From fc53809803cd2bc2434e312b19a18fa36776da12 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Wed, 12 Jun 2024 05:50:40 +0200 Subject: Adding upstream version 256. Signed-off-by: Daniel Baumann --- mkosi.images/system/mkosi.conf.d/05-initrd.conf | 12 -- mkosi.images/system/mkosi.conf.d/10-arch.conf | 27 ---- .../system/mkosi.conf.d/10-arch/mkosi.build.chroot | 93 ++++++++++++++ .../system/mkosi.conf.d/10-arch/mkosi.conf | 71 +++++++++++ .../10-arch/mkosi.conf.d/10-debug.conf | 7 + .../system/mkosi.conf.d/10-arch/mkosi.prepare | 29 +++++ .../system/mkosi.conf.d/10-centos-fedora.conf | 32 ----- .../10-centos-fedora/mkosi.build.chroot | 116 +++++++++++++++++ .../mkosi.conf.d/10-centos-fedora/mkosi.conf | 75 +++++++++++ .../10-centos-fedora/mkosi.conf.d/10-debug.conf | 17 +++ .../10-centos-fedora/mkosi.conf.d/10-selinux.conf | 20 +++ .../mkosi.conf.d/10-centos-fedora/mkosi.prepare | 65 ++++++++++ .../system/mkosi.conf.d/10-centos/mkosi.conf | 11 +- .../usr/lib/repart.d/20-root.conf.d/xfs.conf | 5 - .../mkosi.repart/10-usr.conf.d/squashfs.conf | 5 - .../system/mkosi.conf.d/10-debian-amd64.conf | 10 -- .../system/mkosi.conf.d/10-debian-arm64.conf | 10 -- .../system/mkosi.conf.d/10-debian-ubuntu.conf | 29 ----- .../10-debian-ubuntu/mkosi.build.chroot | 142 +++++++++++++++++++++ .../mkosi.conf.d/10-debian-ubuntu/mkosi.conf | 93 ++++++++++++++ .../10-debian-ubuntu/mkosi.conf.d/10-debug.conf | 27 ++++ .../10-debian-ubuntu/mkosi.conf.d/network.conf | 7 + .../mkosi.conf.d/10-debian-ubuntu/mkosi.postinst | 29 +++++ .../mkosi.conf.d/10-debian-ubuntu/mkosi.prepare | 18 +++ .../system/mkosi.conf.d/10-debian/mkosi.conf | 4 + .../mkosi.conf.d/10-debian/mkosi.conf.d/arm64.conf | 8 ++ .../10-debian/mkosi.conf.d/x86-64.conf | 8 ++ mkosi.images/system/mkosi.conf.d/10-fedora.conf | 10 -- .../system/mkosi.conf.d/10-fedora/mkosi.conf | 23 ++++ mkosi.images/system/mkosi.conf.d/10-opensuse.conf | 23 ---- .../mkosi.conf.d/10-opensuse/initrd/mkosi.postinst | 7 + .../mkosi.conf.d/10-opensuse/mkosi.build.chroot | 132 +++++++++++++++++++ .../system/mkosi.conf.d/10-opensuse/mkosi.conf | 100 +++++++++++++++ .../10-opensuse/mkosi.conf.d/10-debug.conf | 22 ++++ .../system/mkosi.conf.d/10-opensuse/mkosi.prepare | 61 +++++++++ mkosi.images/system/mkosi.conf.d/10-ubuntu.conf | 11 -- .../system/mkosi.conf.d/10-ubuntu/mkosi.conf | 13 ++ .../mkosi.conf.d/10-ubuntu/noble-backports.sources | 6 + mkosi.images/system/mkosi.conf.d/20-images.conf | 22 ++++ .../system/mkosi.conf.d/20-particle/mkosi.conf | 15 +++ .../mkosi.extra/usr/lib/repart.d/15-swap.conf | 6 + .../mkosi.extra/usr/lib/repart.d/20-root.conf | 6 + .../mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf | 3 + .../system/mkosi.conf.d/20-particle/mkosi.finalize | 6 + .../mkosi.conf.d/20-particle/mkosi.postinst.chroot | 12 ++ .../20-particle/mkosi.repart/00-esp.conf | 9 ++ .../20-particle/mkosi.repart/10-usr.conf | 9 ++ .../20-particle/mkosi.repart/11-usr-verity.conf | 7 + .../mkosi.repart/12-usr-verity-sig.conf | 6 + 49 files changed, 1304 insertions(+), 175 deletions(-) delete mode 100644 mkosi.images/system/mkosi.conf.d/05-initrd.conf delete mode 100644 mkosi.images/system/mkosi.conf.d/10-arch.conf create mode 100755 mkosi.images/system/mkosi.conf.d/10-arch/mkosi.build.chroot create mode 100644 mkosi.images/system/mkosi.conf.d/10-arch/mkosi.conf create mode 100644 mkosi.images/system/mkosi.conf.d/10-arch/mkosi.conf.d/10-debug.conf create mode 100755 mkosi.images/system/mkosi.conf.d/10-arch/mkosi.prepare delete mode 100644 mkosi.images/system/mkosi.conf.d/10-centos-fedora.conf create mode 100755 mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.build.chroot create mode 100644 mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf create mode 100644 mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-debug.conf create mode 100644 mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-selinux.conf create mode 100755 mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.prepare delete mode 100644 mkosi.images/system/mkosi.conf.d/10-centos/mkosi.extra/usr/lib/repart.d/20-root.conf.d/xfs.conf delete mode 100644 mkosi.images/system/mkosi.conf.d/10-centos/mkosi.repart/10-usr.conf.d/squashfs.conf delete mode 100644 mkosi.images/system/mkosi.conf.d/10-debian-amd64.conf delete mode 100644 mkosi.images/system/mkosi.conf.d/10-debian-arm64.conf delete mode 100644 mkosi.images/system/mkosi.conf.d/10-debian-ubuntu.conf create mode 100755 mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.build.chroot create mode 100644 mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf create mode 100644 mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/10-debug.conf create mode 100644 mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf create mode 100755 mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.postinst create mode 100755 mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.prepare create mode 100644 mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf create mode 100644 mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf.d/arm64.conf create mode 100644 mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf.d/x86-64.conf delete mode 100644 mkosi.images/system/mkosi.conf.d/10-fedora.conf create mode 100644 mkosi.images/system/mkosi.conf.d/10-fedora/mkosi.conf delete mode 100644 mkosi.images/system/mkosi.conf.d/10-opensuse.conf create mode 100755 mkosi.images/system/mkosi.conf.d/10-opensuse/initrd/mkosi.postinst create mode 100755 mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.build.chroot create mode 100644 mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf create mode 100644 mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf.d/10-debug.conf create mode 100755 mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.prepare delete mode 100644 mkosi.images/system/mkosi.conf.d/10-ubuntu.conf create mode 100644 mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf create mode 100644 mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports.sources create mode 100644 mkosi.images/system/mkosi.conf.d/20-images.conf create mode 100644 mkosi.images/system/mkosi.conf.d/20-particle/mkosi.conf create mode 100644 mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/15-swap.conf create mode 100644 mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/20-root.conf create mode 100644 mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf create mode 100755 mkosi.images/system/mkosi.conf.d/20-particle/mkosi.finalize create mode 100755 mkosi.images/system/mkosi.conf.d/20-particle/mkosi.postinst.chroot create mode 100644 mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/00-esp.conf create mode 100644 mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/10-usr.conf create mode 100644 mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/11-usr-verity.conf create mode 100644 mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/12-usr-verity-sig.conf (limited to 'mkosi.images/system/mkosi.conf.d') diff --git a/mkosi.images/system/mkosi.conf.d/05-initrd.conf b/mkosi.images/system/mkosi.conf.d/05-initrd.conf deleted file mode 100644 index 9f21754..0000000 --- a/mkosi.images/system/mkosi.conf.d/05-initrd.conf +++ /dev/null @@ -1,12 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Bootable=!no -Format=|disk -Format=|directory - -[Config] -Dependencies=initrd - -[Content] -Initrds=../../mkosi.output/initrd diff --git a/mkosi.images/system/mkosi.conf.d/10-arch.conf b/mkosi.images/system/mkosi.conf.d/10-arch.conf deleted file mode 100644 index e1a511c..