1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-23 21:35:11 +03:00
Commit Graph

650 Commits

Author SHA1 Message Date
dependabot[bot]
89b49c16ef build(deps): bump actions/checkout from 4.1.2 to 4.1.6
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.2 to 4.1.6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](9bb56186c3...a5ac7e51b4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-06-03 13:04:50 +02:00
Daan De Meyer
ebec3c88c3 ci: Build Fedora rawhide with sanitizers in mkosi
Let's make sure one build has sanitizers enabled for extra coverage.
2024-05-31 17:26:13 +02:00
Daan De Meyer
8919f86f57 mkosi: Sanitizer improvements
- Let's set the environment on the kernel command line so it applies
to initrd and main system.
- Let's add the necessary wrappers that are also added in test-functions.
Unlike test-functions we don't use gcc/clang to get the library path as
that requires installing gcc/clang in the initrd.
- Let's drop the hack to get journald writing to the console and have
it write to kmsg instead. We'll get the output either way.
- Stop removing libstdc++ and sanitizer libraries from Arch Linux
initrds and other images as it's required by the sanitizer libraries.
- Add a workaround for specifying extra meson options for opensuse
- Add a leak sanitizer suppression file as a workaround for a false
positive leak in verify_selinuxmnt() in libselinux. We do a soname match
because the stacktrace can't be properly symbolized on Debian.
2024-05-31 17:26:13 +02:00
Luca Boccassi
87d6cedfdb
Merge pull request #33123 from DaanDeMeyer/fix
Two mkosi fixes
2024-05-31 11:38:43 +02:00
Daan De Meyer
3a8e9b4a0e mkosi: Unify device timeout for CI and local runs
Now that we use KVM and don't use repart anymore to create a root
partition on first boot, let's see if we can use the same device timeout
for both local and CI runs.
2024-05-31 10:25:08 +02:00
Daan De Meyer
e2219740f3 mkosi: Drop two unnecessary settings in CI config
We don't build erofs images anymore and the firmware to use is set
per test so no need to configure it the CI config.
2024-05-31 10:23:58 +02:00
dependabot[bot]
d4d59423b5 build(deps): bump redhat-plumbers-in-action/advanced-issue-labeler
Bumps [redhat-plumbers-in-action/advanced-issue-labeler](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler) from 3.0.0 to 3.2.0.
- [Release notes](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler/releases)
- [Commits](9e55064634...d498805e5c)

---
updated-dependencies:
- dependency-name: redhat-plumbers-in-action/advanced-issue-labeler
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-05-31 10:17:44 +02:00
dependabot[bot]
f47f849fad build(deps): bump redhat-plumbers-in-action/devel-freezer
Bumps [redhat-plumbers-in-action/devel-freezer](https://github.com/redhat-plumbers-in-action/devel-freezer) from 1.1.0 to 1.2.0.
- [Release notes](https://github.com/redhat-plumbers-in-action/devel-freezer/releases)
- [Commits](396c94ba8c...ad766eafd5)

---
updated-dependencies:
- dependency-name: redhat-plumbers-in-action/devel-freezer
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-05-31 10:17:10 +02:00
dependabot[bot]
4c8858dda6 build(deps): bump meson from 1.4.0 to 1.4.1 in /.github/workflows
Bumps [meson](https://github.com/mesonbuild/meson) from 1.4.0 to 1.4.1.
- [Release notes](https://github.com/mesonbuild/meson/releases)
- [Commits](https://github.com/mesonbuild/meson/compare/1.4.0...1.4.1)

---
updated-dependencies:
- dependency-name: meson
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-05-31 10:16:56 +02:00
Daan De Meyer
ba592dc715 mkosi: Replace submodules with our own thing
Unfortunately, git submodules break in all sorts of ways:

- Various github workflows (dependabot, github pages) try to do a shallow
clone of git submodules which does not work at all when the git repository
is hosted on pagure (https://pagure.io/pagure/issue/5453,
https://github.com/dependabot/dependabot-core/issues/9391).
- If the git forge hosting the git repository uses SHA256, then it breaks our
usage of it as a submodule as SHA256 repositories cannot be used as submodules
in SHA1 repositories (src.opensuse.org moved to SHA256 which broke our usage of
opensuse's systemd spec as a submodule).
- git submodules completely break usage of git worktrees.
- ...

