diff options
60 files changed, 755 insertions, 807 deletions
diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml index ad380ef82d..6663dfe0cc 100644 --- a/.github/workflows/mkosi.yml +++ b/.github/workflows/mkosi.yml @@ -59,17 +59,17 @@ jobs: - distro: debian release: testing - distro: ubuntu - release: jammy + release: noble - distro: fedora release: "39" - distro: fedora release: rawhide - - distro: opensuse - release: tumbleweed + # TODO: Re-enable once https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/thread/AU4NWTBXNA7MVAUXWR74XYCHCSZN4Z4K/ + # is resolved or https://build.opensuse.org/request/show/1152118 is merged. + # - distro: opensuse + # release: tumbleweed - distro: centos release: "9" - - distro: centos - release: "8" env: SYSTEMD_LOG_LEVEL: debug @@ -94,10 +94,6 @@ jobs: # Build a disk image in CI as this logic is much more prone to breakage. Format=disk - [Content] - Environment=CI_BUILD=1 - SLOW_TESTS=true - [Host] ToolsTree=default ToolsTreeDistribution=fedora diff --git a/docs/HACKING.md b/docs/HACKING.md index 270c39b587..1fbbed91d1 100644 --- a/docs/HACKING.md +++ b/docs/HACKING.md @@ -32,16 +32,16 @@ run the relevant tool from the build directory. For some components (most importantly, systemd/PID 1 itself) this is not possible, however. In order to simplify testing for cases like this we provide -a set of `mkosi` build files directly in the source tree. +a set of `mkosi` config files directly in the source tree. [mkosi](https://github.com/systemd/mkosi) is a tool for building clean OS images from an upstream distribution in combination with a fresh build of the project -in the local working directory. To make use of this, please install `mkosi` v19 -or newer using your distribution's package manager or from the -[GitHub repository](https://github.com/systemd/mkosi). `mkosi` will build an -image for the host distro by default. First, run `mkosi genkey` to generate a key -and certificate to be used for secure boot and verity signing. After that is done, -it is sufficient to type `mkosi` in the systemd project directory to generate a disk -image you can boot either in `systemd-nspawn` or in a UEFI-capable VM: +in the local working directory. To make use of this, please install the latest +version of mkosi from the [GitHub repository](https://github.com/systemd/mkosi). +`mkosi` will build an image for the host distro by default. First, run +`mkosi genkey` to generate a key and certificate to be used for secure boot and +verity signing. After that is done, it is sufficient to type `mkosi` in the +systemd project directory to generate a disk image you can boot either in +`systemd-nspawn` or in a UEFI-capable VM: ```sh $ sudo mkosi boot # nspawn still needs sudo for now diff --git a/mkosi.conf b/mkosi.conf index 2605e062ad..d611635ce7 100644 --- a/mkosi.conf +++ b/mkosi.conf @@ -2,7 +2,7 @@ [Config] Images=system -MinimumVersion=20.2 +MinimumVersion=21 [Output] @OutputDirectory=mkosi.output @@ -14,10 +14,12 @@ MinimumVersion=20.2 Environment=ASAN_OPTIONS=verify_asan_link_order=false MKOSI_ASAN_OPTIONS=strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1:disable_coredump=0:use_madv_dontdump=1 MKOSI_UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1 +@SELinuxRelabel=no [Host] @Incremental=yes -@QemuMem=2G +# TODO: Drop to 2G again once the next Noble kernel update ships and we can use linux-image-virtual. +@QemuMem=4G @RuntimeSize=8G ToolsTreePackages=virtiofsd KernelCommandLineExtra=systemd.crash_shell diff --git a/mkosi.conf.d/05-qemu-mem.conf b/mkosi.conf.d/05-qemu-mem.conf deleted file mode 100644 index 3a6f24a7b0..0000000000 --- a/mkosi.conf.d/05-qemu-mem.conf +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -# Arch and CentOS 8 Stream initrds are rather big so we need to give QEMU more memory so the kernel can load -# them without OOMing. - -[Match] -Distribution=|arch -Distribution=|centos - -[Host] -@QemuMem=3G diff --git a/mkosi.conf.d/10-opensuse.conf b/mkosi.conf.d/10-opensuse.conf index 832c0d15fb..f976fc8043 100644 --- a/mkosi.conf.d/10-opensuse.conf +++ b/mkosi.conf.d/10-opensuse.conf @@ -5,3 +5,4 @@ Distribution=opensuse [Distribution] @Release=tumbleweed +PackageManagerTrees=mkosi.conf.d/macros.db_backend:/etc/rpm/macros.db_backend diff --git a/mkosi.conf.d/10-ubuntu.conf b/mkosi.conf.d/10-ubuntu.conf index b0ebbadd48..da2d318295 100644 --- a/mkosi.conf.d/10-ubuntu.conf +++ b/mkosi.conf.d/10-ubuntu.conf @@ -4,5 +4,5 @@ Distribution=ubuntu [Distribution] -@Release=jammy +@Release=noble Repositories=universe diff --git a/mkosi.conf.d/macros.db_backend b/mkosi.conf.d/macros.db_backend new file mode 100644 index 0000000000..4a58f06458 --- /dev/null +++ b/mkosi.conf.d/macros.db_backend @@ -0,0 +1 @@ +%_db_backend ndb diff --git a/mkosi.images/base/mkosi.build.chroot b/mkosi.images/base/mkosi.build.chroot deleted file mode 100755 index b59f339b11..0000000000 --- a/mkosi.images/base/mkosi.build.chroot +++ /dev/null @@ -1,171 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e - -# This is a build script for OS image