Evgeny Vereshchagin
2e0c2fb8fb
cifuzz,cflite: set mmap_rnd_bits to 28
...
to get MSan jobs to work with the latest Ubuntu images.
https://github.com/google/sanitizers/issues/1614
https://github.com/actions/runner-images/issues/9491
2024-03-15 21:58:41 +09:00
Daan De Meyer
e399efea79
mkosi: Enable KVM
...
Since https://github.blog/2024-01-17-github-hosted-runners-double-the-power-for-open-source/ ,
it seems that KVM is supported on GA runners, so let's explicitly
enable it to make sure it is used.
We update mkosi to latest and set QemuFirmware=uefi to disable
secure boot which crashes qemu until https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2038777
is fixed.
2024-03-13 23:45:11 +01:00
dependabot[bot]
a17ae1f8d5
build(deps): bump github/codeql-action from 3.24.6 to 3.24.7
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.24.6 to 3.24.7.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](8a470fddaf...3ab4101902
2024-03-13 23:16:19 +01:00
dependabot[bot]
e065f1c41b
build(deps): bump actions/checkout from 4.1.1 to 4.1.2
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.1 to 4.1.2.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](b4ffde65f4...9bb56186c3
2024-03-13 20:15:20 +01:00
dependabot[bot]
660efa717c
build(deps): bump meson from 1.3.2 to 1.4.0 in /.github/workflows
...
Bumps [meson](https://github.com/mesonbuild/meson ) from 1.3.2 to 1.4.0.
- [Release notes](https://github.com/mesonbuild/meson/releases )
- [Commits](https://github.com/mesonbuild/meson/compare/1.3.2...1.4.0 )
---
updated-dependencies:
- dependency-name: meson
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-03-13 19:26:52 +01:00
dependabot[bot]
9daa5b2a96
build(deps): bump softprops/action-gh-release from 1 to 2
...
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release ) from 1 to 2.
- [Release notes](https://github.com/softprops/action-gh-release/releases )
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md )
- [Commits](de2c0eb89a...9d7c94cfd0
2024-03-13 19:26:03 +01:00
Frantisek Sumsal
b7c7498de8
ci: reduce ASLR entropy
...
The latest GH Action runners started using 32-bit entropy for ASLR,
which makes it incompatible with llvm-14. This was fixed in later llvm
releases, but these aren't available on Ubuntu Jammy (22.04). Let's
reduce the ASLR entropy to 28-bit, which should make llvm happy again,
until the issue is resolved.
See: https://github.com/actions/runner-images/issues/9491
2024-03-12 16:17:46 +00:00
Daan De Meyer
61fbdd441f
Merge pull request #31345 from DaanDeMeyer/mkosi-packages
...
Build distribution packages in mkosi
2024-03-07 11:12:14 +01:00
Daan De Meyer
4d0f1451b5
Build distribution packages in mkosi
...
Instead of running meson install and hoping for the best, let's build
distribution packages from the downstream packaging specs. This gets
us the following:
- Vastly simplified mkosi scripts since we don't need a separate initrd
image anymore but can just reuse the default mkosi initrd.
- Almost everything can move to the base image as its not the basis
anymore for the initrd and as such we don't need to care about the
size anymore.
- The systemd packages that get pulled in as dependencies of other
packages get properly uninstalled and replaced with our packages that
we built instead of just installing on top of an existing systemd
installation with no guarantee that everything from that previous
installation was removed.
- Much better testing coverage as what we're testing is much closer
to what will actually be deployed in distributions.
- Immediate feedback if something we change breaks distribution packaging
- We get integration with the distribution for free as we'll automatically
use the proper directories and such instead of having to hack this
into a mkosi build script.
- ...
2024-03-07 10:47:19 +01:00
Daan De Meyer
542bad6552
mkosi: Update to v21
2024-03-07 10:47:01 +01:00
Frantisek Sumsal
7161af9612
ci: explicitly change oom-{score}-adj before running tests
...
For some reason root in GH actions is able to _decrease_ its oom score
even after dropping all capabilities (including CAP_SYS_RESOURCE), until
the oom score is changed explicitly after sudo:
$ systemd-detect-virt
microsoft
$ sudo su -
~# capsh --drop=all -- -c 'capsh --print; grep -H . /proc/self/oom*; choom -p $$ -n -101'
Current: =
Bounding set =
Ambient set =
Current IAB: !cap_chown,!cap_dac_override,!cap_dac_read_search,...,!cap_sys_resource,...,!cap_checkpoint_restore
Securebits: 00/0x0/1'b0
secure-noroot: no (unlocked)
secure-no-suid-fixup: no (unlocked)
secure-keep-caps: no (unlocked)
secure-no-ambient-raise: no (unlocked)
uid=0(root) euid=0(root)
gid=0(root)
groups=0(root)
Guessed mode: UNCERTAIN (0)
/proc/self/oom_adj:8
/proc/self/oom_score:1000
/proc/self/oom_score_adj:500
pid 22180's OOM score adjust value changed from 500 to -101
~# choom -p $$ -n 500
pid 22027's OOM score adjust value changed from 500 to 500
~# capsh --drop=all -- -c 'capsh --print; grep -H . /proc/self/oom*; choom -p $$ -n -101'
Current: =
Bounding set =
Ambient set =
...