Let's avoid all these issues by just doing our own home grown implementation of
git submodules. We lose the automatic dependabot updates this way but since dependabot
fails to run more often that not with submodules we don't really lose anything.
2024-05-30 19:31:32 +02:00
Daan De Meyer
074ac66e88 Revert "mkosi: Sanitizer improvements"
This reverts commit aef13ad029.
2024-05-30 14:50:21 +02:00
Daan De Meyer
d54d6197d5 Revert "ci: Build with sanitizers in mkosi"
This reverts commit 639403f9a8.
2024-05-30 14:50:10 +02:00
Daan De Meyer
381918edc9
Merge pull request #32866 from DaanDeMeyer/sanitizers
mkosi: Sanitizers
2024-05-30 14:49:13 +02:00
Daan De Meyer
465d302d48 mkosi: Preserve environment when running integration tests with sudo
Otherwise we won't detect we're running in Github Actions and will
show the wrong command to fetch the journal.
2024-05-30 13:50:27 +02:00
Daan De Meyer
639403f9a8 ci: Build with sanitizers in mkosi 2024-05-30 12:47:45 +02:00
Daan De Meyer
aef13ad029 mkosi: Sanitizer improvements
- Let's set the environment on the kernel command line so it applies
to initrd and main system.
- Let's add the necessary wrappers that are also added in test-functions.
Unlike test-functions we don't use gcc/clang to get the library path as
that requires installing gcc/clang in the initrd.
- Let's drop the hack to get journald writing to the console and have
it write to kmsg instead. We'll get the output either way.
- Stop removing libstdc++ and sanitizer libraries from Arch Linux
initrds and other images as it's required by the sanitizer libraries.
- Add a workaround for specifying extra meson options for opensuse
- Add a leak sanitizer suppression file as a workaround for a false
positive leak in verify_selinuxmnt() in libselinux. We do a soname match
because the stacktrace can't be properly symbolized on Debian.
2024-05-30 12:47:45 +02:00
Daan De Meyer
d12fedd25e mkosi: Run integration tests as root
This allows running integration tests that support it in nspawn
instead of qemu. This both gives extra coverage and speeds things up.
2024-05-29 14:10:50 +02:00
Daan De Meyer
09466b2a0e mkosi: update to latest 2024-05-29 14:10:47 +02:00
Luca Boccassi
0dde8adcf5 Revert "CI: add manual workflow to publish pages to fix submodule issue"
Nope, it's broken, never mind

