shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-03-06 00:58:29 +03:00
Code

Build distribution packages in mkosi

Browse Source 
Instead of running meson install and hoping for the best, let's build
distribution packages from the downstream packaging specs. This gets
us the following:

- Vastly simplified mkosi scripts since we don't need a separate initrd
  image anymore but can just reuse the default mkosi initrd.
- Almost everything can move to the base image as its not the basis
  anymore for the initrd and as such we don't need to care about the
  size anymore.
- The systemd packages that get pulled in as dependencies of other
  packages get properly uninstalled and replaced with our packages that
  we built instead of just installing on top of an existing systemd
  installation with no guarantee that everything from that previous
  installation was removed.
- Much better testing coverage as what we're testing is much closer
  to what will actually be deployed in distributions.
- Immediate feedback if something we change breaks distribution packaging
- We get integration with the distribution for free as we'll automatically
  use the proper directories and such instead of having to hack this
  into a mkosi build script.
- ...
This commit is contained in:
Daan De Meyer 2024-01-25 22:48:55 +01:00
parent 542bad6552
commit 4d0f1451b5
60 changed files with 758 additions and 810 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
.github/workflows/mkosi.yml vendored
View File

@ -59,17 +59,17 @@ jobs:
- distro: debian
release: testing
- distro: ubuntu
release: jammy
release: noble
- distro: fedora
release: "39"
- distro: fedora
release: rawhide
- distro: opensuse
release: tumbleweed
# TODO: Re-enable once https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/thread/AU4NWTBXNA7MVAUXWR74XYCHCSZN4Z4K/
# is resolved or https://build.opensuse.org/request/show/1152118 is merged.
# - distro: opensuse
# release: tumbleweed
- distro: centos
release: "9"
- distro: centos
release: "8"
env:
SYSTEMD_LOG_LEVEL: debug
@ -94,10 +94,6 @@ jobs:
# Build a disk image in CI as this logic is much more prone to breakage.
Format=disk
[Content]
Environment=CI_BUILD=1
SLOW_TESTS=true
[Host]
ToolsTree=default
ToolsTreeDistribution=fedora

16
docs/HACKING.md
View File

@ -32,16 +32,16 @@ run the relevant tool from the build directory.
For some components (most importantly, systemd/PID 1 itself) this is not
possible, however. In order to simplify testing for cases like this we provide
a set of `mkosi` build files directly in the source tree.
a set of `mkosi` config files directly in the source tree.
[mkosi](https://github.com/systemd/mkosi) is a tool for building clean OS images
from an upstream distribution in combination with a fresh build of the project
in the local working directory. To make use of this, please install `mkosi` v19
or newer using your distribution's package manager or from the
[GitHub repository](https://github.com/systemd/mkosi). `mkosi` will build an
image for the host distro by default. First, run `mkosi genkey` to generate a key
and certificate to be used for secure boot and verity signing. After that is done,
it is sufficient to type `mkosi` in the systemd project directory to generate a disk
image you can boot either in `systemd-nspawn` or in a UEFI-capable VM:
in the local working directory. To make use of this, please install the latest
version of mkosi from the [GitHub repository](https://github.com/systemd/mkosi).
`mkosi` will build an image for the host distro by default. First, run
`mkosi genkey` to generate a key and certificate to be used for secure boot and
verity signing. After that is done, it is sufficient to type `mkosi` in the
systemd project directory to generate a disk image you can boot either in
`systemd-nspawn` or in a UEFI-capable VM:
```sh
$ sudo mkosi boot # nspawn still needs sudo for now

6
mkosi.conf
View File

@ -2,7 +2,7 @@
[Config]
Images=system
MinimumVersion=20.2
MinimumVersion=21
[Output]
@OutputDirectory=mkosi.output
@ -14,10 +14,12 @@ MinimumVersion=20.2
Environment=ASAN_OPTIONS=verify_asan_link_order=false
MKOSI_ASAN_OPTIONS=strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1:disable_coredump=0:use_madv_dontdump=1
MKOSI_UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1
@SELinuxRelabel=no
[Host]
@Incremental=yes
@QemuMem=2G
# TODO: Drop to 2G again once the next Noble kernel update ships and we can use linux-image-virtual.
@QemuMem=4G
@RuntimeSize=8G
ToolsTreePackages=virtiofsd
KernelCommandLineExtra=systemd.crash_shell

11
mkosi.conf.d/05-qemu-mem.conf
View File

@ -1,11 +0,0 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
# Arch and CentOS 8 Stream initrds are rather big so we need to give QEMU more memory so the kernel can load
# them without OOMing.
[Match]
Distribution=|arch
Distribution=|centos
[Host]
@QemuMem=3G

1
mkosi.conf.d/10-opensuse.conf
View File

@ -5,3 +5,4 @@ Distribution=opensuse
[Distribution]
@Release=tumbleweed
PackageManagerTrees=mkosi.conf.d/macros.db_backend:/etc/rpm/macros.db_backend

2
mkosi.conf.d/10-ubuntu.conf
View File

@ -4,5 +4,5 @@
Distribution=ubuntu
[Distribution]
@Release=jammy
@Release=noble
Repositories=universe

1
mkosi.conf.d/macros.db_backend Normal file
View File

@ -0,0 +1 @@
%_db_backend ndb

171
mkosi.images/base/mkosi.build.chroot
View File

@ -1,171 +0,0 @@
#!/bin/bash
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e
# This is a build script for OS image generation using mkosi (https://github.com/systemd/mkosi).
# Simply invoke "mkosi" in the project directory to build an OS image.
# We don't want to install our build of systemd in the base image, but use it as an extra tree for the
# initrd and system images, so override DESTDIR to store it in the output directory so we can reference it as
# an extra tree in the initrd and system image builds.
export DESTDIR="$OUTPUTDIR/systemd"
# If mkosi.builddir/ exists mkosi will set $BUILDDIR to it, let's then use it
# as out-of-tree build dir. Otherwise, let's make up our own builddir.
[ -z "$BUILDDIR" ] && BUILDDIR="$PWD"/build
# Let's make sure we're using stuff from the build directory first if available there.
PATH="$BUILDDIR:$PATH"
