dependabot[bot]
f6f00383ff
build(deps): bump actions/upload-artifact from 4.0.0 to 4.3.0
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.0.0 to 4.3.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](c7d193f32e...26f96dfa69
)
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-02-01 12:18:13 +01:00
dependabot[bot]
12d1e448b2
build(deps): bump redhat-plumbers-in-action/advanced-issue-labeler
...
Bumps [redhat-plumbers-in-action/advanced-issue-labeler](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler ) from 2.0.6 to 3.0.0.
- [Release notes](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler/releases )
- [Commits](71bcf99aef...9e55064634
)
---
updated-dependencies:
- dependency-name: redhat-plumbers-in-action/advanced-issue-labeler
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-02-01 10:57:02 +01:00
Luca Boccassi
431f836bd4
CI: set TZ= in a unit test run to ensure tests don't break
2024-01-26 00:25:04 +00:00
Luca Boccassi
ddf934cf04
Merge pull request #30972 from mrc0mmand/ci-unit-tests-ukify
...
ci: install python3-pytest for ukify tests
2024-01-17 11:46:45 +00:00
Frantisek Sumsal
ee23a85561
ci: install python3-pytest for ukify tests
2024-01-16 21:36:05 +01:00
Mike Yuan
50d5f64632
labeler: add bsod, hibernate-resume, nspawn and vmspawn
2024-01-16 16:13:26 +00:00
Daan De Meyer
52842bb2c5
mkosi: Build a directory image by default
...
Both building and booting a directory image is much faster than
building or booting a disk image so let's default to a directory
image.
In CI, we stick to a disk image to make sure that keeps working as
well.
The only extra dependency this introduces is virtiofsd which is
packaged in all distributions except Debian stable. For users
hacking on systemd on Debian stable, a disk image can be built by
writing the following to mkosi.local.conf:
```
[Output]
Format=disk
```
2024-01-12 16:19:48 +01:00
Daan De Meyer
8c018edb0a
mkosi: Update to latest
...
The mkosi github action doesn't set up the host machine for building
full images anymore. Instead, only sufficient packages are installed
to be able to build tools trees so we configure a fedora tools tree
to build the actual images.
2024-01-09 14:58:34 +00:00
Frantisek Sumsal
96e4c62698
ci: build with -O2 and -Wmaybe-uninitialized
...
According to the comment in meson.build this should be a supported
configuration, so let's test it in the CI as well.
2024-01-04 21:27:10 +01:00
Mike Yuan
42e6ad1684
labeler: add matches for login and logind
2024-01-03 15:00:36 +00:00
Frantisek Sumsal
b3fb73a5f2
ci: allow testing changes made to labeler configuration
2024-01-02 12:52:03 +01:00
Frantisek Sumsal
17b056a340
ci: use a boolean value for the boolean field
...
The issue[0] behind this workaround has been resolved[1], so we can set it
to a proper boolean field.
[0] https://github.com/systemd/systemd/issues/18671
[1] https://github.com/actions/labeler/pull/480
2024-01-02 12:42:03 +01:00
Frantisek Sumsal
d151d6ce6f
ci: migrate labeler configuration to the new format
...
Turns out updating the labeler action is a bit annoying[0], so the
breaking change wasn't detected in the version bump PR.
[0] https://github.com/actions/labeler/#notes-regarding-pull_request_target-event
Follow-up to f88c9b0728
.
2024-01-02 12:42:03 +01:00
dependabot[bot]
01b50b4aaf
build(deps): bump github/codeql-action from 2.22.8 to 3.22.12
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.22.8 to 3.22.12.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](407ffafae6...012739e508
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-01-01 13:52:09 +00:00
dependabot[bot]
f88c9b0728
build(deps): bump actions/labeler from 4.3.0 to 5.0.0
...
Bumps [actions/labeler](https://github.com/actions/labeler ) from 4.3.0 to 5.0.0.
- [Release notes](https://github.com/actions/labeler/releases )
- [Commits](ac9175f8a1...8558fd7429
)
---
updated-dependencies:
- dependency-name: actions/labeler
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-01-01 13:22:27 +00:00
dependabot[bot]
94ce8e248e
build(deps): bump actions/upload-artifact from 3.1.2 to 4.0.0
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3.1.2 to 4.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](0b7f8abb15...c7d193f32e
)
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-01-01 13:19:03 +00:00
dependabot[bot]
13efb5cbd3
build(deps): bump meson from 1.3.0 to 1.3.1 in /.github/workflows
...
Bumps [meson](https://github.com/mesonbuild/meson ) from 1.3.0 to 1.3.1.
- [Release notes](https://github.com/mesonbuild/meson/releases )
- [Commits](https://github.com/mesonbuild/meson/compare/1.3.0...1.3.1 )
---
updated-dependencies:
- dependency-name: meson
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-01-01 13:17:28 +00:00
Yu Watanabe
ab84005cb2
github: bump version in template
2023-12-25 02:23:14 +09:00
dependabot[bot]
ba47598aef
build(deps): bump meson from 1.2.3 to 1.3.0 in /.github/workflows
...
Bumps [meson](https://github.com/mesonbuild/meson ) from 1.2.3 to 1.3.0.
- [Release notes](https://github.com/mesonbuild/meson/releases )
- [Commits](https://github.com/mesonbuild/meson/compare/1.2.3...1.3.0 )
---
updated-dependencies:
- dependency-name: meson
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-01 14:49:19 +00:00
dependabot[bot]
d50a357dce
build(deps): bump redhat-plumbers-in-action/differential-shellcheck
...
Bumps [redhat-plumbers-in-action/differential-shellcheck](https://github.com/redhat-plumbers-in-action/differential-shellcheck ) from 5.0.1 to 5.0.2.
- [Release notes](https://github.com/redhat-plumbers-in-action/differential-shellcheck/releases )
- [Changelog](https://github.com/redhat-plumbers-in-action/differential-shellcheck/blob/main/docs/CHANGELOG.md )
- [Commits](aa647ec446...91e2582e40
)
---
updated-dependencies:
- dependency-name: redhat-plumbers-in-action/differential-shellcheck
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-01 14:48:48 +00:00
dependabot[bot]
135c249147
build(deps): bump redhat-plumbers-in-action/devel-freezer
...
Bumps [redhat-plumbers-in-action/devel-freezer](https://github.com/redhat-plumbers-in-action/devel-freezer ) from 1.0.7 to 1.0.8.
- [Release notes](https://github.com/redhat-plumbers-in-action/devel-freezer/releases )
- [Commits](13b6551f19...67aec4a153
)
---
updated-dependencies:
- dependency-name: redhat-plumbers-in-action/devel-freezer
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-01 14:48:14 +00:00
dependabot[bot]
e8bad6615d
build(deps): bump actions/github-script from 6.4.1 to 7.0.1
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from 6.4.1 to 7.0.1.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](d7906e4ad0...60a0d83039
)
---
updated-dependencies:
- dependency-name: actions/github-script
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-01 14:47:23 +00:00
dependabot[bot]
50613206f2
build(deps): bump github/codeql-action from 2.21.9 to 2.22.8
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.21.9 to 2.22.8.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](ddccb87388...407ffafae6
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-01 14:46:46 +00:00
Luca Boccassi
edb37ee15c
Revert "mkosi ci: enable jammy-proposed"
...
libsolv has migrated to jammy-updates, so we can disable the
proposed-updates repository again.
This reverts commit 48bfc6791d
.
2023-11-29 17:30:54 +01:00
Daan De Meyer
bcb335ac68
Update to mkosi v19
...
- Use mkosi.images/ instead of mkosi.presets/
- Use the .chroot suffix to run scripts in the image
- Use BuildSources= match for the kernel build
- Move 10-systemd.conf to mkosi.conf and rely on mkosi.local.conf
for local configuration
2023-11-28 19:54:58 +01:00
Luca Boccassi
48bfc6791d
mkosi ci: enable jammy-proposed
...