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-arch.conf +++ /dev/null @@ -1,27 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=arch - -[Content] -Packages= - bpf - btrfs-progs - compsize - dhcp - f2fs-tools - glib2 - iproute - linux - man-db - openbsd-netcat - openssh - pacman - polkit - python-pefile - python-psutil - python-pytest - python3 - quota-tools - shadow - vim diff --git a/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.build.chroot b/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.build.chroot new file mode 100755 index 0000000..1f6e0c3 --- /dev/null +++ b/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.build.chroot @@ -0,0 +1,93 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +if ((NO_BUILD)); then + exit 0 +fi + +# shellcheck source=/dev/null +. /usr/lib/os-release + +if [ ! -f "pkg/$ID/PKGBUILD" ]; then + echo "PKGBUILD not found at pkg/$ID/PKGBUILD, run mkosi once with -ff to make sure the PKGBUILD is cloned" >&2 + exit 1 +fi + +# We can't configure the source or build directory so we use symlinks instead to make sure they are in the +# expected locations. +ln --symbolic "$SRCDIR" "pkg/$ID/systemd-stable" +ln --symbolic "$BUILDDIR" "pkg/$ID/build" +# Because we run with --noextract we are responsible for making sure the source files appear in src/. +ln --symbolic . "pkg/$ID/src" + +MKOSI_CFLAGS="-O0 -Wp,-U_FORTIFY_SOURCE" +if ((LLVM)); then + # TODO: Remove -fno-sanitize-function when https://github.com/systemd/systemd/issues/29972 is fixed. + MKOSI_CFLAGS="$MKOSI_CFLAGS -shared-libasan -fno-sanitize=function" +fi + +MKOSI_LDFLAGS="" +if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then + MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(clang --print-file-name="")lib/linux" +fi + +MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}" +if ((WIPE)); then + MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe" +fi + +# Override the default options. We specifically disable "strip", "zipman" and "lto" as they slow down builds +# significantly. OPTIONS= cannot be overridden on the makepkg command line so we append to /etc/makepkg.conf +# instead. The rootfs is overlaid with a writable tmpfs during the build script so these changes don't end up +# in the image itself. +tee --append /etc/makepkg.conf >/dev/null <&2 + exit 1 +fi + +# We get depends and optdepends from .SRCINFO as getting them from the PKGBUILD is rather complex. +sed --expression 's/^[ \t]*//' "pkg/$ID/.SRCINFO" | + grep --regexp '^depends =' --regexp '^optdepends =' | + sed --expression 's/^depends = //' --expression 's/^optdepends = //' --expression 's/:.*//' --expression 's/=.*//' | + xargs --delimiter '\n' mkosi-install + +# We get makedepends from the PKGBUILD as .SRCINFO can't encode conditional dependencies depending on +# whether some environment variable is set or not. +# shellcheck source=/dev/null +_systemd_UPSTREAM=1 . "pkg/$ID/PKGBUILD" + +# shellcheck disable=SC2154 +mkosi-install "${makedepends[@]}" diff --git a/mkosi.images/system/mkosi.conf.d/10-centos-fedora.conf b/mkosi.images/system/mkosi.conf.d/10-centos-fedora.conf deleted file mode 100644 index 67d4643..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-centos-fedora.conf +++ /dev/null @@ -1,32 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=|centos -Distribution=|fedora - -[Content] -Packages= - bpftool - cryptsetup - dhcp-server - dnf - glib2 - integritysetup - iproute - iproute-tc - kernel-core - libcap-ng-utils - netcat - openssh-server - p11-kit - pam - passwd - polkit - procps-ng - python3 - python3dist(pefile) - python3dist(pluggy) # python3-pluggy is a pytest dependency that's not installed for some reason. - python3dist(psutil) - python3dist(pytest) - quota - vim-common diff --git a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.build.chroot b/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.build.chroot new file mode 100755 index 0000000..2c05787 --- /dev/null +++ b/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.build.chroot @@ -0,0 +1,116 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +if ((NO_BUILD)); then + exit 0 +fi + +# shellcheck source=/dev/null +. /usr/lib/os-release + +if [ ! -f "pkg/$ID/systemd.spec" ]; then + echo "spec not found at pkg/$ID/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2 + exit 1 +fi + +if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then + TS="$(git show --no-patch --format=%ct HEAD)" +else + TS="${SOURCE_DATE_EPOCH:-$(date +%s)}" +fi + +if systemd-analyze compare-versions "$(rpm --version | cut -d ' ' -f3)" lt "4.19.91"; then + # Fix the %install override so debuginfo packages are generated even when --build-in-place is used. + # See https://github.com/rpm-software-management/rpm/issues/3042. + tee --append /usr/lib/rpm/redhat/macros <<'EOF' +%install %{?_enable_debug_packages:%{debug_package}}\ +%%install\ +%{nil} +EOF +fi + +VERSION="$(cat meson.version)" +RELEASE="$(date "+%Y%m%d%H%M%S" --date "@$TS")" + +DIST="$(rpm --eval %dist)" +ARCH="$(rpm --eval %_arch)" +SRCDEST="/usr/src/debug/systemd-$VERSION-${RELEASE}${DIST}.