export PATH
# The bpftool script shipped by Ubuntu tries to find the actual program to run via querying `uname -r` and
# using the current kernel version. This obviously doesn't work in containers. As a workaround, we override
# the ubuntu script with a symlink to the first bpftool program we can find.
for bpftool in /usr/lib/linux-tools/*/bpftool; do
[ -x "$bpftool" ] || continue
ln -sf "$bpftool" "$BUILDDIR"/bpftool
break
done
# CentOS Stream 8 includes bpftool 4.18.0 which is lower than what we need. However, they've backported the
# specific feature we need ("gen skeleton") to this version, so we replace bpftool with a script that reports
# version 5.6.0 to satisfy meson which makes bpf work on CentOS Stream 8 as well.
. /usr/lib/os-release
if [ "$ID" = "centos" ] && [ "$VERSION" = "8" ]; then
cat >"$BUILDDIR"/bpftool <<EOF
#!/bin/sh
if [ "\$1" = --version ]; then
echo 5.6.0
else
exec /usr/sbin/bpftool \$@
fi
EOF
chmod +x "$BUILDDIR"/bpftool
fi
if [ ! -f "$BUILDDIR"/build.ninja ]; then
CONFIGURE_OPTS=(
-D sysvinit-path="$([[ -d /etc/rc.d/init.d ]] && echo /etc/rc.d/init.d || echo /etc/init.d)"
-D man=disabled
-D translations=false
-D version-tag="${VERSION_TAG}"
-D mode=developer
-D b_sanitize="${SANITIZERS:-none}"
-D install-tests=true
-D tests=unsafe
-D slow-tests="${SLOW_TESTS:-false}"
-D create-log-dirs=false
-D pamconfdir=/usr/lib/pam.d/
-D utmp=true
-D hibernate=true
-D ldconfig=true
-D resolve=true
-D efi=true
-D tpm=true
-D environment-d=true
-D binfmt=true
-D coredump=true
-D pstore=true
-D oomd=true
-D logind=true
-D hostnamed=true
-D localed=true
-D machined=true
-D portabled=true
-D sysext=true
-D userdb=true
-D networkd=true
-D timedated=true
-D timesyncd=true
-D nss-myhostname=true
-D nss-systemd=true
-D firstboot=true
-D randomseed=true
-D backlight=true
-D vconsole=true
-D quotacheck=true
-D sysusers=true
-D tmpfiles=true
-D hwdb=true
-D rfkill=true
-D xdg-autostart=true
-D translations=true
-D idn=true
-D cryptolib=openssl
-D kernel-install=true
-D analyze=true
-D ukify="$([[ "$ID" = "centos" ]] && [[ "$VERSION" = "8" ]] && echo disabled || echo enabled)"
-D selinux="$([[ "$ID" =~ centos|fedora|opensuse ]] && echo enabled || echo disabled)"
-D apparmor="$([[ "$ID" =~ ubuntu|debian ]] && echo enabled || echo disabled)"
-D smack=true
-D ima=true
-D first-boot-full-preset=true
-D initrd=true
-D fexecve=true
-D default-keymap="$([[ "$ID" =~ debian|ubuntu ]] && echo "" || echo "us")"
-D xenctrl="$([[ "$ID" =~ debian|ubuntu|fedora|opensuse ]] && echo enabled || echo disabled)"
-D libiptc="$([[ "$ID" =~ debian|ubuntu ]] && echo enabled || echo disabled)"
-D libcryptsetup-plugins="$([[ "$ID" = "centos" ]] && [[ "$VERSION" = "8" ]] && echo disabled || echo enabled)"
)
# On debian-like systems the library directory is not /usr/lib64 but /usr/lib/<arch-triplet>/.
# It is important to use the right one especially for cryptsetup plugins, otherwise they will be
# installed in the wrong directory and not be found by cryptsetup. Assume native build.
if grep -q -e "ID=debian" -e "ID_LIKE=debian" /usr/lib/os-release && command -v dpkg 2>/dev/null; then
CONFIGURE_OPTS+=(
-D libdir="/usr/lib/$(dpkg-architecture -qDEB_HOST_MULTIARCH)"
-D pamlibdir="/usr/lib/$(dpkg-architecture -qDEB_HOST_MULTIARCH)/security"
)
fi
# Set various uids and gids for which Fedora has "soft static" allocations.
# Without this, we would get warning about mismatched sysusers.d entries
# between the files that we and Fedora's setup package install.
if grep -q '^ID=fedora' /usr/lib/os-release; then
CONFIGURE_OPTS+=(
-D adm-gid=4
-D audio-gid=63
-D cdrom-gid=11
-D dialout-gid=18
-D disk-gid=6
-D input-gid=104
-D kmem-gid=9
-D kvm-gid=36
-D lp-gid=7
-D render-gid=105
-D sgx-gid=106
-D tape-gid=33
-D tty-gid=5
-D users-gid=100
-D utmp-gid=22
-D video-gid=39
-D wheel-gid=10
-D systemd-journal-gid=190
-D systemd-network-uid=192
-D systemd-resolve-uid=193
)
fi
if grep -q '^ID="opensuse' /usr/lib/os-release; then
CONFIGURE_OPTS+=(
-Dbpf-compiler=gcc
)
fi
( set -x; meson setup "$BUILDDIR" "$SRCDIR" --auto-features=enabled "${CONFIGURE_OPTS[@]}" )
fi
( set -x; ninja -C "$BUILDDIR" "$@" )
if [ "$WITH_TESTS" = 1 ]; then
if [ -n "$SANITIZERS" ]; then
export ASAN_OPTIONS="$MKOSI_ASAN_OPTIONS"
export UBSAN_OPTIONS="$MKOSI_UBSAN_OPTIONS"
TIMEOUT_MULTIPLIER=3
else
TIMEOUT_MULTIPLIER=1
fi
( set -x; meson test -C "$BUILDDIR" --print-errorlogs --timeout-multiplier=$TIMEOUT_MULTIPLIER )
fi
( set -x; meson install -C "$BUILDDIR" --quiet --no-rebuild --only-changed )

58
mkosi.images/base/mkosi.conf
View File

@ -4,33 +4,51 @@
Format=directory
[Content]
Bootable=no
Autologin=yes
# Make sure we build the default initrd as part of the base image as it will have access to the systemd and
# udev rpms which are built by the build scripts that are part of the base image.
Bootable=yes
# we want to build the UKI as part of the system image so make sure none are built here.
Bootloader=none
CleanPackageMetadata=no
Packages=
Packages=
acl
bash-completion
coreutils
diffutils
dnsmasq
dosfstools
e2fsprogs
findutils
gcc # Sanitizer libraries
gdb
git
grep
gzip
jq
kbd
kexec-tools
kmod
less
util-linux
BuildPackages=
acl
binutils
clang
diffutils
gawk
gdb
gettext
git
gperf
grep
lld
llvm
make
meson
pkgconf
mtools
nano
nftables
openssl
python3
qrencode
rsync
sed
socat
strace
systemd
tar
tmux
tree
udev
util-linux
valgrind
wireguard-tools
xfsprogs
zsh
zstd

33
mkosi.images/base/mkosi.conf.d/10-arch.conf
View File

@ -1,33 +0,0 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Match]
Distribution=arch
[Content]
Packages=
cryptsetup
dbus
gnutls
libarchive
libbpf
libfido2
libmicrohttpd
libnftnl
libpwquality
libseccomp
libxkbcommon
openssl
qrencode
tpm2-tss
BuildPackages=
bpf
docbook-xsl
glib2
libxslt
linux-api-headers
python
python-jinja
python-lxml
python-pefile
python-pyelftools

5
mkosi.images/base/mkosi.conf.d/10-arch/initrd/mkosi.postinst Executable file
View File

@ -0,0 +1,5 @@
#!/bin/bash
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e
mkosi-install systemd systemd-sysvcompat

53
mkosi.images/base/mkosi.conf.d/10-arch/mkosi.build.chroot Executable file
View File

@ -0,0 +1,53 @@
#!/bin/bash
# SPDX-License-Identifier: LGPL-2.1-or-later
set -ex
if [ ! -f "pkg/$DISTRIBUTION/PKGBUILD" ]; then
echo "PKGBUILD not found at pkg/$DISTRIBUTION/PKGBUILD, run mkosi once with -ff to make sure the PKGBUILD is cloned" >&2