This will bring in the fix for rawhide/tumbleweed builds (new libsolv
capable of handling zstd). If all goes well it will migrate to jammy
proper in a week and it can be reverted
2023-11-17 14:14:18 +00:00
Lennart Poettering
7e91c97aff
ci: work around mold/clang incompat
...
See discussion:
https://github.com/systemd/systemd/pull/30003#issuecomment-1808349258
2023-11-13 16:24:17 +01:00
Luca Boccassi
37f16ef072
ci: add -Dutmp=false coverage
2023-11-08 18:41:47 +00:00
Luca Boccassi
c13e6c720d
mkosi: explicitly disable KVM in GHA runs
...
mkosi detects whether /dev/kvm is available and uses it if it is. But
some GHA hosts have it, but it's broken and not supported, so we need
to explicitly disable it.
2023-11-02 12:16:11 +00:00
dependabot[bot]
6a4d0efa00
build(deps): bump meson from 1.2.2 to 1.2.3 in /.github/workflows
...
Bumps [meson](https://github.com/mesonbuild/meson ) from 1.2.2 to 1.2.3.
- [Release notes](https://github.com/mesonbuild/meson/releases )
- [Commits](https://github.com/mesonbuild/meson/compare/1.2.2...1.2.3 )
---
updated-dependencies:
- dependency-name: meson
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-11-01 19:28:19 +00:00
dependabot[bot]
ca4d726205
build(deps): bump ninja from 1.11.1 to 1.11.1.1 in /.github/workflows
...
Bumps [ninja](https://github.com/ninja-build/ninja ) from 1.11.1 to 1.11.1.1.
- [Release notes](https://github.com/ninja-build/ninja/releases )
- [Commits](https://github.com/ninja-build/ninja/commits )
---
updated-dependencies:
- dependency-name: ninja
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-11-01 17:30:30 +00:00
dependabot[bot]
094632a0ef
build(deps): bump actions/checkout from 4.1.0 to 4.1.1
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8ade135a41...b4ffde65f4
)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-11-01 12:32:55 +00:00
dependabot[bot]
ac60a3a41e
build(deps): bump redhat-plumbers-in-action/differential-shellcheck
...
Bumps [redhat-plumbers-in-action/differential-shellcheck](https://github.com/redhat-plumbers-in-action/differential-shellcheck ) from 4.2.2 to 5.0.1.
- [Release notes](https://github.com/redhat-plumbers-in-action/differential-shellcheck/releases )
- [Changelog](https://github.com/redhat-plumbers-in-action/differential-shellcheck/blob/main/docs/CHANGELOG.md )
- [Commits](ac4483d8c6...aa647ec446
)
---
updated-dependencies:
- dependency-name: redhat-plumbers-in-action/differential-shellcheck
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-11-01 12:30:41 +00:00
dependabot[bot]
f211277934
build(deps): bump ossf/scorecard-action from 2.2.0 to 2.3.1
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.2.0 to 2.3.1.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](08b4669551...0864cf1902
)
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-11-01 12:26:57 +00:00
Luca Boccassi
64ec2d073f
CI: add a build job with TPM but without OpenSSL
...
We keep introducing build failures with this combination due to the
high amount of changes, add a combination that covers it
2023-10-27 14:03:23 +01:00
Daan De Meyer
6e24a9dc7f
mkosi: Update to latest
...
We have to set the image runtime size explicitly now so that's it's
grown a bit when we boot in nspawn or qemu.
2023-10-05 16:57:10 +02:00
dependabot[bot]
273aca8b62
build(deps): bump systemd/mkosi
...
Bumps [systemd/mkosi](https://github.com/systemd/mkosi ) from adaa41512aa30c952daae5ba0abcf2622d66b93b to a8ecff0defa132d729dcdab38380dcae31138e7e.
- [Release notes](https://github.com/systemd/mkosi/releases )
- [Changelog](https://github.com/systemd/mkosi/blob/main/NEWS.md )
- [Commits](adaa41512a...a8ecff0def
)
---
updated-dependencies:
- dependency-name: systemd/mkosi
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-10-02 16:54:01 +00:00
dependabot[bot]
b503c76689
build(deps): bump meson from 1.2.1 to 1.2.2 in /.github/workflows
...
Bumps [meson](https://github.com/mesonbuild/meson ) from 1.2.1 to 1.2.2.
- [Release notes](https://github.com/mesonbuild/meson/releases )
- [Commits](https://github.com/mesonbuild/meson/compare/1.2.1...1.2.2 )
---
updated-dependencies:
- dependency-name: meson
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-10-01 18:16:06 +00:00
dependabot[bot]
8ee09da6e8
build(deps): bump actions/checkout from 3.6.0 to 4.1.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.6.0 to 4.1.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](f43a0e5ff2...8ade135a41
)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-10-01 18:15:04 +00:00
dependabot[bot]
a14438a85c
build(deps): bump github/codeql-action from 2.21.5 to 2.21.9
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.21.5 to 2.21.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](00e563ead9...ddccb87388
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-10-01 18:14:32 +00:00
Jan Janssen
79ae0d0b3e
ci: Update compiler build matrix
...
Given that gold is pretty much unmaintained and does not support
`-static-pie` for bootloader components it should be safe to drop.
Also switch to clang-17 while we're at it.
2023-09-29 16:56:30 +02:00
Daan De Meyer
755012d37d
mkosi: Bump Fedora CI to Fedora 39
2023-09-19 11:47:41 +02:00
Daan De Meyer
bcc911a7d7
mkosi: Conditionally use tools tree
...
If the systemd version on the host is too old and there's no local
build directory, use the default tools tree which will build an
image containing all the tooling required to build systemd and use
that to build the other presets.
2023-09-09 15:53:26 +02:00
Daan De Meyer
aa72f856a1
mkosi: Update to latest
2023-09-09 15:45:41 +02:00
Daan De Meyer
6ec74f916a
mkosi: Drop arch workaround
...
archlinux-keyring was updated in Michel's PPA so let's drop the
workaround.
2023-09-08 09:20:46 +01:00
Jan Janssen
690db0c80f
ci: Do not run build test as root
...
Although, this is CI, we can still do better. It also ensures that any
env var changes make it into the script, as things like PATH would not
survive a `sudo -E`.
2023-09-06 11:01:53 +02:00
Jan Janssen
ce2c01789c
ci: Don't produce debug output for build tests
...
These binaries are never used, so generating debug symbols just
slows down build time.
2023-09-06 11:01:53 +02:00
Jan Janssen
051ec23ce2
ci: Use apt-get in favor of apt
...
Apparently, apt does not have a stable CLI interface and warns about it.
2023-09-06 11:01:53 +02:00
Jan Janssen
592ee08f3b
ci: Use add-apt-repository to enable sources
...
This should also ensure that consistent mirrors are selected.
2023-09-06 11:01:53 +02:00
Jan Janssen
bc763971ef
ci: Remove custom build step names
...
Putting build matrix details into a build step name is rather useless as
the jobs themselves already contain the needed information.
2023-09-06 10:40:51 +02:00
Daan De Meyer
35356d7f3f
mkosi: Update to latest
...
Configuration now takes priority over CLI options so we have to
configure the defaults for settings that we want to allow overriding
from the CLI. We also explicitly set some other settings so that they
can't be overridden from the CLI anymore. For example the base and
initrd image should never be made bootable so we set Bootable=no
explicitly for both.
2023-09-05 15:28:23 +02:00
Daan De Meyer
16173ab1aa
mkosi: Re-enable arch but disable keyring checking
...
No need to disable arch completely, let's just disable keyring checking
to get CI working again for now.
2023-09-04 13:53:16 +02:00
Luca Boccassi
f7f842f888
mkosi: temporarily disable Arch
...
The mkosi Arch CI doesn't work as the keyring package is out
of date and cannot be built due to various build toolchain
issues. Disable the job as it always fails and confuses
submitters.
