summaryrefslogtreecommitdiffstats
path: root/mkosi.images/system
diff options
context:
space:
mode:
authorDaan De Meyer <daan.j.demeyer@gmail.com>2024-01-25 22:48:55 +0100
committerDaan De Meyer <daan.j.demeyer@gmail.com>2024-03-07 10:47:19 +0100
commit4d0f1451b58dbd4b94da579b800adef4f4e42c34 (patch)
tree841684bfbb83f8028c8d4ca0a9e2a125ab4dbe54 /mkosi.images/system
parentmkosi: Update to v21 (diff)
downloadsystemd-4d0f1451b58dbd4b94da579b800adef4f4e42c34.tar.xz
systemd-4d0f1451b58dbd4b94da579b800adef4f4e42c34.zip
Build distribution packages in mkosi
Instead of running meson install and hoping for the best, let's build distribution packages from the downstream packaging specs. This gets us the following: - Vastly simplified mkosi scripts since we don't need a separate initrd image anymore but can just reuse the default mkosi initrd. - Almost everything can move to the base image as its not the basis anymore for the initrd and as such we don't need to care about the size anymore. - The systemd packages that get pulled in as dependencies of other packages get properly uninstalled and replaced with our packages that we built instead of just installing on top of an existing systemd installation with no guarantee that everything from that previous installation was removed. - Much better testing coverage as what we're testing is much closer to what will actually be deployed in distributions. - Immediate feedback if something we change breaks distribution packaging - We get integration with the distribution for free as we'll automatically use the proper directories and such instead of having to hack this into a mkosi build script. - ...
Diffstat (limited to 'mkosi.images/system')
-rw-r--r--mkosi.images/system/mkosi.conf42
-rw-r--r--mkosi.images/system/mkosi.conf.d/05-initrd.conf12
-rw-r--r--mkosi.images/system/mkosi.conf.d/10-arch.conf28
-rw-r--r--mkosi.images/system/mkosi.conf.d/10-centos-fedora.conf33
-rw-r--r--mkosi.images/system/mkosi.conf.d/10-centos/mkosi.conf4
-rw-r--r--mkosi.images/system/mkosi.conf.d/10-centos/mkosi.repart/10-usr.conf.d/squashfs.conf5
-rw-r--r--mkosi.images/system/mkosi.conf.d/10-debian-amd64.conf10
-rw-r--r--mkosi.images/system/mkosi.conf.d/10-debian-arm64.conf10
-rw-r--r--mkosi.images/system/mkosi.conf.d/10-debian-ubuntu.conf31
-rw-r--r--mkosi.images/system/mkosi.conf.d/10-fedora.conf12
-rw-r--r--mkosi.images/system/mkosi.conf.d/10-opensuse.conf25
-rw-r--r--mkosi.images/system/mkosi.conf.d/10-ubuntu.conf14
-rw-r--r--mkosi.images/system/mkosi.extra/etc/issue2
-rw-r--r--mkosi.images/system/mkosi.extra/usr/lib/systemd/journald.conf.d/50-persistent.conf8
-rwxr-xr-xmkosi.images/system/mkosi.extra/usr/lib/systemd/mkosi-check-and-shutdown.sh19
-rw-r--r--mkosi.images/system/mkosi.extra/usr/lib/systemd/system/mkosi-check-and-shutdown.service15
-rw-r--r--mkosi.images/system/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf3
-rw-r--r--mkosi.images/system/mkosi.extra/usr/share/factory/mkosi/gdbinit.d/systemd.gdb3
-rwxr-xr-xmkosi.images/system/mkosi.finalize4
-rwxr-xr-xmkosi.images/system/mkosi.postinst.chroot111
-rw-r--r--mkosi.images/system/mkosi.repart/00-esp.conf4
21 files changed, 6 insertions, 389 deletions
diff --git a/mkosi.images/system/mkosi.conf b/mkosi.images/system/mkosi.conf
index 5bcf6967c7..9937ad3a98 100644