exit 1
fi
# We can't configure the source or build directory so we use bind mounts instead to make sure they are in the
# expected locations.
mount --mkdir --bind "$SRCDIR" "pkg/$DISTRIBUTION/systemd-stable/"
mount --mkdir --bind "$BUILDDIR" "pkg/$DISTRIBUTION/build/"
# Because we run with --noextract we are responsible for making sure the source files appear in src/.
mount --mkdir --rbind "$PWD/pkg/$DISTRIBUTION" "pkg/$DISTRIBUTION/src/"
# shellcheck source=/dev/null
. /etc/makepkg.conf
# Override the default options. Use -Og because -O0 doesn't work with FORTIFY_SOURCE. We specifically disable
# "strip", "zipman" and "lto" as they slow down builds significantly. OPTIONS= cannot be overridden on the
# makepkg command line so we append to /etc/makepkg.conf instead. The rootfs is overlayed with a writable
# tmpfs during the build script so these changes don't end up in the image itself.
tee --append /etc/makepkg.conf >/dev/null <<EOF
CFLAGS="$CFLAGS -Og"
OPTIONS=(!strip docs !libtool !staticlibs emptydirs !zipman purge debug !lto)
EOF
# Linting the PKGBUILD takes multiple seconds every build so avoid that by nuking all the linting functions.
rm /usr/share/makepkg/lint_pkgbuild/*
if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then
TS="$(git show --no-patch --format=%ct HEAD)"
else
TS="${SOURCE_DATE_EPOCH:-$(date +%s)}"
fi
# We get around makepkg's root check by setting EUID to something else.
# shellcheck disable=SC2046
env --chdir="pkg/$DISTRIBUTION" \
EUID=123 \
makepkg \
--noextract \
$( ((WITH_TESTS)) || echo --nocheck) \
--force \
UPSTREAM=1 \
QUIET=1 \
BUILDDIR="$PWD/pkg/$DISTRIBUTION" \
PKGDEST="$PACKAGEDIR" \
PKGEXT=".pkg.tar" \
PKGVER="$(cat meson.version)" \
PKGREL="$(date "+%Y%m%d%H%M%S" --date "@$TS")" \
MESON_EXTRA_CONFIGURE_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}"

48
mkosi.images/base/mkosi.conf.d/10-arch/mkosi.conf Normal file
View File

@ -0,0 +1,48 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Match]
Distribution=arch
[Config]
InitrdInclude=initrd/
# TODO: Switch to https://gitlab.archlinux.org/archlinux/packaging/packages/systemd once
# https://gitlab.archlinux.org/archlinux/packaging/packages/systemd/-/merge_requests/8 is merged.
[Content]
Environment=
PKG_URL="https://gitlab.archlinux.org/daandemeyer/systemd"
PKG_BRANCH="strip"
SYSTEMD_PACKAGES="systemd systemd-ukify systemd-sysvcompat systemd-resolvconf"
Packages=
bpf
btrfs-progs
compsize
cryptsetup
dbus
dhcp
f2fs-tools
gnutls
iproute
linux
man-db
openbsd-netcat
openssh
openssl
pacman
polkit
qrencode
quota-tools
sbsigntools
shadow
tpm2-tss
vim
InitrdPackages=
btrfs-progs
tpm2-tools
BuildPackages=
fakeroot
pkgconf
debugedit

24
mkosi.images/base/mkosi.conf.d/10-arch/mkosi.prepare Executable file
View File

@ -0,0 +1,24 @@
#!/bin/bash
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e
if [ ! -f "pkg/$DISTRIBUTION/PKGBUILD" ]; then
echo "PKGBUILD not found at pkg/$DISTRIBUTION/PKGBUILD, run mkosi once with -ff to make sure the PKGBUILD is cloned" >&2
exit 1
fi
if [ "$1" = "final" ]; then
# We get depends and optdepends from .SRCINFO as getting them from the PKGBUILD is rather complex.
sed --expression 's/^[ \t]*//' "pkg/$DISTRIBUTION/.SRCINFO" |
grep --regexp '^depends =' --regexp '^optdepends =' |
sed --expression 's/^depends = //' --expression 's/^optdepends = //' --expression 's/:.*//' |
xargs --delimiter '\n' mkosi-install
else
# We get makedepends from the PKGBUILD as .SRCINFO can't encode conditional dependencies depending on
# whether some environment variable is set or not.
# shellcheck source=/dev/null
UPSTREAM=1 . "pkg/$DISTRIBUTION/PKGBUILD"
# shellcheck disable=SC2154
mkosi-install "${makedepends[@]}"
fi

78
mkosi.images/base/mkosi.conf.d/10-centos-fedora.conf
View File

@ -1,78 +0,0 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Match]
Distribution=|centos
Distribution=|fedora
[Content]
Packages=
audit-libs
cryptsetup-libs
gnutls
libarchive
libasan
libbpf
libfido2
libgcrypt
libmicrohttpd
libnftnl
libubsan
libxcrypt
libxkbcommon
openssl-libs
qrencode-libs
tpm2-tss
util-linux
BuildPackages=
pkgconf
bpftool
docbook-xsl
findutils
libgcrypt-devel # CentOS Stream 8 libgcrypt-devel doesn't ship a pkg-config file.
libxslt
pam-devel
pkgconfig(audit)
pkgconfig(blkid)
pkgconfig(bzip2)
pkgconfig(dbus-1)
pkgconfig(fdisk)
pkgconfig(glib-2.0)
pkgconfig(gnutls)
pkgconfig(libacl)
pkgconfig(libarchive)
pkgconfig(libbpf)
pkgconfig(libcap)
pkgconfig(libcryptsetup)
pkgconfig(libcurl)
pkgconfig(libdw)
pkgconfig(libfido2)
pkgconfig(libidn2)
pkgconfig(libkmod)
pkgconfig(liblz4)
pkgconfig(libmicrohttpd)
pkgconfig(libnftnl)
pkgconfig(libpcre2-8)
pkgconfig(libqrencode)
pkgconfig(libseccomp)
pkgconfig(libselinux)
pkgconfig(libzstd)
pkgconfig(mount)
pkgconfig(numa)
pkgconfig(openssl)
pkgconfig(openssl)
pkgconfig(p11-kit-1)
pkgconfig(pwquality)
pkgconfig(tss2-esys)
pkgconfig(tss2-mu)
pkgconfig(tss2-rc)
pkgconfig(tss2-tcti-device)
pkgconfig(valgrind)
pkgconfig(xkbcommon)
python3
python3dist(jinja2)
python3dist(lxml)
python3dist(pefile)
python3dist(pyelftools)
python3dist(pytest)
rpm

5
mkosi.images/base/mkosi.conf.d/10-centos-fedora/initrd/mkosi.postinst Executable file
View File

@ -0,0 +1,5 @@
#!/bin/bash
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e
mkosi-install systemd systemd-udev

47
mkosi.images/base/mkosi.conf.d/10-centos-fedora/mkosi.build.chroot Executable file
View File

@ -0,0 +1,47 @@
#!/bin/bash
# SPDX-License-Identifier: LGPL-2.1-or-later
set -ex
if [ ! -f "pkg/$DISTRIBUTION/systemd.spec" ]; then
echo "spec not found at pkg/$DISTRIBUTION/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2
exit 1
fi
if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then
TS="$(git show --no-patch --format=%ct HEAD)"
else
TS="${SOURCE_DATE_EPOCH:-$(date +%s)}"