2023-09-03 14:40:24 +01:00
dependabot[bot]
475974eb5b
build(deps): bump actions/checkout from 3.5.3 to 3.6.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.5.3 to 3.6.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](c85c95e3d7...f43a0e5ff2
)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-09-02 19:13:09 +00:00
dependabot[bot]
c5de4ee02b
build(deps): bump meson from 1.2.0 to 1.2.1 in /.github/workflows
...
Bumps [meson](https://github.com/mesonbuild/meson ) from 1.2.0 to 1.2.1.
- [Release notes](https://github.com/mesonbuild/meson/releases )
- [Commits](https://github.com/mesonbuild/meson/compare/1.2.0...1.2.1 )
---
updated-dependencies:
- dependency-name: meson
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-09-02 19:12:43 +00:00
dependabot[bot]
3bb5656ff1
build(deps): bump github/codeql-action from 2.21.2 to 2.21.5
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.21.2 to 2.21.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](0ba4244466...00e563ead9
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-09-02 19:12:34 +00:00
Jan Janssen
7f9a0d6d74
meson: Drop skip-deps option
...
Now that we use meson feature options for our dependencies, we can just
rely on '--auto-features=disabled' to do the same. One benefit of this
is that specific features can still be force-enabled by overriding it
with the appropriate '-Dfeature=enabled' flag.
The two remaining uses for skip-deps can simply rely on their default
logic that sets the value to 'no' when the dependency is disabled.
2023-08-23 14:57:49 +02:00
Jan Janssen
1e73a64a7a
meson: Convert more options to meson features
...
The semantics for libidn2 and pwquality have changed slightly: We will
pick a preferred one if both are enabled instead of making it an error.
2023-08-23 14:45:02 +02:00
Jan Janssen
40e9c4e45d
meson: Convert options to meson features (require)
...
These options use requre() to conveniently express their dependency
requirements.
2023-08-23 14:45:02 +02:00
Jan Janssen
43abc59a27
meson: Use feature options
...
By using meson features we can replace the handcrafted dependency
auto-detection by just passing the value from get_option directly to the
required arg for dependency, find_library etc.
'auto' features make the dependency optional, 'enabled' requires it
while 'disabled' features will skip detection entirely.
Any skipped or not found dependency will just be a no-op when passed to
build steps and therefore we can also skip the creation of empty vars.
The use of skip_deps for these is dropped here as meson provides a way
to disable all optional features in one go by passing
'-Dauto_features=disabled'.
2023-08-23 14:45:02 +02:00
Daan De Meyer
c3e83f09ea
mkosi: Update to v15.1 release
2023-08-15 12:32:39 +02:00
Daan De Meyer
1f035c91bb
mkosi: Update to latest
...
This update introduces the explicit Dependencies= setting, instead
of relying on implicit dependencies via alphanumerical ordering.
We also take the opportunity to rename the "final" preset to the
"system" preset, which seems like a better name.
2023-08-09 18:56:51 +02:00
Jan Macku
97eb826821
ci(lint): exclude .in
files from ShellCheck lint
...
Exclude all `.in` files because they may contain unsupported syntax, and
they have to be preprocessed first. For example:
```sh
Error: SHELLCHECK_WARNING:
./src/rpm/systemd-update-helper.in:130:37: warning[SC1083]: This { is literal. Check expression (missing ;/\n?) or quote it.
```
Related to: https://github.com/systemd/systemd/pull/28521
2023-08-07 19:28:23 +02:00
Daan De Meyer
f2f8ed193c
mkosi: Update to latest
2023-08-04 16:48:58 +02:00
Daan De Meyer
0f4259bcf2
mkosi: Update to latest
...
We modify all our scripts to execute in the image instead of on the
hosts. In the future we can adapt them to run on the host.
2023-08-03 17:03:05 +02:00
dependabot[bot]
f3d812baf7
build(deps): bump systemd/mkosi
...
Bumps [systemd/mkosi](https://github.com/systemd/mkosi ) from 5866c0ff3b36d350c943016e5a3b115f7a95d37f to c6dd95b6eae0386579071cbf44fd838ce28b7237.
- [Release notes](https://github.com/systemd/mkosi/releases )
- [Changelog](https://github.com/systemd/mkosi/blob/main/NEWS.md )
- [Commits](5866c0ff3b...c6dd95b6ea
)
---
updated-dependencies:
- dependency-name: systemd/mkosi
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-08-01 20:27:17 +00:00
dependabot[bot]
1ce2075fde
build(deps): bump actions/labeler from 4.2.0 to 4.3.0
...
Bumps [actions/labeler](https://github.com/actions/labeler ) from 4.2.0 to 4.3.0.
- [Release notes](https://github.com/actions/labeler/releases )
- [Commits](0967ca812e...ac9175f8a1
)
---
updated-dependencies:
- dependency-name: actions/labeler
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-08-01 14:18:15 +00:00
dependabot[bot]
8fa2da7ad1
build(deps): bump meson from 1.1.1 to 1.2.0 in /.github/workflows
...
Bumps [meson](https://github.com/mesonbuild/meson ) from 1.1.1 to 1.2.0.
- [Release notes](https://github.com/mesonbuild/meson/releases )
- [Commits](https://github.com/mesonbuild/meson/compare/1.1.1...1.2.0 )
---
updated-dependencies:
- dependency-name: meson
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-08-01 14:16:16 +00:00
dependabot[bot]
d8c7d6d4fe
build(deps): bump github/codeql-action from 2.20.1 to 2.21.2
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.20.1 to 2.21.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f6e388ebf0...0ba4244466
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-08-01 10:14:58 +00:00
Zbigniew Jędrzejewski-Szmek
79ce5f940e
labeller: add build-system label
2023-07-29 14:11:14 +02:00
Frantisek Sumsal
c5afbac31b
ci: explicitly install python3-lldb-$COMPILER_VERSION
...
To avoid apt complaining:
+ apt-get -y install clang-15 lldb-15 lld-15 clangd-15
Reading package lists...
Building dependency tree...
Reading state information...
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:
The following packages have unmet dependencies:
python3-lldb-14 : Conflicts: python3-lldb-x.y
python3-lldb-15 : Conflicts: python3-lldb-x.y
E: Error, pkgProblemResolver::Resolve generated breaks, this may be caused by held packages.
2023-07-27 13:45:00 +01:00
Luca Boccassi
4cf5b343c9
mkosi: add drop-in to make emergency.service shut down the system
...
When the mkosi CI fails to boot, it just sits there waiting at the emergency
console until the job times out. Add a drop-in for emergency.service in the
CI configuration so that instead it exists immediately.
2023-07-26 14:07:13 +01:00
Frantisek Sumsal
c4b167f857
ci: drop super-linter's shellcheck
...
It's been a while since we introduced Differential ShellCheck and it
proved to be quite useful (and in some ways even better than the shellcheck
run by super-linter). So, to have only one linter scream at us for not
knowing how to write bash properly, let's drop the super-linter's one in
favor of Differential ShellCheck.
Follow-up for https://github.com/systemd/systemd/pull/24328#pullrequestreview-1074127504
2023-07-17 20:12:57 +01:00
Daan De Meyer
5b79e9d7a9
mkosi: Update to latest
...
mkosi now supports CentOS SIGs natively so we drop our own definition
of that and use the mkosi builtin one. We also enable hyperscale for
both CentOS 8 and CentOS 9 for consistency and add epel-next as well
which is a requirement for Hyperscale.
2023-07-14 14:47:45 +02:00
dependabot[bot]
1cdaba52a5
build(deps): bump github/codeql-action from 2.3.5 to 2.20.1
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.5 to 2.20.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](0225834cc5...f6e388ebf0
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-07-01 14:05:22 +00:00
dependabot[bot]
6cc0fd0044
build(deps): bump actions/labeler from 4.0.4 to 4.2.0
...
Bumps [actions/labeler](https://github.com/actions/labeler ) from 4.0.4 to 4.2.0.
