From ca5ecaae7a8f75e18ba85b29839752da76e3b7b9 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Mon, 16 Sep 2024 20:20:44 +0200 Subject: Merging upstream version 256.4. Signed-off-by: Daniel Baumann --- mkosi.images/build/mkosi.conf | 10 ++ .../build/mkosi.conf.d/arch/mkosi.build.chroot | 95 ++++++++++++ mkosi.images/build/mkosi.conf.d/arch/mkosi.conf | 18 +++ mkosi.images/build/mkosi.conf.d/arch/mkosi.prepare | 18 +++ .../mkosi.conf.d/centos-fedora/mkosi.build.chroot | 116 ++++++++++++++ .../build/mkosi.conf.d/centos-fedora/mkosi.conf | 19 +++ .../build/mkosi.conf.d/centos-fedora/mkosi.prepare | 60 +++++++ mkosi.images/build/mkosi.conf.d/centos/mkosi.conf | 9 ++ .../centos/mkosi.conf.d/epel-packages.conf | 9 ++ .../mkosi.conf.d/debian-ubuntu/mkosi.build.chroot | 140 +++++++++++++++++ .../build/mkosi.conf.d/debian-ubuntu/mkosi.conf | 20 +++ .../build/mkosi.conf.d/debian-ubuntu/mkosi.prepare | 15 ++ mkosi.images/build/mkosi.conf.d/fedora/mkosi.conf | 9 ++ .../build/mkosi.conf.d/opensuse/mkosi.build.chroot | 134 ++++++++++++++++ .../build/mkosi.conf.d/opensuse/mkosi.conf | 18 +++ .../build/mkosi.conf.d/opensuse/mkosi.prepare | 58 +++++++ mkosi.images/build/mkosi.sync | 51 ++++++ mkosi.images/exitrd/mkosi.conf | 13 +- mkosi.images/exitrd/mkosi.conf.d/10-arch.conf | 3 +- .../exitrd/mkosi.conf.d/10-centos-fedora.conf | 2 +- mkosi.images/exitrd/mkosi.conf.d/10-debian.conf | 2 +- mkosi.images/exitrd/mkosi.conf.d/10-opensuse.conf | 5 + mkosi.images/exitrd/mkosi.conf.d/10-ubuntu.conf | 5 +- mkosi.images/exitrd/mkosi.conf.d/20-build.conf | 9 ++ mkosi.images/initrd/mkosi.conf | 16 ++ mkosi.images/initrd/mkosi.conf.d/arch.conf | 14 ++ mkosi.images/initrd/mkosi.conf.d/build.conf | 9 ++ .../initrd/mkosi.conf.d/centos-fedora.conf | 14 ++ .../initrd/mkosi.conf.d/debian-ubuntu.conf | 19 +++ mkosi.images/initrd/mkosi.conf.d/fedora.conf | 8 + mkosi.images/initrd/mkosi.conf.d/opensuse.conf | 17 ++ .../usr/lib/encrypted-var.repart.d/00-root.conf | 15 ++ .../usr/lib/systemd/system/encrypted-var.service | 20 +++ .../lib/systemd/system/initrd-run-mount.service | 11 ++ .../usr/lib/systemd/system/initrdcred.service | 9 ++ mkosi.images/minimal-0/mkosi.conf | 12 -- mkosi.images/minimal-1/mkosi.conf | 12 -- mkosi.images/minimal-base/mkosi.conf | 13 +- .../minimal-base/mkosi.conf.d/10-arch.conf | 5 +- .../mkosi.conf.d/10-centos-fedora.conf | 5 +- .../mkosi.conf.d/10-debian-ubuntu-opensuse.conf | 12 -- .../mkosi.conf.d/10-debian-ubuntu.conf | 16 ++ .../minimal-base/mkosi.conf.d/10-opensuse.conf | 6 +- .../minimal-base/mkosi.conf.d/20-build.conf | 9 ++ mkosi.images/system/coredump-journal-storage.conf | 4 - mkosi.images/system/initrd/mkosi.conf | 7 - .../usr/lib/encrypted-var.repart.d/00-root.conf | 15 -- .../usr/lib/systemd/system/encrypted-var.service | 20 --- .../lib/systemd/system/initrd-run-mount.service | 11 -- .../usr/lib/systemd/system/initrdcred.service | 9 -- mkosi.images/system/leak-sanitizer-suppressions | 1 - mkosi.images/system/mkosi.clean | 5 - mkosi.images/system/mkosi.conf | 78 ---------- .../system/mkosi.conf.d/10-arch/mkosi.build.chroot | 99 ------------ .../system/mkosi.conf.d/10-arch/mkosi.conf | 70 --------- .../10-arch/mkosi.conf.d/10-debug.conf | 7 - .../system/mkosi.conf.d/10-arch/mkosi.prepare | 29 ---- .../10-centos-fedora/mkosi.build.chroot | 122 --------------- .../mkosi.conf.d/10-centos-fedora/mkosi.conf | 76 --------- .../10-centos-fedora/mkosi.conf.d/10-debug.conf | 17 -- .../10-centos-fedora/mkosi.conf.d/10-selinux.conf | 20 --- .../mkosi.conf.d/10-centos-fedora/mkosi.prepare | 65 -------- .../system/mkosi.conf.d/10-centos/mkosi.conf | 17 -- .../10-debian-ubuntu/mkosi.build.chroot | 147 ------------------ .../mkosi.conf.d/10-debian-ubuntu/mkosi.conf | 92 ----------- .../10-debian-ubuntu/mkosi.conf.d/10-debug.conf | 29 ---- .../10-debian-ubuntu/mkosi.conf.d/efi.conf | 16 -- .../10-debian-ubuntu/mkosi.conf.d/network.conf | 7 - .../mkosi.conf.d/10-debian-ubuntu/mkosi.postinst | 29 ---- .../mkosi.conf.d/10-debian-ubuntu/mkosi.prepare | 18 --- .../system/mkosi.conf.d/10-debian/mkosi.conf | 8 - .../mkosi.conf.d/10-debian/mkosi.conf.d/arm64.conf | 8 - .../10-debian/mkosi.conf.d/x86-64.conf | 8 - .../system/mkosi.conf.d/10-fedora/mkosi.conf | 19 --- .../mkosi.conf.d/10-opensuse/initrd/mkosi.postinst | 7 - .../mkosi.conf.d/10-opensuse/mkosi.build.chroot | 141 ----------------- .../system/mkosi.conf.d/10-opensuse/mkosi.conf | 100 ------------ .../10-opensuse/mkosi.conf.d/10-debug.conf | 21 --- .../system/mkosi.conf.d/10-opensuse/mkosi.prepare | 64 -------- .../system/mkosi.conf.d/10-ubuntu/mkosi.conf | 10 -- .../10-ubuntu/mkosi.conf.d/non-x86.conf | 10 -- .../mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf | 10 -- .../10-ubuntu/noble-backports-ports.sources | 6 - .../mkosi.conf.d/10-ubuntu/noble-backports.sources | 6 - mkosi.images/system/mkosi.conf.d/20-images.conf | 22 --- .../system/mkosi.conf.d/20-particle/mkosi.conf | 15 -- .../mkosi.extra/usr/lib/repart.d/15-swap.conf | 6 - .../mkosi.extra/usr/lib/repart.d/20-root.conf | 6 - .../mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf | 3 - .../system/mkosi.conf.d/20-particle/mkosi.finalize | 6 - .../mkosi.conf.d/20-particle/mkosi.postinst.chroot | 12 -- .../20-particle/mkosi.repart/00-esp.conf | 9 -- .../20-particle/mkosi.repart/10-usr.conf | 9 -- .../20-particle/mkosi.repart/11-usr-verity.conf | 7 - .../mkosi.repart/12-usr-verity-sig.conf | 6 - mkosi.images/system/mkosi.extra/.autorelabel | 1 - .../system/mkosi.extra/etc/iscsi/iscsid.conf | 3 - mkosi.images/system/mkosi.extra/etc/issue | 2 - .../lib/sysctl.d/99-apparmor-unpriv-userns.conf | 4 - .../usr/lib/systemd/journald.conf.d/ratelimit.conf | 5 - .../usr/lib/systemd/system-preset/00-mkosi.preset | 41 ----- .../usr/lib/systemd/system-preset/99-mkosi.preset | 4 - .../systemd/system/iscsi-init.service.d/asan.conf | 7 - .../user@.service.d/99-SYSTEMD_UNIT_PATH.conf | 4 - .../mkosi.extra/usr/lib/tmpfiles.d/locale.conf | 1 - .../dbus-1/system.d/systemd.test.ExecStopPost.conf | 13 -- mkosi.images/system/mkosi.postinst.chroot | 172 --------------------- mkosi.images/system/mkosi.repart/00-esp.conf | 9 -- mkosi.images/system/mkosi.repart/10-root.conf | 8 - mkosi.images/system/mkosi.sanitizers.chroot | 127 --------------- mkosi.images/system/mkosi.sync | 48 ------ 111 files changed, 1019 insertions(+), 2039 deletions(-) create mode 100644 mkosi.images/build/mkosi.conf create mode 100755 mkosi.images/build/mkosi.conf.d/arch/mkosi.build.chroot create mode 100644 mkosi.images/build/mkosi.conf.d/arch/mkosi.conf create mode 100755 mkosi.images/build/mkosi.conf.d/arch/mkosi.prepare create mode 100755 mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.build.chroot create mode 100644 mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.conf create mode 100755 mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.prepare create mode 100644 mkosi.images/build/mkosi.conf.d/centos/mkosi.conf create mode 100644 mkosi.images/build/mkosi.conf.d/centos/mkosi.conf.d/epel-packages.conf create mode 100755 mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot create mode 100644 mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf create mode 100755 mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.prepare create mode 100644 mkosi.images/build/mkosi.conf.d/fedora/mkosi.conf create mode 100755 mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot create mode 100644 mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf create mode 100755 mkosi.images/build/mkosi.conf.d/opensuse/mkosi.prepare create mode 100755 mkosi.images/build/mkosi.sync create mode 100644 mkosi.images/exitrd/mkosi.conf.d/20-build.conf create mode 100644 mkosi.images/initrd/mkosi.conf create mode 100644 mkosi.images/initrd/mkosi.conf.d/arch.conf create mode 100644 mkosi.images/initrd/mkosi.conf.d/build.conf create mode 100644 mkosi.images/initrd/mkosi.conf.d/centos-fedora.conf create mode 100644 mkosi.images/initrd/mkosi.conf.d/debian-ubuntu.conf create mode 100644 mkosi.images/initrd/mkosi.conf.d/fedora.conf create mode 100644 mkosi.images/initrd/mkosi.conf.d/opensuse.conf create mode 100644 mkosi.images/initrd/mkosi.extra/usr/lib/encrypted-var.repart.d/00-root.conf create mode 100644 mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/encrypted-var.service create mode 100644 mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/initrd-run-mount.service create mode 100644 mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/initrdcred.service delete mode 100644 mkosi.images/minimal-base/mkosi.conf.d/10-debian-ubuntu-opensuse.conf create mode 100644 mkosi.images/minimal-base/mkosi.conf.d/10-debian-ubuntu.conf create mode 100644 mkosi.images/minimal-base/mkosi.conf.d/20-build.conf delete mode 100644 mkosi.images/system/coredump-journal-storage.conf delete mode 100644 mkosi.images/system/initrd/mkosi.conf delete mode 100644 mkosi.images/system/initrd/mkosi.extra/usr/lib/encrypted-var.repart.d/00-root.conf delete mode 100644 mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/encrypted-var.service delete mode 100644 mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/initrd-run-mount.service delete mode 100644 mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/initrdcred.service delete mode 100644 mkosi.images/system/leak-sanitizer-suppressions delete mode 100755 mkosi.images/system/mkosi.clean delete mode 100644 mkosi.images/system/mkosi.conf delete mode 100755 mkosi.images/system/mkosi.conf.d/10-arch/mkosi.build.chroot delete mode 100644 mkosi.images/system/mkosi.conf.d/10-arch/mkosi.conf delete mode 100644 mkosi.images/system/mkosi.conf.d/10-arch/mkosi.conf.d/10-debug.conf delete mode 100755 mkosi.images/system/mkosi.conf.d/10-arch/mkosi.prepare delete mode 100755 mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.build.chroot delete mode 100644 mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf delete mode 100644 mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-debug.conf delete mode 100644 mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-selinux.conf delete mode 100755 mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.prepare delete mode 100644 mkosi.images/system/mkosi.conf.d/10-centos/mkosi.conf delete mode 100755 mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.build.chroot delete mode 100644 mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf delete mode 100644 mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/10-debug.conf delete mode 100644 mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf delete mode 100644 mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf delete mode 100755 mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.postinst delete mode 100755 mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.prepare delete mode 100644 mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf delete mode 100644 mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf.d/arm64.conf delete mode 100644 mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf.d/x86-64.conf delete mode 100644 mkosi.images/system/mkosi.conf.d/10-fedora/mkosi.conf delete mode 100755 mkosi.images/system/mkosi.conf.d/10-opensuse/initrd/mkosi.postinst delete mode 100755 mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.build.chroot delete mode 100644 mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf delete mode 100644 mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf.d/10-debug.conf delete mode 100755 mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.prepare delete mode 100644 mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf delete mode 100644 mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf delete mode 100644 mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf delete mode 100644 mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports-ports.sources delete mode 100644 mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports.sources delete mode 100644 mkosi.images/system/mkosi.conf.d/20-images.conf delete mode 100644 mkosi.images/system/mkosi.conf.d/20-particle/mkosi.conf delete mode 100644 mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/15-swap.conf delete mode 100644 mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/20-root.conf delete mode 100644 mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf delete mode 100755 mkosi.images/system/mkosi.conf.d/20-particle/mkosi.finalize delete mode 100755 mkosi.images/system/mkosi.conf.d/20-particle/mkosi.postinst.chroot delete mode 100644 mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/00-esp.conf delete mode 100644 mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/10-usr.conf delete mode 100644 mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/11-usr-verity.conf delete mode 100644 mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/12-usr-verity-sig.conf delete mode 100644 mkosi.images/system/mkosi.extra/.autorelabel delete mode 100644 mkosi.images/system/mkosi.extra/etc/iscsi/iscsid.conf delete mode 100644 mkosi.images/system/mkosi.extra/etc/issue delete mode 100644 mkosi.images/system/mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf delete mode 100644 mkosi.images/system/mkosi.extra/usr/lib/systemd/journald.conf.d/ratelimit.conf delete mode 100644 mkosi.images/system/mkosi.extra/usr/lib/systemd/system-preset/00-mkosi.preset delete mode 100644 mkosi.images/system/mkosi.extra/usr/lib/systemd/system-preset/99-mkosi.preset delete mode 100644 mkosi.images/system/mkosi.extra/usr/lib/systemd/system/iscsi-init.service.d/asan.conf delete mode 100644 mkosi.images/system/mkosi.extra/usr/lib/systemd/system/user@.service.d/99-SYSTEMD_UNIT_PATH.conf delete mode 100644 mkosi.images/system/mkosi.extra/usr/lib/tmpfiles.d/locale.conf delete mode 100644 mkosi.images/system/mkosi.extra/usr/share/dbus-1/system.d/systemd.test.ExecStopPost.conf delete mode 100755 mkosi.images/system/mkosi.postinst.chroot delete mode 100644 mkosi.images/system/mkosi.repart/00-esp.conf delete mode 100644 mkosi.images/system/mkosi.repart/10-root.conf delete mode 100755 mkosi.images/system/mkosi.sanitizers.chroot delete mode 100755 mkosi.images/system/mkosi.sync (limited to 'mkosi.images') diff --git a/mkosi.images/build/mkosi.conf b/mkosi.images/build/mkosi.conf new file mode 100644 index 0000000..8a67c76 --- /dev/null +++ b/mkosi.images/build/mkosi.conf @@ -0,0 +1,10 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Content] +Packages= + clang + lld + llvm + +[Output] +Format=none diff --git a/mkosi.images/build/mkosi.conf.d/arch/mkosi.build.chroot