fi
# TODO: Replace meson_build and meson_install overrides with "--undefine __meson_verbose" once
# https://github.com/mesonbuild/meson/pull/12835 is available.
# shellcheck disable=SC2046
rpmbuild \
-bb \
--build-in-place \
--with upstream \
$( ((WITH_TESTS)) || echo --nocheck) \
--define "_topdir /var/tmp" \
--define "_sourcedir pkg/$DISTRIBUTION" \
--define "_rpmdir $PACKAGEDIR" \
${BUILDDIR:+--define} \
${BUILDDIR:+"_vpath_builddir $BUILDDIR"} \
--define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \
--define "_binary_payload w.ufdio" \
--define "debug_package %{nil}" \
--define "version_override $(cat meson.version)" \
--define "release_override $(date "+%Y%m%d%H%M%S" --date "@$TS")" \
--define "_distro_extra_cflags -Og" \
--define "meson_build %{shrink:%{__meson} compile -C %{_vpath_builddir} -j %{_smp_build_ncpus} %{nil}}" \
--define "meson_install %{shrink:DESTDIR=%{buildroot} %{__meson} install -C %{_vpath_builddir} --no-rebuild --quiet %{nil}}" \
--define "meson_extra_configure_options -D mode=developer -D b_sanitize=${SANITIZERS:-none}" \
--define "__brp_strip %{nil}" \
--define "__brp_compress %{nil}" \
--define "__brp_mangle_shebangs %{nil}" \
--define "__brp_strip_comment_note %{nil}" \
--define "__brp_strip_static_archive %{nil}" \
--define "__brp_check_rpaths %{nil}" \
--define "__elf_exclude_path ^/usr/lib/systemd/tests/unit-tests/.*$" \
--define "__script_requires %{nil}" \
--undefine _lto_cflags \
"pkg/$DISTRIBUTION/systemd.spec"

54
mkosi.images/base/mkosi.conf.d/10-centos-fedora/mkosi.conf Normal file
View File

@ -0,0 +1,54 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Match]
Distribution=|centos
Distribution=|fedora
[Config]
InitrdInclude=initrd/
[Content]
Environment=
SYSTEMD_PACKAGES="systemd
systemd-udev
systemd-container
systemd-repart
systemd-resolved
systemd-networkd
systemd-boot
systemd-tests
systemd-ukify
systemd-pam
systemd-oomd-defaults
systemd-journal-remote
systemd-networkd-defaults"
Packages=
bpftool
cryptsetup
dhcp-server
dnf
gnutls
integritysetup
iproute
iproute-tc
kernel-core
libasan
libcap-ng-utils
libubsan
netcat
openssh-clients
openssh-server
p11-kit
pam
passwd
polkit
procps-ng
quota
rpm
rpm-build
rpmautospec
util-linux
vim-common
InitrdPackages=
tpm2-tools

66
mkosi.images/base/mkosi.conf.d/10-centos-fedora/mkosi.prepare Executable file
View File

@ -0,0 +1,66 @@
#!/bin/bash
# SPDX-License-Identifier: LGPL-2.1-or-later
set -ex
if [ ! -f "pkg/$DISTRIBUTION/systemd.spec" ]; then
echo "spec not found at pkg/$DISTRIBUTION/systemd.spec, run mkosi with -ff to make sure the spec is cloned" >&2
exit 1
fi
if [ "$1" = "final" ]; then
DEPS="--requires"
else
DEPS="--buildrequires"
fi
mkosi-chroot \
rpmspec \
--with upstream \
--query \
"$DEPS" \
--define "_topdir /var/tmp" \
--define "_sourcedir pkg/$DISTRIBUTION" \
"pkg/$DISTRIBUTION/systemd.spec" |
grep --invert-match --regexp systemd --regexp /bin/sh --regexp "rpmlib(" --regexp udev |
sort --unique |
tee /tmp/buildrequires |
xargs --delimiter '\n' mkosi-install
if [ "$1" = "final" ]; then
exit 0
fi
# rpmbuild -br tries to build a source package which means all source files have to exist which isn't the
# case when using --build-in-place so we get rid of the source file that doesn't exist to make it happy.
# TODO: Use -bd instead of -br and get rid of this once we don't need to build on CentOS Stream 9 anymore.
sed '/Source0/d' --in-place "pkg/$DISTRIBUTION/systemd.spec"
until mkosi-chroot \
rpmbuild \
-br \
--build-in-place \
--with upstream \
--define "_topdir /var/tmp" \
--define "_sourcedir pkg/$DISTRIBUTION" \
--define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \
"pkg/$DISTRIBUTION/systemd.spec"
do
EXIT_STATUS=$?