- [Release notes](https://github.com/actions/labeler/releases )
- [Commits](0776a67936...0967ca812e
)
---
updated-dependencies:
- dependency-name: actions/labeler
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-07-01 10:37:11 +00:00
dependabot[bot]
a2c9096790
build(deps): bump actions/checkout from 3.5.2 to 3.5.3
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.5.2 to 3.5.3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8e5e7e5ab8...c85c95e3d7
)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-07-01 10:36:23 +00:00
dependabot[bot]
479f9f3004
build(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.1.3 to 2.2.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](80e868c13c...08b4669551
)
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-07-01 10:35:10 +00:00
Daan De Meyer
12ab9ae8c6
mkosi: Update to latest
...
mkosi now prebuilds the hwdb during image build which should hopefully
get rid of the CentOS 8 failures we're seeing in CI.
2023-06-26 14:14:40 +01:00
Daan De Meyer
94c357ca23
mkosi: Update to latest
...
We now run repart before starting systemd-nspawn to make sure that
the root partition is also generated when we boot the image in a
container instead of a VM.
To make sure we start from scratch for both the container boot and
the VM boot, we also enable Ephemeral to make sure all changes to
the image are ephemeral.
2023-06-19 10:30:39 +02:00
Evgeny Vereshchagin
83dda3d28b
ci: drop the "find" kludge
...
meson no longer complains about install_tag
2023-06-16 10:43:06 +09:00
Joyce Brum
2b3211c836
Squashed commit of the following:
...
commit ef2fc83647f69c172c11e0dea318bf6ecf79a4aa
Author: Joyce <joycebrum@google.com>
Date: Wed Jun 14 12:18:23 2023 -0300
Update scorecards.yml
Signed-off-by: Joyce <joycebrum@google.com>
commit c59c05c6ab156b20249e8056d8cbaafbe0c495f8
Merge: 7431a54568 f66d040d95
Author: Joyce <joycebrum@google.com>
Date: Wed Jun 14 10:22:28 2023 -0300
Merge branch 'main' into fix/disable-code-scanning-alerts
commit 7431a54568746a2fa4db1b23e1359984335df41e
Author: Joyce <joycebrum@google.com>
Date: Tue Jun 13 18:15:21 2023 -0300
Remove code scanning alerts scorecards.yml
Signed-off-by: Joyce <joycebrum@google.com>
Signed-off-by: Joyce Brum <joycebrum@google.com>
2023-06-14 20:22:50 +01:00
Joyce
3f2ff79763
Fix scorecard version comment format ( #28027 )
...
* Update scorecards.yml version comments
Signed-off-by: Joyce <joycebrum@google.com>
2023-06-13 22:36:32 +01:00
Daan De Meyer
6aca147f82
mkosi: Remove explicit /testok check
...
vsock should work properly after the latest release of mkosi. But
to make sure it works, let's exit with 123 in case of success and
check for that in Github Actions.
2023-06-13 16:04:10 +02:00
Daan De Meyer
abeecde242
mkosi: Update to latest
...
We update our configuration to replace the removed
RepositoryDirectories= option with the new PackageManagerTrees=
option.
2023-06-13 16:04:08 +02:00
Daan De Meyer
9f89c2d420
mkosi: Update to latest
...
mkosi's match syntax was changed so we update our config files to
use the new match syntax which mimicks the systemd condition syntax.
2023-06-07 15:59:03 +02:00
jonathanmetzman
56595a3730
ci: Report results from CIFuzz using SARIF
...
Upload results from CIFuzz using SARIF.
This will allow CIFuzz to report issues in the security tab.
This is a better UI than having to look through logs.
TODO(google/oss-fuzz#10452 ): Add proper descriptions of UBSAN bugs.
2023-06-05 07:37:34 +02:00
Daan De Meyer
8f9a307fec
Merge pull request #27849 from DaanDeMeyer/sign-pcr
...
mkosi: Sign expected PCRs
2023-06-02 16:16:41 +02:00
Daan De Meyer
a47c48cbb2
mkosi: Only lower device timeout instead of all timeouts
...
We only really care about lowering the device timeout so we get to
a shell faster when the root device doesn't appear so let's only
lower that timeout instead of lowering all default timeouts.
2023-06-02 15:43:28 +02:00
Daan De Meyer
2af9d5dc0e
mkosi: Update to latest
2023-06-02 13:32:53 +02:00
dependabot[bot]
7cd4f577e8
build(deps): bump github/codeql-action from 2.2.9 to 2.3.5
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.9 to 2.3.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](04df1262e6...0225834cc5
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-06-01 21:57:36 +08:00
dependabot[bot]
da92fd4612
build(deps): bump meson from 1.1.0 to 1.1.1 in /.github/workflows
...
Bumps [meson](https://github.com/mesonbuild/meson ) from 1.1.0 to 1.1.1.
- [Release notes](https://github.com/mesonbuild/meson/releases )
- [Commits](https://github.com/mesonbuild/meson/compare/1.1.0...1.1.1 )
---
updated-dependencies:
- dependency-name: meson
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-06-01 21:15:21 +09:00
dependabot[bot]
9a1ac3a019
build(deps): bump redhat-plumbers-in-action/advanced-issue-labeler
...
Bumps [redhat-plumbers-in-action/advanced-issue-labeler](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler ) from 2.0.4 to 2.0.6.
- [Release notes](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler/releases )
- [Commits](25a1e41826...71bcf99aef
)
---
updated-dependencies:
- dependency-name: redhat-plumbers-in-action/advanced-issue-labeler
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-06-01 12:22:14 +02:00
dependabot[bot]
c9401e6c6d
build(deps): bump actions/labeler from 4.0.3 to 4.0.4
...
Bumps [actions/labeler](https://github.com/actions/labeler ) from 4.0.3 to 4.0.4.
- [Release notes](https://github.com/actions/labeler/releases )
- [Commits](ba790c862c...0776a67936
)
---
updated-dependencies:
- dependency-name: actions/labeler
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-06-01 12:21:34 +02:00
dependabot[bot]
6138a85d10
build(deps): bump redhat-plumbers-in-action/differential-shellcheck
...
Bumps [redhat-plumbers-in-action/differential-shellcheck](https://github.com/redhat-plumbers-in-action/differential-shellcheck ) from 4.0.2 to 4.2.2.
- [Release notes](https://github.com/redhat-plumbers-in-action/differential-shellcheck/releases )
- [Changelog](https://github.com/redhat-plumbers-in-action/differential-shellcheck/blob/main/docs/CHANGELOG.md )
- [Commits](d24099b9f3...ac4483d8c6
)
---
updated-dependencies:
- dependency-name: redhat-plumbers-in-action/differential-shellcheck
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-06-01 12:20:55 +02:00
Daan De Meyer
edabe6fc11
Merge pull request #27806 from DaanDeMeyer/fix-mkosi-check
...
mkosi: Use proper check to detect whether we're in a VM
2023-05-31 15:26:05 +02:00
Daan De Meyer
df4835c897
mkosi: Check for failures by mounting again
...
We rely on vsock to communicate the exit status back to us from the
VM but vsock in Github Actions is broken so let's switch back to
mounting for now.
2023-05-31 14:22:58 +02:00
Daan De Meyer
86605eed9a
mkosi: Enforce usage of vsock with qemu in CI
2023-05-31 14:19:25 +02:00
Daan De Meyer
401027075a
mkosi: Update to latest
2023-05-31 14:19:25 +02:00
Frantisek Sumsal
4189d009ae
ci: add gcc-13, drop gcc-12
2023-05-30 16:23:40 +02:00
Daan De Meyer
a27f253276
mkosi: Bump default timeout to 180s
...
Hopefully fixes #27778 where waiting for the root device to appear
times out before systemd-repart has a chance to run and create it.
2023-05-25 12:09:13 +02:00
Daan De Meyer
47e5e12866
mkosi: Package a erofs usr partition with signed verity
...
