shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-01-18 10:04:04 +03:00
Code

ci: Switch to Ubuntu 24.04

Browse Source
This commit is contained in:
Daan De Meyer 2024-06-07 10:55:53 +02:00
parent f42cb19931
commit d5474f78b8
20 changed files with 53 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
.github/workflows/build_test.sh vendored
View File

@ -84,6 +84,14 @@ if [[ "$COMPILER" == clang ]]; then
CXX="clang++-$COMPILER_VERSION" CXX="clang++-$COMPILER_VERSION"
AR="llvm-ar-$COMPILER_VERSION" AR="llvm-ar-$COMPILER_VERSION"
if systemd-analyze compare-versions "$COMPILER_VERSION" ge 17; then
CFLAGS="-fno-sanitize=function"
CXXFLAGS="-fno-sanitize=function"
else
CFLAGS=""
CXXFLAGS=""
fi
# Prefer the distro version if available # Prefer the distro version if available
if ! apt-get -y install --dry-run "llvm-$COMPILER_VERSION" >/dev/null; then if ! apt-get -y install --dry-run "llvm-$COMPILER_VERSION" >/dev/null; then
# Latest LLVM stack deb packages provided by https://apt.llvm.org/ # Latest LLVM stack deb packages provided by https://apt.llvm.org/
@ -99,6 +107,8 @@ elif [[ "$COMPILER" == gcc ]]; then
CC="gcc-$COMPILER_VERSION" CC="gcc-$COMPILER_VERSION"
CXX="g++-$COMPILER_VERSION" CXX="g++-$COMPILER_VERSION"
AR="gcc-ar-$COMPILER_VERSION" AR="gcc-ar-$COMPILER_VERSION"
CFLAGS=""
CXXFLAGS=""
if ! apt-get -y install --dry-run "gcc-$COMPILER_VERSION" >/dev/null; then if ! apt-get -y install --dry-run "gcc-$COMPILER_VERSION" >/dev/null; then
# Latest gcc stack deb packages provided by # Latest gcc stack deb packages provided by
@ -112,10 +122,11 @@ else
fi fi
# This is added by default, and it is often broken, but we don't need anything from it # This is added by default, and it is often broken, but we don't need anything from it
sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list sudo rm -f /etc/apt/sources.list.d/microsoft-prod.{list,sources}
# PPA with some newer build dependencies (like zstd) # add-apt-repository --enable-source does not work on deb822 style sources.
sudo add-apt-repository -y --no-update ppa:upstream-systemd-ci/systemd-ci for f in /etc/apt/sources.list.d/*.sources; do
sudo add-apt-repository -y --no-update --enable-source sudo sed -i "s/Types: deb/Types: deb deb-src/g" "$f"
done
sudo apt-get -y update sudo apt-get -y update
sudo apt-get -y build-dep systemd sudo apt-get -y build-dep systemd
sudo apt-get -y install "${PACKAGES[@]}" sudo apt-get -y install "${PACKAGES[@]}"
@ -123,7 +134,7 @@ sudo apt-get -y install "${PACKAGES[@]}"
# always support all the features we need (like --optimization=). Since the build-dep # always support all the features we need (like --optimization=). Since the build-dep
# command above installs the distro versions, let's install the pip ones just # command above installs the distro versions, let's install the pip ones just
# locally and add the local bin directory to the $PATH. # locally and add the local bin directory to the $PATH.
pip3 install --user -r .github/workflows/requirements.txt --require-hashes pip3 install --user -r .github/workflows/requirements.txt --require-hashes --break-system-packages
export PATH="$HOME/.local/bin:$PATH" export PATH="$HOME/.local/bin:$PATH"
$CC --version $CC --version
@ -141,8 +152,8 @@ for args in "${ARGS[@]}"; do
info "Checking build with $args" info "Checking build with $args"
# shellcheck disable=SC2086 # shellcheck disable=SC2086
if ! AR="$AR" \ if ! AR="$AR" \
CC="$CC" CC_LD="$LINKER" CFLAGS="-Werror" \ CC="$CC" CC_LD="$LINKER" CFLAGS="$CFLAGS" \
CXX="$CXX" CXX_LD="$LINKER" CXXFLAGS="-Werror" \ CXX="$CXX" CXX_LD="$LINKER" CXXFLAGS="$CXXFLAGS" \
meson setup \ meson setup \
-Dtests=unsafe -Dslow-tests=true -Dfuzz-tests=true --werror \ -Dtests=unsafe -Dslow-tests=true -Dfuzz-tests=true --werror \
-Dnobody-group=nogroup -Dcryptolib="${CRYPTOLIB:?}" -Ddebug=false \ -Dnobody-group=nogroup -Dcryptolib="${CRYPTOLIB:?}" -Ddebug=false \