if [ $EXIT_STATUS -ne 11 ]; then
exit $EXIT_STATUS
fi
mkosi-chroot \
rpm \
--query \
--package \
--requires \
/var/tmp/SRPMS/systemd-*.buildreqs.nosrc.rpm |
grep --invert-match '^rpmlib(' |
sort --unique >/tmp/dynamic-buildrequires
sort /tmp/buildrequires /tmp/dynamic-buildrequires |
uniq --unique |
tee --append /tmp/buildrequires |
xargs --delimiter '\n' mkosi-install
done

13
mkosi.images/base/mkosi.conf.d/10-centos/mkosi.conf Normal file
View File

@ -0,0 +1,13 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Match]
Distribution=centos
[Content]
Environment=
PKG_URL="https://git.centos.org/rpms/systemd"
PKG_BRANCH="c9s-sig-hyperscale"
Packages=
kernel-modules # For squashfs support
rpmautospec-rpm-macros

77
mkosi.images/base/mkosi.conf.d/10-debian-ubuntu.conf
View File

@ -1,77 +0,0 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Match]
Distribution=|debian
Distribution=|ubuntu
[Content]
Packages=
^libtss2-esys-[0-9\.]+-0$
dmsetup
libapparmor1
libarchive13
libfdisk1
libfido2-1
libglib2.0-0
libgnutls30
libidn2-0
liblz4-1
libmicrohttpd12
libnftnl11
libp11-kit0
libpam0g
libpwquality1
libqrencode4
libssl3
libip4tc2
^libtss2-mu[0-9\.-]+$
libtss2-rc0
libtss2-tcti-device0
tzdata
BuildPackages=
docbook-xsl
dpkg-dev
g++
libacl1-dev
libapparmor-dev
libarchive-dev
libaudit-dev
libblkid-dev
libbpf-dev
libbz2-dev
libcap-dev
libcryptsetup-dev
libcurl4-openssl-dev
libdbus-1-dev
libdw-dev
libfdisk-dev
libfido2-dev
libgcrypt20-dev
libglib2.0-dev
libgnutls28-dev
libidn2-dev
libiptc-dev
libkmod-dev
liblz4-dev
libmicrohttpd-dev
libmount-dev
libnftnl-dev
libp11-kit-dev
libpam0g-dev
libpwquality-dev
libqrencode-dev
libseccomp-dev
libsmartcols-dev
libssl-dev
libtss2-dev
libxen-dev
libxkbcommon-dev
libzstd-dev
python3
python3-jinja2
python3-lxml
python3-pefile
python3-pyelftools
python3-pytest
xsltproc

5
mkosi.images/base/mkosi.conf.d/10-debian-ubuntu/initrd/mkosi.postinst Executable file
View File

@ -0,0 +1,5 @@
#!/bin/bash
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e
mkosi-install systemd udev

89
mkosi.images/base/mkosi.conf.d/10-debian-ubuntu/mkosi.build.chroot Executable file
View File

@ -0,0 +1,89 @@
#!/bin/bash
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e
if [ ! -d "pkg/$DISTRIBUTION/debian" ]; then
echo "deb rules not found at pkg/$DISTRIBUTION/debian, run mkosi once with -ff to make sure the rules are cloned" >&2
exit 1
fi
# We transplant the debian/ folder from the deb package sources into the upstream sources.
mount --mkdir --bind "$SRCDIR/pkg/$DISTRIBUTION/debian" "$SRCDIR"/debian
# We hide the patches/ directory by mounting an empty directory on top so they don't get applied.
TMP=$(mktemp -d)
mount --bind "$TMP" "$SRCDIR"/debian/patches
# While the build directory can be specified through DH_OPTIONS, the default one is hardcoded everywhere so
# we have to use that. Because it is architecture dependent, we query it using dpkg-architecture first.
DEB_HOST_GNU_TYPE="$(dpkg-architecture --query DEB_HOST_GNU_TYPE)"
mount --mkdir --bind "$BUILDDIR" "$SRCDIR/obj-$DEB_HOST_GNU_TYPE"
if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then
TS="$(git show --no-patch --format=%ct HEAD)"
else
TS="${SOURCE_DATE_EPOCH:-$(date +%s)}"
fi
# Add a new changelog entry to update the version. We use a fixed date since a dynamic one causes a full
# rebuild every time.
cat >debian/changelog.new <<EOF
systemd ($(cat meson.version).$(date "+%Y%m%d%H%M%S" --date "@$TS")) UNRELEASED; urgency=low
* Automatic build from mkosi
-- systemd test <systemd-devel@lists.freedesktop.org> $(date --rfc-email --date "@$TS")
EOF
cat debian/changelog >>debian/changelog.new
mv debian/changelog.new debian/changelog
build() {
DEB_BUILD_OPTIONS="$( ((WITH_TESTS)) || echo nocheck) $( ((WITH_DOCS)) || echo nodoc) nostrip terse optimize=-lto" \
DEB_BUILD_PROFILES="$( ((WITH_TESTS)) || echo nocheck) $( ((WITH_DOCS)) || echo nodoc) pkg.systemd.upstream" \
DEB_CFLAGS_APPEND="-Og" \
DPKG_FORCE="unsafe-io" \
DPKG_DEB_COMPRESSOR_TYPE="none" \
DH_MISSING="--fail-missing" \
CONFFLAGS_UPSTREAM="-D mode=developer -D b_sanitize=${SANITIZERS:-none}" \
dpkg-buildpackage \
--no-pre-clean \
--unsigned-changes \
--build=binary
}
if ! build; then
# debhelper installs files for each package to debian/<package> so we figure out which files were
# packaged by querying all the package names from debian/control and running find on each of the
# corresponding package directory in debian/.
grep "Package:" debian/control |
sed "s/Package: //" |
xargs -d '\n' -I {} sh -c "[ -d debian/{} ] && (cd debian/{} && find . ! -type d ! -path "*dh-exec*" -printf '%P\n')" |
# Remove compression suffix from compressed manpages as the manpages in debian/tmp will be uncompressed.
sed --regexp-extended 's/([0-9])\.gz$/\1/' |
sort --unique >/tmp/packaged-files
# We figure out the installed files by running find on debian/tmp/ which contains the files installed
# by meson install.
(cd debian/tmp/ && find . ! -type d ! -path "*dh-exec*" -printf '%P\n') >/tmp/installed-files
if [ -f debian/not-installed ]; then
grep --invert-match "^#" debian/not-installed >>/tmp/installed-files
fi
sort --unique --output /tmp/installed-files /tmp/installed-files
# We get all the installed files that were not packaged by finding entries in the installed file that are
# not in the packaged file.
comm -23 /tmp/installed-files /tmp/packaged-files > /tmp/unpackaged-files
# If there are no unpackaged files something else went wrong.
if [ ! -s /tmp/unpackaged-files ]; then
exit 1
fi
# Otherwise, we append the unpackaged files to the filelist for the systemd package and retry the build.
cat /tmp/unpackaged-files >>debian/systemd.install
build
fi
mv ../*.deb "$PACKAGEDIR"

61
mkosi.images/base/mkosi.conf.d/10-debian-ubuntu/mkosi.conf Normal file
View File

@ -0,0 +1,61 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Match]
Distribution=|debian
Distribution=|ubuntu
[Config]
InitrdInclude=initrd/
[Content]
Environment=
PKG_URL="https://salsa.debian.org/systemd-team/systemd"
PKG_BRANCH="debian/master"
SYSTEMD_PACKAGES="systemd
systemd-userdbd
systemd-oomd
systemd-sysv
systemd-tests
systemd-timesyncd
systemd-resolved
systemd-homed
systemd-coredump
systemd-journal-remote
systemd-container
systemd-boot
systemd-ukify
udev"
Packages=
^libtss2-esys-[0-9.]+-0$
^libtss2-mu-[0-9.]+-0$
apt
btrfs-progs
cryptsetup-bin
dbus-broker
default-dbus-session-bus
dmsetup
f2fs-tools
fdisk
iproute2
isc-dhcp-server
libcap-ng-utils
libtss2-rc0
libtss2-tcti-device0
netcat-openbsd
openssh-client
openssh-server
passwd
policykit-1
procps
quota
sbsigntool
tzdata
xxd
InitrdPackages=
btrfs-progs
tpm2-tools
BuildPackages=
dpkg-dev

15
mkosi.images/base/mkosi.conf.d/10-debian-ubuntu/mkosi.prepare Executable file
View File

@ -0,0 +1,15 @@
#!/bin/bash
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e
if [ "$1" = "final" ]; then
exit 0
fi
if [ ! -d "pkg/$DISTRIBUTION/debian" ]; then
echo "deb rules not found at pkg/$DISTRIBUTION/debian, run mkosi once with -ff to make sure the rules are cloned" >&2
exit 1
fi
cd "pkg/$DISTRIBUTION"
DEB_BUILD_PROFILES="pkg.systemd.upstream" apt-get build-dep .