b/mkosi.images/build/mkosi.conf.d/arch/mkosi.build.chroot new file mode 100755 index 0000000..3ffde85 --- /dev/null +++ b/mkosi.images/build/mkosi.conf.d/arch/mkosi.build.chroot @@ -0,0 +1,95 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +if [[ ! -f "pkg/$PKG_SUBDIR/PKGBUILD" ]]; then + echo "PKGBUILD not found at pkg/$PKG_SUBDIR/PKGBUILD, run mkosi once with -ff to make sure the PKGBUILD is cloned" >&2 + exit 1 +fi + +# We can't configure the source or build directory so we use symlinks instead to make sure they are in the +# expected locations. Because we run with --noextract we are responsible for making sure the source files +# appear in src/. This means not only the systemd source directory, but also the patches and configuration +# files that are shipped in the packaging repository. To achieve this, instead of symlinking the systemd +# sources and build directory directly into "pkg/$PKG_SUBDIR/src", we symlink them into "pkg/$PKG_SUBDIR" and +# then symlink "pkg/$PKG_SUBDIR" to "pkg/$PKG_SUBDIR/src". +ln --symbolic "$SRCDIR" "pkg/$PKG_SUBDIR/systemd" +ln --symbolic "$BUILDDIR" "pkg/$PKG_SUBDIR/build" +ln --symbolic . "pkg/$PKG_SUBDIR/src" + +MKOSI_CFLAGS="-O0 -Wp,-U_FORTIFY_SOURCE" +if ((LLVM)); then + # TODO: Remove -fno-sanitize-function when https://github.com/systemd/systemd/issues/29972 is fixed. + MKOSI_CFLAGS="$MKOSI_CFLAGS -shared-libasan -fno-sanitize=function" +fi + +MKOSI_LDFLAGS="" +if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then + MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(realpath "$(clang --print-runtime-dir)")" +fi + +MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}" +if ((WIPE)) && [[ -d "$BUILDDIR/meson-private" ]]; then + MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe" +fi + +# Override the default options. We specifically disable "strip", "zipman" and "lto" as they slow down builds +# significantly. OPTIONS= cannot be overridden on the makepkg command line so we append to /etc/makepkg.conf +# instead. The rootfs is overlaid with a writable tmpfs during the build script so these changes don't end up +# in the image itself. +tee --append /etc/makepkg.conf >/dev/null <&2 + exit 1 +fi + +# shellcheck source=/dev/null +_systemd_UPSTREAM=1 . "pkg/$PKG_SUBDIR/PKGBUILD" + +# shellcheck disable=SC2154 +mkosi-install "${makedepends[@]}" diff --git a/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.build.chroot b/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.build.chroot new file mode 100755 index 0000000..466699c --- /dev/null +++ b/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.build.chroot @@ -0,0 +1,116 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +. mkosi.functions + +if [[ ! -f "pkg/$PKG_SUBDIR/systemd.spec" ]]; then + echo "spec not found at pkg/$PKG_SUBDIR/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2 + exit 1 +fi + +if [[ -d .git/ ]] && [[ -z "$(git status --porcelain)" ]]; then + TS="$(git show --no-patch --format=%ct HEAD)" +else + TS="${SOURCE_DATE_EPOCH:-$(date +%s)}" +fi + +if [[ "$(rpm --eval "%{lua:print(rpm.vercmp('$(rpm --version | cut -d ' ' -f3)', '4.19.91'))}")" == "-1" ]]; then + # Fix the %install override so debuginfo packages are generated even when --build-in-place is used. + # See https://github.com/rpm-software-management/rpm/issues/3042. + tee --append /usr/lib/rpm/redhat/macros <<'EOF' +%install %{?_enable_debug_packages:%{debug_package}}\ +%%install\ +%{nil} +EOF +fi + +VERSION="$(cat meson.version)" +RELEASE="$(date "+%Y%m%d%H%M%S" --date "@$TS")" + +COMMON_MACRO_OVERRIDES=( + --define "toolchain $( ((LLVM)) && echo clang || echo gcc)" + --define "_fortify_level 0" + --undefine _lto_cflags + # TODO: Remove once redhat-rpm-config 292 is available everywhere. + --define "_hardening_clang_cflags --config=/usr/lib/rpm/redhat/redhat-hardened-clang.cfg" + --define "_hardening_clang_ldflags --config=/usr/lib/rpm/redhat/redhat-hardened-clang-ld.cfg" +) + +# TODO: Drop -U_FORTIFY_SOURCE when we switch to CentOS Stream 10. +MKOSI_CFLAGS="-O0 -Wp,-U_FORTIFY_SOURCE" +if ((WITH_DEBUG)); then + MKOSI_CFLAGS="$MKOSI_CFLAGS -fdebug-prefix-map=../src=/usr/src/debug/systemd" +fi +if ((LLVM)); then + # TODO: Remove -fno-sanitize-function when https://github.com/systemd/systemd/issues/29972 is fixed. + MKOSI_CFLAGS="$MKOSI_CFLAGS -shared-libasan -fno-sanitize=function" +fi + +MKOSI_LDFLAGS="" +if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then + MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(realpath "$(clang --print-runtime-dir)")" +fi + +MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}" +if ((WIPE)) && [[ -d "$BUILDDIR/meson-private" ]]; then + MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe" +fi + +IFS= +# TODO: Replace meson_build and meson_install overrides with "--undefine __meson_verbose" once +# https://github.com/mesonbuild/meson/pull/12835 is available. +# shellcheck disable=SC2046 +env \ +--unset=CFLAGS \ +--unset=CXXFLAGS \ +--unset=LDFLAGS \ +ANNOBIN="no-active-checks" \ +CC_LD="$( ((LLVM)) && echo lld)" \ +CXX_LD="$( ((LLVM)) && echo lld)" \ + rpmbuild \ + -bb \ + --build-in-place \ + --with upstream \ + $( ((WITH_TESTS)) || echo "--nocheck") \ + $( ((WITH_DOCS)) || echo "--without=docs") \ + --define "_topdir /var/tmp" \ + --define "_sourcedir pkg/$PKG_SUBDIR" \ + --define "_rpmdir $OUTPUTDIR" \ + ${BUILDDIR:+"--define=_vpath_builddir $BUILDDIR"} \ + --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \ + --define "_binary_payload w.ufdio" \ + $( ((WITH_DEBUG)) || echo "--define=debug_package %{nil}") \ + --define "version_override $VERSION" \ + --define "release_override $RELEASE" \ + "${COMMON_MACRO_OVERRIDES[@]}" \ + --define "build_cflags $(rpm "${COMMON_MACRO_OVERRIDES[@]}" --eval "%{?build_cflags}") $MKOSI_CFLAGS $CFLAGS" \ + --define "build_cxxflags $(rpm "${COMMON_MACRO_OVERRIDES[@]}" --eval "%{?build_cxxflags}") $MKOSI_CFLAGS $CFLAGS" \ + --define "build_ldflags $(rpm "${COMMON_MACRO_OVERRIDES[@]}" --eval "%{?build_ldflags}") $MKOSI_LDFLAGS $LDFLAGS" \ + --define "meson_build %{shrink:%{__meson} compile -C %{_vpath_builddir} -j %{_smp_build_ncpus} $( ((MESON_VERBOSE)) && echo --verbose) %{nil}}" \ + --define "meson_install %{shrink:DESTDIR=%{buildroot} %{__meson} install -C %{_vpath_builddir} --no-rebuild --quiet %{nil}}" \ + --define "meson_extra_configure_options $MKOSI_MESON_OPTIONS $MESON_OPTIONS" \ + $( ((WITH_DEBUG)) || echo "--define=__brp_strip %{nil}") \ + --define "__brp_compress %{nil}" \ + --define "__brp_mangle_shebangs %{nil}" \ + --define "__brp_strip_comment_note %{nil}" \ + --define "__brp_strip_static_archive %{nil}" \ + --define "__brp_check_rpaths %{nil}" \ + --define "__elf_exclude_path ^/usr/lib/systemd/tests/unit-tests/.*$" \ + --define "__script_requires %{nil}" \ + --define "_find_debuginfo_opts --unique-debug-src-base \"%{name}\"" \ + --define "_find_debuginfo_dwz_opts %{nil}" \ + --define "_fixperms true" \ + --undefine _package_note_flags \ + --noclean \ + "pkg/$PKG_SUBDIR/systemd.spec" + +( + shopt -s nullglob + rm -f "$BUILDDIR"/*.rpm +) + +cp "$OUTPUTDIR"/*.rpm "$PACKAGEDIR" +cp "$OUTPUTDIR"/*.rpm "$BUILDDIR" + +make_sysext_unsigned /var/tmp/BUILD/*/BUILDROOT diff --git a/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.conf b/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.conf new file mode 100644 index 0000000..f3afd55 --- /dev/null +++ b/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.conf @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=|centos +Distribution=|fedora + +[Content] +Environment= + GIT_URL=https://src.fedoraproject.org/rpms/systemd.git + GIT_BRANCH=rawhide + GIT_COMMIT=00babccdea1576d96edfdb7ab12958564cc4f1b6 + PKG_SUBDIR=fedora + +Packages= + compiler-rt + git-core + libasan + libubsan + rpm-build diff --git a/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.prepare b/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.prepare new file mode 100755 index 0000000..6028dc3 --- /dev/null +++ b/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.prepare @@ -0,0 +1,60 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +if [[ "$1" == "build" ]]; then + exit 0 +fi + +if [[ ! -f "pkg/$PKG_SUBDIR/systemd.spec" ]]; then + echo "spec not found at pkg/$PKG_SUBDIR/systemd.spec, run mkosi with -ff to make sure the spec is cloned" >&2 + exit 1 +fi + +mkosi-chroot \ + rpmspec \ + --with upstream \ + --query \ + --buildrequires \ + --define "_topdir /var/tmp" \ + --define "_sourcedir pkg/$PKG_SUBDIR" \ + "pkg/$PKG_SUBDIR/systemd.spec" | + grep --invert-match --regexp systemd --regexp /bin/sh --regexp "rpmlib(" --regexp udev --regexp grubby --regexp sdubby | + sort --unique | + tee /tmp/buildrequires | + xargs --delimiter '\n' mkosi-install + +# rpmbuild -br tries to build a source package which means all source files have to exist which isn't the +# case when using --build-in-place so we get rid of the source file that doesn't exist to make it happy. +# TODO: Use -bd instead of -br and get rid of this once we don't need to build on CentOS Stream 9 anymore. +sed '/Source0/d' --in-place "pkg/$PKG_SUBDIR/systemd.spec" + +until mkosi-chroot \ + rpmbuild \ + -br \ + --build-in-place \ + --with upstream \ + --define "_topdir /var/tmp" \ + --define "_sourcedir pkg/$PKG_SUBDIR" \ + --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \ + "pkg/$PKG_SUBDIR/systemd.spec" +do + EXIT_STATUS=$? + if [[ $EXIT_STATUS -ne 11 ]]; then + exit $EXIT_STATUS + fi + + mkosi-chroot \ + rpm \ + --query \ + --package \ + --requires \ + /var/tmp/SRPMS/systemd-*.buildreqs.nosrc.rpm | + grep --invert-match '^rpmlib(' | + sort --unique >/tmp/dynamic-buildrequires + + sort /tmp/buildrequires /tmp/dynamic-buildrequires | + uniq --unique | + tee --append /tmp/buildrequires | + xargs --delimiter '\n' mkosi-install +done diff --git a/mkosi.images/build/mkosi.conf.d/centos/mkosi.conf b/mkosi.images/build/mkosi.conf.d/centos/mkosi.conf new file mode 100644 index 0000000..f3d19e3 --- /dev/null +++ b/mkosi.images/build/mkosi.conf.d/centos/mkosi.conf @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=centos + +[Content] +Packages= + rsync # TODO: Drop when CentOS Stream 9 CI is removed. + squashfs-tools diff --git a/mkosi.images/build/mkosi.conf.d/centos/mkosi.conf.d/epel-packages.conf b/mkosi.images/build/mkosi.conf.d/centos/mkosi.conf.d/epel-packages.conf new file mode 100644 index 0000000..15849c5 --- /dev/null +++ b/mkosi.images/build/mkosi.conf.d/centos/mkosi.conf.d/epel-packages.conf @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Repositories=epel + +[Content] +Packages= + erofs-utils + rpmautospec-rpm-macros diff --git a/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot new file mode 100755 index 0000000..2d50afb --- /dev/null +++ b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot @@ -0,0 +1,140 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +if [[ ! -d "pkg/$PKG_SUBDIR/debian" ]]; then + echo "deb rules not found at pkg/$PKG_SUBDIR/debian, run mkosi once with -ff to make sure the rules are cloned" >&2 + exit 1 +fi + +# We transplant the debian/ folder from the deb package sources into the upstream sources. +mount --mkdir --bind "$SRCDIR/pkg/$PKG_SUBDIR/debian" "$SRCDIR"/debian + +# We remove the patches so they don't get applied. +rm -rf "$SRCDIR"/debian/patches/* + +# While the build directory can be specified through DH_OPTIONS, the default one is hardcoded everywhere so +# we have to use that. Because it is architecture dependent, we query it using dpkg-architecture first. +DEB_HOST_GNU_TYPE="$(dpkg-architecture --query DEB_HOST_GNU_TYPE)" +mount --mkdir --bind "$BUILDDIR" "$SRCDIR/obj-$DEB_HOST_GNU_TYPE" + +if [[ -d .git/ ]] && [[ -z "$(git status --porcelain)" ]]; then + TS="$(git show --no-patch --format=%ct HEAD)" +else + TS="${SOURCE_DATE_EPOCH:-$(date +%s)}" +fi + +# Add a new changelog entry to update the version. We use a fixed date since a dynamic one causes a full +# rebuild every time. +cat >debian/changelog.new < $(date --rfc-email --date "@$TS") + +EOF +cat debian/changelog >>debian/changelog.new +mv debian/changelog.new debian/changelog + +MKOSI_CFLAGS="-O0" +if ((LLVM)); then + # TODO: Remove -fno-sanitize-function when https://github.com/systemd/systemd/issues/29972 is fixed. + MKOSI_CFLAGS="$MKOSI_CFLAGS -shared-libasan -fno-sanitize=function" +fi + +MKOSI_LDFLAGS="" +if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then + MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(realpath "$(clang --print-runtime-dir)")" +fi + +MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}" +if ((WIPE)) && [[ -d "$BUILDDIR/meson-private" ]]; then + MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe" +fi + +# TODO: Drop GENSYMBOLS_LEVEL once https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986746 is fixed. +build() { + env \ + CC="$( ((LLVM)) && echo clang || echo gcc)" \ + CXX="$( ((LLVM)) && echo clang++ || echo g++)" \ + CC_LD="$( ((LLVM)) && echo lld)" \ + CXX_LD="$( ((LLVM)) && echo lld)" \ + DEB_BUILD_OPTIONS="$(awk '$1=$1' <<<"\ + $( ((WITH_TESTS)) || echo nocheck) \ + $( ((WITH_DOCS)) || echo nodoc) \ + $( ((WITH_DEBUG)) && echo debug || echo nostrip) \ + $( ! ((MESON_VERBOSE)) && echo terse) \ + optimize=-lto \ + hardening=-fortify \ + ")" \ + DEB_BUILD_PROFILES="$(awk '$1=$1' <<<"\ + $( ((WITH_TESTS)) || echo nocheck) \ + $( ((WITH_DOCS)) || echo nodoc) \ + pkg.systemd.upstream \ + ")" \ + DEB_CFLAGS_APPEND="$MKOSI_CFLAGS $CFLAGS" \ + DEB_CXXFLAGS_APPEND="$MKOSI_CFLAGS $CFLAGS" \ + DEB_LDFLAGS_APPEND="$MKOSI_LDFLAGS $LDFLAGS" \ + DPKG_FORCE="unsafe-io" \ + DPKG_DEB_COMPRESSOR_TYPE="none" \ + DH_MISSING="--fail-missing" \ + CONFFLAGS_UPSTREAM="$MKOSI_MESON_OPTIONS $MESON_OPTIONS" \ + GENSYMBOLS_LEVEL="$( ((LLVM)) && echo 0 || echo 1)" \ + dpkg-buildpackage \ + --no-pre-clean \ + --unsigned-changes \ + --build=binary + + EXIT_STATUS=$? + + # Make sure we don't reconfigure twice. + MKOSI_MESON_OPTIONS="${MKOSI_MESON_OPTIONS//"--wipe"/}" + + return $EXIT_STATUS +} + +if ! build; then + # debhelper installs files for each package to debian/ so we figure out which files were + # packaged by querying all the package names from debian/control and running find on each of the + # corresponding package directory in debian/. + grep "Package:" debian/control | + sed "s/Package: //" | + xargs -d '\n' -I {} sh -c "[ -d debian/{} ] && (cd debian/{} && find . ! -type d ! -path "*dh-exec*" -printf '%P\n')" | + # Remove compression suffix from compressed manpages as the manpages in debian/tmp will