2
.github/workflows/build_test.yml vendored
View File

@ -17,7 +17,7 @@ permissions:
jobs: jobs:
build: build:
runs-on: ubuntu-22.04 runs-on: ubuntu-24.04
concurrency: concurrency:
group: ${{ github.workflow }}-${{ toJSON(matrix.env) }}-${{ github.ref }} group: ${{ github.workflow }}-${{ toJSON(matrix.env) }}-${{ github.ref }}
cancel-in-progress: true cancel-in-progress: true

2
.github/workflows/cflite_pr.yml vendored
View File

@ -13,7 +13,7 @@ permissions: read-all
jobs: jobs:
PR: PR:
runs-on: ubuntu-latest runs-on: ubuntu-24.04
if: github.repository != 'systemd/systemd' || github.event.pull_request.user.login == 'dependabot[bot]' if: github.repository != 'systemd/systemd' || github.event.pull_request.user.login == 'dependabot[bot]'
concurrency: concurrency:
group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ github.ref }} group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ github.ref }}

3
.github/workflows/cifuzz.yml vendored
View File

@ -22,7 +22,8 @@ on:
- main - main
jobs: jobs:
Fuzzing: Fuzzing:
runs-on: ubuntu-latest # FIXME: Figure out why 32-bit applications fail to run in docker on Ubuntu 24.04.
runs-on: ubuntu-22.04
if: github.repository == 'systemd/systemd' if: github.repository == 'systemd/systemd'
concurrency: concurrency:
group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ matrix.architecture }}-${{ github.ref }} group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ matrix.architecture }}-${{ github.ref }}

2
.github/workflows/codeql.yml vendored
View File

@ -27,7 +27,7 @@ jobs:
analyze: analyze:
name: Analyze name: Analyze
if: github.repository != 'systemd/systemd-security' if: github.repository != 'systemd/systemd-security'
runs-on: ubuntu-22.04 runs-on: ubuntu-24.04
concurrency: concurrency:
group: ${{ github.workflow }}-${{ matrix.language }}-${{ github.ref }} group: ${{ github.workflow }}-${{ matrix.language }}-${{ github.ref }}
cancel-in-progress: true cancel-in-progress: true

2
.github/workflows/coverity.yml vendored
View File

@ -14,7 +14,7 @@ permissions:
jobs: jobs:
build: build:
runs-on: ubuntu-22.04 runs-on: ubuntu-24.04
if: github.repository == 'systemd/systemd' if: github.repository == 'systemd/systemd'
env: env:
# Set in repo settings -> secrets -> actions # Set in repo settings -> secrets -> actions

2
.github/workflows/development_freeze.yml vendored
View File

@ -17,7 +17,7 @@ jobs:
github.event.workflow_run.event == 'pull_request' && github.event.workflow_run.event == 'pull_request' &&
github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.conclusion == 'success' &&
github.repository == 'systemd/systemd' github.repository == 'systemd/systemd'
runs-on: ubuntu-22.04 runs-on: ubuntu-24.04
permissions: permissions:
pull-requests: write pull-requests: write

2
.github/workflows/differential-shellcheck.yml vendored
View File

@ -16,7 +16,7 @@ permissions:
jobs: jobs:
lint: lint:
if: github.event.repository.name != 'systemd-security' if: github.event.repository.name != 'systemd-security'
runs-on: ubuntu-latest runs-on: ubuntu-24.04
permissions: permissions:
security-events: write security-events: write

2
.github/workflows/gather-pr-metadata.yml vendored
View File

@ -12,7 +12,7 @@ permissions:
jobs: jobs:
gather-metadata: gather-metadata:
if: github.repository == 'systemd/systemd' if: github.repository == 'systemd/systemd'
runs-on: ubuntu-22.04 runs-on: ubuntu-24.04
steps: steps:
- name: Repository checkout - name: Repository checkout

2
.github/workflows/issue_labeler.yml vendored
View File

@ -10,7 +10,7 @@ permissions:
jobs: jobs:
label-component: label-component:
runs-on: ubuntu-22.04 runs-on: ubuntu-24.04
permissions: permissions:
issues: write issues: write

2
.github/workflows/labeler.yml vendored
View File

@ -24,7 +24,7 @@ permissions:
jobs: jobs:
triage: triage:
if: github.repository == 'systemd/systemd' if: github.repository == 'systemd/systemd'
runs-on: ubuntu-latest runs-on: ubuntu-24.04
permissions: permissions:
pull-requests: write pull-requests: write

