mirror of
https://github.com/systemd/systemd.git
synced 2024-10-26 17:27:41 +03:00
345a4fcbb6
systemd built with sanitizers is installed in subimages and tools might get invoked in postinstall scripts so we have to disable ASAN in the subimages as well during the image build.
149 lines
3.8 KiB
Plaintext
149 lines
3.8 KiB
Plaintext
# SPDX-License-Identifier: LGPL-2.1-or-later
|
|
|
|
[Config]
|
|
MinimumVersion=25~devel
|
|
Dependencies=
|
|
exitrd
|
|
initrd
|
|
minimal-base
|
|
minimal-0
|
|
minimal-1
|
|
|
|
PassEnvironment=
|
|
NO_BUILD
|
|
NO_SYNC
|
|
WIPE
|
|
SANITIZERS
|
|
CFLAGS
|
|
LDFLAGS
|
|
LLVM
|
|
MESON_VERBOSE
|
|
MESON_OPTIONS
|
|
SYSEXT
|
|
WITH_DEBUG
|
|
ASAN_OPTIONS
|
|
|
|
[Output]
|
|
RepartDirectories=mkosi.repart
|
|
OutputDirectory=build/mkosi.output
|
|
BuildDirectory=build/mkosi.builddir
|
|
CacheDirectory=build/mkosi.cache
|
|
|
|
[Content]
|
|
BuildSourcesEphemeral=yes
|
|
|
|
ExtraTrees=
|
|
mkosi.crt:/usr/lib/verity.d/mkosi.crt # sysext verification key
|
|
mkosi.leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions
|
|
mkosi.coredump-journal-storage.conf:/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf
|
|
%O/minimal-0.root-%a.raw:/usr/share/minimal_0.raw
|
|
%O/minimal-0.root-%a-verity.raw:/usr/share/minimal_0.verity
|
|
%O/minimal-0.root-%a-verity-sig.raw:/usr/share/minimal_0.verity.sig
|
|
%O/minimal-1.root-%a.raw:/usr/share/minimal_1.raw
|
|
%O/minimal-1.root-%a-verity.raw:/usr/share/minimal_1.verity
|
|
%O/minimal-1.root-%a-verity-sig.raw:/usr/share/minimal_1.verity.sig
|
|
%O/minimal-base:/usr/share/TEST-13-NSPAWN-container-template
|
|
%O/exitrd:/exitrd
|
|
|
|
Initrds=%O/initrd
|
|
|
|
# Disable relabeling by default as it only matters for TEST-06-SELINUX, takes a non-trivial amount of time
|
|
# and results in lots of errors when building images as a regular user.
|
|
SELinuxRelabel=no
|
|
|
|
# Adding more kernel command line arguments is likely to hit the kernel command line limit (512 bytes) in
|
|
# various scenarios. Consider adding support for a credential instead if possible and using that.
|
|
KernelCommandLine=
|
|
systemd.crash_shell
|
|
systemd.log_level=debug,console:info
|
|
systemd.log_ratelimit_kmsg=0
|
|
# Disable the kernel's ratelimiting on userspace logging to kmsg.
|
|
printk.devkmsg=on
|
|
# Make sure /sysroot is mounted rw in the initrd.
|
|
rw
|
|
# Lower the default device timeout so we get a shell earlier if the root device does
|
|
# not appear for some reason.
|
|
systemd.default_device_timeout_sec=90
|
|
# Make sure no LSMs are enabled by default.
|
|
selinux=0
|
|
systemd.early_core_pattern=/core
|
|
systemd.firstboot=no
|
|
raid=noautodetect
|
|
oops=panic
|
|
panic=-1
|
|
softlockup_panic=1
|
|
panic_on_warn=1
|
|
# These don't ship proper units with [Install] directives so we have to mask them instead.
|
|
systemd.mask=isc-dhcp-server.service
|
|
systemd.mask=mdmonitor.service
|
|
psi=1
|
|
|
|
KernelModulesInitrdExclude=.*
|
|
KernelModulesInitrdInclude=default
|
|
|
|
Packages=
|
|
acl
|
|
attr
|
|
bash-completion
|
|
binutils
|
|
bpftrace
|
|
coreutils
|
|
curl
|
|
diffutils
|
|
dnsmasq
|
|
dosfstools
|
|
e2fsprogs
|
|
findutils
|
|
gdb
|
|
grep
|
|
gzip
|
|
jq
|
|
kbd
|
|
kexec-tools
|
|
kmod
|
|
less
|
|
llvm
|
|
lvm2
|
|
man
|
|
mdadm
|
|
mtools
|
|
nano
|
|
nftables
|
|
nvme-cli
|
|
opensc
|
|
openssl
|
|
p11-kit
|
|
pciutils
|
|
python3
|
|
radvd
|
|
rsync
|
|
sed
|
|
socat
|
|
strace
|
|
tar
|
|
tmux
|
|
tree
|
|
util-linux
|
|
valgrind
|
|
which
|
|
wireguard-tools
|
|
xfsprogs
|
|
zsh
|
|
zstd
|
|
|
|
[Host]
|
|
Credentials=
|
|
journal.storage=persistent
|
|
tty.serial.hvc0.agetty.autologin=root
|
|
tty.serial.hvc0.login.noauth=yes
|
|
tty.console.agetty.autologin=root
|
|
tty.console.login.noauth=yes
|
|
Incremental=yes
|
|
RuntimeBuildSources=yes
|
|
RuntimeScratch=no
|
|
QemuSmp=2
|
|
QemuSwtpm=yes
|
|
QemuVsock=yes
|
|
QemuKvm=yes
|
|
ToolsTreePackages=virtiofsd
|