# SPDX-License-Identifier: LGPL-2.1-or-later [Config] MinimumVersion=25~devel Dependencies= exitrd initrd minimal-base minimal-0 minimal-1 PassEnvironment= NO_BUILD NO_SYNC WIPE SANITIZERS CFLAGS LDFLAGS LLVM MESON_VERBOSE MESON_OPTIONS SYSEXT WITH_DEBUG ASAN_OPTIONS [Output] RepartDirectories=mkosi.repart OutputDirectory=build/mkosi.output [Build] BuildDirectory=build/mkosi.builddir CacheDirectory=build/mkosi.cache BuildSourcesEphemeral=yes Incremental=yes # TODO: Remove when TEST-70-TPM doesn't fail in an image with signed PCRs anymore. [Validation] SignExpectedPcr=no [Content] ExtraTrees= mkosi.crt:/usr/lib/verity.d/mkosi.crt # sysext verification key mkosi.leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions mkosi.coredump-journal-storage.conf:/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf %O/minimal-0.root-%a.raw:/usr/share/minimal_0.raw %O/minimal-0.root-%a-verity.raw:/usr/share/minimal_0.verity %O/minimal-0.root-%a-verity-sig.raw:/usr/share/minimal_0.verity.sig %O/minimal-1.root-%a.raw:/usr/share/minimal_1.raw %O/minimal-1.root-%a-verity.raw:/usr/share/minimal_1.verity %O/minimal-1.root-%a-verity-sig.raw:/usr/share/minimal_1.verity.sig %O/minimal-base:/usr/share/TEST-13-NSPAWN-container-template %O/exitrd:/exitrd Initrds=%O/initrd # Disable relabeling by default as it only matters for TEST-06-SELINUX, takes a non-trivial amount of time # and results in lots of errors when building images as a regular user. SELinuxRelabel=no # Adding more kernel command line arguments is likely to hit the kernel command line limit (512 bytes) in # various scenarios. Consider adding support for a credential instead if possible and using that. KernelCommandLine= systemd.crash_shell systemd.log_level=debug,console:info systemd.log_ratelimit_kmsg=0 # Disable the kernel's ratelimiting on userspace logging to kmsg. printk.devkmsg=on # Make sure /sysroot is mounted rw in the initrd. rw # Lower the default device timeout so we get a shell earlier if the root device does # not appear for some reason. systemd.default_device_timeout_sec=90 # Make sure no LSMs are enabled by default. selinux=0 systemd.early_core_pattern=/core systemd.firstboot=no raid=noautodetect oops=panic panic=-1 softlockup_panic=1 panic_on_warn=1 # These don't ship proper units with [Install] directives so we have to mask them instead. systemd.mask=isc-dhcp-server.service systemd.mask=mdmonitor.service psi=1 KernelModulesInitrdExclude=.* KernelModulesInitrdInclude=default Packages= acl attr bash-completion binutils coreutils curl diffutils dnsmasq dosfstools e2fsprogs findutils gdb grep gzip jq kbd kexec-tools kmod less llvm lvm2 man mdadm mtools nano nftables nvme-cli opensc openssl p11-kit pciutils python3 radvd rsync sed socat strace tar tmux tree util-linux valgrind which wireguard-tools xfsprogs zsh zstd [Host] Credentials= journal.storage=persistent tty.serial.hvc0.agetty.autologin=root tty.serial.hvc0.login.noauth=yes tty.console.agetty.autologin=root tty.console.login.noauth=yes RuntimeBuildSources=yes RuntimeScratch=no QemuSmp=2 QemuSwtpm=yes QemuVsock=yes QemuKvm=yes