shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-03-19 22:50:17 +03:00
Code

Merge pull request #33735 from DaanDeMeyer/backport-mkosi

Browse Source 
v256-stable: Backport mkosi and test related changes
This commit is contained in:
Daan De Meyer 2024-07-16 17:51:55 +02:00 committed by GitHub
commit ad444842e0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
79 changed files with 750 additions and 402 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
.github/workflows/mkosi.yml vendored
View File

@ -96,10 +96,16 @@ jobs:
llvm: 0
cflags: "-Og"
relabel: yes
- distro: centos
release: "10"
sanitizers: ""
llvm: 0
cflags: "-Og"
relabel: yes
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
- uses: systemd/mkosi@4681dd733a925cd048d0301af26221bce0c95eed
- uses: systemd/mkosi@7e975957a6af65c2e70428b6cda0c163ca7e1adc
# Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space
# immediately, we remove the files in the background. However, we first move them to a different location

4
docs/ENVIRONMENT.md
View File

@ -634,6 +634,10 @@ SYSTEMD_HOME_DEBUG_SUFFIX=foo \
* `$SYSTEMD_REPART_OVERRIDE_FSTYPE` if set the value will override the file
system type specified in Format= lines in partition definition files.
Additionally, the filesystem for all partitions with a specific designator can
be overridden via a correspondingly named environment variable. For example,
to override the filesystem type for all partitions with `Type=root`, you can
set `SYSTEMD_REPART_OVERRIDE_FSTYPE_ROOT=ext4`.
`systemd-nspawn`, `systemd-networkd`:

57
mkosi.conf
View File

@ -2,7 +2,25 @@
[Config]
MinimumVersion=23~devel
InitrdInclude=mkosi.initrd/
Dependencies=
exitrd
initrd
minimal-base
minimal-0
minimal-1
PassEnvironment=
NO_BUILD
NO_SYNC
WIPE
SANITIZERS
CFLAGS
LDFLAGS
LLVM
MESON_VERBOSE
MESON_OPTIONS
SYSEXT
WITH_DEBUG
[Output]
RepartDirectories=mkosi.repart
@ -14,11 +32,20 @@ CacheDirectory=build/mkosi.cache
BuildSourcesEphemeral=yes
Autologin=yes
PostInstallationScripts=mkosi.sanitizers.chroot
ExtraTrees=
mkosi.crt:/usr/lib/verity.d/mkosi.crt # sysext verification key
mkosi.leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions
mkosi.coredump-journal-storage.conf:/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf
%O/minimal-0.root-%a.raw:/usr/share/minimal_0.raw
%O/minimal-0.root-%a-verity.raw:/usr/share/minimal_0.verity
%O/minimal-0.root-%a-verity-sig.raw:/usr/share/minimal_0.verity.sig
%O/minimal-1.root-%a.raw:/usr/share/minimal_1.raw
%O/minimal-1.root-%a-verity.raw:/usr/share/minimal_1.verity
%O/minimal-1.root-%a-verity-sig.raw:/usr/share/minimal_1.verity.sig
%O/minimal-base:/usr/share/TEST-13-NSPAWN-container-template
%O/exitrd:/exitrd
Initrds=%O/initrd
Environment=
SYSTEMD_REPART_OVERRIDE_FSTYPE_ROOT=%F
@ -53,40 +80,23 @@ KernelCommandLine=systemd.crash_shell
# These don't ship proper units with [Install] directives so we have to mask them instead.
systemd.mask=isc-dhcp-server.service
systemd.mask=mdmonitor.service
psi=1
KernelModulesInitrdExclude=.*
KernelModulesInitrdInclude=default
ExtraTrees=
%O/minimal-0.root-%a.raw:/usr/share/minimal_0.raw
%O/minimal-0.root-%a-verity.raw:/usr/share/minimal_0.verity
%O/minimal-0.root-%a-verity-sig.raw:/usr/share/minimal_0.verity.sig
%O/minimal-1.root-%a.raw:/usr/share/minimal_1.raw
%O/minimal-1.root-%a-verity.raw:/usr/share/minimal_1.verity
%O/minimal-1.root-%a-verity-sig.raw:/usr/share/minimal_1.verity.sig
%O/minimal-base:/usr/share/TEST-13-NSPAWN-container-template
%O/exitrd:/exitrd
InitrdPackages=
btrfs-progs
findutils
grep
sed
Packages=
acl
attr
bash-completion
binutils
bpftrace
btrfs-progs
clang
coreutils
curl
diffutils
dnsmasq
dosfstools
e2fsprogs
erofs-utils
findutils
gdb
grep
@ -95,10 +105,7 @@ Packages=
kbd
kexec-tools
kmod
knot
less
lld
llvm
lvm2
man
mdadm
@ -111,13 +118,11 @@ Packages=
p11-kit
pciutils
python3
qrencode
radvd
rsync
sed
socat
strace
systemd
tar
tmux
tree

24
mkosi.conf.d/10-arch/mkosi.conf
View File

@ -4,11 +4,6 @@
Distribution=arch
[Content]
Environment=
GIT_URL=https://gitlab.archlinux.org/archlinux/packaging/packages/systemd.git
GIT_BRANCH=main
GIT_COMMIT=d74b24c7c6077740c35a876445febe6d26bf013c
VolatilePackages=
systemd
systemd-libs
@ -20,20 +15,19 @@ VolatilePackages=
Packages=
bind
bpf
compiler-rt
btrfs-progs
compsize
cryptsetup
dbus-broker
dbus-broker-units
debugedit
dhcp
erofs-utils
f2fs-tools
fakeroot
git
gnutls
gnutls
iproute
iputils
knot
linux
man-db
multipath-tools
@ -43,12 +37,12 @@ Packages=
openssl
pacman
perf
pkgconf
polkit
procps-ng
psmisc
python-pexpect
python-psutil
qrencode
quota-tools
sbsigntools
shadow
@ -57,14 +51,4 @@ Packages=
stress-ng
tgt
tpm2-tools
tpm2-tss
vim
InitrdPackages=
compiler-rt
tpm2-tools
InitrdVolatilePackages=
systemd
systemd-libs
systemd-sysvcompat

42
mkosi.conf.d/10-arch/mkosi.prepare
View File

@ -2,28 +2,32 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e
if [ "$1" = "build" ] || ((NO_BUILD)); then
if [[ "$1" == "build" ]]; then
exit 0
fi
# shellcheck source=/dev/null
. "$BUILDROOT/usr/lib/os-release"
DEPS=""
if [ ! -f "pkg/$ID/PKGBUILD" ]; then
echo "PKGBUILD not found at pkg/$ID/PKGBUILD, run mkosi once with -ff to make sure the PKGBUILD is cloned" >&2
exit 1
fi
while read -r PACKAGE; do
DEPS="$DEPS $(
pacman --sync --info "$PACKAGE" |
sed '1,/^$/d' | # Only keep result from first repository (delete everything after first blank line).
sed --quiet 's/^Depends On *: //p' # Filter out everything except "Depends On:" line and fetch dependencies from it.
)"
# We get depends and optdepends from .SRCINFO as getting them from the PKGBUILD is rather complex.
sed --expression 's/^[ \t]*//' "pkg/$ID/.SRCINFO" |
grep --regexp '^depends =' --regexp '^optdepends =' |
sed --expression 's/^depends = //' --expression 's/^optdepends = //' --expression 's/:.*//' --expression 's/=.*//' |
xargs --delimiter '\n' mkosi-install
DEPS="$DEPS $(
pacman --sync --info "$PACKAGE" |
sed '1,/^$/d' | # Only keep result from first repository (delete everything after first blank line).
sed --quiet '/Optional Deps/,/Conflicts With/{/Conflicts With/!p}' | # Get every line from "Optional Deps" (inclusive) until "Conflicts With" (exclusive).
sed 's/Optional Deps *: //' | # Drop "Optional Deps :" from first line.
sed 's/ *\(.*\):.*/\1/' | # Drop descriptions (everything after first colon for all lines).
tr '\n' ' ' # Transform newlines to whitespace.
)"
done < <(jq --raw-output .VolatilePackages[] <"$MKOSI_CONFIG")
# We get makedepends from the PKGBUILD as .SRCINFO can't encode conditional dependencies depending on
# whether some environment variable is set or not.
# shellcheck source=/dev/null
_systemd_UPSTREAM=1 . "pkg/$ID/PKGBUILD"
# shellcheck disable=SC2154
mkosi-install "${makedepends[@]}"
echo "$DEPS" |
xargs | # Remove extra whitespace.
tr ' ' '\n' |
grep --invert-match --regexp systemd --regexp None | # systemd packages will be installed later on.
sort --unique |
xargs --delimiter '\n' --no-run-if-empty mkosi-install