Let's start moving towards a more involved partitioning setup to
test our stuff more when using mkosi.
The root partition is generated on boot with systemd-repart.
CentOS supports neither erofs nor btrfs so we use squashfs and xfs
instead.
We also enable SecureBoot= locally for additional coverage. This
and the use of verity means users need to run `mkosi genkey` once
to generate the keys necessary to do secure boot and verity.
2023-05-13 10:49:17 +02:00
Daan De Meyer
059c961135
mkosi: Update to latest
2023-05-12 11:38:02 +02:00
Daan De Meyer
93a948865c
mkosi: Run in debug mode
...
Let's make sure we log more of what mkosi's doing so we can debug
issues better. Note this also makes mkosi set SYSTEMD_LOG_LEVEL=debug
when running programs so we'll get all the systemd debug logging as
well.
2023-05-11 12:18:50 +02:00
Daan De Meyer
4bfcb6ba27
mkosi: Don't run slow tests by default
...
Instead, allow enabling it via an environment variable and do so
in CI.
2023-05-11 12:16:47 +02:00
dependabot[bot]
43a221473c
build(deps): bump actions/checkout from 3.3.0 to 3.5.2
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.3.0 to 3.5.2.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](ac59398561...8e5e7e5ab8
)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-05-11 09:34:08 +02:00
dependabot[bot]
93b2175a87
build(deps): bump meson from 1.0.1 to 1.1.0 in /.github/workflows
...
Bumps [meson](https://github.com/mesonbuild/meson ) from 1.0.1 to 1.1.0.
- [Release notes](https://github.com/mesonbuild/meson/releases )
- [Commits](https://github.com/mesonbuild/meson/compare/1.0.1...1.1.0 )
---
updated-dependencies:
- dependency-name: meson
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-05-11 09:33:21 +02:00
dependabot[bot]
c07aa178b3
build(deps): bump actions/upload-artifact from 3.1.1 to 3.1.2
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3.1.1 to 3.1.2.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](https://github.com/actions/upload-artifact/compare/v3.1.1...0b7f8abb1508181956e8e162db84b466c27e18ce )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-05-11 09:31:55 +02:00
dependabot[bot]
6a3ba07bfb
build(deps): bump github/super-linter from 4.10.1 to 5.0.0
...
Bumps [github/super-linter](https://github.com/github/super-linter ) from 4.10.1 to 5.0.0.
- [Release notes](https://github.com/github/super-linter/releases )
- [Changelog](https://github.com/github/super-linter/blob/main/docs/release-process.md )
- [Commits](454ba4482c...45fc0d8828
)
---
updated-dependencies:
- dependency-name: github/super-linter
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-05-11 09:31:22 +02:00
dependabot[bot]
882235d581
build(deps): bump actions/github-script from 6.4.0 to 6.4.1
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from 6.4.0 to 6.4.1.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](98814c53be...d7906e4ad0
)
---
updated-dependencies:
- dependency-name: actions/github-script
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-05-11 09:30:48 +02:00
Zbigniew Jędrzejewski-Szmek
98e2089f1b
mkosi,ci: do not install perl
2023-05-09 08:11:10 +02:00
Daan De Meyer
d052cc8893
mkosi: Switch to use mkosi presets with prebuilt initrds
...
Instead of building the initrds for the mkosi images with dracut,
let's switch to using mkosi presets to build the initrd with mkosi
as well.
This commit splits up our single image build into three separate
mkosi presets:
1. The "base" preset. This image contains systemd and all its runtime
dependencies. The sole purpose of this image is to serve as a base image
for the initrd and the final image. It's also responsible for building
systemd from source with the build script. The results are installed into
the base image. Note that we install the systemd and udev packages into this
image as well to prevent package managers from overriding the systemd we built
from source with the distro packaged systemd if it's pulled in as a dependency
by another package from the initrd or final profiles.
2. The "initrd" preset. This image provides the initrd. It's trivial and does
nothing more than packaging the base image up as a zstd compressed initramfs and
adds /init and /etc/initrd-release symlinks to the image.
3. The "final" preset. This image builds on top of the base image and adds
a kernel and extra packages that are useful for testing and debugging.
We also split out the optional kernel build into a separate set of config files
that are only included if a kernel to build is actually provided.
Note that this commit doesn't really change anything about how mkosi is used.
The commands remain the same, except that mkosi will now build all the presets
in order. "mkosi summary" will show the summary of all the presets. "mkosi qemu,
boot, shell" will always boot the final preset. With "-f", all presets will be
built and the final one is booted. "-i" makes a cache of each preset.
The only thing to keep in mind is that specifying config via the mkosi CLI will
apply to each of the presets. e.g. any extra packages added with "-p" will be
installed in both the initrd and the final image. To apply local configuration
to a single preset, create a file 00-local.conf in
mkosi.presets/<profile>/mkosi.conf.d and put all the preset specific configuration
in there.
2023-05-01 15:39:50 +02:00
Daan De Meyer
d280bb7e43
mkosi: Update fedora to release 38
2023-04-25 11:25:36 +02:00
Daan De Meyer
13d9669980
mkosi: Update to latest
...
This pulls in a fix for Debian rpmdb locations, which results in a
substantial speedup for centos/fedora builds.
2023-04-24 20:08:51 +02:00
Daan De Meyer
f997f91d7d
mkosi: Update to latest
...
Let's use the new support for matching against any distribution in
a list of distributions to start sharing most things between the
ubuntu/debian configs and centos/fedora configs.
2023-04-24 10:56:55 +02:00
Daan De Meyer
6b7e774b5d
mkosi: Update to latest
2023-04-19 10:13:06 +02:00
Daan De Meyer
5739271000
mkosi: Update to latest
...
mkosi now installs a "ignore *" default preset on Debian. We also
switch Debian to dbus-broker now that preset doesn't disable it
anymore.
2023-04-15 19:04:25 +08:00
Daan De Meyer
fde55f3a32
mkosi: Update to latest
...
The Bootable= option was removed and mkosi installs less packages
by default now, so let's adapt our configs to those changes.
2023-04-13 13:49:30 +01:00
Jan Macku
19cdda7c3a
ci: drop checkout from release workflow
...
It's not required as per comment - https://github.com/systemd/systemd/pull/27110#issuecomment-1499653913
2023-04-11 16:59:18 +02:00
Jan Macku
9718afd194
ci: don't run release wf on systemd-security
2023-04-11 16:59:18 +02:00
Дамјан Георгиевски
7b411cf842
ci: add permissions to make a release
...
follow-up to https://github.com/systemd/systemd/pull/27071
in order to create Github Releases, the job needs permissions to write
contents
also:
- pinned the `softprops/action-gh-release` action to a specific commit
- made it only active on the `systemd` organization repos (so not on
forks)
2023-04-10 17:23:32 +08:00
Daan De Meyer
3267fc3885
mkosi: Update to latest
...
This contains the recently merged fixes to config parsing ordering
and overrides.
2023-04-07 21:56:22 +09:00
Daan De Meyer
af6c5c7025
mkosi: Update to latest
...
This also migrates the configuration to the new format that was
just merged in mkosi. Specifically, we make use of the new [Match]
sections to only include specific config snippets per distro.
2023-04-07 08:13:42 +09:00
Luca Boccassi
b7b48b389c
ci: do one build with no tpm/p11kit/fido2
...
We have some missing coverage in the CI, all builds enable these features,
but there are often changes and they cover a lot of code. Do one build
without them to ensure we don't break builds.
2023-04-04 22:38:08 +01:00
dependabot[bot]
ca0a1a3107
build(deps): bump github/codeql-action from 2.2.5 to 2.2.9
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.5 to 2.2.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](32dc499307...04df1262e6
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-04-01 19:11:42 +02:00
dependabot[bot]
6e57813113
build(deps): bump ossf/scorecard-action from 2.1.2 to 2.1.3
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.1.2 to 2.1.3.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](e38b1902ae...80e868c13c
)
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-04-01 18:08:20 +02:00
dependabot[bot]
ca8444d471
build(deps): bump actions/labeler from 4.0.2 to 4.0.3
...