be uncompressed. + sed --regexp-extended 's/([0-9])\.gz$/\1/' | + sort --unique >/tmp/packaged-files + + # We figure out the installed files by running find on debian/tmp/ which contains the files installed + # by meson install. + (cd debian/tmp/ && find . ! -type d ! -path "*dh-exec*" -printf '%P\n') >/tmp/installed-files + + if [[ -f debian/not-installed ]]; then + grep --invert-match "^#" debian/not-installed >>/tmp/installed-files + fi + + sort --unique --output /tmp/installed-files /tmp/installed-files + + # We get all the installed files that were not packaged by finding entries in the installed file that are + # not in the packaged file. + comm -23 /tmp/installed-files /tmp/packaged-files > /tmp/unpackaged-files + # If there are no unpackaged files something else went wrong. + if [[ ! -s /tmp/unpackaged-files ]]; then + exit 1 + fi + + # Otherwise, we append the unpackaged files to the filelist for the systemd package and retry the build. + cat /tmp/unpackaged-files >>debian/systemd.install + build +fi + +( + shopt -s nullglob + rm -f "$BUILDDIR"/*.deb "$BUILDDIR"/*.ddeb + + cp ../*.deb ../*.ddeb "$PACKAGEDIR" + cp ../*.deb ../*.ddeb "$OUTPUTDIR" + cp ../*.deb ../*.ddeb "$BUILDDIR" + # These conflict with the packages that we actually want to install, so remove them + rm -f "$BUILDDIR"/systemd-standalone-*.deb "$BUILDDIR"/systemd-standalone-*.ddeb +) diff --git a/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf new file mode 100644 index 0000000..132ee1b --- /dev/null +++ b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf @@ -0,0 +1,20 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=|debian +Distribution=|ubuntu + +[Content] +Environment= + GIT_URL=https://salsa.debian.org/systemd-team/systemd.git + GIT_SUBDIR=debian + GIT_BRANCH=ci/v256-stable + GIT_COMMIT=c004a150e78c0453848480485b2e3eb0ac7dff8b + PKG_SUBDIR=debian + +Packages= + apt + erofs-utils + git-core + libclang-rt-dev + dpkg-dev diff --git a/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.prepare b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.prepare new file mode 100755 index 0000000..cec81ec --- /dev/null +++ b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.prepare @@ -0,0 +1,15 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +if [[ "$1" == "build" ]]; then + exit 0 +fi + +if [[ ! -d "pkg/$PKG_SUBDIR/debian" ]]; then + echo "deb rules not found at pkg/$PKG_SUBDIR/debian, run mkosi once with -ff to make sure the rules are cloned" >&2 + exit 1 +fi + +cd "pkg/$PKG_SUBDIR" +DEB_BUILD_PROFILES="pkg.systemd.upstream" apt-get build-dep . diff --git a/mkosi.images/build/mkosi.conf.d/fedora/mkosi.conf b/mkosi.images/build/mkosi.conf.d/fedora/mkosi.conf new file mode 100644 index 0000000..0e02dcb --- /dev/null +++ b/mkosi.images/build/mkosi.conf.d/fedora/mkosi.conf @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=fedora + +[Content] +Packages= + erofs-utils + rpmautospec diff --git a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot new file mode 100755 index 0000000..a1fb83c --- /dev/null +++ b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot @@ -0,0 +1,134 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +. mkosi.functions + +if [[ ! -f "pkg/$PKG_SUBDIR/systemd.spec" ]]; then + echo "spec not found at pkg/$PKG_SUBDIR/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2 + exit 1 +fi + +if [[ -d .git/ ]] && [[ -z "$(git status --porcelain)" ]]; then + TS="$(git show --no-patch --format=%ct HEAD)" +else + TS="${SOURCE_DATE_EPOCH:-$(date +%s)}" +fi + +# The openSUSE filelists hardcode the manpage compression extension. This causes rpmbuild errors since we +# disable manpage compression as the files cannot be found. Fix the issue by removing the compression +# extension. +find "pkg/$PKG_SUBDIR" -name "files.*" -exec sed --in-place 's/\.gz$//' {} \; + +if [[ "$(rpm --eval "%{lua:print(rpm.vercmp('$(rpm --version | cut -d ' ' -f3)', '4.20'))}")" == "-1" ]]; then + # Fix the %install override so debuginfo packages are generated. + tee --append /usr/lib/rpm/suse/macros <<'EOF' +%install %{debug_package}\ +%%install\ +%{nil} +EOF +fi + +VERSION="$(cat meson.version)" +RELEASE="$(date "+%Y%m%d%H%M%S" --date "@$TS")" + +MKOSI_CFLAGS="-O0 -Wp,-U_FORTIFY_SOURCE" +if ((WITH_DEBUG)); then + MKOSI_CFLAGS="$MKOSI_CFLAGS -fdebug-prefix-map=../src=/usr/src/debug/systemd" +fi +if ((LLVM)); then + # TODO: Remove -fno-sanitize-function when https://github.com/systemd/systemd/issues/29972 is fixed. + MKOSI_CFLAGS="$MKOSI_CFLAGS -shared-libasan -fno-sanitize=function" +fi + +MKOSI_LDFLAGS="$(rpm --eval "%{?build_ldflags}")" +if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then + MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(realpath "$(clang --print-runtime-dir)")" +fi + +# A macro can't have an empty body and currently opensuse does not specify any of its own linker flags so +# set LDFLAGS to %{nil} if there are no linker flags. +if [[ -z "${MKOSI_LDFLAGS// }" ]]; then + MKOSI_LDFLAGS="%{nil}" +fi + +MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}" +if ((WIPE)) && [[ -d "$BUILDDIR/meson-private" ]]; then + MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe" +fi + +# TODO: Drop when the spec is fixed (either the patch is adapted or not applied when building for upstream). +sed --in-place '/0009-pid1-handle-console-specificities-weirdness-for-s390.patch/d' "pkg/$PKG_SUBDIR/systemd.spec" + +build() { + IFS= + # shellcheck disable=SC2046 + env \ + --unset CFLAGS \ + --unset CXXFLAGS \ + --unset LDFLAGS \ + CC="$( ((LLVM)) && echo clang || echo gcc)" \ + CXX="$( ((LLVM)) && echo clang++ || echo g++)" \ + CC_LD="$( ((LLVM)) && echo lld)" \ + CXX_LD="$( ((LLVM)) && echo lld)" \ + rpmbuild \ + -bb \ + --build-in-place \ + --with upstream \ + $( ((WITH_TESTS)) || echo "--nocheck") \ + --define "_topdir /var/tmp" \ + --define "_sourcedir pkg/$PKG_SUBDIR" \ + --define "_rpmdir $OUTPUTDIR" \ + ${BUILDDIR:+"--define=_vpath_builddir $BUILDDIR"} \ + --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \ + --define "_binary_payload w.ufdio" \ + $( ((WITH_DEBUG)) || echo "--define=debug_package %{nil}") \ + --define "vendor openSUSE" \ + --define "version_override $VERSION" \ + --define "release_override $RELEASE" \ + --define "__check_files sh -c '$(rpm --define "_topdir /var/tmp" --eval %__check_files) | tee /tmp/unpackaged-files'" \ + --define "build_cflags $(rpm --eval "%{?build_cflags}") $MKOSI_CFLAGS $CFLAGS" \ + --define "build_cxxflags $(rpm --eval "%{?build_cxxflags}") $MKOSI_CFLAGS $CFLAGS" \ + --define "build_ldflags $MKOSI_LDFLAGS $LDFLAGS" \ + $( ((MESON_VERBOSE)) || echo "--undefine=__meson_verbose") \ + --define "meson_extra_configure_options $MKOSI_MESON_OPTIONS $MESON_OPTIONS" \ + --define "__os_install_post /usr/lib/rpm/brp-suse %{nil}" \ + --define "__elf_exclude_path ^/usr/lib/systemd/tests/unit-tests/.*$" \ + --define "__script_requires %{nil}" \ + --define "_find_debuginfo_dwz_opts %{nil}" \ + --define "_find_debuginfo_opts --unique-debug-src-base \"%{name}\"" \ + --define "_fixperms true" \ + --noclean \ + "$@" \ + "pkg/$PKG_SUBDIR/systemd.spec" + + EXIT_STATUS=$? + + # Make sure we don't reconfigure twice. + MKOSI_MESON_OPTIONS="${MKOSI_MESON_OPTIONS//"--wipe"/}" + + return $EXIT_STATUS +} + +if ! build; then + if [[ ! -s /tmp/unpackaged-files ]]; then + exit 1 + fi + + # rpm will append to any existing systemd.lang so delete it explicitly so we don't get duplicate file + # warnings. + rm systemd.lang + + grep -v ".debug" /tmp/unpackaged-files >>"pkg/$PKG_SUBDIR/files.systemd" + build --noprep --nocheck +fi + +( + shopt -s nullglob + rm -f "$BUILDDIR"/*.rpm +) + +cp "$OUTPUTDIR"/*.rpm "$PACKAGEDIR" +cp "$OUTPUTDIR"/*.rpm "$BUILDDIR" + +make_sysext_unsigned /var/tmp/BUILD/*/BUILDROOT diff --git a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf new file mode 100644 index 0000000..1d55a91 --- /dev/null +++ b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf @@ -0,0 +1,18 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=opensuse + +[Content] +Environment= + GIT_URL=https://code.opensuse.org/package/systemd + GIT_BRANCH=master + GIT_COMMIT=6812406e52a474568744c267e7bade1496bb26a5 + PKG_SUBDIR=opensuse + +Packages= + gcc-c++ + erofs-utils + git-core + patterns-base-minimal_base + rpm-build diff --git a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.prepare b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.prepare new file mode 100755 index 0000000..24f07fd --- /dev/null +++ b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.prepare @@ -0,0 +1,58 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +if [[ "$1" == "build" ]]; then + exit 0 +fi + +if [[ ! -f "pkg/$PKG_SUBDIR/systemd.spec" ]]; then + echo "spec not found at pkg/$PKG_SUBDIR/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2 + exit 1 +fi + +# TODO: Drop when the spec is fixed (either the patch is adapted or not applied when building for upstream). +sed --in-place '/0009-pid1-handle-console-specificities-weirdness-for-s390.patch/d' "pkg/$PKG_SUBDIR/systemd.spec" + +mkosi-chroot \ + rpmspec \ + --with upstream \ + --query \ + --buildrequires \ + --define "_topdir /var/tmp" \ + --define "_sourcedir pkg/$PKG_SUBDIR" \ + "pkg/$PKG_SUBDIR/systemd.spec" | + grep --invert-match --regexp systemd --regexp /bin/sh --regexp "rpmlib(" --regexp udev | + sort --unique | + tee /tmp/buildrequires | + xargs --delimiter '\n' mkosi-install + +until mkosi-chroot \ + rpmbuild \ + -bd \ + --build-in-place \ + --with upstream \ + --define "_topdir /var/tmp" \ + --define "_sourcedir pkg/$PKG_SUBDIR" \ + --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \ + "pkg/$PKG_SUBDIR/systemd.spec" +do + EXIT_STATUS=$? + if [[ $EXIT_STATUS -ne 11 ]]; then + exit $EXIT_STATUS + fi + + mkosi-chroot \ + rpm \ + --query \ + --package \ + --requires \ + /var/tmp/SRPMS/systemd-*.buildreqs.nosrc.rpm | + grep --invert-match '^rpmlib(' | + sort --unique >/tmp/dynamic-buildrequires + + sort /tmp/buildrequires /tmp/dynamic-buildrequires | + uniq --unique | + tee --append /tmp/buildrequires | + xargs --delimiter '\n' mkosi-install +done diff --git a/mkosi.images/build/mkosi.sync b/mkosi.images/build/mkosi.sync new file mode 100755 index 0000000..febe893 --- /dev/null +++ b/mkosi.images/build/mkosi.sync @@ -0,0 +1,51 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e +set -o nounset + +if ((${NO_SYNC:-0})) || ((${NO_BUILD:-0})); then + exit 0 +fi + +if [[ -d "pkg/$PKG_SUBDIR/.git" ]]; then + if [[ "$(git -C "pkg/$PKG_SUBDIR" rev-parse HEAD)" == "$GIT_COMMIT" ]]; then + exit 0 + fi + + if ! git -C "pkg/$PKG_SUBDIR" show-ref --quiet "origin/$GIT_BRANCH"; then + git -C "pkg/$PKG_SUBDIR" remote set-url origin "$GIT_URL" + git -C "pkg/$PKG_SUBDIR" fetch origin "$GIT_BRANCH" + fi + + # If work is being done on the packaging rules in a separate branch, don't touch the checkout. + if ! git -C "pkg/$PKG_SUBDIR" merge-base --is-ancestor HEAD "origin/$GIT_BRANCH"; then + EXIT_STATUS=$? + if [[ $EXIT_STATUS -eq 1 ]]; then + exit 0 + else + exit $EXIT_STATUS + fi + fi +fi + +if [[ ! -e "pkg/$PKG_SUBDIR" ]] || [[ -z "$(ls --almost-all "pkg/$PKG_SUBDIR")" ]]; then + # The repository on Salsa has the full upstream sources, so it's a waste of + # space to redownload and duplicate everything, so do a sparse checkout as + # we only need the packaging directory anyway. + if [[ -n "${GIT_SUBDIR:-}" ]]; then + sparse=(--no-checkout --filter=tree:0) + else + sparse=() + fi + + git clone "$GIT_URL" --branch "$GIT_BRANCH" "${sparse[@]}" "pkg/$PKG_SUBDIR" + if [[ -n "${GIT_SUBDIR:-}" ]]; then + # --no-cone is needed to check out only one top-level directory + git -C "pkg/$PKG_SUBDIR" sparse-checkout set --no-cone "${GIT_SUBDIR:-}" + fi +else + git -C "pkg/$PKG_SUBDIR" remote set-url origin "$GIT_URL" + git -C "pkg/$PKG_SUBDIR" fetch origin "$GIT_BRANCH" +fi + +git -C "pkg/$PKG_SUBDIR" -c advice.detachedHead=false checkout "$GIT_COMMIT" diff --git a/mkosi.images/exitrd/mkosi.conf b/mkosi.images/exitrd/mkosi.conf index 2e867cb..28da8a5 100644 --- a/mkosi.images/exitrd/mkosi.conf +++ b/mkosi.images/exitrd/mkosi.conf @@ -1,22 +1,17 @@ # SPDX-License-Identifier: LGPL-2.1-or-later -[Config] -ConfigureScripts= - [Output] Format=directory [Content] Bootable=no -@Locale=C.UTF-8 +Locale=C.UTF-8 WithDocs=no CleanPackageMetadata=yes MakeInitrd=yes -BuildSources= -Packages= -BuildPackages= -VolatilePackages= - Packages= bash + +[Config] +Include=%D/mkosi.sanitizers diff --git a/mkosi.images/exitrd/mkosi.conf.d/10-arch.conf b/mkosi.images/exitrd/mkosi.conf.d/10-arch.conf index c8b1904..b5f3194 100644 --- a/mkosi.images/exitrd/mkosi.conf.d/10-arch.conf +++ b/mkosi.images/exitrd/mkosi.conf.d/10-arch.conf @@ -4,8 +4,9 @@ Distribution=arch [Content] -Packages= +VolatilePackages= systemd + systemd-libs RemoveFiles= # Arch Linux doesn't split their gcc-libs package so we manually remove diff --git a/mkosi.images/exitrd/mkosi.conf.d/10-centos-fedora.conf b/mkosi.images/exitrd/mkosi.conf.d/10-centos-fedora.conf index 8458dee..a1fa32b 100644 --- a/mkosi.images/exitrd/mkosi.conf.d/10-centos-fedora.conf +++ b/mkosi.images/exitrd/mkosi.conf.d/10-centos-fedora.conf @@ -5,5 +5,5 @@ Distribution=|centos Distribution=|fedora [Content] -Packages= +VolatilePackages= systemd-standalone-shutdown diff --git a/mkosi.images/exitrd/mkosi.conf.d/10-debian.conf b/mkosi.images/exitrd/mkosi.conf.d/10-debian.conf index 68b0aa5..6ca310c 100644 --- a/mkosi.images/exitrd/mkosi.conf.d/10-debian.conf +++ b/mkosi.images/exitrd/mkosi.conf.d/10-debian.conf @@ -4,5 +4,5 @@ Distribution=debian [Content] -Packages= +VolatilePackages= systemd-standalone-shutdown diff --git a/mkosi.images/exitrd/mkosi.conf.d/10-opensuse.conf b/mkosi.images/exitrd/mkosi.conf.d/10-opensuse.conf index 3f6df21..5fd6466 100644 --- a/mkosi.images/exitrd/mkosi.conf.d/10-opensuse.conf +++ b/mkosi.images/exitrd/mkosi.conf.d/10-opensuse.conf @@ -5,4 +5,9 @@ Distribution=opensuse [Content] Packages= + patterns-base-minimal_base + +VolatilePackages= + libsystemd0 + libudev1 systemd diff --git a/mkosi.images/exitrd/mkosi.conf.d/10-ubuntu.conf b/mkosi.images/exitrd/mkosi.conf.d/10-ubuntu.conf index ddd68dc..9a7e1d8 100644 --- a/mkosi.images/exitrd/mkosi.conf.d/10-ubuntu.conf +++ b/mkosi.images/exitrd/mkosi.conf.d/10-ubuntu.conf @@ -4,5 +4,8 @@ Distribution=ubuntu [Content] -Packages= +VolatilePackages= + libsystemd-shared + libsystemd0 + libudev1 systemd diff --git a/mkosi.images/exitrd/mkosi.conf.d/20-build.conf b/mkosi.images/exitrd/mkosi.conf.d/20-build.conf new file mode 