Merge pull request #33774 from DaanDeMeyer/mkosi-backport

v256-stable: Backport various mkosi changes
2025-01-24 06:04:05 +03:00 · 2024-07-18 22:35:11 +02:00 · 2024-07-18 22:35:11 +02:00 · fe37213c55
commit fe37213c55
parent ad444842e0 677126d300
11 changed files with 88 additions and 70 deletions
--- a/docs/HACKING.md
+++ b/docs/HACKING.md
@ -29,8 +29,7 @@ For some components (most importantly, systemd/PID 1 itself) this is not possibl
 In order to simplify testing for cases like this we provide a set of `mkosi` config files directly in the source tree.
 [mkosi](https://mkosi.systemd.io/)
 is a tool for building clean OS images from an upstream distribution in combination with a fresh build of the project in the local working directory.
-To make use of this, please install `mkosi` v19 or newer using your distribution's package manager or from the
-[GitHub repository](https://github.com/systemd/mkosi).
+To make use of this, please install `mkosi` from the [GitHub repository](https://github.com/systemd/mkosi#running-mkosi-from-the-repository).
 `mkosi` will build an image for the host distro by default.
 First, run `mkosi genkey` to generate a key and certificate to be used for secure boot and verity signing.
 After that is done, it is sufficient to type `mkosi` in the systemd project directory to generate a disk image you can boot either in `systemd-nspawn` or in a UEFI-capable VM:
@ -45,6 +44,24 @@ or:
 $ mkosi qemu
 ```

+By default, the tools from your host system are used to build the image. To have
+`mkosi` use the systemd tools from the `build/` directory, add the following to
+`mkosi.local.conf`:
+
+```conf
+[Host]
+ExtraSearchPaths=build/
+```
+
+And if you want `mkosi` to build a tools image and use the tools from there
+instead of looking for tools on the host, add the following to
+`mkosi.local.conf`:
+
+```conf
+[Host]
+ToolsTree=default
+```
+
 Every time you rerun the `mkosi` command a fresh image is built, incorporating
 all current changes you made to the project tree. To avoid having to build a new
 image all the time when iterating on a patch, add the following to
@ -76,8 +93,8 @@ pid1 or `systemctl soft-reboot` to restart everything.
 Putting this all together, here's a series of commands for preparing a patch for systemd:

 ```sh
-$ git clone https://github.com/systemd/mkosi.git  # If mkosi v19 or newer is not packaged by your distribution
-$ ln -s $PWD/mkosi/bin/mkosi /usr/local/bin/mkosi # If mkosi v19 or newer is not packaged by your distribution
+$ git clone https://github.com/systemd/mkosi.git
+$ ln -s $PWD/mkosi/bin/mkosi /usr/local/bin/mkosi
 $ git clone https://github.com/systemd/systemd.git
 $ cd systemd
 $ git checkout -b <BRANCH>        # where BRANCH is the name of the branch
--- a/meson.build
+++ b/meson.build
@ -2660,12 +2660,6 @@ foreach executable : ['systemd-journal-remote', 'systemd-measure']
 endforeach

 if mkosi.found()
-        genkey = custom_target('genkey',
-                output : ['mkosi.key', 'mkosi.crt'],
-                command : [mkosi, '--force', 'genkey'],
-                depends : mkosi_depends,
-        )
-
        custom_target('mkosi',
                build_always_stale : true,
                build_by_default: false,
@ -2677,14 +2671,11 @@ if mkosi.found()
                        '--output-dir', meson.current_build_dir() / 'mkosi.output',
                        '--cache-dir', meson.current_build_dir() / 'mkosi.cache',
                        '--build-dir', meson.current_build_dir() / 'mkosi.builddir',
-                        '--secure-boot-key', meson.current_build_dir() / 'mkosi.key',
-                        '--secure-boot-certificate', meson.current_build_dir() / 'mkosi.crt',
-                        '--verity-key', meson.current_build_dir() / 'mkosi.key',
-                        '--verity-certificate', meson.current_build_dir() / 'mkosi.crt',
+                        '--extra-search-path', meson.current_build_dir(),
                        '--force',
                        'build',
                ],
-                depends : mkosi_depends + [genkey],
+                depends : mkosi_depends,
        )
 endif