$ARCH" + +COMMON_MACRO_OVERRIDES=( + --define "toolchain $( ((LLVM)) && echo clang || echo gcc)" + --define "_fortify_level 0" + --undefine _lto_cflags + # TODO: Remove once redhat-rpm-config 292 is available everywhere. + --define "_hardening_clang_cflags --config=/usr/lib/rpm/redhat/redhat-hardened-clang.cfg" + --define "_hardening_clang_ldflags --config=/usr/lib/rpm/redhat/redhat-hardened-clang-ld.cfg" +) + +# TODO: Drop -U_FORTIFY_SOURCE when we switch to CentOS Stream 10. +MKOSI_CFLAGS="-O0 -Wp,-U_FORTIFY_SOURCE" +if ((WITH_DEBUG)); then + MKOSI_CFLAGS="$MKOSI_CFLAGS -fdebug-prefix-map=../src=$SRCDEST" +fi +if ((LLVM)); then + # TODO: Remove -fno-sanitize-function when https://github.com/systemd/systemd/issues/29972 is fixed. + MKOSI_CFLAGS="$MKOSI_CFLAGS -shared-libasan -fno-sanitize=function" +fi + +MKOSI_LDFLAGS="" +if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then + MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(dirname "$(clang --print-file-name=libclang_rt.asan.so)")" +fi + +MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}" +if ((WIPE)); then + MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe" +fi + +IFS= +# TODO: Replace meson_build and meson_install overrides with "--undefine __meson_verbose" once +# https://github.com/mesonbuild/meson/pull/12835 is available. +# shellcheck disable=SC2046 +env \ +--unset=CFLAGS \ +--unset=CXXFLAGS \ +--unset=LDFLAGS \ +ANNOBIN="no-active-checks" \ +CC_LD="$( ((LLVM)) && echo lld)" \ +CXX_LD="$( ((LLVM)) && echo lld)" \ + rpmbuild \ + -bb \ + --build-in-place \ + --with upstream \ + $( ((WITH_TESTS)) || echo "--nocheck") \ + $( ((WITH_DOCS)) || echo "--without=docs") \ + --define "_topdir /var/tmp" \ + --define "_sourcedir pkg/$ID" \ + --define "_rpmdir $OUTPUTDIR" \ + ${BUILDDIR:+"--define=_vpath_builddir $BUILDDIR"} \ + --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \ + --define "_binary_payload w.ufdio" \ + $( ((WITH_DEBUG)) || echo "--define=debug_package %{nil}") \ + --define "version_override $VERSION" \ + --define "release_override $RELEASE" \ + "${COMMON_MACRO_OVERRIDES[@]}" \ + --define "build_cflags $(rpm "${COMMON_MACRO_OVERRIDES[@]}" --eval "%{?build_cflags}") $MKOSI_CFLAGS $CFLAGS" \ + --define "build_cxxflags $(rpm "${COMMON_MACRO_OVERRIDES[@]}" --eval "%{?build_cxxflags}") $MKOSI_CFLAGS $CFLAGS" \ + --define "build_ldflags $(rpm "${COMMON_MACRO_OVERRIDES[@]}" --eval "%{?build_ldflags}") $MKOSI_LDFLAGS $LDFLAGS" \ + --define "meson_build %{shrink:%{__meson} compile -C %{_vpath_builddir} -j %{_smp_build_ncpus} $( ((MESON_VERBOSE)) && echo --verbose) %{nil}}" \ + --define "meson_install %{shrink:DESTDIR=%{buildroot} %{__meson} install -C %{_vpath_builddir} --no-rebuild --quiet %{nil}}" \ + --define "meson_extra_configure_options $MKOSI_MESON_OPTIONS $MESON_OPTIONS" \ + $( ((WITH_DEBUG)) || echo "--define=__brp_strip %{nil}") \ + --define "__brp_compress %{nil}" \ + --define "__brp_mangle_shebangs %{nil}" \ + --define "__brp_strip_comment_note %{nil}" \ + --define "__brp_strip_static_archive %{nil}" \ + --define "__brp_check_rpaths %{nil}" \ + --define "__elf_exclude_path ^/usr/lib/systemd/tests/unit-tests/.*$" \ + --define "__script_requires %{nil}" \ + --define "_find_debuginfo_dwz_opts %{nil}" \ + --define "_fixperms true" \ + --undefine _package_note_flags \ + --noclean \ + "pkg/$ID/systemd.spec" + +cp "$OUTPUTDIR"/*.rpm "$PACKAGEDIR" diff --git a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf new file mode 100644 index 0000000..6fbd507 --- /dev/null +++ b/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf @@ -0,0 +1,75 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=|centos +Distribution=|fedora + +[Content] +VolatilePackages= + systemd + systemd-boot + systemd-container + systemd-devel + systemd-journal-remote + systemd-networkd + systemd-networkd-defaults + systemd-oomd-defaults + systemd-pam + systemd-resolved + systemd-tests + systemd-udev + systemd-ukify + +Packages= + bind-utils + bpftool + compiler-rt + cryptsetup + device-mapper-event + device-mapper-multipath + dfuzzer + dhcp-server + dnf + git-core + glibc-langpack-de + glibc-langpack-en + gnutls + gnutls-utils + integritysetup + iproute + iproute-tc + iputils + iscsi-initiator-utils + kernel-core + libasan + libcap-ng-utils + libubsan + man-db + netcat + openssh-clients + openssh-server + pam + passwd + policycoreutils + polkit + procps-ng + python3-pexpect + quota + rpm + rpm-build + rpmautospec + sbsigntools + softhsm + squashfs-tools + stress + tpm2-tools + util-linux + veritysetup + vim-common + +InitrdPackages= + tpm2-tools + +InitrdVolatilePackages= + systemd + systemd-udev diff --git a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-debug.conf b/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-debug.conf new file mode 100644 index 0000000..0c3707b --- /dev/null +++ b/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-debug.conf @@ -0,0 +1,17 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Environment=WITH_DEBUG=1 + +[Content] +VolatilePackages= + systemd-container-debuginfo + systemd-debuginfo + systemd-debugsource + systemd-journal-remote-debuginfo + systemd-libs-debuginfo + systemd-networkd-debuginfo + systemd-pam-debuginfo + systemd-resolved-debuginfo + systemd-tests-debuginfo + systemd-udev-debuginfo diff --git a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-selinux.conf b/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-selinux.conf new file mode 100644 index 0000000..9fe5509 --- /dev/null +++ b/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-selinux.conf @@ -0,0 +1,20 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Profile=!particle + +[Content] +# libselinux does not work in the slightest with /usr-only images so don't install the packages if we're +# building a /usr-only image. +Packages= + selinux-policy + selinux-policy-targeted + setools-console + +# We relabel on first boot instead of at build time because it is only possible to label without root +# if the labels exist in the host system, and we want to be able to cross-build to other distributions. +SELinuxRelabel=no + +InitrdPackages= + selinux-policy + selinux-policy-targeted diff --git a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.prepare b/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.prepare new file mode 100755 index 0000000..1b86073 --- /dev/null +++ b/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.prepare @@ -0,0 +1,65 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +if [ "$1" = "build" ] || ((NO_BUILD)); then + exit 0 +fi + +# shellcheck source=/dev/null +. "$BUILDROOT/usr/lib/os-release" + +if [ ! -f "pkg/$ID/systemd.spec" ]; then + echo "spec not found at pkg/$ID/systemd.spec, run mkosi with -ff to make sure the spec is cloned" >&2 + exit 1 +fi + +for DEPS in --requires --buildrequires; do + mkosi-chroot \ + rpmspec \ + --with upstream \ + --query \ + "$DEPS" \ + --define "_topdir /var/tmp" \ + --define "_sourcedir pkg/$ID" \ + "pkg/$ID/systemd.spec" | + grep --invert-match --regexp systemd --regexp /bin/sh --regexp "rpmlib(" --regexp udev --regexp grubby --regexp sdubby | + sort --unique | + tee /tmp/buildrequires | + xargs --delimiter '\n' mkosi-install +done + +# rpmbuild -br tries to build a source package which means all source files have to exist which isn't the +# case when using --build-in-place so we get rid of the source file that doesn't exist to make it happy. +# TODO: Use -bd instead of -br and get rid of this once we don't need to build on CentOS Stream 9 anymore. +sed '/Source0/d' --in-place "pkg/$ID/systemd.spec" + +until mkosi-chroot \ + rpmbuild \ + -br \ + --build-in-place \ + --with upstream \ + --define "_topdir /var/tmp" \ + --define "_sourcedir pkg/$ID" \ + --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \ + "pkg/$ID/systemd.spec" +do + EXIT_STATUS=$? + if [ $EXIT_STATUS -ne 11 ]; then + exit $EXIT_STATUS + fi + + mkosi-chroot \ + rpm \ + --query \ + --package \ + --requires \ + /var/tmp/SRPMS/systemd-*.buildreqs.nosrc.rpm | + grep --invert-match '^rpmlib(' | + sort --unique >/tmp/dynamic-buildrequires + + sort /tmp/buildrequires /tmp/dynamic-buildrequires | + uniq --unique | + tee --append /tmp/buildrequires | + xargs --delimiter '\n' mkosi-install +done diff --git a/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.conf index 146e03a..25059c2 100644 --- a/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.conf +++ b/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.conf @@ -4,5 +4,14 @@ Distribution=centos [Content] +Environment= + # The kernel versions in CentOS Stream 9 doesn't support orphan_file, but later versions of + # mkfs.ext4 enabled it by default, so we disable it explicitly. + Environment=SYSTEMD_REPART_MKFS_OPTIONS_EXT4="-O ^orphan_file" + GIT_URL=https://git.centos.org/rpms/systemd.git + GIT_BRANCH=c9s-sig-hyperscale + GIT_COMMIT=8cf2aed0181920611421384f7374720db269d6c7 + Packages= - kernel-modules # For squashfs support + kernel-modules # For squashfs + rpmautospec-rpm-macros diff --git a/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.extra/usr/lib/repart.d/20-root.conf.d/xfs.conf b/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.extra/usr/lib/repart.d/20-root.conf.d/xfs.conf deleted file mode 100644 index 99b846d..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.extra/usr/lib/repart.d/20-root.conf.d/xfs.conf +++ /dev/null @@ -1,5 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -# CentOS does not support btrfs so we use xfs instead. -[Partition] -Format=xfs diff --git a/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.repart/10-usr.conf.d/squashfs.conf b/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.repart/10-usr.conf.d/squashfs.conf deleted file mode 100644 index 393d5f0..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.repart/10-usr.conf.d/squashfs.conf +++ /dev/null @@ -1,5 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -# CentOS does not support erofs so we use squashfs instead. -[Partition] -Format=squashfs diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-amd64.conf b/mkosi.images/system/mkosi.conf.d/10-debian-amd64.conf deleted file mode 100644 index d3c89f3..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-debian-amd64.conf +++ /dev/null @@ -1,10 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=debian -Architecture=x86-64 - -[Content] -Packages= - bpftool - linux-image-cloud-amd64 diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-arm64.conf b/mkosi.images/system/mkosi.conf.d/10-debian-arm64.conf deleted file mode 100644 index 76a6898..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-debian-arm64.conf +++ /dev/null @@ -1,10 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=debian -Architecture=arm64 - -[Content] -Packages= - bpftool - linux-image-cloud-arm64 diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu.conf b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu.conf deleted file mode 100644 index 588f833..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu.conf +++ /dev/null @@ -1,29 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=|debian -Distribution=|ubuntu - -[Content] -Packages= - apt - btrfs-progs - cryptsetup-bin - dbus-broker - default-dbus-session-bus - f2fs-tools - fdisk - iproute2 - isc-dhcp-server - libcap-ng-utils - netcat-openbsd - openssh-server - passwd - policykit-1 - procps - python3 - python3-pefile - python3-psutil - python3-pytest - quota - xxd diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.build.chroot b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.build.chroot new file mode 100755 index 0000000..7e4eab9 --- /dev/null +++ b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.build.chroot @@ -0,0 +1,142 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +if ((NO_BUILD)); then + exit 0 +fi + +# shellcheck source=/dev/null +. /usr/lib/os-release + +if [ ! -d "pkg/$ID/debian" ]; then + echo "deb rules not found at pkg/$ID/debian, run mkosi once with -ff to make sure the rules are cloned" >&2 + exit 1 +fi + +# We transplant the debian/ folder from the deb package sources into the upstream sources. +mount --mkdir --bind "$SRCDIR/pkg/$ID/debian" "$SRCDIR"/debian + +# We remove the patches so they don't get applied. +rm -rf "$SRCDIR"/debian/patches/* + +# While the build directory can be specified through DH_OPTIONS, the default one is hardcoded everywhere so +# we have to use that. Because it is architecture dependent, we query it using dpkg-architecture first. +DEB_HOST_GNU_TYPE="$(dpkg-architecture --query DEB_HOST_GNU_TYPE)" +mount --mkdir --bind "$BUILDDIR" "$SRCDIR/obj-$DEB_HOST_GNU_TYPE" + +if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then + TS="$(git show --no-patch --format=%ct HEAD)" +else + TS="${SOURCE_DATE_EPOCH:-$(date +%s)}" +fi + +# Add a new changelog entry to update the version. We use a fixed date since a dynamic one causes a full +# rebuild every time. +cat >debian/changelog.new < $(date --rfc-email --date "@$TS") + +EOF +cat debian/changelog >>debian/changelog.new +mv debian/changelog.new debian/changelog + +MKOSI_CFLAGS="-O0" +if ((LLVM)); then + # TODO: Remove -fno-sanitize-function when https://github.com/systemd/systemd/issues/29972 is fixed. + MKOSI_CFLAGS="$MKOSI_CFLAGS -shared-libasan -fno-sanitize=function" +fi + +MKOSI_LDFLAGS="" +if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then + MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(clang --print-file-name="")lib/linux" +fi + +MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}" +if ((WIPE)); then + MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe" +fi + +# TODO: Drop GENSYMBOLS_LEVEL once https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986746 is fixed. +build() { + env \ + CC="$( ((LLVM)) && echo clang || echo gcc)" \ + CXX="$( ((LLVM)) && echo clang++ || echo g++)" \ + CC_LD="$( ((LLVM)) && echo lld)" \ + CXX_LD="$( ((LLVM)) && echo lld)" \ + DEB_BUILD_OPTIONS="$(awk '$1=$1' <<<"\ + $( ((WITH_TESTS)) || echo nocheck) \ + $( ((WITH_DOCS)) || echo nodoc) \ + $( ((WITH_DEBUG)) && echo debug || echo nostrip) \ + $( ! ((MESON_VERBOSE)) && echo terse) \ + optimize=-lto \ + hardening=-fortify \ + ")" \ + DEB_BUILD_PROFILES="$(awk '$1=$1' <<<"\ + $( ((WITH_TESTS)) || echo nocheck) \ + $( ((WITH_DOCS)) || echo nodoc) \ + pkg.systemd.upstream \ + ")" \ + DEB_CFLAGS_APPEND="$MKOSI_CFLAGS $CFLAGS" \ + DEB_CXXFLAGS_APPEND="$MKOSI_CFLAGS $CFLAGS" \ + DEB_LDFLAGS_APPEND="$MKOSI_LDFLAGS $LDFLAGS" \ + DPKG_FORCE="unsafe-io" \ + DPKG_DEB_COMPRESSOR_TYPE="none" \ + DH_MISSING="--fail-missing" \ + CONFFLAGS_UPSTREAM="$MKOSI_MESON_OPTIONS $MESON_OPTIONS" \ + GENSYMBOLS_LEVEL="$( ((LLVM)) && echo 0 || echo 1)" \ + dpkg-buildpackage \ + --no-pre-clean \ + --unsigned-changes \ + --build=binary + + EXIT_STATUS=$? + + # Make sure we don't reconfigure twice. + MKOSI_MESON_OPTIONS="${MKOSI_MESON_OPTIONS//"--wipe"/}" + + return $EXIT_STATUS +} + +if ! build; then + # debhelper installs files for each package to debian/ so we figure out which files were + # packaged by querying all the package names from debian/control and running find on each of the + # corresponding package directory in debian/. + grep "Package:" debian/control | + sed "s/Package: //" | + xargs -d '\n' -I {} sh -c "[ -d debian/{} ] && (cd debian/{} && find . ! -type d ! -path "*dh-exec*" -printf '%P\n')" | + # Remove compression suffix from compressed manpages as the manpages in debian/tmp will be uncompressed. + sed --regexp-extended 's/([0-9])\.gz$/\1/' | + sort --unique >/tmp/packaged-files + + # We figure out the installed files by running find on debian/tmp/ which contains the files installed + # by meson install. + (cd debian/tmp/ && find . ! -type d ! -path "*dh-exec*" -printf '%P\n') >/tmp/installed-files + + if [ -f debian/not-installed ]; then + grep --invert-match "^#" debian/not-installed >>/tmp/installed-files + fi + + sort --unique --output /tmp/installed-files /tmp/installed-files + + # We get all the installed files that were not packaged by finding entries in the installed file that are + # not in the packaged file. + comm -23 /tmp/installed-files /tmp/packaged-files > /tmp/unpackaged-files + # If there are no unpackaged files something else went wrong. + if [ ! -s /tmp/unpackaged-files ]; then + exit 1 + fi + + # Otherwise, we append the unpackaged files to the filelist for the systemd package and retry the build. + cat /tmp/unpackaged-files >>debian/systemd.install + build +fi + +( + shopt -s nullglob + cp ../*.deb ../*.ddeb "$PACKAGEDIR" + cp ../*.deb ../*.ddeb "$OUTPUTDIR" +) diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf new file mode 100644 index 0000000..ae014fa --- /dev/null +++ b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf @@ -0,0 +1,93 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=|debian +Distribution=|ubuntu + +[Content] +Environment= + GIT_URL=https://salsa.debian.org/systemd-team/systemd.git + GIT_SUBDIR=debian + GIT_BRANCH=debian/master + GIT_COMMIT=596a70511736d78c1d8a5a27dca3989806cfa733 + +VolatilePackages= + libnss-myhostname + libnss-mymachines + libnss-resolve + libnss-systemd + libpam-systemd + libsystemd-dev + libudev-dev + systemd + systemd-boot + systemd-boot-efi + systemd-container + systemd-coredump + systemd-dev + systemd-homed + systemd-journal-remote + systemd-oomd + systemd-resolved + systemd-sysv + systemd-tests + systemd-timesyncd + systemd-ukify + systemd-userdbd + udev + +Packages= + ^libasan[0-9]+$ + ^libtss2-esys-[0-9.]+-0$ + ^libtss2-mu-[0-9.]+-0$ + ^libubsan[0-9]+$ + apt + bind9-dnsutils + btrfs-progs + cryptsetup-bin + dbus-broker + dbus-user-session + dmsetup + dpkg-dev + f2fs-tools + fdisk + git-core + gnutls-bin + iproute2 + iputils-ping + isc-dhcp-server + libcap-ng-utils + libclang-rt-dev + libtss2-rc0 + libtss2-tcti-device0 + locales + man-db + multipath-tools + netcat-openbsd + open-iscsi + openssh-client + openssh-server + passwd + policykit-1 + procps + psmisc + python3-pexpect + python3-psutil + quota + sbsigntool + softhsm2 + squashfs-tools + stress + tgt + tpm2-tools + tzdata + xxd + +InitrdPackages= + btrfs-progs + libclang-rt-dev + tpm2-tools + +InitrdVolatilePackages= + systemd + udev diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/10-debug.conf b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/10-debug.conf new file mode 100644 index 0000000..b53b3dc --- /dev/null +++ b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/10-debug.conf @@ -0,0 +1,27 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Environment=WITH_DEBUG=1 + +[Content] +VolatilePackages= + libnss-myhostname-dbgsym + libnss-mymachines-dbgsym + libnss-resolve-dbgsym + libnss-systemd-dbgsym + libpam-systemd-dbgsym + libsystemd-shared-dbgsym + libsystemd0-dbgsym + libudev1-dbgsym + systemd-boot-dbgsym + systemd-container-dbgsym + systemd-coredump-dbgsym + systemd-dbgsym + systemd-homed-dbgsym + systemd-journal-remote-dbgsym + systemd-oomd-dbgsym + systemd-resolved-dbgsym + systemd-tests-dbgsym + systemd-timesyncd-dbgsym + systemd-userdbd-dbgsym + udev-dbgsym diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf new file mode 100644 index 0000000..4fb4f46 --- /dev/null +++ b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf @@ -0,0 +1,7 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Environment=NO_BUILD=1 + +[Content] +WithNetwork=yes diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.postinst b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.postinst new file mode 100755 index 0000000..314f235 --- /dev/null +++ b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.postinst @@ -0,0 +1,29 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +# By default Suggests are not installed (and often Recommends are disabled too), which means we will miss +# the dlopen optional dependencies, but the tests need them, so parse them from the package metadata and +# install them. This is not an issue when building locally, as the build and runtime images are the same, +# so they would get installed as build dependencies anyway. + +if [ "$1" = "build" ] || ! ((NO_BUILD)); then + exit 0 +fi + +# Query the Recommends and Suggests of all systemd packages, by matching on the version +systemd_version="$(dpkg-query --showformat '${Version}' --show systemd)" +mapfile -t systemd_packages < <( dpkg --list | grep '^ii' | grep "$systemd_version" | awk '{print $2}' | tr '\n' ' ' ) +extra_packages=() +# shellcheck disable=SC2068 +for package in ${systemd_packages[@]}; do + # We are looking for dlopens, so filter for libraries + mapfile -t -O "${#extra_packages[@]}" extra_packages < <(dpkg-query --showformat '${Suggests}' --show "$package" | sed -e "s/, /\n/g" -e "s/|.