100644 index 0000000..8c16d9b --- /dev/null +++ b/mkosi.images/exitrd/mkosi.conf.d/20-build.conf @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +# Add a dependency on the build image unless NO_BUILD=1. + +[Match] +Environment=!NO_BUILD=1 + +[Config] +Dependencies=build diff --git a/mkosi.images/initrd/mkosi.conf b/mkosi.images/initrd/mkosi.conf new file mode 100644 index 0000000..3f2c5c7 --- /dev/null +++ b/mkosi.images/initrd/mkosi.conf @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Config] +Include= + mkosi-initrd + %D/mkosi.sanitizers + +[Content] +ExtraTrees= + %D/mkosi.leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions + %D/mkosi.coredump-journal-storage.conf:/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf + +Packages= + findutils + grep + sed diff --git a/mkosi.images/initrd/mkosi.conf.d/arch.conf b/mkosi.images/initrd/mkosi.conf.d/arch.conf new file mode 100644 index 0000000..99e039d --- /dev/null +++ b/mkosi.images/initrd/mkosi.conf.d/arch.conf @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=arch + +[Content] +Packages= + btrfs-progs + tpm2-tools + +VolatilePackages= + systemd + systemd-libs + systemd-sysvcompat diff --git a/mkosi.images/initrd/mkosi.conf.d/build.conf b/mkosi.images/initrd/mkosi.conf.d/build.conf new file mode 100644 index 0000000..8c16d9b --- /dev/null +++ b/mkosi.images/initrd/mkosi.conf.d/build.conf @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +# Add a dependency on the build image unless NO_BUILD=1. + +[Match] +Environment=!NO_BUILD=1 + +[Config] +Dependencies=build diff --git a/mkosi.images/initrd/mkosi.conf.d/centos-fedora.conf b/mkosi.images/initrd/mkosi.conf.d/centos-fedora.conf new file mode 100644 index 0000000..6607dab --- /dev/null +++ b/mkosi.images/initrd/mkosi.conf.d/centos-fedora.conf @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=|centos +Distribution=|fedora + +[Content] +Packages= + tpm2-tools + +VolatilePackages= + systemd + systemd-libs + systemd-udev diff --git a/mkosi.images/initrd/mkosi.conf.d/debian-ubuntu.conf b/mkosi.images/initrd/mkosi.conf.d/debian-ubuntu.conf new file mode 100644 index 0000000..093c1bd --- /dev/null +++ b/mkosi.images/initrd/mkosi.conf.d/debian-ubuntu.conf @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=|debian +Distribution=|ubuntu + +[Content] +Packages= + btrfs-progs + tpm2-tools + +VolatilePackages= + libsystemd-shared + libsystemd0 + libudev1 + systemd + systemd-cryptsetup + systemd-repart + udev diff --git a/mkosi.images/initrd/mkosi.conf.d/fedora.conf b/mkosi.images/initrd/mkosi.conf.d/fedora.conf new file mode 100644 index 0000000..634b5a0 --- /dev/null +++ b/mkosi.images/initrd/mkosi.conf.d/fedora.conf @@ -0,0 +1,8 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=fedora + +[Content] +Packages= + btrfs-progs diff --git a/mkosi.images/initrd/mkosi.conf.d/opensuse.conf b/mkosi.images/initrd/mkosi.conf.d/opensuse.conf new file mode 100644 index 0000000..9f685e6 --- /dev/null +++ b/mkosi.images/initrd/mkosi.conf.d/opensuse.conf @@ -0,0 +1,17 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=opensuse + +[Content] +Packages= + btrfs-progs + kmod + tpm2.0-tools + +VolatilePackages= + libsystemd0 + libudev1 + systemd + udev + systemd-experimental diff --git a/mkosi.images/initrd/mkosi.extra/usr/lib/encrypted-var.repart.d/00-root.conf b/mkosi.images/initrd/mkosi.extra/usr/lib/encrypted-var.repart.d/00-root.conf new file mode 100644 index 0000000..b252491 --- /dev/null +++ b/mkosi.images/initrd/mkosi.extra/usr/lib/encrypted-var.repart.d/00-root.conf @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Partition] +Type=var +# This label is the partition's label. The filesystem inside may have its own label. +Label=varcrypt +# This UUID is the decrypted partition UUID, there are also filesystem and luks UUIDs. +# The original test finds the partition by this UUID, but it doesn't appear +# since the luks UUID, which is derived by hash of this UUID, is different +# and the luks UUID is needed before the decrypted partition UUID. +# The resulting luks UUID is 0d318174-56b0-4d6e-a324-ac1e7e7d235d. +UUID=deadbeef-dead-dead-beef-000000000000 +Format=ext4 +Encrypt=key-file +SizeMinBytes=1G diff --git a/mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/encrypted-var.service b/mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/encrypted-var.service new file mode 100644 index 0000000..54a9b8a --- /dev/null +++ b/mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/encrypted-var.service @@ -0,0 +1,20 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Unit] +Description=Add encrypted var partition to root disk +Documentation=man:systemd-repart.service(8) + +ConditionVirtualization=!container + +DefaultDependencies=no +Wants=modprobe@loop.service modprobe@dm_mod.service +After=modprobe@loop.service modprobe@dm_mod.service sysroot.mount +Before=initrd-root-fs.target +Conflicts=shutdown.target initrd-switch-root.target +Before=shutdown.target initrd-switch-root.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=systemd-repart --definitions /usr/lib/encrypted-var.repart.d --key-file %d/keyfile --dry-run=no /sysroot +ImportCredential=keyfile diff --git a/mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/initrd-run-mount.service b/mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/initrd-run-mount.service new file mode 100644 index 0000000..845ac57 --- /dev/null +++ b/mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/initrd-run-mount.service @@ -0,0 +1,11 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Unit] +Description=Create a mount in /run that should survive the transition from initrd + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=mkdir /run/initrd-mount-source /run/initrd-mount-target +ExecStart=mount -v --bind /run/initrd-mount-source /run/initrd-mount-target +ExecStart=cp -v /etc/initrd-release /run/initrd-mount-target/hello-world diff --git a/mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/initrdcred.service b/mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/initrdcred.service new file mode 100644 index 0000000..2c709bc --- /dev/null +++ b/mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/initrdcred.service @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Unit] +Description=populate initrd credential dir for TEST-54-CREDS + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=sh -c "mkdir -m 0755 -p /run/credentials && mkdir -m 0700 /run/credentials/@initrd && umask 0077 && echo guatemala > /run/credentials/@initrd/myinitrdcred" diff --git a/mkosi.images/minimal-0/mkosi.conf b/mkosi.images/minimal-0/mkosi.conf index a929fb6..5ef80b8 100644 --- a/mkosi.images/minimal-0/mkosi.conf +++ b/mkosi.images/minimal-0/mkosi.conf @@ -2,10 +2,6 @@ [Config] Dependencies=minimal-base -ConfigureScripts= - -[Distribution] -CacheOnly=always [Output] Format=portable @@ -15,11 +11,3 @@ SplitArtifacts=yes BaseTrees=%O/minimal-base Environment=SYSTEMD_REPART_OVERRIDE_FSTYPE=squashfs Bootable=no - -BuildSources= -Packages= -BuildPackages= -VolatilePackages= - -[Host] -Incremental=no diff --git a/mkosi.images/minimal-1/mkosi.conf b/mkosi.images/minimal-1/mkosi.conf index a929fb6..5ef80b8 100644 --- a/mkosi.images/minimal-1/mkosi.conf +++ b/mkosi.images/minimal-1/mkosi.conf @@ -2,10 +2,6 @@ [Config] Dependencies=minimal-base -ConfigureScripts= - -[Distribution] -CacheOnly=always [Output] Format=portable @@ -15,11 +11,3 @@ SplitArtifacts=yes BaseTrees=%O/minimal-base Environment=SYSTEMD_REPART_OVERRIDE_FSTYPE=squashfs Bootable=no - -BuildSources= -Packages= -BuildPackages= -VolatilePackages= - -[Host] -Incremental=no diff --git a/mkosi.images/minimal-base/mkosi.conf b/mkosi.images/minimal-base/mkosi.conf index 7eb1473..d841f9b 100644 --- a/mkosi.images/minimal-base/mkosi.conf +++ b/mkosi.images/minimal-base/mkosi.conf @@ -1,24 +1,19 @@ # SPDX-License-Identifier: LGPL-2.1-or-later -[Config] -ConfigureScripts= - [Output] Format=directory [Content] Bootable=no -@Locale=C.UTF-8 +Locale=C.UTF-8 WithDocs=no CleanPackageMetadata=yes -BuildSources= -Packages= -BuildPackages= -VolatilePackages= - Packages= bash coreutils grep util-linux + +[Config] +Include=%D/mkosi.sanitizers diff --git a/mkosi.images/minimal-base/mkosi.conf.d/10-arch.conf b/mkosi.images/minimal-base/mkosi.conf.d/10-arch.conf index 9b03397..044199a 100644 --- a/mkosi.images/minimal-base/mkosi.conf.d/10-arch.conf +++ b/mkosi.images/minimal-base/mkosi.conf.d/10-arch.conf @@ -7,7 +7,10 @@ Distribution=arch Packages= inetutils iproute - openbsd-netcat + nmap + +VolatilePackages= + systemd-libs RemoveFiles= # Arch Linux doesn't split their gcc-libs package so we manually remove diff --git a/mkosi.images/minimal-base/mkosi.conf.d/10-centos-fedora.conf b/mkosi.images/minimal-base/mkosi.conf.d/10-centos-fedora.conf index 3a3e528..e9893ad 100644 --- a/mkosi.images/minimal-base/mkosi.conf.d/10-centos-fedora.conf +++ b/mkosi.images/minimal-base/mkosi.conf.d/10-centos-fedora.conf @@ -9,4 +9,7 @@ Packages= hostname iproute iproute-tc - netcat + nmap-ncat + +VolatilePackages= + systemd-libs diff --git a/mkosi.images/minimal-base/mkosi.conf.d/10-debian-ubuntu-opensuse.conf b/mkosi.images/minimal-base/mkosi.conf.d/10-debian-ubuntu-opensuse.conf deleted file mode 100644 index a715ec1..0000000 --- a/mkosi.images/minimal-base/mkosi.conf.d/10-debian-ubuntu-opensuse.conf +++ /dev/null @@ -1,12 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=|debian -Distribution=|ubuntu - -[Content] -Packages= - hostname - iproute2 - mount - netcat-openbsd diff --git a/mkosi.images/minimal-base/mkosi.conf.d/10-debian-ubuntu.conf b/mkosi.images/minimal-base/mkosi.conf.d/10-debian-ubuntu.conf new file mode 100644 index 0000000..d524ec1 --- /dev/null +++ b/mkosi.images/minimal-base/mkosi.conf.d/10-debian-ubuntu.conf @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=|debian +Distribution=|ubuntu + +[Content] +Packages= + hostname + iproute2 + mount + ncat + +VolatilePackages= + libsystemd0 + libudev1 diff --git a/mkosi.images/minimal-base/mkosi.conf.d/10-opensuse.conf b/mkosi.images/minimal-base/mkosi.conf.d/10-opensuse.conf index 2e370ec..9bd40cf 100644 --- a/mkosi.images/minimal-base/mkosi.conf.d/10-opensuse.conf +++ b/mkosi.images/minimal-base/mkosi.conf.d/10-opensuse.conf @@ -7,5 +7,9 @@ Distribution=opensuse Packages= hostname iproute2 - netcat-openbsd + ncat patterns-base-minimal_base + +VolatilePackages= + libsystemd0 + libudev1 diff --git a/mkosi.images/minimal-base/mkosi.conf.d/20-build.conf b/mkosi.images/minimal-base/mkosi.conf.d/20-build.conf new file mode 100644 index 0000000..8c16d9b --- /dev/null +++ b/mkosi.images/minimal-base/mkosi.conf.d/20-build.conf @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +# Add a dependency on the build image unless NO_BUILD=1. + +[Match] +Environment=!NO_BUILD=1 + +[Config] +Dependencies=build diff --git a/mkosi.images/system/coredump-journal-storage.conf b/mkosi.images/system/coredump-journal-storage.conf deleted file mode 100644 index cde9785..0000000 --- a/mkosi.images/system/coredump-journal-storage.conf +++ /dev/null @@ -1,4 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Coredump] -Storage=journal diff --git a/mkosi.images/system/initrd/mkosi.conf b/mkosi.images/system/initrd/mkosi.conf deleted file mode 100644 index ed9bfdc..0000000 --- a/mkosi.images/system/initrd/mkosi.conf +++ /dev/null @@ -1,7 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Content] -PostInstallationScripts=../mkosi.sanitizers.chroot -ExtraTrees= - ../leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions - ../coredump-journal-storage.conf:/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf diff --git a/mkosi.images/system/initrd/mkosi.extra/usr/lib/encrypted-var.repart.d/00-root.conf b/mkosi.images/system/initrd/mkosi.extra/usr/lib/encrypted-var.repart.d/00-root.conf deleted file mode 100644 index b252491..0000000 --- a/mkosi.images/system/initrd/mkosi.extra/usr/lib/encrypted-var.repart.d/00-root.conf +++ /dev/null @@ -1,15 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Partition] -Type=var -# This label is the partition's label. The filesystem inside may have its own label. -Label=varcrypt -# This UUID is the decrypted partition UUID, there are also filesystem and luks UUIDs. -# The original test finds the partition by this UUID, but it doesn't appear -# since the luks UUID, which is derived by hash of this UUID, is different -# and the luks UUID is needed before the decrypted partition UUID. -# The resulting luks UUID is 0d318174-56b0-4d6e-a324-ac1e7e7d235d. -UUID=deadbeef-dead-dead-beef-000000000000 -Format=ext4 -Encrypt=key-file -SizeMinBytes=1G diff --git a/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/encrypted-var.service b/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/encrypted-var.service deleted file mode 100644 index 54a9b8a..0000000 --- a/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/encrypted-var.service +++ /dev/null @@ -1,20 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Unit] -Description=Add encrypted var partition to root disk -Documentation=man:systemd-repart.service(8) - -ConditionVirtualization=!container - -DefaultDependencies=no -Wants=modprobe@loop.service modprobe@dm_mod.service -After=modprobe@loop.service modprobe@dm_mod.service sysroot.mount -Before=initrd-root-fs.target -Conflicts=shutdown.target initrd-switch-root.target -Before=shutdown.target initrd-switch-root.target - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=systemd-repart --definitions /usr/lib/encrypted-var.repart.d --key-file %d/keyfile --dry-run=no /sysroot -ImportCredential=keyfile diff --git a/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/initrd-run-mount.service b/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/initrd-run-mount.service deleted file mode 100644 index 845ac57..0000000 --- a/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/initrd-run-mount.service +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Unit] -Description=Create a mount in /run that should survive the transition from initrd - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=mkdir /run/initrd-mount-source /run/initrd-mount-target -ExecStart=mount -v --bind /run/initrd-mount-source /run/initrd-mount-target -ExecStart=cp -v /etc/initrd-release /run/initrd-mount-target/hello-world diff --git a/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/initrdcred.service b/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/initrdcred.service deleted file mode 100644 index 2c709bc..0000000 --- a/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/initrdcred.service +++ /dev/null @@ -1,9 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Unit] -Description=populate initrd credential dir for TEST-54-CREDS - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=sh -c "mkdir -m 0755 -p /run/credentials && mkdir -m 0700 /run/credentials/@initrd && umask 0077 && echo guatemala > /run/credentials/@initrd/myinitrdcred" diff --git a/mkosi.images/system/leak-sanitizer-suppressions b/mkosi.images/system/leak-sanitizer-suppressions deleted file mode 100644 index 639abb8..0000000 --- a/mkosi.images/system/leak-sanitizer-suppressions +++ /dev/null @@ -1 +0,0 @@ -leak:libselinux diff --git a/mkosi.images/system/mkosi.clean b/mkosi.images/system/mkosi.clean deleted file mode 100755 index 64810b7..0000000 --- a/mkosi.images/system/mkosi.clean +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash -set -e -set -o nounset - -rm -f "$OUTPUTDIR"/*.