This reverts commit b0f9c3c648.
2024-05-16 15:31:52 +01:00
Luca Boccassi
b0f9c3c648 CI: add manual workflow to publish pages to fix submodule issue
Cloning the fedora/centos submodules fails because --depth 1 is used. Fork the actions workflow and use fetch-depth: 0 to disable it.
2024-05-16 16:27:40 +02:00
Zbigniew Jędrzejewski-Szmek
f222ef107d mkosi: Restore job for F40
This partially reverts ecf8468dd4.
dist-git was made compatible again with F40.
2024-05-14 21:23:46 +02:00
Daan De Meyer
ecf8468dd4 mkosi: Update fedora to latest
We drop the Fedora 40 job as the latest rawhide spec introduced
dependencies that are not available in Fedora 40.
2024-05-14 20:44:39 +02:00
Daan De Meyer
23d79a84a4 mkosi: Update to latest 2024-05-14 12:43:28 +02:00
Daan De Meyer
5dd3657f86 ci: Optimize pull request labeler
We keep running into rate limits, so let's optimize the number of
requests we do in the pull request labeler to hopefully fix that.
2024-05-07 17:49:54 +02:00
Daan De Meyer
b1670c52ad mkosi: Switch to fedora 40
Enable updates-testing and use the most recent mirror to make sure
we get util-linux 2.40.1 which contains a crucial fix to make sure
the serial terminal in virtual machines works properly.
2024-05-07 11:51:29 +02:00
Daan De Meyer
7681a8ee58 ci: Disable RuntimeBuildSources=
We build with debuginfo, so there's no point to starting virtiofsd
to mount the sources and build directory into the VM, so let's
disable that.
2024-05-06 22:23:37 +02:00
Daan De Meyer
eabf46ef89 ci: Reduce the number of integration tests we run concurrently
Since there's a bunch of CPU hungry systemd-journal-remote processes
running on the host to received the forwarded logs, by running as many
test as the VM has cores we overload the available resources. Let's leave
use the number of cores - 1 to reduce resource contention.
2024-05-06 11:57:09 +02:00
Daan De Meyer
ffda3c3de9 mkosi: Disable ext4's orphan_file feature for centos images
Not supported by e2fsck from centos. We also disable building repart
from source in CI as running it from the build directory means repart
will run mkfs.ext4 from the host which doesn't know about the orphan_file
feature causing it to fail.
2024-05-06 10:56:45 +02:00
Daan De Meyer
81af7ac925 mkosi: Enable udev debug logging in CI
It's very useful to debug race conditions with loop devices, so let's
enable the logging now that it goes to the journal and not to the
console.
2024-05-06 10:56:45 +02:00
Daan De Meyer
1c329956e5 mkosi: Insist on KVM, VSOCK and TPM by default
By default mkosi will not run VMs with these features if they're not
available, but since various stuff in systemd makes use of these, let's
fail loudly if any of these are not available by default in systemd.

Users can still override these defaults locally if they wish.
2024-05-06 10:56:45 +02:00
Daan De Meyer
86e249f326 mkosi: Update to latest 2024-05-06 10:56:45 +02:00
Frantisek Sumsal
57188d1467
Merge pull request #32609 from systemd/dependabot/github_actions/github/super-linter-6
build(deps): bump github/super-linter from 5.0.0 to 6
2024-05-02 10:16:40 +02:00
Frantisek Sumsal
109780a35e ci: point Super-Linter to the new upstream
Looks like since [0] the Super-Linter repo was moved to
super-linter/super-linter and github/super-linter is just a fork, so
let's update the reference accordingly.

[0] 59fac7946c
2024-05-02 09:53:43 +02:00
Frantisek Sumsal
b160ac9c12 ci: explicitly disable multi status for Super-Linter
The multi status feature requires $GITHUB_TOKEN, and since [0] it
defaults to true. Since we don't need it, let's explicitly disable the
feature.

[0] e6e6e1fa5f
2024-05-02 09:46:44 +02:00
dependabot[bot]
6a8bffbc6c build(deps): bump redhat-plumbers-in-action/differential-shellcheck
Bumps [redhat-plumbers-in-action/differential-shellcheck](https://github.com/redhat-plumbers-in-action/differential-shellcheck) from 5.1.1 to 5.1.2.
- [Release notes](https://github.com/redhat-plumbers-in-action/differential-shellcheck/releases)
- [Changelog](https://github.com/redhat-plumbers-in-action/differential-shellcheck/blob/main/docs/CHANGELOG.md)
- [Commits](c15070885a...52bab0caa5)

---
updated-dependencies:
- dependency-name: redhat-plumbers-in-action/differential-shellcheck
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-05-01 16:01:22 +02:00
dependabot[bot]
916102ab89 build(deps): bump redhat-plumbers-in-action/gather-pull-request-metadata
Bumps [redhat-plumbers-in-action/gather-pull-request-metadata](https://github.com/redhat-plumbers-in-action/gather-pull-request-metadata) from 1.6.1 to 1.7.0.
- [Release notes](https://github.com/redhat-plumbers-in-action/gather-pull-request-metadata/releases)
- [Commits](69c703f376...17821d3bc2)