*//" | grep "lib") + mapfile -t -O "${#extra_packages[@]}" extra_packages < <(dpkg-query --showformat '${Recommends}' --show "$package" | sed -e "s/, /\n/g" -e "s/|.*//" | grep "lib") +done + +if [ "${#extra_packages[@]}" -eq 0 ]; then + exit 0 +fi + +apt install "${extra_packages[@]}" diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.prepare b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.prepare new file mode 100755 index 0000000..645671a --- /dev/null +++ b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.prepare @@ -0,0 +1,18 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +if [ "$1" = "build" ] || ((NO_BUILD)); then + exit 0 +fi + +# shellcheck source=/dev/null +. "$BUILDROOT/usr/lib/os-release" + +if [ ! -d "pkg/$ID/debian" ]; then + echo "deb rules not found at pkg/$ID/debian, run mkosi once with -ff to make sure the rules are cloned" >&2 + exit 1 +fi + +cd "pkg/$ID" +DEB_BUILD_PROFILES="pkg.systemd.upstream" apt-get build-dep . diff --git a/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf new file mode 100644 index 0000000..c6b6155 --- /dev/null +++ b/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf @@ -0,0 +1,4 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=debian diff --git a/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf.d/arm64.conf b/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf.d/arm64.conf new file mode 100644 index 0000000..af923fa --- /dev/null +++ b/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf.d/arm64.conf @@ -0,0 +1,8 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Architecture=arm64 + +[Content] +Packages= + linux-image-cloud-arm64 diff --git a/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf.d/x86-64.conf b/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf.d/x86-64.conf new file mode 100644 index 0000000..615de52 --- /dev/null +++ b/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf.d/x86-64.conf @@ -0,0 +1,8 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Architecture=x86-64 + +[Content] +Packages= + linux-image-cloud-amd64 diff --git a/mkosi.images/system/mkosi.conf.d/10-fedora.conf b/mkosi.images/system/mkosi.conf.d/10-fedora.conf deleted file mode 100644 index 42d0093..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-fedora.conf +++ /dev/null @@ -1,10 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=fedora - -[Content] -Packages= - btrfs-progs - compsize - f2fs-tools diff --git a/mkosi.images/system/mkosi.conf.d/10-fedora/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-fedora/mkosi.conf new file mode 100644 index 0000000..689fe7d --- /dev/null +++ b/mkosi.images/system/mkosi.conf.d/10-fedora/mkosi.conf @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=fedora + +[Content] +Environment= + GIT_URL=https://src.fedoraproject.org/rpms/systemd.git + GIT_BRANCH=rawhide + GIT_COMMIT=1f94b56cee818068f57debfd78f035edd29f0e61 + +Packages= + btrfs-progs + compsize + dnf5 + f2fs-tools + scsi-target-utils + # Required for systemd-networkd-tests.py (netdevsim and sch_xxx modules) + kernel-modules-extra + kernel-modules-internal + +InitrdPackages= + btrfs-progs diff --git a/mkosi.images/system/mkosi.conf.d/10-opensuse.conf b/mkosi.images/system/mkosi.conf.d/10-opensuse.conf deleted file mode 100644 index 60a2b6d..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-opensuse.conf +++ /dev/null @@ -1,23 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=opensuse - -[Content] -Packages= - bpftool - btrfs-progs - cryptsetup - dbus-broker - f2fs-tools - glibc-locale-base - kernel-kvmsmall - libcap-ng-utils - openssh-server - python3 - python3-pefile - python3-psutil - python3-pytest - quota - shadow - vim diff --git a/mkosi.images/system/mkosi.conf.d/10-opensuse/initrd/mkosi.postinst b/mkosi.images/system/mkosi.conf.d/10-opensuse/initrd/mkosi.postinst new file mode 100755 index 0000000..417132f --- /dev/null +++ b/mkosi.images/system/mkosi.conf.d/10-opensuse/initrd/mkosi.postinst @@ -0,0 +1,7 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +# OpenSUSE insists on blacklisting erofs by default because its supposedly a legacy filesystem. +# See https://github.com/openSUSE/suse-module-tools/pull/71 +rm -f "$BUILDROOT/usr/lib/modprobe.d/60-blacklist_fs-erofs.conf" diff --git a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.build.chroot b/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.build.chroot new file mode 100755 index 0000000..3d6cc58 --- /dev/null +++ b/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.build.chroot @@ -0,0 +1,132 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +if ((NO_BUILD)); then + exit 0 +fi + +# shellcheck source=/dev/null +. /usr/lib/os-release +ID="${ID%-*}" + +if [ ! -f "pkg/$ID/systemd.spec" ]; then + echo "spec not found at pkg/$ID/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2 + exit 1 +fi + +if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then + TS="$(git show --no-patch --format=%ct HEAD)" +else + TS="${SOURCE_DATE_EPOCH:-$(date +%s)}" +fi + +# The openSUSE filelists hardcode the manpage compression extension. This causes rpmbuild errors since we +# disable manpage compression as the files cannot be found. Fix the issue by removing the compression +# extension. +find "pkg/$ID" -name "files.*" -exec sed --in-place 's/\.gz$//' {} \; + +if systemd-analyze compare-versions "$(rpm --version | cut -d ' ' -f3)" lt "4.20"; then + # Fix the %install override so debuginfo packages are generated. + tee --append /usr/lib/rpm/suse/macros <<'EOF' +%install %{debug_package}\ +%%install\ +%{nil} +EOF +fi + +VERSION="$(cat meson.version)" +RELEASE="$(date "+%Y%m%d%H%M%S" --date "@$TS")" + +DIST="$(rpm --eval %dist)" +ARCH="$(rpm --eval %_arch)" +SRCDEST="/usr/src/debug/systemd-$VERSION-${RELEASE}${DIST}.