{rpm,deb,pkg.tar} diff --git a/mkosi.images/system/mkosi.conf b/mkosi.images/system/mkosi.conf deleted file mode 100644 index f8a91df..0000000 --- a/mkosi.images/system/mkosi.conf +++ /dev/null @@ -1,78 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Config] -InitrdInclude=initrd/ - -[Output] -RepartDirectories=mkosi.repart - -[Content] -Autologin=yes -ExtraTrees= - %D/mkosi.crt:/usr/lib/verity.d/mkosi.crt # sysext verification key - leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions - coredump-journal-storage.conf:/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf - -PostInstallationScripts=mkosi.sanitizers.chroot - -InitrdPackages= - btrfs-progs - findutils - grep - sed - -Packages= - acl - attr - bash-completion - bpftrace - btrfs-progs - clang - coreutils - curl - diffutils - dnsmasq - dosfstools - e2fsprogs - findutils - gdb - grep - gzip - jq - kbd - kexec-tools - kmod - knot - less - lld - llvm - lvm2 - man - mdadm - mtools - nano - nftables - nvme-cli - opensc - openssl - p11-kit - pciutils - python3 - qrencode - radvd - rsync - sed - socat - strace - systemd - tar - tmux - tree - udev - util-linux - valgrind - which - wireguard-tools - xfsprogs - zsh - zstd diff --git a/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.build.chroot b/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.build.chroot deleted file mode 100755 index 2c99a67..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.build.chroot +++ /dev/null @@ -1,99 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e - -if ((NO_BUILD)); then - exit 0 -fi - -# shellcheck source=/dev/null -. /usr/lib/os-release - -if [ ! -f "pkg/$ID/PKGBUILD" ]; then - echo "PKGBUILD not found at pkg/$ID/PKGBUILD, run mkosi once with -ff to make sure the PKGBUILD is cloned" >&2 - exit 1 -fi - -# We can't configure the source or build directory so we use symlinks instead to make sure they are in the -# expected locations. -ln --symbolic "$SRCDIR" "pkg/$ID/systemd" -ln --symbolic "$BUILDDIR" "pkg/$ID/build" -# Because we run with --noextract we are responsible for making sure the source files appear in src/. -ln --symbolic . "pkg/$ID/src" - -MKOSI_CFLAGS="-O0 -Wp,-U_FORTIFY_SOURCE" -if ((LLVM)); then - # TODO: Remove -fno-sanitize-function when https://github.com/systemd/systemd/issues/29972 is fixed. - MKOSI_CFLAGS="$MKOSI_CFLAGS -shared-libasan -fno-sanitize=function" -fi - -MKOSI_LDFLAGS="" -if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then - MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(clang --print-file-name="")lib/linux" -fi - -MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}" -if ((WIPE)); then - MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe" -fi - -# Override the default options. We specifically disable "strip", "zipman" and "lto" as they slow down builds -# significantly. OPTIONS= cannot be overridden on the makepkg command line so we append to /etc/makepkg.conf -# instead. The rootfs is overlaid with a writable tmpfs during the build script so these changes don't end up -# in the image itself. -tee --append /etc/makepkg.conf >/dev/null <&2 - exit 1 -fi - -# We get depends and optdepends from .SRCINFO as getting them from the PKGBUILD is rather complex. -sed --expression 's/^[ \t]*//' "pkg/$ID/.SRCINFO" | - grep --regexp '^depends =' --regexp '^optdepends =' | - sed --expression 's/^depends = //' --expression 's/^optdepends = //' --expression 's/:.*//' --expression 's/=.*//' | - xargs --delimiter '\n' mkosi-install - -# We get makedepends from the PKGBUILD as .SRCINFO can't encode conditional dependencies depending on -# whether some environment variable is set or not. -# shellcheck source=/dev/null -_systemd_UPSTREAM=1 . "pkg/$ID/PKGBUILD" - -# shellcheck disable=SC2154 -mkosi-install "${makedepends[@]}" diff --git a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.build.chroot b/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.build.chroot deleted file mode 100755 index 21f1062..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.build.chroot +++ /dev/null @@ -1,122 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e - -if ((NO_BUILD)); then - exit 0 -fi - -# shellcheck source=/dev/null -. /usr/lib/os-release - -if [ ! -f "pkg/$ID/systemd.spec" ]; then - echo "spec not found at pkg/$ID/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2 - exit 1 -fi - -if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then - TS="$(git show --no-patch --format=%ct HEAD)" -else - TS="${SOURCE_DATE_EPOCH:-$(date +%s)}" -fi - -if systemd-analyze compare-versions "$(rpm --version | cut -d ' ' -f3)" lt "4.19.91"; then - # Fix the %install override so debuginfo packages are generated even when --build-in-place is used. - # See https://github.com/rpm-software-management/rpm/issues/3042. - tee --append /usr/lib/rpm/redhat/macros <<'EOF' -%install %{?_enable_debug_packages:%{debug_package}}\ -%%install\ -%{nil} -EOF -fi - -VERSION="$(cat meson.version)" -RELEASE="$(date "+%Y%m%d%H%M%S" --date "@$TS")" - -DIST="$(rpm --eval %dist)" -ARCH="$(rpm --eval %_arch)" -SRCDEST="/usr/src/debug/systemd-$VERSION-${RELEASE}${DIST}.$ARCH" - -COMMON_MACRO_OVERRIDES=( - --define "toolchain $( ((LLVM)) && echo clang || echo gcc)" - --define "_fortify_level 0" - --undefine _lto_cflags - # TODO: Remove once redhat-rpm-config 292 is available everywhere. - --define "_hardening_clang_cflags --config=/usr/lib/rpm/redhat/redhat-hardened-clang.cfg" - --define "_hardening_clang_ldflags --config=/usr/lib/rpm/redhat/redhat-hardened-clang-ld.cfg" -) - -# TODO: Drop -U_FORTIFY_SOURCE when we switch to CentOS Stream 10. -MKOSI_CFLAGS="-O0 -Wp,-U_FORTIFY_SOURCE" -if ((WITH_DEBUG)); then - MKOSI_CFLAGS="$MKOSI_CFLAGS -fdebug-prefix-map=../src=$SRCDEST" -fi -if ((LLVM)); then - # TODO: Remove -fno-sanitize-function when https://github.com/systemd/systemd/issues/29972 is fixed. - MKOSI_CFLAGS="$MKOSI_CFLAGS -shared-libasan -fno-sanitize=function" -fi - -MKOSI_LDFLAGS="" -if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then - MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(dirname "$(clang --print-file-name=libclang_rt.asan.so)")" -fi - -MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}" -if ((WIPE)); then - MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe" -fi - -IFS= -# TODO: Replace meson_build and meson_install overrides with "--undefine __meson_verbose" once -# https://github.com/mesonbuild/meson/pull/12835 is available. -# shellcheck disable=SC2046 -env \ ---unset=CFLAGS \ ---unset=CXXFLAGS \ ---unset=LDFLAGS \ -ANNOBIN="no-active-checks" \ -CC_LD="$( ((LLVM)) && echo lld)" \ -CXX_LD="$( ((LLVM)) && echo lld)" \ - rpmbuild \ - -bb \ - --build-in-place \ - --with upstream \ - $( ((WITH_TESTS)) || echo "--nocheck") \ - $( ((WITH_DOCS)) || echo "--without=docs") \ - --define "_topdir /var/tmp" \ - --define "_sourcedir pkg/$ID" \ - --define "_rpmdir $OUTPUTDIR" \ - ${BUILDDIR:+"--define=_vpath_builddir $BUILDDIR"} \ - --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \ - --define "_binary_payload w.ufdio" \ - $( ((WITH_DEBUG)) || echo "--define=debug_package %{nil}") \ - --define "version_override $VERSION" \ - --define "release_override $RELEASE" \ - "${COMMON_MACRO_OVERRIDES[@]}" \ - --define "build_cflags $(rpm "${COMMON_MACRO_OVERRIDES[@]}" --eval "%{?build_cflags}") $MKOSI_CFLAGS $CFLAGS" \ - --define "build_cxxflags $(rpm "${COMMON_MACRO_OVERRIDES[@]}" --eval "%{?build_cxxflags}") $MKOSI_CFLAGS $CFLAGS" \ - --define "build_ldflags $(rpm "${COMMON_MACRO_OVERRIDES[@]}" --eval "%{?build_ldflags}") $MKOSI_LDFLAGS $LDFLAGS" \ - --define "meson_build %{shrink:%{__meson} compile -C %{_vpath_builddir} -j %{_smp_build_ncpus} $( ((MESON_VERBOSE)) && echo --verbose) %{nil}}" \ - --define "meson_install %{shrink:DESTDIR=%{buildroot} %{__meson} install -C %{_vpath_builddir} --no-rebuild --quiet %{nil}}" \ - --define "meson_extra_configure_options $MKOSI_MESON_OPTIONS $MESON_OPTIONS" \ - $( ((WITH_DEBUG)) || echo "--define=__brp_strip %{nil}") \ - --define "__brp_compress %{nil}" \ - --define "__brp_mangle_shebangs %{nil}" \ - --define "__brp_strip_comment_note %{nil}" \ - --define "__brp_strip_static_archive %{nil}" \ - --define "__brp_check_rpaths %{nil}" \ - --define "__elf_exclude_path ^/usr/lib/systemd/tests/unit-tests/.*$" \ - --define "__script_requires %{nil}" \ - --define "_find_debuginfo_dwz_opts %{nil}" \ - --define "_fixperms true" \ - --undefine _package_note_flags \ - --noclean \ - "pkg/$ID/systemd.spec" - -( - shopt -s nullglob - rm -f "$BUILDDIR"/*.rpm -) - -cp "$OUTPUTDIR"/*.rpm "$PACKAGEDIR" -cp "$OUTPUTDIR"/*.rpm "$BUILDDIR" diff --git a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf deleted file mode 100644 index f200409..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf +++ /dev/null @@ -1,76 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=|centos -Distribution=|fedora - -[Content] -VolatilePackages= - systemd - systemd-boot - systemd-container - systemd-devel - systemd-journal-remote - systemd-networkd - systemd-networkd-defaults - systemd-oomd-defaults - systemd-pam - systemd-resolved - systemd-tests - systemd-udev - systemd-ukify - -Packages= - bind-utils - bpftool - compiler-rt - cryptsetup - device-mapper-event - device-mapper-multipath - dfuzzer - dhcp-server - dnf - git-core - glibc-langpack-de - glibc-langpack-en - gnutls - gnutls-utils - integritysetup - iproute - iproute-tc - iputils - iscsi-initiator-utils - kernel-core - libasan - libcap-ng-utils - libubsan - man-db - netcat - openssh-clients - openssh-server - pam - passwd - perf - policycoreutils - polkit - procps-ng - python3-pexpect - quota - rpm - rpm-build - rpmautospec - sbsigntools - softhsm - squashfs-tools - stress - tpm2-tools - util-linux - veritysetup - vim-common - -InitrdPackages= - tpm2-tools - -InitrdVolatilePackages= - systemd - systemd-udev diff --git a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-debug.conf b/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-debug.conf deleted file mode 100644 index 0c3707b..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-debug.conf +++ /dev/null @@ -1,17 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Environment=WITH_DEBUG=1 - -[Content] -VolatilePackages= - systemd-container-debuginfo - systemd-debuginfo - systemd-debugsource - systemd-journal-remote-debuginfo - systemd-libs-debuginfo - systemd-networkd-debuginfo - systemd-pam-debuginfo - systemd-resolved-debuginfo - systemd-tests-debuginfo - systemd-udev-debuginfo diff --git a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-selinux.conf b/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-selinux.conf deleted file mode 100644 index 9fe5509..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-selinux.conf +++ /dev/null @@ -1,20 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Profile=!particle - -[Content] -# libselinux does not work in the slightest with /usr-only images so don't install the packages if we're -# building a /usr-only image. -Packages= - selinux-policy - selinux-policy-targeted - setools-console - -# We relabel on first boot instead of at build time because it is only possible to label without root -# if the labels exist in the host system, and we want to be able to cross-build to other distributions. -SELinuxRelabel=no - -InitrdPackages= - selinux-policy - selinux-policy-targeted diff --git a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.prepare b/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.prepare deleted file mode 100755 index 1b86073..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.prepare +++ /dev/null @@ -1,65 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e - -if [ "$1" = "build" ] || ((NO_BUILD)); then - exit 0 -fi - -# shellcheck source=/dev/null -. "$BUILDROOT/usr/lib/os-release" - -if [ ! -f "pkg/$ID/systemd.spec" ]; then - echo "spec not found at pkg/$ID/systemd.spec, run mkosi with -ff to make sure the spec is cloned" >&2 - exit 1 -fi - -for DEPS in --requires --buildrequires; do - mkosi-chroot \ - rpmspec \ - --with upstream \ - --query \ - "$DEPS" \ - --define "_topdir /var/tmp" \ - --define "_sourcedir pkg/$ID" \ - "pkg/$ID/systemd.spec" | - grep --invert-match --regexp systemd --regexp /bin/sh --regexp "rpmlib(" --regexp udev --regexp grubby --regexp sdubby | - sort --unique | - tee /tmp/buildrequires | - xargs --delimiter '\n' mkosi-install -done - -# rpmbuild -br tries to build a source package which means all source files have to exist which isn't the -# case when using --build-in-place so we get rid of the source file that doesn't exist to make it happy. -# TODO: Use -bd instead of -br and get rid of this once we don't need to build on CentOS Stream 9 anymore. -sed '/Source0/d' --in-place "pkg/$ID/systemd.spec" - -until mkosi-chroot \ - rpmbuild \ - -br \ - --build-in-place \ - --with upstream \ - --define "_topdir /var/tmp" \ - --define "_sourcedir pkg/$ID" \ - --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \ - "pkg/$ID/systemd.spec" -do - EXIT_STATUS=$? - if [ $EXIT_STATUS -ne 11 ]; then - exit $EXIT_STATUS - fi - - mkosi-chroot \ - rpm \ - --query \ - --package \ - --requires \ - /var/tmp/SRPMS/systemd-*.buildreqs.nosrc.rpm | - grep --invert-match '^rpmlib(' | - sort --unique >/tmp/dynamic-buildrequires - - sort /tmp/buildrequires /tmp/dynamic-buildrequires | - uniq --unique | - tee --append /tmp/buildrequires | - xargs --delimiter '\n' mkosi-install -done diff --git a/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.conf deleted file mode 100644 index 25059c2..