG)) && echo debug || echo nostrip) \ + $( ! ((MESON_VERBOSE)) && echo terse) \ + optimize=-lto \ + hardening=-fortify \ + ")" \ + DEB_BUILD_PROFILES="$(awk '$1=$1' <<<"\ + $( ((WITH_TESTS)) || echo nocheck) \ + $( ((WITH_DOCS)) || echo nodoc) \ + pkg.systemd.upstream \ + ")" \ + DEB_CFLAGS_APPEND="$MKOSI_CFLAGS $CFLAGS" \ + DEB_CXXFLAGS_APPEND="$MKOSI_CFLAGS $CFLAGS" \ + DEB_LDFLAGS_APPEND="$MKOSI_LDFLAGS $LDFLAGS" \ + DPKG_FORCE="unsafe-io" \ + DPKG_DEB_COMPRESSOR_TYPE="none" \ + DH_MISSING="--fail-missing" \ + CONFFLAGS_UPSTREAM="$MKOSI_MESON_OPTIONS $MESON_OPTIONS" \ + GENSYMBOLS_LEVEL="$( ((LLVM)) && echo 0 || echo 1)" \ + dpkg-buildpackage \ + --no-pre-clean \ + --unsigned-changes \ + --build=binary + + EXIT_STATUS=$? + + # Make sure we don't reconfigure twice. + MKOSI_MESON_OPTIONS="${MKOSI_MESON_OPTIONS//"--wipe"/}" + + return $EXIT_STATUS +} + +if ! build; then + # debhelper installs files for each package to debian/ so we figure out which files were + # packaged by querying all the package names from debian/control and running find on each of the + # corresponding package directory in debian/. + grep "Package:" debian/control | + sed "s/Package: //" | + xargs -d '\n' -I {} sh -c "[ -d debian/{} ] && (cd debian/{} && find . ! -type d ! -path "*dh-exec*" -printf '%P\n')" | + # Remove compression suffix from compressed manpages as the manpages in debian/tmp will be uncompressed. + sed --regexp-extended 's/([0-9])\.gz$/\1/' | + sort --unique >/tmp/packaged-files + + # We figure out the installed files by running find on debian/tmp/ which contains the files installed + # by meson install. + (cd debian/tmp/ && find . ! -type d ! -path "*dh-exec*" -printf '%P\n') >/tmp/installed-files + + if [[ -f debian/not-installed ]]; then + grep --invert-match "^#" debian/not-installed >>/tmp/installed-files + fi + + sort --unique --output /tmp/installed-files /tmp/installed-files + + # We get all the installed files that were not packaged by finding entries in the installed file that are + # not in the packaged file. + comm -23 /tmp/installed-files /tmp/packaged-files > /tmp/unpackaged-files + # If there are no unpackaged files something else went wrong. + if [[ ! -s /tmp/unpackaged-files ]]; then + exit 1 + fi + + # Otherwise, we append the unpackaged files to the filelist for the systemd package and retry the build. + cat /tmp/unpackaged-files >>debian/systemd.install + build +fi + +( + shopt -s nullglob + rm -f "$BUILDDIR"/*.deb "$BUILDDIR"/*.ddeb + + cp ../*.deb ../*.ddeb "$PACKAGEDIR" + cp ../*.deb ../*.ddeb "$OUTPUTDIR" + cp ../*.deb ../*.ddeb "$BUILDDIR" + # These conflict with the packages that we actually want to install, so remove them + rm -f "$BUILDDIR"/systemd-standalone-*.deb "$BUILDDIR"/systemd-standalone-*.ddeb +) diff --git a/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf new file mode 100644 index 0000000..132ee1b --- /dev/null +++ b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf @@ -0,0 +1,20 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=|debian +Distribution=|ubuntu + +[Content] +Environment= + GIT_URL=https://salsa.debian.org/systemd-team/systemd.git + GIT_SUBDIR=debian + GIT_BRANCH=ci/v256-stable + GIT_COMMIT=c004a150e78c0453848480485b2e3eb0ac7dff8b + PKG_SUBDIR=debian + +Packages= + apt + erofs-utils + git-core + libclang-rt-dev + dpkg-dev diff --git a/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.prepare b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.prepare new file mode 100755 index 0000000..cec81ec --- /dev/null +++ b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.prepare @@ -0,0 +1,15 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +if [[ "$1" == "build" ]]; then + exit 0 +fi + +if [[ ! -d "pkg/$PKG_SUBDIR/debian" ]]; then + echo "deb rules not found at pkg/$PKG_SUBDIR/debian, run mkosi once with -ff to make sure the rules are cloned" >&2 + exit 1 +fi + +cd "pkg/$PKG_SUBDIR" +DEB_BUILD_PROFILES="pkg.systemd.upstream" apt-get build-dep . diff --git a/mkosi.images/build/mkosi.conf.d/fedora/mkosi.conf b/mkosi.images/build/mkosi.conf.d/fedora/mkosi.conf new file mode 100644 index 0000000..0e02dcb --- /dev/null +++ b/mkosi.images/build/mkosi.conf.d/fedora/mkosi.conf @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=fedora + +[Content] +Packages= + erofs-utils + rpmautospec diff --git a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot new file mode 100755 index 0000000..a1fb83c --- /dev/null +++ b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot @@ -0,0 +1,134 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +. mkosi.functions + +if [[ ! -f "pkg/$PKG_SUBDIR/systemd.spec" ]]; then + echo "spec not found at pkg/$PKG_SUBDIR/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2 + exit 1 +fi + +if [[ -d .git/ ]] && [[ -z "$(git status --porcelain)" ]]; then + TS="$(git show --no-patch --format=%ct HEAD)" +else + TS="${SOURCE_DATE_EPOCH:-$(date +%s)}" +fi + +# The openSUSE filelists hardcode the manpage compression extension. This causes rpmbuild errors since we +# disable manpage compression as the files cannot be found. Fix the issue by removing the compression +# extension. +find "pkg/$PKG_SUBDIR" -name "files.*" -exec sed --in-place 's/\.gz$//' {} \; + +if [[ "$(rpm --eval "%{lua:print(rpm.vercmp('$(rpm --version | cut -d ' ' -f3)', '4.20'))}")" == "-1" ]]; then + # Fix the %install override so debuginfo packages are generated. + tee --append /usr/lib/rpm/suse/macros <<'EOF' +%install %{debug_package}\ +%%install\ +%{nil} +EOF +fi + +VERSION="$(cat meson.version)" +RELEASE="$(date "+%Y%m%d%H%M%S" --date "@$TS")" + +MKOSI_CFLAGS="-O0 -Wp,-U_FORTIFY_SOURCE" +if ((WITH_DEBUG)); then + MKOSI_CFLAGS="$MKOSI_CFLAGS -fdebug-prefix-map=../src=/usr/src/debug/systemd" +fi +if ((LLVM)); then + # TODO: Remove -fno-sanitize-function when https://github.com/systemd/systemd/issues/29972 is fixed. + MKOSI_CFLAGS="$MKOSI_CFLAGS -shared-libasan -fno-sanitize=function" +fi + +MKOSI_LDFLAGS="$(rpm --eval "%{?build_ldflags}")" +if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then + MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(realpath "$(clang --print-runtime-dir)")" +fi + +# A macro can't have an empty body and currently opensuse does not specify any of its own linker flags so +# set LDFLAGS to %{nil} if there are no linker flags. +if [[ -z "${MKOSI_LDFLAGS// }" ]]; then + MKOSI_LDFLAGS="%{nil}" +fi + +MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}" +if ((WIPE)) && [[ -d "$BUILDDIR/meson-private" ]]; then + MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe" +fi + +# TODO: Drop when the spec is fixed (either the patch is adapted or not applied when building for upstream). +sed --in-place '/0009-pid1-handle-console-specificities-weirdness-for-s390.patch/d' "pkg/$PKG_SUBDIR/systemd.spec" + +build() { + IFS= + # shellcheck disable=SC2046 + env \ + --unset CFLAGS \ + --unset CXXFLAGS \ + --unset LDFLAGS \ + CC="$( ((LLVM)) && echo clang || echo gcc)" \ + CXX="$( ((LLVM)) && echo clang++ || echo g++)" \ + CC_LD="$( ((LLVM)) && echo lld)" \ + CXX_LD="$( ((LLVM)) && echo lld)" \ + rpmbuild \ + -bb \ + --build-in-place \ + --with upstream \ + $( ((WITH_TESTS)) || echo "--nocheck") \ + --define "_topdir /var/tmp" \ + --define "_sourcedir pkg/$PKG_SUBDIR" \ + --define "_rpmdir $OUTPUTDIR" \ + ${BUILDDIR:+"--define=_vpath_builddir $BUILDDIR"} \ + --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \ + --define "_binary_payload w.ufdio" \ + $( ((WITH_DEBUG)) || echo "--define=debug_package %{nil}") \ + --define "vendor openSUSE" \ + --define "version_override $VERSION" \ + --define "release_override $RELEASE" \ + --define "__check_files sh -c '$(rpm --define "_topdir /var/tmp" --eval %__check_files) | tee /tmp/unpackaged-files'" \ + --define "build_cflags $(rpm --eval "%{?build_cflags}") $MKOSI_CFLAGS $CFLAGS" \ + --define "build_cxxflags $(rpm --eval "%{?build_cxxflags}") $MKOSI_CFLAGS $CFLAGS" \ + --define "build_ldflags $MKOSI_LDFLAGS $LDFLAGS" \ + $( ((MESON_VERBOSE)) || echo "--undefine=__meson_verbose") \ + --define "meson_extra_configure_options $MKOSI_MESON_OPTIONS $MESON_OPTIONS" \ + --define "__os_install_post /usr/lib/rpm/brp-suse %{nil}" \ + --define "__elf_exclude_path ^/usr/lib/systemd/tests/unit-tests/.*$" \ + --define "__script_requires %{nil}" \ + --define "_find_debuginfo_dwz_opts %{nil}" \ + --define "_find_debuginfo_opts --unique-debug-src-base \"%{name}\"" \ + --define "_fixperms true" \ + --noclean \ + "$@" \ + "pkg/$PKG_SUBDIR/systemd.spec" + + EXIT_STATUS=$? + + # Make sure we don't reconfigure twice. + MKOSI_MESON_OPTIONS="${MKOSI_MESON_OPTIONS//"--wipe"/}" + + return $EXIT_STATUS +} + +if ! build; then + if [[ ! -s /tmp/unpackaged-files ]]; then + exit 1 + fi + + # rpm will append to any existing systemd.lang so delete it explicitly so we don't get duplicate file + # warnings. + rm systemd.lang + + grep -v ".debug" /tmp/unpackaged-files >>"pkg/$PKG_SUBDIR/files.systemd" + build --noprep --nocheck +fi + +( + shopt -s nullglob + rm -f "$BUILDDIR"/*.rpm +) + +cp "$OUTPUTDIR"/*.rpm "$PACKAGEDIR" +cp "$OUTPUTDIR"/*.rpm "$BUILDDIR" + +make_sysext_unsigned /var/tmp/BUILD/*/BUILDROOT diff --git a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf new file mode 100644 index 0000000..1d55a91 --- /dev/null +++ b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf @@ -0,0 +1,18 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=opensuse + +[Content] +Environment= + GIT_URL=https://code.opensuse.org/package/systemd + GIT_BRANCH=master + GIT_COMMIT=6812406e52a474568744c267e7bade1496bb26a5 + PKG_SUBDIR=opensuse + +Packages= + gcc-c++ + erofs-utils + git-core + patterns-base-minimal_base + rpm-build diff --git a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.prepare b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.prepare new file mode 100755 index 0000000..24f07fd --- /dev/null +++ b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.prepare @@ -0,0 +1,58 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +if [[ "$1" == "build" ]]; then + exit 0 +fi + +if [[ ! -f "pkg/$PKG_SUBDIR/systemd.spec" ]]; then + echo "spec not found at pkg/$PKG_SUBDIR/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2 + exit 1 +fi + +# TODO: Drop when the spec is fixed (either the patch is adapted or not applied when building for upstream). +sed --in-place '/0009-pid1-handle-console-specificities-weirdness-for-s390.patch/d' "pkg/$PKG_SUBDIR/systemd.spec" + +mkosi-chroot \ + rpmspec \ + --with upstream \ + --query \ + --buildrequires \ + --define "_topdir /var/tmp" \ + --define "_sourcedir pkg/$PKG_SUBDIR" \ + "pkg/$PKG_SUBDIR/systemd.spec" | + grep --invert-match --regexp systemd --regexp /bin/sh --regexp "rpmlib(" --regexp udev | + sort --unique | + tee /tmp/buildrequires | + xargs --delimiter '\n' mkosi-install + +until mkosi-chroot \ + rpmbuild \ + -bd \ + --build-in-place \ + --with upstream \ + --define "_topdir /var/tmp" \ + --define "_sourcedir pkg/$PKG_SUBDIR" \ + --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \ + "pkg/$PKG_SUBDIR/systemd.spec" +do + EXIT_STATUS=$? + if [[ $EXIT_STATUS -ne 11 ]]; then + exit $EXIT_STATUS + fi + + mkosi-chroot \ + rpm \ + --query \ + --package \ + --requires \ + /var/tmp/SRPMS/systemd-*.buildreqs.nosrc.rpm | + grep --invert-match '^rpmlib(' | + sort --unique >/tmp/dynamic-buildrequires + + sort /tmp/buildrequires /tmp/dynamic-buildrequires | + uniq --unique | + tee --append /tmp/buildrequires | + xargs --delimiter '\n' mkosi-install +done diff --git a/mkosi.images/build/mkosi.sync b/mkosi.images/build/mkosi.sync new file mode 100755 index 0000000..febe893 --- /dev/null +++ b/mkosi.images/build/mkosi.sync @@ -0,0 +1,51 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e +set -o nounset + +if ((${NO_SYNC:-0})) || ((${NO_BUILD:-0})); then + exit 0 +fi + +if [[ -d "pkg/$PKG_SUBDIR/.git" ]]; then + if [[ "$(git -C "pkg/$PKG_SUBDIR" rev-parse HEAD)" == "$GIT_COMMIT" ]]; then + exit 0 + fi + + if ! git -C "pkg/$PKG_SUBDIR" show-ref --quiet "origin/$GIT_BRANCH"; then + git -C "pkg/$PKG_SUBDIR" remote set-url origin "$GIT_URL" + git -C "pkg/$PKG_SUBDIR" fetch origin "$GIT_BRANCH" + fi + + # If work is being done on the packaging rules in a separate branch, don't touch the checkout. + if ! git -C "pkg/$PKG_SUBDIR" merge-base --is-ancestor HEAD "origin/$GIT_BRANCH"; then + EXIT_STATUS=$? + if [[ $EXIT_STATUS -eq 1 ]]; then + exit 0 + else + exit $EXIT_STATUS + fi + fi +fi + +if [[ ! -e "pkg/$PKG_SUBDIR" ]] || [[ -z "$(ls --almost-all "pkg/$PKG_SUBDIR")" ]]; then + # The repository on Salsa has the full upstream sources, so it's a waste of + # space to redownload and duplicate everything, so do a sparse checkout as + # we only need the packaging directory anyway. + if [[ -n "${GIT_SUBDIR:-}" ]]; then + sparse=(--no-checkout --filter=tree:0) + else + sparse=() + fi + + git clone "$GIT_URL" --branch "$GIT_BRANCH" "${sparse[@]}" "pkg/$PKG_SUBDIR" + if [[ -n "${GIT_SUBDIR:-}" ]]; then + # --no-cone is needed to check out only one top-level directory + git -C "pkg/$PKG_SUBDIR" sparse-checkout set --no-cone "${GIT_SUBDIR:-}" + fi +else + git -C "pkg/$PKG_SUBDIR" remote set-url origin "$GIT_URL" + git -C "pkg/$PKG_SUBDIR" fetch origin "$GIT_BRANCH" +fi + +git -C "pkg/$PKG_SUBDIR" -c advice.detachedHead=false checkout "$GIT_COMMIT" diff --git a/mkosi.images/exitrd/mkosi.conf b/mkosi.images/exitrd/mkosi.conf index 2e867cb..28da8a5 100644 --- a/mkosi.images/exitrd/mkosi.conf +++ b/mkosi.images/exitrd/mkosi.conf @@ -1,22 +1,17 @@ # SPDX-License-Identifier: LGPL-2.1-or-later -[Config] -ConfigureScripts= - [Output] Format=directory [Content] Bootable=no -@Locale=C.UTF-8 +Locale=C.UTF-8 WithDocs=no CleanPackageMetadata=yes MakeInitrd=yes -BuildSources= -Packages= -BuildPackages= -VolatilePackages= - Packages= bash + +[Config] +Include=%D/mkosi.sanitizers diff --git a/mkosi.images/exitrd/mkosi.conf.d/10-arch.conf b/mkosi.images/exitrd/mkosi.conf.d/10-arch.conf index c8b1904..b5f3194 100644 --- a/mkosi.images/exitrd/mkosi.conf.d/10-arch.conf +++ b/mkosi.images/exitrd/mkosi.conf.d/10-arch.conf @@ -4,8 +4,9 @@ Distribution=arch [Content] -Packages= +VolatilePackages= systemd + systemd-libs RemoveFiles= # Arch Linux doesn't split their gcc-libs package so we manually remove diff --git a/mkosi.images/exitrd/mkosi.conf.d/10-centos-fedora.conf b/mkosi.images/exitrd/mkosi.conf.d/10-centos-fedora.conf index 8458dee..a1fa32b 100644 --- a/mkosi.images/exitrd/mkosi.conf.d/10-centos-fedora.conf +++ b/mkosi.images/exitrd/mkosi.conf.d/10-centos-fedora.conf @@ -5,5 +5,5 @@ Distribution=|centos Distribution=|fedora [Content] -Packages= +VolatilePackages= systemd-standalone-shutdown diff --git a/mkosi.images/exitrd/mkosi.conf.d/10-debian.conf b/mkosi.images/exitrd/mkosi.conf.d/10-debian.conf index 68b0aa5..6ca310c 100644 --- a/mkosi.images/exitrd/mkosi.conf.d/10-debian.conf +++ b/mkosi.images/exitrd/mkosi.conf.d/10-debian.conf @@ -4,5 +4,5 @@ Distribution=debian [Content] -Packages= +VolatilePackages= systemd-standalone-shutdown diff --git a/mkosi.images/exitrd/mkosi.conf.d/10-opensuse.conf b/mkosi.images/exitrd/mkosi.conf.d/10-opensuse.conf index 3f6df21..5fd6466 100644 --- a/mkosi.images/exitrd/mkosi.conf.d/10-opensuse.conf +++ b/mkosi.images/exitrd/mkosi.conf.d/10-opensuse.conf @@ -5,4 +5,9 @@ Distribution=opensuse [Content] Packages= + patterns-base-minimal_base + +VolatilePackages= + libsystemd0 + libudev1 systemd diff --git a/mkosi.images/exitrd/mkosi.conf.d/10-ubuntu.conf b/mkosi.images/exitrd/mkosi.conf.d/10-ubuntu.conf index ddd68dc..9a7e1d8 100644 --- a/mkosi.images/exitrd/mkosi.conf.d/10-ubuntu.conf +++ b/mkosi.images/exitrd/mkosi.conf.d/10-ubuntu.conf @@ -4,5 +4,8 @@ Distribution=ubuntu [Content] -Packages= +VolatilePackages= + libsystemd-shared + libsystemd0 + libudev1 systemd diff --git a/mkosi.images/exitrd/mkosi.conf.d/20-build.conf b/mkosi.images/exitrd/mkosi.conf.d/20-build.conf new file mode 100644 index 0000000..8c16d9b --- /dev/null +++ b/mkosi.images/exitrd/mkosi.conf.d/20-build.conf @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +# Add a dependency on the build image unless NO_BUILD=1. + +[Match] +Environment=!NO_BUILD=1 + +[Config] +Dependencies=build diff --git a/mkosi.images/initrd/mkosi.conf b/mkosi.images/initrd/mkosi.conf new file mode 100644 index 0000000..3f2c5c7 --- /dev/null +++ b/mkosi.images/initrd/mkosi.conf @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Config] +Include= + mkosi-initrd + %D/mkosi.sanitizers + +[Content] +ExtraTrees= + %D/mkosi.leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions + %D/mkosi.coredump-journal-storage.conf:/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf + +Packages= + findutils + grep + sed diff --git a/mkosi.images/initrd/mkosi.conf.d/arch.conf b/mkosi.images/initrd/mkosi.conf.d/arch.conf new file mode 100644 index 0000000..99e039d --- /dev/null +++ b/mkosi.images/initrd/mkosi.conf.d/arch.conf @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=arch + +[Content] +Packages= + btrfs-progs + tpm2-tools + +VolatilePackages= + systemd + systemd-libs + systemd-sysvcompat diff --git a/mkosi.images/initrd/mkosi.conf.d/build.conf b/mkosi.images/initrd/mkosi.conf.d/build.conf new file mode 100644 index 0000000..8c16d9b --- /dev/null +++ b/mkosi.images/initrd/mkosi.conf.d/build.conf @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +# Add a dependency on the build image unless NO_BUILD=1. + +[Match] +Environment=!NO_BUILD=1 + +[Config] +Dependencies=build diff --git a/mkosi.images/initrd/mkosi.conf.d/centos-fedora.conf b/mkosi.images/initrd/mkosi.conf.d/centos-fedora.conf new file mode 100644 index 0000000..6607dab --- /dev/null +++ b/mkosi.images/initrd/mkosi.conf.d/centos-fedora.conf @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=|centos +Distribution=|fedora + +[Content] +Packages= + tpm2-tools + +VolatilePackages= + systemd + systemd-libs + systemd-udev diff --git a/mkosi.images/initrd/mkosi.conf.d/debian-ubuntu.conf b/mkosi.images/initrd/mkosi.conf.d/debian-ubuntu.conf new file mode 100644 index 0000000..093c1bd --- /dev/null +++ b/mkosi.images/initrd/mkosi.conf.d/debian-ubuntu.conf @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=|debian +Distribution=|ubuntu + +[Content] +Packages= + btrfs-progs + tpm2-tools + +VolatilePackages= + libsystemd-shared + libsystemd0 + libudev1 + systemd + systemd-cryptsetup + systemd-repart + udev diff --git a/mkosi.images/initrd/mkosi.conf.d/fedora.conf b/mkosi.images/initrd/mkosi.conf.d/fedora.conf new file mode 100644 index 0000000..634b5a0 --- /dev/null +++ b/mkosi.images/initrd/mkosi.conf.d/fedora.conf @@ -0,0 +1,8 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=fedora + +[Content] +Packages= + btrfs-progs diff --git a/mkosi.images/initrd/mkosi.conf.d/opensuse.conf b/mkosi.images/initrd/mkosi.conf.d/opensuse.conf new file mode 100644 index 0000000..9f685e6 --- /dev/null +++ b/mkosi.images/initrd/mkosi.conf.d/opensuse.conf @@ -0,0 +1,17 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=opensuse + +[Content] +Packages= + btrfs-progs + kmod + tpm2.0-tools + +VolatilePackages= + libsystemd0 + libudev1 + systemd + udev + systemd-experimental diff --git a/mkosi.images/initrd/mkosi.extra/usr/lib/encrypted-var.repart.d/00-root.conf b/mkosi.images/initrd/mkosi.extra/usr/lib/encrypted-var.repart.d/00-root.conf new file mode 100644 index 0000000..b252491 --- /dev/null +++ b/mkosi.images/initrd/mkosi.extra/usr/lib/encrypted-var.repart.d/00-root.conf @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Partition] +Type=var +# This label is the partition's label. The filesystem inside may have its own label. +Label=varcrypt +# This UUID is the decrypted partition UUID, there are also filesystem and luks UUIDs. +# The original test finds the partition by this UUID, but it doesn't appear +# since the luks UUID, which is derived by hash of this UUID, is different +# and the luks UUID is needed before the decrypted partition UUID. +# The resulting luks UUID is 0d318174-56b0-4d6e-a324-ac1e7e7d235d. +UUID=deadbeef-dead-dead-beef-000000000000 +Format=ext4 +Encrypt=key-file +SizeMinBytes=1G diff --git a/mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/encrypted-var.service b/mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/encrypted-var.service new file mode 100644 index 0000000..54a9b8a --- /dev/null +++ b/mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/encrypted-var.service @@ -0,0 +1,20 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Unit] +Description=Add encrypted var partition to root disk +Documentation=man:systemd-repart.service(8) + +ConditionVirtualization=!container + +DefaultDependencies=no +Wants=modprobe@loop.service modprobe@dm_mod.service +After=modprobe@loop.service modprobe@dm_mod.service sysroot.mount +Before=initrd-root-fs.target +Conflicts=shutdown.target initrd-switch-root.target +Before=shutdown.target initrd-switch-root.