$ARCH" + +MKOSI_CFLAGS="-O0 -Wp,-U_FORTIFY_SOURCE" +if ((WITH_DEBUG)); then + MKOSI_CFLAGS="$MKOSI_CFLAGS -fdebug-prefix-map=../src=$SRCDEST" +fi +if ((LLVM)); then + # TODO: Remove -fno-sanitize-function when https://github.com/systemd/systemd/issues/29972 is fixed. + MKOSI_CFLAGS="$MKOSI_CFLAGS -shared-libasan -fno-sanitize=function" +fi + +MKOSI_LDFLAGS="$(rpm --eval "%{?build_ldflags}")" +if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then + MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(clang --print-file-name="")lib/linux" +fi + +# A macro can't have an empty body and currently opensuse does not specify any of its own linker flags so +# set LDFLAGS to %{nil} if there are no linker flags. +if [[ -z "${MKOSI_LDFLAGS// }" ]]; then + MKOSI_LDFLAGS="%{nil}" +fi + +MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}" +if ((WIPE)); then + MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe" +fi + +build() { + IFS= + # shellcheck disable=SC2046 + env \ + --unset CFLAGS \ + --unset CXXFLAGS \ + --unset LDFLAGS \ + CC="$( ((LLVM)) && echo clang || echo gcc)" \ + CXX="$( ((LLVM)) && echo clang++ || echo g++)" \ + CC_LD="$( ((LLVM)) && echo lld)" \ + CXX_LD="$( ((LLVM)) && echo lld)" \ + rpmbuild \ + -bb \ + --build-in-place \ + --with upstream \ + $( ((WITH_TESTS)) || echo "--nocheck") \ + --define "_topdir /var/tmp" \ + --define "_sourcedir pkg/$ID" \ + --define "_rpmdir $OUTPUTDIR" \ + ${BUILDDIR:+"--define=_vpath_builddir $BUILDDIR"} \ + --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \ + --define "_binary_payload w.ufdio" \ + $( ((WITH_DEBUG)) || echo "--define=debug_package %{nil}") \ + --define "vendor openSUSE" \ + --define "version_override $VERSION" \ + --define "release_override $RELEASE" \ + --define "__check_files sh -c '$(rpm --define "_topdir /var/tmp" --eval %__check_files) | tee /tmp/unpackaged-files'" \ + --define "build_cflags $(rpm --eval "%{?build_cflags}") $MKOSI_CFLAGS $CFLAGS" \ + --define "build_cxxflags $(rpm --eval "%{?build_cxxflags}") $MKOSI_CFLAGS $CFLAGS" \ + --define "build_ldflags $MKOSI_LDFLAGS $LDFLAGS" \ + $( ((MESON_VERBOSE)) || echo "--undefine=__meson_verbose") \ + --define "meson_extra_configure_options $MKOSI_MESON_OPTIONS $MESON_OPTIONS" \ + --define "__os_install_post /usr/lib/rpm/brp-suse %{nil}" \ + --define "__elf_exclude_path ^/usr/lib/systemd/tests/unit-tests/.*$" \ + --define "__script_requires %{nil}" \ + --define "_find_debuginfo_dwz_opts %{nil}" \ + --define "_fixperms true" \ + --noclean \ + "$@" \ + "pkg/$ID/systemd.spec" + + EXIT_STATUS=$? + + # Make sure we don't reconfigure twice. + MKOSI_MESON_OPTIONS="${MKOSI_MESON_OPTIONS//"--wipe"/}" + + return $EXIT_STATUS +} + +if ! build; then + if [ ! -s /tmp/unpackaged-files ]; then + exit 1 + fi + + # rpm will append to any existing systemd.lang so delete it explicitly so we don't get duplicate file + # warnings. + rm systemd.lang + + grep -v ".debug" /tmp/unpackaged-files >>"pkg/$ID/files.systemd" + build --noprep --nocheck +fi + +cp "$OUTPUTDIR"/*.rpm "$PACKAGEDIR" diff --git a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf new file mode 100644 index 0000000..38ae052 --- /dev/null +++ b/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf @@ -0,0 +1,100 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=opensuse + +[Config] +InitrdInclude=initrd/ + +[Content] +Environment= + GIT_URL=https://src.opensuse.org/rpm/systemd + GIT_BRANCH=factory + GIT_COMMIT=973534fe1a0a5746ead5bbb6dff8b9ccb9e010982997ed56eba8e44a41c5895d + +VolatilePackages= + systemd + systemd-boot + systemd-container + systemd-devel + systemd-doc + systemd-experimental + systemd-homed + systemd-lang + systemd-network + systemd-portable + systemd-sysvcompat + systemd-testsuite + udev + +# We install gawk, gzip, grep, xz, sed, rsync and docbook-xsl-stylesheets here explicitly so that the busybox +# versions don't get installed instead. +Packages= + bind-utils + bpftool + btrfs-progs + cryptsetup + device-mapper + dhcp-server + docbook-xsl-stylesheets + f2fs-tools + gawk + gcc-c++ + git-core + glibc-locale-base + gnutls + grep + group(bin) + group(daemon) + group(games) + group(nobody) + group(root) + gzip + iputils + kernel-default + kmod + libasan8 + libkmod2 + libubsan1 + multipath-tools + open-iscsi + openssh-clients + openssh-server + pam + patterns-base-minimal_base + procps4 + psmisc + python3-pefile + python3-pexpect + python3-psutil + quota + rpm-build + rsync + sbsigntools + sed + shadow + softhsm + squashfs + tgt + timezone + tpm2.0-tools + user(bin) + user(daemon) + user(games) + user(nobody) + user(root) + veritysetup + vim + xz + +InitrdPackages= + btrfs-progs + clang + kmod + libkmod2 + tpm2.0-tools + +InitrdVolatilePackages= + systemd + udev + systemd-experimental diff --git a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf.d/10-debug.conf b/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf.d/10-debug.conf new file mode 100644 index 0000000..2262eae --- /dev/null +++ b/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf.d/10-debug.conf @@ -0,0 +1,22 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Environment=WITH_DEBUG=1 + +[Content] +VolatilePackages= + libsystemd0-debuginfo + libudev1-debuginfo + systemd-boot-debuginfo + systemd-container-debuginfo + systemd-coredump-debuginfo + systemd-debuginfo + systemd-debugsource + systemd-experimental-debuginfo + systemd-homed-debuginfo + systemd-journal-remote-debuginfo + systemd-network-debuginfo + systemd-portable-debuginfo + systemd-sysvcompat-debuginfo + systemd-testsuite-debuginfo + udev-debuginfo diff --git a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.prepare b/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.prepare new file mode 100755 index 0000000..282a360 --- /dev/null +++ b/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.prepare @@ -0,0 +1,61 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +if [ "$1" = "build" ] || ((NO_BUILD)); then + exit 0 +fi + +# shellcheck source=/dev/null +. "$BUILDROOT/usr/lib/os-release" +ID="${ID%-*}" + +if [ ! -f "pkg/$ID/systemd.spec" ]; then + echo "spec not found at pkg/$ID/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2 + exit 1 +fi + +for DEPS in --requires --buildrequires; do + mkosi-chroot \ + rpmspec \ + --with upstream \ + --query \ + "$DEPS" \ + --define "_topdir /var/tmp" \ + --define "_sourcedir pkg/$ID" \ + "pkg/$ID/systemd.spec" | + grep --invert-match --regexp systemd --regexp /bin/sh --regexp "rpmlib(" --regexp udev | + sort --unique | + tee /tmp/buildrequires | + xargs --delimiter '\n' mkosi-install +done + +until mkosi-chroot \ + rpmbuild \ + -bd \ + --build-in-place \ + --with upstream \ + --define "_topdir /var/tmp" \ + --define "_sourcedir pkg/$ID" \ + --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \ + "pkg/$ID/systemd.spec" +do + EXIT_STATUS=$? + if [ $EXIT_STATUS -ne 11 ]; then + exit $EXIT_STATUS + fi + + mkosi-chroot \ + rpm \ + --query \ + --package \ + --requires \ + /var/tmp/SRPMS/systemd-*.buildreqs.nosrc.rpm | + grep --invert-match '^rpmlib(' | + sort --unique >/tmp/dynamic-buildrequires + + sort /tmp/buildrequires /tmp/dynamic-buildrequires | + uniq --unique | + tee --append /tmp/buildrequires | + xargs --delimiter '\n' mkosi-install +done diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu.conf b/mkosi.images/system/mkosi.conf.d/10-ubuntu.conf deleted file mode 100644 index f58ee7e..