uid=0(root) euid=0(root)
gid=0(root)
groups=0(root)
Guessed mode: UNCERTAIN (0)
/proc/self/oom_adj:8
/proc/self/oom_score:1000
/proc/self/oom_score_adj:500
choom: failed to set score adjust value: Permission denied
I have no idea what's going on, but it breaks
exec-oomscoreadjust-negative.service from test-execute when running
unprivileged.
2024-03-06 16:10:47 +01:00
Frantisek Sumsal
c538fecc61
ci: make the build dir accessible when running w/o privileges
...
Otherwise the unprivileged part of test-execute gets silently skipped:
/* test_run_tests_unprivileged */
Successfully forked off '(test-execute-unprivileged)' as PID 20998.
...
pin_callout_binary: build dir binary: /home/runner/work/systemd/systemd/build/systemd-executor
pin_callout_binary: open(/home/runner/work/systemd/systemd/build/systemd-executor)=-13
Failed to pin executor binary: No such file or directory
(test-execute-unprivileged): manager_new, skipping tests: No such file or directory
(test-execute-unprivileged) succeeded.
2024-03-06 16:10:47 +01:00
Luca Boccassi
5e39dc2f30
CI: free up diskspace before mkosi jobs
...
The runner has a lot of useless things installed, taking ~10GB, and
jobs have started to fail when booting images due to lack of disk
space, so delete some directories to make room.
2024-02-27T20:20:58.0998709Z ##[warning]You are running out of disk space. The runner will stop working when the machine runs out of disk space. Free space left: 0 MB
Co-authored-by: Daan De Meyer <daan.j.demeyer@gmail.com>
2024-03-01 20:04:13 +00:00
dependabot[bot]
5346a81024
build(deps): bump meson from 1.3.1 to 1.3.2 in /.github/workflows
...
Bumps [meson](https://github.com/mesonbuild/meson ) from 1.3.1 to 1.3.2.
- [Release notes](https://github.com/mesonbuild/meson/releases )
- [Commits](https://github.com/mesonbuild/meson/compare/1.3.1...1.3.2 )
---
updated-dependencies:
- dependency-name: meson
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-03-01 12:08:07 +01:00
dependabot[bot]
99e59d24f3
build(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.3.0 to 4.3.1.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](26f96dfa69...5d5d22a312
2024-03-01 11:57:31 +01:00
dependabot[bot]
ba959322a4
build(deps): bump github/codeql-action from 3.22.12 to 3.24.6
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.22.12 to 3.24.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](012739e508...8a470fddaf
2024-03-01 11:06:02 +01:00
dependabot[bot]
04dd8258b4
build(deps): bump redhat-plumbers-in-action/differential-shellcheck
...
Bumps [redhat-plumbers-in-action/differential-shellcheck](https://github.com/redhat-plumbers-in-action/differential-shellcheck ) from 5.0.2 to 5.1.0.
- [Release notes](https://github.com/redhat-plumbers-in-action/differential-shellcheck/releases )
- [Changelog](https://github.com/redhat-plumbers-in-action/differential-shellcheck/blob/main/docs/CHANGELOG.md )
- [Commits](91e2582e40...b9df2a9417
2024-03-01 10:57:00 +01:00
Jan Macku
464b03d23c
ci(lint): temporarily disable ShellCheck for bash-completion
...
This commit should be reverted once bash completion is in better shape when it comes to ShellCheck.
2024-02-27 15:41:28 +01:00
Jan Macku
b2e0caf882
ci(lint): exclude zsh completion from ShellCheck
...
zsh is not supported by ShellCheck
2024-02-27 15:41:28 +01:00
dependabot[bot]
0279c0abf3
build(deps): bump systemd/mkosi
...
Bumps [systemd/mkosi](https://github.com/systemd/mkosi ) from dbce89aabda438ba58080366631b2c242e365f21 to 070528fec478fc93af7ec057a5d2fd0045123c99.
- [Release notes](https://github.com/systemd/mkosi/releases )
- [Changelog](https://github.com/systemd/mkosi/blob/main/NEWS.md )
- [Commits](dbce89aabd...070528fec4
2024-02-09 16:28:12 +01:00
dependabot[bot]
f6f00383ff
build(deps): bump actions/upload-artifact from 4.0.0 to 4.3.0
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.0.0 to 4.3.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](c7d193f32e...26f96dfa69
2024-02-01 12:18:13 +01:00
dependabot[bot]
12d1e448b2
build(deps): bump redhat-plumbers-in-action/advanced-issue-labeler
...