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=systemd-repart --definitions /usr/lib/encrypted-var.repart.d --key-file %d/keyfile --dry-run=no /sysroot +ImportCredential=keyfile diff --git a/mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/initrd-run-mount.service b/mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/initrd-run-mount.service new file mode 100644 index 0000000..845ac57 --- /dev/null +++ b/mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/initrd-run-mount.service @@ -0,0 +1,11 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Unit] +Description=Create a mount in /run that should survive the transition from initrd + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=mkdir /run/initrd-mount-source /run/initrd-mount-target +ExecStart=mount -v --bind /run/initrd-mount-source /run/initrd-mount-target +ExecStart=cp -v /etc/initrd-release /run/initrd-mount-target/hello-world diff --git a/mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/initrdcred.service b/mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/initrdcred.service new file mode 100644 index 0000000..2c709bc --- /dev/null +++ b/mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/initrdcred.service @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Unit] +Description=populate initrd credential dir for TEST-54-CREDS + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=sh -c "mkdir -m 0755 -p /run/credentials && mkdir -m 0700 /run/credentials/@initrd && umask 0077 && echo guatemala > /run/credentials/@initrd/myinitrdcred" diff --git a/mkosi.images/minimal-0/mkosi.conf b/mkosi.images/minimal-0/mkosi.conf index a929fb6..5ef80b8 100644 --- a/mkosi.images/minimal-0/mkosi.conf +++ b/mkosi.images/minimal-0/mkosi.conf @@ -2,10 +2,6 @@ [Config] Dependencies=minimal-base -ConfigureScripts= - -[Distribution] -CacheOnly=always [Output] Format=portable @@ -15,11 +11,3 @@ SplitArtifacts=yes BaseTrees=%O/minimal-base Environment=SYSTEMD_REPART_OVERRIDE_FSTYPE=squashfs Bootable=no - -BuildSources= -Packages= -BuildPackages= -VolatilePackages= - -[Host] -Incremental=no diff --git a/mkosi.images/minimal-1/mkosi.conf b/mkosi.images/minimal-1/mkosi.conf index a929fb6..5ef80b8 100644 --- a/mkosi.images/minimal-1/mkosi.conf +++ b/mkosi.images/minimal-1/mkosi.conf @@ -2,10 +2,6 @@ [Config] Dependencies=minimal-base -ConfigureScripts= - -[Distribution] -CacheOnly=always [Output] Format=portable @@ -15,11 +11,3 @@ SplitArtifacts=yes BaseTrees=%O/minimal-base Environment=SYSTEMD_REPART_OVERRIDE_FSTYPE=squashfs Bootable=no - -BuildSources= -Packages= -BuildPackages= -VolatilePackages= - -[Host] -Incremental=no diff --git a/mkosi.images/minimal-base/mkosi.conf b/mkosi.images/minimal-base/mkosi.conf index 7eb1473..d841f9b 100644 --- a/mkosi.images/minimal-base/mkosi.conf +++ b/mkosi.images/minimal-base/mkosi.conf @@ -1,24 +1,19 @@ # SPDX-License-Identifier: LGPL-2.1-or-later -[Config] -ConfigureScripts= - [Output] Format=directory [Content] Bootable=no -@Locale=C.UTF-8 +Locale=C.UTF-8 WithDocs=no CleanPackageMetadata=yes -BuildSources= -Packages= -BuildPackages= -VolatilePackages= - Packages= bash coreutils grep util-linux + +[Config] +Include=%D/mkosi.sanitizers diff --git a/mkosi.images/minimal-base/mkosi.conf.d/10-arch.conf b/mkosi.images/minimal-base/mkosi.conf.d/10-arch.conf index 9b03397..044199a 100644 --- a/mkosi.images/minimal-base/mkosi.conf.d/10-arch.conf +++ b/mkosi.images/minimal-base/mkosi.conf.d/10-arch.conf @@ -7,7 +7,10 @@ Distribution=arch Packages= inetutils iproute - openbsd-netcat + nmap + +VolatilePackages= + systemd-libs RemoveFiles= # Arch Linux doesn't split their gcc-libs package so we manually remove diff --git a/mkosi.images/minimal-base/mkosi.conf.d/10-centos-fedora.conf b/mkosi.images/minimal-base/mkosi.conf.d/10-centos-fedora.conf index 3a3e528..e9893ad 100644 --- a/mkosi.images/minimal-base/mkosi.conf.d/10-centos-fedora.conf +++ b/mkosi.images/minimal-base/mkosi.conf.d/10-centos-fedora.conf @@ -9,4 +9,7 @@ Packages= hostname iproute iproute-tc - netcat + nmap-ncat + +VolatilePackages= + systemd-libs diff --git a/mkosi.images/minimal-base/mkosi.conf.d/10-debian-ubuntu-opensuse.conf b/mkosi.images/minimal-base/mkosi.conf.d/10-debian-ubuntu-opensuse.conf deleted file mode 100644 index a715ec1..0000000 --- a/mkosi.images/minimal-base/mkosi.conf.d/10-debian-ubuntu-opensuse.conf +++ /dev/null @@ -1,12 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=|debian -Distribution=|ubuntu - -[Content] -Packages= - hostname - iproute2 - mount - netcat-openbsd diff --git a/mkosi.images/minimal-base/mkosi.conf.d/10-debian-ubuntu.conf b/mkosi.images/minimal-base/mkosi.conf.d/10-debian-ubuntu.conf new file mode 100644 index 0000000..d524ec1 --- /dev/null +++ b/mkosi.images/minimal-base/mkosi.conf.d/10-debian-ubuntu.conf @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=|debian +Distribution=|ubuntu + +[Content] +Packages= + hostname + iproute2 + mount + ncat + +VolatilePackages= + libsystemd0 + libudev1 diff --git a/mkosi.images/minimal-base/mkosi.conf.d/10-opensuse.conf b/mkosi.images/minimal-base/mkosi.conf.d/10-opensuse.conf index 2e370ec..9bd40cf 100644 --- a/mkosi.images/minimal-base/mkosi.conf.d/10-opensuse.conf +++ b/mkosi.images/minimal-base/mkosi.conf.d/10-opensuse.conf @@ -7,5 +7,9 @@ Distribution=opensuse Packages= hostname iproute2 - netcat-openbsd + ncat patterns-base-minimal_base + +VolatilePackages= + libsystemd0 + libudev1 diff --git a/mkosi.images/minimal-base/mkosi.conf.d/20-build.conf b/mkosi.images/minimal-base/mkosi.conf.d/20-build.conf new file mode 100644 index 0000000..8c16d9b --- /dev/null +++ b/mkosi.images/minimal-base/mkosi.conf.d/20-build.conf @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +# Add a dependency on the build image unless NO_BUILD=1. + +[Match] +Environment=!NO_BUILD=1 + +[Config] +Dependencies=build diff --git a/mkosi.images/system/coredump-journal-storage.conf b/mkosi.images/system/coredump-journal-storage.conf deleted file mode 100644 index cde9785..0000000 --- a/mkosi.images/system/coredump-journal-storage.conf +++ /dev/null @@ -1,4 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Coredump] -Storage=journal diff --git a/mkosi.images/system/initrd/mkosi.conf b/mkosi.images/system/initrd/mkosi.conf deleted file mode 100644 index ed9bfdc..0000000 --- a/mkosi.images/system/initrd/mkosi.conf +++ /dev/null @@ -1,7 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Content] -PostInstallationScripts=../mkosi.sanitizers.chroot -ExtraTrees= - ../leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions - ../coredump-journal-storage.conf:/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf diff --git a/mkosi.images/system/initrd/mkosi.extra/usr/lib/encrypted-var.repart.d/00-root.conf b/mkosi.images/system/initrd/mkosi.extra/usr/lib/encrypted-var.repart.d/00-root.conf deleted file mode 100644 index b252491..0000000 --- a/mkosi.images/system/initrd/mkosi.extra/usr/lib/encrypted-var.repart.d/00-root.conf +++ /dev/null @@ -1,15 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Partition] -Type=var -# This label is the partition's label. The filesystem inside may have its own label. -Label=varcrypt -# This UUID is the decrypted partition UUID, there are also filesystem and luks UUIDs. -# The original test finds the partition by this UUID, but it doesn't appear -# since the luks UUID, which is derived by hash of this UUID, is different -# and the luks UUID is needed before the decrypted partition UUID. -# The resulting luks UUID is 0d318174-56b0-4d6e-a324-ac1e7e7d235d. -UUID=deadbeef-dead-dead-beef-000000000000 -Format=ext4 -Encrypt=key-file -SizeMinBytes=1G diff --git a/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/encrypted-var.service b/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/encrypted-var.service deleted file mode 100644 index 54a9b8a..0000000 --- a/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/encrypted-var.service +++ /dev/null @@ -1,20 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Unit] -Description=Add encrypted var partition to root disk -Documentation=man:systemd-repart.service(8) - -ConditionVirtualization=!container - -DefaultDependencies=no -Wants=modprobe@loop.service modprobe@dm_mod.service -After=modprobe@loop.service modprobe@dm_mod.service sysroot.mount -Before=initrd-root-fs.target -Conflicts=shutdown.target initrd-switch-root.target -Before=shutdown.target initrd-switch-root.target - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=systemd-repart --definitions /usr/lib/encrypted-var.repart.d --key-file %d/keyfile --dry-run=no /sysroot -ImportCredential=keyfile diff --git a/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/initrd-run-mount.service b/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/initrd-run-mount.service deleted file mode 100644 index 845ac57..0000000 --- a/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/initrd-run-mount.service +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Unit] -Description=Create a mount in /run that should survive the transition from initrd - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=mkdir /run/initrd-mount-source /run/initrd-mount-target -ExecStart=mount -v --bind /run/initrd-mount-source /run/initrd-mount-target -ExecStart=cp -v /etc/initrd-release /run/initrd-mount-target/hello-world diff --git a/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/initrdcred.service b/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/initrdcred.service deleted file mode 100644 index 2c709bc..0000000 --- a/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/initrdcred.service +++ /dev/null @@ -1,9 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Unit] -Description=populate initrd credential dir for TEST-54-CREDS - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=sh -c "mkdir -m 0755 -p /run/credentials && mkdir -m 0700 /run/credentials/@initrd && umask 0077 && echo guatemala > /run/credentials/@initrd/myinitrdcred" diff --git a/mkosi.images/system/leak-sanitizer-suppressions b/mkosi.images/system/leak-sanitizer-suppressions deleted file mode 100644 index 639abb8..0000000 --- a/mkosi.images/system/leak-sanitizer-suppressions +++ /dev/null @@ -1 +0,0 @@ -leak:libselinux diff --git a/mkosi.images/system/mkosi.clean b/mkosi.images/system/mkosi.clean deleted file mode 100755 index 64810b7..0000000 --- a/mkosi.images/system/mkosi.clean +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash -set -e -set -o nounset - -rm -f "$OUTPUTDIR"/*.{rpm,deb,pkg.tar} diff --git a/mkosi.images/system/mkosi.conf b/mkosi.images/system/mkosi.conf deleted file mode 100644 index f8a91df..0000000 --- a/mkosi.images/system/mkosi.conf +++ /dev/null @@ -1,78 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Config] -InitrdInclude=initrd/ - -[Output] -RepartDirectories=mkosi.repart - -[Content] -Autologin=yes -ExtraTrees= - %D/mkosi.crt:/usr/lib/verity.d/mkosi.crt # sysext verification key - leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions - coredump-journal-storage.conf:/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf - -PostInstallationScripts=mkosi.sanitizers.chroot - -InitrdPackages= - btrfs-progs - findutils - grep - sed - -Packages= - acl - attr - bash-completion - bpftrace - btrfs-progs - clang - coreutils - curl - diffutils - dnsmasq - dosfstools - e2fsprogs - findutils - gdb - grep - gzip - jq - kbd - kexec-tools - kmod - knot - less - lld - llvm - lvm2 - man - mdadm - mtools - nano - nftables - nvme-cli - opensc - openssl - p11-kit - pciutils - python3 - qrencode - radvd - rsync - sed - socat - strace - systemd - tar - tmux - tree - udev - util-linux - valgrind - which - wireguard-tools - xfsprogs - zsh - zstd diff --git a/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.build.chroot b/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.build.chroot deleted file mode 100755 index 2c99a67..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.build.chroot +++ /dev/null @@ -1,99 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e - -if ((NO_BUILD)); then - exit 0 -fi - -# shellcheck source=/dev/null -. /usr/lib/os-release - -if [ ! -f "pkg/$ID/PKGBUILD" ]; then - echo "PKGBUILD not found at pkg/$ID/PKGBUILD, run mkosi once with -ff to make sure the PKGBUILD is cloned" >&2 - exit 1 -fi - -# We can't configure the source or build directory so we use symlinks instead to make sure they are in the -# expected locations. -ln --symbolic "$SRCDIR" "pkg/$ID/systemd" -ln --symbolic "$BUILDDIR" "pkg/$ID/build" -# Because we run with --noextract we are responsible for making sure the source files appear in src/. -ln --symbolic . "pkg/$ID/src" - -MKOSI_CFLAGS="-O0 -Wp,-U_FORTIFY_SOURCE" -if ((LLVM)); then - # TODO: Remove -fno-sanitize-function when https://github.com/systemd/systemd/issues/29972 is fixed. - MKOSI_CFLAGS="$MKOSI_CFLAGS -shared-libasan -fno-sanitize=function" -fi - -MKOSI_LDFLAGS="" -if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then - MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(clang --print-file-name="")lib/linux" -fi - -MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}" -if ((WIPE)); then - MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe" -fi - -# Override the default options. We specifically disable "strip", "zipman" and "lto" as they slow down builds -# significantly. OPTIONS= cannot be overridden on the makepkg command line so we append to /etc/makepkg.conf -# instead. The rootfs is overlaid with a writable tmpfs during the build script so these changes don't end up -# in the image itself. -tee --append /etc/makepkg.conf >/dev/null <&2 - exit 1 -fi - -# We get depends and optdepends from .SRCINFO as getting them from the PKGBUILD is rather complex. -sed --expression 's/^[ \t]*//' "pkg/$ID/.SRCINFO" | - grep --regexp '^depends =' --regexp '^optdepends =' | - sed --expression 's/^depends = //' --expression 's/^optdepends = //' --expression 's/:.*//' --expression 's/=.*//' | - xargs --delimiter '\n' mkosi-install - -# We get makedepends from the PKGBUILD as .SRCINFO can't encode conditional dependencies depending on -# whether some environment variable is set or not. -# shellcheck source=/dev/null -_systemd_UPSTREAM=1 . "pkg/$ID/PKGBUILD" - -# shellcheck disable=SC2154 -mkosi-install "${makedepends[@]}" diff --git a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.build.chroot b/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.build.chroot deleted file mode 100755 index 21f1062..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.build.chroot +++ /dev/null @@ -1,122 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e - -if ((NO_BUILD)); then - exit 0 -fi - -# shellcheck source=/dev/null -. /usr/lib/os-release - -if [ ! -f "pkg/$ID/systemd.spec" ]; then - echo "spec not found at pkg/$ID/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2 - exit 1 -fi - -if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then - TS="$(git show --no-patch --format=%ct HEAD)" -else - TS="${SOURCE_DATE_EPOCH:-$(date +%s)}" -fi - -if systemd-analyze compare-versions "$(rpm --version | cut -d ' ' -f3)" lt "4.19.91"; then - # Fix the %install override so debuginfo packages are generated even when --build-in-place is used. - # See https://github.com/rpm-software-management/rpm/issues/3042. - tee --append /usr/lib/rpm/redhat/macros <<'EOF' -%install %{?_enable_debug_packages:%{debug_package}}\ -%%install\ -%{nil} -EOF -fi - -VERSION="$(cat meson.version)" -RELEASE="$(date "+%Y%m%d%H%M%S" --date "@$TS")" - -DIST="$(rpm --eval %dist)" -ARCH="$(rpm --eval %_arch)" -SRCDEST="/usr/src/debug/systemd-$VERSION-${RELEASE}${DIST}.$ARCH" - -COMMON_MACRO_OVERRIDES=( - --define "toolchain $( ((LLVM)) && echo clang || echo gcc)" - --define "_fortify_level 0" - --undefine _lto_cflags - # TODO: Remove once redhat-rpm-config 292 is available everywhere. - --define "_hardening_clang_cflags --config=/usr/lib/rpm/redhat/redhat-hardened-clang.cfg" - --define "_hardening_clang_ldflags --config=/usr/lib/rpm/redhat/redhat-hardened-clang-ld.cfg" -) - -# TODO: Drop -U_FORTIFY_SOURCE when we switch to CentOS Stream 10. -MKOSI_CFLAGS="-O0 -Wp,-U_FORTIFY_SOURCE" -if ((WITH_DEBUG)); then - MKOSI_CFLAGS="$MKOSI_CFLAGS -fdebug-prefix-map=../src=$SRCDEST" -fi -if ((LLVM)); then - # TODO: Remove -fno-sanitize-function when https://github.com/systemd/systemd/issues/29972 is fixed. - MKOSI_CFLAGS="$MKOSI_CFLAGS -shared-libasan -fno-sanitize=function" -fi - -MKOSI_LDFLAGS="" -if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then - MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(dirname "$(clang --print-file-name=libclang_rt.asan.so)")" -fi - -MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}" -if ((WIPE)); then - MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe" -fi - -IFS= -# TODO: Replace meson_build and meson_install overrides with "--undefine __meson_verbose" once -# https://github.com/mesonbuild/meson/pull/12835 is available. -# shellcheck disable=SC2046 -env \ ---unset=CFLAGS \ ---unset=CXXFLAGS \ ---unset=LDFLAGS \ -ANNOBIN="no-active-checks" \ -CC_LD="$( ((LLVM)) && echo lld)" \ -CXX_LD="$( ((LLVM)) && echo lld)" \ - rpmbuild \ - -bb \ - --build-in-place \ - --with upstream \ - $( ((WITH_TESTS)) || echo "--nocheck") \ - $( ((WITH_DOCS)) || echo "--without=docs") \ - --define "_topdir /var/tmp" \ - --define "_sourcedir pkg/$ID" \ - --define "_rpmdir $OUTPUTDIR" \ - ${BUILDDIR:+"--define=_vpath_builddir $BUILDDIR"} \ - --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \ - --define "_binary_payload w.ufdio" \ - $( ((WITH_DEBUG)) || echo "--define=debug_package %{nil}") \ - --define "version_override $VERSION" \ - --define "release_override $RELEASE" \ - "${COMMON_MACRO_OVERRIDES[@]}" \ - --define "build_cflags $(rpm "${COMMON_MACRO_OVERRIDES[@]}" --eval "%{?build_cflags}") $MKOSI_CFLAGS $CFLAGS" \ - --define "build_cxxflags $(rpm "${COMMON_MACRO_OVERRIDES[@]}" --eval "%{?build_cxxflags}") $MKOSI_CFLAGS $CFLAGS" \ - --define "build_ldflags $(rpm "${COMMON_MACRO_OVERRIDES[@]}" --eval "%{?build_ldflags}") $MKOSI_LDFLAGS $LDFLAGS" \ - --define "meson_build %{shrink:%{__meson} compile -C %{_vpath_builddir} -j %{_smp_build_ncpus} $( ((MESON_VERBOSE)) && echo --verbose) %{nil}}" \ - --define "meson_install %{shrink:DESTDIR=%{buildroot} %{__meson} install -C %{_vpath_builddir} --no-rebuild --quiet %{nil}}" \ - --define "meson_extra_configure_options $MKOSI_MESON_OPTIONS $MESON_OPTIONS" \ - $( ((WITH_DEBUG)) || echo "--define=__brp_strip %{nil}") \ - --define "__brp_compress %{nil}" \ - --define "__brp_mangle_shebangs %{nil}" \ - --define "__brp_strip_comment_note %{nil}" \ - --define "__brp_strip_static_archive %{nil}" \ - --define "__brp_check_rpaths %{nil}" \ - --define "__elf_exclude_path ^/usr/lib/systemd/tests/unit-tests/.*$" \ - --define "__script_requires %{nil}" \ - --define "_find_debuginfo_dwz_opts %{nil}" \ - --define "_fixperms true" \ - --undefine _package_note_flags \ - --noclean \ - "pkg/$ID/systemd.spec" - -( - shopt -s nullglob - rm -f "$BUILDDIR"/*.rpm -) - -cp "$OUTPUTDIR"/*.rpm "$PACKAGEDIR" -cp "$OUTPUTDIR"/*.rpm "$BUILDDIR" diff --git a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf deleted file mode 100644 index f200409..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf +++ /dev/null @@ -1,76 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=|centos -Distribution=|fedora - -[Content] -VolatilePackages= - systemd - systemd-boot - systemd-container - systemd-devel - systemd-journal-remote - systemd-networkd - systemd-networkd-defaults - systemd-oomd-defaults - systemd-pam - systemd-resolved - systemd-tests - systemd-udev - systemd-ukify - -Packages= - bind-utils - bpftool - compiler-rt - cryptsetup - device-mapper-event - device-mapper-multipath - dfuzzer - dhcp-server - dnf - git-core - glibc-langpack-de - glibc-langpack-en - gnutls - gnutls-utils - integritysetup - iproute - iproute-tc - iputils - iscsi-initiator-utils - kernel-core - libasan - libcap-ng-utils - libubsan - man-db - netcat - openssh-clients - openssh-server - pam - passwd - perf - policycoreutils - polkit - procps-ng - python3-pexpect - quota - rpm - rpm-build - rpmautospec - sbsigntools - softhsm - squashfs-tools - stress - tpm2-tools - util-linux - veritysetup - vim-common - -InitrdPackages= - tpm2-tools - -InitrdVolatilePackages= - systemd - systemd-udev diff --git a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-debug.conf b/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-debug.conf deleted file mode 100644 index 0c3707b..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-debug.conf +++ /dev/null @@ -1,17 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Environment=WITH_DEBUG=1 - -[Content] -VolatilePackages= - systemd-container-debuginfo - systemd-debuginfo - systemd-debugsource - systemd-journal-remote-debuginfo - systemd-libs-debuginfo - systemd-networkd-debuginfo - systemd-pam-debuginfo - systemd-resolved-debuginfo - systemd-tests-debuginfo - systemd-udev-debuginfo diff --git a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-selinux.conf b/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-selinux.conf deleted file mode 100644 index 9fe5509..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-selinux.conf +++ /dev/null @@ -1,20 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Profile=!particle - -[Content] -# libselinux does not work in the slightest with /usr-only images so don't install the packages if we're -# building a /usr-only image. -Packages= - selinux-policy - selinux-policy-targeted - setools-console - -# We relabel on first boot instead of at build time because it is only possible to label without root -# if the labels exist in the host system, and we want to be able to cross-build to other distributions. -SELinuxRelabel=no - -InitrdPackages= - selinux-policy - selinux-policy-targeted diff --git a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.prepare b/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.prepare deleted file mode 100755 index 1b86073..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.prepare +++ /dev/null @@ -1,65 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e - -if [ "$1" = "build" ] || ((NO_BUILD)); then - exit 0 -fi - -# shellcheck source=/dev/null -. "$BUILDROOT/usr/lib/os-release" - -if [ ! -f "pkg/$ID/systemd.spec" ]; then - echo "spec not found at pkg/$ID/systemd.spec, run mkosi with -ff to make sure the spec is cloned" >&2 - exit 1 -fi - -for DEPS in --requires --buildrequires; do - mkosi-chroot \ - rpmspec \ - --with upstream \ - --query \ - "$DEPS" \ - --define "_topdir /var/tmp" \ - --define "_sourcedir pkg/$ID" \ - "pkg/$ID/systemd.spec" | - grep --invert-match --regexp systemd --regexp /bin/sh --regexp "rpmlib(" --regexp udev --regexp grubby --regexp sdubby | - sort --unique | - tee /tmp/buildrequires | - xargs --delimiter '\n' mkosi-install -done - -# rpmbuild -br tries to build a source package which means all source files have to exist which isn't the -# case when using --build-in-place so we get rid of the source file that doesn't exist to make it happy. -# TODO: Use -bd instead of -br and get rid of this once we don't need to build on CentOS Stream 9 anymore. -sed '/Source0/d' --in-place "pkg/$ID/systemd.spec" - -until mkosi-chroot \ - rpmbuild \ - -br \ - --build-in-place \ - --with upstream \ - --define "_topdir /var/tmp" \ - --define "_sourcedir pkg/$ID" \ - --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \ - "pkg/$ID/systemd.spec" -do - EXIT_STATUS=$? - if [ $EXIT_STATUS -ne 11 ]; then - exit $EXIT_STATUS - fi - - mkosi-chroot \ - rpm \ - --query \ - --package \ - --requires \ - /var/tmp/SRPMS/systemd-*.buildreqs.nosrc.rpm | - grep --invert-match '^rpmlib(' | - sort --unique >/tmp/dynamic-buildrequires - - sort /tmp/buildrequires /tmp/dynamic-buildrequires | - uniq --unique | - tee --append /tmp/buildrequires | - xargs --delimiter '\n' mkosi-install -done diff --git a/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.conf deleted file mode 100644 index 25059c2..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.conf +++ /dev/null @@ -1,17 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=centos - -[Content] -Environment= - # The kernel versions in CentOS Stream 9 doesn't support orphan_file, but later versions of - # mkfs.ext4 enabled it by default, so we disable it explicitly. - Environment=SYSTEMD_REPART_MKFS_OPTIONS_EXT4="-O ^orphan_file" - GIT_URL=https://git.centos.org/rpms/systemd.git - GIT_BRANCH=c9s-sig-hyperscale - GIT_COMMIT=8cf2aed0181920611421384f7374720db269d6c7 - -Packages= - kernel-modules # For squashfs - rpmautospec-rpm-macros diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.build.chroot b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.build.chroot deleted file mode 100755 index f1eed03..