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-ubuntu.conf +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=ubuntu - -[Content] -Packages= - # We would like to use linux-image-kvm but it does not have support for SMBIOS credentials. - linux-image-generic - linux-tools-common - linux-tools-generic diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf new file mode 100644 index 0000000..25957b1 --- /dev/null +++ b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=ubuntu + +[Distribution] +PackageManagerTrees=noble-backports.sources:/etc/apt/sources.list.d/noble-backports.sources + +[Content] +Packages= + linux-image-generic + linux-tools-common + linux-tools-virtual diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports.sources b/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports.sources new file mode 100644 index 0000000..d10c1e8 --- /dev/null +++ b/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports.sources @@ -0,0 +1,6 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +Types: deb +URIs: http://archive.ubuntu.com/ubuntu +Suites: noble-backports +Components: main universe +Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg diff --git a/mkosi.images/system/mkosi.conf.d/20-images.conf b/mkosi.images/system/mkosi.conf.d/20-images.conf new file mode 100644 index 0000000..8641984 --- /dev/null +++ b/mkosi.images/system/mkosi.conf.d/20-images.conf @@ -0,0 +1,22 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Format=!none + +[Config] +Dependencies= + exitrd + minimal-base + minimal-0 + minimal-1 + +[Content] +ExtraTrees= + %O/minimal-0.root-%a.raw:/usr/share/minimal_0.raw + %O/minimal-0.root-%a-verity.raw:/usr/share/minimal_0.verity + %O/minimal-0.root-%a-verity-sig.raw:/usr/share/minimal_0.verity.sig + %O/minimal-1.root-%a.raw:/usr/share/minimal_1.raw + %O/minimal-1.root-%a-verity.raw:/usr/share/minimal_1.verity + %O/minimal-1.root-%a-verity-sig.raw:/usr/share/minimal_1.verity.sig + %O/minimal-base:/usr/share/TEST-13-NSPAWN-container-template + %O/exitrd:/exitrd diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.conf new file mode 100644 index 0000000..8c1920b --- /dev/null +++ b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.conf @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Profile=particle + +[Output] +RepartDirectories= +RepartDirectories=mkosi.repart + +[Validation] +@SecureBoot=yes +@SignExpectedPcr=yes + +[Host] +@RuntimeSize=8G diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/15-swap.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/15-swap.conf new file mode 100644 index 0000000..3755278 --- /dev/null +++ b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/15-swap.conf @@ -0,0 +1,6 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Partition] +Type=swap +SizeMinBytes=100M +SizeMaxBytes=100M diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/20-root.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/20-root.conf new file mode 100644 index 0000000..2f92af2 --- /dev/null +++ b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/20-root.conf @@ -0,0 +1,6 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Partition] +Type=root +Format=btrfs +SizeMinBytes=1G diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf new file mode 100644 index 0000000..dac79ba --- /dev/null +++ b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf @@ -0,0 +1,3 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +C+! /etc - - - - /usr/share/factory/mkosi diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.finalize b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.finalize new file mode 100755 index 0000000..69f9554 --- /dev/null +++ b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.finalize @@ -0,0 +1,6 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +mkdir -p "$BUILDROOT"/usr/share/factory/mkosi +cp --archive --recursive --no-target-directory --reflink=auto "$BUILDROOT"/etc "$BUILDROOT"/usr/share/factory/mkosi diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.postinst.chroot b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.postinst.chroot new file mode 100755 index 0000000..95e0552 --- /dev/null +++ b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.postinst.chroot @@ -0,0 +1,12 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +# sbsign is not available on CentOS Stream +if command -v sbsign &>/dev/null; then + # Ensure that side-loaded PE addons are loaded if signed, and ignored if not + addons_dir=/efi/loader/addons + mkdir -p "$addons_dir" + ukify build --secureboot-private-key mkosi.key --secureboot-certificate mkosi.crt --cmdline this_should_be_here -o "$addons_dir/good.addon.efi" + ukify build --cmdline this_should_not_be_here -o "$addons_dir/bad.addon.efi" +fi diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/00-esp.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/00-esp.conf new file mode 100644 index 0000000..391543d --- /dev/null +++ b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/00-esp.conf @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Partition] +Type=esp +Format=vfat +CopyFiles=/boot:/ +CopyFiles=/efi:/ +SizeMinBytes=1G +SizeMaxBytes=1G diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/10-usr.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/10-usr.conf new file mode 100644 index 0000000..343761d --- /dev/null +++ b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/10-usr.conf @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Partition] +Type=usr +Format=erofs +CopyFiles=/usr:/ +Verity=data +VerityMatchKey=usr +Minimize=yes diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/11-usr-verity.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/11-usr-verity.conf new file mode 100644 index 0000000..b4d45dd --- /dev/null +++ b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/11-usr-verity.conf @@ -0,0 +1,7 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Partition] +Type=usr-verity +Verity=hash +VerityMatchKey=usr +Minimize=yes diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/12-usr-verity-sig.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/12-usr-verity-sig.conf new file mode 100644 index 0000000..1841d0a --- /dev/null +++ b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/12-usr-verity-sig.conf @@ -0,0 +1,6 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Partition] +Type=usr-verity-sig +Verity=signature +VerityMatchKey=usr -- cgit v1.2.3