17
mkosi.conf.d/10-centos-fedora/mkosi.conf
View File

@ -11,6 +11,7 @@ VolatilePackages=
systemd-container
systemd-devel
systemd-journal-remote
systemd-libs
systemd-networkd
systemd-networkd-defaults
systemd-oomd-defaults
@ -23,17 +24,13 @@ VolatilePackages=
Packages=
bind-utils
bpftool
compiler-rt
cryptsetup
device-mapper-event
device-mapper-multipath
dfuzzer
dhcp-server
dnf
git-core
glibc-langpack-de
glibc-langpack-en
gnutls
gnutls-utils
integritysetup
iproute
@ -41,9 +38,7 @@ Packages=
iputils
iscsi-initiator-utils
kernel-core
libasan
libcap-ng-utils
libubsan
man-db
nmap-ncat
openssh-clients
@ -57,9 +52,6 @@ Packages=
python3-pexpect
quota
rpm
rpm-build
rpmautospec
sbsigntools
softhsm
squashfs-tools
stress-ng
@ -67,10 +59,3 @@ Packages=
util-linux
veritysetup
vim-common
InitrdPackages=
tpm2-tools
InitrdVolatilePackages=
systemd
systemd-udev

66
mkosi.conf.d/10-centos-fedora/mkosi.prepare
View File

@ -2,64 +2,18 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e
if [ "$1" = "build" ] || ((NO_BUILD)); then
if [[ "$1" == "build" ]]; then
exit 0
fi
# shellcheck source=/dev/null
. "$BUILDROOT/usr/lib/os-release"
mapfile -t PACKAGES < <(jq --raw-output .VolatilePackages[] <"$MKOSI_CONFIG")
if [ ! -f "pkg/$ID/systemd.spec" ]; then
echo "spec not found at pkg/$ID/systemd.spec, run mkosi with -ff to make sure the spec is cloned" >&2
exit 1
fi
for DEPS in --requires --buildrequires; do
mkosi-chroot \
rpmspec \
--with upstream \
--query \
"$DEPS" \
--define "_topdir /var/tmp" \
--define "_sourcedir pkg/$ID" \
"pkg/$ID/systemd.spec" |
grep --invert-match --regexp systemd --regexp /bin/sh --regexp "rpmlib(" --regexp udev --regexp grubby --regexp sdubby |
sort --unique |
tee /tmp/buildrequires |
xargs --delimiter '\n' mkosi-install
done
# rpmbuild -br tries to build a source package which means all source files have to exist which isn't the
# case when using --build-in-place so we get rid of the source file that doesn't exist to make it happy.
# TODO: Use -bd instead of -br and get rid of this once we don't need to build on CentOS Stream 9 anymore.
sed '/Source0/d' --in-place "pkg/$ID/systemd.spec"
until mkosi-chroot \
rpmbuild \
-br \
--build-in-place \
--with upstream \
--define "_topdir /var/tmp" \
--define "_sourcedir pkg/$ID" \
--define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \
"pkg/$ID/systemd.spec"
do
EXIT_STATUS=$?
if [ $EXIT_STATUS -ne 11 ]; then
exit $EXIT_STATUS
fi
mkosi-chroot \
rpm \
--query \
--package \
--requires \
/var/tmp/SRPMS/systemd-*.buildreqs.nosrc.rpm |
grep --invert-match '^rpmlib(' |
sort --unique >/tmp/dynamic-buildrequires
sort /tmp/buildrequires /tmp/dynamic-buildrequires |
uniq --unique |
tee --append /tmp/buildrequires |
xargs --delimiter '\n' mkosi-install
for DEPS in --requires --recommends --suggests; do
# We need --latest-limit=1 to only consider the newest version of the packages.
# --latest-limit=1 is per <name>.<arch> so we have to pass --arch= explicitly to make sure i686 packages
# are not considerd on x86-64.
dnf repoquery --arch="$DISTRIBUTION_ARCHITECTURE" --latest-limit=1 --quiet "$DEPS" "${PACKAGES[@]}" |
grep --invert-match --regexp systemd --regexp udev --regexp /bin/sh --regexp grubby --regexp sdubby --regexp libcurl-minimal |
sort --unique |
xargs --delimiter '\n' --no-run-if-empty mkosi-install
done

9
mkosi.conf.d/10-centos/mkosi.conf
View File

@ -5,10 +5,6 @@ Distribution=centos
[Distribution]
Release=9
Repositories=epel
epel-next
hyperscale-packages-main
hyperscale-packages-experimental
[Content]
Environment=
@ -20,10 +16,5 @@ Environment=
# mkfs.ext4 enabled it by default, so we disable it explicitly.
SYSTEMD_REPART_MKFS_OPTIONS_EXT4="-O ^orphan_file"
GIT_URL=https://git.centos.org/rpms/systemd.git
GIT_BRANCH=c9s-sig-hyperscale
GIT_COMMIT=8cf2aed0181920611421384f7374720db269d6c7
Packages=
kernel-modules # For squashfs
rpmautospec-rpm-macros

9
mkosi.conf.d/10-centos/mkosi.conf.d/10-epel.conf Normal file
View File

@ -0,0 +1,9 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Match]
Release=9
[Distribution]
Repositories=
epel
epel-next

13
mkosi.conf.d/10-centos/mkosi.conf.d/20-epel-packages.conf Normal file
View File

@ -0,0 +1,13 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Match]
Repositories=epel
[Content]
Packages=
dfuzzer
dhcp-server
erofs-utils
knot
qrencode
sbsigntools

30
mkosi.conf.d/10-debian-ubuntu/mkosi.conf
View File

@ -8,12 +8,6 @@ Distribution=|ubuntu
PackageManagerTrees=mkosi-pinning.pref:/etc/apt/preferences.d/mkosi-pinning.pref
[Content]
Environment=
GIT_URL=https://salsa.debian.org/systemd-team/systemd.git
GIT_SUBDIR=debian
GIT_BRANCH=ci/v256-stable
GIT_COMMIT=5f07b24c429e854db1afad5f14729804a46a59af
VolatilePackages=
libnss-myhostname
libnss-mymachines
@ -21,6 +15,8 @@ VolatilePackages=
libnss-systemd
libpam-systemd
libsystemd-dev
libsystemd-shared
libsystemd0
libudev-dev
systemd
systemd-container
@ -40,17 +36,14 @@ VolatilePackages=
udev
Packages=
^libasan[0-9]+$
^libtss2-esys-[0-9.]+-0$
^libtss2-mu-[0-9.]+-0$
^libubsan[0-9]+$
btrfs-progs
apt
bind9-dnsutils
cryptsetup-bin
dbus-broker
dbus-user-session
dmsetup
dpkg-dev
erofs-utils
f2fs-tools
fdisk
git-core
@ -58,10 +51,8 @@ Packages=
iproute2
iputils-ping
isc-dhcp-server
knot
libcap-ng-utils
libclang-rt-dev
libtss2-rc0
libtss2-tcti-device0
locales
man-db
multipath-tools
@ -75,6 +66,7 @@ Packages=
psmisc
python3-pexpect
python3-psutil
qrencode
quota
softhsm2
squashfs-tools
@ -83,13 +75,3 @@ Packages=
tpm2-tools
tzdata
xxd
InitrdPackages=
libclang-rt-dev
tpm2-tools
InitrdVolatilePackages=
systemd
systemd-cryptsetup
systemd-repart
udev

29
mkosi.conf.d/10-debian-ubuntu/mkosi.postinst
View File

@ -1,29 +0,0 @@
#!/bin/bash
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e
# By default Suggests are not installed (and often Recommends are disabled too), which means we will miss
# the dlopen optional dependencies, but the tests need them, so parse them from the package metadata and
# install them. This is not an issue when building locally, as the build and runtime images are the same,
# so they would get installed as build dependencies anyway.
if [ "$1" = "build" ] || ! ((NO_BUILD)); then
exit 0
fi
# Query the Recommends and Suggests of all systemd packages, by matching on the version
systemd_version="$(dpkg-query --showformat '${Version}' --show systemd)"
mapfile -t systemd_packages < <( dpkg --list | grep '^ii' | grep "$systemd_version" | awk '{print $2}' | tr '\n' ' ' )
extra_packages=()
# shellcheck disable=SC2068
for package in ${systemd_packages[@]}; do
# We are looking for dlopens, so filter for libraries
mapfile -t -O "${#extra_packages[@]}" extra_packages < <(dpkg-query --showformat '${Suggests}' --show "$package" | sed -e "s/, /\n/g" -e "s/|.*//" | grep "lib")
mapfile -t -O "${#extra_packages[@]}" extra_packages < <(dpkg-query --showformat '${Recommends}' --show "$package" | sed -e "s/, /\n/g" -e "s/|.*//" | grep "lib")
done
if [ "${#extra_packages[@]}" -eq 0 ]; then
exit 0
fi
apt install "${extra_packages[@]}"