7
mkosi.images/base/mkosi.conf.d/10-debian.conf → mkosi.images/base/mkosi.conf.d/10-debian/mkosi.conf
View File

@ -2,10 +2,3 @@
[Match]
Distribution=debian
[Content]
Packages=
libbpf1
BuildPackages=
bpftool

2
mkosi.images/system/mkosi.conf.d/10-debian-amd64.conf → mkosi.images/base/mkosi.conf.d/10-debian/mkosi.conf.d/amd64.conf
View File

@ -1,10 +1,8 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Match]
Distribution=debian
Architecture=x86-64
[Content]
Packages=
bpftool
linux-image-cloud-amd64

2
mkosi.images/system/mkosi.conf.d/10-debian-arm64.conf → mkosi.images/base/mkosi.conf.d/10-debian/mkosi.conf.d/arm64.conf
View File

@ -1,10 +1,8 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Match]
Distribution=debian
Architecture=arm64
[Content]
Packages=
bpftool
linux-image-cloud-arm64

9
mkosi.images/base/mkosi.conf.d/10-fedora.conf
View File

@ -1,9 +0,0 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Match]
Distribution=fedora
[Content]
BuildPackages=
python3dist(pytest-flakes)
pkgconfig(xencontrol)

7
mkosi.images/system/mkosi.conf.d/10-fedora.conf → mkosi.images/base/mkosi.conf.d/10-fedora/mkosi.conf
View File

@ -4,9 +4,16 @@
Distribution=fedora
[Content]
Environment=
PKG_URL="https://src.fedoraproject.org/rpms/systemd"
PKG_BRANCH="rawhide"
Packages=
btrfs-progs
compsize
f2fs-tools
glibc-langpack-en
sbsigntools
InitrdPackages=
btrfs-progs

95
mkosi.images/base/mkosi.conf.d/10-opensuse.conf
View File

@ -1,95 +0,0 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Match]
Distribution=opensuse
[Content]
# We install gawk, gzip, grep, xz, sed, rsync and docbook-xsl-stylesheets here explicitly so that the busybox
# versions don't get installed instead.
Packages=
device-mapper
distribution-release
docbook-xsl-stylesheets
gawk
grep
gzip
libbpf1
libarchive13
libcrypt1
libcryptsetup12
libdw1
libelf1
libfido2
libgcrypt20
libglib-2_0-0
libkmod2
libmount1
libnftnl11
libopenssl3
libp11-kit0
libqrencode4
libseccomp2
libtss2-esys0
libtss2-mu0
libtss2-rc0
libtss2-tcti-device0
libxkbcommon0
libzstd1
pam
rsync
sed
shadow
tpm2-0-tss
xz
BuildPackages=
audit-devel
bpftool
cross-bpf-gcc13
dbus-1-devel
fdupes
gcc-c++
glib2-devel
glibc-locale
intltool
libacl-devel
libapparmor-devel
libarchive-devel
libblkid-devel
libbpf-devel
libbz2-devel
libcap-devel
libcryptsetup-devel
libcurl-devel
libdw-devel
libelf-devel
libfdisk-devel
libfido2-devel
libgcrypt-devel
libgnutls-devel
libkmod-devel
liblz4-devel
libmicrohttpd-devel
libmount-devel
libnftnl-devel
libpwquality-devel
libseccomp-devel
libselinux-devel
libxkbcommon-devel
libxslt-tools
libzstd-devel
openssl-devel
pam-devel
pciutils-devel
python3
python3-Jinja2
python3-lxml
python3-pefile
python3-pyelftools
python3-pytest
python3-pytest-flakes
qrencode-devel
shadow
timezone
tpm2-0-tss-devel
xen-devel

2
mkosi.images/initrd/mkosi.postinst → mkosi.images/base/mkosi.conf.d/10-opensuse/initrd/mkosi.postinst
View File

@ -5,3 +5,5 @@ set -e
# OpenSUSE insists on blacklisting erofs by default because its supposedly a legacy filesystem.
# See https://github.com/openSUSE/suse-module-tools/pull/71
rm -f "$BUILDROOT/usr/lib/modprobe.d/60-blacklist_fs-erofs.conf"
mkosi-install systemd udev

63
mkosi.images/base/mkosi.conf.d/10-opensuse/mkosi.build.chroot Executable file
View File

@ -0,0 +1,63 @@
#!/bin/bash
# SPDX-License-Identifier: LGPL-2.1-or-later
set -ex
if [ ! -f "pkg/$DISTRIBUTION/systemd.spec" ]; then
echo "spec not found at pkg/$DISTRIBUTION/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2
exit 1
fi
if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then
TS="$(git show --no-patch --format=%ct HEAD)"
else
TS="${SOURCE_DATE_EPOCH:-$(date +%s)}"
fi
# The openSUSE filelists hardcode the manpage compression extension. This causes rpmbuild errors since we
# disable manpage compression as the files cannot be found. Fix the issue by removing the compression
# extension.
find "pkg/$DISTRIBUTION" -name "files.*" -exec sed --in-place 's/\.gz$//' {} \;
build() {
# TODO: Replace meson_build and meson_install overrides with "--undefine __meson_verbose" once
# https://github.com/mesonbuild/meson/pull/12835 is available.
# shellcheck disable=SC2046
rpmbuild \
-bb \
--build-in-place \
--with upstream \
$( ((WITH_TESTS)) || echo --nocheck) \
--define "_topdir /var/tmp" \
--define "_sourcedir pkg/$DISTRIBUTION" \
--define "_rpmdir $PACKAGEDIR" \
${BUILDDIR:+--define} \
${BUILDDIR:+"_vpath_builddir $BUILDDIR"} \
--define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \
--define "_binary_payload w.ufdio" \
--define "debug_package %{nil}" \
--define "vendor openSUSE" \
--define "version_override $(cat meson.version)" \
--define "release_override $(date "+%Y%m%d%H%M%S" --date "@$TS")" \
--define "__check_files sh -c '$(rpm --eval %__check_files) | tee /tmp/unpackaged-files'" \
--define "meson_build %{shrink:%{__meson} compile -C %{_vpath_builddir} -j %{_smp_build_ncpus} %{nil}}" \
--define "meson_install %{shrink:DESTDIR=%{buildroot} %{__meson} install -C %{_vpath_builddir} --no-rebuild --quiet %{nil}}" \
--define "meson_extra_configure_options -D mode=developer -D b_sanitize=${SANITIZERS:-none}" \
--define "__os_install_post /usr/lib/rpm/brp-suse %{nil}" \
--define "__elf_exclude_path ^/usr/lib/systemd/tests/unit-tests/.*$" \
--define "__script_requires %{nil}" \
"$@" \
"pkg/$DISTRIBUTION/systemd.spec"