---
updated-dependencies:
- dependency-name: redhat-plumbers-in-action/gather-pull-request-metadata
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-05-01 16:00:48 +02:00
dependabot[bot]
8fb796a423
build(deps): bump github/super-linter from 5.0.0 to 6
Bumps [github/super-linter](https://github.com/github/super-linter) from 5.0.0 to 6.
- [Release notes](https://github.com/github/super-linter/releases)
- [Changelog](https://github.com/github/super-linter/blob/main/CHANGELOG.md)
- [Commits](45fc0d8828...4e51915f4a)

---
updated-dependencies:
- dependency-name: github/super-linter
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-05-01 09:42:38 +00:00
Mike Yuan
2286c15676
development-freeze: suppress warning for some labels 2024-04-29 18:59:02 +08:00
Mike Yuan
274623cc83
labeler: add l10n 🌍 2024-04-29 18:56:54 +08:00
Daan De Meyer
b6df6bef31 mkosi: Update to latest 2024-04-26 13:36:40 +02:00
Daan De Meyer
1731008879 mkosi: Only keep failed test journals and other logs for 7 days
The default retention of 90 days seems a bit long, so drop it to 7
days.
2024-04-25 20:51:11 +02:00
Daan De Meyer
4becd5fb73 mkosi: Only archive outputs in systemd and systemd-stable repositories
Private forks would very quickly reach their quota or spend lots of
money trying to archive all these artifacts, so let's make sure it
only happens on our own repositories.
2024-04-25 20:51:08 +02:00
Richard Maw
292110aa1c ci: Add the meson logs to failure log artifacts
It is not a lot of use to add --debug to tests without it
since only the last 100 lines are printed to console.
2024-04-25 13:05:37 +01:00
Richard Maw
aca6533951 ci: Update mkosi version
The change to add microcode support had a bug in ukify handling
that broke when it should have been picked up from ExtraSearchPaths.
2024-04-25 13:05:37 +01:00
Luca Boccassi
2d0c95f2b2 ci: remove packages.microsoft.com
It is not needed, it publishes things like dotnet, and it is often
broken, so just remove the sources
2024-04-24 18:07:52 +02:00
Richard Maw
0bc1e9592e mkosi: Update to latest 2024-04-24 11:01:35 +02:00
Daan De Meyer
5841b5af48 mkosi: Configure lower retention limit for package artifacts
This is more than 0.5G per job, so let's drop the retention to
4 days to make sure we don't hit github's limits.
2024-04-23 11:58:44 +02:00
Daan De Meyer
279b3d4690 mkosi: Fix Arch Linux package glob 2024-04-23 11:53:28 +02:00
Daan De Meyer
422124072d mkosi: Run integration tests in CI
We do the image build and run the tests in a btrfs loopback so we
can make use of btrfs subvolumes and COW to keep the disk space
requirements to a minimum and speed up the ephemeral copies we make
of the image to run the tests.