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.conf +++ /dev/null @@ -1,17 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=centos - -[Content] -Environment= - # The kernel versions in CentOS Stream 9 doesn't support orphan_file, but later versions of - # mkfs.ext4 enabled it by default, so we disable it explicitly. - Environment=SYSTEMD_REPART_MKFS_OPTIONS_EXT4="-O ^orphan_file" - GIT_URL=https://git.centos.org/rpms/systemd.git - GIT_BRANCH=c9s-sig-hyperscale - GIT_COMMIT=8cf2aed0181920611421384f7374720db269d6c7 - -Packages= - kernel-modules # For squashfs - rpmautospec-rpm-macros diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.build.chroot b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.build.chroot deleted file mode 100755 index f1eed03..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.build.chroot +++ /dev/null @@ -1,147 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e - -if ((NO_BUILD)); then - exit 0 -fi - -# shellcheck source=/dev/null -. /usr/lib/os-release - -if [ ! -d "pkg/$ID/debian" ]; then - echo "deb rules not found at pkg/$ID/debian, run mkosi once with -ff to make sure the rules are cloned" >&2 - exit 1 -fi - -# We transplant the debian/ folder from the deb package sources into the upstream sources. -mount --mkdir --bind "$SRCDIR/pkg/$ID/debian" "$SRCDIR"/debian - -# We remove the patches so they don't get applied. -rm -rf "$SRCDIR"/debian/patches/* - -# While the build directory can be specified through DH_OPTIONS, the default one is hardcoded everywhere so -# we have to use that. Because it is architecture dependent, we query it using dpkg-architecture first. -DEB_HOST_GNU_TYPE="$(dpkg-architecture --query DEB_HOST_GNU_TYPE)" -mount --mkdir --bind "$BUILDDIR" "$SRCDIR/obj-$DEB_HOST_GNU_TYPE" - -if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then - TS="$(git show --no-patch --format=%ct HEAD)" -else - TS="${SOURCE_DATE_EPOCH:-$(date +%s)}" -fi - -# Add a new changelog entry to update the version. We use a fixed date since a dynamic one causes a full -# rebuild every time. -cat >debian/changelog.new < $(date --rfc-email --date "@$TS") - -EOF -cat debian/changelog >>debian/changelog.new -mv debian/changelog.new debian/changelog - -MKOSI_CFLAGS="-O0" -if ((LLVM)); then - # TODO: Remove -fno-sanitize-function when https://github.com/systemd/systemd/issues/29972 is fixed. - MKOSI_CFLAGS="$MKOSI_CFLAGS -shared-libasan -fno-sanitize=function" -fi - -MKOSI_LDFLAGS="" -if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then - MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(clang --print-file-name="")lib/linux" -fi - -MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}" -if ((WIPE)); then - MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe" -fi - -# TODO: Drop GENSYMBOLS_LEVEL once https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986746 is fixed. -build() { - env \ - CC="$( ((LLVM)) && echo clang || echo gcc)" \ - CXX="$( ((LLVM)) && echo clang++ || echo g++)" \ - CC_LD="$( ((LLVM)) && echo lld)" \ - CXX_LD="$( ((LLVM)) && echo lld)" \ - DEB_BUILD_OPTIONS="$(awk '$1=$1' <<<"\ - $( ((WITH_TESTS)) || echo nocheck) \ - $( ((WITH_DOCS)) || echo nodoc) \ - $( ((WITH_DEBUG)) && echo debug || echo nostrip) \ - $( ! ((MESON_VERBOSE)) && echo terse) \ - optimize=-lto \ - hardening=-fortify \ - ")" \ - DEB_BUILD_PROFILES="$(awk '$1=$1' <<<"\ - $( ((WITH_TESTS)) || echo nocheck) \ - $( ((WITH_DOCS)) || echo nodoc) \ - pkg.systemd.upstream \ - ")" \ - DEB_CFLAGS_APPEND="$MKOSI_CFLAGS $CFLAGS" \ - DEB_CXXFLAGS_APPEND="$MKOSI_CFLAGS $CFLAGS" \ - DEB_LDFLAGS_APPEND="$MKOSI_LDFLAGS $LDFLAGS" \ - DPKG_FORCE="unsafe-io" \ - DPKG_DEB_COMPRESSOR_TYPE="none" \ - DH_MISSING="--fail-missing" \ - CONFFLAGS_UPSTREAM="$MKOSI_MESON_OPTIONS $MESON_OPTIONS" \ - GENSYMBOLS_LEVEL="$( ((LLVM)) && echo 0 || echo 1)" \ - dpkg-buildpackage \ - --no-pre-clean \ - --unsigned-changes \ - --build=binary - - EXIT_STATUS=$? - - # Make sure we don't reconfigure twice. - MKOSI_MESON_OPTIONS="${MKOSI_MESON_OPTIONS//"--wipe"/}" - - return $EXIT_STATUS -} - -if ! build; then - # debhelper installs files for each package to debian/ so we figure out which files were - # packaged by querying all the package names from debian/control and running find on each of the - # corresponding package directory in debian/. - grep "Package:" debian/control | - sed "s/Package: //" | - xargs -d '\n' -I {} sh -c "[ -d debian/{} ] && (cd debian/{} && find . ! -type d ! -path "*dh-exec*" -printf '%P\n')" | - # Remove compression suffix from compressed manpages as the manpages in debian/tmp will be uncompressed. - sed --regexp-extended 's/([0-9])\.gz$/\1/' | - sort --unique >/tmp/packaged-files - - # We figure out the installed files by running find on debian/tmp/ which contains the files installed - # by meson install. - (cd debian/tmp/ && find . ! -type d ! -path "*dh-exec*" -printf '%P\n') >/tmp/installed-files - - if [ -f debian/not-installed ]; then - grep --invert-match "^#" debian/not-installed >>/tmp/installed-files - fi - - sort --unique --output /tmp/installed-files /tmp/installed-files - - # We get all the installed files that were not packaged by finding entries in the installed file that are - # not in the packaged file. - comm -23 /tmp/installed-files /tmp/packaged-files > /tmp/unpackaged-files - # If there are no unpackaged files something else went wrong. - if [ ! -s /tmp/unpackaged-files ]; then - exit 1 - fi - - # Otherwise, we append the unpackaged files to the filelist for the systemd package and retry the build. - cat /tmp/unpackaged-files >>debian/systemd.install - build -fi - -( - shopt -s nullglob - rm -f "$BUILDDIR"/*.deb "$BUILDDIR"/*.ddeb - - cp ../*.deb ../*.ddeb "$PACKAGEDIR" - cp ../*.deb ../*.ddeb "$OUTPUTDIR" - cp ../*.deb ../*.ddeb "$BUILDDIR" - # These conflict with the packages that we actually want to install, so remove them - rm -f "$BUILDDIR"/systemd-standalone-*.deb "$BUILDDIR"/systemd-standalone-*.ddeb -) diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf deleted file mode 100644 index c6b8154..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf +++ /dev/null @@ -1,92 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=|debian -Distribution=|ubuntu - -[Content] -Environment= - GIT_URL=https://salsa.debian.org/systemd-team/systemd.git - GIT_SUBDIR=debian - GIT_BRANCH=ci/v256-stable - GIT_COMMIT=5f07b24c429e854db1afad5f14729804a46a59af - -VolatilePackages= - libnss-myhostname - libnss-mymachines - libnss-resolve - libnss-systemd - libpam-systemd - libsystemd-dev - libudev-dev - systemd - systemd-container - systemd-coredump - systemd-cryptsetup - systemd-dev - systemd-homed - systemd-journal-remote - systemd-oomd - systemd-repart - systemd-resolved - systemd-sysv - systemd-tests - systemd-timesyncd - systemd-ukify - systemd-userdbd - udev - -Packages= - ^libasan[0-9]+$ - ^libtss2-esys-[0-9.]+-0$ - ^libtss2-mu-[0-9.]+-0$ - ^libubsan[0-9]+$ - apt - bind9-dnsutils - cryptsetup-bin - dbus-broker - dbus-user-session - dmsetup - dpkg-dev - f2fs-tools - fdisk - git-core - gnutls-bin - iproute2 - iputils-ping - isc-dhcp-server - libcap-ng-utils - libclang-rt-dev - libtss2-rc0 - libtss2-tcti-device0 - locales - man-db - multipath-tools - netcat-openbsd - open-iscsi - openssh-client - openssh-server - passwd - policykit-1 - procps - psmisc - python3-pexpect - python3-psutil - quota - softhsm2 - squashfs-tools - stress - tgt - tpm2-tools - tzdata - xxd - -InitrdPackages= - libclang-rt-dev - tpm2-tools - -InitrdVolatilePackages= - systemd - systemd-cryptsetup - systemd-repart - udev diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/10-debug.conf b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/10-debug.conf deleted file mode 100644 index 2bb6164..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/10-debug.conf +++ /dev/null @@ -1,29 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Environment=WITH_DEBUG=1 - -[Content] -VolatilePackages= - libnss-myhostname-dbgsym - libnss-mymachines-dbgsym - libnss-resolve-dbgsym - libnss-systemd-dbgsym - libpam-systemd-dbgsym - libsystemd-shared-dbgsym - libsystemd0-dbgsym - libudev1-dbgsym - systemd-boot-dbgsym - systemd-container-dbgsym - systemd-coredump-dbgsym - systemd-cryptsetup-dbgsym - systemd-dbgsym - systemd-homed-dbgsym - systemd-journal-remote-dbgsym - systemd-oomd-dbgsym - systemd-repart-dbgsym - systemd-resolved-dbgsym - systemd-tests-dbgsym - systemd-timesyncd-dbgsym - systemd-userdbd-dbgsym - udev-dbgsym diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf deleted file mode 100644 index 781670a..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf +++ /dev/null @@ -1,16 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later -# sbsigntool exists only on UEFI architectures - -[Match] -Architecture=|x86 -Architecture=|x86-64 -Architecture=|arm -Architecture=|arm64 -Architecture=|riscv32 -Architecture=|riscv64 - -[Content] -Packages= - sbsigntool - systemd-boot - systemd-boot-efi diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf deleted file mode 100644 index 4fb4f46..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf +++ /dev/null @@ -1,7 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Environment=NO_BUILD=1 - -[Content] -WithNetwork=yes diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.postinst b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.postinst deleted file mode 100755 index 314f235..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.postinst +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e - -# By default Suggests are not installed (and often Recommends are disabled too), which means we will miss -# the dlopen optional dependencies, but the tests need them, so parse them from the package metadata and -# install them. This is not an issue when building locally, as the build and runtime images are the same, -# so they would get installed as build dependencies anyway. - -if [ "$1" = "build" ] || ! ((NO_BUILD)); then - exit 0 -fi - -# Query the Recommends and Suggests of all systemd packages, by matching on the version -systemd_version="$(dpkg-query --showformat '${Version}' --show systemd)" -mapfile -t systemd_packages < <( dpkg --list | grep '^ii' | grep "$systemd_version" | awk '{print $2}' | tr '\n' ' ' ) -extra_packages=() -# shellcheck disable=SC2068 -for package in ${systemd_packages[@]}; do - # We are looking for dlopens, so filter for libraries - mapfile -t -O "${#extra_packages[@]}" extra_packages < <(dpkg-query --showformat '${Suggests}' --show "$package" | sed -e "s/, /\n/g" -e "s/|.*//" | grep "lib") - mapfile -t -O "${#extra_packages[@]}" extra_packages < <(dpkg-query --showformat '${Recommends}' --show "$package" | sed -e "s/, /\n/g" -e "s/|.*//" | grep "lib") -done - -if [ "${#extra_packages[@]}" -eq 0 ]; then - exit 0 -fi - -apt install "${extra_packages[@]}" diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.prepare b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.prepare deleted file mode 100755 index 645671a..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.prepare +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e - -if [ "$1" = "build" ] || ((NO_BUILD)); then - exit 0 -fi - -# shellcheck source=/dev/null -. "$BUILDROOT/usr/lib/os-release" - -if [ ! -d "pkg/$ID/debian" ]; then - echo "deb rules not found at pkg/$ID/debian, run mkosi once with -ff to make sure the rules are cloned" >&2 - exit 1 -fi - -cd "pkg/$ID" -DEB_BUILD_PROFILES="pkg.systemd.upstream" apt-get build-dep . diff --git a/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf deleted file mode 100644 index 50dfa11..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf +++ /dev/null @@ -1,8 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=debian - -[Content] -Packages= - linux-perf diff --git a/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf.d/arm64.conf b/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf.d/arm64.conf deleted file mode 100644 index af923fa..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf.d/arm64.conf +++ /dev/null @@ -1,8 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Architecture=arm64 - -[Content] -Packages= - linux-image-cloud-arm64 diff --git a/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf.d/x86-64.conf b/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf.d/x86-64.conf deleted file mode 100644 index 615de52..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf.d/x86-64.conf +++ /dev/null @@ -1,8 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Architecture=x86-64 - -[Content] -Packages= - linux-image-cloud-amd64 diff --git a/mkosi.images/system/mkosi.conf.d/10-fedora/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-fedora/mkosi.conf deleted file mode 100644 index c4617d2..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-fedora/mkosi.conf +++ /dev/null @@ -1,19 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=fedora - -[Content] -Environment= - GIT_URL=https://src.fedoraproject.org/rpms/systemd.git - GIT_BRANCH=rawhide - GIT_COMMIT=f9fe17dbdee7242ccd4fd2858128c8952890bdb8 - -Packages= - compsize - dnf5 - f2fs-tools - scsi-target-utils - # Required for systemd-networkd-tests.py (netdevsim and sch_xxx modules) - kernel-modules-extra - kernel-modules-internal diff --git a/mkosi.images/system/mkosi.conf.d/10-opensuse/initrd/mkosi.postinst b/mkosi.images/system/mkosi.conf.d/10-opensuse/initrd/mkosi.postinst deleted file mode 100755 index 417132f..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-opensuse/initrd/mkosi.postinst +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e - -# OpenSUSE insists on blacklisting erofs by default because its supposedly a legacy filesystem. -# See https://github.com/openSUSE/suse-module-tools/pull/71 -rm -f "$BUILDROOT/usr/lib/modprobe.d/60-blacklist_fs-erofs.conf" diff --git a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.build.chroot b/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.build.chroot deleted file mode 100755 index 67481d0..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.build.chroot +++ /dev/null @@ -1,141 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e - -if ((NO_BUILD)); then - exit 0 -fi - -# shellcheck source=/dev/null -. /usr/lib/os-release -ID="${ID%-*}" - -if [ ! -f "pkg/$ID/systemd.spec" ]; then - echo "spec not found at pkg/$ID/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2 - exit 1 -fi - -if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then - TS="$(git show --no-patch --format=%ct HEAD)" -else - TS="${SOURCE_DATE_EPOCH:-$(date +%s)}" -fi - -# The openSUSE filelists hardcode the manpage compression extension. This causes rpmbuild errors since we -# disable manpage compression as the files cannot be found. Fix the issue by removing the compression -# extension. -find "pkg/$ID" -name "files.