18
mkosi.conf.d/10-debian-ubuntu/mkosi.prepare
View File

@ -2,17 +2,15 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e
if [ "$1" = "build" ] || ((NO_BUILD)); then
if [[ "$1" == "build" ]]; then
exit 0
fi
# shellcheck source=/dev/null
. "$BUILDROOT/usr/lib/os-release"
mapfile -t PACKAGES < <(jq --raw-output .VolatilePackages[] <"$MKOSI_CONFIG")
if [ ! -d "pkg/$ID/debian" ]; then
echo "deb rules not found at pkg/$ID/debian, run mkosi once with -ff to make sure the rules are cloned" >&2
exit 1
fi
cd "pkg/$ID"
DEB_BUILD_PROFILES="pkg.systemd.upstream" apt-get build-dep .
apt-cache depends "${PACKAGES[@]}" |
grep --invert-match --regexp "<" --regexp "|" --regexp systemd | # Remove e.g. <python3:any> and |dbus-broker like results
grep --extended-regexp "Depends|Suggests|Recommends" |
sed --quiet 's/.*: //p' | # Get every line with ": " in it and strip it at the same time.
sort --unique |
xargs --delimiter '\n' --no-run-if-empty mkosi-install

15
mkosi.conf.d/10-fedora/mkosi.conf
View File

@ -7,16 +7,19 @@ Distribution=fedora
Release=rawhide
[Content]
Environment=
GIT_URL=https://src.fedoraproject.org/rpms/systemd.git
GIT_BRANCH=rawhide
GIT_COMMIT=f9fe17dbdee7242ccd4fd2858128c8952890bdb8
Packages=
btrfs-progs
compsize
dfuzzer
dhcp-server
dnf5
erofs-utils
f2fs-tools
scsi-target-utils
# Required for systemd-networkd-tests.py (netdevsim and sch_xxx modules)
kernel-modules-extra
kernel-modules-internal
knot
qrencode
rpmautospec
sbsigntools
scsi-target-utils

7
mkosi.conf.d/10-opensuse/initrd/mkosi.postinst
View File

@ -1,7 +0,0 @@
#!/bin/bash
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e
# OpenSUSE insists on blacklisting erofs by default because its supposedly a legacy filesystem.
# See https://github.com/openSUSE/suse-module-tools/pull/71
rm -f "$BUILDROOT/usr/lib/modprobe.d/60-blacklist_fs-erofs.conf"

40
mkosi.conf.d/10-opensuse/mkosi.conf
View File

@ -3,21 +3,15 @@
[Match]
Distribution=opensuse
[Config]
InitrdInclude=initrd/
[Distribution]
Release=tumbleweed
Repositories=non-oss
PackageManagerTrees=macros.db_backend:/etc/rpm/macros.db_backend
[Content]
Environment=
GIT_URL=https://code.opensuse.org/package/systemd
GIT_BRANCH=master
GIT_COMMIT=6812406e52a474568744c267e7bade1496bb26a5
VolatilePackages=
libsystemd0
libudev1
systemd
systemd-boot
systemd-container
@ -37,29 +31,23 @@ VolatilePackages=
Packages=
bind-utils
bpftool
btrfs-progs
cryptsetup
device-mapper
dhcp-server
docbook-xsl-stylesheets
erofs-utils
f2fs-tools
gawk
gcc-c++
git-core
glibc-locale-base
gnutls
grep
group(bin)
group(daemon)
group(games)
group(nobody)
group(root)
gzip
iputils
kernel-default
kmod
libasan8
libkmod2
libubsan1
knot
multipath-tools
ncat
open-iscsi
@ -73,8 +61,8 @@ Packages=
python3-pefile
python3-pexpect
python3-psutil
qrencode
quota
rpm-build
rsync
sbsigntools
sed
@ -85,23 +73,7 @@ Packages=
tgt
timezone
tpm2.0-tools
user(bin)
user(daemon)
user(games)
user(nobody)
user(root)
veritysetup
vim
xz
zypper
InitrdPackages=
clang
kmod
libkmod2
tpm2.0-tools
InitrdVolatilePackages=
systemd
udev
systemd-experimental

69
mkosi.conf.d/10-opensuse/mkosi.prepare
View File

@ -2,63 +2,22 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e
if [ "$1" = "build" ] || ((NO_BUILD)); then
if [[ "$1" == "build" ]]; then
exit 0
fi
# shellcheck source=/dev/null
. "$BUILDROOT/usr/lib/os-release"
ID="${ID%-*}"
DEPS=""
if [ ! -f "pkg/$ID/systemd.spec" ]; then
echo "spec not found at pkg/$ID/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2
exit 1
fi
while read -r PACKAGE; do
# zypper's output is not machine readable so we make do with sed instead.
DEPS="$DEPS\n$(
zypper info --requires --recommends --suggests "$PACKAGE" |
sed '/Requires/,$!d' | # Remove everything before Requires line
sed --quiet 's/^ //p' # All indented lines have dependencies
)"
done < <(jq --raw-output .VolatilePackages[] <"$MKOSI_CONFIG")
# TODO: Drop when the spec is fixed (either the patch is adapted or not applied when building for upstream).
sed --in-place '/0009-pid1-handle-console-specificities-weirdness-for-s390.patch/d' "pkg/$ID/systemd.spec"
for DEPS in --requires --buildrequires; do
mkosi-chroot \
rpmspec \
--with upstream \
--query \
"$DEPS" \
--define "_topdir /var/tmp" \
--define "_sourcedir pkg/$ID" \
"pkg/$ID/systemd.spec" |
grep --invert-match --regexp systemd --regexp /bin/sh --regexp "rpmlib(" --regexp udev |
sort --unique |
tee /tmp/buildrequires |
xargs --delimiter '\n' mkosi-install
done
until mkosi-chroot \
rpmbuild \
-bd \
--build-in-place \
--with upstream \
--define "_topdir /var/tmp" \
--define "_sourcedir pkg/$ID" \
--define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \
"pkg/$ID/systemd.spec"
do
EXIT_STATUS=$?
if [ $EXIT_STATUS -ne 11 ]; then
exit $EXIT_STATUS
fi
mkosi-chroot \
rpm \
--query \
--package \
--requires \
/var/tmp/SRPMS/systemd-*.buildreqs.nosrc.rpm |
grep --invert-match '^rpmlib(' |
sort --unique >/tmp/dynamic-buildrequires
sort /tmp/buildrequires /tmp/dynamic-buildrequires |
uniq --unique |
tee --append /tmp/buildrequires |
xargs --delimiter '\n' mkosi-install
done
echo -e "$DEPS" |
grep --invert-match --regexp systemd --regexp udev --regexp qemu |
sort --unique |
xargs --delimiter '\n' --no-run-if-empty mkosi-install

9
mkosi.conf.d/20-build.conf Normal file
View File

@ -0,0 +1,9 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
# Add a dependency on the build image unless NO_BUILD=1.
[Match]
Environment=!NO_BUILD=1
[Config]
Dependencies=build

4
mkosi.conf.d/20-none.conf
View File

@ -1,9 +1,11 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
# If we're only rerunning the build script, remove all subimage dependencies to speed up builds.
# If we're only rerunning the build script, remove all subimage dependencies except the build image to speed
# up builds.
[Match]
Format=none
[Config]
Dependencies=
Dependencies=build

4
mkosi.conf.d/20-sanitizers.conf
View File

@ -2,6 +2,7 @@
[Match]
Environment=SANITIZERS
Environment=!SANITIZERS=
[Content]
# Set verify_asan_link_order=0 to prevent ASAN warnings when building the image and make sure the real ASAN
@ -17,3 +18,6 @@ KernelCommandLine=
systemd.setenv=UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1
LSAN_OPTIONS=suppressions=/usr/lib/systemd/leak-sanitizer-suppressions
systemd.setenv=LSAN_OPTIONS=suppressions=/usr/lib/systemd/leak-sanitizer-suppressions
[Config]
Include=%D/mkosi.sanitizers