--- a/mkosi.images/system/mkosi.conf
+++ b/mkosi.images/system/mkosi.conf
@@ -3,49 +3,15 @@
[Config]
Dependencies=base
+[Distribution]
+CacheOnly=metadata
+
[Output]
@Format=directory
[Content]
-Autologin=yes
BaseTrees=%O/base
-ExtraTrees=%O/base-systemd
-Packages=
- acl
- bash-completion
- coreutils
- diffutils
- dnsmasq
- dosfstools
- e2fsprogs
- findutils
- gcc # Sanitizer libraries
- gdb
- grep
- gzip
- kbd
- kexec-tools
- less
- mtools
- nano
- nftables
- openssl
- qrencode
- sed
- socat
- strace
- systemd
- tmux
- tar
- tree
- udev
- util-linux
- valgrind
- wireguard-tools
- xfsprogs
- zsh
-
-BuildPackages=
+Initrds=%O/base.initrd
[Validation]
@SecureBoot=yes
diff --git a/mkosi.images/system/mkosi.conf.d/05-initrd.conf b/mkosi.images/system/mkosi.conf.d/05-initrd.conf
deleted file mode 100644
index 23685871c6..0000000000
--- a/mkosi.images/system/mkosi.conf.d/05-initrd.conf
+++ /dev/null
@@ -1,12 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-Bootable=!no
-Format=|disk
-Format=|directory
-
-[Config]
-Dependencies=initrd
-
-[Content]
-Initrds=%O/initrd
diff --git a/mkosi.images/system/mkosi.conf.d/10-arch.conf b/mkosi.images/system/mkosi.conf.d/10-arch.conf
deleted file mode 100644
index a3d008d10f..0000000000
--- a/mkosi.images/system/mkosi.conf.d/10-arch.conf
+++ /dev/null
@@ -1,28 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-Distribution=arch
-
-[Content]
-Packages=
- bpf
- btrfs-progs
- compsize
- dhcp
- f2fs-tools
- glib2
- iproute
- linux
- man-db
- openbsd-netcat
- openssh
- pacman
- polkit
- python-pefile
- python-psutil
- python-pytest
- python3
- quota-tools
- sbsigntools
- shadow
- vim
diff --git a/mkosi.images/system/mkosi.conf.d/10-centos-fedora.conf b/mkosi.images/system/mkosi.conf.d/10-centos-fedora.conf
deleted file mode 100644
index 871186d5ca..0000000000
--- a/mkosi.images/system/mkosi.conf.d/10-centos-fedora.conf
+++ /dev/null
@@ -1,33 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-Distribution=|centos
-Distribution=|fedora
-
-[Content]
-Packages=
- bpftool
- cryptsetup
- dhcp-server
- dnf
- glib2
- integritysetup
- iproute
- iproute-tc
- kernel-core
- libcap-ng-utils
- netcat
- openssh-server
- openssh-clients
- p11-kit
- pam
- passwd
- polkit
- procps-ng
- python3
- python3dist(pefile)
- python3dist(pluggy) # python3-pluggy is a pytest dependency that's not installed for some reason.
- python3dist(psutil)
- python3dist(pytest)
- quota
- vim-common
diff --git a/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.conf
index 146e03a895..af4862d4b1 100644
--- a/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.conf
+++ b/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.conf
@@ -2,7 +2,3 @@
[Match]
Distribution=centos
-
-[Content]
-Packages=
- kernel-modules # For squashfs support
diff --git a/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.repart/10-usr.conf.d/squashfs.conf b/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.repart/10-usr.conf.d/squashfs.conf
deleted file mode 100644
index 393d5f038c..0000000000
--- a/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.repart/10-usr.conf.d/squashfs.conf
+++ /dev/null
@@ -1,5 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-# CentOS does not support erofs so we use squashfs instead.
