mkosi: Reduce kernel command line size

The kernel command line has a size limit and we've hit it before so
let's move some stuff to configuration files or scripts to reduce the
kernel command line size a bit.

mkosi.conf

@@ -66,9 +66,6 @@ KernelCommandLine=
         printk.devkmsg=on
         # Make sure /sysroot is mounted rw in the initrd.
         rw
-        # Lower the default device timeout so we get a shell earlier if the root device does
-        # not appear for some reason.
-        systemd.default_device_timeout_sec=90
         # Make sure no LSMs are enabled by default.
         selinux=0
         systemd.early_core_pattern=/core
@@ -78,9 +75,6 @@ KernelCommandLine=
         panic=-1
         softlockup_panic=1
         panic_on_warn=1
-        # These don't ship proper units with [Install] directives so we have to mask them instead.
-        systemd.mask=isc-dhcp-server.service
-        systemd.mask=mdmonitor.service
         psi=1
 
 KernelModulesInitrdExclude=.*

mkosi.extra.common/usr/lib/systemd/system.conf.d/10-device-timeout.conf

@@ -0,0 +1,6 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Manager]
+# Lower the default device timeout so we get a shell earlier if the root device does
+# not appear for some reason.
+DefaultDeviceTimeoutSec=90

mkosi.postinst.chroot

@@ -48,6 +48,10 @@ cp "$SRCDIR/factory/etc/nsswitch.conf" /etc/nsswitch.conf
 # Remove to make TEST-73-LOCALE pass on Ubuntu.
 rm -f /etc/default/keyboard
 
+# These don't ship proper units with [Install] directives so we have to mask them instead.
+systemctl mask isc-dhcp-server.service
+systemctl mask mdmonitor.service
+
 # This is executed inside the chroot so no need to disable any features as the default features will match
 # the kernel's supported features.
 SYSTEMD_REPART_MKFS_OPTIONS_EXT4="" \

mkosi.sanitizers/mkosi.conf

@@ -13,10 +13,10 @@ Environment=!SANITIZERS=
 Environment=ASAN_OPTIONS=verify_asan_link_order=0:intercept_tls_get_addr=0
 
 [Content]
+# When modifying these also modify mkosi.extra/usr/lib/systemd/system.conf.d/10-sanitizers.conf. We don't use
+# systemd.setenv here as there's a size limit on the kernel command line and we don't want to trigger it. We
+# don't use ManagerEnvironment= either as we want these to be set for pid1 from the earliest possible moment.
 KernelCommandLine=
         ASAN_OPTIONS=strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1:disable_coredump=0:use_madv_dontdump=1
-        systemd.setenv=ASAN_OPTIONS=strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1:disable_coredump=0:use_madv_dontdump=1
         UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1
-        systemd.setenv=UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1
         LSAN_OPTIONS=suppressions=/usr/lib/systemd/leak-sanitizer-suppressions
-        systemd.setenv=LSAN_OPTIONS=suppressions=/usr/lib/systemd/leak-sanitizer-suppressions

mkosi.sanitizers/mkosi.extra/usr/lib/systemd/system.conf.d/10-sanitizers.conf

@@ -0,0 +1,6 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Manager]
+DefaultEnvironment=ASAN_OPTIONS=strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1:disable_coredump=0:use_madv_dontdump=1 \
+                   UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1 \
+                   LSAN_OPTIONS=suppressions=/usr/lib/systemd/leak-sanitizer-suppressions