generation using mkosi (https://github.com/systemd/mkosi). -# Simply invoke "mkosi" in the project directory to build an OS image. - -# We don't want to install our build of systemd in the base image, but use it as an extra tree for the -# initrd and system images, so override DESTDIR to store it in the output directory so we can reference it as -# an extra tree in the initrd and system image builds. -export DESTDIR="$OUTPUTDIR/systemd" - -# If mkosi.builddir/ exists mkosi will set $BUILDDIR to it, let's then use it -# as out-of-tree build dir. Otherwise, let's make up our own builddir. -[ -z "$BUILDDIR" ] && BUILDDIR="$PWD"/build - -# Let's make sure we're using stuff from the build directory first if available there. -PATH="$BUILDDIR:$PATH" -export PATH - -# The bpftool script shipped by Ubuntu tries to find the actual program to run via querying `uname -r` and -# using the current kernel version. This obviously doesn't work in containers. As a workaround, we override -# the ubuntu script with a symlink to the first bpftool program we can find. -for bpftool in /usr/lib/linux-tools/*/bpftool; do - [ -x "$bpftool" ] || continue - ln -sf "$bpftool" "$BUILDDIR"/bpftool - break -done - -# CentOS Stream 8 includes bpftool 4.18.0 which is lower than what we need. However, they've backported the -# specific feature we need ("gen skeleton") to this version, so we replace bpftool with a script that reports -# version 5.6.0 to satisfy meson which makes bpf work on CentOS Stream 8 as well. -. /usr/lib/os-release -if [ "$ID" = "centos" ] && [ "$VERSION" = "8" ]; then - cat >"$BUILDDIR"/bpftool <<EOF -#!/bin/sh -if [ "\$1" = --version ]; then - echo 5.6.0 -else - exec /usr/sbin/bpftool \$@ -fi -EOF - chmod +x "$BUILDDIR"/bpftool -fi - -if [ ! -f "$BUILDDIR"/build.ninja ]; then - CONFIGURE_OPTS=( - -D sysvinit-path="$([[ -d /etc/rc.d/init.d ]] && echo /etc/rc.d/init.d || echo /etc/init.d)" - -D man=disabled - -D translations=false - -D version-tag="${VERSION_TAG}" - -D mode=developer - -D b_sanitize="${SANITIZERS:-none}" - -D install-tests=true - -D tests=unsafe - -D slow-tests="${SLOW_TESTS:-false}" - -D create-log-dirs=false - -D pamconfdir=/usr/lib/pam.d/ - -D utmp=true - -D hibernate=true - -D ldconfig=true - -D resolve=true - -D efi=true - -D tpm=true - -D environment-d=true - -D binfmt=true - -D coredump=true - -D pstore=true - -D oomd=true - -D logind=true - -D hostnamed=true - -D localed=true - -D machined=true - -D portabled=true - -D sysext=true - -D userdb=true - -D networkd=true - -D timedated=true - -D timesyncd=true - -D nss-myhostname=true - -D nss-systemd=true - -D firstboot=true - -D randomseed=true - -D backlight=true - -D vconsole=true - -D quotacheck=true - -D sysusers=true - -D tmpfiles=true - -D hwdb=true - -D rfkill=true - -D xdg-autostart=true - -D translations=true - -D idn=true - -D cryptolib=openssl - -D kernel-install=true - -D analyze=true - -D ukify="$([[ "$ID" = "centos" ]] && [[ "$VERSION" = "8" ]] && echo disabled || echo enabled)" - -D selinux="$([[ "$ID" =~ centos|fedora|opensuse ]] && echo enabled || echo disabled)" - -D apparmor="$([[ "$ID" =~ ubuntu|debian ]] && echo enabled || echo disabled)" - -D smack=true - -D ima=true - -D first-boot-full-preset=true - -D initrd=true - -D fexecve=true - -D default-keymap="$([[ "$ID" =~ debian|ubuntu ]] && echo "" || echo "us")" - -D xenctrl="$([[ "$ID" =~ debian|ubuntu|fedora|opensuse ]] && echo enabled || echo disabled)" - -D libiptc="$([[ "$ID" =~ debian|ubuntu ]] && echo enabled || echo disabled)" - -D libcryptsetup-plugins="$([[ "$ID" = "centos" ]] && [[ "$VERSION" = "8" ]] && echo disabled || echo enabled)" - ) - - # On debian-like systems the library directory is not /usr/lib64 but /usr/lib/<arch-triplet>/. - # It is important to use the right one especially for cryptsetup plugins, otherwise they will be - # installed in the wrong directory and not be found by cryptsetup. Assume native build. - if grep -q -e "ID=debian" -e "ID_LIKE=debian" /usr/lib/os-release && command -v dpkg 2>/dev/null; then - CONFIGURE_OPTS+=( - -D libdir="/usr/lib/$(dpkg-architecture -qDEB_HOST_MULTIARCH)" - -D pamlibdir="/usr/lib/$(dpkg-architecture -qDEB_HOST_MULTIARCH)/security" - ) - fi - - # Set various uids and gids for which Fedora has "soft static" allocations. - # Without this, we would get warning about mismatched sysusers.d entries - # between the files that we and Fedora's setup package install. - if grep -q '^ID=fedora' /usr/lib/os-release; then - CONFIGURE_OPTS+=( - -D adm-gid=4 - -D audio-gid=63 - -D cdrom-gid=11 - -D dialout-gid=18 - -D disk-gid=6 - -D input-gid=104 - -D kmem-gid=9 - -D kvm-gid=36 - -D lp-gid=7 - -D render-gid=105 - -D sgx-gid=106 - -D tape-gid=33 - -D tty-gid=5 - -D users-gid=100 - -D utmp-gid=22 - -D video-gid=39 - -D wheel-gid=10 - -D systemd-journal-gid=190 - -D systemd-network-uid=192 - -D systemd-resolve-uid=193 - ) - fi - - if grep -q '^ID="opensuse' /usr/lib/os-release; then - CONFIGURE_OPTS+=( - -Dbpf-compiler=gcc - ) - fi - - ( set -x; meson setup "$BUILDDIR" "$SRCDIR" --auto-features=enabled "${CONFIGURE_OPTS[@]}" ) -fi - -( set -x; ninja -C "$BUILDDIR" "$@" ) -if [ "$WITH_TESTS" = 1 ]; then - if [ -n "$SANITIZERS" ]; then - export ASAN_OPTIONS="$MKOSI_ASAN_OPTIONS" - export UBSAN_OPTIONS="$MKOSI_UBSAN_OPTIONS" - TIMEOUT_MULTIPLIER=3 - else - TIMEOUT_MULTIPLIER=1 - fi - - ( set -x; meson test -C "$BUILDDIR" --print-errorlogs --timeout-multiplier=$TIMEOUT_MULTIPLIER ) -fi - -( set -x; meson install -C "$BUILDDIR" --quiet --no-rebuild --only-changed ) diff --git a/mkosi.images/base/mkosi.conf b/mkosi.images/base/mkosi.conf index be8586ce3b..fcefc3ead2 100644 --- a/mkosi.images/base/mkosi.conf +++ b/mkosi.images/base/mkosi.conf @@ -4,33 +4,51 @@ Format=directory [Content] -Bootable=no +Autologin=yes +# Make sure we build the default initrd as part of the base image as it will have access to the systemd and +# udev rpms which are built by the build scripts that are part of the base image. +Bootable=yes +# we want to build the UKI as part of the system image so make sure none are built here. +Bootloader=none CleanPackageMetadata=no Packages= -Packages= - kmod - less - util-linux - -BuildPackages= acl - binutils - clang + bash-completion + coreutils diffutils - gawk + dnsmasq + dosfstools + e2fsprogs + findutils + gcc # Sanitizer libraries gdb - gettext git - gperf grep - lld - llvm - make - meson - pkgconf + gzip + jq + kbd + kexec-tools + kmod + less + mtools + nano + nftables + openssl + python3 + qrencode rsync sed + socat strace + systemd tar + tmux + tree + udev + util-linux + valgrind + wireguard-tools + xfsprogs + zsh zstd diff --git a/mkosi.images/base/mkosi.conf.d/10-arch.conf b/mkosi.images/base/mkosi.conf.d/10-arch.conf deleted file mode 100644 index 385c73979f..0000000000 --- a/mkosi.images/base/mkosi.conf.d/10-arch.conf +++ /dev/null @@ -1,33 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=arch - -[Content] -Packages= - cryptsetup - dbus - gnutls - libarchive - libbpf - libfido2 - libmicrohttpd - libnftnl - libpwquality - libseccomp - libxkbcommon - openssl - qrencode - tpm2-tss - -BuildPackages= - bpf - docbook-xsl - glib2 - libxslt - linux-api-headers - python - python-jinja - python-lxml - python-pefile - python-pyelftools diff --git a/mkosi.images/base/mkosi.conf.d/10-arch/initrd/mkosi.postinst b/mkosi.images/base/mkosi.conf.d/10-arch/initrd/mkosi.postinst new file mode 100755 index 0000000000..ad4fe6e9a1 --- /dev/null +++ b/mkosi.images/base/mkosi.conf.d/10-arch/initrd/mkosi.postinst @@ -0,0 +1,5 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +mkosi-install systemd systemd-sysvcompat diff --git a/mkosi.images/base/mkosi.conf.d/10-arch/mkosi.build.chroot b/mkosi.images/base/mkosi.conf.d/10-arch/mkosi.build.chroot new file mode 100755 index 0000000000..7fe05aa3a4 --- /dev/null +++ b/mkosi.images/base/mkosi.conf.d/10-arch/mkosi.build.chroot @@ -0,0 +1,53 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -ex + +if [ ! -f "pkg/$DISTRIBUTION/PKGBUILD" ]; then + echo "PKGBUILD not found at pkg/$DISTRIBUTION/PKGBUILD, run mkosi once with -ff to make sure the PKGBUILD is cloned" >&2 + exit 1 +fi + +# We can't configure the source or build directory so we use bind mounts instead to make sure they are in the +# expected locations. +mount --mkdir --bind "$SRCDIR" "pkg/$DISTRIBUTION/systemd-stable/" +mount --mkdir --bind "$BUILDDIR" "pkg/$DISTRIBUTION/build/" +# Because we run with --noextract we are responsible for making sure the source files appear in src/. +mount --mkdir --rbind "$PWD/pkg/$DISTRIBUTION" "pkg/$DISTRIBUTION/src/" + +# shellcheck source=/dev/null +. /etc/makepkg.conf + +# Override the default options. Use -Og because -O0 doesn't work with FORTIFY_SOURCE. We specifically disable +# "strip", "zipman" and "lto" as they slow down builds significantly. OPTIONS= cannot be overridden on the +# makepkg command line so we append to /etc/makepkg.conf instead. The rootfs is overlayed with a writable +# tmpfs during the build script so these changes don't end up in the image itself. +tee --append /etc/makepkg.conf >/dev/null <<EOF +CFLAGS="$CFLAGS -Og" +OPTIONS=(!strip docs !libtool !staticlibs emptydirs !zipman purge debug !lto) +EOF + +# Linting the PKGBUILD takes multiple seconds every build so avoid that by nuking all the linting functions. +rm /usr/share/makepkg/lint_pkgbuild/* + +if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then + TS="$(git show --no-patch --format=%ct HEAD)" +else + TS="${SOURCE_DATE_EPOCH:-$(date +%s)}" +fi + +# We get around makepkg's root check by setting EUID to something else. +# shellcheck disable=SC2046 +env --chdir="pkg/$DISTRIBUTION" \ + EUID=123 \ + makepkg \ + --noextract \ + $( ((WITH_TESTS)) || echo --nocheck) \ + --force \ + UPSTREAM=1 \ + QUIET=1 \ + BUILDDIR="$PWD/pkg/$DISTRIBUTION" \ + PKGDEST="$PACKAGEDIR" \ + PKGEXT=".pkg.tar" \ + PKGVER="$(cat meson.version)" \ + PKGREL="$(date "+%Y%m%d%H%M%S" --date "@$TS")" \ + MESON_EXTRA_CONFIGURE_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}" diff --git a/mkosi.images/base/mkosi.conf.d/10-arch/mkosi.conf b/mkosi.images/base/mkosi.conf.d/10-arch/mkosi.conf