IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
The bpf build is currently broken with the gcc available in suse due
to a conflict with stdint headers definitions in socket-bind-api.bpf.h
after 30897ddf5018da21266e4b8a28a4a925c4681de4
This reverts commit e4086f7dc9c40578047fa26c669ffc4c1191b85c.
(cherry picked from commit 0ea06c5f01518ec61e3376c53c822ba619139abe)
dnf5 does not download filelists metadata by default anymore as this
consists of a pretty big chunk of the repository metadata. Let's make
sure the filelists metadata doesn't have to be downloaded by dnf5 by
removing any usage of file provides from our package lists.
(cherry picked from commit dce5d31c751f48d8aecbbac818c9f0032733338a)
(cherry picked from commit 3587f2dd9ef5bbc2b905e9efc35533979f4a39ac)
It's now a dlopen library and it is installed at build time via
libiptc-dev, but was never added to the running image.
Follow-up for 5b5f8f8b9aef405cdc42771e7876988d5aefb51e
(cherry picked from commit d6bf9b612ca23673b5af104a4c67cb3f8b4da560)
(cherry picked from commit 9c746dc5a467e830d5b224afb8d0e2224aabf5af)
Problem: busybox-diffutils-1.36.1-30.2.noarch conflicts with diffutils provided by diffutils-3.10-1.5.x86_64
Solution 1: deinstallation of busybox-diffutils-1.36.1-30.2.noarch
Solution 2: do not install diffutils-3.10-1.5.x86_64
Workaround for CI issue, the sd-stub we build is overwritten in the final
image as the package gets pulled there, install it in the base to
work around it for now
We only really care about lowering the device timeout so we get to
a shell faster when the root device doesn't appear so let's only
lower that timeout instead of lowering all default timeouts.
Files placed in /EFI/Linux/UKI.efi.extra.d/ and /loader/addons/ are
opened and verified using the LoadImage protocol, and will thus get
verified via shim/firmware.
If they are valid signed PE files, the .cmdline section will be
extracted and appended. If there are multiple addons in each directory,
they will be parsed in alphanumerical order.
Optionally the .uname sections are also matched if present, so
that they can be used to filter out addons as well if needed, and only
addons that correspond exactly to the UKI being loaded are used.
It is recommended to also always add a .sbat section to addons, so
that they can be mass-revoked with just a policy update.
The files must have a .addon.efi suffix.
Files in the per-UKI directory are parsed, sorted, measured and
appended first. Then, files in the generic directory are processed.
Let's start moving towards a more involved partitioning setup to
test our stuff more when using mkosi.
The root partition is generated on boot with systemd-repart.
CentOS supports neither erofs nor btrfs so we use squashfs and xfs
instead.
We also enable SecureBoot= locally for additional coverage. This
and the use of verity means users need to run `mkosi genkey` once
to generate the keys necessary to do secure boot and verity.
We run the build as a regular user and create-log-dirs requires to
run as root so let's disable the option to avoid error noise during
the install phase.
This undoes the effect of 1394a3ec351048bae008627a0775d1f9a6c46294 partially.
We print the fairly verbose output of the build commands, so let's also
print the commands themselves. This makes it much easier to understand what
is going on.
(The style was copied from other scripts where we do 'set -x' for one command.)
Instead of building the initrds for the mkosi images with dracut,
let's switch to using mkosi presets to build the initrd with mkosi
as well.
This commit splits up our single image build into three separate
mkosi presets:
1. The "base" preset. This image contains systemd and all its runtime
dependencies. The sole purpose of this image is to serve as a base image
for the initrd and the final image. It's also responsible for building
systemd from source with the build script. The results are installed into
the base image. Note that we install the systemd and udev packages into this
image as well to prevent package managers from overriding the systemd we built
from source with the distro packaged systemd if it's pulled in as a dependency
by another package from the initrd or final profiles.
2. The "initrd" preset. This image provides the initrd. It's trivial and does
nothing more than packaging the base image up as a zstd compressed initramfs and
adds /init and /etc/initrd-release symlinks to the image.
3. The "final" preset. This image builds on top of the base image and adds
a kernel and extra packages that are useful for testing and debugging.
We also split out the optional kernel build into a separate set of config files
that are only included if a kernel to build is actually provided.
Note that this commit doesn't really change anything about how mkosi is used.
The commands remain the same, except that mkosi will now build all the presets
in order. "mkosi summary" will show the summary of all the presets. "mkosi qemu,
boot, shell" will always boot the final preset. With "-f", all presets will be
built and the final one is booted. "-i" makes a cache of each preset.
The only thing to keep in mind is that specifying config via the mkosi CLI will
apply to each of the presets. e.g. any extra packages added with "-p" will be
installed in both the initrd and the final image. To apply local configuration
to a single preset, create a file 00-local.conf in
mkosi.presets/<profile>/mkosi.conf.d and put all the preset specific configuration
in there.
