2017-12-24 06:53:20 +00:00
#!/bin/sh
2021-10-01 13:04:32 +02:00
# SPDX-License-Identifier: LGPL-2.1-or-later
2020-12-06 16:45:01 +00:00
set -e
2016-07-16 02:00:44 +02:00
# This is a build script for OS image generation using mkosi (https://github.com/systemd/mkosi).
# Simply invoke "mkosi" in the project directory to build an OS image.
2022-07-15 02:26:52 +02:00
ASAN_OPTIONS=strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1:disable_coredump=0:use_madv_dontdump=1
UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1
2017-07-12 19:58:53 +02:00
# If mkosi.builddir/ exists mkosi will set $BUILDDIR to it, let's then use it
# as out-of-tree build dir. Otherwise, let's make up our own builddir.
2023-01-29 15:04:13 +01:00
[ -z "$BUILDDIR" ] && BUILDDIR="$PWD"/build
# Let's make sure we're using stuff from the build directory first if available there.
PATH="$BUILDDIR:$PATH"
export PATH
2017-07-12 19:58:53 +02:00
2022-08-22 13:21:07 +02:00
# The bpftool script shipped by Ubuntu tries to find the actual program to run via querying `uname -r` and
# using the current kernel version. This obviously doesn't work in containers. As a workaround, we override
# the ubuntu script with a symlink to the first bpftool program we can find.
for bpftool in /usr/lib/linux-tools/*/bpftool; do
2023-02-21 14:22:52 +01:00
[ -x "$bpftool" ] || continue
ln -sf "$bpftool" "$BUILDDIR"/bpftool
break
2022-08-22 13:21:07 +02:00
done
2022-10-14 14:53:41 +02:00
# CentOS Stream 8 includes bpftool 4.18.0 which is lower than what we need. However, they've backported the
# specific feature we need ("gen skeleton") to this version, so we replace bpftool with a script that reports
# version 5.6.0 to satisfy meson which makes bpf work on CentOS Stream 8 as well.
if [ "$(grep '^ID=' /etc/os-release)" = "ID=\"centos\"" ] && [ "$(grep '^VERSION=' /etc/os-release)" = "VERSION=\"8\"" ]; then
2023-02-21 14:22:52 +01:00
cat >"$BUILDDIR"/bpftool <<EOF
2022-10-14 14:53:41 +02:00
#!/bin/sh
if [ "\$1" = --version ]; then
2023-02-21 14:22:52 +01:00
echo 5.6.0
2022-10-14 14:53:41 +02:00
else
2023-02-21 14:22:52 +01:00
exec /usr/sbin/bpftool \$@
2022-10-14 14:53:41 +02:00
fi
EOF
2023-02-21 14:22:52 +01:00
chmod +x "$BUILDDIR"/bpftool
2022-10-14 14:53:41 +02:00
fi
2018-02-09 19:22:40 +01:00
if [ ! -f "$BUILDDIR"/build.ninja ] ; then
2023-02-21 14:22:52 +01:00
sysvinit_path=$(realpath /etc/init.d)
init_path=$(realpath /sbin/init 2>/dev/null)
if [ -z "$init_path" ] ; then
rootprefix=""
else
rootprefix=${init_path%/lib/systemd/systemd}
rootprefix=/${rootprefix#/}
fi
# On debian-like systems the library directory is not /usr/lib64 but /usr/lib/<arch-triplet>/.
# It is important to use the right one especially for cryptsetup plugins, otherwise they will be
# installed in the wrong directory and not be found by cryptsetup. Assume native build.
if grep -q -e "ID=debian" -e "ID_LIKE=debian" /etc/os-release && command -v dpkg 2>/dev/null; then
LIBDIR="-Drootlibdir=/usr/lib/$(dpkg-architecture -qDEB_HOST_MULTIARCH)"
PAMDIR="-Dpamlibdir=/usr/lib/$(dpkg-architecture -qDEB_HOST_MULTIARCH)/security"
