IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
We recently added caching for the dependencies we build from source
in mkosi's github action which speeds up builds by +-10 minutes. Let's
update to the latest commit so we benefit from this in systemd's mkosi
CI as well.
This makes sure that building ia32 EFI binaries on x86_64 works.
We force gnu-efi support to ensure it's not skipped by accident
and provide the lib32 dir manually, because clang does not support
'--print-multi-os-directory', which is used to auto-detect it.
Make sure our RPM macros work as intended. Based on the original PR
(#16464) by Mikhail Novosyolov.
Co-authored-by: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
Now that mkosi has centos-stream 9 support, let's add a config in
the repo so that the mkosi CI tests that configuration as well.
Centos doesn't support btrfs so we use xfs instead. For some reason,
building --hostonly-initrd centos images breaks the qemu boot so I
disabled that option for centos.
We update the mkosi commit hash to 0dd39c20a4
which adds the PowerTools repo to CentOS Stream 8 which is required
to make all the necessary packages required to build systemd on
CentOS Stream 8 available.
For some reason Ubuntu Focal repositories now have `llvm-13` virtual
package which can't be installed, but successfully fools our check,
resulting in no clang/llvm being installed...
```
$ apt show llvm-13
Package: llvm-13
State: not a real package (virtual)
N: Can't select candidate version from package llvm-13 as it has no candidate
N: Can't select versions from package 'llvm-13' as it is purely virtual
N: No packages found
$ apt install --dry-run llvm-13
Reading package lists... Done
Building dependency tree
Reading state information... Done
Package llvm-13 is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
E: Package 'llvm-13' has no installation candidate
```
The packages are installed to provide the dhcpd binary, used by
test/test-network/systemd-networkd-tests.py, but we don't need the units
to run, and in fact in some cases the image fails to boot because of
them:
Spawning container image on /home/runner/work/systemd/systemd/image.raw.
Press ^] three times within 1s to kill container.
● isc-dhcp-server.service loaded failed failed ISC DHCP IPv4 server
● isc-dhcp-server6.service loaded failed failed ISC DHCP IPv6 server
Container image failed with error code 1.
Error: Process completed with exit code 1.
Mask the units with an --extra-tree.
to, hopefully, get rid of the following error:
```
2022-02-13 13:32:12 [ERROR] Failed to get [GITHUB_TOKEN]!
2022-02-13 13:32:12 [ERROR] []
2022-02-13 13:32:12 [ERROR] Please set a [GITHUB_TOKEN] from the main workflow environment to take advantage of multiple status reports!
```
The 'slim' version drops certain storage-heavy linters[0] which we don't
use anyway, so let's make the job a bit faster by downloading and using
a smaller image.
[0] https://github.com/github/super-linter#slim-image
CIFuzz has been kind of broken for a couple months because
coverage reports downloaded from OSS-Fuzz contain absolute
paths while paths to files changed in PRs are relative and they
don't match. It makes it kind of hard for CIFuzz to figure out
what it should run so it runs either all fuzz targets or just new
fuzz targets. Until that issue is fixed let's just always predictably run
all fuzz targets.
Judging by
ERROR! Failed to call GitHub Status API!
it doesn't seem to work. Even if it did it would just clutter the status
checks I think so let's just remove MULTI_STATUS along with
GITHUB_TOKEN.
some actions like Coverity and CFLite aren't run on every PR so to make
sure they are more or less fine when they are changed it makes sense to
at least check them with superlinter/actionlint: https://github.com/rhysd/actionlint
The following warnings were fixed along the way:
```
.github/workflows/mkosi.yml:55:7: shellcheck reported issue in this script: SC2086:info:6:14: Double quote to prevent globbing and word splitting [shellcheck]
|
55 | run: |
| ^~~~
.github/workflows/mkosi.yml:55:7: shellcheck reported issue in this script: SC2046⚠️6:40: Quote this to prevent word splitting [shellcheck]
|
55 | run: |
| ^~~~
.github/workflows/mkosi.yml:55:7: shellcheck reported issue in this script: SC2006:style:6:40: Use $(...) notation instead of legacy backticked `...` [shellcheck]
|
55 | run: |
| ^~~~
```
```
.github/workflows/coverity.yml:31:9: shellcheck reported issue in this script: SC2086:info:1:93: Double quote to prevent globbing and word splitting [shellcheck]
|
31 | run: echo "COVERITY_SCAN_NOTIFICATION_EMAIL=$(git log -1 ${{ github.sha }} --pretty=\"%aE\")" >> $GITHUB_ENV
| ^~~~
```
The idea behind this action is to make it possible to compare the
latest fuzz targets with PRs to figure out whether bugs are really
reproducible in PRs only. Since forks (including systemd-stable) are
usually based on the upstream repository where almost all the bugs
are fixed before releases are cut it should be safe to assume that
if CFLite finds bugs in PRs they are most likely introduced in those
PRs.