*" -exec sed --in-place 's/\.gz$//' {} \; - -if systemd-analyze compare-versions "$(rpm --version | cut -d ' ' -f3)" lt "4.20"; then - # Fix the %install override so debuginfo packages are generated. - tee --append /usr/lib/rpm/suse/macros <<'EOF' -%install %{debug_package}\ -%%install\ -%{nil} -EOF -fi - -VERSION="$(cat meson.version)" -RELEASE="$(date "+%Y%m%d%H%M%S" --date "@$TS")" - -DIST="$(rpm --eval %dist)" -ARCH="$(rpm --eval %_arch)" -SRCDEST="/usr/src/debug/systemd-$VERSION-${RELEASE}${DIST}.$ARCH" - -MKOSI_CFLAGS="-O0 -Wp,-U_FORTIFY_SOURCE" -if ((WITH_DEBUG)); then - MKOSI_CFLAGS="$MKOSI_CFLAGS -fdebug-prefix-map=../src=$SRCDEST" -fi -if ((LLVM)); then - # TODO: Remove -fno-sanitize-function when https://github.com/systemd/systemd/issues/29972 is fixed. - MKOSI_CFLAGS="$MKOSI_CFLAGS -shared-libasan -fno-sanitize=function" -fi - -MKOSI_LDFLAGS="$(rpm --eval "%{?build_ldflags}")" -if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then - MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(clang --print-file-name="")lib/linux" -fi - -# A macro can't have an empty body and currently opensuse does not specify any of its own linker flags so -# set LDFLAGS to %{nil} if there are no linker flags. -if [[ -z "${MKOSI_LDFLAGS// }" ]]; then - MKOSI_LDFLAGS="%{nil}" -fi - -MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}" -if ((WIPE)); then - MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe" -fi - -# TODO: Drop when the spec is fixed (either the patch is adapted or not applied when building for upstream). -sed --in-place '/0009-pid1-handle-console-specificities-weirdness-for-s390.patch/d' "pkg/$ID/systemd.spec" - -build() { - IFS= - # shellcheck disable=SC2046 - env \ - --unset CFLAGS \ - --unset CXXFLAGS \ - --unset LDFLAGS \ - CC="$( ((LLVM)) && echo clang || echo gcc)" \ - CXX="$( ((LLVM)) && echo clang++ || echo g++)" \ - CC_LD="$( ((LLVM)) && echo lld)" \ - CXX_LD="$( ((LLVM)) && echo lld)" \ - rpmbuild \ - -bb \ - --build-in-place \ - --with upstream \ - $( ((WITH_TESTS)) || echo "--nocheck") \ - --define "_topdir /var/tmp" \ - --define "_sourcedir pkg/$ID" \ - --define "_rpmdir $OUTPUTDIR" \ - ${BUILDDIR:+"--define=_vpath_builddir $BUILDDIR"} \ - --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \ - --define "_binary_payload w.ufdio" \ - $( ((WITH_DEBUG)) || echo "--define=debug_package %{nil}") \ - --define "vendor openSUSE" \ - --define "version_override $VERSION" \ - --define "release_override $RELEASE" \ - --define "__check_files sh -c '$(rpm --define "_topdir /var/tmp" --eval %__check_files) | tee /tmp/unpackaged-files'" \ - --define "build_cflags $(rpm --eval "%{?build_cflags}") $MKOSI_CFLAGS $CFLAGS" \ - --define "build_cxxflags $(rpm --eval "%{?build_cxxflags}") $MKOSI_CFLAGS $CFLAGS" \ - --define "build_ldflags $MKOSI_LDFLAGS $LDFLAGS" \ - $( ((MESON_VERBOSE)) || echo "--undefine=__meson_verbose") \ - --define "meson_extra_configure_options $MKOSI_MESON_OPTIONS $MESON_OPTIONS" \ - --define "__os_install_post /usr/lib/rpm/brp-suse %{nil}" \ - --define "__elf_exclude_path ^/usr/lib/systemd/tests/unit-tests/.*$" \ - --define "__script_requires %{nil}" \ - --define "_find_debuginfo_dwz_opts %{nil}" \ - --define "_fixperms true" \ - --noclean \ - "$@" \ - "pkg/$ID/systemd.spec" - - EXIT_STATUS=$? - - # Make sure we don't reconfigure twice. - MKOSI_MESON_OPTIONS="${MKOSI_MESON_OPTIONS//"--wipe"/}" - - return $EXIT_STATUS -} - -if ! build; then - if [ ! -s /tmp/unpackaged-files ]; then - exit 1 - fi - - # rpm will append to any existing systemd.lang so delete it explicitly so we don't get duplicate file - # warnings. - rm systemd.lang - - grep -v ".debug" /tmp/unpackaged-files >>"pkg/$ID/files.systemd" - build --noprep --nocheck -fi - -( - shopt -s nullglob - rm -f "$BUILDDIR"/*.rpm -) - -cp "$OUTPUTDIR"/*.rpm "$PACKAGEDIR" -cp "$OUTPUTDIR"/*.rpm "$BUILDDIR" diff --git a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf deleted file mode 100644 index e488b2d..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf +++ /dev/null @@ -1,100 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=opensuse - -[Config] -InitrdInclude=initrd/ - -[Content] -Environment= - GIT_URL=https://src.opensuse.org/rpm/systemd - GIT_BRANCH=devel - GIT_COMMIT=23bfa9d83b6e24a5395a704b816a351f3dc5b5316e580cacedd1b5d9e068c117 - -VolatilePackages= - systemd - systemd-boot - systemd-container - systemd-devel - systemd-doc - systemd-experimental - systemd-homed - systemd-lang - systemd-network - systemd-portable - systemd-sysvcompat - systemd-testsuite - udev - -# We install gawk, gzip, grep, xz, sed, rsync and docbook-xsl-stylesheets here explicitly so that the busybox -# versions don't get installed instead. -Packages= - bind-utils - bpftool - cryptsetup - device-mapper - dhcp-server - docbook-xsl-stylesheets - f2fs-tools - gawk - gcc-c++ - git-core - glibc-locale-base - gnutls - grep - group(bin) - group(daemon) - group(games) - group(nobody) - group(root) - gzip - iputils - kernel-default - kmod - libasan8 - libkmod2 - libubsan1 - multipath-tools - open-iscsi - openssh-clients - openssh-server - pam - patterns-base-minimal_base - perf - procps4 - psmisc - python3-pefile - python3-pexpect - python3-psutil - quota - rpm-build - rsync - sbsigntools - sed - shadow - softhsm - squashfs - tgt - timezone - tpm2.0-tools - user(bin) - user(daemon) - user(games) - user(nobody) - user(root) - veritysetup - vim - xz - zypper - -InitrdPackages= - clang - kmod - libkmod2 - tpm2.0-tools - -InitrdVolatilePackages= - systemd - udev - systemd-experimental diff --git a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf.d/10-debug.conf b/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf.d/10-debug.conf deleted file mode 100644 index 6c57d04..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf.d/10-debug.conf +++ /dev/null @@ -1,21 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Environment=WITH_DEBUG=1 - -[Content] -VolatilePackages= - libsystemd0-debuginfo - libudev1-debuginfo - systemd-boot-debuginfo - systemd-container-debuginfo - systemd-debuginfo - systemd-debugsource - systemd-experimental-debuginfo - systemd-homed-debuginfo - systemd-journal-remote-debuginfo - systemd-network-debuginfo - systemd-portable-debuginfo - systemd-sysvcompat-debuginfo - systemd-testsuite-debuginfo - udev-debuginfo diff --git a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.prepare b/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.prepare deleted file mode 100755 index c57aa87..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.prepare +++ /dev/null @@ -1,64 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e - -if [ "$1" = "build" ] || ((NO_BUILD)); then - exit 0 -fi - -# shellcheck source=/dev/null -. "$BUILDROOT/usr/lib/os-release" -ID="${ID%-*}" - -if [ ! -f "pkg/$ID/systemd.spec" ]; then - echo "spec not found at pkg/$ID/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2 - exit 1 -fi - -# TODO: Drop when the spec is fixed (either the patch is adapted or not applied when building for upstream). -sed --in-place '/0009-pid1-handle-console-specificities-weirdness-for-s390.patch/d' "pkg/$ID/systemd.spec" - -for DEPS in --requires --buildrequires; do - mkosi-chroot \ - rpmspec \ - --with upstream \ - --query \ - "$DEPS" \ - --define "_topdir /var/tmp" \ - --define "_sourcedir pkg/$ID" \ - "pkg/$ID/systemd.spec" | - grep --invert-match --regexp systemd --regexp /bin/sh --regexp "rpmlib(" --regexp udev | - sort --unique | - tee /tmp/buildrequires | - xargs --delimiter '\n' mkosi-install -done - -until mkosi-chroot \ - rpmbuild \ - -bd \ - --build-in-place \ - --with upstream \ - --define "_topdir /var/tmp" \ - --define "_sourcedir pkg/$ID" \ - --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \ - "pkg/$ID/systemd.spec" -do - EXIT_STATUS=$? - if [ $EXIT_STATUS -ne 11 ]; then - exit $EXIT_STATUS - fi - - mkosi-chroot \ - rpm \ - --query \ - --package \ - --requires \ - /var/tmp/SRPMS/systemd-*.buildreqs.nosrc.rpm | - grep --invert-match '^rpmlib(' | - sort --unique >/tmp/dynamic-buildrequires - - sort /tmp/buildrequires /tmp/dynamic-buildrequires | - uniq --unique | - tee --append /tmp/buildrequires | - xargs --delimiter '\n' mkosi-install -done diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf deleted file mode 100644 index 86f9736..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf +++ /dev/null @@ -1,10 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=ubuntu - -[Content] -Packages= - linux-image-generic - linux-tools-common - linux-tools-virtual diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf deleted file mode 100644 index 582f038..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf +++ /dev/null @@ -1,10 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later -# The ports Ubuntu archive is for non i386/amd64 repositories - -[Match] -Architecture=!x86-64 -Architecture=!x86 -Release=noble - -[Distribution] -PackageManagerTrees=noble-backports-ports.sources:/etc/apt/sources.list.d/noble-backports-ports.sources diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf deleted file mode 100644 index 7347be9..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf +++ /dev/null @@ -1,10 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later -# The main Ubuntu archive is only for i386/amd64 repositories - -[Match] -Architecture=|x86-64 -Architecture=|x86 -Release=noble - -[Distribution] -PackageManagerTrees=noble-backports.sources:/etc/apt/sources.list.d/noble-backports.sources diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports-ports.sources b/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports-ports.sources deleted file mode 100644 index 5b96dc5..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports-ports.sources +++ /dev/null @@ -1,6 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later -Types: deb -URIs: http://ports.ubuntu.com -Suites: noble-backports -Components: main universe -Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports.sources b/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports.sources deleted file mode 100644 index d10c1e8..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports.sources +++ /dev/null @@ -1,6 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later -Types: deb -URIs: http://archive.ubuntu.com/ubuntu -Suites: noble-backports -Components: main universe -Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg diff --git a/mkosi.images/system/mkosi.conf.d/20-images.conf b/mkosi.images/system/mkosi.conf.d/20-images.conf deleted file mode 100644 index 8641984..0000000 --- a/mkosi.images/system/mkosi.conf.d/20-images.conf +++ /dev/null @@ -1,22 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Format=!none - -[Config] -Dependencies= - exitrd - minimal-base - minimal-0 - minimal-1 - -[Content] -ExtraTrees= - %O/minimal-0.root-%a.raw:/usr/share/minimal_0.raw - %O/minimal-0.root-%a-verity.raw:/usr/share/minimal_0.verity - %O/minimal-0.root-%a-verity-sig.raw:/usr/share/minimal_0.verity.sig - %O/minimal-1.root-%a.raw:/usr/share/minimal_1.raw - %O/minimal-1.root-%a-verity.raw:/usr/share/minimal_1.verity - %O/minimal-1.root-%a-verity-sig.raw:/usr/share/minimal_1.verity.sig - %O/minimal-base:/usr/share/TEST-13-NSPAWN-container-template - %O/exitrd:/exitrd diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.conf deleted file mode 100644 index 8c1920b..0000000 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.conf +++ /dev/null @@ -1,15 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Profile=particle - -[Output] -RepartDirectories= -RepartDirectories=mkosi.repart - -[Validation] -@SecureBoot=yes -@SignExpectedPcr=yes - -[Host] -@RuntimeSize=8G diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/15-swap.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/15-swap.conf deleted file mode 100644 index 3755278..0000000 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/15-swap.conf +++ /dev/null @@ -1,6 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Partition] -Type=swap -SizeMinBytes=100M -SizeMaxBytes=100M diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/20-root.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/20-root.conf deleted file mode 100644 index 2f92af2..0000000 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/20-root.conf +++ /dev/null @@ -1,6 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Partition] -Type=root -Format=btrfs -SizeMinBytes=1G diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf deleted file mode 100644 index dac79ba..0000000 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf +++ /dev/null @@ -1,3 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -C+! /etc - - - - /usr/share/factory/mkosi diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.finalize b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.finalize deleted file mode 100755 index 69f9554..0000000 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.finalize +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e - -mkdir -p "$BUILDROOT"/usr/share/factory/mkosi -cp --archive --recursive --no-target-directory --reflink=auto "$BUILDROOT"/etc "$BUILDROOT"/usr/share/factory/mkosi diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.postinst.chroot b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.postinst.chroot deleted file mode 100755 index 95e0552..0000000 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.postinst.chroot +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e - -# sbsign is not available on CentOS Stream -if command -v sbsign &>/dev/null; then - # Ensure that side-loaded PE addons are loaded if signed, and ignored if not - addons_dir=/efi/loader/addons - mkdir -p "$addons_dir" - ukify build --secureboot-private-key mkosi.key --secureboot-certificate mkosi.crt --cmdline this_should_be_here -o "$addons_dir/good.addon.efi" - ukify build --cmdline this_should_not_be_here -o "$addons_dir/bad.addon.efi" -fi diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/00-esp.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/00-esp.conf deleted file mode 100644 index 391543d..0000000 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/00-esp.conf +++ /dev/null @@ -1,9 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Partition] -Type=esp -Format=vfat -CopyFiles=/boot:/ -CopyFiles=/efi:/ -SizeMinBytes=1G -SizeMaxBytes=1G diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/10-usr.