}
if ! build; then
if [ ! -s /tmp/unpackaged-files ]; then
exit 1
fi
# rpm will append to any existing systemd.lang so delete it explicitly so we don't get duplicate file
# warnings.
rm systemd.lang
cat /tmp/unpackaged-files >>"pkg/$DISTRIBUTION/files.systemd"
build --noprep --nocheck
fi

55
mkosi.images/base/mkosi.conf.d/10-opensuse/mkosi.conf Normal file
View File

@ -0,0 +1,55 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Match]
Distribution=opensuse
[Config]
InitrdInclude=initrd/
[Content]
Environment=
PKG_URL="https://code.opensuse.org/package/systemd"
PKG_BRANCH="master"
SYSTEMD_PACKAGES="systemd
udev
systemd-experimental
systemd-boot
systemd-container
systemd-homed
systemd-network
systemd-portable
systemd-sysvcompat
systemd-testsuite"
# We install gawk, gzip, grep, xz, sed, rsync and docbook-xsl-stylesheets here explicitly so that the busybox
# versions don't get installed instead.
Packages=
bpftool
btrfs-progs
cryptsetup
dbus-broker
device-mapper
distribution-release
docbook-xsl-stylesheets
f2fs-tools
gawk
glibc-locale-base
grep
gzip
kernel-kvmsmall
openssh-clients
openssh-server
pam
quota
rpm-build
rsync
sbsigntools
sed
shadow
timezone
vim
xz
InitrdPackages=
btrfs-progs
tpm2.0-tools

61
mkosi.images/base/mkosi.conf.d/10-opensuse/mkosi.prepare Executable file
View File

@ -0,0 +1,61 @@
#!/bin/bash
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e
if [ ! -f "pkg/$DISTRIBUTION/systemd.spec" ]; then
echo "spec not found at pkg/$DISTRIBUTION/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2
exit 1
fi
if [ "$1" = "final" ]; then
DEPS="--requires"
else
DEPS="--buildrequires"
fi
mkosi-chroot \
rpmspec \
--with upstream \
--query \
"$DEPS" \
--define "_topdir /var/tmp" \
--define "_sourcedir pkg/$DISTRIBUTION" \
"pkg/$DISTRIBUTION/systemd.spec" |
grep --invert-match --regexp systemd --regexp /bin/sh --regexp "rpmlib(" --regexp udev |
sort --unique |
tee /tmp/buildrequires |
xargs --delimiter '\n' mkosi-install
if [ "$1" = "final" ]; then
exit 0
fi
until mkosi-chroot \
rpmbuild \
-bd \
--build-in-place \
--with upstream \
--define "_topdir /var/tmp" \
--define "_sourcedir pkg/$DISTRIBUTION" \
--define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \
"pkg/$DISTRIBUTION/systemd.spec"
do
EXIT_STATUS=$?
if [ $EXIT_STATUS -ne 11 ]; then
exit $EXIT_STATUS
fi
mkosi-chroot \
rpm \
--query \
--package \
--requires \
/var/tmp/SRPMS/systemd-*.buildreqs.nosrc.rpm |
grep --invert-match '^rpmlib(' |
sort --unique >/tmp/dynamic-buildrequires
sort /tmp/buildrequires /tmp/dynamic-buildrequires |
uniq --unique |
tee --append /tmp/buildrequires |
xargs --delimiter '\n' mkosi-install
done

5
mkosi.images/base/mkosi.conf.d/10-ubuntu.conf → mkosi.images/base/mkosi.conf.d/10-ubuntu/mkosi.conf
View File

@ -5,8 +5,7 @@ Distribution=ubuntu
[Content]
Packages=
libbpf0
BuildPackages=
# We would like to use linux-virtual but it does not have support for SMBIOS credentials.
linux-image-generic
linux-tools-common
linux-tools-generic

0
mkosi.images/system/mkosi.extra/etc/issue → mkosi.images/base/mkosi.extra/etc/issue
View File

0
mkosi.images/system/mkosi.extra/usr/lib/systemd/journald.conf.d/50-persistent.conf → mkosi.images/base/mkosi.extra/usr/lib/systemd/journald.conf.d/50-persistent.conf
View File

0
mkosi.images/system/mkosi.extra/usr/lib/systemd/mkosi-check-and-shutdown.sh → mkosi.images/base/mkosi.extra/usr/lib/systemd/mkosi-check-and-shutdown.sh
View File

0
mkosi.images/system/mkosi.extra/usr/lib/systemd/system/mkosi-check-and-shutdown.service → mkosi.images/base/mkosi.extra/usr/lib/systemd/system/mkosi-check-and-shutdown.service
View File

0
mkosi.images/system/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf → mkosi.images/base/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf
View File

0
mkosi.images/system/mkosi.extra/usr/share/factory/mkosi/gdbinit.d/systemd.gdb → mkosi.images/base/mkosi.extra/usr/share/factory/mkosi/gdbinit.d/systemd.gdb
View File

0
mkosi.images/system/mkosi.finalize → mkosi.images/base/mkosi.finalize
View File

6
mkosi.images/base/mkosi.postinst Executable file
View File

@ -0,0 +1,6 @@
#!/bin/bash
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e
# shellcheck disable=SC2086
mkosi-install $SYSTEMD_PACKAGES

25
mkosi.images/system/mkosi.postinst.chroot → mkosi.images/base/mkosi.postinst.chroot
View File

@ -2,10 +2,6 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e
if [ "$1" = "build" ]; then
exit 0
fi
if [ -n "$SANITIZERS" ]; then
LD_PRELOAD=$(ldd /usr/lib/systemd/systemd | grep libasan.so | awk '{print $3}')