It should probably be brought back once https://github.com/google/clusterfuzzlite/issues/84
is fixed.
It's like CIFuzz but unlike CIFuzz it's compatible with forks and
it should make it possible to run the fuzzers to make sure that
patches backported to them are backported correctly without introducing
new bugs and regressions.
Those dependencies are also used by Coverity and Codeql so
it should be installed there to get them to analyze that code.
Judging by https://github.com/systemd/systemd/pull/22137 it seems
to be working.
to make it easier to figure out why it fails.
For example in https://github.com/systemd/systemd/runs/4799774735?check_suite_focus=true
it failed with
```
meson.build:1003:8: ERROR: Command "/usr/bin/clang -print-targets" failed with status 1.
A full log can be found at /home/runner/work/systemd/systemd/build/meson-logs/meson-log.txt
Error: Process completed with exit code 1.
```
and it wasn't clear what exactly happened there.
Let's assign a specific -Dcryptolib= value to each job to have at least
some coverage for all supported cryptolibs without unnecessarily
multiplying the test matrix.
Should provide coverage for #21880.
So we can mitigate (to some degree) the reoccurring "dissect timeout"
issue:
```
Run sudo python3 -m mkosi boot systemd.unit=mkosi-check-and-shutdown.service !quiet systemd.log_level=debug systemd.log_target=console udev.log_level=info systemd.default_standard_output=journal+console
Failed to dissect image '/home/runner/work/systemd/systemd/image.raw': Connection timed out
Error: Process completed with exit code 1.
```
otherwise we end up with more than one job with the same identifier in
one run, causing some of them to get cancelled unexpectedly.
A quick follow-up to 85bd394df5.
by moving the read permissions to the top level and
granting additional permissions to the specific jobs.
It should help to prevent new jobs that could be added
there eventually from having write access to resources they
most likely would never need.
to let Dependabot keep track of them using SHAs
codeql-actions doesn't point to SHAs because it isn't clear
whether Dependabot supports their release cycle mentioned
at https://github.com/github/codeql-action/issues/307
This reverts commit ab6df52083.
The image build failed during kernel RPM installation (bug in %post
scriptlet). This has been fixed in the package suse-module-tools 16.0.13
[1]. The fix is in openSUSE Tumbleweed repos so the tests can be enabled
again.
[1] https://github.com/openSUSE/suse-module-tools/pull/53Fixes: #21019
It is now ran on the nightly CentOS build, so that it can cover
integration tests too, and not just unit tests. It's nightly as
it considerably increases the integration test runtime, so it's
not appropriate for all PRs.
ATTOW llvm-11 got into focal-updates, which conflicts with llvm-11
provided by the apt.llvm.org repositories. Let's use the system
llvm package if available in such cases to avoid that.
It seems some of the tests break network connectivity on the host,
as the code coverage upload fails to establish a connection.
Run them in a network namespace with 'unshare -n'.
\#20629 moved the mkosi configs to mkosi.default.d/ so we were building
for the host distro (Ubuntu) in each CI configuration. To fix it, we
write the distro we want to test to a mkosi.default file and mkosi
will apply the other necessary configs automatically from mkosi.default.d/<distro>
This commit also removes unnecessary CLI options that are already handled
by the config files.
The current pattern '#' triggers on the openSUSE kernel version that is
printed early during boot when no actual prompt is ready
> [ 0.000000] Linux version 5.12.10-1-default (geeko@buildhost) (gcc (SUSE Linux) 11.1.1 20210510 [revision 23855a176609fe8dda6abaf2b21846b4517966eb], GNU ld (GNU Binutils; openSUSE Tumbleweed) 2.36.1.20210326-4) #1 SMP Fri Jun 11 05:05:06 UTC 2021 (b92eaf7)
Instead wait for pattern that: a) should have fewer false positives, b)
still be with working on distro shells:
openSUSE (red color)
^[[1m^[[31mimage:~ #^[[m^O
arch
[root@image ~]#
debian
root@image:~#
ubuntu
root@image:~#
fedora
[root@image ~]#