Bumps [redhat-plumbers-in-action/advanced-issue-labeler](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler ) from 2.0.6 to 3.0.0.
- [Release notes](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler/releases )
- [Commits](71bcf99aef...9e55064634
2024-02-01 10:57:02 +01:00
Luca Boccassi
431f836bd4
CI: set TZ= in a unit test run to ensure tests don't break
2024-01-26 00:25:04 +00:00
Frantisek Sumsal
ee23a85561
ci: install python3-pytest for ukify tests
2024-01-16 21:36:05 +01:00
Daan De Meyer
52842bb2c5
mkosi: Build a directory image by default
...
Both building and booting a directory image is much faster than
building or booting a disk image so let's default to a directory
image.
In CI, we stick to a disk image to make sure that keeps working as
well.
The only extra dependency this introduces is virtiofsd which is
packaged in all distributions except Debian stable. For users
hacking on systemd on Debian stable, a disk image can be built by
writing the following to mkosi.local.conf:
```
[Output]
Format=disk
```
2024-01-12 16:19:48 +01:00
Daan De Meyer
8c018edb0a
mkosi: Update to latest
...
The mkosi github action doesn't set up the host machine for building
full images anymore. Instead, only sufficient packages are installed
to be able to build tools trees so we configure a fedora tools tree
to build the actual images.
2024-01-09 14:58:34 +00:00
Frantisek Sumsal
96e4c62698
ci: build with -O2 and -Wmaybe-uninitialized
...
According to the comment in meson.build this should be a supported
configuration, so let's test it in the CI as well.
2024-01-04 21:27:10 +01:00
Frantisek Sumsal
b3fb73a5f2
ci: allow testing changes made to labeler configuration
2024-01-02 12:52:03 +01:00
Frantisek Sumsal
17b056a340
ci: use a boolean value for the boolean field
...
The issue[0] behind this workaround has been resolved[1], so we can set it
to a proper boolean field.
[0] https://github.com/systemd/systemd/issues/18671
[1] https://github.com/actions/labeler/pull/480
2024-01-02 12:42:03 +01:00
dependabot[bot]
01b50b4aaf
build(deps): bump github/codeql-action from 2.22.8 to 3.22.12
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.22.8 to 3.22.12.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](407ffafae6...012739e508
2024-01-01 13:52:09 +00:00
dependabot[bot]
f88c9b0728
build(deps): bump actions/labeler from 4.3.0 to 5.0.0
...
Bumps [actions/labeler](https://github.com/actions/labeler ) from 4.3.0 to 5.0.0.
- [Release notes](https://github.com/actions/labeler/releases )
- [Commits](ac9175f8a1...8558fd7429
2024-01-01 13:22:27 +00:00
dependabot[bot]
94ce8e248e
build(deps): bump actions/upload-artifact from 3.1.2 to 4.0.0
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3.1.2 to 4.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](0b7f8abb15...c7d193f32e
2024-01-01 13:19:03 +00:00
dependabot[bot]
13efb5cbd3
build(deps): bump meson from 1.3.0 to 1.3.1 in /.github/workflows
...
Bumps [meson](https://github.com/mesonbuild/meson ) from 1.3.0 to 1.3.1.
- [Release notes](https://github.com/mesonbuild/meson/releases )
- [Commits](https://github.com/mesonbuild/meson/compare/1.3.0...1.3.1 )
---
updated-dependencies:
- dependency-name: meson
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-01-01 13:17:28 +00:00
dependabot[bot]
ba47598aef
build(deps): bump meson from 1.2.3 to 1.3.0 in /.github/workflows
...
Bumps [meson](https://github.com/mesonbuild/meson ) from 1.2.3 to 1.3.0.
- [Release notes](https://github.com/mesonbuild/meson/releases )
- [Commits](https://github.com/mesonbuild/meson/compare/1.2.3...1.3.0 )
---
updated-dependencies:
- dependency-name: meson
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-01 14:49:19 +00:00
dependabot[bot]
d50a357dce
build(deps): bump redhat-plumbers-in-action/differential-shellcheck
...
Bumps [redhat-plumbers-in-action/differential-shellcheck](https://github.com/redhat-plumbers-in-action/differential-shellcheck ) from 5.0.1 to 5.0.2.
- [Release notes](https://github.com/redhat-plumbers-in-action/differential-shellcheck/releases )
- [Changelog](https://github.com/redhat-plumbers-in-action/differential-shellcheck/blob/main/docs/CHANGELOG.md )
- [Commits](aa647ec446...91e2582e40
2023-12-01 14:48:48 +00:00
dependabot[bot]
135c249147
build(deps): bump redhat-plumbers-in-action/devel-freezer
...