new file mode 100644 index 0000000000..58a57d0283 --- /dev/null +++ b/mkosi.images/base/mkosi.conf.d/10-arch/mkosi.conf @@ -0,0 +1,48 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=arch + +[Config] +InitrdInclude=initrd/ + +# TODO: Switch to https://gitlab.archlinux.org/archlinux/packaging/packages/systemd once +# https://gitlab.archlinux.org/archlinux/packaging/packages/systemd/-/merge_requests/8 is merged. +[Content] +Environment= + PKG_URL="https://gitlab.archlinux.org/daandemeyer/systemd" + PKG_BRANCH="strip" + SYSTEMD_PACKAGES="systemd systemd-ukify systemd-sysvcompat systemd-resolvconf" + +Packages= + bpf + btrfs-progs + compsize + cryptsetup + dbus + dhcp + f2fs-tools + gnutls + iproute + linux + man-db + openbsd-netcat + openssh + openssl + pacman + polkit + qrencode + quota-tools + sbsigntools + shadow + tpm2-tss + vim + +InitrdPackages= + btrfs-progs + tpm2-tools + +BuildPackages= + fakeroot + pkgconf + debugedit diff --git a/mkosi.images/base/mkosi.conf.d/10-arch/mkosi.prepare b/mkosi.images/base/mkosi.conf.d/10-arch/mkosi.prepare new file mode 100755 index 0000000000..d6e2d4eb3d --- /dev/null +++ b/mkosi.images/base/mkosi.conf.d/10-arch/mkosi.prepare @@ -0,0 +1,24 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +if [ ! -f "pkg/$DISTRIBUTION/PKGBUILD" ]; then + echo "PKGBUILD not found at pkg/$DISTRIBUTION/PKGBUILD, run mkosi once with -ff to make sure the PKGBUILD is cloned" >&2 + exit 1 +fi + +if [ "$1" = "final" ]; then + # We get depends and optdepends from .SRCINFO as getting them from the PKGBUILD is rather complex. + sed --expression 's/^[ \t]*//' "pkg/$DISTRIBUTION/.SRCINFO" | + grep --regexp '^depends =' --regexp '^optdepends =' | + sed --expression 's/^depends = //' --expression 's/^optdepends = //' --expression 's/:.*//' | + xargs --delimiter '\n' mkosi-install +else + # We get makedepends from the PKGBUILD as .SRCINFO can't encode conditional dependencies depending on + # whether some environment variable is set or not. + # shellcheck source=/dev/null + UPSTREAM=1 . "pkg/$DISTRIBUTION/PKGBUILD" + + # shellcheck disable=SC2154 + mkosi-install "${makedepends[@]}" +fi diff --git a/mkosi.images/base/mkosi.conf.d/10-centos-fedora.conf b/mkosi.images/base/mkosi.conf.d/10-centos-fedora.conf deleted file mode 100644 index d7a135a5c0..0000000000 --- a/mkosi.images/base/mkosi.conf.d/10-centos-fedora.conf +++ /dev/null @@ -1,78 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=|centos -Distribution=|fedora - -[Content] -Packages= - audit-libs - cryptsetup-libs - gnutls - libarchive - libasan - libbpf - libfido2 - libgcrypt - libmicrohttpd - libnftnl - libubsan - libxcrypt - libxkbcommon - openssl-libs - qrencode-libs - tpm2-tss - util-linux - -BuildPackages= - pkgconf - bpftool - docbook-xsl - findutils - libgcrypt-devel # CentOS Stream 8 libgcrypt-devel doesn't ship a pkg-config file. - libxslt - pam-devel - pkgconfig(audit) - pkgconfig(blkid) - pkgconfig(bzip2) - pkgconfig(dbus-1) - pkgconfig(fdisk) - pkgconfig(glib-2.0) - pkgconfig(gnutls) - pkgconfig(libacl) - pkgconfig(libarchive) - pkgconfig(libbpf) - pkgconfig(libcap) - pkgconfig(libcryptsetup) - pkgconfig(libcurl) - pkgconfig(libdw) - pkgconfig(libfido2) - pkgconfig(libidn2) - pkgconfig(libkmod) - pkgconfig(liblz4) - pkgconfig(libmicrohttpd) - pkgconfig(libnftnl) - pkgconfig(libpcre2-8) - pkgconfig(libqrencode) - pkgconfig(libseccomp) - pkgconfig(libselinux) - pkgconfig(libzstd) - pkgconfig(mount) - pkgconfig(numa) - pkgconfig(openssl) - pkgconfig(openssl) - pkgconfig(p11-kit-1) - pkgconfig(pwquality) - pkgconfig(tss2-esys) - pkgconfig(tss2-mu) - pkgconfig(tss2-rc) - pkgconfig(tss2-tcti-device) - pkgconfig(valgrind) - pkgconfig(xkbcommon) - python3 - python3dist(jinja2) - python3dist(lxml) - python3dist(pefile) - python3dist(pyelftools) - python3dist(pytest) - rpm diff --git a/mkosi.images/base/mkosi.conf.d/10-centos-fedora/initrd/mkosi.postinst b/mkosi.images/base/mkosi.conf.d/10-centos-fedora/initrd/mkosi.postinst new file mode 100755 index 0000000000..0b7a4cb6b7 --- /dev/null +++ b/mkosi.images/base/mkosi.conf.d/10-centos-fedora/initrd/mkosi.postinst @@ -0,0 +1,5 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +mkosi-install systemd systemd-udev diff --git a/mkosi.images/base/mkosi.conf.d/10-centos-fedora/mkosi.build.chroot b/mkosi.images/base/mkosi.conf.d/10-centos-fedora/mkosi.build.chroot new file mode 100755 index 0000000000..cf3be64538 --- /dev/null +++ b/mkosi.images/base/mkosi.conf.d/10-centos-fedora/mkosi.build.chroot @@ -0,0 +1,47 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -ex + +if [ ! -f "pkg/$DISTRIBUTION/systemd.spec" ]; then + echo "spec not found at pkg/$DISTRIBUTION/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2 + exit 1 +fi + +if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then + TS="$(git show --no-patch --format=%ct HEAD)" +else + TS="${SOURCE_DATE_EPOCH:-$(date +%s)}" +fi + +# TODO: Replace meson_build and meson_install overrides with "--undefine __meson_verbose" once +# https://github.com/mesonbuild/meson/pull/12835 