fi
# Cannot quote $LIBDIR and $PAMDIR, because they may be empty, and meson will fail.
# shellcheck disable=SC2086
meson setup "$BUILDDIR" \
${LIBDIR:-} \
${PAMDIR:-} \
-D "sysvinit-path=$sysvinit_path" \
-D "rootprefix=$rootprefix" \
-D man=false \
-D translations=false \
-D version-tag="${VERSION_TAG}" \
-D mode=developer \
-D b_sanitize="${SANITIZERS:-none}" \
-D install-tests=true \
-D tests=unsafe \
-D slow-tests=true \
-D utmp=true \
-D hibernate=true \
-D ldconfig=true \
-D resolve=true \
-D efi=true \
-D tpm=true \
-D environment-d=true \
-D binfmt=true \
-D repart=true \
-D sysupdate=true \
-D coredump=true \
-D pstore=true \
-D oomd=true \
-D logind=true \
-D hostnamed=true \
-D localed=true \
-D machined=true \
-D portabled=true \
-D sysext=true \
-D userdb=true \
-D homed=true \
-D networkd=true \
-D timedated=true \
-D timesyncd=true \
-D remote=true \
-D nss-myhostname=true \
-D nss-mymachines=true \
-D nss-resolve=true \
-D nss-systemd=true \
-D firstboot=true \
-D randomseed=true \
-D backlight=true \
-D vconsole=true \
-D quotacheck=true \
-D sysusers=true \
-D tmpfiles=true \
-D importd=true \
-D hwdb=true \
-D rfkill=true \
-D xdg-autostart=true \
-D translations=true \
-D polkit=true \
-D acl=true \
-D audit=true \
-D blkid=true \
-D fdisk=true \
-D kmod=true \
-D pam=true \
-D pwquality=true \
-D microhttpd=true \
-D libcryptsetup=true \
-D libcurl=true \
-D idn=true \
-D libidn2=true \
-D qrencode=true \
-D gcrypt=true \
-D gnutls=true \
-D openssl=true \
-D cryptolib=openssl \
-D p11kit=true \
-D libfido2=true \
-D tpm2=true \
-D elfutils=true \
-D zstd=true \
-D xkbcommon=true \
-D pcre2=true \
-D glib=true \
-D dbus=true \
-D gnu-efi=true \
-D kernel-install=true \
-D analyze=true \
-D bpf-framework=true \
-D ukify=true
2017-12-06 13:53:39 +01:00
fi
2021-01-09 17:32:00 +01:00
cd "$BUILDDIR"
2021-01-24 14:13:58 +00:00
ninja "$@"
2020-04-22 01:58:44 +02:00
if [ "$WITH_TESTS" = 1 ] ; then
2023-02-21 14:22:52 +01:00
if [ -n "$SANITIZERS" ]; then
export ASAN_OPTIONS="$ASAN_OPTIONS"
export UBSAN_OPTIONS="$UBSAN_OPTIONS"
TIMEOUT_MULTIPLIER=3
else
TIMEOUT_MULTIPLIER=1
fi
meson test --print-errorlogs --timeout-multiplier=$TIMEOUT_MULTIPLIER
2020-04-22 01:58:44 +02:00
fi
2021-01-09 17:32:00 +01:00
cd "$SRCDIR"
2020-12-06 16:45:45 +00:00
2023-01-29 15:07:38 +01:00
meson install -C "$BUILDDIR" --quiet --no-rebuild --only-changed
2016-12-06 23:17:57 +01:00
2017-07-12 19:58:53 +02:00
mkdir -p "$DESTDIR"/etc
2016-12-06 23:17:57 +01:00
2021-09-02 14:22:19 +02:00
cat >"$DESTDIR"/etc/issue <<EOF
2016-12-06 23:17:57 +01:00
\S (built from systemd tree)
Kernel \r on an \m (\l)
EOF
2018-06-21 18:47:33 +02:00
2021-07-02 14:59:58 +02:00
if [ -n "$IMAGE_ID" ] ; then
2023-02-21 14:22:52 +01:00
mkdir -p "$DESTDIR"/usr/lib
sed -n \
-e '/^IMAGE_ID=/!p' \
-e "\$aIMAGE_ID=$IMAGE_ID" <"/usr/lib/os-release" >"${DESTDIR}/usr/lib/os-release"
2021-07-02 14:59:58 +02:00
2023-02-21 14:22:52 +01:00
OSRELEASEFILE="$DESTDIR"/usr/lib/os-release
2021-07-02 14:59:58 +02:00
else
2023-02-21 14:22:52 +01:00
OSRELEASEFILE=/usr/lib/os-release
2021-07-02 14:59:58 +02:00
fi
if [ -n "$IMAGE_VERSION" ] ; then
2023-02-21 14:22:52 +01:00
mkdir -p "$DESTDIR"/usr/lib
sed -n \
-e '/^IMAGE_VERSION=/!p' \
-e "\$aIMAGE_VERSION=$IMAGE_VERSION" <$OSRELEASEFILE >"/tmp/os-release.tmp"
2021-07-02 14:59:58 +02:00
2023-02-21 14:22:52 +01:00
cat /tmp/os-release.tmp >"$DESTDIR"/usr/lib/os-release
rm /tmp/os-release.tmp
2021-07-02 14:59:58 +02:00
fi
2021-12-08 19:31:25 +01:00
# If $CI_BUILD is set, copy over the CI service which executes a service check
# after boot and then shuts down the machine
if [ -n "$CI_BUILD" ]; then
2023-02-21 14:22:52 +01:00
mkdir -p "$DESTDIR/usr/lib/systemd/system"
cp -v "$SRCDIR/test/mkosi-check-and-shutdown.service" "$DESTDIR/usr/lib/systemd/system/mkosi-check-and-shutdown.service"
cp -v "$SRCDIR/test/mkosi-check-and-shutdown.sh" "$DESTDIR/usr/lib/systemd/mkosi-check-and-shutdown.sh"
chmod +x "$DESTDIR/usr/lib/systemd/mkosi-check-and-shutdown.sh"
2021-12-08 19:31:25 +01:00
fi
2022-07-15 02:26:52 +02:00
if [ -n "$SANITIZERS" ]; then
2023-02-21 14:22:52 +01:00
LD_PRELOAD=$(ldd "$BUILDDIR"/systemd | grep libasan.so | awk '{print $3}')
2022-07-15 02:26:52 +02:00
2023-02-21 14:22:52 +01:00
mkdir -p "$DESTDIR/etc/systemd/system.conf.d"
2022-07-15 02:26:52 +02:00
2023-02-21 14:22:52 +01:00
cat >"$DESTDIR/etc/systemd/system.conf.d/10-asan.conf" <<EOF
2022-07-15 02:26:52 +02:00
[Manager]