4
.github/workflows/linter.yml vendored
View File

@ -16,7 +16,7 @@ permissions:
jobs: jobs:
build: build:
name: Lint Code Base name: Lint Code Base
runs-on: ubuntu-latest runs-on: ubuntu-24.04
concurrency: concurrency:
group: ${{ github.workflow }}-${{ github.ref }} group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true cancel-in-progress: true
@ -29,7 +29,7 @@ jobs:
fetch-depth: 0 fetch-depth: 0
- name: Lint Code Base - name: Lint Code Base
uses: super-linter/super-linter/slim@4e51915f4a812abf59fed160bb14595c0a38a9e7 uses: super-linter/super-linter/slim@88ea3923a7e1f89dd485d079f6eb5f5e8f937589
env: env:
DEFAULT_BRANCH: main DEFAULT_BRANCH: main
MULTI_STATUS: false MULTI_STATUS: false

2
.github/workflows/make_release.yml vendored
View File

@ -11,7 +11,7 @@ permissions:
jobs: jobs:
release: release:
if: github.repository == 'systemd/systemd' || github.repository == 'systemd/systemd-stable' if: github.repository == 'systemd/systemd' || github.repository == 'systemd/systemd-stable'
runs-on: ubuntu-latest runs-on: ubuntu-24.04
permissions: permissions:
contents: write contents: write

3
.github/workflows/mkosi.yml vendored
View File

@ -46,7 +46,7 @@ permissions:
jobs: jobs:
ci: ci:
runs-on: ubuntu-22.04 runs-on: ubuntu-24.04
concurrency: concurrency:
group: ${{ github.workflow }}-${{ matrix.distro }}-${{ matrix.release }}-${{ github.ref }} group: ${{ github.workflow }}-${{ matrix.distro }}-${{ matrix.release }}-${{ github.ref }}
cancel-in-progress: true cancel-in-progress: true
@ -159,6 +159,7 @@ jobs:
meson \ meson \
gperf \ gperf \
libfdisk-dev \ libfdisk-dev \
libmount-dev \
libtss2-dev \ libtss2-dev \
libblkid-dev \ libblkid-dev \
libmicrohttpd-dev \ libmicrohttpd-dev \

2
.github/workflows/scorecards.yml vendored
View File

@ -23,7 +23,7 @@ jobs:
analysis: analysis:
name: Scorecards analysis name: Scorecards analysis
if: github.repository == 'systemd/systemd' if: github.repository == 'systemd/systemd'
runs-on: ubuntu-latest runs-on: ubuntu-24.04
permissions: permissions:
id-token: write # Used to receive a badge. id-token: write # Used to receive a badge.

15
.github/workflows/unit_tests.sh vendored
View File

@ -53,14 +53,15 @@ for phase in "${PHASES[@]}"; do
SETUP) SETUP)
info "Setup phase" info "Setup phase"
# This is added by default, and it is often broken, but we don't need anything from it # This is added by default, and it is often broken, but we don't need anything from it
rm -f /etc/apt/sources.list.d/microsoft-prod.list rm -f /etc/apt/sources.list.d/microsoft-prod.{list,sources}
# PPA with some newer build dependencies # add-apt-repository --enable-source does not work on deb822 style sources.
add-apt-repository -y --no-update ppa:upstream-systemd-ci/systemd-ci for f in /etc/apt/sources.list.d/*.sources; do
add-apt-repository -y --no-update --enable-source sed -i "s/Types: deb/Types: deb deb-src/g" "$f"
done
apt-get -y update apt-get -y update
apt-get -y build-dep systemd apt-get -y build-dep systemd
apt-get -y install "${ADDITIONAL_DEPS[@]}" apt-get -y install "${ADDITIONAL_DEPS[@]}"
pip3 install -r .github/workflows/requirements.txt --require-hashes pip3 install -r .github/workflows/requirements.txt --require-hashes --break-system-packages
# Make sure the build dir is accessible even when drop privileges, otherwise the unprivileged # Make sure the build dir is accessible even when drop privileges, otherwise the unprivileged
# part of test-execute gets skipped, since it can't run systemd-executor # part of test-execute gets skipped, since it can't run systemd-executor
@ -71,6 +72,8 @@ for phase in "${PHASES[@]}"; do
if [[ "$phase" =~ ^RUN_CLANG ]]; then if [[ "$phase" =~ ^RUN_CLANG ]]; then
export CC=clang export CC=clang
export CXX=clang++ export CXX=clang++
export CFLAGS="-fno-sanitize=function"
export CXXFLAGS="-fno-sanitize=function"
if [[ "$phase" == RUN_CLANG ]]; then if [[ "$phase" == RUN_CLANG ]]; then
# The docs build is slow and is not affected by compiler/flags, so do it just once # The docs build is slow and is not affected by compiler/flags, so do it just once
MESON_ARGS+=(-Dman=enabled) MESON_ARGS+=(-Dman=enabled)
@ -95,6 +98,8 @@ for phase in "${PHASES[@]}"; do
if [[ "$phase" =~ ^RUN_CLANG_ASAN_UBSAN ]]; then if [[ "$phase" =~ ^RUN_CLANG_ASAN_UBSAN ]]; then
export CC=clang export CC=clang
export CXX=clang++ export CXX=clang++
export CFLAGS="-fno-sanitize=function"
export CXXFLAGS="-fno-sanitize=function"
# Build fuzzer regression tests only with clang (for now), # Build fuzzer regression tests only with clang (for now),
# see: https://github.com/systemd/systemd/pull/15886#issuecomment-632689604 # see: https://github.com/systemd/systemd/pull/15886#issuecomment-632689604
# -Db_lundef=false: See https://github.com/mesonbuild/meson/issues/764 # -Db_lundef=false: See https://github.com/mesonbuild/meson/issues/764

