mirror of
https://github.com/systemd/systemd.git
synced 2025-01-07 21:18:41 +03:00
977fc93603
Now that mkosi supports generating UKI profiles, let's make use of that to generate the UKI profiles required for the test instead of doing it within the test itself.
151 lines
3.8 KiB
Plaintext
151 lines
3.8 KiB
Plaintext
# SPDX-License-Identifier: LGPL-2.1-or-later
|
|
|
|
[Config]
|
|
MinimumVersion=25~devel
|
|
Dependencies=
|
|
exitrd
|
|
initrd
|
|
minimal-base
|
|
minimal-0
|
|
minimal-1
|
|
|
|
PassEnvironment=
|
|
NO_BUILD
|
|
NO_SYNC
|
|
WIPE
|
|
SANITIZERS
|
|
CFLAGS
|
|
LDFLAGS
|
|
LLVM
|
|
MESON_VERBOSE
|
|
MESON_OPTIONS
|
|
SYSEXT
|
|
WITH_DEBUG
|
|
ASAN_OPTIONS
|
|
|
|
[Output]
|
|
RepartDirectories=mkosi.repart
|
|
OutputDirectory=build/mkosi.output
|
|
|
|
[Build]
|
|
BuildDirectory=build/mkosi.builddir
|
|
CacheDirectory=build/mkosi.cache
|
|
BuildSourcesEphemeral=yes
|
|
Incremental=yes
|
|
|
|
[Validation]
|
|
SignExpectedPcr=yes
|
|
|
|
[Content]
|
|
ExtraTrees=
|
|
mkosi.crt:/usr/lib/verity.d/mkosi.crt # sysext verification key
|
|
mkosi.leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions
|
|
mkosi.coredump-journal-storage.conf:/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf
|
|
%O/minimal-0.root-%a.raw:/usr/share/minimal_0.raw
|
|
%O/minimal-0.root-%a-verity.raw:/usr/share/minimal_0.verity
|
|
%O/minimal-0.root-%a-verity-sig.raw:/usr/share/minimal_0.verity.sig
|
|
%O/minimal-1.root-%a.raw:/usr/share/minimal_1.raw
|
|
%O/minimal-1.root-%a-verity.raw:/usr/share/minimal_1.verity
|
|
%O/minimal-1.root-%a-verity-sig.raw:/usr/share/minimal_1.verity.sig
|
|
%O/minimal-base:/usr/share/TEST-13-NSPAWN-container-template
|
|
%O/exitrd:/exitrd
|
|
|
|
Initrds=%O/initrd
|
|
|
|
# Disable relabeling by default as it only matters for TEST-06-SELINUX, takes a non-trivial amount of time
|
|
# and results in lots of errors when building images as a regular user.
|
|
SELinuxRelabel=no
|
|
|
|
# Adding more kernel command line arguments is likely to hit the kernel command line limit (512 bytes) in
|
|
# various scenarios. Consider adding support for a credential instead if possible and using that.
|
|
KernelCommandLine=
|
|
systemd.crash_shell
|
|
systemd.log_level=debug,console:info
|
|
systemd.log_ratelimit_kmsg=0
|
|
# Disable the kernel's ratelimiting on userspace logging to kmsg.
|
|
printk.devkmsg=on
|
|
# Make sure /sysroot is mounted rw in the initrd.
|
|
rw
|
|
# Lower the default device timeout so we get a shell earlier if the root device does
|
|
# not appear for some reason.
|
|
systemd.default_device_timeout_sec=90
|
|
# Make sure no LSMs are enabled by default.
|
|
selinux=0
|
|
systemd.early_core_pattern=/core
|
|
systemd.firstboot=no
|
|
raid=noautodetect
|
|
oops=panic
|
|
panic=-1
|
|
softlockup_panic=1
|
|
panic_on_warn=1
|
|
# These don't ship proper units with [Install] directives so we have to mask them instead.
|
|
systemd.mask=isc-dhcp-server.service
|
|
systemd.mask=mdmonitor.service
|
|
psi=1
|
|
|
|
KernelModulesInitrdExclude=.*
|
|
KernelModulesInitrdInclude=default
|
|
|
|
Packages=
|
|
acl
|
|
attr
|
|
bash-completion
|
|
binutils
|
|
coreutils
|
|
curl
|
|
diffutils
|
|
dnsmasq
|
|
dosfstools
|
|
e2fsprogs
|
|
findutils
|
|
gdb
|
|
grep
|
|
gzip
|
|
jq
|
|
kbd
|
|
kexec-tools
|
|
kmod
|
|
less
|
|
llvm
|
|
lvm2
|
|
man
|
|
mdadm
|
|
mtools
|
|
nano
|
|
nftables
|
|
nvme-cli
|
|
opensc
|
|
openssl
|
|
p11-kit
|
|
pciutils
|
|
python3
|
|
radvd
|
|
rsync
|
|
sed
|
|
socat
|
|
strace
|
|
tar
|
|
tmux
|
|
tree
|
|
util-linux
|
|
valgrind
|
|
which
|
|
wireguard-tools
|
|
xfsprogs
|
|
zsh
|
|
zstd
|
|
|
|
[Host]
|
|
Credentials=
|
|
journal.storage=persistent
|
|
tty.serial.hvc0.agetty.autologin=root
|
|
tty.serial.hvc0.login.noauth=yes
|
|
tty.console.agetty.autologin=root
|
|
tty.console.login.noauth=yes
|
|
RuntimeBuildSources=yes
|
|
RuntimeScratch=no
|
|
QemuSmp=2
|
|
QemuSwtpm=yes
|
|
QemuVsock=yes
|
|
QemuKvm=yes
|