is available. +# shellcheck disable=SC2046 +rpmbuild \ + -bb \ + --build-in-place \ + --with upstream \ + $( ((WITH_TESTS)) || echo --nocheck) \ + --define "_topdir /var/tmp" \ + --define "_sourcedir pkg/$DISTRIBUTION" \ + --define "_rpmdir $PACKAGEDIR" \ + ${BUILDDIR:+--define} \ + ${BUILDDIR:+"_vpath_builddir $BUILDDIR"} \ + --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \ + --define "_binary_payload w.ufdio" \ + --define "debug_package %{nil}" \ + --define "version_override $(cat meson.version)" \ + --define "release_override $(date "+%Y%m%d%H%M%S" --date "@$TS")" \ + --define "_distro_extra_cflags -Og" \ + --define "meson_build %{shrink:%{__meson} compile -C %{_vpath_builddir} -j %{_smp_build_ncpus} %{nil}}" \ + --define "meson_install %{shrink:DESTDIR=%{buildroot} %{__meson} install -C %{_vpath_builddir} --no-rebuild --quiet %{nil}}" \ + --define "meson_extra_configure_options -D mode=developer -D b_sanitize=${SANITIZERS:-none}" \ + --define "__brp_strip %{nil}" \ + --define "__brp_compress %{nil}" \ + --define "__brp_mangle_shebangs %{nil}" \ + --define "__brp_strip_comment_note %{nil}" \ + --define "__brp_strip_static_archive %{nil}" \ + --define "__brp_check_rpaths %{nil}" \ + --define "__elf_exclude_path ^/usr/lib/systemd/tests/unit-tests/.*$" \ + --define "__script_requires %{nil}" \ + --undefine _lto_cflags \ + "pkg/$DISTRIBUTION/systemd.spec" diff --git a/mkosi.images/base/mkosi.conf.d/10-centos-fedora/mkosi.conf b/mkosi.images/base/mkosi.conf.d/10-centos-fedora/mkosi.conf new file mode 100644 index 0000000000..4c80b0a36f --- /dev/null +++ b/mkosi.images/base/mkosi.conf.d/10-centos-fedora/mkosi.conf @@ -0,0 +1,54 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=|centos +Distribution=|fedora + +[Config] +InitrdInclude=initrd/ + +[Content] +Environment= + SYSTEMD_PACKAGES="systemd + systemd-udev + systemd-container + systemd-repart + systemd-resolved + systemd-networkd + systemd-boot + systemd-tests + systemd-ukify + systemd-pam + systemd-oomd-defaults + systemd-journal-remote + systemd-networkd-defaults" +Packages= + bpftool + cryptsetup + dhcp-server + dnf + gnutls + integritysetup + iproute + iproute-tc + kernel-core + libasan + libcap-ng-utils + libubsan + netcat + openssh-clients + openssh-server + p11-kit + pam + passwd + polkit + procps-ng + quota + rpm + rpm-build + rpmautospec + util-linux + vim-common + +InitrdPackages= + tpm2-tools diff --git a/mkosi.images/base/mkosi.conf.d/10-centos-fedora/mkosi.prepare b/mkosi.images/base/mkosi.conf.d/10-centos-fedora/mkosi.prepare new file mode 100755 index 0000000000..c07251a7e1 --- /dev/null +++ b/mkosi.images/base/mkosi.conf.d/10-centos-fedora/mkosi.prepare @@ -0,0 +1,66 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -ex + +if [ ! -f "pkg/$DISTRIBUTION/systemd.spec" ]; then + echo "spec not found at pkg/$DISTRIBUTION/systemd.spec, run mkosi with -ff to make sure the spec is cloned" >&2 + exit 1 +fi + +if [ "$1" = "final" ]; then + DEPS="--requires" +else + DEPS="--buildrequires" +fi + +mkosi-chroot \ + rpmspec \ + --with upstream \ + --query \ + "$DEPS" \ + --define "_topdir /var/tmp" \ + --define "_sourcedir pkg/$DISTRIBUTION" \ + "pkg/$DISTRIBUTION/systemd.spec" | + grep --invert-match --regexp systemd --regexp /bin/sh --regexp "rpmlib(" --regexp udev | + sort --unique | + tee /tmp/buildrequires | + xargs --delimiter '\n' mkosi-install + +if [ "$1" = "final" ]; then + exit 0 +fi + +# rpmbuild -br tries to build a source package which means all source files have to exist which isn't the +# case when using --build-in-place so we get rid of the source file that doesn't exist to make it happy. +# TODO: Use -bd instead of -br and get rid of this once we don't need to build on CentOS Stream 9 anymore. +sed '/Source0/d' --in-place "pkg/$DISTRIBUTION/systemd.spec" + +until mkosi-chroot \ + rpmbuild \ + -br \ + --build-in-place \ + --with upstream \ + --define "_topdir /var/tmp" \ + --define "_sourcedir pkg/$DISTRIBUTION" \ + --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \ + "pkg/$DISTRIBUTION/systemd.spec" +do + EXIT_STATUS=$? + if [ $EXIT_STATUS -ne 11 ]; then + exit $EXIT_STATUS + fi + + mkosi-chroot \ + rpm \ + --query \ + --package \ + --requires \ + /var/tmp/SRPMS/systemd-*.buildreqs.nosrc.rpm | + grep --invert-match '^rpmlib(' | + sort --unique >/tmp/dynamic-buildrequires + + sort /tmp/buildrequires /tmp/dynamic-buildrequires | + uniq --unique | + tee --append /tmp/buildrequires | + xargs --delimiter '\n' mkosi-install +done diff --git a/mkosi.images/base/mkosi.conf.d/10-centos/mkosi.conf b/mkosi.images/base/mkosi.conf.d/10-centos/mkosi.conf new file mode 100644 index 0000000000..dd08467aaf --- /dev/null +++ b/mkosi.images/base/mkosi.conf.d/10-centos/mkosi.conf @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=centos + +[Content] +Environment= + PKG_URL="https://git.centos.org/rpms/systemd" + PKG_BRANCH="c9s-sig-hyperscale" + +Packages= + kernel-modules # For squashfs support + rpmautospec-rpm-macros diff --git a/mkosi.images/base/mkosi.conf.d/10-debian-ubuntu.conf b/mkosi.images/base/mkosi.conf.d/10-debian-ubuntu.conf deleted file mode 100644 index 1d28be30f8..0000000000 --- a/mkosi.images/base/mkosi.conf.d/10-debian-ubuntu.conf +++ /dev/null @@ -1,77 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=|debian -Distribution=|ubuntu - -[Content] -Packages= - ^libtss2-esys-[0-9\.]