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.build.chroot +++ /dev/null @@ -1,147 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e - -if ((NO_BUILD)); then - exit 0 -fi - -# shellcheck source=/dev/null -. /usr/lib/os-release - -if [ ! -d "pkg/$ID/debian" ]; then - echo "deb rules not found at pkg/$ID/debian, run mkosi once with -ff to make sure the rules are cloned" >&2 - exit 1 -fi - -# We transplant the debian/ folder from the deb package sources into the upstream sources. -mount --mkdir --bind "$SRCDIR/pkg/$ID/debian" "$SRCDIR"/debian - -# We remove the patches so they don't get applied. -rm -rf "$SRCDIR"/debian/patches/* - -# While the build directory can be specified through DH_OPTIONS, the default one is hardcoded everywhere so -# we have to use that. Because it is architecture dependent, we query it using dpkg-architecture first. -DEB_HOST_GNU_TYPE="$(dpkg-architecture --query DEB_HOST_GNU_TYPE)" -mount --mkdir --bind "$BUILDDIR" "$SRCDIR/obj-$DEB_HOST_GNU_TYPE" - -if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then - TS="$(git show --no-patch --format=%ct HEAD)" -else - TS="${SOURCE_DATE_EPOCH:-$(date +%s)}" -fi - -# Add a new changelog entry to update the version. We use a fixed date since a dynamic one causes a full -# rebuild every time. -cat >debian/changelog.new < $(date --rfc-email --date "@$TS") - -EOF -cat debian/changelog >>debian/changelog.new -mv debian/changelog.new debian/changelog - -MKOSI_CFLAGS="-O0" -if ((LLVM)); then - # TODO: Remove -fno-sanitize-function when https://github.com/systemd/systemd/issues/29972 is fixed. - MKOSI_CFLAGS="$MKOSI_CFLAGS -shared-libasan -fno-sanitize=function" -fi - -MKOSI_LDFLAGS="" -if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then - MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(clang --print-file-name="")lib/linux" -fi - -MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}" -if ((WIPE)); then - MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe" -fi - -# TODO: Drop GENSYMBOLS_LEVEL once https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986746 is fixed. -build() { - env \ - CC="$( ((LLVM)) && echo clang || echo gcc)" \ - CXX="$( ((LLVM)) && echo clang++ || echo g++)" \ - CC_LD="$( ((LLVM)) && echo lld)" \ - CXX_LD="$( ((LLVM)) && echo lld)" \ - DEB_BUILD_OPTIONS="$(awk '$1=$1' <<<"\ - $( ((WITH_TESTS)) || echo nocheck) \ - $( ((WITH_DOCS)) || echo nodoc) \ - $( ((WITH_DEBUG)) && echo debug || echo nostrip) \ - $( ! ((MESON_VERBOSE)) && echo terse) \ - optimize=-lto \ - hardening=-fortify \ - ")" \ - DEB_BUILD_PROFILES="$(awk '$1=$1' <<<"\ - $( ((WITH_TESTS)) || echo nocheck) \ - $( ((WITH_DOCS)) || echo nodoc) \ - pkg.systemd.upstream \ - ")" \ - DEB_CFLAGS_APPEND="$MKOSI_CFLAGS $CFLAGS" \ - DEB_CXXFLAGS_APPEND="$MKOSI_CFLAGS $CFLAGS" \ - DEB_LDFLAGS_APPEND="$MKOSI_LDFLAGS $LDFLAGS" \ - DPKG_FORCE="unsafe-io" \ - DPKG_DEB_COMPRESSOR_TYPE="none" \ - DH_MISSING="--fail-missing" \ - CONFFLAGS_UPSTREAM="$MKOSI_MESON_OPTIONS $MESON_OPTIONS" \ - GENSYMBOLS_LEVEL="$( ((LLVM)) && echo 0 || echo 1)" \ - dpkg-buildpackage \ - --no-pre-clean \ - --unsigned-changes \ - --build=binary - - EXIT_STATUS=$? - - # Make sure we don't reconfigure twice. - MKOSI_MESON_OPTIONS="${MKOSI_MESON_OPTIONS//"--wipe"/}" - - return $EXIT_STATUS -} - -if ! build; then - # debhelper installs files for each package to debian/ so we figure out which files were - # packaged by querying all the package names from debian/control and running find on each of the - # corresponding package directory in debian/. - grep "Package:" debian/control | - sed "s/Package: //" | - xargs -d '\n' -I {} sh -c "[ -d debian/{} ] && (cd debian/{} && find . ! -type d ! -path "*dh-exec*" -printf '%P\n')" | - # Remove compression suffix from compressed manpages as the manpages in debian/tmp will be uncompressed. - sed --regexp-extended 's/([0-9])\.gz$/\1/' | - sort --unique >/tmp/packaged-files - - # We figure out the installed files by running find on debian/tmp/ which contains the files installed - # by meson install. - (cd debian/tmp/ && find . ! -type d ! -path "*dh-exec*" -printf '%P\n') >/tmp/installed-files - - if [ -f debian/not-installed ]; then - grep --invert-match "^#" debian/not-installed >>/tmp/installed-files - fi - - sort --unique --output /tmp/installed-files /tmp/installed-files - - # We get all the installed files that were not packaged by finding entries in the installed file that are - # not in the packaged file. - comm -23 /tmp/installed-files /tmp/packaged-files > /tmp/unpackaged-files - # If there are no unpackaged files something else went wrong. - if [ ! -s /tmp/unpackaged-files ]; then - exit 1 - fi - - # Otherwise, we append the unpackaged files to the filelist for the systemd package and retry the build. - cat /tmp/unpackaged-files >>debian/systemd.install - build -fi - -( - shopt -s nullglob - rm -f "$BUILDDIR"/*.deb "$BUILDDIR"/*.ddeb - - cp ../*.deb ../*.ddeb "$PACKAGEDIR" - cp ../*.deb ../*.ddeb "$OUTPUTDIR" - cp ../*.deb ../*.ddeb "$BUILDDIR" - # These conflict with the packages that we actually want to install, so remove them - rm -f "$BUILDDIR"/systemd-standalone-*.deb "$BUILDDIR"/systemd-standalone-*.ddeb -) diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf deleted file mode 100644 index c6b8154..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf +++ /dev/null @@ -1,92 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=|debian -Distribution=|ubuntu - -[Content] -Environment= - GIT_URL=https://salsa.debian.org/systemd-team/systemd.git - GIT_SUBDIR=debian - GIT_BRANCH=ci/v256-stable - GIT_COMMIT=5f07b24c429e854db1afad5f14729804a46a59af - -VolatilePackages= - libnss-myhostname - libnss-mymachines - libnss-resolve - libnss-systemd - libpam-systemd - libsystemd-dev - libudev-dev - systemd - systemd-container - systemd-coredump - systemd-cryptsetup - systemd-dev - systemd-homed - systemd-journal-remote - systemd-oomd - systemd-repart - systemd-resolved - systemd-sysv - systemd-tests - systemd-timesyncd - systemd-ukify - systemd-userdbd - udev - -Packages= - ^libasan[0-9]+$ - ^libtss2-esys-[0-9.]+-0$ - ^libtss2-mu-[0-9.]+-0$ - ^libubsan[0-9]+$ - apt - bind9-dnsutils - cryptsetup-bin - dbus-broker - dbus-user-session - dmsetup - dpkg-dev - f2fs-tools - fdisk - git-core - gnutls-bin - iproute2 - iputils-ping - isc-dhcp-server - libcap-ng-utils - libclang-rt-dev - libtss2-rc0 - libtss2-tcti-device0 - locales - man-db - multipath-tools - netcat-openbsd - open-iscsi - openssh-client - openssh-server - passwd - policykit-1 - procps - psmisc - python3-pexpect - python3-psutil - quota - softhsm2 - squashfs-tools - stress - tgt - tpm2-tools - tzdata - xxd - -InitrdPackages= - libclang-rt-dev - tpm2-tools - -InitrdVolatilePackages= - systemd - systemd-cryptsetup - systemd-repart - udev diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/10-debug.conf b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/10-debug.conf deleted file mode 100644 index 2bb6164..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/10-debug.conf +++ /dev/null @@ -1,29 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Environment=WITH_DEBUG=1 - -[Content] -VolatilePackages= - libnss-myhostname-dbgsym - libnss-mymachines-dbgsym - libnss-resolve-dbgsym - libnss-systemd-dbgsym - libpam-systemd-dbgsym - libsystemd-shared-dbgsym - libsystemd0-dbgsym - libudev1-dbgsym - systemd-boot-dbgsym - systemd-container-dbgsym - systemd-coredump-dbgsym - systemd-cryptsetup-dbgsym - systemd-dbgsym - systemd-homed-dbgsym - systemd-journal-remote-dbgsym - systemd-oomd-dbgsym - systemd-repart-dbgsym - systemd-resolved-dbgsym - systemd-tests-dbgsym - systemd-timesyncd-dbgsym - systemd-userdbd-dbgsym - udev-dbgsym diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf deleted file mode 100644 index 781670a..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf +++ /dev/null @@ -1,16 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later -# sbsigntool exists only on UEFI architectures - -[Match] -Architecture=|x86 -Architecture=|x86-64 -Architecture=|arm -Architecture=|arm64 -Architecture=|riscv32 -Architecture=|riscv64 - -[Content] -Packages= - sbsigntool - systemd-boot - systemd-boot-efi diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf deleted file mode 100644 index 4fb4f46..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf +++ /dev/null @@ -1,7 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Environment=NO_BUILD=1 - -[Content] -WithNetwork=yes diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.postinst b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.postinst deleted file mode 100755 index 314f235..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.postinst +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e - -# By default Suggests are not installed (and often Recommends are disabled too), which means we will miss -# the dlopen optional dependencies, but the tests need them, so parse them from the package metadata and -# install them. This is not an issue when building locally, as the build and runtime images are the same, -# so they would get installed as build dependencies anyway. - -if [ "$1" = "build" ] || ! ((NO_BUILD)); then - exit 0 -fi - -# Query the Recommends and Suggests of all systemd packages, by matching on the version -systemd_version="$(dpkg-query --showformat '${Version}' --show systemd)" -mapfile -t systemd_packages < <( dpkg --list | grep '^ii' | grep "$systemd_version" | awk '{print $2}' | tr '\n' ' ' ) -extra_packages=() -# shellcheck disable=SC2068 -for package in ${systemd_packages[@]}; do - # We are looking for dlopens, so filter for libraries - mapfile -t -O "${#extra_packages[@]}" extra_packages < <(dpkg-query --showformat '${Suggests}' --show "$package" | sed -e "s/, /\n/g" -e "s/|.*//" | grep "lib") - mapfile -t -O "${#extra_packages[@]}" extra_packages < <(dpkg-query --showformat '${Recommends}' --show "$package" | sed -e "s/, /\n/g" -e "s/|.*//" | grep "lib") -done - -if [ "${#extra_packages[@]}" -eq 0 ]; then - exit 0 -fi - -apt install "${extra_packages[@]}" diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.prepare b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.prepare deleted file mode 100755 index 645671a..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.prepare +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e - -if [ "$1" = "build" ] || ((NO_BUILD)); then - exit 0 -fi - -# shellcheck source=/dev/null -. "$BUILDROOT/usr/lib/os-release" - -if [ ! -d "pkg/$ID/debian" ]; then - echo "deb rules not found at pkg/$ID/debian, run mkosi once with -ff to make sure the rules are cloned" >&2 - exit 1 -fi - -cd "pkg/$ID" -DEB_BUILD_PROFILES="pkg.systemd.upstream" apt-get build-dep . diff --git a/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf deleted file mode 100644 index 50dfa11..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf +++ /dev/null @@ -1,8 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=debian - -[Content] -Packages= - linux-perf diff --git a/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf.d/arm64.conf b/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf.d/arm64.conf deleted file mode 100644 index af923fa..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf.d/arm64.conf +++ /dev/null @@ -1,8 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Architecture=arm64 - -[Content] -Packages= - linux-image-cloud-arm64 diff --git a/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf.d/x86-64.conf b/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf.d/x86-64.conf deleted file mode 100644 index 615de52..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf.d/x86-64.conf +++ /dev/null @@ -1,8 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Architecture=x86-64 - -[Content] -Packages= - linux-image-cloud-amd64 diff --git a/mkosi.images/system/mkosi.conf.d/10-fedora/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-fedora/mkosi.conf deleted file mode 100644 index c4617d2..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-fedora/mkosi.conf +++ /dev/null @@ -1,19 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=fedora - -[Content] -Environment= - GIT_URL=https://src.fedoraproject.org/rpms/systemd.git - GIT_BRANCH=rawhide - GIT_COMMIT=f9fe17dbdee7242ccd4fd2858128c8952890bdb8 - -Packages= - compsize - dnf5 - f2fs-tools - scsi-target-utils - # Required for systemd-networkd-tests.py (netdevsim and sch_xxx modules) - kernel-modules-extra - kernel-modules-internal diff --git a/mkosi.images/system/mkosi.conf.d/10-opensuse/initrd/mkosi.postinst b/mkosi.images/system/mkosi.conf.d/10-opensuse/initrd/mkosi.postinst deleted file mode 100755 index 417132f..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-opensuse/initrd/mkosi.postinst +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e - -# OpenSUSE insists on blacklisting erofs by default because its supposedly a legacy filesystem. -# See https://github.com/openSUSE/suse-module-tools/pull/71 -rm -f "$BUILDROOT/usr/lib/modprobe.d/60-blacklist_fs-erofs.conf" diff --git a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.build.chroot b/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.build.chroot deleted file mode 100755 index 67481d0..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.build.chroot +++ /dev/null @@ -1,141 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e - -if ((NO_BUILD)); then - exit 0 -fi - -# shellcheck source=/dev/null -. /usr/lib/os-release -ID="${ID%-*}" - -if [ ! -f "pkg/$ID/systemd.spec" ]; then - echo "spec not found at pkg/$ID/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2 - exit 1 -fi - -if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then - TS="$(git show --no-patch --format=%ct HEAD)" -else - TS="${SOURCE_DATE_EPOCH:-$(date +%s)}" -fi - -# The openSUSE filelists hardcode the manpage compression extension. This causes rpmbuild errors since we -# disable manpage compression as the files cannot be found. Fix the issue by removing the compression -# extension. -find "pkg/$ID" -name "files.*" -exec sed --in-place 's/\.gz$//' {} \; - -if systemd-analyze compare-versions "$(rpm --version | cut -d ' ' -f3)" lt "4.20"; then - # Fix the %install override so debuginfo packages are generated. - tee --append /usr/lib/rpm/suse/macros <<'EOF' -%install %{debug_package}\ -%%install\ -%{nil} -EOF -fi - -VERSION="$(cat meson.version)" -RELEASE="$(date "+%Y%m%d%H%M%S" --date "@$TS")" - -DIST="$(rpm --eval %dist)" -ARCH="$(rpm --eval %_arch)" -SRCDEST="/usr/src/debug/systemd-$VERSION-${RELEASE}${DIST}.$ARCH" - -MKOSI_CFLAGS="-O0 -Wp,-U_FORTIFY_SOURCE" -if ((WITH_DEBUG)); then - MKOSI_CFLAGS="$MKOSI_CFLAGS -fdebug-prefix-map=../src=$SRCDEST" -fi -if ((LLVM)); then - # TODO: Remove -fno-sanitize-function when https://github.com/systemd/systemd/issues/29972 is fixed. - MKOSI_CFLAGS="$MKOSI_CFLAGS -shared-libasan -fno-sanitize=function" -fi - -MKOSI_LDFLAGS="$(rpm --eval "%{?build_ldflags}")" -if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then - MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(clang --print-file-name="")lib/linux" -fi - -# A macro can't have an empty body and currently opensuse does not specify any of its own linker flags so -# set LDFLAGS to %{nil} if there are no linker flags. -if [[ -z "${MKOSI_LDFLAGS// }" ]]; then - MKOSI_LDFLAGS="%{nil}" -fi - -MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}" -if ((WIPE)); then - MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe" -fi - -# TODO: Drop when the spec is fixed (either the patch is adapted or not applied when building for upstream). -sed --in-place '/0009-pid1-handle-console-specificities-weirdness-for-s390.patch/d' "pkg/$ID/systemd.spec" - -build() { - IFS= - # shellcheck disable=SC2046 - env \ - --unset CFLAGS \ - --unset CXXFLAGS \ - --unset LDFLAGS \ - CC="$( ((LLVM)) && echo clang || echo gcc)" \ - CXX="$( ((LLVM)) && echo clang++ || echo g++)" \ - CC_LD="$( ((LLVM)) && echo lld)" \ - CXX_LD="$( ((LLVM)) && echo lld)" \ - rpmbuild \ - -bb \ - --build-in-place \ - --with upstream \ - $( ((WITH_TESTS)) || echo "--nocheck") \ - --define "_topdir /var/tmp" \ - --define "_sourcedir pkg/$ID" \ - --define "_rpmdir $OUTPUTDIR" \ - ${BUILDDIR:+"--define=_vpath_builddir $BUILDDIR"} \ - --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \ - --define "_binary_payload w.ufdio" \ - $( ((WITH_DEBUG)) || echo "--define=debug_package %{nil}") \ - --define "vendor openSUSE" \ - --define "version_override $VERSION" \ - --define "release_override $RELEASE" \ - --define "__check_files sh -c '$(rpm --define "_topdir /var/tmp" --eval %__check_files) | tee /tmp/unpackaged-files'" \ - --define "build_cflags $(rpm --eval "%{?build_cflags}") $MKOSI_CFLAGS $CFLAGS" \ - --define "build_cxxflags $(rpm --eval "%{?build_cxxflags}") $MKOSI_CFLAGS $CFLAGS" \ - --define "build_ldflags $MKOSI_LDFLAGS $LDFLAGS" \ - $( ((MESON_VERBOSE)) || echo "--undefine=__meson_verbose") \ - --define "meson_extra_configure_options $MKOSI_MESON_OPTIONS $MESON_OPTIONS" \ - --define "__os_install_post /usr/lib/rpm/brp-suse %{nil}" \ - --define "__elf_exclude_path ^/usr/lib/systemd/tests/unit-tests/.*$" \ - --define "__script_requires %{nil}" \ - --define "_find_debuginfo_dwz_opts %{nil}" \ - --define "_fixperms true" \ - --noclean \ - "$@" \ - "pkg/$ID/systemd.spec" - - EXIT_STATUS=$? - - # Make sure we don't reconfigure twice. - MKOSI_MESON_OPTIONS="${MKOSI_MESON_OPTIONS//"--wipe"/}" - - return $EXIT_STATUS -} - -if ! build; then - if [ ! -s /tmp/unpackaged-files ]; then - exit 1 - fi - - # rpm will append to any existing systemd.lang so delete it explicitly so we don't get duplicate file - # warnings. - rm systemd.lang - - grep -v ".debug" /tmp/unpackaged-files >>"pkg/$ID/files.systemd" - build --noprep --nocheck -fi - -( - shopt -s nullglob - rm -f "$BUILDDIR"/*.rpm -) - -cp "$OUTPUTDIR"/*.rpm "$PACKAGEDIR" -cp "$OUTPUTDIR"/*.rpm "$BUILDDIR" diff --git a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf deleted file mode 100644 index e488b2d..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf +++ /dev/null @@ -1,100 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=opensuse - -[Config] -InitrdInclude=initrd/ - -[Content] -Environment= - GIT_URL=https://src.opensuse.org/rpm/systemd - GIT_BRANCH=devel - GIT_COMMIT=23bfa9d83b6e24a5395a704b816a351f3dc5b5316e580cacedd1b5d9e068c117 - -VolatilePackages= - systemd - systemd-boot - systemd-container - systemd-devel - systemd-doc - systemd-experimental - systemd-homed - systemd-lang - systemd-network - systemd-portable - systemd-sysvcompat - systemd-testsuite - udev - -# We install gawk, gzip, grep, xz, sed, rsync and docbook-xsl-stylesheets here explicitly so that the busybox -# versions don't get installed instead. -Packages= - bind-utils - bpftool - cryptsetup - device-mapper - dhcp-server - docbook-xsl-stylesheets - f2fs-tools - gawk - gcc-c++ - git-core - glibc-locale-base - gnutls - grep - group(bin) - group(daemon) - group(games) - group(nobody) - group(root) - gzip - iputils - kernel-default - kmod - libasan8 - libkmod2 - libubsan1 - multipath-tools - open-iscsi - openssh-clients - openssh-server - pam - patterns-base-minimal_base - perf - procps4 - psmisc - python3-pefile - python3-pexpect - python3-psutil - quota - rpm-build - rsync - sbsigntools - sed - shadow - softhsm - squashfs - tgt - timezone - tpm2.0-tools - user(bin) - user(daemon) - user(games) - user(nobody) - user(root) - veritysetup - vim - xz - zypper - -InitrdPackages= - clang - kmod - libkmod2 - tpm2.0-tools - -InitrdVolatilePackages= - systemd - udev - systemd-experimental diff --git a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf.d/10-debug.conf b/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf.d/10-debug.conf deleted file mode 100644 index 6c57d04..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf.d/10-debug.conf +++ /dev/null @@ -1,21 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Environment=WITH_DEBUG=1 - -[Content] -VolatilePackages= - libsystemd0-debuginfo - libudev1-debuginfo - systemd-boot-debuginfo - systemd-container-debuginfo - systemd-debuginfo - systemd-debugsource - systemd-experimental-debuginfo - systemd-homed-debuginfo - systemd-journal-remote-debuginfo - systemd-network-debuginfo - systemd-portable-debuginfo - systemd-sysvcompat-debuginfo - systemd-testsuite-debuginfo - udev-debuginfo diff --git a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.prepare b/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.prepare deleted file mode 100755 index c57aa87..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.prepare +++ /dev/null @@ -1,64 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e - -if [ "$1" = "build" ] || ((NO_BUILD)); then - exit 0 -fi - -# shellcheck source=/dev/null -. "$BUILDROOT/usr/lib/os-release" -ID="${ID%-*}" - -if [ ! -f "pkg/$ID/systemd.spec" ]; then - echo "spec not found at pkg/$ID/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2 - exit 1 -fi - -# TODO: Drop when the spec is fixed (either the patch is adapted or not applied when building for upstream). -sed --in-place '/0009-pid1-handle-console-specificities-weirdness-for-s390.patch/d' "pkg/$ID/systemd.spec" - -for DEPS in --requires --buildrequires; do - mkosi-chroot \ - rpmspec \ - --with upstream \ - --query \ - "$DEPS" \ - --define "_topdir /var/tmp" \ - --define "_sourcedir pkg/$ID" \ - "pkg/$ID/systemd.spec" | - grep --invert-match --regexp systemd --regexp /bin/sh --regexp "rpmlib(" --regexp udev | - sort --unique | - tee /tmp/buildrequires | - xargs --delimiter '\n' mkosi-install -done - -until mkosi-chroot \ - rpmbuild \ - -bd \ - --build-in-place \ - --with upstream \ - --define "_topdir /var/tmp" \ - --define "_sourcedir pkg/$ID" \ - --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \ - "pkg/$ID/systemd.spec" -do - EXIT_STATUS=$? - if [ $EXIT_STATUS -ne 11 ]; then - exit $EXIT_STATUS - fi - - mkosi-chroot \ - rpm \ - --query \ - --package \ - --requires \ - /var/tmp/SRPMS/systemd-*.buildreqs.nosrc.rpm | - grep --invert-match '^rpmlib(' | - sort --unique >/tmp/dynamic-buildrequires - - sort /tmp/buildrequires /tmp/dynamic-buildrequires | - uniq --unique | - tee --append /tmp/buildrequires | - xargs --delimiter '\n' mkosi-install -done diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf deleted file mode 100644 index 86f9736..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf +++ /dev/null @@ -1,10 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=ubuntu - -[Content] -Packages= - linux-image-generic - linux-tools-common - linux-tools-virtual diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf deleted file mode 100644 index 582f038..