Bumps [actions/labeler](https://github.com/actions/labeler ) from 4.0.2 to 4.0.3.
- [Release notes](https://github.com/actions/labeler/releases )
- [Commits](5c7539237e...ba790c862c
)
---
updated-dependencies:
- dependency-name: actions/labeler
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-04-01 18:07:58 +02:00
dependabot[bot]
4a0c9b60b2
build(deps): bump github/super-linter from 4.9.7 to 4.10.1
...
Bumps [github/super-linter](https://github.com/github/super-linter ) from 4.9.7 to 4.10.1.
- [Release notes](https://github.com/github/super-linter/releases )
- [Changelog](https://github.com/github/super-linter/blob/main/docs/release-process.md )
- [Commits](bb2d833b08...454ba4482c
)
---
updated-dependencies:
- dependency-name: github/super-linter
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-04-01 18:07:43 +02:00
Дамјан Георгиевски
86c20937c2
add a github workflow action to make a release from tags
...
make a github release for every tag that starts with `v*`,
and a pre-release if the tag contains "-rc".
on the 'systemd/systemd' repo, the "Release" will be draft, so that the
release manager can fill up the notes manually.
on 'systemd/systemd-stable' the release will be created immediately.
info about the action used:
https://github.com/softprops/action-gh-release
2023-04-01 00:44:50 +01:00
Daan De Meyer
94c9855a18
mkosi: Update to latest
...
- Drop Netdev= as it was removed in mkosi
- Always install python-psutil in the final image (required for networkd tests)
- Always Install python-pytest in the final image (required for ukify tests)
- Use the narrow glob for all centos python packages
- Drop the networkd mkosi config files (the default image can be used instead)
- Use ".conf" as the mkosi config file suffix everywhere
- Copy src/ to /root/src in the final image and set gdb substitute path in
.gdbinit to make gdb work properly
2023-03-29 13:27:19 +02:00
Daan De Meyer
0beb2a95a4
mkosi: Update to latest
...
- ACLs are not set on generated directories anymore by default, so
we enable them explictly now so that when running unprivileged mkosi,
the user running mkosi can remove all generated files and directories.
- We don't explicitly set QemuHeadless= anymore as the option was removed
and made the default.
- We set the loglevel= kernel cmdline argument explicitly now as mkosi
doesn't set it by default anymore.
2023-03-29 11:13:33 +01:00
David Tardon
8d0747abb7
labeler: add journal label also for sd-journal stuff
2023-03-22 13:18:55 +01:00
Jan Macku
a33d7c4cc9
ci: limit permissions for differential-shellcheck
2023-03-22 06:56:34 +01:00
Jan Macku
50ba79710e
ci: trigger differential-shellcheck workflow on push
...
Also update `differential-shellcheck` to latest version - https://github.com/redhat-plumbers-in-action/differential-shellcheck/releases
Fixes: https://github.com/redhat-plumbers-in-action/differential-shellcheck/issues/215
2023-03-22 06:56:34 +01:00
Daan De Meyer
26f51ae430
mkosi: Default to debug log level for udev as well
...
Unlike CI, the debug output just goes to the journal, so there's no
harm in enabling it, even if it's noisy.
2023-03-21 11:01:34 +01:00
Frantisek Sumsal
7af15421e3
ci: drop clang-13, add clang-16
2023-03-20 13:58:58 +09:00
Daan De Meyer
58caedadbb
mkosi: Enable some debugging options by default
2023-03-17 12:13:26 +09:00
Daan De Meyer
9f94d2741f
mkosi: Use default timeout of 10s
...
Let's override the default timeout to something more reasonable for
mkosi builds.
2023-03-16 18:19:37 +01:00
Yu Watanabe
b2b5a95227
github: update default and example in template
2023-03-15 20:31:34 +01:00
Cornelius Hoffmann
2ff7856e1e
Update github issue template to include systemd-dissect
2023-03-15 16:52:32 +01:00
Daan De Meyer
9c34405241
mkosi: Update to latest
2023-03-11 13:55:41 +01:00
Jan Janssen
e8509329d7
ci: Adjust for new EFI build
2023-03-10 11:41:08 +01:00
Jan Janssen
dfca5587cf
tree-wide: Drop gnu-efi
...
This drops all mentions of gnu-efi and its manual build machinery. A
future commit will bring bootloader builds back. A new bootloader meson
option is now used to control whether to build sd-boot and its userspace
tooling.
2023-03-10 11:41:03 +01:00
Luca Boccassi
e079120505
Merge pull request #26706 from jengelh/master
...
doc: various orthographic fixes
2023-03-07 21:34:03 +00:00
Daan De Meyer
925bb83ea5
mkosi: Drop debug logging
...
The spurious "connection timed out" errors from nspawn should be
fixed now that we're running the latest version.
2023-03-07 15:25:19 +01:00
Daan De Meyer
8d29e401ce
mkosi: Drop kernel command line masking in CI
...
These services should be disabled by default and not need explicit
masking anymore.
2023-03-07 15:25:19 +01:00
Daan De Meyer
523d71076d
mkosi: Update to latest
...
So that we don't enable services by default anymore on Debian.
2023-03-07 15:25:02 +01:00
Jan Engelhardt
18fe76eba5
doc: correct wrong use "'s" contractions
2023-03-07 13:39:31 +01:00
Daan De Meyer
9cc018fa93
mkosi: Update to latest
...
Latest version builds nspawn from source which hopefully gets rid of
the spurious "Connection timed out" errors we've been seeing in CI.
2023-03-06 19:30:40 +01:00
dependabot[bot]
1016c8ad94
build(deps): bump systemd/mkosi
...
Bumps [systemd/mkosi](https://github.com/systemd/mkosi ) from 1d131062066fe7b5a83b87319b4464b186adbb1c to d13ff85610c6fb01a2fff0a8187729ebe4a05595.
- [Release notes](https://github.com/systemd/mkosi/releases )
- [Changelog](https://github.com/systemd/mkosi/blob/main/NEWS.md )
- [Commits](1d13106206...d13ff85610
)
---
updated-dependencies:
- dependency-name: systemd/mkosi
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-03-01 14:58:47 +00:00
dependabot[bot]
ef1e3104a6
build(deps): bump github/codeql-action from 2.1.29 to 2.2.5
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.29 to 2.2.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](ec3cf9c605...32dc499307
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-03-01 14:58:18 +00:00
dependabot[bot]
17d4646ed8
build(deps): bump actions/labeler from 4.0.1 to 4.0.2
...
Bumps [actions/labeler](https://github.com/actions/labeler ) from 4.0.1 to 4.0.2.
- [Release notes](https://github.com/actions/labeler/releases )
- [Commits](e54e5b338f...5c7539237e
)
---
updated-dependencies:
- dependency-name: actions/labeler
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-03-01 13:14:53 +00:00
dependabot[bot]
31a14e4d3e
build(deps): bump meson from 1.0.0 to 1.0.1 in /.github/workflows
...
Bumps [meson](https://github.com/mesonbuild/meson ) from 1.0.0 to 1.0.1.
- [Release notes](https://github.com/mesonbuild/meson/releases )
- [Commits](https://github.com/mesonbuild/meson/compare/1.0.0...1.0.1 )
---
updated-dependencies:
- dependency-name: meson
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-03-01 13:14:26 +00:00
dependabot[bot]
7afcf8b193
build(deps): bump actions/checkout from 3.2.0 to 3.3.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](755da8c3cf...ac59398561
)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-03-01 13:13:04 +00:00
Daan De Meyer
6c53840958
Merge pull request #26518 from DaanDeMeyer/mkosi-stuff
...
mkosi: Drop build script workarounds
2023-02-21 18:23:06 +01:00
Daan De Meyer
03d319a45f
mkosi: Add more debugging
2023-02-21 13:51:59 +00:00
Daan De Meyer
8d8337da5e
mkosi: Update to latest
2023-02-21 13:01:22 +01:00
Daan De Meyer
7f3e4c9489
mkosi: Enable debug logging in CI
...