10
mkosi.functions
View File

@ -38,7 +38,15 @@ EOF
rm -f "$BUILDDIR"/systemd.raw
env --unset=SYSTEMD_REPART_OVERRIDE_FSTYPE_ROOT \
local fstype
if command -v mkfs.erofs; then
fstype=erofs
else
fstype=squashfs
fi
env SYSTEMD_REPART_OVERRIDE_FSTYPE_ROOT="$fstype" \
"$BUILDDIR"/systemd-repart \
--make-ddi=sysext-unsigned \
--copy-source="$1" \

10
mkosi.images/build/mkosi.conf Normal file
View File

@ -0,0 +1,10 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Content]
Packages=
clang
lld
llvm
[Output]
Format=none

17
mkosi.conf.d/10-arch/mkosi.build.chroot → mkosi.images/build/mkosi.conf.d/arch/mkosi.build.chroot
View File

@ -2,23 +2,22 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e
if ((NO_BUILD)); then
exit 0
fi
# shellcheck source=/dev/null
. /usr/lib/os-release
if [ ! -f "pkg/$ID/PKGBUILD" ]; then
if [[ ! -f "pkg/$ID/PKGBUILD" ]]; then
echo "PKGBUILD not found at pkg/$ID/PKGBUILD, run mkosi once with -ff to make sure the PKGBUILD is cloned" >&2
exit 1
fi
# We can't configure the source or build directory so we use symlinks instead to make sure they are in the
# expected locations.
# expected locations. Because we run with --noextract we are responsible for making sure the source files
# appear in src/. This means not only the systemd source directory, but also the patches and configuration
# files that are shipped in the packaging repository. To achieve this, instead of symlinking the systemd
# sources and build directory directly into "pkg/$ID/src", we symlink them into "pkg/$ID" and then symlink
# "pkg/$ID" to "pkg/$ID/src".
ln --symbolic "$SRCDIR" "pkg/$ID/systemd"
ln --symbolic "$BUILDDIR" "pkg/$ID/build"
# Because we run with --noextract we are responsible for making sure the source files appear in src/.
ln --symbolic . "pkg/$ID/src"
MKOSI_CFLAGS="-O0 -Wp,-U_FORTIFY_SOURCE"
@ -29,7 +28,7 @@ fi
MKOSI_LDFLAGS=""
if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then
MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(clang --print-file-name="")lib/linux"
MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(realpath "$(clang --print-runtime-dir)")"
fi
MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}"
@ -65,7 +64,7 @@ EOF
# Linting the PKGBUILD takes multiple seconds every build so avoid that by nuking all the linting functions.
rm /usr/share/makepkg/lint_pkgbuild/*
if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then
if [[ -d .git/ ]] && [[ -z "$(git status --porcelain)" ]]; then
TS="$(git show --no-patch --format=%ct HEAD)"
else
TS="${SOURCE_DATE_EPOCH:-$(date +%s)}"

17
mkosi.images/build/mkosi.conf.d/arch/mkosi.conf Normal file
View File

@ -0,0 +1,17 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Match]
Distribution=arch
[Content]
Environment=
GIT_URL=https://gitlab.archlinux.org/archlinux/packaging/packages/systemd.git
GIT_BRANCH=main
GIT_COMMIT=d74b24c7c6077740c35a876445febe6d26bf013c
Packages=
base
base-devel
diffutils
erofs-utils
git

21
mkosi.images/build/mkosi.conf.d/arch/mkosi.prepare Executable file
View File

@ -0,0 +1,21 @@
#!/bin/bash
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e
if [[ "$1" == "build" ]]; then
exit 0
fi
# shellcheck source=/dev/null
. "$BUILDROOT/usr/lib/os-release"
if [[ ! -f "pkg/$ID/PKGBUILD" ]]; then
echo "PKGBUILD not found at pkg/$ID/PKGBUILD, run mkosi once with -ff to make sure the PKGBUILD is cloned" >&2
exit 1
fi
# shellcheck source=/dev/null
_systemd_UPSTREAM=1 . "pkg/$ID/PKGBUILD"
# shellcheck disable=SC2154
mkosi-install "${makedepends[@]}"

19
mkosi.conf.d/10-centos-fedora/mkosi.build.chroot → mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.build.chroot
View File

@ -4,25 +4,21 @@ set -e
. mkosi.functions
if ((NO_BUILD)); then
exit 0
fi
# shellcheck source=/dev/null
. /usr/lib/os-release
if [ ! -f "pkg/$ID/systemd.spec" ]; then
if [[ ! -f "pkg/$ID/systemd.spec" ]]; then
echo "spec not found at pkg/$ID/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2
exit 1
fi
if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then
if [[ -d .git/ ]] && [[ -z "$(git status --porcelain)" ]]; then
TS="$(git show --no-patch --format=%ct HEAD)"
else
TS="${SOURCE_DATE_EPOCH:-$(date +%s)}"
fi
if systemd-analyze compare-versions "$(rpm --version | cut -d ' ' -f3)" lt "4.19.91"; then
if [[ "$(rpm --eval "%{lua:print(rpm.vercmp('$(rpm --version | cut -d ' ' -f3)', '4.19.91'))}")" == "-1" ]]; then
# Fix the %install override so debuginfo packages are generated even when --build-in-place is used.
# See https://github.com/rpm-software-management/rpm/issues/3042.
tee --append /usr/lib/rpm/redhat/macros <<'EOF'
@ -35,10 +31,6 @@ fi
VERSION="$(cat meson.version)"
RELEASE="$(date "+%Y%m%d%H%M%S" --date "@$TS")"
DIST="$(rpm --eval %dist)"
ARCH="$(rpm --eval %_arch)"
SRCDEST="/usr/src/debug/systemd-$VERSION-${RELEASE}${DIST}.$ARCH"
COMMON_MACRO_OVERRIDES=(
--define "toolchain $( ((LLVM)) && echo clang || echo gcc)"
--define "_fortify_level 0"
@ -51,7 +43,7 @@ COMMON_MACRO_OVERRIDES=(
# TODO: Drop -U_FORTIFY_SOURCE when we switch to CentOS Stream 10.
MKOSI_CFLAGS="-O0 -Wp,-U_FORTIFY_SOURCE"
if ((WITH_DEBUG)); then
MKOSI_CFLAGS="$MKOSI_CFLAGS -fdebug-prefix-map=../src=$SRCDEST"
MKOSI_CFLAGS="$MKOSI_CFLAGS -fdebug-prefix-map=../src=/usr/src/debug/systemd"
fi
if ((LLVM)); then
# TODO: Remove -fno-sanitize-function when https://github.com/systemd/systemd/issues/29972 is fixed.
@ -60,7 +52,7 @@ fi
MKOSI_LDFLAGS=""
if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then
MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(dirname "$(clang --print-file-name=libclang_rt.asan.so)")"
MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(realpath "$(clang --print-runtime-dir)")"
fi
MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}"
@ -109,6 +101,7 @@ CXX_LD="$( ((LLVM)) && echo lld)" \
--define "__brp_check_rpaths %{nil}" \
--define "__elf_exclude_path ^/usr/lib/systemd/tests/unit-tests/.*$" \
--define "__script_requires %{nil}" \
--define "_find_debuginfo_opts --unique-debug-src-base \"%{name}\"" \
--define "_find_debuginfo_dwz_opts %{nil}" \
--define "_fixperms true" \
--undefine _package_note_flags \

13
mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.conf Normal file
View File

@ -0,0 +1,13 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Match]
Distribution=|centos
Distribution=|fedora
[Content]
Packages=
compiler-rt
git-core
libasan
libubsan
rpm-build

63
mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.prepare Executable file
View File