-[Partition]
-Format=squashfs
diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-amd64.conf b/mkosi.images/system/mkosi.conf.d/10-debian-amd64.conf
deleted file mode 100644
index d3c89f3a8c..0000000000
--- a/mkosi.images/system/mkosi.conf.d/10-debian-amd64.conf
+++ /dev/null
@@ -1,10 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-Distribution=debian
-Architecture=x86-64
-
-[Content]
-Packages=
- bpftool
- linux-image-cloud-amd64
diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-arm64.conf b/mkosi.images/system/mkosi.conf.d/10-debian-arm64.conf
deleted file mode 100644
index 76a6898111..0000000000
--- a/mkosi.images/system/mkosi.conf.d/10-debian-arm64.conf
+++ /dev/null
@@ -1,10 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-Distribution=debian
-Architecture=arm64
-
-[Content]
-Packages=
- bpftool
- linux-image-cloud-arm64
diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu.conf b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu.conf
deleted file mode 100644
index d6e3f20222..0000000000
--- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu.conf
+++ /dev/null
@@ -1,31 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-Distribution=|debian
-Distribution=|ubuntu
-
-[Content]
-Packages=
- apt
- btrfs-progs
- cryptsetup-bin
- dbus-broker
- default-dbus-session-bus
- f2fs-tools
- fdisk
- iproute2
- isc-dhcp-server
- libcap-ng-utils
- netcat-openbsd
- openssh-server
- openssh-client
- sbsigntool
- passwd
- policykit-1
- procps
- python3
- python3-pefile
- python3-psutil
- python3-pytest
- quota
- xxd
diff --git a/mkosi.images/system/mkosi.conf.d/10-fedora.conf b/mkosi.images/system/mkosi.conf.d/10-fedora.conf
deleted file mode 100644
index 7554ad2dc3..0000000000
--- a/mkosi.images/system/mkosi.conf.d/10-fedora.conf
+++ /dev/null
@@ -1,12 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-Distribution=fedora
-
-[Content]
-Packages=
- btrfs-progs
- compsize
- f2fs-tools
- glibc-langpack-en
- sbsigntools
diff --git a/mkosi.images/system/mkosi.conf.d/10-opensuse.conf b/mkosi.images/system/mkosi.conf.d/10-opensuse.conf
deleted file mode 100644
index ffcb664224..0000000000
--- a/mkosi.images/system/mkosi.conf.d/10-opensuse.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-Distribution=opensuse
-
-[Content]
-Packages=
- bpftool
- btrfs-progs
- cryptsetup
- dbus-broker
- f2fs-tools
- glibc-locale-base
- kernel-kvmsmall
- libcap-ng-utils
- openssh-server
- openssh-clients
- python3
- python3-pefile
- python3-psutil
- python3-pytest
- quota
- sbsigntools
- shadow
- vim
diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu.conf b/mkosi.images/system/mkosi.conf.d/10-ubuntu.conf
deleted file mode 100644
index b099e79132..0000000000
--- a/mkosi.images/system/mkosi.conf.d/10-ubuntu.conf
+++ /dev/null
@@ -1,14 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-Distribution=ubuntu
-
-[Content]
-Packages=
- # We would like to use linux-image-kvm but it does not have support for SMBIOS credentials.
- linux-image-generic
- linux-tools-common
- linux-tools-generic
-# "orphan_file" is enabled by default in recent versions of mkfs.ext4 but not supported by the Jammy kernel
-# so we explicitly disable it.
-Environment=SYSTEMD_REPART_MKFS_OPTIONS_EXT4="-O ^orphan_file"
diff --git a/mkosi.images/system/mkosi.extra/etc/issue b/mkosi.images/system/mkosi.extra/etc/issue
deleted file mode 100644
index 6aa6fc0ec0..0000000000
--- a/mkosi.images/system/mkosi.extra/etc/issue
+++ /dev/null
@@ -1,2 +0,0 @@
-\S (built from systemd tree)
-Kernel \r on an \m (\l)
diff --git a/mkosi.images/system/mkosi.extra/usr/lib/systemd/journald.conf.d/50-persistent.conf b/mkosi.images/system/mkosi.extra/usr/lib/systemd/journald.conf.d/50-persistent.conf
deleted file mode 100644
index 2f953290d3..0000000000
--- a/mkosi.images/system/mkosi.extra/usr/lib/systemd/journald.conf.d/50-persistent.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-# We only ship /usr in the image so /var/log/journal won't exist on boot which means systemd-journald won't
-# persist any logs as the default Storage= setting is "auto". We can't create /var/log/journal using tmpfiles
-# as systemd-journal-flush.service runs before systemd-tmpfiles-setup.service so instead we explicitly set
-# Storage= to persistent to have systemd-journald create /var/log/journal itself.
-[Journal]
-Storage=persistent
diff --git a/mkosi.images/system/mkosi.extra/usr/lib/systemd/mkosi-check-and-shutdown.sh b/mkosi.images/system/mkosi.extra/usr/lib/systemd/mkosi-check-and-shutdown.sh
deleted file mode 100755
index e0fcf30498..0000000000
--- a/mkosi.images/system/mkosi.extra/usr/lib/systemd/mkosi-check-and-shutdown.sh
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/bin/bash -eux
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-systemctl --failed --no-legend | tee /failed-services
-
-# Check that secure boot keys were properly enrolled.