--- a/mkosi.conf
+++ b/mkosi.conf
@ -56,31 +56,30 @@ SELinuxRelabel=no

 # Adding more kernel command line arguments is likely to hit the kernel command line limit (512 bytes) in
 # various scenarios. Consider adding support for a credential instead if possible and using that.
-KernelCommandLine=systemd.crash_shell
-                  systemd.log_level=debug,console:info
-                  systemd.log_ratelimit_kmsg=0
-                  # Disable the kernel's ratelimiting on userspace logging to kmsg.
-                  printk.devkmsg=on
-                  # Make sure /sysroot is mounted rw in the initrd.
-                  rw
-                  # Lower the default device timeout so we get a shell earlier if the root device does
-                  # not appear for some reason.
-                  systemd.default_device_timeout_sec=30
-                  # Make sure no LSMs are enabled by default.
-                  apparmor=0
-                  selinux=0
-                  enforcing=0
-                  systemd.early_core_pattern=/core
-                  systemd.firstboot=no
-                  raid=noautodetect
-                  oops=panic
-                  panic=-1
-                  softlockup_panic=1
-                  panic_on_warn=1
-                  # These don't ship proper units with [Install] directives so we have to mask them instead.
-                  systemd.mask=isc-dhcp-server.service
-                  systemd.mask=mdmonitor.service
-                  psi=1
+KernelCommandLine=
+        systemd.crash_shell
+        systemd.log_level=debug,console:info
+        systemd.log_ratelimit_kmsg=0
+        # Disable the kernel's ratelimiting on userspace logging to kmsg.
+        printk.devkmsg=on
+        # Make sure /sysroot is mounted rw in the initrd.
+        rw
+        # Lower the default device timeout so we get a shell earlier if the root device does
+        # not appear for some reason.
+        systemd.default_device_timeout_sec=30
+        # Make sure no LSMs are enabled by default.
+        selinux=0
+        systemd.early_core_pattern=/core
+        systemd.firstboot=no
+        raid=noautodetect
+        oops=panic
+        panic=-1
+        softlockup_panic=1
+        panic_on_warn=1
+        # These don't ship proper units with [Install] directives so we have to mask them instead.
+        systemd.mask=isc-dhcp-server.service
+        systemd.mask=mdmonitor.service
+        psi=1

 KernelModulesInitrdExclude=.*
 KernelModulesInitrdInclude=default
@ -126,7 +125,6 @@ Packages=
        tar
        tmux
        tree
-        udev
        util-linux
        valgrind
        which
--- a/mkosi.conf.d/10-centos-fedora/mkosi.conf
+++ b/mkosi.conf.d/10-centos-fedora/mkosi.conf
@ -56,6 +56,5 @@ Packages=
        squashfs-tools
        stress-ng
        tpm2-tools
-        util-linux
        veritysetup
        vim-common
--- a/mkosi.conf.d/10-centos/mkosi.conf
+++ b/mkosi.conf.d/10-centos/mkosi.conf
@ -4,17 +4,16 @@
 Distribution=centos

 [Distribution]
-Release=9
+Release=10

 [Content]
 Environment=
-        Environment=
-                # We'd prefer to use XFS here but it fails to mount on duplicate filesystem UUIDs which
-                # happens when running tests in parallel so we use ext4 instead.
-                SYSTEMD_REPART_OVERRIDE_FSTYPE_ROOT=ext4
-                # The kernel versions in CentOS Stream 9 doesn't support orphan_file, but later versions of
-                # mkfs.ext4 enabled it by default, so we disable it explicitly.
-                SYSTEMD_REPART_MKFS_OPTIONS_EXT4="-O ^orphan_file"
+        # We'd prefer to use XFS here but it fails to mount on duplicate filesystem UUIDs which
+        # happens when running tests in parallel so we use ext4 instead.
+        SYSTEMD_REPART_OVERRIDE_FSTYPE_ROOT=ext4
+        # The kernel versions in CentOS Stream 9 doesn't support orphan_file, but later versions of
+        # mkfs.ext4 enabled it by default, so we disable it explicitly.
+        SYSTEMD_REPART_MKFS_OPTIONS_EXT4="-O ^orphan_file"