@ -0,0 +1,63 @@
#!/bin/bash
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e
if [[ "$1" == "build" ]]; then
exit 0
fi
# shellcheck source=/dev/null
. "$BUILDROOT/usr/lib/os-release"
if [[ ! -f "pkg/$ID/systemd.spec" ]]; then
echo "spec not found at pkg/$ID/systemd.spec, run mkosi with -ff to make sure the spec is cloned" >&2
exit 1
fi
mkosi-chroot \
rpmspec \
--with upstream \
--query \
--buildrequires \
--define "_topdir /var/tmp" \
--define "_sourcedir pkg/$ID" \
"pkg/$ID/systemd.spec" |
grep --invert-match --regexp systemd --regexp /bin/sh --regexp "rpmlib(" --regexp udev --regexp grubby --regexp sdubby |
sort --unique |
tee /tmp/buildrequires |
xargs --delimiter '\n' mkosi-install
# rpmbuild -br tries to build a source package which means all source files have to exist which isn't the
# case when using --build-in-place so we get rid of the source file that doesn't exist to make it happy.
# TODO: Use -bd instead of -br and get rid of this once we don't need to build on CentOS Stream 9 anymore.
sed '/Source0/d' --in-place "pkg/$ID/systemd.spec"
until mkosi-chroot \
rpmbuild \
-br \
--build-in-place \
--with upstream \
--define "_topdir /var/tmp" \
--define "_sourcedir pkg/$ID" \
--define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \
"pkg/$ID/systemd.spec"
do
EXIT_STATUS=$?
if [[ $EXIT_STATUS -ne 11 ]]; then
exit $EXIT_STATUS
fi
mkosi-chroot \
rpm \
--query \
--package \
--requires \
/var/tmp/SRPMS/systemd-*.buildreqs.nosrc.rpm |
grep --invert-match '^rpmlib(' |
sort --unique >/tmp/dynamic-buildrequires
sort /tmp/buildrequires /tmp/dynamic-buildrequires |
uniq --unique |
tee --append /tmp/buildrequires |
xargs --delimiter '\n' mkosi-install
done

14
mkosi.images/build/mkosi.conf.d/centos/mkosi.conf Normal file
View File

@ -0,0 +1,14 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Match]
Distribution=centos
[Content]
Packages=
rsync # TODO: Drop when CentOS Stream 9 CI is removed.
squashfs-tools
Environment=
GIT_URL=https://git.centos.org/rpms/systemd.git
GIT_BRANCH=c10s-sig-hyperscale
GIT_COMMIT=46480aaa9e0ea63a85b6ca676554ce2aae10ce36

9
mkosi.images/build/mkosi.conf.d/centos/mkosi.conf.d/epel-packages.conf Normal file
View File

@ -0,0 +1,9 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Match]
Repositories=epel
[Content]
Packages=
erofs-utils
rpmautospec-rpm-macros

14
mkosi.conf.d/10-debian-ubuntu/mkosi.build.chroot → mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot
View File

@ -2,14 +2,10 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e
if ((NO_BUILD)); then
exit 0
fi
# shellcheck source=/dev/null
. /usr/lib/os-release
if [ ! -d "pkg/$ID/debian" ]; then
if [[ ! -d "pkg/$ID/debian" ]]; then
echo "deb rules not found at pkg/$ID/debian, run mkosi once with -ff to make sure the rules are cloned" >&2
exit 1
fi
@ -25,7 +21,7 @@ rm -rf "$SRCDIR"/debian/patches/*
DEB_HOST_GNU_TYPE="$(dpkg-architecture --query DEB_HOST_GNU_TYPE)"
mount --mkdir --bind "$BUILDDIR" "$SRCDIR/obj-$DEB_HOST_GNU_TYPE"
if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then
if [[ -d .git/ ]] && [[ -z "$(git status --porcelain)" ]]; then
TS="$(git show --no-patch --format=%ct HEAD)"
else
TS="${SOURCE_DATE_EPOCH:-$(date +%s)}"
@ -52,7 +48,7 @@ fi
MKOSI_LDFLAGS=""
if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then
MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(clang --print-file-name="")lib/linux"
MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(realpath "$(clang --print-runtime-dir)")"
fi
MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}"
@ -116,7 +112,7 @@ if ! build; then
# by meson install.
(cd debian/tmp/ && find . ! -type d ! -path "*dh-exec*" -printf '%P\n') >/tmp/installed-files
if [ -f debian/not-installed ]; then
if [[ -f debian/not-installed ]]; then
grep --invert-match "^#" debian/not-installed >>/tmp/installed-files
fi
@ -126,7 +122,7 @@ if ! build; then
# not in the packaged file.
comm -23 /tmp/installed-files /tmp/packaged-files > /tmp/unpackaged-files
# If there are no unpackaged files something else went wrong.
if [ ! -s /tmp/unpackaged-files ]; then
if [[ ! -s /tmp/unpackaged-files ]]; then
exit 1
fi

19
mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf Normal file
View File

@ -0,0 +1,19 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Match]
Distribution=|debian
Distribution=|ubuntu
[Content]
Environment=
GIT_URL=https://salsa.debian.org/systemd-team/systemd.git
GIT_SUBDIR=debian
GIT_BRANCH=ci/v256-stable
GIT_COMMIT=5f07b24c429e854db1afad5f14729804a46a59af
Packages=
apt
erofs-utils
git-core
libclang-rt-dev
dpkg-dev

18
mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.prepare Executable file
View File

@ -0,0 +1,18 @@
#!/bin/bash
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e
if [[ "$1" == "build" ]]; then
exit 0
fi
# shellcheck source=/dev/null
. "$BUILDROOT/usr/lib/os-release"
if [[ ! -d "pkg/$ID/debian" ]]; then
echo "deb rules not found at pkg/$ID/debian, run mkosi once with -ff to make sure the rules are cloned" >&2
exit 1
fi
cd "pkg/$ID"
DEB_BUILD_PROFILES="pkg.systemd.upstream" apt-get build-dep .

14
mkosi.images/build/mkosi.conf.d/fedora/mkosi.conf Normal file
View File

@ -0,0 +1,14 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Match]
Distribution=fedora
[Content]
Environment=
GIT_URL=https://src.fedoraproject.org/rpms/systemd.git
GIT_BRANCH=rawhide
GIT_COMMIT=a3524fc837f5e7b68f86b3e0a9d470a94a04c4c8
Packages=
erofs-utils
rpmautospec

21
mkosi.conf.d/10-opensuse/mkosi.build.chroot → mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot
View File

@ -4,20 +4,16 @@ set -e
. mkosi.functions
if ((NO_BUILD)); then
exit 0
fi
# shellcheck source=/dev/null
. /usr/lib/os-release
ID="${ID%-*}"
if [ ! -f "pkg/$ID/systemd.spec" ]; then
if [[ ! -f "pkg/$ID/systemd.spec" ]]; then
echo "spec not found at pkg/$ID/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2
exit 1
fi
if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then
if [[ -d .git/ ]] && [[ -z "$(git status --porcelain)" ]]; then
TS="$(git show --no-patch --format=%ct HEAD)"
else
TS="${SOURCE_DATE_EPOCH:-$(date +%s)}"
@ -28,7 +24,7 @@ fi
# extension.
find "pkg/$ID" -name "files.*" -exec sed --in-place 's/\.gz$//' {} \;
if systemd-analyze compare-versions "$(rpm --version | cut -d ' ' -f3)" lt "4.20"; then
if [[ "$(rpm --eval "%{lua:print(rpm.vercmp('$(rpm --version | cut -d ' ' -f3)', '4.20'))}")" == "-1" ]]; then
# Fix the %install override so debuginfo packages are generated.
tee --append /usr/lib/rpm/suse/macros <<'EOF'
%install %{debug_package}\
@ -40,13 +36,9 @@ fi
VERSION="$(cat meson.version)"
RELEASE="$(date "+%Y%m%d%H%M%S" --date "@$TS")"
DIST="$(rpm --eval %dist)"
ARCH="$(rpm --eval %_arch)"
SRCDEST="/usr/src/debug/systemd-$VERSION-${RELEASE}${DIST}.$ARCH"
MKOSI_CFLAGS="-O0 -Wp,-U_FORTIFY_SOURCE"
if ((WITH_DEBUG)); then
MKOSI_CFLAGS="$MKOSI_CFLAGS -fdebug-prefix-map=../src=$SRCDEST"
MKOSI_CFLAGS="$MKOSI_CFLAGS -fdebug-prefix-map=../src=/usr/src/debug/systemd"
fi
if ((LLVM)); then
# TODO: Remove -fno-sanitize-function when https://github.com/systemd/systemd/issues/29972 is fixed.
@ -55,7 +47,7 @@ fi
MKOSI_LDFLAGS="$(rpm --eval "%{?build_ldflags}")"
if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then
MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(clang --print-file-name="")lib/linux"
MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(realpath "$(clang --print-runtime-dir)")"
fi
# A macro can't have an empty body and currently opensuse does not specify any of its own linker flags so
@ -108,6 +100,7 @@ build() {
--define "__elf_exclude_path ^/usr/lib/systemd/tests/unit-tests/.*$" \
--define "__script_requires %{nil}" \
--define "_find_debuginfo_dwz_opts %{nil}" \
--define "_find_debuginfo_opts --unique-debug-src-base \"%{name}\"" \
--define "_fixperms true" \
--noclean \
"$@" \
@ -122,7 +115,7 @@ build() {
}
if ! build; then
if [ ! -s /tmp/unpackaged-files ]; then
if [[ ! -s /tmp/unpackaged-files ]]; then
exit 1
fi