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/10-usr.conf deleted file mode 100644 index 343761d..0000000 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/10-usr.conf +++ /dev/null @@ -1,9 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Partition] -Type=usr -Format=erofs -CopyFiles=/usr:/ -Verity=data -VerityMatchKey=usr -Minimize=yes diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/11-usr-verity.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/11-usr-verity.conf deleted file mode 100644 index b4d45dd..0000000 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/11-usr-verity.conf +++ /dev/null @@ -1,7 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Partition] -Type=usr-verity -Verity=hash -VerityMatchKey=usr -Minimize=yes diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/12-usr-verity-sig.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/12-usr-verity-sig.conf deleted file mode 100644 index 1841d0a..0000000 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/12-usr-verity-sig.conf +++ /dev/null @@ -1,6 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Partition] -Type=usr-verity-sig -Verity=signature -VerityMatchKey=usr diff --git a/mkosi.images/system/mkosi.extra/.autorelabel b/mkosi.images/system/mkosi.extra/.autorelabel deleted file mode 100644 index bd4fba4..0000000 --- a/mkosi.images/system/mkosi.extra/.autorelabel +++ /dev/null @@ -1 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later diff --git a/mkosi.images/system/mkosi.extra/etc/iscsi/iscsid.conf b/mkosi.images/system/mkosi.extra/etc/iscsi/iscsid.conf deleted file mode 100644 index fcf4cd9..0000000 --- a/mkosi.images/system/mkosi.extra/etc/iscsi/iscsid.conf +++ /dev/null @@ -1,3 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -iscsid.startup = /usr/bin/systemctl start iscsid.socket diff --git a/mkosi.images/system/mkosi.extra/etc/issue b/mkosi.images/system/mkosi.extra/etc/issue deleted file mode 100644 index 6aa6fc0..0000000 --- a/mkosi.images/system/mkosi.extra/etc/issue +++ /dev/null @@ -1,2 +0,0 @@ -\S (built from systemd tree) -Kernel \r on an \m (\l) diff --git a/mkosi.images/system/mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf b/mkosi.images/system/mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf deleted file mode 100644 index 657ac72..0000000 --- a/mkosi.images/system/mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf +++ /dev/null @@ -1,4 +0,0 @@ -# Ubuntu since Noble disables unprivileged user namespaces by default, re-enable them as they are needed -# for integration tests -kernel.apparmor_restrict_unprivileged_unconfined = 0 -kernel.apparmor_restrict_unprivileged_userns = 0 diff --git a/mkosi.images/system/mkosi.extra/usr/lib/systemd/journald.conf.d/ratelimit.conf b/mkosi.images/system/mkosi.extra/usr/lib/systemd/journald.conf.d/ratelimit.conf deleted file mode 100644 index 3baede4..0000000 --- a/mkosi.images/system/mkosi.extra/usr/lib/systemd/journald.conf.d/ratelimit.conf +++ /dev/null @@ -1,5 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Journal] -RateLimitIntervalSec=0 -RateLimitBurst=0 diff --git a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system-preset/00-mkosi.preset b/mkosi.images/system/mkosi.extra/usr/lib/systemd/system-preset/00-mkosi.preset deleted file mode 100644 index c364058..0000000 --- a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system-preset/00-mkosi.preset +++ /dev/null @@ -1,41 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -# mkosi adds its own ssh units via the --ssh switch so disable the default ones. -disable ssh.service -disable sshd.service - -# These are started manually in integration tests so don't start them by default. -disable dnsmasq.service -disable isc-dhcp-server.service -disable isc-dhcp-server6.service - -# Pulled in via dracut-network by kexec-tools on Fedora. -disable NetworkManager* - -# Make sure dbus-broker is started by default on Debian/Ubuntu. -enable dbus-broker.service - -# systemd-networkd is disabled by default on Fedora so make sure it is enabled. -enable systemd-networkd.service -enable systemd-networkd-wait-online.service - -# systemd-resolved is disable by default on CentOS so make sure it is enabled. -enable systemd-resolved.service - -# We install dnf in some images but it's only going to be used rarely, -# so let's not have dnf create its cache. -disable dnf-makecache.* - -# We have journald to receive audit data so let's make sure we're not running auditd as well -disable auditd.service - -# systemd-timesyncd is not enabled by default in the default systemd preset so enable it here instead. -enable systemd-timesyncd.service - -# Skipped if selinux is not enabled, required for TEST-06-SELINUX. -enable autorelabel.service - -# Enabled by default on OpenSUSE and not conditioned out in containers, so let's disable these here instead. -disable iscsi.service -disable iscsid.socket -disable iscsiuio.socket diff --git a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system-preset/99-mkosi.preset b/mkosi.images/system/mkosi.extra/usr/lib/systemd/system-preset/99-mkosi.preset deleted file mode 100644 index 710ee7c..0000000 --- a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system-preset/99-mkosi.preset +++ /dev/null @@ -1,4 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -# Make sure that services are disabled by default (primarily for Debian/Ubuntu). -disable * diff --git a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system/iscsi-init.service.d/asan.conf b/mkosi.images/system/mkosi.extra/usr/lib/systemd/system/iscsi-init.service.d/asan.conf deleted file mode 100644 index ebf7899..0000000 --- a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system/iscsi-init.service.d/asan.conf +++ /dev/null @@ -1,7 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -# The iscsi-init.service calls `sh` which might, in certain circumstances, pull in instrumented systemd NSS -# modules causing `sh` to fail. Avoid the issue by setting LD_PRELOAD to load the sanitizer libraries if -# needed. -[Service] -EnvironmentFile=-/usr/lib/systemd/systemd-asan-env diff --git a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system/user@.service.d/99-SYSTEMD_UNIT_PATH.conf b/mkosi.images/system/mkosi.extra/usr/lib/systemd/system/user@.service.d/99-SYSTEMD_UNIT_PATH.conf deleted file mode 100644 index d0093b7..0000000 --- a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system/user@.service.d/99-SYSTEMD_UNIT_PATH.conf +++ /dev/null @@ -1,4 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Service] -PassEnvironment=SYSTEMD_UNIT_PATH diff --git a/mkosi.images/system/mkosi.extra/usr/lib/tmpfiles.d/locale.conf b/mkosi.images/system/mkosi.extra/usr/lib/tmpfiles.d/locale.conf deleted file mode 100644 index e1a8e81..0000000 --- a/mkosi.images/system/mkosi.extra/usr/lib/tmpfiles.d/locale.conf +++ /dev/null @@ -1 +0,0 @@ -L /etc/default/locale - - - - ../locale.conf diff --git a/mkosi.images/system/mkosi.extra/usr/share/dbus-1/system.d/systemd.test.ExecStopPost.conf b/mkosi.images/system/mkosi.extra/usr/share/dbus-1/system.d/systemd.test.ExecStopPost.conf deleted file mode 100644 index ddd36ed..0000000 --- a/mkosi.images/system/mkosi.extra/usr/share/dbus-1/system.d/systemd.test.ExecStopPost.conf +++ /dev/null @@ -1,13 +0,0 @@ - - - - - - - - - - diff --git a/mkosi.images/system/mkosi.postinst.chroot b/mkosi.images/system/mkosi.postinst.chroot deleted file mode 100755 index 4686802..0000000 --- a/mkosi.images/system/mkosi.postinst.chroot +++ /dev/null @@ -1,172 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e -set -o nounset - -useradd --uid 4711 --create-home --user-group testuser - -if command -v authselect >/dev/null; then - # authselect 1.5.0 renamed the minimal profile to the local profile without keeping backwards compat so - # let's use the new name if it exists. - if [ -d /usr/share/authselect/default/local ]; then - PROFILE=local - else - PROFILE=minimal - fi - - authselect select "$PROFILE" - - if authselect list-features "$PROFILE" | grep -q "with-homed"; then - authselect enable-feature with-homed - fi -fi - -# Let tmpfiles.d/systemd-resolve.conf handle the symlink. /etc/resolv.conf might be mounted over so undo that -# if that's the case. -mountpoint -q /etc/resolv.conf && umount /etc/resolv.conf -rm -f /etc/resolv.conf - -for f in "$BUILDROOT"/usr/share/*.verity.sig; do - jq --join-output '.rootHash' "$f" >"${f%.verity.sig}.roothash" -done - -# We want /var/log/journal to be created on first boot so it can be created with the right chattr settings by -# systemd-journald. -rm -r "$BUILDROOT/var/log/journal" - -rm -f /etc/nsswitch.conf -cp "$SRCDIR/factory/etc/nsswitch.conf" /etc/nsswitch.conf - -# Remove to make TEST-73-LOCALE pass on Ubuntu. -rm -f /etc/default/keyboard - -# This is executed inside the chroot so no need to disable any features as the default features will match -# the kernel's supported features. -SYSTEMD_REPART_MKFS_OPTIONS_EXT4="" \ - systemd-repart \ - --empty=create \ - --dry-run=no \ - --size=auto \ - --offline=true \ - --root test/TEST-24-CRYPTSETUP \ - --definitions test/TEST-24-CRYPTSETUP/keydev.repart \ - "$OUTPUTDIR/keydev.raw" - -can_test_pkcs11() { - if ! command -v "softhsm2-util" >/dev/null; then - echo "softhsm2-util not available, skipping the PKCS#11 test" >&2 - return 1 - fi - if ! command -v "pkcs11-tool" >/dev/null; then - echo "pkcs11-tool not available, skipping the PKCS#11 test" >&2 - return 1 - fi - if ! command -v "certtool" >/dev/null; then - echo "certtool not available, skipping the PKCS#11 test" >&2 - return 1 - fi - if ! systemctl --version | grep -q "+P11KIT"; then - echo "Support for p11-kit is disabled, skipping the PKCS#11 test" >&2 - return 1 - fi - if ! systemctl --version | grep -q "+OPENSSL"; then - echo "Support for openssl is disabled, skipping the PKCS#11 test" >&2 - return 1 - fi - if ! systemctl --version | grep -q "+LIBCRYPTSETUP\b"; then - echo "Support for libcryptsetup is disabled, skipping the PKCS#11 test" >&2 - return 1 - fi - if ! systemctl --version | grep -q "+LIBCRYPTSETUP_PLUGINS"; then - echo "Support for libcryptsetup plugins is disabled, skipping the PKCS#11 test" >&2 - return 1 - fi - - return 0 -} - -setup_pkcs11_token() { - echo "Setup PKCS#11 token" >&2 - local P11_MODULE_CONFIGS_DIR P11_MODULE_DIR SOFTHSM_MODULE - - export SOFTHSM2_CONF="/tmp/softhsm2.conf" - mkdir -p /usr/lib/softhsm/tokens/ - cat >$SOFTHSM2_CONF <&2 - P11_MODULE_CONFIGS_DIR="/usr/share/p11-kit/modules" - fi - - if ! P11_MODULE_DIR=$(pkg-config --variable=p11_module_path p11-kit-1); then - echo "WARNING! Cannot get p11_module_path from p11-kit-1.pc, assuming /usr/lib/pkcs11" >&2 - P11_MODULE_DIR="/usr/lib/pkcs11" - fi - - SOFTHSM_MODULE=$(grep -F 'module:' "$P11_MODULE_CONFIGS_DIR/softhsm2.module"| cut -d ':' -f 2| xargs) - if [[ "$SOFTHSM_MODULE" =~ ^[^/] ]]; then - SOFTHSM_MODULE="$P11_MODULE_DIR/$SOFTHSM_MODULE" - fi - - # RSA ##################################################### - pkcs11-tool --module "$SOFTHSM_MODULE" --token-label "TestToken" --pin "env:GNUTLS_PIN" --so-pin "env:GNUTLS_SO_PIN" --keypairgen --key-type "RSA:2048" --label "RSATestKey" --usage-decrypt - - certtool --generate-self-signed \ - --load-privkey="pkcs11:token=TestToken;object=RSATestKey;type=private" \ - --load-pubkey="pkcs11:token=TestToken;object=RSATestKey;type=public" \ - --template "test/TEST-24-CRYPTSETUP/template.cfg" \ - --outder --outfile "/tmp/rsa_test.crt" - - pkcs11-tool --module "$SOFTHSM_MODULE" --token-label "TestToken" --pin "env:GNUTLS_PIN" --so-pin "env:GNUTLS_SO_PIN" --write-object "/tmp/rsa_test.crt" --type cert --label "RSATestKey" - rm "/tmp/rsa_test.crt" - - # prime256v1 ############################################## - pkcs11-tool --module "$SOFTHSM_MODULE" --token-label "TestToken" --pin "env:GNUTLS_PIN" --so-pin "env:GNUTLS_SO_PIN" --keypairgen --key-type "EC:prime256v1" --label "ECTestKey" --usage-derive - - certtool --generate-self-signed \ - --load-privkey="pkcs11:token=TestToken;object=ECTestKey;type=private" \ - --load-pubkey="pkcs11:token=TestToken;object=ECTestKey;type=public" \ - --template "test/TEST-24-CRYPTSETUP/template.cfg" \ - --outder --outfile "/tmp/ec_test.crt" - - pkcs11-tool --module "$SOFTHSM_MODULE" --token-label "TestToken" --pin "env:GNUTLS_PIN" --so-pin "env:GNUTLS_SO_PIN" --write-object "/tmp/ec_test.crt" --type cert --label "ECTestKey" - rm "/tmp/ec_test.crt" - - ########################################################### - rm "$SOFTHSM2_CONF" - unset SOFTHSM2_CONF - - cat >/etc/softhsm2.conf </etc/systemd/system/systemd-cryptsetup@.service.d/PKCS11.conf </etc/systemd/system/systemd-journald.service.d/10-stdout-tty.conf < 50s when built with sanitizers so let's not run it by default. -systemctl mask systemd-hwdb-update.service - -ASAN_RT_PATH="$(grep libasan.so < <(ldd /usr/lib/systemd/systemd) | cut -d ' ' -f 3)" -if [[ -z "$ASAN_RT_PATH" ]]; then - ASAN_RT_PATH="$(grep libclang_rt.asan < <(ldd /usr/lib/systemd/systemd) | cut -d ' ' -f 3)" - - # As clang's ASan DSO is usually in a non-standard path, let's check if the RUNPATH is set accordingly. - if ldd /usr/lib/systemd/systemd | grep -q "libclang_rt.asan.*not found"; then - echo >&2 "clang's ASan DSO libclang_rt.asan is not present in the runtime library path" - exit 1 - fi -fi -if [[ -z "$ASAN_RT_PATH" ]]; then - echo >&2 "systemd is not linked against the ASan DSO" - echo >&2 "gcc does this by default, for clang compile with -shared-libasan" - exit 1 -fi - -wrap=( - /usr/lib/polkit-1/polkitd - /usr/libexec/polkit-1/polkitd - agetty - btrfs - capsh - chgrp - chown - cryptsetup - curl - dbus-broker-launch - dbus-daemon - delv - dhcpd - dig - dmsetup - dnsmasq - findmnt - getent - getfacl - id - integritysetup - iscsid - kpartx - logger - login - ls - lsblk - lvm - mdadm - mkfs.btrfs - mkfs.erofs - mkfs.ext4 - mkfs.vfat - mkfs.xfs - mksquashfs - mkswap - multipath - multipathd - nvme - p11-kit - pkill - ps - setfacl - setpriv - sshd - stat - su - tar - tgtd - useradd - userdel - veritysetup -) - -for bin in "${wrap[@]}"; do - if ! command -v "$bin" >/dev/null; then - continue - fi - - if [[ "$bin" == getent ]]; then - enable_lsan=1 - else - enable_lsan=0 - fi - - target="$(command -v "$bin")" - - mv "$target" "$target.orig" - - cat >"$target" </usr/lib/systemd/systemd-asan-env <