@ -48,22 +44,6 @@ EOF
systemctl mask systemd-hwdb-update.service
fi
if [ -n "$IMAGE_ID" ] ; then
sed -n \
-i \
-e '/^IMAGE_ID=/!p' \
-e "\$aIMAGE_ID=$IMAGE_ID" \
/usr/lib/os-release
fi
if [ -n "$IMAGE_VERSION" ] ; then
sed -n \
-i \
-e '/^IMAGE_VERSION=/!p' \
-e "\$aIMAGE_VERSION=$IMAGE_VERSION" \
/usr/lib/os-release
fi
if command -v authselect >/dev/null; then
# authselect 1.5.0 renamed the minimal profile to the local profile without keeping backwards compat so
# let's use the new name if it exists.
@ -87,11 +67,6 @@ rm -f /etc/resolv.conf
. /usr/lib/os-release
if [ "$ID" = "centos" ] && [ "$VERSION" = "8" ]; then
alternatives --install /usr/bin/python3 python3 /usr/bin/python3.9 1
alternatives --set python3 /usr/bin/python3.9
fi
mkdir -p /usr/lib/sysusers.d
cat >/usr/lib/sysusers.d/testuser.conf <<EOF
u testuser 4711 "Test User" /home/testuser

13
mkosi.images/base/mkosi.sync Executable file
View File

@ -0,0 +1,13 @@
#!/bin/bash
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e
if ((CACHED)); then
exit 0
fi
if [ -z "$(ls --almost-all "pkg/$DISTRIBTION")" ]; then
git clone "$PKG_URL" --branch "$PKG_BRANCH" "pkg/$DISTRIBUTION"
elif [ -d "pkg/$DISTRIBUTION/.git" ] && [ "$(git -C "pkg/$DISTRIBUTION" rev-parse --abbrev-ref HEAD)" = "$PKG_BRANCH" ]; then
git -C "pkg/$DISTRIBUTION" pull
fi

30
mkosi.images/initrd/mkosi.conf
View File

@ -1,30 +0,0 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Config]
Dependencies=base
[Output]
Format=cpio
[Content]
BaseTrees=%O/base
ExtraTrees=%O/base-systemd
MakeInitrd=yes
Bootable=no
BuildPackages=
Packages=
Packages=
gzip
systemd
udev
# Arch Linux doesn't split their gcc-libs package so we manually remove unneeded stuff here to make sure it
# doesn't end up in the initrd.
RemoveFiles=
/usr/lib/libgfortran.so*
/usr/lib/libgo.so*
/usr/lib/libgomp.so*
/usr/lib/libgphobos.so*
/usr/lib/libobjc.so*
/usr/lib/libstdc++.so*

12
mkosi.images/initrd/mkosi.conf.d/10-centos.conf
View File

@ -1,12 +0,0 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Match]
Distribution=centos
[Output]
# TODO: Switch to zstd once we stop building CentOS Stream 8.
CompressOutput=xz
[Content]
Packages=xfsprogs
tpm2-tools

12
mkosi.images/initrd/mkosi.conf.d/10-default.conf
View File

@ -1,12 +0,0 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Match]
Distribution=!centos
Distribution=!opensuse
[Output]
CompressOutput=zst
[Content]
Packages=btrfs-progs
tpm2-tools

11
mkosi.images/initrd/mkosi.conf.d/10-opensuse.conf
View File

@ -1,11 +0,0 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Match]
Distribution=opensuse
[Output]
CompressOutput=zst
[Content]
Packages=btrfs-progs
tpm2.0-tools

42
mkosi.images/system/mkosi.conf
View File

@ -3,49 +3,15 @@
[Config]
Dependencies=base
[Distribution]
CacheOnly=metadata
[Output]
@Format=directory
[Content]
Autologin=yes
BaseTrees=%O/base
ExtraTrees=%O/base-systemd
Packages=
acl
bash-completion
coreutils
diffutils
dnsmasq
dosfstools
e2fsprogs
findutils
gcc # Sanitizer libraries
gdb
grep
gzip
kbd
kexec-tools
less
mtools
nano
nftables
openssl
qrencode
sed
socat
strace
systemd
tmux
tar
tree
udev
util-linux
valgrind
wireguard-tools
xfsprogs
zsh
BuildPackages=
Initrds=%O/base.initrd
[Validation]
@SecureBoot=yes

12
mkosi.images/system/mkosi.conf.d/05-initrd.conf
View File

@ -1,12 +0,0 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Match]
Bootable=!no
Format=|disk
Format=|directory
[Config]
Dependencies=initrd
[Content]
Initrds=%O/initrd

28
mkosi.images/system/mkosi.conf.d/10-arch.conf
View File

@ -1,28 +0,0 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Match]
Distribution=arch
[Content]
Packages=
bpf
btrfs-progs
compsize
dhcp
f2fs-tools
glib2
iproute
linux
man-db
openbsd-netcat
openssh
pacman
polkit
python-pefile
python-psutil
python-pytest
python3
quota-tools
sbsigntools
shadow
vim

33
mkosi.images/system/mkosi.conf.d/10-centos-fedora.conf
View File

@ -1,33 +0,0 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Match]
Distribution=|centos
Distribution=|fedora
[Content]
Packages=
bpftool
cryptsetup
dhcp-server
dnf
glib2
integritysetup
iproute
iproute-tc
kernel-core
libcap-ng-utils
netcat
openssh-server
openssh-clients
p11-kit
pam
passwd
polkit
procps-ng
python3
python3dist(pefile)
python3dist(pluggy) # python3-pluggy is a pytest dependency that's not installed for some reason.
python3dist(psutil)
python3dist(pytest)
quota
vim-common

4
mkosi.images/system/mkosi.conf.d/10-centos/mkosi.conf
View File

@ -2,7 +2,3 @@
[Match]
Distribution=centos
[Content]
Packages=
kernel-modules # For squashfs support

5
mkosi.images/system/mkosi.conf.d/10-centos/mkosi.repart/10-usr.conf.d/squashfs.conf
View File

@ -1,5 +0,0 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
# CentOS does not support erofs so we use squashfs instead.
[Partition]
Format=squashfs

31
mkosi.images/system/mkosi.conf.d/10-debian-ubuntu.conf
View File

@ -1,31 +0,0 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Match]
Distribution=|debian
Distribution=|ubuntu
[Content]
Packages=
apt
btrfs-progs
cryptsetup-bin
dbus-broker
default-dbus-session-bus
f2fs-tools
fdisk
iproute2
isc-dhcp-server
libcap-ng-utils
netcat-openbsd
openssh-server
openssh-client
sbsigntool
passwd
policykit-1
procps
python3
python3-pefile
python3-psutil
python3-pytest
quota
xxd

25
mkosi.images/system/mkosi.conf.d/10-opensuse.conf
View File

@ -1,25 +0,0 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Match]
Distribution=opensuse
[Content]
Packages=
bpftool
btrfs-progs
cryptsetup
dbus-broker
f2fs-tools
glibc-locale-base
kernel-kvmsmall
libcap-ng-utils
openssh-server
openssh-clients
python3
python3-pefile
python3-psutil
python3-pytest
quota
sbsigntools
shadow
vim

14
mkosi.images/system/mkosi.conf.d/10-ubuntu.conf
View File

@ -1,14 +0,0 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Match]
Distribution=ubuntu
[Content]
Packages=
# We would like to use linux-image-kvm but it does not have support for SMBIOS credentials.
linux-image-generic
linux-tools-common
linux-tools-generic
# "orphan_file" is enabled by default in recent versions of mkfs.ext4 but not supported by the Jammy kernel
# so we explicitly disable it.
Environment=SYSTEMD_REPART_MKFS_OPTIONS_EXT4="-O ^orphan_file"

4
mkosi.images/system/mkosi.repart/00-esp.conf
View File

@ -5,5 +5,5 @@ Type=esp
Format=vfat
CopyFiles=/boot:/
CopyFiles=/efi:/
SizeMinBytes=512M
SizeMaxBytes=512M
SizeMinBytes=1G
SizeMaxBytes=1G