"Failed to dissect image: connection timed out" messages have been
appearing sporadically in mkosi CI. Let's enable debug logging to
help figure out why.
2023-02-15 20:02:54 +00:00
Jan Macku
96893d0937
ci(labeler): fix missing emoji in dont-merge
label
2023-02-11 20:23:46 +09:00
Jan Macku
f8b7d483f5
ci(labeler): fix missing emoji in quick-review
label
2023-02-11 20:23:46 +09:00
Daan De Meyer
c9853672a0
mkosi: Update to latest
...
Let's make sure we're testing unprivileged builds properly. Usage
of SourceFileTransfer= and SourceFileTransferFinal= are removed as
they were dropped by mkosi. SourceFileTransfer=mount is now the
default in mkosi so behavior for the build script is unchanged. We
stop copying sources in the final image until mkosi adds support
for virtiofs.
2023-02-10 18:16:54 +09:00
Jan Macku
9779079b53
ci: Add names to steps in labeler workflow
...
This makes it easier to see what step failed/was skipped in the GitHub
Actions UI. It also makes future debugging easier.
2023-02-08 22:37:10 +09:00
Jan Macku
de95bb2a98
ci: remove if: github.event.issue.pull_request
from labeler.yml
...
`github.event.issue.pull_request` is an object, not a boolean.
This is the root cause of why the step that is supposed to remove labels
is always skipped. Having this condition in place is not necessary since
the workflow is run on the `pull_request_target` event.
2023-02-07 16:00:49 +01:00
Jan Macku
d709b92ef1
ci: fix missing quotes in labeler.yml
2023-02-07 15:39:37 +01:00
Zbigniew Jędrzejewski-Szmek
7a17e41dcf
test: drop whitespace after shell redirection operators
...
(The one case that is left unchanged is '< <(subcommand)'.)
This way, the style with no gap was already dominant. This way, the reader
immediately knows that ' < ' is a comparison operator and ' << ' is a shift.
In a few cases, replace custom EOF replacement by just EOF. There is no point
in using someting like "_EOL" unless "EOF" appears in the text.
2023-02-06 09:19:04 +01:00
Jan Macku
4dab1eb952
ci: Fix Development Freeze Automation
...
Due to the limitation of `GITHUB_TOKEN` when running workflows from forks,
it's required to split the `development_freeze` workflow in two.
* First workflow will run on the `pull_request` trigger and save the PR
number in the artifact. This workflow is running with read-only permissions
on `GITHUB_TOKEN`.
* Second workflow will get triggered on `workflow_run`. It will be run
directly in the `systemd/systemd` context and can get permission to be
able to create comments on PR.
GITHUB_TOKEN limitations:
* https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
GitHub Security Labs Article - How to correctly and safely overcome GITHUB_TOKEN limitations:
* https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
2023-02-03 14:03:39 +00:00
Jan Janssen
2de6cc18f9
ci: Test with secure boot enabled under mkosi
...
This gives us some nice test coverage for secure boot enrolling and the
stub secure boot workound. The authenticated EFI variables are already
created by mkosi, all we need to do is request secure boot to be used.
2023-02-01 17:16:03 +01:00
dependabot[bot]
15796f28ea
build(deps): bump systemd/mkosi
...
Bumps [systemd/mkosi](https://github.com/systemd/mkosi ) from f36983f552a197faf9e36361cc68a297e68bee73 to 500f93a36cc3d5bf1d06848a0a8870bf1424625f.
- [Release notes](https://github.com/systemd/mkosi/releases )
- [Changelog](https://github.com/systemd/mkosi/blob/main/NEWS.md )
- [Commits](f36983f552...500f93a36c
)
---
updated-dependencies:
- dependency-name: systemd/mkosi
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-02-01 09:48:30 +00:00
dependabot[bot]
b8565f93e9
build(deps): bump actions/github-script from 6.3.3 to 6.4.0
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from 6.3.3 to 6.4.0.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](d556feaca3...98814c53be
)
---
updated-dependencies:
- dependency-name: actions/github-script
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-02-01 09:15:44 +00:00
dependabot[bot]
b0126d1e8e
build(deps): bump redhat-plumbers-in-action/advanced-issue-labeler
...
Bumps [redhat-plumbers-in-action/advanced-issue-labeler](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler ) from 2.0.1 to 2.0.4.
- [Release notes](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler/releases )
- [Commits](88209aef58...25a1e41826
)
---
updated-dependencies:
- dependency-name: redhat-plumbers-in-action/advanced-issue-labeler
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-02-01 09:14:38 +00:00
Daan De Meyer
3d4fa9aaa0
mkosi: Disable auditd when running with nspawn in CI
...
auditd fails to start in CentOS Stream 9 causing CI failures so let's
disable it when running with nspawn in CI.
2023-01-29 17:34:21 +01:00
Daan De Meyer
868c318ba3
mkosi: Add back CentOS Stream 8 to CI
...
It's still useful to test the EFI handover logic in systemd-boot.
We use a mkosi.prepare script to install a newer python and update
the system to use it.
2023-01-29 17:05:23 +01:00
Daan De Meyer
c8943ce884
mkosi: Update and enable ukify in mkosi builds
...
We also add the necessary deps for ukify to the mkosi configs.
CentOS Stream 8 is dropped from CI because its python version is too
old (3.6) to be able to run ukify.
2023-01-27 15:05:04 +01:00
Zbigniew Jędrzejewski-Szmek
c26662b241
github/labeller: fix yaml syntax
2023-01-26 10:42:05 +01:00
Zbigniew Jędrzejewski-Szmek
58634a2989
github/labeller: add more match patterns
2023-01-26 10:04:58 +01:00
Daan De Meyer
9d2e4ceee5
ci: Update mkosi action to latest commit
...
Let's make sure we're testing with the latest changes in mkosi. This
includes both the switch to systemd-repart and ukify, making sure we
get extra testing coverage for those components.
This also drops options from the centos config that have been removed
in the newer mkosi.
For some reason idmapping runs into some issues so we disable it for
now.
2023-01-15 20:44:53 +01:00
Daan De Meyer
da2a4f6a2e
ci: Fix PR labeling
...
Make sure we only add labels to open pull request and remove labels
from closed pull requests.
2023-01-12 11:42:16 +01:00
Zbigniew Jędrzejewski-Szmek
8112c91e48
github: use 'meson setup'
...
Meson started warning when 'setup' is not used:
WARNING: Running the setup command as `meson [options]` instead of `meson setup [options]` is ambiguous and deprecated.
Also add more quoting in output to make the message clearer.
2023-01-11 16:46:24 +01:00
Daan De Meyer
81315baa68
ci: Remove a bunch of labels when a PR is merged
2023-01-10 14:52:53 +01:00
Jan Janssen
3f92dc2fd4
boot: Simplify object erasure
...
This erase_obj() machinery looks like voodoo and creates an awful lot of
noise as soon as we get back to building with -O0. We can do this in a
more simple way by introducing a struct that holds the information we
need on cleanup. When building with optimization enabled, all this gets
inlined and the eraser vanishes.
2023-01-09 18:58:54 +01:00
dependabot[bot]
9826037476
build(deps): bump stefanbuck/github-issue-parser from 2.0.4 to 3.0.1
...
Bumps [stefanbuck/github-issue-parser](https://github.com/stefanbuck/github-issue-parser ) from 2.0.4 to 3.0.1.