+-0$ - dmsetup - libapparmor1 - libarchive13 - libfdisk1 - libfido2-1 - libglib2.0-0 - libgnutls30 - libidn2-0 - liblz4-1 - libmicrohttpd12 - libnftnl11 - libp11-kit0 - libpam0g - libpwquality1 - libqrencode4 - libssl3 - libip4tc2 - ^libtss2-mu[0-9\.-]+$ - libtss2-rc0 - libtss2-tcti-device0 - tzdata - -BuildPackages= - docbook-xsl - dpkg-dev - g++ - libacl1-dev - libapparmor-dev - libarchive-dev - libaudit-dev - libblkid-dev - libbpf-dev - libbz2-dev - libcap-dev - libcryptsetup-dev - libcurl4-openssl-dev - libdbus-1-dev - libdw-dev - libfdisk-dev - libfido2-dev - libgcrypt20-dev - libglib2.0-dev - libgnutls28-dev - libidn2-dev - libiptc-dev - libkmod-dev - liblz4-dev - libmicrohttpd-dev - libmount-dev - libnftnl-dev - libp11-kit-dev - libpam0g-dev - libpwquality-dev - libqrencode-dev - libseccomp-dev - libsmartcols-dev - libssl-dev - libtss2-dev - libxen-dev - libxkbcommon-dev - libzstd-dev - python3 - python3-jinja2 - python3-lxml - python3-pefile - python3-pyelftools - python3-pytest - xsltproc diff --git a/mkosi.images/base/mkosi.conf.d/10-debian-ubuntu/initrd/mkosi.postinst b/mkosi.images/base/mkosi.conf.d/10-debian-ubuntu/initrd/mkosi.postinst new file mode 100755 index 0000000000..640cdb1e32 --- /dev/null +++ b/mkosi.images/base/mkosi.conf.d/10-debian-ubuntu/initrd/mkosi.postinst @@ -0,0 +1,5 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +mkosi-install systemd udev diff --git a/mkosi.images/base/mkosi.conf.d/10-debian-ubuntu/mkosi.build.chroot b/mkosi.images/base/mkosi.conf.d/10-debian-ubuntu/mkosi.build.chroot new file mode 100755 index 0000000000..d1ec8c1894 --- /dev/null +++ b/mkosi.images/base/mkosi.conf.d/10-debian-ubuntu/mkosi.build.chroot @@ -0,0 +1,89 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +if [ ! -d "pkg/$DISTRIBUTION/debian" ]; then + echo "deb rules not found at pkg/$DISTRIBUTION/debian, run mkosi once with -ff to make sure the rules are cloned" >&2 + exit 1 +fi + +# We transplant the debian/ folder from the deb package sources into the upstream sources. +mount --mkdir --bind "$SRCDIR/pkg/$DISTRIBUTION/debian" "$SRCDIR"/debian + +# We hide the patches/ directory by mounting an empty directory on top so they don't get applied. +TMP=$(mktemp -d) +mount --bind "$TMP" "$SRCDIR"/debian/patches + +# While the build directory can be specified through DH_OPTIONS, the default one is hardcoded everywhere so +# we have to use that. Because it is architecture dependent, we query it using dpkg-architecture first. +DEB_HOST_GNU_TYPE="$(dpkg-architecture --query DEB_HOST_GNU_TYPE)" +mount --mkdir --bind "$BUILDDIR" "$SRCDIR/obj-$DEB_HOST_GNU_TYPE" + +if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then + TS="$(git show --no-patch --format=%ct HEAD)" +else + TS="${SOURCE_DATE_EPOCH:-$(date +%s)}" +fi + +# Add a new changelog entry to update the version. We use a fixed date since a dynamic one causes a full +# rebuild every time. +cat >debian/changelog.new <<EOF +systemd ($(cat meson.version).$(date "+%Y%m%d%H%M%S" --date "@$TS")) UNRELEASED; urgency=low + + * Automatic build from mkosi + + -- systemd test <systemd-devel@lists.freedesktop.org> $(date --rfc-email --date "@$TS") + +EOF +cat debian/changelog >>debian/changelog.new +mv debian/changelog.new debian/changelog + +build() { + DEB_BUILD_OPTIONS="$( ((WITH_TESTS)) || echo nocheck) $( ((WITH_DOCS)) || echo nodoc) nostrip terse optimize=-lto" \ + DEB_BUILD_PROFILES="$( ((WITH_TESTS)) || echo nocheck) $( ((WITH_DOCS)) || echo nodoc) pkg.systemd.upstream" \ + DEB_CFLAGS_APPEND="-Og" \ + DPKG_FORCE="unsafe-io" \ + DPKG_DEB_COMPRESSOR_TYPE="none" \ + DH_MISSING="--fail-missing" \ + CONFFLAGS_UPSTREAM="-D mode=developer -D b_sanitize=${SANITIZERS:-none}" \ + dpkg-buildpackage \ + --no-pre-clean \ + --unsigned-changes \ + --build=binary +} + +if ! build; then + # debhelper installs files for each package to debian/<package> so we figure out which files were + # packaged by querying all the package names from debian/control and running find on each of the + # corresponding package directory in debian/. + grep "Package:" debian/control | + sed "s/Package: //" | + xargs -d '\n' -I {} sh -c "[ -d debian/{} ] && (cd debian/{} && find . ! -type d ! -path "*dh-exec*" -printf '%P\n')" | + # Remove compression suffix from compressed manpages as the manpages in debian/tmp will be uncompressed. + sed --regexp-extended 's/([0-9])\.gz$/\1/' | + sort --unique >/tmp/packaged-files + + # We figure out the installed files by running find on debian/tmp/ which contains the files installed + # by meson install. + (cd debian/tmp/ && find . ! -type d ! -path "*dh-exec*" -printf '%P\n') >/tmp/installed-files + + if [ -f debian/not-installed ]; then + grep --invert-match "^#" debian/not-installed >>/tmp/installed-files + fi + + sort --unique --output /tmp/installed-files /tmp/installed-files + + # We get all the installed files that were not packaged by finding entries in the installed file that are + # not in the packaged file. + comm -23 /tmp/installed-files /tmp/packaged-files > /tmp/unpackaged-files + # If there are no unpackaged files something else went wrong. + if [ ! -s /tmp/unpackaged-files ]; then + exit 1 + fi + + # Otherwise, we append the unpackaged files to the filelist for the systemd package and retry the build. + cat /tmp/unpackaged-files >>debian/systemd.install + build +fi + +mv ../*.deb "$PACKAGEDIR" diff --git a/mkosi.images/base/mkosi.conf.d/10-debian-ubuntu/mkosi.conf b/mkosi.images/base/mkosi.conf.d/10-debian-ubuntu/mkosi.conf new file mode 100644 index 0000000000..c2a9c399e1 --- /dev/null +++ b/mkosi.images/base/mkosi.conf.d/10-debian-ubuntu/mkosi.conf @@ -0,0 +1,61 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=|debian +Distribution=|ubuntu + +[Config] +InitrdInclude=initrd/ + +[Content] +Environment= + PKG_URL="https://salsa.debian.org/systemd-team/systemd" + PKG_BRANCH="debian/master" + SYSTEMD_PACKAGES="systemd + systemd-userdbd + systemd-oomd + systemd-sysv + systemd-tests + systemd-timesyncd + systemd-resolved + systemd-homed + systemd-coredump + systemd-journal-remote + systemd-container + systemd-boot + systemd-ukify + udev" + +Packages= + ^libtss2-esys-[0-9.]+-0$ + ^libtss2-mu-[0-9.]+-0$ + apt + btrfs-progs + cryptsetup-bin + dbus-broker + default-dbus-session-bus + dmsetup + f2fs-tools + fdisk + iproute2 + isc-dhcp-server + libcap-ng-utils + libtss2-rc0 + libtss2-tcti-device0 + netcat-openbsd + openssh-client + openssh-server + passwd + policykit-1 + procps + quota + sbsigntool + tzdata + xxd + +InitrdPackages= + btrfs-progs + tpm2-tools + +BuildPackages= + dpkg-dev diff --git a/mkosi.images/base/mkosi.conf.d/10-debian-ubuntu/mkosi.prepare b/mkosi.images/base/mkosi.conf.d/10-debian-ubuntu/mkosi.prepare new file mode 100755 index 0000000000..32c60feb7e --- /dev/null +++ b/mkosi.images/base/mkosi.conf.d/10-debian-ubuntu/mkosi.prepare @@ -0,0 +1,15 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +if [ "$1" = "final" ]; then + exit 0 +fi + +if [ ! -d "pkg/$DISTRIBUTION/debian" ]; then + echo "deb rules not found at pkg/$DISTRIBUTION/debian, run mkosi once with -ff to make sure the rules are cloned" >&2 + exit 1 +fi + +cd "pkg/$DISTRIBUTION" +DEB_BUILD_PROFILES="pkg.systemd.upstream" apt-get build-dep . diff --git a/mkosi.images/base/mkosi.conf.d/10-debian.conf b/mkosi.images/base/mkosi.conf.d/10-debian/mkosi.conf index 020b02b61c..c6b6155dda 100644 --- a/mkosi.images/base/mkosi.conf.d/10-debian.conf +++ b/mkosi.images/base/mkosi.conf.d/10-debian/mkosi.conf @@ -2,10 +2,3 @@ [Match] Distribution=debian - -[Content] -Packages= - libbpf1 - -BuildPackages= - bpftool diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-amd64.conf b/mkosi.images/base/mkosi.conf.d/10-debian/mkosi.conf.d/amd64.conf index d3c89f3a8c..615de52499 100644 --- a/mkosi.images/system/mkosi.conf.d/10-debian-amd64.conf +++ b/mkosi.images/base/mkosi.conf.d/10-debian/mkosi.conf.d/amd64.conf @@ -1,10 +1,8 @@ # SPDX-License-Identifier: LGPL-2.1-or-later [Match] -Distribution=debian Architecture=x86-64 [Content] Packages= - bpftool linux-image-cloud-amd64 diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-arm64.conf b/mkosi.images/base/mkosi.conf.d/10-debian/mkosi.conf.d/arm64.conf index 76a6898111..af923fa442 100644 --- a/mkosi.images/system/mkosi.conf.d/10-debian-arm64.conf +++ b/mkosi.images/base/mkosi.conf.d/10-debian/mkosi.conf.d/arm64.conf @@ -1,10 +1,8 @@ # SPDX-License-Identifier: LGPL-2.1-or-later [Match] -Distribution=debian Architecture=arm64 [Content] Packages= - bpftool linux-image-cloud-arm64 diff --git a/mkosi.images/base/mkosi.conf.d/10-fedora.conf b/mkosi.images/base/mkosi.conf.d/10-fedora.conf deleted file mode 100644 index a8fbce47fb..0000000000 --- a/mkosi.images/base/mkosi.conf.d/10-fedora.conf +++ /dev/null @@ -1,9 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=fedora - -[Content] -BuildPackages= - python3dist(pytest-flakes) - pkgconfig(xencontrol) diff --git a/mkosi.images/system/mkosi.conf.d/10-fedora.conf b/mkosi.images/base/mkosi.conf.d/10-fedora/mkosi.conf index 7554ad2dc3..cea31ed697 100644 --- a/mkosi.images/system/mkosi.conf.d/10-fedora.conf +++ b/mkosi.images/base/mkosi.conf.d/10-fedora/mkosi.conf @@ -4,9 +4,16 @@ Distribution=fedora [Content] +Environment= + PKG_URL="https://src.fedoraproject.org/rpms/systemd" + PKG_BRANCH="rawhide" + Packages= btrfs-progs compsize f2fs-tools glibc-langpack-en sbsigntools + +InitrdPackages= + btrfs-progs diff --git a/mkosi.images/base/mkosi.conf.d/10-opensuse.conf b/mkosi.images/base/mkosi.conf.d/10-opensuse.conf deleted file mode 100644 index 941a50a6d1..0000000000 --- a/mkosi.images/base/mkosi.conf.d/10-opensuse.conf +++ /dev/null @@ -1,95 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=opensuse - -[Content] -# We install gawk, gzip, grep, xz, sed, rsync and docbook-xsl-stylesheets here