We also switch to building debug packages and publishing the built
packages as artifacts.
2024-04-23 10:33:08 +02:00
Daan De Meyer
e3cd320021 mkosi: Update to latest 2024-04-23 10:24:59 +02:00
Daan De Meyer
a32d6161bb mkosi: Update to latest 2024-04-22 09:08:16 +02:00
Frantisek Sumsal
49c11c789a ci: fix systemd-machined component name
Follow-up for d762f4d52d.
2024-04-20 14:38:54 +02:00
Sarvajith Adyanthaya
d762f4d52d Replaced "machined" label with "machine" #32373 2024-04-20 10:53:00 +02:00
Frantisek Sumsal
20730c60dd labeler: merge "logind" label into "login"
Existing issues/PRs were migrated to the login label using:
$ gh search issues --repo systemd/systemd --label logind --limit=1000 --json number -q .[].number | \
        xargs gh issue edit --add-label login --remove-label logind
2024-04-19 18:31:51 +02:00
Daan De Meyer
eadf555fd4 mkosi: Update to latest 2024-04-18 13:26:44 +02:00
Daan De Meyer
22fa7cbccc mkosi: Drop workarounds
With the latest Github Actions image release none of these should
be required anymore (20240414.1.1).
2024-04-17 17:36:36 +02:00
Daan De Meyer
1976b1d86d mkosi: Update to latest 2024-04-15 08:53:25 +02:00
Kristian Klausen
4d95bfcab0 github: add systemd-vmspawn to the issue templates 2024-04-15 14:38:25 +09:00
Daan De Meyer
659cf9191c mkosi: Remove outdated comment 2024-04-14 19:59:21 +02:00
Daan De Meyer
8630fb6041 mkosi: Don't log debug logs to console
We have various tools that log directly to the console, as well as
pid1 which logs directly to the console when running in a container.
Let's make sure that we don't log debug messages to the console by
default, but keep the behavior when running in CI.
2024-04-14 19:59:10 +02:00
Daan De Meyer
962f9d6fb4 mkosi: Update to latest 2024-04-14 19:53:09 +02:00
Daan De Meyer
0e4eba6fcb mkosi: Update to latest 2024-04-09 11:56:45 +02:00
Mike Yuan
8953917d00
labeler: add mountfsd and nsresource 2024-04-08 20:14:37 +08:00
Frantisek Sumsal
ef6a2df7fe ci: fix commit SHA for stefanbuck/github-issue-parser
The SHA for this action was updated by Dependabot in #25900 to a commit
which later disappeared from the repo. Since then Dependabot kept
(silently) failing to bump the SHA further:

updater | 2024/03/31 21:22:13 ERROR <job_807574419> Error processing stefanbuck/github-issue-parser (Dependabot::SharedHelpers::HelperSubprocessFailed)
updater | 2024/03/31 21:22:13 ERROR <job_807574419> error: no such commit c1a559d78bfb8dd05216dab9ffd2b91082ff5324

See: https://github.com/systemd/systemd/pull/25900#issuecomment-2028912672

Let's bump the SHA manually to v3.1.0 to get Dependabot back on the track.

Co-authored-by: Evgeny Vereshchagin <evvers@ya.ru>
2024-04-02 17:19:16 +01:00
dependabot[bot]
427dbbab8c build(deps): bump systemd/mkosi
Bumps [systemd/mkosi](https://github.com/systemd/mkosi) from 31af101620fc2996517d87e86da310f7ba553d58 to 4dfdf98ed2877a1e40f37234e0b8fbba0fec3584.
- [Release notes](https://github.com/systemd/mkosi/releases)
- [Changelog](https://github.com/systemd/mkosi/blob/main/NEWS.md)
- [Commits](31af101620...4dfdf98ed2)

---
updated-dependencies:
- dependency-name: systemd/mkosi
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-04-02 12:38:00 +02:00
dependabot[bot]
76dddd6323 build(deps): bump redhat-plumbers-in-action/differential-shellcheck
Bumps [redhat-plumbers-in-action/differential-shellcheck](https://github.com/redhat-plumbers-in-action/differential-shellcheck) from 5.1.0 to 5.1.1.
- [Release notes](https://github.com/redhat-plumbers-in-action/differential-shellcheck/releases)
- [Changelog](https://github.com/redhat-plumbers-in-action/differential-shellcheck/blob/main/docs/CHANGELOG.md)
- [Commits](b9df2a9417...c15070885a)

---
updated-dependencies:
- dependency-name: redhat-plumbers-in-action/differential-shellcheck
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-04-01 12:11:52 +02:00
Daan De Meyer
e11fe427f8 mkosi: Update to latest 2024-03-27 16:14:15 +01:00
Daan De Meyer
c2720fa55c mkosi: Re-enable OpenSUSE build 2024-03-27 12:20:50 +01:00
Daan De Meyer
b2b3b4ed84 mkosi: Update to latest 2024-03-27 12:20:50 +01:00
Frantisek Sumsal
4651e1428d ci: build with clang-18 2024-03-26 03:14:33 +09:00
Evgeny Vereshchagin
ae0e1cb989 CI: revert the mmap_rnd_bits kludge
This reverts commit 2e0c2fb8fb and commit
b7c7498de8 now that
https://github.com/actions/runner-images/issues/9491 is closed.
2024-03-21 10:22:43 +01:00
Jan Macku
ec8c80eddb ci(freezer): update devel-freezer GHA to v1.1.0
The new version of `devel-freezer` GitHub Action adds support for milestones, labels, and more. Now, when the `rc` tag is published, it won't post a development freeze comment on PRs included in the next milestone.