 Packages=
        kernel-modules # For squashfs
--- a/mkosi.conf.d/10-extra-search-paths.conf
+++ b/mkosi.conf.d/10-extra-search-paths.conf
@ -1,7 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-PathExists=build/
-
-[Host]
-ExtraSearchPaths=build/
--- a/mkosi.conf.d/10-tools.conf
+++ b/mkosi.conf.d/10-tools.conf
@ -1,8 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-PathExists=!build/
-SystemdVersion=<254
-
-[Host]
-@ToolsTree=default
--- a/mkosi.images/build/mkosi.sync
+++ b/mkosi.images/build/mkosi.sync
@ -3,7 +3,7 @@
 set -e
 set -o nounset

-if ((${NO_SYNC:-0})); then
+if ((${NO_SYNC:-0})) || ((${NO_BUILD:-0})); then
    exit 0
 fi

--- a/mkosi.images/initrd/mkosi.conf
+++ b/mkosi.images/initrd/mkosi.conf
@ -7,8 +7,8 @@ Include=

 [Content]
 ExtraTrees=
-    %D/mkosi.leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions
-    %D/mkosi.coredump-journal-storage.conf:/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf
+        %D/mkosi.leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions
+        %D/mkosi.coredump-journal-storage.conf:/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf

 Packages=
        findutils
--- a/test/README.testsuite
+++ b/test/README.testsuite
@ -14,12 +14,41 @@ We also need to make sure the required meson options are enabled:
 $ meson setup --reconfigure build -Dremote=enabled
 ```

-Next, we can build the integration test image:
+To make sure `mkosi` doesn't try to build systemd from source during the image build
+process, you can add the following to `mkosi.local.conf`:
+
+```
+[Content]
+Environment=NO_BUILD=1
+```
+
+You might also want to use the `PackageDirectories=` or `Repositories=` option to provide
+mkosi with a directory or repository containing the systemd packages that should be installed
+instead. If the repository containing the systemd packages is not a builtin repository known
+by mkosi, you can use the `PackageManagerTrees=` option to write an extra repository definition
+to /etc which is used when building the image instead.
+
+Next, we can build the integration test image with meson:

 ```shell
 $ meson compile -C build mkosi
 ```

+By default, the `mkosi` meson target which builds the integration test image depends on
+other meson targets to build various systemd tools that are used to build the image to make
+sure they are up-to-date. If you instead want the already installed systemd tools on the
+host to be used, you can run `mkosi` manually to build the image. To build the integration test
+image without meson, run the following:
+
+```shell
+$ mkosi -f
+```
+
+Note that by default we assume that `build/` is used as the meson build directory that will be used to run
+the integration tests. If you want to use another directory as the meson build directory, you will have to
+configure the mkosi build directory (`BuildDirectory=`), cache directory (`CacheDirectory=`) and output
+directory (`OutputDirectory=`) to point to the other directory using `mkosi.local.conf`.
+
 After the image has been built, the integration tests can be run with:

 ```shell
--- a/test/TEST-06-SELINUX/meson.build
+++ b/test/TEST-06-SELINUX/meson.build
@ -3,7 +3,7 @@
 integration_tests += [
        integration_test_template + {
                'name' : fs.name(meson.current_source_dir()),
-                'cmdline' : integration_test_template['cmdline'] + ['selinux=1', 'lsm=selinux'],
+                'cmdline' : integration_test_template['cmdline'] + ['selinux=1', 'enforcing=0', 'lsm=selinux'],
                # FIXME; Figure out why reboot sometimes hangs with 'linux' firmware.
                # Use 'auto' to automatically fallback on non-uefi architectures.
                'firmware' : 'auto',