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf +++ /dev/null @@ -1,10 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later -# The ports Ubuntu archive is for non i386/amd64 repositories - -[Match] -Architecture=!x86-64 -Architecture=!x86 -Release=noble - -[Distribution] -PackageManagerTrees=noble-backports-ports.sources:/etc/apt/sources.list.d/noble-backports-ports.sources diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf deleted file mode 100644 index 7347be9..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf +++ /dev/null @@ -1,10 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later -# The main Ubuntu archive is only for i386/amd64 repositories - -[Match] -Architecture=|x86-64 -Architecture=|x86 -Release=noble - -[Distribution] -PackageManagerTrees=noble-backports.sources:/etc/apt/sources.list.d/noble-backports.sources diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports-ports.sources b/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports-ports.sources deleted file mode 100644 index 5b96dc5..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports-ports.sources +++ /dev/null @@ -1,6 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later -Types: deb -URIs: http://ports.ubuntu.com -Suites: noble-backports -Components: main universe -Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports.sources b/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports.sources deleted file mode 100644 index d10c1e8..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports.sources +++ /dev/null @@ -1,6 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later -Types: deb -URIs: http://archive.ubuntu.com/ubuntu -Suites: noble-backports -Components: main universe -Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg diff --git a/mkosi.images/system/mkosi.conf.d/20-images.conf b/mkosi.images/system/mkosi.conf.d/20-images.conf deleted file mode 100644 index 8641984..0000000 --- a/mkosi.images/system/mkosi.conf.d/20-images.conf +++ /dev/null @@ -1,22 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Format=!none - -[Config] -Dependencies= - exitrd - minimal-base - minimal-0 - minimal-1 - -[Content] -ExtraTrees= - %O/minimal-0.root-%a.raw:/usr/share/minimal_0.raw - %O/minimal-0.root-%a-verity.raw:/usr/share/minimal_0.verity - %O/minimal-0.root-%a-verity-sig.raw:/usr/share/minimal_0.verity.sig - %O/minimal-1.root-%a.raw:/usr/share/minimal_1.raw - %O/minimal-1.root-%a-verity.raw:/usr/share/minimal_1.verity - %O/minimal-1.root-%a-verity-sig.raw:/usr/share/minimal_1.verity.sig - %O/minimal-base:/usr/share/TEST-13-NSPAWN-container-template - %O/exitrd:/exitrd diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.conf deleted file mode 100644 index 8c1920b..0000000 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.conf +++ /dev/null @@ -1,15 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Profile=particle - -[Output] -RepartDirectories= -RepartDirectories=mkosi.repart - -[Validation] -@SecureBoot=yes -@SignExpectedPcr=yes - -[Host] -@RuntimeSize=8G diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/15-swap.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/15-swap.conf deleted file mode 100644 index 3755278..0000000 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/15-swap.conf +++ /dev/null @@ -1,6 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Partition] -Type=swap -SizeMinBytes=100M -SizeMaxBytes=100M diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/20-root.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/20-root.conf deleted file mode 100644 index 2f92af2..0000000 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/20-root.conf +++ /dev/null @@ -1,6 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Partition] -Type=root -Format=btrfs -SizeMinBytes=1G diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf deleted file mode 100644 index dac79ba..0000000 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf +++ /dev/null @@ -1,3 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -C+! /etc - - - - /usr/share/factory/mkosi diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.finalize b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.finalize deleted file mode 100755 index 69f9554..0000000 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.finalize +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e - -mkdir -p "$BUILDROOT"/usr/share/factory/mkosi -cp --archive --recursive --no-target-directory --reflink=auto "$BUILDROOT"/etc "$BUILDROOT"/usr/share/factory/mkosi diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.postinst.chroot b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.postinst.chroot deleted file mode 100755 index 95e0552..0000000 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.postinst.chroot +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e - -# sbsign is not available on CentOS Stream -if command -v sbsign &>/dev/null; then - # Ensure that side-loaded PE addons are loaded if signed, and ignored if not - addons_dir=/efi/loader/addons - mkdir -p "$addons_dir" - ukify build --secureboot-private-key mkosi.key --secureboot-certificate mkosi.crt --cmdline this_should_be_here -o "$addons_dir/good.addon.efi" - ukify build --cmdline this_should_not_be_here -o "$addons_dir/bad.addon.efi" -fi diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/00-esp.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/00-esp.conf deleted file mode 100644 index 391543d..0000000 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/00-esp.conf +++ /dev/null @@ -1,9 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Partition] -Type=esp -Format=vfat -CopyFiles=/boot:/ -CopyFiles=/efi:/ -SizeMinBytes=1G -SizeMaxBytes=1G diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/10-usr.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/10-usr.conf deleted file mode 100644 index 343761d..0000000 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/10-usr.conf +++ /dev/null @@ -1,9 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Partition] -Type=usr -Format=erofs -CopyFiles=/usr:/ -Verity=data -VerityMatchKey=usr -Minimize=yes diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/11-usr-verity.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/11-usr-verity.conf deleted file mode 100644 index b4d45dd..0000000 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/11-usr-verity.conf +++ /dev/null @@ -1,7 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Partition] -Type=usr-verity -Verity=hash -VerityMatchKey=usr -Minimize=yes diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/12-usr-verity-sig.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/12-usr-verity-sig.conf deleted file mode 100644 index 1841d0a..0000000 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/12-usr-verity-sig.conf +++ /dev/null @@ -1,6 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Partition] -Type=usr-verity-sig -Verity=signature -VerityMatchKey=usr diff --git a/mkosi.images/system/mkosi.extra/.autorelabel b/mkosi.images/system/mkosi.extra/.autorelabel deleted file mode 100644 index bd4fba4..0000000 --- a/mkosi.images/system/mkosi.extra/.autorelabel +++ /dev/null @@ -1 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later diff --git a/mkosi.images/system/mkosi.extra/etc/iscsi/iscsid.conf b/mkosi.images/system/mkosi.extra/etc/iscsi/iscsid.conf deleted file mode 100644 index fcf4cd9..0000000 --- a/mkosi.images/system/mkosi.extra/etc/iscsi/iscsid.conf +++ /dev/null @@ -1,3 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -iscsid.startup = /usr/bin/systemctl start iscsid.socket diff --git a/mkosi.images/system/mkosi.extra/etc/issue b/mkosi.images/system/mkosi.extra/etc/issue deleted file mode 100644 index 6aa6fc0..0000000 --- a/mkosi.images/system/mkosi.extra/etc/issue +++ /dev/null @@ -1,2 +0,0 @@ -\S (built from systemd tree) -Kernel \r on an \m (\l) diff --git a/mkosi.images/system/mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf b/mkosi.images/system/mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf deleted file mode 100644 index 657ac72..0000000 --- a/mkosi.images/system/mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf +++ /dev/null @@ -1,4 +0,0 @@ -# Ubuntu since Noble disables unprivileged user namespaces by default, re-enable them as they are needed -# for integration tests -kernel.apparmor_restrict_unprivileged_unconfined = 0 -kernel.apparmor_restrict_unprivileged_userns = 0 diff --git a/mkosi.images/system/mkosi.extra/usr/lib/systemd/journald.conf.d/ratelimit.conf b/mkosi.images/system/mkosi.extra/usr/lib/systemd/journald.conf.d/ratelimit.conf deleted file mode 100644 index 3baede4..0000000 --- a/mkosi.images/system/mkosi.extra/usr/lib/systemd/journald.conf.d/ratelimit.conf +++ /dev/null @@ -1,5 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Journal] -RateLimitIntervalSec=0 -RateLimitBurst=0 diff --git a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system-preset/00-mkosi.preset b/mkosi.images/system/mkosi.extra/usr/lib/systemd/system-preset/00-mkosi.preset deleted file mode 100644 index c364058..0000000 --- a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system-preset/00-mkosi.preset +++ /dev/null @@ -1,41 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -# mkosi adds its own ssh units via the --ssh switch so disable the default ones. -disable ssh.service -disable sshd.service - -# These are started manually in integration tests so don't start them by default. -disable dnsmasq.service -disable isc-dhcp-server.service -disable isc-dhcp-server6.service - -# Pulled in via dracut-network by kexec-tools on Fedora. -disable NetworkManager* - -# Make sure dbus-broker is started by default on Debian/Ubuntu. -enable dbus-broker.service - -# systemd-networkd is disabled by default on Fedora so make sure it is enabled. -enable systemd-networkd.service -enable systemd-networkd-wait-online.service - -# systemd-resolved is disable by default on CentOS so make sure it is enabled. -enable systemd-resolved.service - -# We install dnf in some images but it's only going to be used rarely, -# so let's not have dnf create its cache. -disable dnf-makecache.* - -# We have journald to receive audit data so let's make sure we're not running auditd as well -disable auditd.service - -# systemd-timesyncd is not enabled by default in the default systemd preset so enable it here instead. -enable systemd-timesyncd.service - -# Skipped if selinux is not enabled, required for TEST-06-SELINUX. -enable autorelabel.service - -# Enabled by default on OpenSUSE and not conditioned out in containers, so let's disable these here instead. -disable iscsi.service -disable iscsid.socket -disable iscsiuio.socket diff --git a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system-preset/99-mkosi.preset b/mkosi.images/system/mkosi.extra/usr/lib/systemd/system-preset/99-mkosi.preset deleted file mode 100644 index 710ee7c..0000000 --- a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system-preset/99-mkosi.preset +++ /dev/null @@ -1,4 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -# Make sure that services are disabled by default (primarily for Debian/Ubuntu). -disable * diff --git a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system/iscsi-init.service.d/asan.conf b/mkosi.images/system/mkosi.extra/usr/lib/systemd/system/iscsi-init.service.d/asan.conf deleted file mode 100644 index ebf7899..0000000 --- a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system/iscsi-init.service.d/asan.conf +++ /dev/null @@ -1,7 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -# The iscsi-init.service calls `sh` which might, in certain circumstances, pull in instrumented systemd NSS -# modules causing `sh` to fail. Avoid the issue by setting LD_PRELOAD to load the sanitizer libraries if -# needed. -[Service] -EnvironmentFile=-/usr/lib/systemd/systemd-asan-env diff --git a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system/user@.service.d/99-SYSTEMD_UNIT_PATH.conf b/mkosi.images/system/mkosi.extra/usr/lib/systemd/system/user@.service.d/99-SYSTEMD_UNIT_PATH.conf deleted file mode 100644 index d0093b7..0000000 --- a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system/user@.service.d/99-SYSTEMD_UNIT_PATH.conf +++ /dev/null @@ -1,4 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Service] -PassEnvironment=SYSTEMD_UNIT_PATH diff --git a/mkosi.images/system/mkosi.extra/usr/lib/tmpfiles.d/locale.conf b/mkosi.images/system/mkosi.extra/usr/lib/tmpfiles.d/locale.conf deleted file mode 100644 index e1a8e81..0000000 --- a/mkosi.images/system/mkosi.extra/usr/lib/tmpfiles.d/locale.conf +++ /dev/null @@ -1 +0,0 @@ -L /etc/default/locale - - - - ../locale.conf diff --git a/mkosi.images/system/mkosi.extra/usr/share/dbus-1/system.d/systemd.test.ExecStopPost.conf b/mkosi.images/system/mkosi.extra/usr/share/dbus-1/system.d/systemd.test.ExecStopPost.conf deleted file mode 100644 index ddd36ed..0000000 --- a/mkosi.images/system/mkosi.extra/usr/share/dbus-1/system.d/systemd.test.ExecStopPost.conf +++ /dev/null @@ -1,13 +0,0 @@ - - - - - - - - - - diff --git a/mkosi.images/system/mkosi.postinst.chroot b/mkosi.images/system/mkosi.postinst.chroot deleted file mode 100755 index 4686802..0000000 --- a/mkosi.images/system/mkosi.postinst.chroot +++ /dev/null @@ -1,172 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e -set -o nounset - -useradd --uid 4711 --create-home --user-group testuser - -if command -v authselect >/dev/null; then - # authselect 1.5.0 renamed the minimal profile to the local profile without keeping backwards compat so - # let's use the new name if it exists. - if [ -d /usr/share/authselect/default/local ]; then - PROFILE=local - else - PROFILE=minimal - fi - - authselect select "$PROFILE" - - if authselect list-features "$PROFILE" | grep -q "with-homed"; then - authselect enable-feature with-homed - fi -fi - -# Let tmpfiles.d/systemd-resolve.conf handle the symlink. /etc/resolv.conf might be mounted over so undo that -# if that's the case. -mountpoint -q /etc/resolv.conf && umount /etc/resolv.conf -rm -f /etc/resolv.conf - -for f in "$BUILDROOT"/usr/share/*.verity.sig; do - jq --join-output '.rootHash' "$f" >"${f%.verity.sig}.roothash" -done - -# We want /var/log/journal to be created on first boot so it can be created with the right chattr settings by -# systemd-journald. -rm -r "$BUILDROOT/var/log/journal" - -rm -f /etc/nsswitch.conf -cp "$SRCDIR/factory/etc/nsswitch.conf" /etc/nsswitch.conf - -# Remove to make TEST-73-LOCALE pass on Ubuntu. -rm -f /etc/default/keyboard - -# This is executed inside the chroot so no need to disable any features as the default features will match -# the kernel's supported features. -SYSTEMD_REPART_MKFS_OPTIONS_EXT4="" \ - systemd-repart \ - --empty=create \ - --dry-run=no \ - --size=auto \ - --offline=true \ - --root test/TEST-24-CRYPTSETUP \ - --definitions test/TEST-24-CRYPTSETUP/keydev.repart \ - "$OUTPUTDIR/keydev.raw" - -can_test_pkcs11() { - if ! command -v "softhsm2-util" >/dev/null; then - echo "softhsm2-util not available, skipping the PKCS#11 test" >&2 - return 1 - fi - if ! command -v "pkcs11-tool" >/dev/null; then - echo "pkcs11-tool not available, skipping the PKCS#11 test" >&2 - return 1 - fi - if ! command -v "certtool" >/dev/null; then - echo "certtool not available, skipping the PKCS#11 test" >&2 - return 1 - fi - if ! systemctl --version | grep -q "+P11KIT"; then - echo "Support for p11-kit is disabled, skipping the PKCS#11 test" >&2 - return 1 - fi - if ! systemctl --version | grep -q "+OPENSSL"; then - echo "Support for openssl is disabled, skipping the PKCS#11 test" >&2 - return 1 - fi - if ! systemctl --version | grep -q "+LIBCRYPTSETUP\b"; then - echo "Support for libcryptsetup is disabled, skipping the PKCS#11 test" >&2 - return 1 - fi - if ! systemctl --version | grep -q "+LIBCRYPTSETUP_PLUGINS"; then - echo "Support for libcryptsetup plugins is disabled, skipping the PKCS#11 test" >&2 - return 1 - fi - - return 0 -} - -setup_pkcs11_token() { - echo "Setup PKCS#11 token" >&2 - local P11_MODULE_CONFIGS_DIR P11_MODULE_DIR SOFTHSM_MODULE - - export SOFTHSM2_CONF="/tmp/softhsm2.conf" - mkdir -p /usr/lib/softhsm/tokens/ - cat >$SOFTHSM2_CONF <&2 - P11_MODULE_CONFIGS_DIR="/usr/share/p11-kit/modules" - fi - - if ! P11_MODULE_DIR=$(pkg-config --variable=p11_module_path p11-kit-1); then - echo "WARNING! Cannot get p11_module_path from p11-kit-1.pc, assuming /usr/lib/pkcs11" >&2 - P11_MODULE_DIR="/usr/lib/pkcs11" - fi - - SOFTHSM_MODULE=$(grep -F 'module:' "$P11_MODULE_CONFIGS_DIR/softhsm2.module"| cut -d ':' -f 2| xargs) - if [[ "$SOFTHSM_MODULE" =~ ^[^/] ]]; then - SOFTHSM_MODULE="$P11_MODULE_DIR/$SOFTHSM_MODULE" - fi - - # RSA ##################################################### - pkcs11-tool --module "$SOFTHSM_MODULE" --token-label "TestToken" --pin "env:GNUTLS_PIN" --so-pin "env:GNUTLS_SO_PIN" --keypairgen --key-type "RSA:2048" --label "RSATestKey" --usage-decrypt - - certtool --generate-self-signed \ - --load-privkey="pkcs11:token=TestToken;object=RSATestKey;type=private" \ - --load-pubkey="pkcs11:token=TestToken;object=RSATestKey;type=public" \ - --template "test/TEST-24-CRYPTSETUP/template.cfg" \ - --outder --outfile "/tmp/rsa_test.crt" - - pkcs11-tool --module "$SOFTHSM_MODULE" --token-label "TestToken" --pin "env:GNUTLS_PIN" --so-pin "env:GNUTLS_SO_PIN" --write-object "/tmp/rsa_test.crt" --type cert --label "RSATestKey" - rm "/tmp/rsa_test.crt" - - # prime256v1 ############################################## - pkcs11-tool --module "$SOFTHSM_MODULE" --token-label "TestToken" --pin "env:GNUTLS_PIN" --so-pin "env:GNUTLS_SO_PIN" --keypairgen --key-type "EC:prime256v1" --label "ECTestKey" --usage-derive - - certtool --generate-self-signed \ - --load-privkey="pkcs11:token=TestToken;object=ECTestKey;type=private" \ - --load-pubkey="pkcs11:token=TestToken;object=ECTestKey;type=public" \ - --template "test/TEST-24-CRYPTSETUP/template.cfg" \ - --outder --outfile "/tmp/ec_test.crt" - - pkcs11-tool --module "$SOFTHSM_MODULE" --token-label "TestToken" --pin "env:GNUTLS_PIN" --so-pin "env:GNUTLS_SO_PIN" --write-object "/tmp/ec_test.crt" --type cert --label "ECTestKey" - rm "/tmp/ec_test.crt" - - ########################################################### - rm "$SOFTHSM2_CONF" - unset SOFTHSM2_CONF - - cat >/etc/softhsm2.conf </etc/systemd/system/systemd-cryptsetup@.service.d/PKCS11.conf </etc/systemd/system/systemd-journald.service.d/10-stdout-tty.conf < 50s when built with sanitizers so let's not run it by default. -systemctl mask systemd-hwdb-update.service - -ASAN_RT_PATH="$(grep libasan.so < <(ldd /usr/lib/systemd/systemd) | cut -d ' ' -f 3)" -if [[ -z "$ASAN_RT_PATH" ]]; then - ASAN_RT_PATH="$(grep libclang_rt.asan < <(ldd /usr/lib/systemd/systemd) | cut -d ' ' -f 3)" - - # As clang's ASan DSO is usually in a non-standard path, let's check if the RUNPATH is set accordingly. - if ldd /usr/lib/systemd/systemd | grep -q "libclang_rt.asan.*not found"; then - echo >&2 "clang's ASan DSO libclang_rt.asan is not present in the runtime library path" - exit 1 - fi -fi -if [[ -z "$ASAN_RT_PATH" ]]; then - echo >&2 "systemd is not linked against the ASan DSO" - echo >&2 "gcc does this by default, for clang compile with -shared-libasan" - exit 1 -fi - -wrap=( - /usr/lib/polkit-1/polkitd - /usr/libexec/polkit-1/polkitd - agetty - btrfs - capsh - chgrp - chown - cryptsetup - curl - dbus-broker-launch - dbus-daemon - delv - dhcpd - dig - dmsetup - dnsmasq - findmnt - getent - getfacl - id - integritysetup - iscsid - kpartx - logger - login - ls - lsblk - lvm - mdadm - mkfs.btrfs - mkfs.erofs - mkfs.ext4 - mkfs.vfat - mkfs.xfs - mksquashfs - mkswap - multipath - multipathd - nvme - p11-kit - pkill - ps - setfacl - setpriv - sshd - stat - su - tar - tgtd - useradd - userdel - veritysetup -) - -for bin in "${wrap[@]}"; do - if ! command -v "$bin" >/dev/null; then - continue - fi - - if [[ "$bin" == getent ]]; then - enable_lsan=1 - else - enable_lsan=0 - fi - - target="$(command -v "$bin")" - - mv "$target" "$target.orig" - - cat >"$target" </usr/lib/systemd/systemd-asan-env </dev/null; then + # authselect 1.5.0 renamed the minimal profile to the local profile without keeping backwards compat so + # let's use the new name if it exists. + if [ -d /usr/share/authselect/default/local ]; then + PROFILE=local + else + PROFILE=minimal + fi + + authselect select "$PROFILE" + + if authselect list-features "$PROFILE" | grep -q "with-homed"; then + authselect enable-feature with-homed + fi +fi + +# Let tmpfiles.d/systemd-resolve.conf handle the symlink. /etc/resolv.conf might be mounted over so undo that +# if that's the case. +mountpoint -q /etc/resolv.conf && umount /etc/resolv.conf +rm -f /etc/resolv.conf + +for f in "$BUILDROOT"/usr/share/*.verity.sig; do + jq --join-output '.rootHash' "$f" >"${f%.verity.sig}.roothash" +done + +# We want /var/log/journal to be created on first boot so it can be created with the right chattr settings by +# systemd-journald. +rm -rf "$BUILDROOT/var/log/journal" + +rm -f /etc/nsswitch.conf +cp "$SRCDIR/factory/etc/nsswitch.conf" /etc/nsswitch.conf + +# Remove to make TEST-73-LOCALE pass on Ubuntu. +rm -f /etc/default/keyboard + +# This is executed inside the chroot so no need to disable any features as the default features will match +# the kernel's supported features. +SYSTEMD_REPART_MKFS_OPTIONS_EXT4="" \ + systemd-repart \ + --empty=create \ + --dry-run=no \ + --size=auto \ + --offline=true \ + --root test/TEST-24-CRYPTSETUP \ + --definitions test/TEST-24-CRYPTSETUP/keydev.repart \ + "$OUTPUTDIR/keydev.raw" + +can_test_pkcs11() { + if ! command -v "softhsm2-util" >/dev/null; then + echo "softhsm2-util not available, skipping the PKCS#11 test" >&2 + return 1 + fi + if ! command -v "pkcs11-tool" >/dev/null; then + echo "pkcs11-tool not available, skipping the PKCS#11 test" >&2 + return 1 + fi + if ! command -v "certtool" >/dev/null; then + echo "certtool not available, skipping the PKCS#11 test" >&2 + return 1 + fi + if ! systemctl --version | grep -q "+P11KIT"; then + echo "Support for p11-kit is disabled, skipping the PKCS#11 test" >&2 + return 1 + fi + if ! systemctl --version | grep -q "+OPENSSL"; then + echo "Support for openssl is disabled, skipping the PKCS#11 test" >&2 + return 1 + fi + if ! systemctl --version | grep -q "+LIBCRYPTSETUP\b"; then + echo "Support for libcryptsetup is disabled, skipping the PKCS#11 test" >&2 + return 1 + fi + if ! systemctl --version | grep -q "+LIBCRYPTSETUP_PLUGINS"; then + echo "Support for libcryptsetup plugins is disabled, skipping the PKCS#11 test" >&2 + return 1 + fi + + return 0 +} + +setup_pkcs11_token() { + echo "Setup PKCS#11 token" >&2 + local P11_MODULE_CONFIGS_DIR P11_MODULE_DIR SOFTHSM_MODULE + + export SOFTHSM2_CONF="/tmp/softhsm2.conf" + mkdir -p /usr/lib/softhsm/tokens/ + cat >$SOFTHSM2_CONF <&2 + P11_MODULE_CONFIGS_DIR="/usr/share/p11-kit/modules" + fi + + if ! P11_MODULE_DIR=$(pkg-config --variable=p11_module_path p11-kit-1); then + echo "WARNING! Cannot get p11_module_path from p11-kit-1.pc, assuming /usr/lib/pkcs11" >&2 + P11_MODULE_DIR="/usr/lib/pkcs11" + fi + + SOFTHSM_MODULE=$(grep -F 'module:' "$P11_MODULE_CONFIGS_DIR/softhsm2.module"| cut -d ':' -f 2| xargs) + if [[ "$SOFTHSM_MODULE" =~ ^[^/] ]]; then + SOFTHSM_MODULE="$P11_MODULE_DIR/$SOFTHSM_MODULE" + fi + + # RSA ##################################################### + pkcs11-tool --module "$SOFTHSM_MODULE" --token-label "TestToken" --pin "env:GNUTLS_PIN" --so-pin "env:GNUTLS_SO_PIN" --keypairgen --key-type "RSA:2048" --label "RSATestKey" --usage-decrypt + + certtool --generate-self-signed \ + --load-privkey="pkcs11:token=TestToken;object=RSATestKey;type=private" \ + --load-pubkey="pkcs11:token=TestToken;object=RSATestKey;type=public" \ + --template "test/TEST-24-CRYPTSETUP/template.cfg" \ + --outder --outfile "/tmp/rsa_test.crt" + + pkcs11-tool --module "$SOFTHSM_MODULE" --token-label "TestToken" --pin "env:GNUTLS_PIN" --so-pin "env:GNUTLS_SO_PIN" --write-object "/tmp/rsa_test.crt" --type cert --label "RSATestKey" + rm "/tmp/rsa_test.crt" + + # prime256v1 ############################################## + pkcs11-tool --module "$SOFTHSM_MODULE" --token-label "TestToken" --pin "env:GNUTLS_PIN" --so-pin "env:GNUTLS_SO_PIN" --keypairgen --key-type "EC:prime256v1" --label "ECTestKey" --usage-derive + + certtool --generate-self-signed \ + --load-privkey="pkcs11:token=TestToken;object=ECTestKey;type=private" \ + --load-pubkey="pkcs11:token=TestToken;object=ECTestKey;type=public" \ + --template "test/TEST-24-CRYPTSETUP/template.cfg" \ + --outder --outfile "/tmp/ec_test.crt" + + pkcs11-tool --module "$SOFTHSM_MODULE" --token-label "TestToken" --pin "env:GNUTLS_PIN" --so-pin "env:GNUTLS_SO_PIN" --write-object "/tmp/ec_test.crt" --type cert --label "ECTestKey" + rm "/tmp/ec_test.crt" + + ########################################################### + rm "$SOFTHSM2_CONF" + unset SOFTHSM2_CONF + + cat >/etc/softhsm2.conf </etc/systemd/system/systemd-cryptsetup@.service.d/PKCS11.conf <"$BUILDROOT"/etc/systemd/system/systemd-journald.service.d/10-stdout-tty.conf < 50s when built with sanitizers so let's not run it by default. +systemctl --root="$BUILDROOT" mask systemd-hwdb-update.service + +ASAN_RT_PATH="$(grep libasan.so < <(mkosi-chroot ldd "$LIBSYSTEMD") | cut -d ' ' -f 3)" +if [[ -z "$ASAN_RT_PATH" ]]; then + ASAN_RT_PATH="$(grep libclang_rt.asan < <(mkosi-chroot ldd "$LIBSYSTEMD") | cut -d ' ' -f 3)" + + # As clang's ASan DSO is usually in a non-standard path, let's check if the RUNPATH is set accordingly. + if mkosi-chroot ldd "$LIBSYSTEMD" | grep -q "libclang_rt.asan.