This commit also sets a delay of the 20s for PR validation to give some time for updating labels and milestones on submitted PRs.
2024-03-20 12:37:18 +01:00
Jan Macku
2547791075 ci(freezer): update metadata and development_freeze workflow
use custom action to gather PR metadata and download artifact rather then inline script
2024-03-20 10:44:31 +01:00
Jan Macku
b026b9edf5 ci(metadata): remove fetch-depth: 0 it's not needed anymore 2024-03-20 10:35:40 +01:00
Daan De Meyer
e48c170f51 mkosi: Do disk space cleanup asynchronously
This can actually take a rather long time (multiple minutes) so
make sure we do it asynchronously.
2024-03-16 05:31:25 +09:00
Evgeny Vereshchagin
2e0c2fb8fb cifuzz,cflite: set mmap_rnd_bits to 28
to get MSan jobs to work with the latest Ubuntu images.

https://github.com/google/sanitizers/issues/1614
https://github.com/actions/runner-images/issues/9491
2024-03-15 21:58:41 +09:00
Daan De Meyer
e399efea79 mkosi: Enable KVM
Since https://github.blog/2024-01-17-github-hosted-runners-double-the-power-for-open-source/,
it seems that KVM is supported on GA runners, so let's explicitly
enable it to make sure it is used.

We update mkosi to latest and set QemuFirmware=uefi to disable
secure boot which crashes qemu until https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2038777
is fixed.
2024-03-13 23:45:11 +01:00
dependabot[bot]
a17ae1f8d5 build(deps): bump github/codeql-action from 3.24.6 to 3.24.7
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.6 to 3.24.7.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](8a470fddaf...3ab4101902)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-13 23:16:19 +01:00
dependabot[bot]
e065f1c41b build(deps): bump actions/checkout from 4.1.1 to 4.1.2
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.1 to 4.1.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](b4ffde65f4...9bb56186c3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-13 20:15:20 +01:00
dependabot[bot]
660efa717c build(deps): bump meson from 1.3.2 to 1.4.0 in /.github/workflows
Bumps [meson](https://github.com/mesonbuild/meson) from 1.3.2 to 1.4.0.
- [Release notes](https://github.com/mesonbuild/meson/releases)
- [Commits](https://github.com/mesonbuild/meson/compare/1.3.2...1.4.0)

---
updated-dependencies:
- dependency-name: meson
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-13 19:26:52 +01:00
dependabot[bot]
9daa5b2a96 build(deps): bump softprops/action-gh-release from 1 to 2
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 1 to 2.
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](de2c0eb89a...9d7c94cfd0)

---
updated-dependencies:
- dependency-name: softprops/action-gh-release
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-13 19:26:03 +01:00
Daan De Meyer
37bd860c22 mkosi: Introduce packaging sources as submodules
By always cloning the latest branch commit, we can't bisect properly
using mkosi as when bisecting wildly different packaging sources will
be used compared to when the commit was merged. By using submodules, we
track individual commits which means when bisecting the same packaging
sources will be used.

We use git submodules as dependabot has support for automatically making
PRs to update git submodules. This commit also includes the necessary
dependabot configuration to enable this.

We make ubuntu/debian use the same submodule instead of adding the debian
packaging sources twice by introducing a new $PKG_SUBDIR environment variable
and using it instead of $DISTRIBUTION.
2024-03-13 12:07:49 +01:00
Frantisek Sumsal
b7c7498de8 ci: reduce ASLR entropy
The latest GH Action runners started using 32-bit entropy for ASLR,
which makes it incompatible with llvm-14. This was fixed in later llvm
releases, but these aren't available on Ubuntu Jammy (22.04). Let's
reduce the ASLR entropy to 28-bit, which should make llvm happy again,
until the issue is resolved.