- [Release notes](https://github.com/stefanbuck/github-issue-parser/releases )
- [Commits](f80b14f788...c1a559d78b
)
---
updated-dependencies:
- dependency-name: stefanbuck/github-issue-parser
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-01-06 19:18:30 +00:00
dependabot[bot]
4371496fa9
build(deps): bump ossf/scorecard-action from 2.0.6 to 2.1.2
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.0.6 to 2.1.2.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](99c53751e0...e38b1902ae
)
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-01-06 18:49:21 +00:00
dependabot[bot]
df242320e5
build(deps): bump github/super-linter from 4.9.6 to 4.9.7
...
Bumps [github/super-linter](https://github.com/github/super-linter ) from 4.9.6 to 4.9.7.
- [Release notes](https://github.com/github/super-linter/releases )
- [Changelog](https://github.com/github/super-linter/blob/main/docs/release-process.md )
- [Commits](01d3218744...bb2d833b08
)
---
updated-dependencies:
- dependency-name: github/super-linter
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-01-06 18:48:30 +00:00
dependabot[bot]
5afe9a300a
build(deps): bump actions/checkout from 3.0.2 to 3.2.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.0.2 to 3.2.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v3.0.2...755da8c3cf115ac066823e79a1e1788f8940201b )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-01-06 18:47:52 +00:00
dependabot[bot]
c129b184c9
build(deps): bump meson from 0.64.1 to 1.0.0 in /.github/workflows
...
Bumps [meson](https://github.com/mesonbuild/meson ) from 0.64.1 to 1.0.0.
- [Release notes](https://github.com/mesonbuild/meson/releases )
- [Commits](https://github.com/mesonbuild/meson/compare/0.64.1...1.0.0 )
---
updated-dependencies:
- dependency-name: meson
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-01-06 18:47:20 +00:00
Zbigniew Jędrzejewski-Szmek
616b8101b7
github: update version in bug templates
2022-12-20 15:12:41 +01:00
Frantisek Sumsal
a32831ae1d
mkosi: work around a file conflict between systemd and systemd-boot
2022-12-15 16:04:28 +01:00
Daan De Meyer
52c602d4c6
ci: Labeler improvements
...
- Mention "/please-review" in the contributing guide
- Remove "needs-rebase" on push
- Don't add "please-review" if a green label is set
- Don't add please-review label to draft PRs
- Add please-review when a PR moves out of draft
2022-12-09 15:37:43 +01:00
Daan De Meyer
8fc78e6845
ci: Add/Drop labels on pull request activity and comment
...
When a pull request is opened/updated, add "please-review" and
remove a few other labels.
When a comment is made with /please-review on a PR. Add the
"please-review" label to the PR.
2022-12-09 04:50:13 +09:00
Lennart Poettering
a579990277
Merge pull request #25180 from keszybz/ukify
...
ukify: add helper to create UKIs
2022-12-08 15:11:18 +01:00
Zbigniew Jędrzejewski-Szmek
1f6da5d902
ci: install pefile
2022-12-07 15:53:47 +01:00
dependabot[bot]
054f47defc
build(deps): bump ninja from 1.10.2.4 to 1.11.1 in /.github/workflows
...
Bumps [ninja](https://github.com/ninja-build/ninja ) from 1.10.2.4 to 1.11.1.
- [Release notes](https://github.com/ninja-build/ninja/releases )
- [Commits](https://github.com/ninja-build/ninja/commits/v1.11.1 )
---
updated-dependencies:
- dependency-name: ninja
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-12-01 11:59:45 +00:00
dependabot[bot]
80dd9e2de7
build(deps): bump meson from 0.63.3 to 0.64.1 in /.github/workflows
...
Bumps [meson](https://github.com/mesonbuild/meson ) from 0.63.3 to 0.64.1.
- [Release notes](https://github.com/mesonbuild/meson/releases )
- [Commits](https://github.com/mesonbuild/meson/compare/0.63.3...0.64.1 )
---
updated-dependencies:
- dependency-name: meson
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-12-01 10:28:47 +00:00
dependabot[bot]
58a1485fa9
build(deps): bump redhat-plumbers-in-action/differential-shellcheck
...
Bumps [redhat-plumbers-in-action/differential-shellcheck](https://github.com/redhat-plumbers-in-action/differential-shellcheck ) from 3.1.1 to 3.2.1.
- [Release notes](https://github.com/redhat-plumbers-in-action/differential-shellcheck/releases )
- [Changelog](https://github.com/redhat-plumbers-in-action/differential-shellcheck/blob/main/CHANGELOG.md )
- [Commits](1b1b75e42f...f3cd08fcf1
)
---
updated-dependencies:
- dependency-name: redhat-plumbers-in-action/differential-shellcheck
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-12-01 10:03:09 +00:00
dependabot[bot]
690e7bfe8f
build(deps): bump actions/upload-artifact from 3.1.0 to 3.1.1
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](https://github.com/actions/upload-artifact/compare/v3.1.0...83fd05a356d7e2593de66fc9913b3002723633cb )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-12-01 10:02:00 +00:00
dependabot[bot]
073747028b
build(deps): bump redhat-plumbers-in-action/advanced-issue-labeler
...
Bumps [redhat-plumbers-in-action/advanced-issue-labeler](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler ) from 2.0.0 to 2.0.1.
- [Release notes](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler/releases )
- [Commits](fe9c43b7d7...88209aef58
)
---
updated-dependencies:
- dependency-name: redhat-plumbers-in-action/advanced-issue-labeler
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-12-01 10:01:10 +00:00
Luca Boccassi
c1fb3319ce
GA: do not run codeql on systemd-security
...
Scanning is not available on private repositories
2022-11-30 10:59:03 +00:00
Luca Boccassi
77e6166679
GA: run development_freeze only on main repository
...
No point in running this checker on other forks
2022-11-30 10:59:03 +00:00
Luca Boccassi
39a306ba34
Merge pull request #25319 from zx2c4-forks/krngseed
...
boot: implement kernel EFI RNG seed protocol with proper hashing
2022-11-16 15:07:54 +01:00
Jason A. Donenfeld
0be72218f1
boot: implement kernel EFI RNG seed protocol with proper hashing
...
Rather than passing seeds up to userspace via EFI variables, pass seeds
directly to the kernel's EFI stub loader, via LINUX_EFI_RANDOM_SEED_TABLE_GUID.
EFI variables can potentially leak and suffer from forward secrecy
issues, and processing these with userspace means that they are
initialized much too late in boot to be useful. In contrast,
LINUX_EFI_RANDOM_SEED_TABLE_GUID uses EFI configuration tables, and so
is hidden from userspace entirely, and is parsed extremely early on by
the kernel, so that every single call to get_random_bytes() by the
kernel is seeded.
In order to do this properly, we use a bit more robust hashing scheme,
and make sure that each input is properly memzeroed out after use. The
scheme is:
key = HASH(LABEL || sizeof(input1) || input1 || ... || sizeof(inputN) || inputN)
new_disk_seed = HASH(key || 0)
seed_for_linux = HASH(key || 1)
The various inputs are:
- LINUX_EFI_RANDOM_SEED_TABLE_GUID from prior bootloaders
- 256 bits of seed from EFI's RNG
- The (immutable) system token, from its EFI variable
- The prior on-disk seed
- The UEFI monotonic counter
- A timestamp
This also adjusts the secure boot semantics, so that the operation is
only aborted if it's not possible to get random bytes from EFI's RNG or
a prior boot stage. With the proper hashing scheme, this should make
boot seeds safe even on secure boot.
There is currently a bug in Linux's EFI stub in which if the EFI stub
manages to generate random bytes on its own using EFI's RNG, it will
ignore what the bootloader passes. That's annoying, but it means that
either way, via systemd-boot or via EFI stub's mechanism, the RNG *does*
get initialized in a good safe way. And this bug is now fixed in the
efi.git tree, and will hopefully be backported to older kernels.
As the kernel recommends, the resultant seeds are 256 bits and are
allocated using pool memory of type EfiACPIReclaimMemory, so that it
gets freed at the right moment in boot.
2022-11-14 15:21:58 +01:00