2
.github/workflows/unit_tests.yml vendored
View File

@ -14,7 +14,7 @@ permissions:
jobs: jobs:
build: build:
runs-on: ubuntu-22.04 runs-on: ubuntu-24.04
concurrency: concurrency:
group: ${{ github.workflow }}-${{ matrix.run_phase }}-${{ matrix.cryptolib }}-${{ github.ref }} group: ${{ github.workflow }}-${{ matrix.run_phase }}-${{ matrix.cryptolib }}-${{ github.ref }}
cancel-in-progress: true cancel-in-progress: true

3
mkosi.conf
View File

@ -10,9 +10,6 @@ MinimumVersion=23~devel
@CacheDirectory=build/mkosi.cache @CacheDirectory=build/mkosi.cache
[Content] [Content]
# The kernel versions in CentOS Stream 9 and Ubuntu 22.04 don't support orphan_file, but later
# versions of mkfs.ext4 enabled it by default, so we disable it explicitly.
Environment=SYSTEMD_REPART_MKFS_OPTIONS_EXT4="-O ^orphan_file"
@SELinuxRelabel=no @SELinuxRelabel=no
BuildSourcesEphemeral=yes BuildSourcesEphemeral=yes

3
mkosi.images/system/mkosi.conf.d/10-centos/mkosi.conf
View File

@ -5,6 +5,9 @@ Distribution=centos
[Content] [Content]
Environment= Environment=
# The kernel versions in CentOS Stream 9 doesn't support orphan_file, but later versions of
# mkfs.ext4 enabled it by default, so we disable it explicitly.
Environment=SYSTEMD_REPART_MKFS_OPTIONS_EXT4="-O ^orphan_file"
GIT_URL=https://git.centos.org/rpms/systemd.git GIT_URL=https://git.centos.org/rpms/systemd.git
GIT_BRANCH=c9s-sig-hyperscale GIT_BRANCH=c9s-sig-hyperscale
GIT_COMMIT=8cf2aed0181920611421384f7374720db269d6c7 GIT_COMMIT=8cf2aed0181920611421384f7374720db269d6c7

13
mkosi.images/system/mkosi.postinst.chroot
View File

@ -38,15 +38,10 @@ cp "$SRCDIR/factory/etc/nsswitch.conf" /etc/nsswitch.conf
# Remove to make TEST-73-LOCALE pass on Ubuntu. # Remove to make TEST-73-LOCALE pass on Ubuntu.
rm -f /etc/default/keyboard rm -f /etc/default/keyboard
# mkfs.ext4 on CentOS doesn't know the orphan_file feature so clear the mkfs options when we're building for # This is executed inside the chroot so no need to disable any features as the default features will match
# CentOS. # the kernel's supported features.
if [[ "$DISTRIBUTION" == "centos" ]]; then SYSTEMD_REPART_MKFS_OPTIONS_EXT4="" \
SYSTEMD_REPART_MKFS_OPTIONS_EXT4="" systemd-repart \
fi
export SYSTEMD_REPART_MKFS_OPTIONS_EXT4
systemd-repart \
--empty=create \ --empty=create \
--dry-run=no \ --dry-run=no \
--size=auto \ --size=auto \