See: https://github.com/actions/runner-images/issues/9491
2024-03-12 16:17:46 +00:00
Daan De Meyer
61fbdd441f
Merge pull request #31345 from DaanDeMeyer/mkosi-packages
Build distribution packages in mkosi
2024-03-07 11:12:14 +01:00
Daan De Meyer
4d0f1451b5 Build distribution packages in mkosi
Instead of running meson install and hoping for the best, let's build
distribution packages from the downstream packaging specs. This gets
us the following:

- Vastly simplified mkosi scripts since we don't need a separate initrd
  image anymore but can just reuse the default mkosi initrd.
- Almost everything can move to the base image as its not the basis
  anymore for the initrd and as such we don't need to care about the
  size anymore.
- The systemd packages that get pulled in as dependencies of other
  packages get properly uninstalled and replaced with our packages that
  we built instead of just installing on top of an existing systemd
  installation with no guarantee that everything from that previous
  installation was removed.
- Much better testing coverage as what we're testing is much closer
  to what will actually be deployed in distributions.
- Immediate feedback if something we change breaks distribution packaging
- We get integration with the distribution for free as we'll automatically
  use the proper directories and such instead of having to hack this
  into a mkosi build script.
- ...
2024-03-07 10:47:19 +01:00
Daan De Meyer
542bad6552 mkosi: Update to v21 2024-03-07 10:47:01 +01:00
Frantisek Sumsal
7161af9612 ci: explicitly change oom-{score}-adj before running tests
For some reason root in GH actions is able to _decrease_ its oom score
even after dropping all capabilities (including CAP_SYS_RESOURCE), until
the oom score is changed explicitly after sudo:

$ systemd-detect-virt
microsoft
$ sudo su -
~# capsh --drop=all -- -c 'capsh --print; grep -H . /proc/self/oom*; choom -p $$ -n -101'
Current: =
Bounding set =
Ambient set =
Current IAB: !cap_chown,!cap_dac_override,!cap_dac_read_search,...,!cap_sys_resource,...,!cap_checkpoint_restore
Securebits: 00/0x0/1'b0
 secure-noroot: no (unlocked)
 secure-no-suid-fixup: no (unlocked)
 secure-keep-caps: no (unlocked)
 secure-no-ambient-raise: no (unlocked)
uid=0(root) euid=0(root)
gid=0(root)
groups=0(root)
Guessed mode: UNCERTAIN (0)
/proc/self/oom_adj:8
/proc/self/oom_score:1000
/proc/self/oom_score_adj:500
pid 22180's OOM score adjust value changed from 500 to -101
~# choom -p $$ -n 500
pid 22027's OOM score adjust value changed from 500 to 500
~# capsh --drop=all -- -c 'capsh --print; grep -H . /proc/self/oom*; choom -p $$ -n -101'
Current: =
Bounding set =
Ambient set =
...
uid=0(root) euid=0(root)
gid=0(root)
groups=0(root)
Guessed mode: UNCERTAIN (0)
/proc/self/oom_adj:8
/proc/self/oom_score:1000
/proc/self/oom_score_adj:500
choom: failed to set score adjust value: Permission denied

I have no idea what's going on, but it breaks
exec-oomscoreadjust-negative.service from test-execute when running
unprivileged.
2024-03-06 16:10:47 +01:00
Frantisek Sumsal
c538fecc61 ci: make the build dir accessible when running w/o privileges
Otherwise the unprivileged part of test-execute gets silently skipped:

/* test_run_tests_unprivileged */
Successfully forked off '(test-execute-unprivileged)' as PID 20998.
...
pin_callout_binary: build dir binary: /home/runner/work/systemd/systemd/build/systemd-executor
pin_callout_binary: open(/home/runner/work/systemd/systemd/build/systemd-executor)=-13
Failed to pin executor binary: No such file or directory
(test-execute-unprivileged): manager_new, skipping tests: No such file or directory
(test-execute-unprivileged) succeeded.
2024-03-06 16:10:47 +01:00
Luca Boccassi
5e39dc2f30 CI: free up diskspace before mkosi jobs
The runner has a lot of useless things installed, taking ~10GB, and
jobs have started to fail when booting images due to lack of disk
space, so delete some directories to make room.