ManagerEnvironment=ASAN_OPTIONS=$ASAN_OPTIONS\\
UBSAN_OPTIONS=$UBSAN_OPTIONS\\
LD_PRELOAD=$LD_PRELOAD
DefaultEnvironment=ASAN_OPTIONS=$ASAN_OPTIONS\\
UBSAN_OPTIONS=$UBSAN_OPTIONS\\
LD_PRELOAD=$LD_PRELOAD
EOF
2023-02-21 14:22:52 +01:00
# ASAN logs to stderr by default. However, journald's stderr is connected to /dev/null, so we lose
# all the ASAN logs. To rectify that, let's connect journald's stdout to the console so that any
# sanitizer failures appear directly on the user's console.
mkdir -p "$DESTDIR/etc/systemd/system/systemd-journald.service.d"
2022-07-15 02:26:52 +02:00
2023-02-21 14:22:52 +01:00
cat >"$DESTDIR/etc/systemd/system/systemd-journald.service.d/10-stdout-tty.conf" <<EOF
2022-07-15 02:26:52 +02:00
[Service]
StandardOutput=tty
EOF
2023-02-21 14:22:52 +01:00
# Both systemd and util-linux's login call vhangup() on /dev/console which disconnects all users.
# This means systemd-journald can't log to /dev/console even if we configure `StandardOutput=tty`. As
# a workaround, we modify console-getty.service to disable systemd's vhangup() and disallow login
# from calling vhangup() so that journald's ASAN logs correctly end up in the console.
2022-07-15 02:26:52 +02:00
2023-02-21 14:22:52 +01:00
mkdir -p "$DESTDIR/etc/systemd/system/console-getty.service.d"
2022-07-15 02:26:52 +02:00
2023-02-21 14:22:52 +01:00
cat >"$DESTDIR/etc/systemd/system/console-getty.service.d/10-no-vhangup.conf" <<EOF
2022-07-15 02:26:52 +02:00
[Service]
TTYVHangup=no
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
EOF
fi
2022-08-22 13:21:07 +02:00
# Make sure services aren't enabled by default on Debian/Ubuntu.
mkdir -p "$DESTDIR/etc/systemd/system-preset"
2022-11-10 15:12:33 +01:00
echo "disable *" >"$DESTDIR/etc/systemd/system-preset/99-mkosi.preset"
2022-09-09 08:53:37 +02:00
if [ -d mkosi.kernel/ ]; then
2023-02-21 14:22:52 +01:00
cd "$SRCDIR/mkosi.kernel"
mkdir -p "$BUILDDIR/mkosi.kernel"
2022-09-09 08:53:37 +02:00
2023-02-21 14:22:52 +01:00
# Ensure fast incremental builds by fixating these values which usually change for each build.
export KBUILD_BUILD_TIMESTAMP="Fri Jun 5 15:58:00 CEST 2015"
export KBUILD_BUILD_HOST="mkosi"
2022-11-02 12:19:11 +01:00
2023-02-21 14:22:52 +01:00
scripts/kconfig/merge_config.sh -O "$BUILDDIR/mkosi.kernel" \
../mkosi.kernel.config \
tools/testing/selftests/bpf/config.x86_64 \
tools/testing/selftests/bpf/config
2022-09-09 08:53:37 +02:00
2023-02-21 14:22:52 +01:00
make O="$BUILDDIR/mkosi.kernel" -j "$(nproc)"
2022-09-09 08:53:37 +02:00
2023-02-21 14:22:52 +01:00
KERNEL_RELEASE=$(make O="$BUILDDIR"/mkosi.kernel -s kernelrelease)
mkdir -p "$DESTDIR/usr/lib/modules/$KERNEL_RELEASE"
make O="$BUILDDIR/mkosi.kernel" INSTALL_MOD_PATH="$DESTDIR/usr" modules_install
make O="$BUILDDIR/mkosi.kernel" INSTALL_PATH="$DESTDIR/usr/lib/modules/$KERNEL_RELEASE" install
mkdir -p "$DESTDIR/usr/lib/kernel/selftests"
make -C tools/testing/selftests -j "$(nproc)" O="$BUILDDIR/mkosi.kernel" KSFT_INSTALL_PATH="$DESTDIR/usr/lib/kernel/selftests" SKIP_TARGETS="" install
2022-12-02 20:40:22 +01:00
2023-02-21 14:22:52 +01:00
ln -sf /usr/lib/kernel/selftests/bpf/bpftool "$DESTDIR/usr/bin/bpftool"
2022-09-09 08:53:37 +02:00
fi