17
mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf Normal file
View File

@ -0,0 +1,17 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Match]
Distribution=opensuse
[Content]
Environment=
GIT_URL=https://code.opensuse.org/package/systemd
GIT_BRANCH=master
GIT_COMMIT=6812406e52a474568744c267e7bade1496bb26a5
Packages=
gcc-c++
erofs-utils
git-core
patterns-base-minimal_base
rpm-build

62
mkosi.images/build/mkosi.conf.d/opensuse/mkosi.prepare Executable file
View File

@ -0,0 +1,62 @@
#!/bin/bash
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e
if [[ "$1" == "build" ]]; then
exit 0
fi
# shellcheck source=/dev/null
. "$BUILDROOT/usr/lib/os-release"
ID="${ID%-*}"
if [[ ! -f "pkg/$ID/systemd.spec" ]]; then
echo "spec not found at pkg/$ID/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2
exit 1
fi
# TODO: Drop when the spec is fixed (either the patch is adapted or not applied when building for upstream).
sed --in-place '/0009-pid1-handle-console-specificities-weirdness-for-s390.patch/d' "pkg/$ID/systemd.spec"
mkosi-chroot \
rpmspec \
--with upstream \
--query \
--buildrequires \
--define "_topdir /var/tmp" \
--define "_sourcedir pkg/$ID" \
"pkg/$ID/systemd.spec" |
grep --invert-match --regexp systemd --regexp /bin/sh --regexp "rpmlib(" --regexp udev |
sort --unique |
tee /tmp/buildrequires |
xargs --delimiter '\n' mkosi-install
until mkosi-chroot \
rpmbuild \
-bd \
--build-in-place \
--with upstream \
--define "_topdir /var/tmp" \
--define "_sourcedir pkg/$ID" \
--define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \
"pkg/$ID/systemd.spec"
do
EXIT_STATUS=$?
if [[ $EXIT_STATUS -ne 11 ]]; then
exit $EXIT_STATUS
fi
mkosi-chroot \
rpm \
--query \
--package \
--requires \
/var/tmp/SRPMS/systemd-*.buildreqs.nosrc.rpm |
grep --invert-match '^rpmlib(' |
sort --unique >/tmp/dynamic-buildrequires
sort /tmp/buildrequires /tmp/dynamic-buildrequires |
uniq --unique |
tee --append /tmp/buildrequires |
xargs --delimiter '\n' mkosi-install
done

5
mkosi.sync → mkosi.images/build/mkosi.sync
View File

@ -14,6 +14,11 @@ if [[ -d "$PKG_SUBDIR/.git" ]]; then
exit 0
fi
if ! git -C "$PKG_SUBDIR" show-ref --quiet "origin/$GIT_BRANCH"; then
git -C "$PKG_SUBDIR" remote set-url origin "$GIT_URL"
git -C "$PKG_SUBDIR" fetch origin "$GIT_BRANCH"
fi
# If work is being done on the packaging rules in a separate branch, don't touch the checkout.
if ! git -C "$PKG_SUBDIR" merge-base --is-ancestor HEAD "origin/$GIT_BRANCH"; then
EXIT_STATUS=$?

3
mkosi.images/exitrd/mkosi.conf
View File

@ -12,3 +12,6 @@ MakeInitrd=yes
Packages=
bash
[Config]
Include=%D/mkosi.sanitizers

3
mkosi.images/exitrd/mkosi.conf.d/10-arch.conf
View File

@ -4,8 +4,9 @@
Distribution=arch
[Content]
Packages=
VolatilePackages=
systemd
systemd-libs
RemoveFiles=
# Arch Linux doesn't split their gcc-libs package so we manually remove

2
mkosi.images/exitrd/mkosi.conf.d/10-centos-fedora.conf
View File

@ -5,5 +5,5 @@ Distribution=|centos
Distribution=|fedora
[Content]
Packages=
VolatilePackages=
systemd-standalone-shutdown

2
mkosi.images/exitrd/mkosi.conf.d/10-debian.conf
View File

@ -4,5 +4,5 @@
Distribution=debian
[Content]
Packages=
VolatilePackages=
systemd-standalone-shutdown

5
mkosi.images/exitrd/mkosi.conf.d/10-opensuse.conf
View File

@ -5,4 +5,9 @@ Distribution=opensuse
[Content]
Packages=
patterns-base-minimal_base
VolatilePackages=
libsystemd0
libudev1
systemd

5
mkosi.images/exitrd/mkosi.conf.d/10-ubuntu.conf
View File

@ -4,5 +4,8 @@
Distribution=ubuntu
[Content]
Packages=
VolatilePackages=
libsystemd-shared
libsystemd0
libudev1
systemd

9
mkosi.images/exitrd/mkosi.conf.d/20-build.conf Normal file
View File

@ -0,0 +1,9 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
# Add a dependency on the build image unless NO_BUILD=1.
[Match]
Environment=!NO_BUILD=1
[Config]
Dependencies=build

16
mkosi.images/initrd/mkosi.conf Normal file
View File

@ -0,0 +1,16 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Config]
Include=
mkosi-initrd
%D/mkosi.sanitizers
[Content]
ExtraTrees=
%D/mkosi.leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions
%D/mkosi.coredump-journal-storage.conf:/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf
Packages=
findutils
grep
sed

14
mkosi.images/initrd/mkosi.conf.d/arch.conf Normal file
View File

@ -0,0 +1,14 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Match]
Distribution=arch
[Content]
Packages=
btrfs-progs
tpm2-tools
VolatilePackages=
systemd
systemd-libs
systemd-sysvcompat

9
mkosi.images/initrd/mkosi.conf.d/build.conf Normal file
View File

@ -0,0 +1,9 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
# Add a dependency on the build image unless NO_BUILD=1.
[Match]
Environment=!NO_BUILD=1
[Config]
Dependencies=build

14
mkosi.images/initrd/mkosi.conf.d/centos-fedora.conf Normal file
View File

@ -0,0 +1,14 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Match]
Distribution=|centos
Distribution=|fedora
[Content]
Packages=
tpm2-tools
VolatilePackages=
systemd
systemd-libs
systemd-udev

19
mkosi.images/initrd/mkosi.conf.d/debian-ubuntu.conf Normal file
View File

@ -0,0 +1,19 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Match]
Distribution=|debian
Distribution=|ubuntu
[Content]
Packages=
btrfs-progs
tpm2-tools
VolatilePackages=
libsystemd-shared
libsystemd0
libudev1
systemd
systemd-cryptsetup
systemd-repart
udev

8
mkosi.images/initrd/mkosi.conf.d/fedora.conf Normal file
View File

@ -0,0 +1,8 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Match]
Distribution=fedora
[Content]
Packages=
btrfs-progs

17
mkosi.images/initrd/mkosi.conf.d/opensuse.conf Normal file
View File

@ -0,0 +1,17 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Match]
Distribution=opensuse
[Content]
Packages=
btrfs-progs
kmod
tpm2.0-tools
VolatilePackages=
libsystemd0
libudev1
systemd
udev
systemd-experimental

0
mkosi.initrd/mkosi.extra/usr/lib/encrypted-var.repart.d/00-root.conf → mkosi.images/initrd/mkosi.extra/usr/lib/encrypted-var.repart.d/00-root.conf
View File

0
mkosi.initrd/mkosi.extra/usr/lib/systemd/system/encrypted-var.service → mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/encrypted-var.service
View File

0
mkosi.initrd/mkosi.extra/usr/lib/systemd/system/initrd-run-mount.service → mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/initrd-run-mount.service
View File

0
mkosi.initrd/mkosi.extra/usr/lib/systemd/system/initrdcred.service → mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/initrdcred.service
View File

3
mkosi.images/minimal-0/mkosi.conf
View File

@ -3,9 +3,6 @@
[Config]
Dependencies=minimal-base
[Distribution]
CacheOnly=always
[Output]
Format=portable
SplitArtifacts=yes

3
mkosi.images/minimal-1/mkosi.conf
View File

@ -3,9 +3,6 @@
[Config]
Dependencies=minimal-base
[Distribution]
CacheOnly=always
[Output]
Format=portable
SplitArtifacts=yes

3
mkosi.images/minimal-base/mkosi.conf
View File

@ -14,3 +14,6 @@ Packages=
coreutils
grep
util-linux
[Config]
Include=%D/mkosi.sanitizers

3
mkosi.images/minimal-base/mkosi.conf.d/10-arch.conf
View File

@ -9,6 +9,9 @@ Packages=
iproute
nmap
VolatilePackages=
systemd-libs
RemoveFiles=
# Arch Linux doesn't split their gcc-libs package so we manually remove
# unneeded stuff here to make sure it doesn't end up in the image.