2024-02-27T20:20:58.0998709Z ##[warning]You are running out of disk space. The runner will stop working when the machine runs out of disk space. Free space left: 0 MB

Co-authored-by: Daan De Meyer <daan.j.demeyer@gmail.com>
2024-03-01 20:04:13 +00:00
dependabot[bot]
5346a81024 build(deps): bump meson from 1.3.1 to 1.3.2 in /.github/workflows
Bumps [meson](https://github.com/mesonbuild/meson) from 1.3.1 to 1.3.2.
- [Release notes](https://github.com/mesonbuild/meson/releases)
- [Commits](https://github.com/mesonbuild/meson/compare/1.3.1...1.3.2)

---
updated-dependencies:
- dependency-name: meson
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-01 12:08:07 +01:00
dependabot[bot]
99e59d24f3 build(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.0 to 4.3.1.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](26f96dfa69...5d5d22a312)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-01 11:57:31 +01:00
dependabot[bot]
ba959322a4 build(deps): bump github/codeql-action from 3.22.12 to 3.24.6
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.22.12 to 3.24.6.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](012739e508...8a470fddaf)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-01 11:06:02 +01:00
dependabot[bot]
04dd8258b4 build(deps): bump redhat-plumbers-in-action/differential-shellcheck
Bumps [redhat-plumbers-in-action/differential-shellcheck](https://github.com/redhat-plumbers-in-action/differential-shellcheck) from 5.0.2 to 5.1.0.
- [Release notes](https://github.com/redhat-plumbers-in-action/differential-shellcheck/releases)
- [Changelog](https://github.com/redhat-plumbers-in-action/differential-shellcheck/blob/main/docs/CHANGELOG.md)
- [Commits](91e2582e40...b9df2a9417)

---
updated-dependencies:
- dependency-name: redhat-plumbers-in-action/differential-shellcheck
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-01 10:57:00 +01:00
Zbigniew Jędrzejewski-Szmek
ab95ba1558
Merge pull request #31511 from jamacku/prepare-for-diff-shellcheck
Prepare for new version of Differential ShellCheck & scanning of shell completion scripts
2024-02-28 10:28:56 +01:00
Jan Macku
c1631d4e49 ci(labeler): add rule for shell-completion label 2024-02-27 15:26:45 +00:00
Jan Macku
464b03d23c ci(lint): temporarily disable ShellCheck for bash-completion
This commit should be reverted once bash completion is in better shape when it comes to ShellCheck.
2024-02-27 15:41:28 +01:00
Jan Macku
b2e0caf882 ci(lint): exclude zsh completion from ShellCheck
zsh is not supported by ShellCheck
2024-02-27 15:41:28 +01:00
Jan Macku
a62013b382 ci(freezer): use GitHub Markdown magic for messages
It should make messages easier to notice.

GitHub docs: https://docs.github.com/en/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax#alerts
2024-02-23 08:44:10 +00:00
Jan Macku
12af0efba5 ci(labeler): add policy for escape labeler 2024-02-19 16:09:15 +01:00
dependabot[bot]
0279c0abf3 build(deps): bump systemd/mkosi
Bumps [systemd/mkosi](https://github.com/systemd/mkosi) from dbce89aabda438ba58080366631b2c242e365f21 to 070528fec478fc93af7ec057a5d2fd0045123c99.
- [Release notes](https://github.com/systemd/mkosi/releases)
- [Changelog](https://github.com/systemd/mkosi/blob/main/NEWS.md)
- [Commits](dbce89aabd...070528fec4)

---
updated-dependencies:
- dependency-name: systemd/mkosi
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-02-09 16:28:12 +01:00