*not found"; then + echo >&2 "clang's ASan DSO libclang_rt.asan is not present in the runtime library path" + exit 1 + fi +fi +if [[ -z "$ASAN_RT_PATH" ]]; then + echo >&2 "systemd is not linked against the ASan DSO" + echo >&2 "gcc does this by default, for clang compile with -shared-libasan" + exit 1 +fi + +wrap=( + /usr/lib/polkit-1/polkitd + /usr/libexec/polkit-1/polkitd + agetty + btrfs + capsh + chgrp + chown + cryptsetup + curl + dbus-broker-launch + dbus-daemon + delv + dhcpd + dig + dmsetup + dnsmasq + findmnt + getent + getfacl + id + integritysetup + iscsid + kpartx + logger + login + ls + lsblk + lvm + mdadm + mkfs.btrfs + mkfs.erofs + mkfs.ext4 + mkfs.vfat + mkfs.xfs + mksquashfs + mkswap + multipath + multipathd + nvme + p11-kit + pkill + ps + setfacl + setpriv + sshd + stat + su + tar + tgtd + useradd + userdel + veritysetup +) + +for bin in "${wrap[@]}"; do + if ! mkosi-chroot command -v "$bin" >/dev/null; then + continue + fi + + if [[ "$bin" == getent ]]; then + enable_lsan=1 + else + enable_lsan=0 + fi + + target="$(mkosi-chroot command -v "$bin")" + + mv "$BUILDROOT/$target" "$BUILDROOT/$target.orig" + + cat >"$BUILDROOT/$target" <"$BUILDROOT"/usr/lib/systemd/systemd-asan-env <, 2020, 2021. # Arnaud T. , 2021. # blutch112 , 2022. -# Pierre GRASSER , 2023, 2024. +# Léane GRASSER , 2023, 2024. msgid "" msgstr "" "Report-Msgid-Bugs-To: \n" diff --git a/rules.d/70-uaccess.rules.in b/rules.d/70-uaccess.rules.in index b82ce04..796e384 100644 --- a/rules.d/70-uaccess.rules.in +++ b/rules.d/70-uaccess.rules.in @@ -97,4 +97,8 @@ SUBSYSTEM=="hidraw", ENV{ID_AV_PRODUCTION_CONTROLLER}=="1", TAG+="uaccess" # This also allows accessing HID devices with the libusb backend of hidapi. SUBSYSTEM=="usb", ENV{ID_AV_PRODUCTION_CONTROLLER}=="1", TAG+="uaccess" +# Hardware wallets +SUBSYSTEM=="usb", ENV{ID_HARDWARE_WALLET}=="1", TAG+="uaccess" +SUBSYSTEM=="hidraw", ENV{ID_HARDWARE_WALLET}=="1", TAG+="uaccess" + LABEL="uaccess_end" diff --git a/shell-completion/zsh/_networkctl b/shell-completion/zsh/_networkctl index 6969797..ad5b91f 100644 --- a/shell-completion/zsh/_networkctl +++ b/shell-completion/zsh/_networkctl @@ -29,7 +29,7 @@ (list|status|up|down|cat|edit|lldp|delete|renew|forcerenew|reconfigure) for link in ${(f)"$(_call_program links networkctl list --no-legend)"}; do _links+=($link[(w)2]:$link); done if [[ -n "$_links" ]]; then - _describe -t links 'links' _links _links $( [[ $cmd == (edit|cat) ]] && print -- -P@ ) + _describe -t links 'links' _links $( [[ $cmd == (edit|cat) ]] && print -- -P@ ) else _message "no links" fi diff --git a/shell-completion/zsh/_varlinkctl b/shell-completion/zsh/_varlinkctl new file mode 100644 index 0000000..720700d --- /dev/null +++ b/shell-completion/zsh/_varlinkctl @@ -0,0 +1,52 @@ +#compdef varlinkctl +# SPDX-License-Identifier: LGPL-2.1-or-later + +local -a reply line + +_varlinkctl_interfaces() { + local expl + _wanted varlink-interfaces expl interface compadd "$@" -- \ + "${(@f)$(_call_program varlink-interfaces varlinkctl list-interfaces $line[2])}" +} + +_varlinkctl_methods() { + local expl + _wanted varlink-interfaces expl method compadd "$@" -- \ + "${(@f)$(_call_program varlink-methods varlinkctl list-methods $line[2])}" +} + +local -a varlink_addr=( + /$'[^\0]#\0'/ ':varlink-address:varlink address:_files -g "*(=)"' +) +local -a varlink_interface=( + $varlink_addr + /$'[^\0]#\0'/ ':varlink-interface:varlink interface:_varlinkctl_interfaces' +) +local -a varlink_method=( + $varlink_addr + /$'[^\0]#\0'/ ':varlink-method:varlink method:_varlinkctl_methods' +) +local -a varlink_call=($varlink_method /$'[^\0]#\0'/ ':argument:argument:()') +local -a varlink_idl=(/$'[^\0]#\0'/ ':varlink-idl-file:idl file:_files') + +_regex_words varlink-commands 'varlink command' \ + 'info:show service information:$varlink_addr' \ + 'list-interfaces:List interfaces implemented by a service:$varlink_addr' \ + 'list-methods:List methods implemented by an interface:$varlink_interface' \ + 'introspect:show an interface definition:$varlink_interface' \ + 'call:invoke a method:$varlink_call' \ + 'validate-idl:validate an interface description:$varlink_idl' \ + 'help:show a help message' + +local -a varlinkcmd=( /$'[^\0]#\0'/ "$reply[@]" ) +_regex_arguments _varlinkctl_command "$varlinkcmd[@]" + +local -a opts=( + {-h,--help}'[Show a help message and exit]' + '--version[Show package version and exit]' + '--no-pager[Do not pipe output to a pager]' + '--more[Request multiple responses]' + '--collect[Collect multiple responses in a JSON array]' + {-j+,--json=}'[Output as json]:json-mode:(pretty short)' +) +_arguments -S $opts '*:: := _varlinkctl_command' diff --git a/shell-completion/zsh/meson.build b/shell-completion/zsh/meson.build index acbf34e..ea540c7 100644 --- a/shell-completion/zsh/meson.build +++ b/shell-completion/zsh/meson.build @@ -23,6 +23,7 @@ items = [['_busctl', ''], ['_systemd-run', ''], ['_run0', ''], ['_udevadm', ''], + ['_varlinkctl', ''], ['_kernel-install', 'ENABLE_KERNEL_INSTALL'], ['_sd_hosts_or_user_at_host', ''], ['_sd_outputmodes', ''], diff --git a/src/basic/meson.build b/src/basic/meson.build index 9a21457..b538775 100644 --- a/src/basic/meson.build +++ b/src/basic/meson.build @@ -274,7 +274,7 @@ filesystem_switch_case_h = custom_target( basic_sources += [filesystem_list_h, filesystem_switch_case_h, filesystems_gperf_h] -libbasic = static_library( +libbasic_static = static_library( 'basic', basic_sources, fundamental_sources, diff --git a/src/basic/terminal-util.c b/src/basic/terminal-util.c index dda5920..3a1b7b2 100644 --- a/src/basic/terminal-util.c +++ b/src/basic/terminal-util.c @@ -584,8 +584,9 @@ int vt_disallocate(const char *name) { (void) loop_write(fd2, "\033[r" /* clear scrolling region */ "\033[H" /* move home */ - "\033[3J", /* clear screen including scrollback, requires Linux 2.6.40 */ - 10); + "\033[3J" /* clear screen including scrollback, requires Linux 2.6.40 */ + "\033c", /* reset to initial state */ + SIZE_MAX); return 0; } @@ -1558,7 +1559,6 @@ int terminal_reset_ansi_seq(int fd) { return log_debug_errno(r, "Failed to set terminal to non-blocking mode: %m"); k = loop_write_full(fd, - "\033c" /* reset to initial state */ "\033[!p" /* soft terminal reset */ "\033]104\007" /* reset colors */ "\033[?7h", /* enable line-wrapping */ diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c index 8287c21..e1f0817 100644 --- a/src/boot/efi/boot.c +++ b/src/boot/efi/boot.c @@ -1337,7 +1337,7 @@ static void boot_entry_parse_tries( return; /* Boot counter in the middle of the name? */ - if (!streq16(counter, suffix)) + if (!strcaseeq16(counter, suffix)) return; entry->tries_left = tries_left; diff --git a/src/core/cgroup.c b/src/core/cgroup.c index 34fd2a2..76d7629 100644 --- a/src/core/cgroup.c +++ b/src/core/cgroup.c @@ -102,8 +102,9 @@ bool unit_has_startup_cgroup_constraints(Unit *u) { c->startup_memory_low_set; } -bool unit_has_host_root_cgroup(Unit *u) { +bool unit_has_host_root_cgroup(const Unit *u) { assert(u); + assert(u->manager); /* Returns whether this unit manages the root cgroup. This will return true if this unit is the root slice and * the manager manages the root cgroup. */ @@ -2685,7 +2686,7 @@ int unit_set_cgroup_path(Unit *u, const char *path) { if (crt && streq_ptr(crt->cgroup_path, path)) return 0; - unit_release_cgroup(u); + unit_release_cgroup(u, /* drop_cgroup_runtime = */ true); crt = unit_setup_cgroup_runtime(u); if (!crt) @@ -3483,7 +3484,7 @@ int unit_realize_cgroup(Unit *u) { return unit_realize_cgroup_now(u, manager_state(u->manager)); } -void unit_release_cgroup(Unit *u) { +void unit_release_cgroup(Unit *u, bool drop_cgroup_runtime) { assert(u); /* Forgets all cgroup details for this cgroup — but does *not* destroy the cgroup. This is hence OK to call @@ -3514,7 +3515,8 @@ void unit_release_cgroup(Unit *u) { crt->cgroup_memory_inotify_wd = -1; } - *(CGroupRuntime**) ((uint8_t*) u + UNIT_VTABLE(u)->cgroup_runtime_offset) = cgroup_runtime_free(crt); + if (drop_cgroup_runtime) + *(CGroupRuntime**) ((uint8_t*) u + UNIT_VTABLE(u)->cgroup_runtime_offset) = cgroup_runtime_free(crt); } int unit_cgroup_is_empty(Unit *u) { @@ -3535,22 +3537,24 @@ int unit_cgroup_is_empty(Unit *u) { return r; } -bool unit_maybe_release_cgroup(Unit *u) { +static bool unit_maybe_release_cgroup(Unit *u) { int r; - assert(u); + /* Releases the cgroup only if it is recursively empty. + * Returns true if the cgroup was released, false otherwise. */ - CGroupRuntime *crt = unit_get_cgroup_runtime(u); - if (!crt || !crt->cgroup_path) - return true; + assert(u); /* Don't release the cgroup if there are still processes under it. If we get notified later when all * the processes exit (e.g. the processes were in D-state and exited after the unit was marked as * failed) we need the cgroup paths to continue to be tracked by the manager so they can be looked up * and cleaned up later. */ r = unit_cgroup_is_empty(u); - if (r == 1) { - unit_release_cgroup(u); + if (r > 0) { + /* Do not free CGroupRuntime when called from unit_prune_cgroup. Various accounting data + * we should keep, especially CPU usage and *_peak ones which would be shown even after + * the unit stops. */ + unit_release_cgroup(u, /* drop_cgroup_runtime = */ false); return true; } @@ -3558,8 +3562,8 @@ bool unit_maybe_release_cgroup(Unit *u) { } void unit_prune_cgroup(Unit *u) { - int r; bool is_root_slice; + int r; assert(u); @@ -3597,9 +3601,8 @@ void unit_prune_cgroup(Unit *u) { if (!unit_maybe_release_cgroup(u)) /* Returns true if the cgroup was released */ return; - crt = unit_get_cgroup_runtime(u); /* The above might have destroyed the runtime object, let's see if it's still there */ - if (!crt) - return; + assert(crt == unit_get_cgroup_runtime(u)); + assert(!crt->cgroup_path); crt->cgroup_realized = false; crt->cgroup_realized_mask = 0; @@ -4526,6 +4529,10 @@ int unit_get_memory_accounting(Unit *u, CGroupMemoryAccountingMetric metric, uin if (!UNIT_CGROUP_BOOL(u, memory_accounting)) return -ENODATA; + /* The root cgroup doesn't expose this information. */ + if (unit_has_host_root_cgroup(u)) + return -ENODATA; + CGroupRuntime *crt = unit_get_cgroup_runtime(u); if (!crt) return -ENODATA; @@ -4533,10 +4540,6 @@ int unit_get_memory_accounting(Unit *u, CGroupMemoryAccountingMetric metric, uin /* If the cgroup is already gone, we try to find the last cached value. */ goto finish; - /* The root cgroup doesn't expose this information. */ - if (unit_has_host_root_cgroup(u)) - return -ENODATA; - if (!FLAGS_SET(crt->cgroup_realized_mask, CGROUP_MASK_MEMORY)) return -ENODATA; @@ -4592,15 +4595,14 @@ int unit_get_tasks_current(Unit *u, uint64_t *ret) { return cg_get_attribute_as_uint64("pids", crt->cgroup_path, "pids.current", ret); } -static int unit_get_cpu_usage_raw(Unit *u, nsec_t *ret) { - uint64_t ns; +static int unit_get_cpu_usage_raw(const Unit *u, const CGroupRuntime *crt, nsec_t *ret) { int r; assert(u); + assert(crt); assert(ret); - CGroupRuntime *crt = unit_get_cgroup_runtime(u); - if (!crt || !crt->cgroup_path) + if (!crt->cgroup_path) return -ENODATA; /* The root cgroup doesn't expose this information, let's get it from /proc instead */ @@ -4614,25 +4616,24 @@ static int unit_get_cpu_usage_raw(Unit *u, nsec_t *ret) { r = cg_all_unified(); if (r < 0) return r; - if (r > 0) { - _cleanup_free_ char *val = NULL; - uint64_t us; + if (r == 0) + return cg_get_attribute_as_uint64("cpuacct", crt->cgroup_path, "cpuacct.usage", ret); - r = cg_get_keyed_attribute("cpu", crt->cgroup_path, "cpu.stat", STRV_MAKE("usage_usec"), &val); - if (IN_SET(r, -ENOENT, -ENXIO)) - return -ENODATA; - if (r < 0) - return r; + _cleanup_free_ char *val = NULL; + uint64_t us; - r = safe_atou64(val, &us); - if (r < 0) - return r; + r = cg_get_keyed_attribute("cpu", crt->cgroup_path, "cpu.stat", STRV_MAKE("usage_usec"), &val); + if (IN_SET(r, -ENOENT, -ENXIO)) + return -ENODATA; + if (r < 0) + return r; - ns = us * NSEC_PER_USEC; - } else - return cg_get_attribute_as_uint64("cpuacct", crt->cgroup_path, "cpuacct.usage", ret); + r = safe_atou64(val, &us); + if (r < 0) + return r; + + *ret = us * NSEC_PER_USEC; - *ret = ns; return 0; } @@ -4646,14 +4647,14 @@ int unit_get_cpu_usage(Unit *u, nsec_t *ret) { * started. If the cgroup has been removed already, returns the last cached value. To cache the value, simply * call this function with a NULL return value. */ - CGroupRuntime *crt = unit_get_cgroup_runtime(u); - if (!crt || !crt->cgroup_path) + if (!UNIT_CGROUP_BOOL(u, cpu_accounting)) return -ENODATA; - if (!UNIT_CGROUP_BOOL(u, cpu_accounting)) + CGroupRuntime *crt = unit_get_cgroup_runtime(u); + if (!crt) return -ENODATA; - r = unit_get_cpu_usage_raw(u, &ns); + r = unit_get_cpu_usage_raw(u, crt, &ns); if (r == -ENODATA && crt->cpu_usage_last != NSEC_INFINITY) { /* If we can't get the CPU usage anymore (because the cgroup was already removed, for example), use our * cached value. */ @@ -4694,7 +4695,7 @@ int unit_get_ip_accounting( return -ENODATA; CGroupRuntime *crt = unit_get_cgroup_runtime(u); - if (!crt || !crt->cgroup_path) + if (!crt) return -ENODATA; fd = IN_SET(metric, CGROUP_IP_INGRESS_BYTES, CGROUP_IP_INGRESS_PACKETS) ? @@ -4770,22 +4771,27 @@ int unit_get_effective_limit(Unit *u, CGroupLimitType type, uint64_t *ret) { return 0; } -static int unit_get_io_accounting_raw(Unit *u, uint64_t ret[static _CGROUP_IO_ACCOUNTING_METRIC_MAX]) { - static const char *const field_names[_CGROUP_IO_ACCOUNTING_METRIC_MAX] = { +static int unit_get_io_accounting_raw( + const Unit *u, + const CGroupRuntime *crt, + uint64_t ret[static _CGROUP_IO_ACCOUNTING_METRIC_MAX]) { + + static const char* const field_names[_CGROUP_IO_ACCOUNTING_METRIC_MAX] = { [CGROUP_IO_READ_BYTES] = "rbytes=", [CGROUP_IO_WRITE_BYTES] = "wbytes=", [CGROUP_IO_READ_OPERATIONS] = "rios=", [CGROUP_IO_WRITE_OPERATIONS] = "wios=", }; + uint64_t acc[_CGROUP_IO_ACCOUNTING_METRIC_MAX] = {}; _cleanup_free_ char *path = NULL; _cleanup_fclose_ FILE *f = NULL; int r; assert(u); + assert(crt); - CGroupRuntime *crt = unit_get_cgroup_runtime(u); - if (!crt || !crt->cgroup_path) + if (!crt->cgroup_path) return -ENODATA; if (unit_has_host_root_cgroup(u)) @@ -4869,13 +4875,13 @@ int unit_get_io_accounting( return -ENODATA; CGroupRuntime *crt = unit_get_cgroup_runtime(u); - if (!crt || !crt->cgroup_path) + if (!crt) return -ENODATA; if (allow_cache && crt->io_accounting_last[metric] != UINT64_MAX) goto done; - r = unit_get_io_accounting_raw(u, raw); + r = unit_get_io_accounting_raw(u, crt, raw); if (r == -ENODATA && crt->io_accounting_last[metric] != UINT64_MAX) goto done; if (r < 0) @@ -4896,45 +4902,52 @@ done: return 0; } -int unit_reset_cpu_accounting(Unit *u) { +static int unit_reset_cpu_accounting(Unit *unit, CGroupRuntime *crt) { int r; - assert(u); - - CGroupRuntime *crt = unit_get_cgroup_runtime(u); - if (!crt || !crt->cgroup_path) - return 0; + assert(crt); + crt->cpu_usage_base = 0; crt->cpu_usage_last = NSEC_INFINITY; - r = unit_get_cpu_usage_raw(u, &crt->cpu_usage_base); - if (r < 0) { - crt->cpu_usage_base = 0; - return r; + if (unit) { + r = unit_get_cpu_usage_raw(unit, crt, &crt->cpu_usage_base); + if (r < 0 && r != -ENODATA) + return r; } return 0; } -void unit_reset_memory_accounting_last(Unit *u) { - assert(u); +static int unit_reset_io_accounting(Unit *unit, CGroupRuntime *crt) { + int r; - CGroupRuntime *crt = unit_get_cgroup_runtime(u); - if (!crt || !crt->cgroup_path) - return; + assert(crt); + + zero(crt->io_accounting_base); + FOREACH_ELEMENT(i, crt->io_accounting_last) + *i = UINT64_MAX; + + if (unit) { + r = unit_get_io_accounting_raw(unit, crt, crt->io_accounting_base); + if (r < 0 && r != -ENODATA) + return r; + } + + return 0; +} + +static void cgroup_runtime_reset_memory_accounting_last(CGroupRuntime *crt) { + assert(crt); FOREACH_ELEMENT(i, crt->memory_accounting_last) *i = UINT64_MAX; } -int unit_reset_ip_accounting(Unit *u) { +static int cgroup_runtime_reset_ip_accounting(CGroupRuntime *crt) { int r = 0; - assert(u); - - CGroupRuntime *crt = unit_get_cgroup_runtime(u); - if (!crt || !crt->cgroup_path) - return 0; + assert(crt); if (crt->ip_accounting_ingress_map_fd >= 0) RET_GATHER(r, bpf_firewall_reset_accounting(crt->ip_accounting_ingress_map_fd)); @@ -4947,46 +4960,19 @@ int unit_reset_ip_accounting(Unit *u) { return r; } -void unit_reset_io_accounting_last(Unit *u) { - assert(u); - - CGroupRuntime *crt = unit_get_cgroup_runtime(u); - if (!crt || !crt->cgroup_path) - return; - - FOREACH_ARRAY(i, crt->io_accounting_last, _CGROUP_IO_ACCOUNTING_METRIC_MAX) - *i = UINT64_MAX; -} - -int unit_reset_io_accounting(Unit *u) { - int r; +int unit_reset_accounting(Unit *u) { + int r = 0; assert(u); CGroupRuntime *crt = unit_get_cgroup_runtime(u); - if (!crt || !crt->cgroup_path) + if (!crt) return 0; - unit_reset_io_accounting_last(u); - - r = unit_get_io_accounting_raw(u, crt->io_accounting_base); - if (r < 0) { - zero(crt->io_accounting_base); - return r; - } - - return 0; -} - -int unit_reset_accounting(Unit *u) { - int r = 0; - - assert(u); - - RET_GATHER(r, unit_reset_cpu_accounting(u)); - RET_GATHER(r, unit_reset_io_accounting(u)); - RET_GATHER(r, unit_reset_ip_accounting(u)); - unit_reset_memory_accounting_last(u); + cgroup_runtime_reset_memory_accounting_last(crt); + RET_GATHER(r, unit_reset_cpu_accounting(u, crt)); + RET_GATHER(r, unit_reset_io_accounting(u, crt)); + RET_GATHER(r, cgroup_runtime_reset_ip_accounting(crt)); return r; } @@ -5210,7 +5196,7 @@ int unit_get_cpuset(Unit *u, CPUSet *cpus, const char *name) { return parse_cpu_set_full(v, cpus, false, NULL, NULL, 0, NULL); } -CGroupRuntime *cgroup_runtime_new(void) { +CGroupRuntime* cgroup_runtime_new(void) { _cleanup_(cgroup_runtime_freep) CGroupRuntime *crt = NULL; crt = new(CGroupRuntime, 1); @@ -5218,8 +5204,6 @@ CGroupRuntime *cgroup_runtime_new(void) { return NULL; *crt = (CGroupRuntime) { - .cpu_usage_last = NSEC_INFINITY, - .cgroup_control_inotify_wd = -1, .cgroup_memory_inotify_wd = -1, @@ -5234,19 +5218,15 @@ CGroupRuntime *cgroup_runtime_new(void) { .cgroup_invalidated_mask = _CGROUP_MASK_ALL, }; - FOREACH_ELEMENT(i, crt->memory_accounting_last) - *i = UINT64_MAX; - FOREACH_ELEMENT(i, crt->io_accounting_base) - *i = UINT64_MAX; - FOREACH_ELEMENT(i, crt->io_accounting_last) - *i = UINT64_MAX; - FOREACH_ELEMENT(i, crt->ip_accounting_extra) - *i = UINT64_MAX; + unit_reset_cpu_accounting(/* unit = */ NULL, crt); + unit_reset_io_accounting(/* unit = */ NULL, crt); + cgroup_runtime_reset_memory_accounting_last(crt); + assert_se(cgroup_runtime_reset_ip_accounting(crt) >= 0); return TAKE_PTR(crt); } -CGroupRuntime *cgroup_runtime_free(CGroupRuntime *crt) { +CGroupRuntime* cgroup_runtime_free(CGroupRuntime *crt) { if (!crt) return NULL; diff --git a/src/core/cgroup.h b/src/core/cgroup.h index 72fe275..5170c7b 100644 --- a/src/core/cgroup.h +++ b/src/core/cgroup.h @@ -449,10 +449,7 @@ int unit_watch_cgroup_memory(Unit *u); void unit_add_to_cgroup_realize_queue(Unit *u); int unit_cgroup_is_empty(Unit *u); -void unit_release_cgroup(Unit *u); -/* Releases the cgroup only if it is recursively empty. - * Returns true if the cgroup was released, false otherwise. */ -bool unit_maybe_release_cgroup(Unit *u); +void unit_release_cgroup(Unit *u, bool drop_cgroup_runtime); void unit_add_to_cgroup_empty_queue(Unit *u); int unit_check_oomd_kill(Unit *u); @@ -489,11 +486,6 @@ int unit_get_io_accounting(Unit *u, CGroupIOAccountingMetric metric, bool allow_ int unit_get_ip_accounting(Unit *u, CGroupIPAccountingMetric metric, uint64_t *ret); int unit_get_effective_limit(Unit *u, CGroupLimitType type, uint64_t *ret); -int unit_reset_cpu_accounting(Unit *u); -void unit_reset_memory_accounting_last(Unit *u); -int unit_reset_ip_accounting(Unit *u); -void unit_reset_io_accounting_last(Unit *u); -int unit_reset_io_accounting(Unit *u); int unit_reset_accounting(Unit *u); #define UNIT_CGROUP_BOOL(u, name) \ @@ -503,7 +495,7 @@ int unit_reset_accounting(Unit *u); }) bool manager_owns_host_root_cgroup(Manager *m); -bool unit_has_host_root_cgroup(Unit *u); +bool unit_has_host_root_cgroup(const Unit *u); bool unit_has_startup_cgroup_constraints(Unit *u); @@ -527,8 +519,8 @@ int unit_cgroup_freezer_action(Unit *u, FreezerAction action); const char* freezer_action_to_string(FreezerAction a) _const_; FreezerAction freezer_action_from_string(const char *s) _pure_; -CGroupRuntime *cgroup_runtime_new(void); -CGroupRuntime *cgroup_runtime_free(CGroupRuntime *crt); +CGroupRuntime* cgroup_runtime_new(void); +CGroupRuntime* cgroup_runtime_free(CGroupRuntime *crt); DEFINE_TRIVIAL_CLEANUP_FUNC(CGroupRuntime*, cgroup_runtime_free); int cgroup_runtime_serialize(Unit *u, FILE *f, FDSet *fds); diff --git a/src/core/core-varlink.c b/src/core/core-varlink.c index 3e6168d..8005f6d 100644 --- a/src/core/core-varlink.c +++ b/src/core/core-varlink.c @@ -5,6 +5,7 @@ #include "strv.h" #include "user-util.h" #include "varlink.h" +#include "varlink-internal.h" #include "varlink-io.systemd.UserDatabase.h" #include "varlink-io.systemd.ManagedOOM.h" @@ -500,12 +501,17 @@ static void vl_disconnect(VarlinkServer *s, Varlink *link, void *userdata) { m->managed_oom_varlink = varlink_unref(link); } -static int manager_setup_varlink_server(Manager *m, VarlinkServer **ret) { +int manager_setup_varlink_server(Manager *m) { _cleanup_(varlink_server_unrefp) VarlinkServer *s = NULL; int r; assert(m); - assert(ret); + + if (m->varlink_server) + return 0; + + if (!MANAGER_IS_SYSTEM(m)) + return -EINVAL; r = varlink_server_new(&s, VARLINK_SERVER_ACCOUNT_UID|VARLINK_SERVER_INHERIT_USERDATA); if (r < 0) @@ -533,51 +539,51 @@ static int manager_setup_varlink_server(Manager *m, VarlinkServer **ret) { if (r < 0) return log_debug_errno(r, "Failed to register varlink disconnect handler: %m"); - *ret = TAKE_PTR(s); - return 0; + r = varlink_server_attach_event(s, m->event, EVENT_PRIORITY_IPC); + if (r < 0) + return log_debug_errno(r, "Failed to attach varlink connection to event loop: %m"); + + m->varlink_server = TAKE_PTR(s); + return 1; } static int manager_varlink_init_system(Manager *m) { - _cleanup_(varlink_server_unrefp) VarlinkServer *s = NULL; int r; assert(m); - if (m->varlink_server) - return 1; - if (!MANAGER_IS_SYSTEM(m)) return 0; - r = manager_setup_varlink_server(m, &s); + r = manager_setup_varlink_server(m); if (r < 0) return log_error_errno(r, "Failed to set up varlink server: %m"); + bool fresh = r > 0; if (!MANAGER_IS_TEST_RUN(m)) { (void) mkdir_p_label("/run/systemd/userdb", 0755); FOREACH_STRING(address, "/run/systemd/userdb/io.systemd.DynamicUser", VARLINK_ADDR_PATH_MANAGED_OOM_SYSTEM) { - if (MANAGER_IS_RELOADING(m)) { - /* If manager is reloading, we skip listening on existing addresses, since - * the fd should be acquired later through deserialization. */ - if (access(address, F_OK) >= 0) + if (!fresh) { + /* We might have got sockets through deserialization. Do not bind to them twice. */ + + bool found = false; + LIST_FOREACH(sockets, ss, m->varlink_server->sockets) + if (path_equal(ss->address, address)) { + found = true; + break; + } + + if (found) continue; - if (errno != ENOENT) - return log_error_errno(errno, - "Failed to check if varlink socket '%s' exists: %m", address); } - r = varlink_server_listen_address(s, address, 0666); + r = varlink_server_listen_address(m->varlink_server, address, 0666); if (r < 0) return log_error_errno(r, "Failed to bind to varlink socket '%s': %m", address); } } - r = varlink_server_attach_event(s, m->event, EVENT_PRIORITY_IPC); - if (r < 0) - return log_error_errno(r, "Failed to attach varlink connection to event loop: %m"); - - m->varlink_server = TAKE_PTR(s); return 1; } diff --git a/src/core/core-varlink.h b/src/core/core-varlink.h index 20507a4..4b77620 100644 --- a/src/core/core-varlink.h +++ b/src/core/core-varlink.h @@ -3,6 +3,8 @@ #include "manager.h" +int manager_setup_varlink_server(Manager *m); + int manager_varlink_init(Manager *m); void manager_varlink_done(Manager *m); diff --git a/src/core/import-creds.c b/src/core/import-creds.c index f27ffed..e6cf40d 100644 --- a/src/core/import-creds.c +++ b/src/core/import-creds.c @@ -595,9 +595,11 @@ static int import_credentials_smbios(ImportCredentialContext *c) { return log_oom(); r = read_virtual_file(p, sizeof(dmi_field_header) + CREDENTIALS_TOTAL_SIZE_MAX, (char**) &data, &size); + if (r == -ENOENT) /* Once we reach ENOENT there are no more DMI Type 11 fields around. */ + break; if (r < 0) { /* Once we reach ENOENT there are no more DMI Type 11 fields around. */ - log_full_errno(r == -ENOENT ? LOG_DEBUG : LOG_WARNING, r, "Failed to open '%s', ignoring: %m", p); + log_warning_errno(r, "Failed to open '%s', ignoring: %m", p); break; } diff --git a/src/core/manager-serialize.c b/src/core/manager-serialize.c index b4af82b..1d2959a 100644 --- a/src/core/manager-serialize.c +++ b/src/core/manager-serialize.c @@ -506,7 +506,7 @@ int manager_deserialize(Manager *m, FILE *f, FDSet *fds) { return r; } else if ((val = startswith(l, "varlink-server-socket-address="))) { if (!m->varlink_server && MANAGER_IS_SYSTEM(m)) { - r = manager_varlink_init(m); + r = manager_setup_varlink_server(m); if (r < 0) { log_warning_errno(r, "Failed to setup varlink server, ignoring: %m"); continue; diff --git a/src/core/meson.build b/src/core/meson.build index 7a2012a..dbeb752 100644 --- a/src/core/meson.build +++ b/src/core/meson.build @@ -110,17 +110,13 @@ load_fragment_gperf_nulstr_c = custom_target( libcore_name = 'systemd-core-@0@'.format(shared_lib_tag) -libcore = shared_library( +libcore_static = static_library( libcore_name, libcore_sources, load_fragment_gperf_c, load_fragment_gperf_nulstr_c, include_directories : includes, c_args : ['-fvisibility=default'], - link_args : ['-shared', - '-Wl,--version-script=' + libshared_sym_path], - link_depends : libshared_sym_path, - link_with : libshared, dependencies : [libacl, libapparmor, libaudit, @@ -135,6 +131,16 @@ libcore = shared_library( libselinux, threads, userspace], + build_by_default : false) + +libcore = shared_library( + libcore_name, + c_args : ['-fvisibility=default'], + link_args : ['-shared', + '-Wl,--version-script=' + libshared_sym_path], + link_depends : libshared_sym_path, + link_whole: libcore_static, + link_with : libshared, install : true, install_dir : pkglibdir) @@ -150,6 +156,17 @@ systemd_executor_sources = files( 'exec-invoke.c', ) +executor_libs = get_option('link-executor-shared') ? \ + [ + libcore, + libshared, + ] : [ + libcore_static, + libshared_static, + libbasic_static, + libsystemd_static, + ] + executables += [ libexec_template + { 'name' : 'systemd', @@ -167,10 +184,7 @@ executables += [ 'public' : true, 'sources' : systemd_executor_sources, 'include_directories' : core_includes, - 'link_with' : [ - libcore, - libshared, - ], + 'link_with' : executor_libs, 'dependencies' : [ libapparmor, libpam, diff --git a/src/core/path.c b/src/core/path.c index fdb6ca4..50f6db1 100644 --- a/src/core/path.c +++ b/src/core/path.c @@ -81,7 +81,7 @@ int path_spec_watch(PathSpec *s, sd_event_io_handler_t handler) { tmp = *cut; *cut = '\0'; - flags = IN_MOVE_SELF | IN_DELETE_SELF | IN_ATTRIB | IN_CREATE | IN_MOVED_TO; + flags = IN_MOVE_SELF | IN_DELETE_SELF | IN_CREATE | IN_MOVED_TO; } else { cut = NULL; flags = flags_table[s->type]; diff --git a/src/core/unit.c b/src/core/unit.c index 852926b..01c9983 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -129,9 +129,6 @@ Unit* unit_new(Manager *m, size_t size) { .burst = 16 }; - unit_reset_memory_accounting_last(u); - unit_reset_io_accounting_last(u); - return u; } @@ -484,8 +481,8 @@ bool unit_may_gc(Unit *u) { /* If the unit has a cgroup, then check whether there's anything in it. If so, we should stay * around. Units with active processes should never be collected. */ r = unit_cgroup_is_empty(u); - if (r <= 0 && r != -ENXIO) - return false; /* ENXIO means: currently not realized */ + if (r <= 0 && !IN_SET(r, -ENXIO, -EOWNERDEAD)) + return false; /* ENXIO/EOWNERDEAD means: currently not realized */ if (!UNIT_VTABLE(u)->may_gc) return true; @@ -790,7 +787,7 @@ Unit* unit_free(Unit *u) { if (u->on_console) manager_unref_console(u->manager); - unit_release_cgroup(u); + unit_release_cgroup(u, /* drop_cgroup_runtime = */ true); if (!MANAGER_IS_RELOADING(u->manager)) unit_unlink_state_files(u); @@ -3816,8 +3813,6 @@ static bool fragment_mtime_newer(const char *path, usec_t mtime, bool path_maske } bool unit_need_daemon_reload(Unit *u) { - _cleanup_strv_free_ char **dropins = NULL; - assert(u); assert(u->manager); @@ -3833,16 +3828,20 @@ bool unit_need_daemon_reload(Unit *u) { if (fragment_mtime_newer(u->source_path, u->source_mtime, false)) return true; - if (u->load_state == UNIT_LOADED) + if (u->load_state == UNIT_LOADED) { + _cleanup_strv_free_ char **dropins = NULL; + (void) unit_find_dropin_paths(u, &dropins); - if (!strv_equal(u->dropin_paths, dropins)) - return true; - /* … any drop-ins that are masked are simply omitted from the list. */ - STRV_FOREACH(path, u->dropin_paths) - if (fragment_mtime_newer(*path, u->dropin_mtime, false)) + if (!strv_equal(u->dropin_paths, dropins)) return true; + /* … any drop-ins that are masked are simply omitted from the list. */ + STRV_FOREACH(path, u->dropin_paths) + if (fragment_mtime_newer(*path, u->dropin_mtime, false)) + return true; + } + return false; } diff --git a/src/id128/id128.c b/src/id128/id128.c index fa86cf6..875d22d 100644 --- a/src/id128/id128.c +++ b/src/id128/id128.c @@ -16,7 +16,7 @@ #include "verbs.h" static Id128PrettyPrintMode arg_mode = ID128_PRINT_ID128; -static sd_id128_t arg_app = {}; +static sd_id128_t arg_app = SD_ID128_NULL; static bool arg_value = false; static PagerFlags arg_pager_flags = 0; static bool arg_legend = true; @@ -72,15 +72,12 @@ static int verb_invocation_id(int argc, char **argv, void *userdata) { } static int show_one(Table **table, const char *name, sd_id128_t uuid, bool first) { - sd_id128_t u; int r; assert(table); - if (sd_id128_is_null(arg_app)) - u = uuid; - else - assert_se(sd_id128_get_app_specific(uuid, arg_app, &u) == 0); + if (!name) + name = "XYZ"; if (arg_mode == ID128_PRINT_PRETTY) { _cleanup_free_ char *id = NULL; @@ -91,7 +88,7 @@ static int show_one(Table **table, const char *name, sd_id128_t uuid, bool first ascii_strupper(id); - r = id128_pretty_print_sample(id, u); + r = id128_pretty_print_sample(id, uuid); if (r < 0) return r; if (!first) @@ -100,19 +97,19 @@ static int show_one(Table **table, const char *name, sd_id128_t uuid, bool first } if (arg_value) - return id128_pretty_print(u, arg_mode); + return id128_pretty_print(uuid, arg_mode); if (!*table) { *table = table_new("name", "id"); if (!*table) return log_oom(); + table_set_width(*table, 0); } return table_add_many(*table, TABLE_STRING, name, - arg_mode == ID128_PRINT_ID128 ? TABLE_ID128 : TABLE_UUID, - u); + arg_mode == ID128_PRINT_ID128 ? TABLE_ID128 : TABLE_UUID, uuid); } static int verb_show(int argc, char **argv, void *userdata) { @@ -120,23 +117,26 @@ static int verb_show(int argc, char **argv, void *userdata) { int r; argv = strv_skip(argv, 1); - if (strv_isempty(argv)) + if (strv_isempty(argv)) { + if (!sd_id128_is_null(arg_app)) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), + "'show --app-specific=' can only be used with explicit UUID input."); + for (const GptPartitionType *e = gpt_partition_type_table; e->name; e++) { r = show_one(&table, e->name, e->uuid, e == gpt_partition_type_table); if (r < 0) return r; } - else + } else STRV_FOREACH(p, argv) { sd_id128_t uuid; - bool have_uuid; - const char *id; + const char *id = NULL; /* Check if the argument is an actual UUID first */ - have_uuid = sd_id128_from_string(*p, &uuid) >= 0; + bool is_uuid = sd_id128_from_string(*p, &uuid) >= 0; - if (have_uuid) - id = gpt_partition_type_uuid_to_string(uuid) ?: "XYZ"; + if (is_uuid) + id = gpt_partition_type_uuid_to_string(uuid); else { GptPartitionType type; @@ -148,6 +148,9 @@ static int verb_show(int argc, char **argv, void *userdata) { id = *p; } + if (!sd_id128_is_null(arg_app)) + assert_se(sd_id128_get_app_specific(uuid, arg_app, &uuid) >= 0); + r = show_one(&table, id, uuid, p == argv); if (r < 0) return r; diff --git a/src/kernel-install/90-loaderentry.install.in b/src/kernel-install/90-loaderentry.install.in index 766d321..4ef6aca 100755 --- a/src/kernel-install/90-loaderentry.install.in +++ b/src/kernel-install/90-loaderentry.install.in @@ -101,6 +101,11 @@ if [ -f "$TRIES_FILE" ]; then echo "$TRIES_FILE does not contain an integer." >&2 exit 1 fi + if [ -f "$LOADER_ENTRY" ]; then + [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && \ + echo "Removing previous loader entry '$LOADER_ENTRY' without boot counting." >&2 + rm -f "$LOADER_ENTRY" "${LOADER_ENTRY%.conf}+"*.conf + fi LOADER_ENTRY="${LOADER_ENTRY%.conf}+$TRIES.conf" fi diff --git a/src/kernel-install/90-uki-copy.install b/src/kernel-install/90-uki-copy.install index d443c4b..d6f7134 100755 --- a/src/kernel-install/90-uki-copy.install +++ b/src/kernel-install/90-uki-copy.install @@ -61,6 +61,12 @@ if [ -f "$TRIES_FILE" ]; then echo "$TRIES_FILE does not contain an integer." >&2 exit 1 fi + if [ -f "$UKI_DIR/$ENTRY_TOKEN-$KERNEL_VERSION.efi" ]; then + [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && \ + echo "Removing previous UKI '$UKI_DIR/$ENTRY_TOKEN-$KERNEL_VERSION.efi' without boot counting." >&2 + rm -f "$UKI_DIR/$ENTRY_TOKEN-$KERNEL_VERSION.efi" "$UKI_DIR/$ENTRY_TOKEN-$KERNEL_VERSION+"*.efi + fi + UKI_FILE="$UKI_DIR/$ENTRY_TOKEN-$KERNEL_VERSION+$TRIES.efi" else UKI_FILE="$UKI_DIR/$ENTRY_TOKEN-$KERNEL_VERSION.efi" diff --git a/src/libsystemd/meson.build b/src/libsystemd/meson.build index 6d4337d..2435492 100644 --- a/src/libsystemd/meson.build +++ b/src/libsystemd/meson.build @@ -118,7 +118,7 @@ libsystemd_static = static_library( libsystemd_sources, include_directories : libsystemd_includes, c_args : libsystemd_c_args, - link_with : [libbasic], + link_with : [libbasic_static], dependencies : [threads, librt, userspace], diff --git a/src/libsystemd/sd-device/device-enumerator.c b/src/libsystemd/sd-device/device-enumerator.c index 71ab3d8..00d3328 100644 --- a/src/libsystemd/sd-device/device-enumerator.c +++ b/src/libsystemd/sd-device/device-enumerator.c @@ -701,13 +701,11 @@ static int enumerator_scan_dir_and_add_devices( dir = opendir(path); if (!dir) { - bool ignore = errno == ENOENT; + /* This is necessarily racey, so ignore missing directories */ + if (errno == ENOENT) + return 0; - /* this is necessarily racey, so ignore missing directories */ - log_debug_errno(errno, - "sd-device-enumerator: Failed to open directory %s%s: %m", - path, ignore ? ", ignoring" : ""); - return ignore ? 0 : -errno; + return log_debug_errno(errno, "sd-device-enumerator: Failed to open directory '%s': %m", path); } FOREACH_DIRENT_ALL(de, dir, return -errno) { @@ -767,12 +765,10 @@ static int enumerator_scan_dir( dir = opendir(path); if (!dir) { - bool ignore = errno == ENOENT; + if (errno == ENOENT) + return 0; - log_debug_errno(errno, - "sd-device-enumerator: Failed to open directory %s%s: %m", - path, ignore ? ", ignoring" : ""); - return ignore ? 0 : -errno; + return log_debug_errno(errno, "sd-device-enumerator: Failed to open directory '%s': %m", path); } FOREACH_DIRENT_ALL(de, dir, return -errno) { @@ -804,12 +800,10 @@ static int enumerator_scan_devices_tag(sd_device_enumerator *enumerator, const c dir = opendir(path); if (!dir) { - bool ignore = errno == ENOENT; + if (errno == ENOENT) + return 0; - log_debug_errno(errno, - "sd-device-enumerator: Failed to open directory %s%s: %m", - path, ignore ? ", ignoring" : ""); - return ignore ? 0 : -errno; + return log_debug_errno(errno, "sd-device-enumerator: Failed to open directory '%s': %m", path); } /* TODO: filter away subsystems? */ @@ -892,12 +886,10 @@ static int parent_crawl_children(sd_device_enumerator *enumerator, const char *p dir = opendir(path); if (!dir) { - bool ignore = errno == ENOENT; + if (errno == ENOENT) + return 0; - log_debug_errno(errno, - "sd-device-enumerator: Failed to open directory %s%s: %m", - path, ignore ? ", ignoring" : ""); - return ignore ? 0 : -errno; + return log_debug_errno(errno, "sd-device-enumerator: Failed to open directory '%s': %m", path); } FOREACH_DIRENT_ALL(de, dir, return -errno) { diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c index a657b6e..0521863 100644 --- a/src/login/logind-dbus.c +++ b/src/login/logind-dbus.c @@ -1484,8 +1484,11 @@ static int method_set_user_linger(sd_bus_message *message, void *userdata, sd_bu return -errno; u = hashmap_get(m->users, UID_TO_PTR(uid)); - if (u) + if (u) { + /* Make sure that disabling lingering will terminate the user tracking if no sessions pin it. */ + u->gc_mode = USER_GC_BY_PIN; user_add_to_gc_queue(u); + } } return sd_bus_reply_method_return(message, NULL); diff --git a/src/login/logind-user.c b/src/login/logind-user.c index 8066b3e..276d5b8 100644 --- a/src/login/logind-user.c +++ b/src/login/logind-user.c @@ -821,30 +821,30 @@ UserState user_get_state(User *u) { if (!u->started || u->runtime_dir_job) return USER_OPENING; - bool any = false, all_closing = true; + /* USER_GC_BY_PIN: Only pinning sessions count. None -> closing + * USER_GC_BY_ANY: 'manager' sessions also count. However, if lingering is enabled, 'lingering' state + * shall be preferred. 'online' if the manager is manually started by user. */ + + bool has_pinning = false, all_closing = true; LIST_FOREACH(sessions_by_user, i, u->sessions) { - SessionState state; + bool pinned = SESSION_CLASS_PIN_USER(i->class); - /* Ignore sessions that don't pin the user, i.e. are not supposed to have an effect on user state */ - if (!SESSION_CLASS_PIN_USER(i->class)) + if (u->gc_mode == USER_GC_BY_PIN && !pinned) continue; - state = session_get_state(i); - if (state == SESSION_ACTIVE) + has_pinning = has_pinning || pinned; + + SessionState state = session_get_state(i); + if (state == SESSION_ACTIVE && pinned) return USER_ACTIVE; if (state != SESSION_CLOSING) all_closing = false; - - any = true; } - if (any) - return all_closing ? USER_CLOSING : USER_ONLINE; - - if (user_check_linger_file(u) > 0 && user_unit_active(u)) + if (!has_pinning && user_check_linger_file(u) > 0 && user_unit_active(u)) return USER_LINGERING; - return USER_CLOSING; + return all_closing ? USER_CLOSING : USER_ONLINE; } int user_kill(User *u, int signo) { diff --git a/src/partition/meson.build b/src/partition/meson.build index 52e1368..2cfe43e 100644 --- a/src/partition/meson.build +++ b/src/partition/meson.build @@ -32,7 +32,7 @@ executables += [ 'sources' : files('repart.c'), 'c_args' : '-DSTANDALONE', 'link_with' : [ - libbasic, + libbasic_static, libshared_fdisk, libshared_static, libsystemd_static, diff --git a/src/partition/repart.c b/src/partition/repart.c index f87a87e..8a5ce7e 100644 --- a/src/partition/repart.c +++ b/src/partition/repart.c @@ -1895,6 +1895,34 @@ static int config_parse_encrypted_volume( static DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(config_parse_verity, verity_mode, VerityMode, VERITY_OFF, "Invalid verity mode"); static DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(config_parse_minimize, minimize_mode, MinimizeMode, MINIMIZE_OFF, "Invalid minimize mode"); +static int partition_finalize_fstype(Partition *p, const char *path) { + _cleanup_free_ char *e = NULL, *upper = NULL; + + assert(p); + assert(path); + + if (!gpt_partition_type_has_filesystem(p->type)) + return 0; + + upper = strdup(partition_designator_to_string(p->type.designator)); + if (!upper) + return log_oom(); + + e = strjoin("SYSTEMD_REPART_OVERRIDE_FSTYPE_", string_replace_char(ascii_strupper(upper), '-', '_')); + if (!e) + return log_oom(); + + const char *v = secure_getenv(e); + if (!v || streq(p->format, v)) + return 0; + + log_syntax(NULL, LOG_NOTICE, path, 1, 0, + "Overriding defined file system type '%s' for '%s' partition with '%s'.", + p->format, partition_designator_to_string(p->type.designator), v); + + return free_and_strdup_warn(&p->format, v); +} + static int partition_read_definition(Partition *p, const char *path, const char *const *conf_file_dirs) { ConfigTableItem table[] = { @@ -2084,6 +2112,10 @@ static int partition_read_definition(Partition *p, const char *path, const char } else if (streq(p->split_name_format, "-")) p->split_name_format = mfree(p->split_name_format); + r = partition_finalize_fstype(p, path); + if (r < 0) + return r; + return 1; } diff --git a/src/shared/bootspec.c b/src/shared/bootspec.c index 4bc3ae7..9466866 100644 --- a/src/shared/bootspec.c +++ b/src/shared/bootspec.c @@ -505,6 +505,12 @@ static int boot_entry_compare(const BootEntry *a, const BootEntry *b) { assert(a); assert(b); + /* This mimics a function of the same name in src/boot/efi/sd-boot.c */ + + r = CMP(a->tries_left == 0, b->tries_left == 0); + if (r != 0) + return r; + r = CMP(!a->sort_key, !b->sort_key); if (r != 0) return r; @@ -523,7 +529,18 @@ static int boot_entry_compare(const BootEntry *a, const BootEntry *b) { return r; } - return -strverscmp_improved(a->id, b->id); + r = -strverscmp_improved(a->id, b->id); + if (r != 0) + return r; + + if (a->tries_left != UINT_MAX || b->tries_left != UINT_MAX) + return 0; + + r = -CMP(a->tries_left, b->tries_left); + if (r != 0) + return r; + + return CMP(a->tries_done, b->tries_done); } static int config_check_inode_relevant_and_unseen(BootConfig *config, int fd, const char *fname) { @@ -743,11 +760,11 @@ static int find_sections( r = pe_load_headers(fd, &dos_header, &pe_header); if (r < 0) - return log_warning_errno(r, "Failed to parse PE file '%s': %m", path); + return log_error_errno(r, "Failed to parse PE file '%s': %m", path); r = pe_load_sections(fd, dos_header, pe_header, §ions); if (r < 0) - return log_warning_errno(r, "Failed to parse PE sections of '%s': %m", path); + return log_error_errno(r, "Failed to parse PE sections of '%s': %m", path); if (ret_pe_header) *ret_pe_header = TAKE_PTR(pe_header); @@ -809,7 +826,7 @@ static int find_osrel_section( r = pe_read_section_data(fd, pe_header, sections, ".osrel", PE_SECTION_SIZE_MAX, (void**) ret_osrelease, NULL); if (r < 0) - return log_warning_errno(r, "Failed to read .osrel section of '%s': %m", path); + return log_error_errno(r, "Failed to read .osrel section of '%s': %m", path); return 0; } @@ -829,7 +846,7 @@ static int find_uki_sections( return r; if (!pe_is_uki(pe_header, sections)) - return log_warning_errno(SYNTHETIC_ERRNO(EBADMSG), "Parsed PE file '%s' is not a