mkosi: Make sure our systemd build always overrides the distros

Currently, we install the systemd install tree in the base image and then build the initrd and final images from the base image. This means if that any systemd package is pulled in during the initrd or final image builds, it will override our version. To fix this, we stop installing our build of systemd in the base image, and store it in the output directory instead. That allows us to refer to it using ExtraTrees= in the final and initrd image builds to install it after all the distro packages have been installed, ensuring our version always takes priority.
2024-10-27 18:55:40 +03:00 · 2023-08-04 10:40:30 +02:00 · 2023-08-04 10:40:30 +02:00 · 6ac5aa97ec
commit 6ac5aa97ec
parent f2f8ed193c
8 changed files with 32 additions and 20 deletions
--- a/mkosi.presets/00-base/mkosi.build
+++ b/mkosi.presets/00-base/mkosi.build
@ -9,6 +9,11 @@ if [ "${container:-}" != "mkosi" ]; then
    exec mkosi-chroot "$SCRIPT" "$@"
 fi

+# We don't want to install our build of systemd in the base image, but use it as an extra tree for the
+# initrd and final images, so override DESTDIR to store it in the output directory so we can reference it as
+# an extra tree in the initrd and final image builds.
+DESTDIR="$OUTPUTDIR/systemd"
+
 # If mkosi.builddir/ exists mkosi will set $BUILDDIR to it, let's then use it
 # as out-of-tree build dir. Otherwise, let's make up our own builddir.
 [ -z "$BUILDDIR" ] && BUILDDIR="$PWD"/build
@ -29,7 +34,8 @@ done
 # CentOS Stream 8 includes bpftool 4.18.0 which is lower than what we need. However, they've backported the
 # specific feature we need ("gen skeleton") to this version, so we replace bpftool with a script that reports
 # version 5.6.0 to satisfy meson which makes bpf work on CentOS Stream 8 as well.
-if [ "$(grep '^ID=' /etc/os-release)" = "ID=\"centos\"" ] && [ "$(grep '^VERSION=' /etc/os-release)" = "VERSION=\"8\"" ]; then
+. /usr/lib/os-release
+if [ "$ID" = "centos" ] && [ "$VERSION" = "8" ]; then
    cat >"$BUILDDIR"/bpftool <<EOF
 #!/bin/sh
 if [ "\$1" = --version ]; then
@ -44,7 +50,6 @@ fi
 if [ ! -f "$BUILDDIR"/build.ninja ]; then
    sysvinit_path=$(realpath /etc/init.d)

-    . /etc/os-release
    if [ "$ID" = "centos" ] && [ "$VERSION" = "8" ]; then
        UKIFY=false
    else
@ -157,7 +162,7 @@ if [ ! -f "$BUILDDIR"/build.ninja ]; then
    # On debian-like systems the library directory is not /usr/lib64 but /usr/lib/<arch-triplet>/.
    # It is important to use the right one especially for cryptsetup plugins, otherwise they will be
    # installed in the wrong directory and not be found by cryptsetup. Assume native build.
-    if grep -q -e "ID=debian" -e "ID_LIKE=debian" /etc/os-release && command -v dpkg 2>/dev/null; then
+    if grep -q -e "ID=debian" -e "ID_LIKE=debian" /usr/lib/os-release && command -v dpkg 2>/dev/null; then
        CONFIGURE_OPTS+=(
            -D libdir="/usr/lib/$(dpkg-architecture -qDEB_HOST_MULTIARCH)"
            -D pamlibdir="/usr/lib/$(dpkg-architecture -qDEB_HOST_MULTIARCH)/security"
@ -167,7 +172,7 @@ if [ ! -f "$BUILDDIR"/build.ninja ]; then
    # Set various uids and gids for which Fedora has "soft static" allocations.
    # Without this, we would get warning about mismatched sysusers.d entries
    # between the files that we and Fedora's setup package install.
-    if grep -q '^ID=fedora' /etc/os-release; then
+    if grep -q '^ID=fedora' /usr/lib/os-release; then
        CONFIGURE_OPTS+=(
            -Dadm-gid=4
            -Daudio-gid=63
@ -192,7 +197,7 @@ if [ ! -f "$BUILDDIR"/build.ninja ]; then
        )
    fi

-    if grep -q '^ID="opensuse' /etc/os-release; then
+    if grep -q '^ID="opensuse' /usr/lib/os-release; then
        CONFIGURE_OPTS+=(
            -Dbpf-compiler=gcc
        )
--- a/mkosi.presets/00-base/mkosi.conf
+++ b/mkosi.presets/00-base/mkosi.conf
@ -9,8 +9,7 @@ CleanPackageMetadata=no
 Packages=
        kmod
        less
-        systemd
-        udev
+        util-linux