3
mkosi.images/minimal-base/mkosi.conf.d/10-centos-fedora.conf
View File

@ -10,3 +10,6 @@ Packages=
iproute
iproute-tc
nmap-ncat
VolatilePackages=
systemd-libs

4
mkosi.images/minimal-base/mkosi.conf.d/10-debian-ubuntu-opensuse.conf → mkosi.images/minimal-base/mkosi.conf.d/10-debian-ubuntu.conf
View File

@ -10,3 +10,7 @@ Packages=
iproute2
mount
ncat
VolatilePackages=
libsystemd0
libudev1

4
mkosi.images/minimal-base/mkosi.conf.d/10-opensuse.conf
View File

@ -9,3 +9,7 @@ Packages=
iproute2
ncat
patterns-base-minimal_base
VolatilePackages=
libsystemd0
libudev1

9
mkosi.images/minimal-base/mkosi.conf.d/20-build.conf Normal file
View File

@ -0,0 +1,9 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
# Add a dependency on the build image unless NO_BUILD=1.
[Match]
Environment=!NO_BUILD=1
[Config]
Dependencies=build

7
mkosi.initrd/mkosi.conf
View File

@ -1,7 +0,0 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Content]
PostInstallationScripts=../mkosi.sanitizers.chroot
ExtraTrees=
../mkosi.leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions
../mkosi.coredump-journal-storage.conf:/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf

5
mkosi.sanitizers/mkosi.conf Normal file
View File

@ -0,0 +1,5 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Match]
Environment=SANITIZERS
Environment=!SANITIZERS=

9
mkosi.sanitizers/mkosi.conf.d/arch.conf Normal file
View File

@ -0,0 +1,9 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Match]
Distribution=arch
Environment=LLVM=1
[Content]
Packages=
compiler-rt

11
mkosi.sanitizers/mkosi.conf.d/debian-ubuntu.conf Normal file
View File

@ -0,0 +1,11 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
# TODO: Drop when https://bugzilla.suse.com/show_bug.cgi?id=1225784 is fixed.
[Match]
Distribution=|debian
Distribution=|ubuntu
Environment=LLVM=1
[Content]
Packages=
libclang-rt-dev

10
mkosi.sanitizers/mkosi.conf.d/opensuse.conf Normal file
View File

@ -0,0 +1,10 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
# TODO: Drop when https://bugzilla.suse.com/show_bug.cgi?id=1225784 is fixed.
[Match]
Distribution=opensuse
Environment=LLVM=1
[Content]
Packages=
clang

32
mkosi.sanitizers.chroot → mkosi.sanitizers/mkosi.postinst
View File

@ -3,31 +3,35 @@
set -e
set -o nounset
if [[ -z "${SANITIZERS:-}" ]]; then
LIBSYSTEMD="$(mkosi-chroot ldconfig -p | grep libsystemd.so.0 | sed 's/[^/]*\//\//')"
if [[ ! -f "$BUILDROOT/$LIBSYSTEMD" ]]; then
exit 0
fi
# Sanitizers log to stderr by default. However, journald's stderr is connected to /dev/null, so we lose
# all the sanitizer logs. To rectify that, let's connect journald's stdout to kmsg so that the sanitizer
# failures end up in the journal.
mkdir -p /etc/systemd/system/systemd-journald.service.d
cat >/etc/systemd/system/systemd-journald.service.d/10-stdout-tty.conf <<EOF
if [[ -f "$BUILDROOT"/usr/lib/systemd/system/systemd-journald.service ]]; then
mkdir -p "$BUILDROOT"/etc/systemd/system/systemd-journald.service.d
cat >"$BUILDROOT"/etc/systemd/system/systemd-journald.service.d/10-stdout-tty.conf <<EOF
[Service]
StandardOutput=kmsg
EOF
fi
# ASAN and syscall filters aren't compatible with each other.
find /usr /etc -name '*.service' -type f -exec sed -i 's/^\(MemoryDeny\|SystemCall\)/# \1/' {} +
find "$BUILDROOT"/usr "$BUILDROOT"/etc -name '*.service' -type f -exec sed -i 's/^\(MemoryDeny\|SystemCall\)/# \1/' {} +
# 'systemd-hwdb update' takes > 50s when built with sanitizers so let's not run it by default.
systemctl mask systemd-hwdb-update.service
systemctl --root="$BUILDROOT" mask systemd-hwdb-update.service
ASAN_RT_PATH="$(grep libasan.so < <(ldd /usr/lib/systemd/systemd) | cut -d ' ' -f 3)"
ASAN_RT_PATH="$(grep libasan.so < <(mkosi-chroot ldd "$LIBSYSTEMD") | cut -d ' ' -f 3)"
if [[ -z "$ASAN_RT_PATH" ]]; then
ASAN_RT_PATH="$(grep libclang_rt.asan < <(ldd /usr/lib/systemd/systemd) | cut -d ' ' -f 3)"
ASAN_RT_PATH="$(grep libclang_rt.asan < <(mkosi-chroot ldd "$LIBSYSTEMD") | cut -d ' ' -f 3)"
# As clang's ASan DSO is usually in a non-standard path, let's check if the RUNPATH is set accordingly.
if ldd /usr/lib/systemd/systemd | grep -q "libclang_rt.asan.*not found"; then
if mkosi-chroot ldd "$LIBSYSTEMD" | grep -q "libclang_rt.asan.*not found"; then
echo >&2 "clang's ASan DSO libclang_rt.asan is not present in the runtime library path"
exit 1
fi
@ -94,7 +98,7 @@ wrap=(
)
for bin in "${wrap[@]}"; do
if ! command -v "$bin" >/dev/null; then
if ! mkosi-chroot command -v "$bin" >/dev/null; then
continue
fi
@ -104,11 +108,11 @@ for bin in "${wrap[@]}"; do
enable_lsan=0
fi
target="$(command -v "$bin")"
target="$(mkosi-chroot command -v "$bin")"
mv "$target" "$target.orig"
mv "$BUILDROOT/$target" "$BUILDROOT/$target.orig"
cat >"$target" <<EOF
cat >"$BUILDROOT/$target" <<EOF
#!/bin/bash
# Preload the ASan runtime DSO, otherwise ASAn will complain
export LD_PRELOAD="$ASAN_RT_PATH"
@ -118,10 +122,10 @@ export ASAN_OPTIONS=detect_leaks=$enable_lsan
# Set argv[0] to the original binary name without the ".orig" suffix
exec -a "\$0" -- "${target}.orig" "\$@"
EOF
chmod +x "$target"
chmod +x "$BUILDROOT/$target"
done
cat >/usr/lib/systemd/systemd-asan-env <<EOF
cat >"$BUILDROOT"/usr/lib/systemd/systemd-asan-env <<EOF
LD_PRELOAD=$ASAN_RT_PATH
LSAN_OPTIONS=detect_leaks=0
EOF

32
src/partition/repart.c
View File

@ -1895,6 +1895,34 @@ static int config_parse_encrypted_volume(
static DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(config_parse_verity, verity_mode, VerityMode, VERITY_OFF, "Invalid verity mode");
static DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(config_parse_minimize, minimize_mode, MinimizeMode, MINIMIZE_OFF, "Invalid minimize mode");
static int partition_finalize_fstype(Partition *p, const char *path) {
_cleanup_free_ char *e = NULL, *upper = NULL;
assert(p);
assert(path);
if (!gpt_partition_type_has_filesystem(p->type))
return 0;
upper = strdup(partition_designator_to_string(p->type.designator));
if (!upper)
return log_oom();
e = strjoin("SYSTEMD_REPART_OVERRIDE_FSTYPE_", string_replace_char(ascii_strupper(upper), '-', '_'));
if (!e)
return log_oom();
const char *v = secure_getenv(e);
if (!v || streq(p->format, v))
return 0;
log_syntax(NULL, LOG_NOTICE, path, 1, 0,
"Overriding defined file system type '%s' for '%s' partition with '%s'.",
p->format, partition_designator_to_string(p->type.designator), v);
return free_and_strdup_warn(&p->format, v);
}
static int partition_read_definition(Partition *p, const char *path, const char *const *conf_file_dirs) {
ConfigTableItem table[] = {
@ -2084,6 +2112,10 @@ static int partition_read_definition(Partition *p, const char *path, const char
} else if (streq(p->split_name_format, "-"))
p->split_name_format = mfree(p->split_name_format);
r = partition_finalize_fstype(p, path);
if (r < 0)
return r;
return 1;
}