UKI.", path); + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Parsed PE file '%s' is not a UKI.", path); r = find_osrel_section(fd, path, sections, pe_header, ret_osrelease); if (r < 0) diff --git a/src/shared/exec-util.c b/src/shared/exec-util.c index 996edbf..6f61eb2 100644 --- a/src/shared/exec-util.c +++ b/src/shared/exec-util.c @@ -609,5 +609,6 @@ int fork_agent(const char *name, const int except[], size_t n_except, pid_t *ret va_end(ap); execv(path, l); + log_error_errno(errno, "Failed to execute %s: %m", path); _exit(EXIT_FAILURE); } diff --git a/src/shared/gpt.c b/src/shared/gpt.c index d639463..f3e5247 100644 --- a/src/shared/gpt.c +++ b/src/shared/gpt.c @@ -143,21 +143,30 @@ const GptPartitionType gpt_partition_type_table[] = { _GPT_ARCH_SEXTET(ARM64, "aarch64"), /* Alias: must be listed after arm64 */ _GPT_ARCH_SEXTET(IA64, "ia64"), _GPT_ARCH_SEXTET(LOONGARCH64, "loongarch64"), + _GPT_ARCH_SEXTET(LOONGARCH64, "loong64"), /* Alias: must be listed after loongarch64 */ _GPT_ARCH_SEXTET(MIPS, "mips"), _GPT_ARCH_SEXTET(MIPS64, "mips64"), _GPT_ARCH_SEXTET(MIPS_LE, "mips-le"), + _GPT_ARCH_SEXTET(MIPS_LE, "mipsel"), /* Alias: must be listed after mips-le */ _GPT_ARCH_SEXTET(MIPS64_LE, "mips64-le"), + _GPT_ARCH_SEXTET(MIPS64_LE, "mips64el"), /* Alias: must be listed after mips64-le */ _GPT_ARCH_SEXTET(PARISC, "parisc"), + _GPT_ARCH_SEXTET(PARISC, "hppa"), /* Alias: must be listed after parisc */ _GPT_ARCH_SEXTET(PPC, "ppc"), _GPT_ARCH_SEXTET(PPC64, "ppc64"), _GPT_ARCH_SEXTET(PPC64_LE, "ppc64-le"), _GPT_ARCH_SEXTET(PPC64_LE, "ppc64le"), /* Alias: must be listed after ppc64-le */ + _GPT_ARCH_SEXTET(PPC64_LE, "ppc64el"), /* Alias: must be listed after ppc64-le */ _GPT_ARCH_SEXTET(RISCV32, "riscv32"), _GPT_ARCH_SEXTET(RISCV64, "riscv64"), _GPT_ARCH_SEXTET(S390, "s390"), _GPT_ARCH_SEXTET(S390X, "s390x"), _GPT_ARCH_SEXTET(TILEGX, "tilegx"), _GPT_ARCH_SEXTET(X86, "x86"), + _GPT_ARCH_SEXTET(X86, "i386"), /* Alias: must be listed after x86 */ + _GPT_ARCH_SEXTET(X86, "i486"), /* Alias: must be listed after x86 */ + _GPT_ARCH_SEXTET(X86, "i586"), /* Alias: must be listed after x86 */ + _GPT_ARCH_SEXTET(X86, "i686"), /* Alias: must be listed after x86 */ _GPT_ARCH_SEXTET(X86_64, "x86-64"), _GPT_ARCH_SEXTET(X86_64, "x86_64"), /* Alias: must be listed after x86-64 */ _GPT_ARCH_SEXTET(X86_64, "amd64"), /* Alias: must be listed after x86-64 */ @@ -339,6 +348,18 @@ bool gpt_partition_type_knows_no_auto(GptPartitionType type) { PARTITION_SWAP); } +bool gpt_partition_type_has_filesystem(GptPartitionType type) { + return IN_SET(type.designator, + PARTITION_ROOT, + PARTITION_USR, + PARTITION_HOME, + PARTITION_SRV, + PARTITION_ESP, + PARTITION_XBOOTLDR, + PARTITION_TMP, + PARTITION_VAR); +} + bool gpt_header_has_signature(const GptHeader *p) { assert(p); diff --git a/src/shared/gpt.h b/src/shared/gpt.h index 21976e5..3d04c19 100644 --- a/src/shared/gpt.h +++ b/src/shared/gpt.h @@ -72,6 +72,7 @@ const char *gpt_partition_type_mountpoint_nulstr(GptPartitionType type); bool gpt_partition_type_knows_read_only(GptPartitionType type); bool gpt_partition_type_knows_growfs(GptPartitionType type); bool gpt_partition_type_knows_no_auto(GptPartitionType type); +bool gpt_partition_type_has_filesystem(GptPartitionType type); typedef struct { uint8_t partition_type_guid[16]; diff --git a/src/shared/install.c b/src/shared/install.c index c94b456..53566b7 100644 --- a/src/shared/install.c +++ b/src/shared/install.c @@ -1989,7 +1989,9 @@ static int install_info_symlink_alias( } broken = r == 0; /* symlink target does not exist? */ - RET_GATHER(ret, create_symlink(lp, alias_target ?: info->path, alias_path, force || broken, changes, n_changes)); + r = create_symlink(lp, alias_target ?: info->path, alias_path, force || broken, changes, n_changes); + if (r != 0 && ret >= 0) + ret = r; } return ret; @@ -2012,7 +2014,7 @@ static int install_info_symlink_wants( UnitNameFlags valid_dst_type = UNIT_NAME_ANY; const char *n; - int r = 0, q; + int r, q; assert(info); assert(lp); @@ -2083,7 +2085,7 @@ static int install_info_symlink_wants( return -ENOMEM; q = create_symlink(lp, info->path, path, /* force = */ true, changes, n_changes); - if ((q < 0 && r >= 0) || r == 0) + if (q != 0 && r >= 0) r = q; if (unit_file_exists(scope, lp, dst) == 0) { @@ -2155,15 +2157,15 @@ static int install_info_apply( r = install_info_symlink_alias(scope, info, lp, config_path, force, changes, n_changes); q = install_info_symlink_wants(scope, file_flags, info, lp, config_path, info->wanted_by, ".wants/", changes, n_changes); - if (r == 0) + if (q != 0 && r >= 0) r = q; q = install_info_symlink_wants(scope, file_flags, info, lp, config_path, info->required_by, ".requires/", changes, n_changes); - if (r == 0) + if (q != 0 && r >= 0) r = q; q = install_info_symlink_wants(scope, file_flags, info, lp, config_path, info->upheld_by, ".upholds/", changes, n_changes); - if (r == 0) + if (q != 0 && r >= 0) r = q; return r; diff --git a/src/shared/meson.build b/src/shared/meson.build index c5106d8..e513c0e 100644 --- a/src/shared/meson.build +++ b/src/shared/meson.build @@ -358,7 +358,7 @@ libshared = shared_library( '-Wl,--version-script=' + libshared_sym_path], link_depends : libshared_sym_path, link_whole : [libshared_static, - libbasic, + libbasic_static, libsystemd_static], dependencies : [libshared_deps, userspace], diff --git a/src/shared/spawn-polkit-agent.c b/src/shared/spawn-polkit-agent.c index ce3c5fb..fd91bd6 100644 --- a/src/shared/spawn-polkit-agent.c +++ b/src/shared/spawn-polkit-agent.c @@ -43,16 +43,21 @@ int polkit_agent_open(void) { xsprintf(notify_fd, "%i", pipe_fd[1]); r = fork_agent("(polkit-agent)", - &pipe_fd[1], 1, + &pipe_fd[1], + 1, &agent_pid, POLKIT_AGENT_BINARY_PATH, - POLKIT_AGENT_BINARY_PATH, "--notify-fd", notify_fd, "--fallback", NULL); + POLKIT_AGENT_BINARY_PATH, + "--notify-fd", + notify_fd, + "--fallback", + NULL); /* Close the writing side, because that's the one for the agent */ safe_close(pipe_fd[1]); if (r < 0) - log_error_errno(r, "Failed to fork TTY ask password agent: %m"); + log_error_errno(r, "Failed to fork polkit agent: %m"); else /* Wait until the agent closes the fd */ (void) fd_wait_for_event(pipe_fd[0], POLLHUP, USEC_INFINITY); diff --git a/src/shared/varlink-internal.h b/src/shared/varlink-internal.h index 715202a..bc30108 100644 --- a/src/shared/varlink-internal.h +++ b/src/shared/varlink-internal.h @@ -6,5 +6,45 @@ #include "fdset.h" #include "varlink.h" +typedef struct VarlinkServerSocket VarlinkServerSocket; + +struct VarlinkServerSocket { + VarlinkServer *server; + + int fd; + char *address; + + sd_event_source *event_source; + + LIST_FIELDS(VarlinkServerSocket, sockets); +}; + +struct VarlinkServer { + unsigned n_ref; + VarlinkServerFlags flags; + + LIST_HEAD(VarlinkServerSocket, sockets); + + Hashmap *methods; /* Fully qualified symbol name of a method → VarlinkMethod */ + Hashmap *interfaces; /* Fully qualified interface name → VarlinkInterface* */ + Hashmap *symbols; /* Fully qualified symbol name of method/error → VarlinkSymbol* */ + VarlinkConnect connect_callback; + VarlinkDisconnect disconnect_callback; + + sd_event *event; + int64_t event_priority; + + unsigned n_connections; + Hashmap *by_uid; /* UID_TO_PTR(uid) → UINT_TO_PTR(n_connections) */ + + void *userdata; + char *description; + + unsigned connections_max; + unsigned connections_per_uid_max; + + bool exit_on_idle; +}; + int varlink_server_serialize(VarlinkServer *s, FILE *f, FDSet *fds); int varlink_server_deserialize_one(VarlinkServer *s, const char *value, FDSet *fds); diff --git a/src/shared/varlink.c b/src/shared/varlink.c index 034e72b..0a6d2c8 100644 --- a/src/shared/varlink.c +++ b/src/shared/varlink.c @@ -210,46 +210,6 @@ struct Varlink { pid_t exec_pid; }; -typedef struct VarlinkServerSocket VarlinkServerSocket; - -struct VarlinkServerSocket { - VarlinkServer *server; - - int fd; - char *address; - - sd_event_source *event_source; - - LIST_FIELDS(VarlinkServerSocket, sockets); -}; - -struct VarlinkServer { - unsigned n_ref; - VarlinkServerFlags flags; - - LIST_HEAD(VarlinkServerSocket, sockets); - - Hashmap *methods; /* Fully qualified symbol name of a method → VarlinkMethod */ - Hashmap *interfaces; /* Fully qualified interface name → VarlinkInterface* */ - Hashmap *symbols; /* Fully qualified symbol name of method/error → VarlinkSymbol* */ - VarlinkConnect connect_callback; - VarlinkDisconnect disconnect_callback; - - sd_event *event; - int64_t event_priority; - - unsigned n_connections; - Hashmap *by_uid; /* UID_TO_PTR(uid) → UINT_TO_PTR(n_connections) */ - - void *userdata; - char *description; - - unsigned connections_max; - unsigned connections_per_uid_max; - - bool exit_on_idle; -}; - static const char* const varlink_state_table[_VARLINK_STATE_MAX] = { [VARLINK_IDLE_CLIENT] = "idle-client", [VARLINK_AWAITING_REPLY] = "awaiting-reply", diff --git a/src/shutdown/meson.build b/src/shutdown/meson.build index 219f9fd..9bc60f8 100644 --- a/src/shutdown/meson.build +++ b/src/shutdown/meson.build @@ -20,7 +20,7 @@ executables += [ 'sources' : systemd_shutdown_sources, 'c_args' : '-DSTANDALONE', 'link_with' : [ - libbasic, + libbasic_static, libshared_static, libsystemd_static, ], diff --git a/src/systemctl/systemctl-util.c b/src/systemctl/systemctl-util.c index 2482b7c..38e1f23 100644 --- a/src/systemctl/systemctl-util.c +++ b/src/systemctl/systemctl-util.c @@ -327,14 +327,15 @@ int get_active_triggering_units(sd_bus *bus, const char *unit, bool ignore_maske if (r < 0) return r; + if (unit_name_is_valid(name, UNIT_NAME_TEMPLATE)) + goto skip; + if (ignore_masked) { r = unit_is_masked(bus, name); if (r < 0) return r; - if (r > 0) { - *ret = NULL; - return 0; - } + if (r > 0) + goto skip; } dbus_path = unit_dbus_path_from_name(name); @@ -370,6 +371,10 @@ int get_active_triggering_units(sd_bus *bus, const char *unit, bool ignore_maske *ret = TAKE_PTR(active); return 0; + +skip: + *ret = NULL; + return 0; } void warn_triggering_units(sd_bus *bus, const char *unit, const char *operation, bool ignore_masked) { @@ -383,8 +388,8 @@ void warn_triggering_units(sd_bus *bus, const char *unit, const char *operation, r = get_active_triggering_units(bus, unit, ignore_masked, &triggered_by); if (r < 0) { - log_warning_errno(r, - "Failed to get triggering units for '%s', ignoring: %m", unit); + if (r != -ENOENT) /* A linked unit might have disappeared after disabling */ + log_warning_errno(r, "Failed to get triggering units for '%s', ignoring: %m", unit); return; } diff --git a/src/sysusers/meson.build b/src/sysusers/meson.build index 0f9c067..403d82a 100644 --- a/src/sysusers/meson.build +++ b/src/sysusers/meson.build @@ -14,7 +14,7 @@ executables += [ 'sources' : files('sysusers.c'), 'c_args' : '-DSTANDALONE', 'link_with' : [ - libbasic, + libbasic_static, libshared_static, libsystemd_static, ], diff --git a/src/test/meson.build b/src/test/meson.build index 3abbb94..9d3c7d6 100644 --- a/src/test/meson.build +++ b/src/test/meson.build @@ -274,7 +274,7 @@ executables += [ # only static linking apart from libdl, to make sure that the # module is linked to all libraries that it uses. 'sources' : files('test-dlopen.c'), - 'link_with' : libbasic, + 'link_with' : libbasic_static, 'dependencies' : libdl, 'install' : false, 'type' : 'manual', @@ -410,7 +410,7 @@ executables += [ }, test_template + { 'sources' : files('test-sizeof.c'), - 'link_with' : libbasic, + 'link_with' : libbasic_static, }, test_template + { 'sources' : files('test-time-util.c'), @@ -590,7 +590,7 @@ executables += [ test_template + { 'sources' : files('../libsystemd/sd-device/test-sd-device-thread.c'), 'link_with' : [ - libbasic, + libbasic_static, libsystemd, ], 'dependencies' : threads, @@ -598,7 +598,7 @@ executables += [ test_template + { 'sources' : files('../libudev/test-udev-device-thread.c'), 'link_with' : [ - libbasic, + libbasic_static, libudev, ], 'dependencies' : threads, diff --git a/src/test/test-install-root.c b/src/test/test-install-root.c index 1e7ed27..433cf22 100644 --- a/src/test/test-install-root.c +++ b/src/test/test-install-root.c @@ -23,12 +23,14 @@ TEST(basic_mask_and_enable) { InstallChange *changes = NULL; size_t n_changes = 0; - assert_se(unit_file_get_state(RUNTIME_SCOPE_SYSTEM, root, "a.service", NULL) == -ENOENT); - assert_se(unit_file_get_state(RUNTIME_SCOPE_SYSTEM, root, "b.service", NULL) == -ENOENT); - assert_se(unit_file_get_state(RUNTIME_SCOPE_SYSTEM, root, "c.service", NULL) == -ENOENT); - assert_se(unit_file_get_state(RUNTIME_SCOPE_SYSTEM, root, "d.service", NULL) == -ENOENT); - assert_se(unit_file_get_state(RUNTIME_SCOPE_SYSTEM, root, "e.service", NULL) == -ENOENT); - assert_se(unit_file_get_state(RUNTIME_SCOPE_SYSTEM, root, "f.service", NULL) == -ENOENT); + ASSERT_EQ(unit_file_get_state(RUNTIME_SCOPE_SYSTEM, root, "a.service", NULL), -ENOENT); + ASSERT_EQ(unit_file_get_state(RUNTIME_SCOPE_SYSTEM, root, "b.service", NULL), -ENOENT); + ASSERT_EQ(unit_file_get_state(RUNTIME_SCOPE_SYSTEM, root, "c.service", NULL), -ENOENT); + ASSERT_EQ(unit_file_get_state(RUNTIME_SCOPE_SYSTEM, root, "d.service", NULL), -ENOENT); + ASSERT_EQ(unit_file_get_state(RUNTIME_SCOPE_SYSTEM, root, "e.service", NULL), -ENOENT); + ASSERT_EQ(unit_file_get_state(RUNTIME_SCOPE_SYSTEM, root, "f.service", NULL), -ENOENT); + ASSERT_EQ(unit_file_get_state(RUNTIME_SCOPE_SYSTEM, root, "g.service", NULL), -ENOENT); + ASSERT_EQ(unit_file_get_state(RUNTIME_SCOPE_SYSTEM, root, "h.service", NULL), -ENOENT); p = strjoina(root, "/usr/lib/systemd/system/a.service"); assert_se(write_string_file(p, @@ -197,6 +199,24 @@ TEST(basic_mask_and_enable) { changes = NULL; n_changes = 0; assert_se(unit_file_get_state(RUNTIME_SCOPE_SYSTEM, root, "f.service", &state) >= 0 && state == UNIT_FILE_ENABLED); + + /* Test enabling units with only Alias= (unit_file_enable should return > 0 to indicate we did + * something, #33411) */ + + p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR "/g.service"); + ASSERT_OK(write_string_file(p, + "[Install]\n" + "Alias=h.service\n", WRITE_STRING_FILE_CREATE)); + + ASSERT_GT(unit_file_enable(RUNTIME_SCOPE_SYSTEM, 0, root, STRV_MAKE("g.service"), &changes, &n_changes), 0); + install_changes_free(changes, n_changes); + changes = NULL; n_changes = 0; + + ASSERT_OK(unit_file_get_state(RUNTIME_SCOPE_SYSTEM, root, "g.service", &state)); + ASSERT_EQ(state, UNIT_FILE_ENABLED); + + ASSERT_OK(unit_file_get_state(RUNTIME_SCOPE_SYSTEM, root, "h.service", &state)); + ASSERT_EQ(state, UNIT_FILE_ALIAS); } TEST(linked_units) { diff --git a/src/tmpfiles/meson.build b/src/tmpfiles/meson.build index 2e91850..09ad839 100644 --- a/src/tmpfiles/meson.build +++ b/src/tmpfiles/meson.build @@ -20,7 +20,7 @@ executables += [ 'sources' : systemd_tmpfiles_sources, 'c_args' : '-DSTANDALONE', 'link_with' : [ - libbasic, + libbasic_static, libshared_static, libsystemd_static, ], diff --git a/src/ukify/test/test_ukify.py b/src/ukify/test/test_ukify.py index 0e3f932..e3d49d4 100755 --- a/src/ukify/test/test_ukify.py +++ b/src/ukify/test/test_ukify.py @@ -1,11 +1,21 @@ #!/usr/bin/env python3 # SPDX-License-Identifier: LGPL-2.1-or-later +# The tests can be called via pytest: +# PATH=build/:$PATH pytest -v src/ukify/test/test_ukify.py +# or directly: +# PATH=build/:$PATH src/ukify/test/test_ukify.py +# or via the meson test machinery output: +# meson test -C build test-ukify -v +# or without verbose output: +# meson test -C build test-ukify + # pylint: disable=unused-import,import-outside-toplevel,useless-else-on-loop # pylint: disable=consider-using-with,wrong-import-position,unspecified-encoding # pylint: disable=protected-access,redefined-outer-name import base64 +import glob import json import os import pathlib @@ -389,28 +399,17 @@ def test_help_error(capsys): @pytest.fixture(scope='session') def kernel_initrd(): - opts = ukify.create_parser().parse_args(arg_tools) - bootctl = ukify.find_tool('bootctl', opts=opts) - if bootctl is None: - return None - - try: - text = subprocess.check_output([bootctl, 'list', '--json=short'], - text=True) - except subprocess.CalledProcessError: + items = sorted(glob.glob('/lib/modules/*/vmlinuz')) + if not items: return None - items = json.loads(text) + # This doesn't necessarilly give us the latest version, since we're just + # using alphanumeric ordering. But this is fine, a predictable result is + # enough. + linux = items[-1] - for item in items: - try: - linux = f"{item['root']}{item['linux']}" - initrd = f"{item['root']}{item['initrd'][0].split(' ')[0]}" - except (KeyError, IndexError): - continue - return ['--linux', linux, '--initrd', initrd] - else: - return None + # We don't look _into_ the initrd. Any file is OK. + return ['--linux', linux, '--initrd', ukify.__file__] def test_check_splash(): try: @@ -699,7 +698,7 @@ def test_pcr_signing(kernel_initrd, tmp_path): '--uname=1.2.3', '--cmdline=ARG1 ARG2 ARG3', '--os-release=ID=foobar\n', - '--pcr-banks=sha1', # use sha1 because it doesn't really matter + '--pcr-banks=sha384', # sha1 might not be allowed, use something else f'--pcr-private-key={priv.name}', ] + arg_tools @@ -742,8 +741,8 @@ def test_pcr_signing(kernel_initrd, tmp_path): assert open(tmp_path / 'out.cmdline').read() == 'ARG1 ARG2 ARG3' sig = open(tmp_path / 'out.pcrsig').read() sig = json.loads(sig) - assert list(sig.keys()) == ['sha1'] - assert len(sig['sha1']) == 4 # four items for four phases + assert list(sig.keys()) == ['sha384'] + assert len(sig['sha384']) == 4 # four items for four phases shutil.rmtree(tmp_path) @@ -775,7 +774,7 @@ def test_pcr_signing2(kernel_initrd, tmp_path): '--uname=1.2.3', '--cmdline=ARG1 ARG2 ARG3', '--os-release=ID=foobar\n', - '--pcr-banks=sha1', + '--pcr-banks=sha384', f'--pcrpkey={pub2.name}', f'--pcr-public-key={pub.name}', f'--pcr-private-key={priv.name}', @@ -815,8 +814,8 @@ def test_pcr_signing2(kernel_initrd, tmp_path): sig = open(tmp_path / 'out.pcrsig').read() sig = json.loads(sig) - assert list(sig.keys()) == ['sha1'] - assert len(sig['sha1']) == 6 # six items for six phases paths + assert list(sig.keys()) == ['sha384'] + assert len(sig['sha384']) == 6 # six items for six phases paths shutil.rmtree(tmp_path) diff --git a/src/vmspawn/vmspawn-util.h b/src/vmspawn/vmspawn-util.h index ee02752..959cb47 100644 --- a/src/vmspawn/vmspawn-util.h +++ b/src/vmspawn/vmspawn-util.h @@ -40,6 +40,8 @@ # define QEMU_MACHINE_TYPE "s390-ccw-virtio" #elif defined(__powerpc__) || defined(__powerpc64__) # define QEMU_MACHINE_TYPE "pseries" +#elif defined(__mips__) +# define QEMU_MACHINE_TYPE "malta" #else # error "No qemu machine defined for this architecture" #endif diff --git a/test/README.testsuite b/test/README.testsuite index 13ba157..22da1cd 100644 --- a/test/README.testsuite +++ b/test/README.testsuite @@ -14,23 +14,52 @@ We also need to make sure the required meson options are enabled: $ meson setup --reconfigure build -Dremote=enabled ``` -Next, we can build the integration test image: +To make sure `mkosi` doesn't try to build systemd from source during the image build +process, you can add the following to `mkosi.local.conf`: + +``` +[Content] +Environment=NO_BUILD=1 +``` + +You might also want to use the `PackageDirectories=` or `Repositories=` option to provide +mkosi with a directory or repository containing the systemd packages that should be installed +instead. If the repository containing the systemd packages is not a builtin repository known +by mkosi, you can use the `PackageManagerTrees=` option to write an extra repository definition +to /etc which is used when building the image instead. + +Next, we can build the integration test image with meson: ```shell $ meson compile -C build mkosi ``` +By default, the `mkosi` meson target which builds the integration test image depends on +other meson targets to build various systemd tools that are used to build the image to make +sure they are up-to-date. If you instead want the already installed systemd tools on the +host to be used, you can run `mkosi` manually to build the image. To build the integration test +image without meson, run the following: + +```shell +$ mkosi -f +``` + +Note that by default we assume that `build/` is used as the meson build directory that will be used to run +the integration tests. If you want to use another directory as the meson build directory, you will have to +configure the mkosi build directory (`BuildDirectory=`), cache directory (`CacheDirectory=`) and output +directory (`OutputDirectory=`) to point to the other directory using `mkosi.local.conf`. + After the image has been built, the integration tests can be run with: ```shell -$ SYSTEMD_INTEGRATION_TESTS=1 meson test -C build/ --suite integration-tests --num-processes "$(($(nproc) / 4))" +$ SYSTEMD_INTEGRATION_TESTS=1 meson test -C build --no-rebuild --suite integration-tests --num-processes "$(($(nproc) / 4))" ``` As usual, specific tests can be run in meson by appending the name of the test which is usually the name of the directory e.g. ```shell -$ SYSTEMD_INTEGRATION_TESTS=1 meson test -C build/ -v TEST-01-BASIC +$ SYSTEMD_INTEGRATION_TESTS=1 meson test -C build --no-rebuild -v TEST-01-BASIC ``` See `meson introspect build --tests` for a list of tests. @@ -40,7 +69,7 @@ To interactively debug a failing integration test, the `--interactive` option newer: ```shell -$ SYSTEMD_INTEGRATION_TESTS=1 meson test -C build/ -i TEST-01-BASIC +$ SYSTEMD_INTEGRATION_TESTS=1 meson test -C build --no-rebuild -i TEST-01-BASIC ``` Due to limitations in meson, the integration tests do not yet depend on the @@ -49,7 +78,7 @@ running the integration tests. To rebuild the image and rerun a test, the following command can be used: ```shell -$ meson compile -C build mkosi && SYSTEMD_INTEGRATION_TESTS=1 meson test -C build -v TEST-01-BASIC +$ meson compile -C build mkosi && SYSTEMD_INTEGRATION_TESTS=1 meson test -C build --no-rebuild -v TEST-01-BASIC ``` The integration tests use the same mkosi configuration that's used when you run diff --git a/test/TEST-06-SELINUX/meson.build b/test/TEST-06-SELINUX/meson.build index 5036b64..fd670ae 100644 --- a/test/TEST-06-SELINUX/meson.build +++ b/test/TEST-06-SELINUX/meson.build @@ -3,11 +3,14 @@ integration_tests += [ integration_test_template + { 'name' : fs.name(meson.current_source_dir()), - 'cmdline' : integration_test_template['cmdline'] + ['systemd.wants=autorelabel.service', 'selinux=1', 'lsm=selinux'], + 'cmdline' : integration_test_template['cmdline'] + ['selinux=1', 'enforcing=0', 'lsm=selinux'], # FIXME; Figure out why reboot sometimes hangs with 'linux' firmware. # Use 'auto' to automatically fallback on non-uefi architectures. 