 BuildPackages=
        acl
--- a/mkosi.presets/00-base/mkosi.conf.d/10-arch.conf
+++ b/mkosi.presets/00-base/mkosi.conf.d/10-arch.conf
@ -5,16 +5,18 @@ Distribution=arch

 [Content]
 Packages=
+        cryptsetup
+        dbus
        gnutls
        libbpf
        libfido2
        libmicrohttpd
        libnftnl
        libpwquality
+        libseccomp
        libxkbcommon
        openssl
        qrencode
-        systemd-sysvcompat
        tpm2-tss

 BuildPackages=
--- a/mkosi.presets/00-base/mkosi.conf.d/10-debian-ubuntu.conf
+++ b/mkosi.presets/00-base/mkosi.conf.d/10-debian-ubuntu.conf
@ -21,8 +21,6 @@ Packages=
        libqrencode4
        libssl3
        libtss2-dev # Use the -dev package to avoid churn in updating version numbers
-        systemd
-        systemd-sysv
        tzdata

 BuildPackages=
--- a/mkosi.presets/00-base/mkosi.conf.d/10-opensuse.conf
+++ b/mkosi.presets/00-base/mkosi.conf.d/10-opensuse.conf
@ -4,9 +4,12 @@
 Distribution=opensuse

 [Content]
-# We install gawk, gzip, grep, xz here explicitly so that the busybox versions don't get installed instead.
+# We install gawk, gzip, grep, xz, sed, rsync and docbook-xsl-stylesheets here explicitly so that the busybox
+# versions don't get installed instead.
 Packages=
        device-mapper
+        distribution-release
+        docbook-xsl-stylesheets
        gawk
        grep
        gzip
@ -25,16 +28,16 @@ Packages=
        libp11-kit0
        libqrencode4
        libseccomp2
-        libxkbcommon0
-        libzstd1
-        pam
-        shadow
        libtss2-esys0
        libtss2-mu0
        libtss2-rc0
        libtss2-tcti-device0
-        # Workaround for CI issue with our stub getting overwritten
-        systemd-boot
+        libxkbcommon0
+        libzstd1
+        pam
+        rsync
+        sed
+        shadow
        tpm2-0-tss
        xz

@ -43,7 +46,6 @@ BuildPackages=
        bpftool
        cross-bpf-gcc13
        dbus-1-devel
-        docbook-xsl-stylesheets
        fdupes
        gcc-c++
        glib2-devel
@ -84,7 +86,6 @@ BuildPackages=
        python3-pytest-flakes
        qrencode-devel
        shadow
-        systemd-sysvinit
        timezone
        tpm2-0-tss-devel
        xen-devel
--- a/mkosi.presets/10-initrd/mkosi.conf
+++ b/mkosi.presets/10-initrd/mkosi.conf
@ -9,7 +9,11 @@ Format=cpio

 [Content]
 BaseTrees=../../mkosi.output/base
+ExtraTrees=../../mkosi.output/base-systemd
 MakeInitrd=yes
+Packages=
+        systemd
+        udev

 # Arch Linux doesn't split their gcc-libs package so we manually remove unneeded stuff here to make sure it
 # doesn't end up in the initrd.
--- a/mkosi.presets/20-final/mkosi.conf
+++ b/mkosi.presets/20-final/mkosi.conf
@ -3,6 +3,7 @@
 [Content]
 Autologin=yes
 BaseTrees=../../mkosi.output/base
+ExtraTrees=../../mkosi.output/base-systemd
 ExtraTrees=../../src:/root/src
 Initrds=../../mkosi.output/initrd
 Packages=
@ -28,8 +29,10 @@ Packages=
        sed
        socat
        strace
+        systemd
        tmux
        tree
+        udev
        util-linux
        valgrind
        wireguard-tools
--- a/mkosi.presets/20-final/mkosi.postinst
+++ b/mkosi.presets/20-final/mkosi.postinst
@ -79,7 +79,7 @@ fi
 # Let tmpfiles.d/systemd-resolve.conf handle the symlink
 rm -f /etc/resolv.conf

-. /etc/os-release
+. /usr/lib/os-release

 if [ "$ID" = "centos" ] && [ "$VERSION" = "8" ]; then
    alternatives --install /usr/bin/python3 python3 /usr/bin/python3.9 1