12
src/shared/gpt.c
View File

@ -339,6 +339,18 @@ bool gpt_partition_type_knows_no_auto(GptPartitionType type) {
PARTITION_SWAP);
}
bool gpt_partition_type_has_filesystem(GptPartitionType type) {
return IN_SET(type.designator,
PARTITION_ROOT,
PARTITION_USR,
PARTITION_HOME,
PARTITION_SRV,
PARTITION_ESP,
PARTITION_XBOOTLDR,
PARTITION_TMP,
PARTITION_VAR);
}
bool gpt_header_has_signature(const GptHeader *p) {
assert(p);

1
src/shared/gpt.h
View File

@ -72,6 +72,7 @@ const char *gpt_partition_type_mountpoint_nulstr(GptPartitionType type);
bool gpt_partition_type_knows_read_only(GptPartitionType type);
bool gpt_partition_type_knows_growfs(GptPartitionType type);
bool gpt_partition_type_knows_no_auto(GptPartitionType type);
bool gpt_partition_type_has_filesystem(GptPartitionType type);
typedef struct {
uint8_t partition_type_guid[16];

3
test/TEST-55-OOMD/meson.build
View File

@ -5,6 +5,9 @@ integration_tests += [
'name' : fs.name(meson.current_source_dir()),
'credentials' : integration_test_template['credentials'] + [
files('systemd.unit-dropin.init.scope'),
# OpenSUSE disables all controller delegation for the user manager template. Mask the
# dropin to make TEST-55-OOMD pass on OpenSUSE.
'systemd.unit-dropin.user@.service~20-defaults-SUSE=',
],
'vm' : true,
},

2
test/TEST-64-UDEV-STORAGE/nvme_basic.configure
View File

@ -25,7 +25,7 @@ def add_drive(i: int, serial: str) -> None:
"Options": "cache=unsafe",
}
]
config["QemuArgs"] += ["-device", f"nvme,drive={id},serial={serial},num_queues=8"]
config["QemuArgs"] += ["-device", f"nvme,drive={id},serial={serial},max_ioqpairs=8"]
for i in range(5):
add_drive(i, serial=f"deadbeef{i}")

3
test/test-network/systemd-networkd-tests.py
View File

@ -7120,6 +7120,7 @@ class NetworkdDHCPPDTests(unittest.TestCase, Utilities):
self.assertGreater(prefixInfo[0]['PreferredLifetimeUSec'], 0)
self.assertGreater(prefixInfo[0]['ValidLifetimeUSec'], 0)
@unittest.skipUnless(shutil.which('dhcpd'), reason="dhcpd is not available on CentOS Stream 10")
def test_dhcp6pd_no_address(self):
# For issue #29979.
copy_network_unit('25-veth.netdev', '25-dhcp6pd-server.network', '25-dhcp6pd-upstream-no-address.network')
@ -7136,6 +7137,7 @@ class NetworkdDHCPPDTests(unittest.TestCase, Utilities):
self.check_dhcp6_prefix('veth99')
@unittest.skipUnless(shutil.which('dhcpd'), reason="dhcpd is not available on CentOS Stream 10")
def test_dhcp6pd_no_assign(self):
# Similar to test_dhcp6pd_no_assign(), but in this case UseAddress=yes (default),
# However, the server does not provide IA_NA. For issue #31349.
@ -7153,6 +7155,7 @@ class NetworkdDHCPPDTests(unittest.TestCase, Utilities):
self.check_dhcp6_prefix('veth99')
@unittest.skipUnless(shutil.which('dhcpd'), reason="dhcpd is not available on CentOS Stream 10")
def test_dhcp6pd(self):
copy_network_unit('25-veth.netdev', '25-dhcp6pd-server.network', '25-dhcp6pd-upstream.network',
'25-veth-downstream-veth97.netdev', '25-dhcp-pd-downstream-veth97.network', '25-dhcp-pd-downstream-veth97-peer.network',

10
test/units/TEST-13-NSPAWN.nspawn.sh
View File

@ -179,6 +179,10 @@ elif [[ $1 == initgroups ]]; then
fi
EOF
chmod +x "$root/bin/getent"
# The useradd is important here so the user is added to /etc/passwd. If the user is not in /etc/passwd,
# bash will end up loading libnss_systemd.so which breaks when libnss_systemd.so is built with sanitizers
# as bash isn't invoked with the necessary environment variables for that.
useradd --root="$root" --uid 1000 --user-group --create-home testuser
systemd-nspawn --directory="$root" bash -xec '[[ $USER == root ]]'
systemd-nspawn --directory="$root" --user=testuser bash -xec '[[ $USER == testuser ]]'
@ -672,8 +676,10 @@ fi
EOF
chmod +x "$root/bin/getent"
mkdir -p "$root/home/testuser"
chown 1010:1010 "$root/home/testuser"
# The useradd is important here so the user is added to /etc/passwd. If the user is not in /etc/passwd,
# bash will end up loading libnss_systemd.so which breaks when libnss_systemd.so is built with sanitizers
# as bash isn't invoked with the necessary environment variables for that.
useradd --root="$root" --uid 1010 --user-group --create-home testuser
cmd='PERMISSIONS=$(stat -c "%u:%g" /home/testuser/file); if [[ $PERMISSIONS != "1010:1010" ]]; then echo "*** wrong permissions: $PERMISSIONS"; return 1; fi; touch /home/testuser/other_file'
if ! SYSTEMD_LOG_TARGET=console \

15
test/units/TEST-29-PORTABLE.sh
View File

@ -355,15 +355,16 @@ portablectl "${ARGS[@]}" attach --copy=symlink --now --runtime /tmp/rootdir mini
portablectl detach --now --runtime --enable /tmp/rootdir minimal-app0
# The wrong file should be ignored, given the right one has the xattr set
mkdir -p /tmp/wrongext/usr/lib/extension-release.d /tmp/wrongext/usr/lib/systemd/system/
echo "[Service]" > /tmp/wrongext/usr/lib/systemd/system/app0.service
touch /tmp/wrongext/usr/lib/extension-release.d/extension-release.wrongext_somethingwrong.txt
cp /tmp/rootdir/usr/lib/os-release /tmp/wrongext/usr/lib/extension-release.d/extension-release.app0
setfattr -n user.extension-release.strict -v "false" /tmp/wrongext/usr/lib/extension-release.d/extension-release.app0
portablectl "${ARGS[@]}" attach --runtime --extension /tmp/wrongext /tmp/rootdir app0
trap 'rm -rf /var/cache/wrongext' EXIT
mkdir -p /var/cache/wrongext/usr/lib/extension-release.d /var/cache/wrongext/usr/lib/systemd/system/
echo "[Service]" > /var/cache/wrongext/usr/lib/systemd/system/app0.service
touch /var/cache/wrongext/usr/lib/extension-release.d/extension-release.wrongext_somethingwrong.txt
cp /tmp/rootdir/usr/lib/os-release /var/cache/wrongext/usr/lib/extension-release.d/extension-release.app0
setfattr -n user.extension-release.strict -v "false" /var/cache/wrongext/usr/lib/extension-release.d/extension-release.app0
portablectl "${ARGS[@]}" attach --runtime --extension /var/cache/wrongext /tmp/rootdir app0
status="$(portablectl is-attached --extension wrongext rootdir)"
[[ "${status}" == "attached-runtime" ]]
portablectl detach --runtime --extension /tmp/wrongext /tmp/rootdir app0
portablectl detach --runtime --extension /var/cache/wrongext /tmp/rootdir app0
umount /tmp/rootdir
umount /tmp/app0

5
tools/update-distro-hash.py
View File

@ -33,7 +33,8 @@ def read_config(distro: str):
text = subprocess.check_output(cmd, text=True)
data = json.loads(text)
return data['Images'][-1]
images = {image["Image"]: image for image in data["Images"]}
return images["build"]
def commit_file(distro: str, file: Path, commit: str, changes: str):
message = '\n'.join((
@ -69,7 +70,7 @@ def update_distro(args, distro: str):
print(f"+ {shlex.join(cmd)}")
changes = subprocess.check_output(cmd, text=True).strip()
conf_dir = Path('mkosi.conf.d')
conf_dir = Path('mkosi.images/build/mkosi.conf.d')
files = conf_dir.glob('*/*.conf')
for file in files:
s = file.read_text()