Bumps [redhat-plumbers-in-action/devel-freezer](https://github.com/redhat-plumbers-in-action/devel-freezer ) from 1.0.7 to 1.0.8.
- [Release notes](https://github.com/redhat-plumbers-in-action/devel-freezer/releases )
- [Commits](13b6551f19...67aec4a153
2023-12-01 14:48:14 +00:00
dependabot[bot]
e8bad6615d
build(deps): bump actions/github-script from 6.4.1 to 7.0.1
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from 6.4.1 to 7.0.1.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](d7906e4ad0...60a0d83039
2023-12-01 14:47:23 +00:00
dependabot[bot]
50613206f2
build(deps): bump github/codeql-action from 2.21.9 to 2.22.8
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.21.9 to 2.22.8.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](ddccb87388...407ffafae6
2023-12-01 14:46:46 +00:00
Luca Boccassi
edb37ee15c
Revert "mkosi ci: enable jammy-proposed"
...
libsolv has migrated to jammy-updates, so we can disable the
proposed-updates repository again.
This reverts commit 48bfc6791d
2023-11-29 17:30:54 +01:00
Daan De Meyer
bcb335ac68
Update to mkosi v19
...
- Use mkosi.images/ instead of mkosi.presets/
- Use the .chroot suffix to run scripts in the image
- Use BuildSources= match for the kernel build
- Move 10-systemd.conf to mkosi.conf and rely on mkosi.local.conf
for local configuration
2023-11-28 19:54:58 +01:00
Luca Boccassi
48bfc6791d
mkosi ci: enable jammy-proposed
...
This will bring in the fix for rawhide/tumbleweed builds (new libsolv
capable of handling zstd). If all goes well it will migrate to jammy
proper in a week and it can be reverted
2023-11-17 14:14:18 +00:00
Lennart Poettering
7e91c97aff
ci: work around mold/clang incompat
...
See discussion:
https://github.com/systemd/systemd/pull/30003#issuecomment-1808349258
2023-11-13 16:24:17 +01:00
Luca Boccassi
37f16ef072
ci: add -Dutmp=false coverage
2023-11-08 18:41:47 +00:00
Luca Boccassi
c13e6c720d
mkosi: explicitly disable KVM in GHA runs
...
mkosi detects whether /dev/kvm is available and uses it if it is. But
some GHA hosts have it, but it's broken and not supported, so we need
to explicitly disable it.
2023-11-02 12:16:11 +00:00
dependabot[bot]
6a4d0efa00
build(deps): bump meson from 1.2.2 to 1.2.3 in /.github/workflows
...
Bumps [meson](https://github.com/mesonbuild/meson ) from 1.2.2 to 1.2.3.
- [Release notes](https://github.com/mesonbuild/meson/releases )
- [Commits](https://github.com/mesonbuild/meson/compare/1.2.2...1.2.3 )
---
updated-dependencies:
- dependency-name: meson
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-11-01 19:28:19 +00:00
dependabot[bot]
ca4d726205
build(deps): bump ninja from 1.11.1 to 1.11.1.1 in /.github/workflows
...
Bumps [ninja](https://github.com/ninja-build/ninja ) from 1.11.1 to 1.11.1.1.
- [Release notes](https://github.com/ninja-build/ninja/releases )
- [Commits](https://github.com/ninja-build/ninja/commits )
---
updated-dependencies:
- dependency-name: ninja
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-11-01 17:30:30 +00:00
dependabot[bot]
094632a0ef
build(deps): bump actions/checkout from 4.1.0 to 4.1.1
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8ade135a41...b4ffde65f4
2023-11-01 12:32:55 +00:00
dependabot[bot]
ac60a3a41e
build(deps): bump redhat-plumbers-in-action/differential-shellcheck
...
Bumps [redhat-plumbers-in-action/differential-shellcheck](https://github.com/redhat-plumbers-in-action/differential-shellcheck ) from 4.2.2 to 5.0.1.
- [Release notes](https://github.com/redhat-plumbers-in-action/differential-shellcheck/releases )
- [Changelog](https://github.com/redhat-plumbers-in-action/differential-shellcheck/blob/main/docs/CHANGELOG.md )
- [Commits](ac4483d8c6...aa647ec446
2023-11-01 12:30:41 +00:00
dependabot[bot]
f211277934
build(deps): bump ossf/scorecard-action from 2.2.0 to 2.3.1
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.2.0 to 2.3.1.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](08b4669551...0864cf1902
2023-11-01 12:26:57 +00:00
Luca Boccassi
64ec2d073f
CI: add a build job with TPM but without OpenSSL
...
We keep introducing build failures with this combination due to the
high amount of changes, add a combination that covers it
2023-10-27 14:03:23 +01:00