-if ! systemd-detect-virt --container; then
- cmp /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c <(printf '\6\0\0\0\1')
- cmp /sys/firmware/efi/efivars/SetupMode-8be4df61-93ca-11d2-aa0d-00e098032b8c <(printf '\6\0\0\0\0')
-
- if command -v sbsign &>/dev/null; then
- cat /proc/cmdline
- grep -q this_should_be_here /proc/cmdline
- (! grep -q this_should_not_be_here /proc/cmdline)
- fi
-fi
-
-# Exit with non-zero EC if the /failed-services file is not empty (we have -e set)
-[[ ! -s /failed-services ]]
diff --git a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system/mkosi-check-and-shutdown.service b/mkosi.images/system/mkosi.extra/usr/lib/systemd/system/mkosi-check-and-shutdown.service
deleted file mode 100644
index 7942cbfa77..0000000000
--- a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system/mkosi-check-and-shutdown.service
+++ /dev/null
@@ -1,15 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-[Unit]
-Description=Check if any service failed and then shutdown the machine
-After=multi-user.target network-online.target
-Requires=multi-user.target
-Wants=systemd-resolved.service systemd-networkd.service network-online.target
-SuccessAction=exit
-FailureAction=exit
-# On success, exit with 123 so that we can check that we receive the actual exit code from the script on the
-# host.
-SuccessActionExitStatus=123
-
-[Service]
-Type=oneshot
-ExecStart=/usr/lib/systemd/mkosi-check-and-shutdown.sh
diff --git a/mkosi.images/system/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf b/mkosi.images/system/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf
deleted file mode 100644
index dac79ba4ed..0000000000
--- a/mkosi.images/system/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf
+++ /dev/null
@@ -1,3 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-C+! /etc - - - - /usr/share/factory/mkosi
diff --git a/mkosi.images/system/mkosi.extra/usr/share/factory/mkosi/gdbinit.d/systemd.gdb b/mkosi.images/system/mkosi.extra/usr/share/factory/mkosi/gdbinit.d/systemd.gdb
deleted file mode 100644
index 26f882bc2b..0000000000
--- a/mkosi.images/system/mkosi.extra/usr/share/factory/mkosi/gdbinit.d/systemd.gdb
+++ /dev/null
@@ -1,3 +0,0 @@
-set debuginfod enabled off
-set build-id-verbose 0
-set substitute-path ../src /root/src/systemd
diff --git a/mkosi.images/system/mkosi.finalize b/mkosi.images/system/mkosi.finalize
deleted file mode 100755
index 74b810c152..0000000000
--- a/mkosi.images/system/mkosi.finalize
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/sh
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-cp --archive --recursive --no-target-directory --reflink=auto "$BUILDROOT"/etc "$BUILDROOT"/usr/share/factory/mkosi
diff --git a/mkosi.images/system/mkosi.postinst.chroot b/mkosi.images/system/mkosi.postinst.chroot
deleted file mode 100755
index 330fa3b73e..0000000000
--- a/mkosi.images/system/mkosi.postinst.chroot
+++ /dev/null
@@ -1,111 +0,0 @@
-#!/bin/bash
-# SPDX-License-Identifier: LGPL-2.1-or-later
-set -e
-
-if [ "$1" = "build" ]; then
- exit 0
-fi
-
-if [ -n "$SANITIZERS" ]; then
- LD_PRELOAD=$(ldd /usr/lib/systemd/systemd | grep libasan.so | awk '{print $3}')
-
- mkdir -p /etc/systemd/system.conf.d
-
- cat >/etc/systemd/system.conf.d/10-asan.conf <<EOF
-[Manager]
-ManagerEnvironment=ASAN_OPTIONS=$MKOSI_ASAN_OPTIONS\\
- UBSAN_OPTIONS=$MKOSI_UBSAN_OPTIONS\\
- LD_PRELOAD=$LD_PRELOAD
-DefaultEnvironment=ASAN_OPTIONS=$MKOSI_ASAN_OPTIONS\\
- UBSAN_OPTIONS=$MKOSI_UBSAN_OPTIONS\\
- LD_PRELOAD=$LD_PRELOAD
-EOF
-
- # ASAN logs to stderr by default. However, journald's stderr is connected to /dev/null, so we lose
- # all the ASAN logs. To rectify that, let's connect journald's stdout to the console so that any
- # sanitizer failures appear directly on the user's console.