'firmware' : 'auto', 'vm' : true, + # Make sure we don't mount anything with virtiofs as otherwise fixfiles will try to relabel + # it. + 'mkosi-args' : integration_test_template['mkosi-args'] + ['--runtime-build-sources=no'], }, ] diff --git a/test/TEST-13-NSPAWN/test.sh b/test/TEST-13-NSPAWN/test.sh index 9a0404f..5c85b0c 100755 --- a/test/TEST-13-NSPAWN/test.sh +++ b/test/TEST-13-NSPAWN/test.sh @@ -32,7 +32,7 @@ test_append_files() { ls \ md5sum \ mountpoint \ - nc \ + ncat \ ps \ seq \ sleep \ diff --git a/test/TEST-46-HOMED/test.sh b/test/TEST-46-HOMED/test.sh index 923e002..06034b7 100755 --- a/test/TEST-46-HOMED/test.sh +++ b/test/TEST-46-HOMED/test.sh @@ -24,6 +24,7 @@ test_append_files() { inst_binary ssh inst_binary sshd inst_binary ssh-keygen + image_install -o /usr/lib/ssh/sshd-session } do_test "$@" diff --git a/test/TEST-55-OOMD/meson.build b/test/TEST-55-OOMD/meson.build index adc0509..2566316 100644 --- a/test/TEST-55-OOMD/meson.build +++ b/test/TEST-55-OOMD/meson.build @@ -5,6 +5,9 @@ integration_tests += [ 'name' : fs.name(meson.current_source_dir()), 'credentials' : integration_test_template['credentials'] + [ files('systemd.unit-dropin.init.scope'), + # OpenSUSE disables all controller delegation for the user manager template. Mask the + # dropin to make TEST-55-OOMD pass on OpenSUSE. + 'systemd.unit-dropin.user@.service~20-defaults-SUSE=', ], 'vm' : true, }, diff --git a/test/TEST-55-OOMD/test.sh b/test/TEST-55-OOMD/test.sh index 5e30963..3b2f471 100755 --- a/test/TEST-55-OOMD/test.sh +++ b/test/TEST-55-OOMD/test.sh @@ -14,7 +14,7 @@ TEST_NO_NSPAWN=1 test_append_files() { local workspace="${1:?}" - image_install mkswap swapon swapoff stress + image_install mkswap swapon swapoff stress-ng image_install -o btrfs mkdir -p "${workspace:?}/etc/systemd/system/init.scope.d/" diff --git a/test/TEST-64-UDEV-STORAGE/nvme_basic.configure b/test/TEST-64-UDEV-STORAGE/nvme_basic.configure index 28ddfa4..b740c09 100755 --- a/test/TEST-64-UDEV-STORAGE/nvme_basic.configure +++ b/test/TEST-64-UDEV-STORAGE/nvme_basic.configure @@ -25,7 +25,7 @@ def add_drive(i: int, serial: str) -> None: "Options": "cache=unsafe", } ] - config["QemuArgs"] += ["-device", f"nvme,drive={id},serial={serial},num_queues=8"] + config["QemuArgs"] += ["-device", f"nvme,drive={id},serial={serial},max_ioqpairs=8"] for i in range(5): add_drive(i, serial=f"deadbeef{i}") diff --git a/test/TEST-73-LOCALE/meson.build b/test/TEST-73-LOCALE/meson.build index 8dec5f3..4f50d66 100644 --- a/test/TEST-73-LOCALE/meson.build +++ b/test/TEST-73-LOCALE/meson.build @@ -3,5 +3,6 @@ integration_tests += [ integration_test_template + { 'name' : fs.name(meson.current_source_dir()), + 'priority' : 10, }, ] diff --git a/test/TEST-74-AUX-UTILS/test.sh b/test/TEST-74-AUX-UTILS/test.sh index 2ee4a75..d47a0a2 100755 --- a/test/TEST-74-AUX-UTILS/test.sh +++ b/test/TEST-74-AUX-UTILS/test.sh @@ -31,6 +31,7 @@ test_append_files() { inst_binary ssh inst_binary sshd inst_binary ssh-keygen + image_install -o /usr/lib/ssh/sshd-session inst_binary usermod instmods vmw_vsock_virtio_transport instmods vsock_loopback diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py index 743a14c..d7a622a 100755 --- a/test/integration-test-wrapper.py +++ b/test/integration-test-wrapper.py @@ -134,7 +134,6 @@ def main(): '--runtime-network=none', '--runtime-scratch=no', *args.mkosi_args, - '--append', '--qemu-firmware', args.firmware, '--qemu-kvm', "auto" if not bool(int(os.getenv("TEST_NO_KVM", "0"))) else "no", '--kernel-command-line-extra', @@ -184,9 +183,8 @@ def main(): text=True, ).stdout ) - images = {image["Image"]: image for image in j["Images"]} - distribution = images["system"]["Distribution"] - release = images["system"]["Release"] + distribution = j["Images"][-1]["Distribution"] + release = j["Images"][-1]["Release"] artifact = f"ci-mkosi-{id}-{iteration}-{distribution}-{release}-failed-test-journals" ops += [f"gh run download {id} --name {artifact} -D ci/{artifact}"] journal_file = Path(f"ci/{artifact}/test/journal/{name}.journal") diff --git a/test/test-execute/exec-set-credential.service b/test/test-execute/exec-set-credential.service index 2263436..7f2e87f 100644 --- a/test/test-execute/exec-set-credential.service +++ b/test/test-execute/exec-set-credential.service @@ -5,7 +5,7 @@ Description=Test for SetCredential= [Service] ExecStart=sh -x -c 'test "$$(cat %d/test-execute.set-credential)" = "hoge"' ExecStartPost=sh -x -c 'test "$$(cat %d/test-execute.set-credential)" = "hoge"' -ExecStop=sh -x -c 'test "$$(cat %d/test-execute.set-credential)" = "hoge"' -ExecStopPost=sh -x -c 'test "$$(cat %d/test-execute.set-credential)" = "hoge"' +ExecStop=bash -x -c '[[ ! -v CREDENTIALS_DIRECTORY ]]' +ExecStopPost=bash -x -c '[[ ! -v CREDENTIALS_DIRECTORY ]]' Type=oneshot SetCredential=test-execute.set-credential:hoge diff --git a/test/test-functions b/test/test-functions index 03f188b..e219812 100644 --- a/test/test-functions +++ b/test/test-functions @@ -208,7 +208,7 @@ BASICTOOLS=( mount mountpoint mv - nc + ncat nproc ping pkill diff --git a/test/test-network/systemd-networkd-tests.py b/test/test-network/systemd-networkd-tests.py index 7c336ba..ba8e65e 100755 --- a/test/test-network/systemd-networkd-tests.py +++ b/test/test-network/systemd-networkd-tests.py @@ -7120,6 +7120,7 @@ class NetworkdDHCPPDTests(unittest.TestCase, Utilities): self.assertGreater(prefixInfo[0]['PreferredLifetimeUSec'], 0) self.assertGreater(prefixInfo[0]['ValidLifetimeUSec'], 0) + @unittest.skipUnless(shutil.which('dhcpd'), reason="dhcpd is not available on CentOS Stream 10") def test_dhcp6pd_no_address(self): # For issue #29979. copy_network_unit('25-veth.netdev', '25-dhcp6pd-server.network', '25-dhcp6pd-upstream-no-address.network') @@ -7136,6 +7137,7 @@ class NetworkdDHCPPDTests(unittest.TestCase, Utilities): self.check_dhcp6_prefix('veth99') + @unittest.skipUnless(shutil.which('dhcpd'), reason="dhcpd is not available on CentOS Stream 10") def test_dhcp6pd_no_assign(self): # Similar to test_dhcp6pd_no_assign(), but in this case UseAddress=yes (default), # However, the server does not provide IA_NA. For issue #31349. @@ -7153,6 +7155,7 @@ class NetworkdDHCPPDTests(unittest.TestCase, Utilities): self.check_dhcp6_prefix('veth99') + @unittest.skipUnless(shutil.which('dhcpd'), reason="dhcpd is not available on CentOS Stream 10") def test_dhcp6pd(self): copy_network_unit('25-veth.netdev', '25-dhcp6pd-server.network', '25-dhcp6pd-upstream.network', '25-veth-downstream-veth97.netdev', '25-dhcp-pd-downstream-veth97.network', '25-dhcp-pd-downstream-veth97-peer.network', diff --git a/test/units/TEST-07-PID1.exec-context.sh b/test/units/TEST-07-PID1.exec-context.sh index a3379ef..cf39af0 100755 --- a/test/units/TEST-07-PID1.exec-context.sh +++ b/test/units/TEST-07-PID1.exec-context.sh @@ -186,27 +186,27 @@ if ! systemd-detect-virt -cq; then ) # We should fail with EPERM when trying to bind to a socket not on the allow list - # (nc exits with 2 in that case) + # (ncat exits with 2 in that case) systemd-run --wait -p SuccessExitStatus="1 2" --pipe "${ARGUMENTS[@]}" \ - bash -xec 'timeout 1s nc -l 127.0.0.1 9999; exit 42' + bash -xec 'timeout 1s ncat -l 127.0.0.1 9999; exit 42' systemd-run --wait -p SuccessExitStatus="1 2" --pipe "${ARGUMENTS[@]}" \ - bash -xec 'timeout 1s nc -l ::1 9999; exit 42' + bash -xec 'timeout 1s ncat -l ::1 9999; exit 42' systemd-run --wait -p SuccessExitStatus="1 2" --pipe "${ARGUMENTS[@]}" \ - bash -xec 'timeout 1s nc -6 -u -l ::1 9999; exit 42' + bash -xec 'timeout 1s ncat -6 -u -l ::1 9999; exit 42' systemd-run --wait -p SuccessExitStatus="1 2" --pipe "${ARGUMENTS[@]}" \ - bash -xec 'timeout 1s nc -4 -l 127.0.0.1 6666; exit 42' + bash -xec 'timeout 1s ncat -4 -l 127.0.0.1 6666; exit 42' systemd-run --wait -p SuccessExitStatus="1 2" --pipe -p SocketBindDeny=any \ - bash -xec 'timeout 1s nc -l 127.0.0.1 9999; exit 42' + bash -xec 'timeout 1s ncat -l 127.0.0.1 9999; exit 42' # Consequently, we should succeed when binding to a socket on the allow list # and keep listening on it until we're killed by `timeout` (EC 124) systemd-run --wait --pipe -p SuccessExitStatus=124 "${ARGUMENTS[@]}" \ - bash -xec 'timeout 1s nc -4 -l 127.0.0.1 1234; exit 1' + bash -xec 'timeout 1s ncat -4 -l 127.0.0.1 1234; exit 1' systemd-run --wait --pipe -p SuccessExitStatus=124 "${ARGUMENTS[@]}" \ - bash -xec 'timeout 1s nc -4 -u -l 127.0.0.1 5678; exit 1' + bash -xec 'timeout 1s ncat -4 -u -l 127.0.0.1 5678; exit 1' systemd-run --wait --pipe -p SuccessExitStatus=124 "${ARGUMENTS[@]}" \ - bash -xec 'timeout 1s nc -6 -l ::1 1234; exit 1' + bash -xec 'timeout 1s ncat -6 -l ::1 1234; exit 1' systemd-run --wait --pipe -p SuccessExitStatus=124 "${ARGUMENTS[@]}" \ - bash -xec 'timeout 1s nc -6 -l ::1 6666; exit 1' + bash -xec 'timeout 1s ncat -6 -l ::1 6666; exit 1' fi losetup -d "$LODEV" diff --git a/test/units/TEST-07-PID1.issue-2467.sh b/test/units/TEST-07-PID1.issue-2467.sh index de0577b..083a1e7 100755 --- a/test/units/TEST-07-PID1.issue-2467.sh +++ b/test/units/TEST-07-PID1.issue-2467.sh @@ -8,7 +8,7 @@ set -o pipefail rm -f /tmp/nonexistent systemctl start issue2467.socket -nc -i20 -w20 -U /run/test.ctl || : +ncat -i20 -w20 -U /run/test.ctl || : # TriggerLimitIntervalSec= by default is set to 2s. A "sleep 10" should give # systemd enough time even on slower machines, to reach the trigger limit. diff --git a/test/units/TEST-07-PID1.issue-3171.sh b/test/units/TEST-07-PID1.issue-3171.sh index 374df54..e1a4b64 100755 --- a/test/units/TEST-07-PID1.issue-3171.sh +++ b/test/units/TEST-07-PID1.issue-3171.sh @@ -30,21 +30,21 @@ EOF systemctl start issue-3171.socket systemctl is-active issue-3171.socket [[ "$(stat --format='%G' /run/issue-3171.socket)" == adm ]] -echo A | nc -w1 -U /run/issue-3171.socket +echo A | ncat -w1 -U /run/issue-3171.socket mv $U ${U}.disabled systemctl daemon-reload systemctl is-active issue-3171.socket [[ "$(stat --format='%G' /run/issue-3171.socket)" == adm ]] -echo B | nc -w1 -U /run/issue-3171.socket && exit 1 +echo B | ncat -w1 -U /run/issue-3171.socket && exit 1 mv ${U}.disabled $U systemctl daemon-reload systemctl is-active issue-3171.socket -echo C | nc -w1 -U /run/issue-3171.socket && exit 1 +echo C | ncat -w1 -U /run/issue-3171.socket && exit 1 [[ "$(stat --format='%G' /run/issue-3171.socket)" == adm ]] systemctl restart issue-3171.socket systemctl is-active issue-3171.socket -echo D | nc -w1 -U /run/issue-3171.socket +echo D | ncat -w1 -U /run/issue-3171.socket [[ "$(stat --format='%G' /run/issue-3171.socket)" == adm ]] diff --git a/test/units/TEST-07-PID1.issue-33672.sh b/test/units/TEST-07-PID1.issue-33672.sh new file mode 100755 index 0000000..370497c --- /dev/null +++ b/test/units/TEST-07-PID1.issue-33672.sh @@ -0,0 +1,40 @@ +#!/usr/bin/env bash +# SPDX-License-Identifier: LGPL-2.1-or-later +# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*- +# ex: ts=8 sw=4 sts=4 et filetype=sh + +set -eux +set -o pipefail + +# shellcheck source=test/units/util.sh +. "$(dirname "$0")"/util.sh + +# systemctl status always shows daemon-reload warning for a masked service with drop-ins +# Issue: https://github.com/systemd/systemd/issues/33672 + +UNIT=test-23-NeedDaemonReload.service + +cleanup() { + rm -rf /run/systemd/system/"$UNIT" /run/systemd/system/"$UNIT".d + systemctl daemon-reload +} + +trap cleanup EXIT + +cat > /run/systemd/system/"$UNIT" < /run/systemd/system/"$UNIT".d/desc.conf < /tmp/wrongext/usr/lib/systemd/system/app0.service -touch /tmp/wrongext/usr/lib/extension-release.d/extension-release.wrongext_somethingwrong.txt -cp /tmp/rootdir/usr/lib/os-release /tmp/wrongext/usr/lib/extension-release.d/extension-release.app0 -setfattr -n user.extension-release.strict -v "false" /tmp/wrongext/usr/lib/extension-release.d/extension-release.app0 -portablectl "${ARGS[@]}" attach --runtime --extension /tmp/wrongext /tmp/rootdir app0 +trap 'rm -rf /var/cache/wrongext' EXIT +mkdir -p /var/cache/wrongext/usr/lib/extension-release.d /var/cache/wrongext/usr/lib/systemd/system/ +echo "[Service]" > /var/cache/wrongext/usr/lib/systemd/system/app0.service +touch /var/cache/wrongext/usr/lib/extension-release.d/extension-release.wrongext_somethingwrong.txt +cp /tmp/rootdir/usr/lib/os-release /var/cache/wrongext/usr/lib/extension-release.d/extension-release.app0 +setfattr -n user.extension-release.strict -v "false" /var/cache/wrongext/usr/lib/extension-release.d/extension-release.app0 +portablectl "${ARGS[@]}" attach --runtime --extension /var/cache/wrongext /tmp/rootdir app0 status="$(portablectl is-attached --extension wrongext rootdir)" [[ "${status}" == "attached-runtime" ]] -portablectl detach --runtime --extension /tmp/wrongext /tmp/rootdir app0 +portablectl detach --runtime --extension /var/cache/wrongext /tmp/rootdir app0 umount /tmp/rootdir umount /tmp/app0 diff --git a/test/units/TEST-55-OOMD-testbloat.service b/test/units/TEST-55-OOMD-testbloat.service index ba4f2bc..70c8772 100644 --- a/test/units/TEST-55-OOMD-testbloat.service +++ b/test/units/TEST-55-OOMD-testbloat.service @@ -3,8 +3,8 @@ Description=Create a lot of memory pressure [Service] -# A VERY small memory.high will cause the 'stress' (trying to use a lot of memory) +# A VERY small memory.high will cause the 'stress-ng' (trying to use a lot of memory) # to throttle and be put under heavy pressure. MemoryHigh=3M Slice=TEST-55-OOMD-workload.slice -ExecStart=stress --timeout 3m --vm 10 --vm-bytes 200M --vm-keep --vm-stride 1 +ExecStart=stress-ng --timeout 3m --vm 10 --vm-bytes 200M --vm-keep diff --git a/test/units/TEST-55-OOMD-testmunch.service b/test/units/TEST-55-OOMD-testmunch.service index 5659906..79bd018 100644 --- a/test/units/TEST-55-OOMD-testmunch.service +++ b/test/units/TEST-55-OOMD-testmunch.service @@ -5,4 +5,4 @@ Description=Create some memory pressure [Service] MemoryHigh=12M Slice=TEST-55-OOMD-workload.slice -ExecStart=stress --timeout 3m --vm 10 --vm-bytes 200M --vm-keep --vm-stride 1 +ExecStart=stress-ng --timeout 3m --vm 10 --vm-bytes 200M --vm-keep diff --git a/test/units/TEST-55-OOMD.sh b/test/units/TEST-55-OOMD.sh index b04ebca..944067c 100755 --- a/test/units/TEST-55-OOMD.sh +++ b/test/units/TEST-55-OOMD.sh @@ -6,14 +6,6 @@ set -o pipefail # shellcheck source=test/units/util.sh . "$(dirname "$0")"/util.sh -. /etc/os-release -# OpenSUSE does not have the stress tool packaged. It does have stress-ng but the stress-ng does not support -# --vm-stride which this test uses. -if [[ "$ID" =~ "opensuse" ]]; then - echo "Skipping due to missing stress package in OpenSUSE" >>/skipped - exit 77 -fi - systemd-analyze log-level debug # Ensure that the init.scope.d drop-in is applied on boot diff --git a/test/units/TEST-73-LOCALE.sh b/test/units/TEST-73-LOCALE.sh index 18539b8..06c8c56 100755 --- a/test/units/TEST-73-LOCALE.sh +++ b/test/units/TEST-73-LOCALE.sh @@ -657,6 +657,29 @@ testcase_locale_gen_leading_space() { # running on. export SYSTEMD_KBD_MODEL_MAP=/usr/lib/systemd/tests/testdata/test-keymap-util/kbd-model-map +# On Debian and derivatives writing calls to localed are blocked as other tools are used to change settings, +# override that policy +mkdir -p /etc/dbus-1/system.d/ +cat >/etc/dbus-1/system.d/systemd-localed-read-only.conf < + + + + + + + + + + + + + +EOF +trap 'rm -f /etc/dbus-1/system.d/systemd-localed-read-only.conf' EXIT +systemctl reload dbus.service + enable_debug run_testcases diff --git a/tools/fetch-distro.py b/tools/fetch-distro.py new file mode 100755 index 0000000..9fc5b1b --- /dev/null +++ b/tools/fetch-distro.py @@ -0,0 +1,126 @@ +#!/usr/bin/env python3 +# SPDX-License-Identifier: LGPL-2.1-or-later + +""" +Check out pkg/{distribution}. +With -u, fetch commits, and if changed, commit the latest hash. +""" + +import argparse +import json +import shlex +import subprocess +from pathlib import Path + +def parse_args(): + p = argparse.ArgumentParser( + description=__doc__, + ) + p.add_argument( + 'distribution', + nargs='+', + ) + p.add_argument( + '--no-fetch', + dest='fetch', + action='store_false', + default=True, + ) + p.add_argument( + '--update', '-u', + action='store_true', + default=False, + ) + return p.parse_args() + +def read_config(distro: str): + cmd = ['mkosi', '--json', '-d', distro, 'summary'] + print(f"+ {shlex.join(cmd)}") + text = subprocess.check_output(cmd, text=True) + + data = json.loads(text) + images = {image["Image"]: image for image in data["Images"]} + return images["build"] + +def commit_file(distro: str, file: Path, commit: str, changes: str): + message = '\n'.join(( + f'mkosi: update {distro} commit reference', + '', + changes)) + + cmd = ['git', 'commit', '-m', message, str(file)] + print(f"+ {shlex.join(cmd)}") + subprocess.check_call(cmd) + +def checkout_distro(args, distro: str, config: dict): + dest = Path(f'pkg/{distro}') + if dest.exists(): + print(f'{dest} already exists.') + return + + url = config['Environment']['GIT_URL'] + branch = config['Environment']['GIT_BRANCH'] + + # Only debian uses source-git for now… + reference = [f'--reference-if-able=.'] if distro == 'debian' else [] + + cmd = [ + 'git', 'clone', url, + f'--branch={branch}', + dest.as_posix(), + *reference, + ] + print(f"+ {shlex.join(cmd)}") + subprocess.check_call(cmd) + + args.fetch = False # no need to fetch if we just cloned + +def update_distro(args, distro: str, config: dict): + branch = config['Environment']['GIT_BRANCH'] + old_commit = config['Environment']['GIT_COMMIT'] + + cmd = ['git', '-C', f'pkg/{distro}', 'switch', branch] + print(f"+ {shlex.join(cmd)}") + subprocess.check_call(cmd) + + cmd = ['git', '-C', f'pkg/{distro}', 'fetch', 'origin', '-v', + f'{branch}:remotes/origin/{branch}'] + print(f"+ {shlex.join(cmd)}") + subprocess.check_call(cmd) + + cmd = ['git', '-C', f'pkg/{distro}', 'rev-parse', f'refs/remotes/origin/{branch}'] + print(f"+ {shlex.join(cmd)}") + new_commit = subprocess.check_output(cmd, text=True).strip() + + if old_commit == new_commit: + print(f'{distro}: commit {new_commit!s} is still fresh') + return + + cmd = ['git', '-C', f'pkg/{distro}', 'log', '--graph', + '--pretty=oneline', '--no-decorate', '--abbrev-commit', '--abbrev=10', + f'{old_commit}..{new_commit}'] + print(f"+ {shlex.join(cmd)}") + changes = subprocess.check_output(cmd, text=True).strip() + + conf_dir = Path('mkosi.images/build/mkosi.conf.d') + files = conf_dir.glob('*/*.conf') + for file in files: + s = file.read_text() + if old_commit in s: + print(f'{distro}: {file}: found old hash, updating…') + new = s.replace(old_commit, new_commit) + assert new != s + file.write_text(new) + commit_file(distro, file, new_commit, changes) + break + else: + raise ValueError(f'{distro}: hash {new_commit} not found under {conf_dir}') + +if __name__ == '__main__': + args = parse_args() + + for distro in args.distribution: + config = read_config(distro) + checkout_distro(args, distro, config) + if args.update: + update_distro(args, distro, config) diff --git a/tools/update-distro-hash.py b/tools/update-distro-hash.py deleted file mode 100755 index 16ed2e7..0000000 --- a/tools/update-distro-hash.py +++ /dev/null @@ -1,89 +0,0 @@ -#!/usr/bin/env python3 -# SPDX-License-Identifier: LGPL-2.1-or-later - -""" -Fetch commits for pkg/{distribution} and, if changed, commit the latest hash. -""" - -import argparse -import json -import shlex -import subprocess -from pathlib import Path - -def parse_args(): - p = argparse.ArgumentParser( - description=__doc__, - ) - p.add_argument( - 'distribution', - nargs='+', - ) - p.add_argument( - '--no-fetch', - dest='fetch', - action='store_false', - default=True, - ) - return p.parse_args() - -def read_config(distro: str): - cmd = ['mkosi', '--json', '-d', distro, 'summary'] - print(f"+ {shlex.join(cmd)}") - text = subprocess.check_output(cmd, text=True) - - data = json.loads(text) - return data['Images'][-1] - -def commit_file(distro: str, file: Path, commit: str, changes: str): - message = '\n'.join(( - f'mkosi: update {distro} commit reference', - '', - changes)) - - cmd = ['git', 'commit', '-m', message, str(file)] - print(f"+ {shlex.join(cmd)}") - subprocess.check_call(cmd) - -def update_distro(args, distro: str): - cmd = ['git', '-C', f'pkg/{distro}', 'fetch'] - print(f"+ {shlex.join(cmd)}") - subprocess.check_call(cmd) - - config = read_config(distro) - - branch = config['Environment']['GIT_BRANCH'] - old_commit = config['Environment']['GIT_COMMIT'] - - cmd = ['git', '-C', f'pkg/{distro}', 'rev-parse', f'refs/remotes/origin/{branch}'] - print(f"+ {shlex.join(cmd)}") - new_commit = subprocess.check_output(cmd, text=True).strip() - - if old_commit == new_commit: - print(f'{distro}: commit {new_commit!s} is still fresh') - return - - cmd = ['git', '-C', f'pkg/{distro}', 'log', '--graph', - '--pretty=oneline', '--no-decorate', '--abbrev-commit', '--abbrev=10', - f'{old_commit}..{new_commit}'] - print(f"+ {shlex.join(cmd)}") - changes = subprocess.check_output(cmd, text=True).strip() - - conf_dir = Path('mkosi.images/system/mkosi.conf.d') - files = conf_dir.glob('*/*.conf') - for file in files: - s = file.read_text() - if old_commit in s: - print(f'{distro}: {file}: found old hash, updating…') - new = s.replace(old_commit, new_commit) - assert new != s - file.write_text(new) - commit_file(distro, file, new_commit, changes) - break - else: - raise ValueError(f'{distro}: hash {new_commit} not found under {conf_dir}') - -if __name__ == '__main__': - args = parse_args() - for distro in args.distribution: - update_distro(args, distro) diff --git a/tools/vcs-tag.sh b/tools/vcs-tag.sh new file mode 100755 index 0000000..5da39cc --- /dev/null +++ b/tools/vcs-tag.sh @@ -0,0 +1,17 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +MODE="$1" + +if ! [[ -d .git ]] || git describe --tags --exact-match &>/dev/null; then + exit 0 +fi + +if [[ "$MODE" == "developer" ]]; then + DIRTY="--dirty=^" +else + DIRTY="" +fi + +echo "-g$(git describe --abbrev=7 --match="" --always $DIRTY)" diff --git a/units/systemd-bsod.service.in b/units/systemd-bsod.service.in index 2d2f988..4c8f837 100644 --- a/units/systemd-bsod.service.in +++ b/units/systemd-bsod.service.in @@ -8,7 +8,7 @@ # (at your option) any later version. [Unit] -Description=Displays emergency message in full screen. +Description=Display Boot-Time Emergency Messages In Full Screen Documentation=man:systemd-bsod.service(8) ConditionVirtualization=no DefaultDependencies=no diff --git a/units/systemd-fsck@.service.in b/units/systemd-fsck@.service.in index 65521b1..8eb4821 100644 --- a/units/systemd-fsck@.service.in +++ b/units/systemd-fsck@.service.in @@ -12,7 +12,8 @@ Description=File System Check on %f Documentation=man:systemd-fsck@.service(8) DefaultDependencies=no BindsTo=%i.device -Conflicts=shutdown.target +IgnoreOnIsolate=yes +Conflicts=reboot.target kexec.target poweroff.target halt.target After=%i.device systemd-fsck-root.service local-fs-pre.target Before=systemd-quotacheck.service shutdown.target -- cgit v1.2.3