- mkdir -p /etc/systemd/system/systemd-journald.service.d
- cat >/etc/systemd/system/systemd-journald.service.d/10-stdout-tty.conf <<EOF
-[Service]
-StandardOutput=tty
-EOF
-
- # Both systemd and util-linux's login call vhangup() on /dev/console which disconnects all users.
- # This means systemd-journald can't log to /dev/console even if we configure `StandardOutput=tty`. As
- # a workaround, we modify console-getty.service to disable systemd's vhangup() and disallow login
- # from calling vhangup() so that journald's ASAN logs correctly end up in the console.
-
- mkdir -p /etc/systemd/system/console-getty.service.d
- cat >/etc/systemd/system/console-getty.service.d/10-no-vhangup.conf <<EOF
-[Service]
-TTYVHangup=no
-CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
-EOF
- # ASAN and syscall filters aren't compatible with each other.
- find / -name '*.service' -type f -exec sed -i 's/^\(MemoryDeny\|SystemCall\)/# \1/' {} +
-
- # `systemd-hwdb update` takes > 50s when built with sanitizers so let's not run it by default.
- systemctl mask systemd-hwdb-update.service
-fi
-
-if [ -n "$IMAGE_ID" ] ; then
- sed -n \
- -i \
- -e '/^IMAGE_ID=/!p' \
- -e "\$aIMAGE_ID=$IMAGE_ID" \
- /usr/lib/os-release
-fi
-
-if [ -n "$IMAGE_VERSION" ] ; then
- sed -n \
- -i \
- -e '/^IMAGE_VERSION=/!p' \
- -e "\$aIMAGE_VERSION=$IMAGE_VERSION" \
- /usr/lib/os-release
-fi
-
-if command -v authselect >/dev/null; then
- # authselect 1.5.0 renamed the minimal profile to the local profile without keeping backwards compat so
- # let's use the new name if it exists.
- if [ -d /usr/share/authselect/default/local ]; then
- PROFILE=local
- else
- PROFILE=minimal
- fi
-
- authselect select "$PROFILE"
-
- if authselect list-features "$PROFILE" | grep -q "with-homed"; then
- authselect enable-feature with-homed
- fi
-fi
-
-# Let tmpfiles.d/systemd-resolve.conf handle the symlink. /etc/resolv.conf might be mounted over so undo that
-# if that's the case.
-mountpoint -q /etc/resolv.conf && umount /etc/resolv.conf
-rm -f /etc/resolv.conf
-
-. /usr/lib/os-release
-
-if [ "$ID" = "centos" ] && [ "$VERSION" = "8" ]; then
- alternatives --install /usr/bin/python3 python3 /usr/bin/python3.9 1
- alternatives --set python3 /usr/bin/python3.9
-fi
-
-mkdir -p /usr/lib/sysusers.d
-cat >/usr/lib/sysusers.d/testuser.conf <<EOF
-u testuser 4711 "Test User" /home/testuser
-EOF
-mkdir -p /usr/lib/tmpfiles.d
-cat >/usr/lib/tmpfiles.d/testuser.conf <<EOF
-q /home/testuser 0700 4711 4711
-EOF
-
-# sbsign is not available on CentOS Stream
-if command -v sbsign &>/dev/null; then
- # Ensure that side-loaded PE addons are loaded if signed, and ignored if not
- addons_dir=/efi/loader/addons
- mkdir -p "$addons_dir"
- ukify build --secureboot-private-key mkosi.key --secureboot-certificate mkosi.crt --cmdline this_should_be_here -o "$addons_dir/good.addon.efi"
- ukify build --cmdline this_should_not_be_here -o "$addons_dir/bad.addon.efi"
-fi
diff --git a/mkosi.images/system/mkosi.repart/00-esp.conf b/mkosi.images/system/mkosi.repart/00-esp.conf
index 4be04661d9..391543d1e7 100644
--- a/mkosi.images/system/mkosi.repart/00-esp.conf
+++ b/mkosi.images/system/mkosi.repart/00-esp.conf
@@ -5,5 +5,5 @@ Type=esp
Format=vfat
CopyFiles=/boot:/
CopyFiles=/efi:/
-SizeMinBytes=512M
-SizeMaxBytes=512M
+SizeMinBytes=1G
+SizeMaxBytes=1G