explicitly so that the busybox -# versions don't get installed instead. -Packages= - device-mapper - distribution-release - docbook-xsl-stylesheets - gawk - grep - gzip - libbpf1 - libarchive13 - libcrypt1 - libcryptsetup12 - libdw1 - libelf1 - libfido2 - libgcrypt20 - libglib-2_0-0 - libkmod2 - libmount1 - libnftnl11 - libopenssl3 - libp11-kit0 - libqrencode4 - libseccomp2 - libtss2-esys0 - libtss2-mu0 - libtss2-rc0 - libtss2-tcti-device0 - libxkbcommon0 - libzstd1 - pam - rsync - sed - shadow - tpm2-0-tss - xz - -BuildPackages= - audit-devel - bpftool - cross-bpf-gcc13 - dbus-1-devel - fdupes - gcc-c++ - glib2-devel - glibc-locale - intltool - libacl-devel - libapparmor-devel - libarchive-devel - libblkid-devel - libbpf-devel - libbz2-devel - libcap-devel - libcryptsetup-devel - libcurl-devel - libdw-devel - libelf-devel - libfdisk-devel - libfido2-devel - libgcrypt-devel - libgnutls-devel - libkmod-devel - liblz4-devel - libmicrohttpd-devel - libmount-devel - libnftnl-devel - libpwquality-devel - libseccomp-devel - libselinux-devel - libxkbcommon-devel - libxslt-tools - libzstd-devel - openssl-devel - pam-devel - pciutils-devel - python3 - python3-Jinja2 - python3-lxml - python3-pefile - python3-pyelftools - python3-pytest - python3-pytest-flakes - qrencode-devel - shadow - timezone - tpm2-0-tss-devel - xen-devel diff --git a/mkosi.images/initrd/mkosi.postinst b/mkosi.images/base/mkosi.conf.d/10-opensuse/initrd/mkosi.postinst index de610dfeb6..6a60ce83e5 100755 --- a/mkosi.images/initrd/mkosi.postinst +++ b/mkosi.images/base/mkosi.conf.d/10-opensuse/initrd/mkosi.postinst @@ -5,3 +5,5 @@ set -e # OpenSUSE insists on blacklisting erofs by default because its supposedly a legacy filesystem. # See https://github.com/openSUSE/suse-module-tools/pull/71 rm -f "$BUILDROOT/usr/lib/modprobe.d/60-blacklist_fs-erofs.conf" + +mkosi-install systemd udev diff --git a/mkosi.images/base/mkosi.conf.d/10-opensuse/mkosi.build.chroot b/mkosi.images/base/mkosi.conf.d/10-opensuse/mkosi.build.chroot new file mode 100755 index 0000000000..e1abe0b135 --- /dev/null +++ b/mkosi.images/base/mkosi.conf.d/10-opensuse/mkosi.build.chroot @@ -0,0 +1,63 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -ex + +if [ ! -f "pkg/$DISTRIBUTION/systemd.spec" ]; then + echo "spec not found at pkg/$DISTRIBUTION/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2 + exit 1 +fi + +if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then + TS="$(git show --no-patch --format=%ct HEAD)" +else + TS="${SOURCE_DATE_EPOCH:-$(date +%s)}" +fi + +# The openSUSE filelists hardcode the manpage compression extension. This causes rpmbuild errors since we +# disable manpage compression as the files cannot be found. Fix the issue by removing the compression +# extension. +find "pkg/$DISTRIBUTION" -name "files.*" -exec sed --in-place 's/\.gz$//' {} \; + +build() { + # TODO: Replace meson_build and meson_install overrides with "--undefine __meson_verbose" once + # https://github.com/mesonbuild/meson/pull/12835 is available. + # shellcheck disable=SC2046 + rpmbuild \ + -bb \ + --build-in-place \ + --with upstream \ + $( ((WITH_TESTS)) || echo --nocheck) \ + --define "_topdir /var/tmp" \ + --define "_sourcedir pkg/$DISTRIBUTION" \ + --define "_rpmdir $PACKAGEDIR" \ + ${BUILDDIR:+--define} \ + ${BUILDDIR:+"_vpath_builddir $BUILDDIR"} \ + --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \ + --define "_binary_payload w.ufdio" \ + --define "debug_package %{nil}" \ + --define "vendor openSUSE" \ + --define "version_override $(cat meson.version)" \ + --define "release_override $(date "+%Y%m%d%H%M%S" --date "@$TS")" \ + --define "__check_files sh -c '$(rpm --eval %__check_files) | tee /tmp/unpackaged-files'" \ + --define "meson_build %{shrink:%{__meson} compile -C %{_vpath_builddir} -j %{_smp_build_ncpus} %{nil}}" \ + --define "meson_install %{shrink:DESTDIR=%{buildroot} %{__meson} install -C %{_vpath_builddir} --no-rebuild --quiet %{nil}}" \ + --define "meson_extra_configure_options -D mode=developer -D b_sanitize=${SANITIZERS:-none}" \ + --define "__os_install_post /usr/lib/rpm/brp-suse %{nil}" \ + --define "__elf_exclude_path ^/usr/lib/systemd/tests/unit-tests/.*$" \ + --define "__script_requires %{nil}" \ + "$@" \ + "pkg/$DISTRIBUTION/systemd.spec" +} + +if ! build; then + if [ ! -s /tmp/unpackaged-files ]; then + exit 1 + fi + + # rpm will append to any existing systemd.lang so delete it explicitly so we don't get duplicate file + # warnings. + rm systemd.lang + + cat /tmp/unpackaged-files >>"pkg/$DISTRIBUTION/files.systemd" + build --noprep --nocheck +fi diff --git a/mkosi.images/base/mkosi.conf.d/10-opensuse/mkosi.conf b/mkosi.images/base/mkosi.conf.d/10-opensuse/mkosi.conf new file mode 100644 index 0000000000..4ef13b6ca5 --- /dev/null +++ b/mkosi.images/base/mkosi.conf.d/10-opensuse/mkosi.conf @@ -0,0 +1,55 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=opensuse + +[Config] +InitrdInclude=initrd/ + +[Content] +Environment= + PKG_URL="https://code.opensuse.org/package/systemd" + PKG_BRANCH="master" + SYSTEMD_PACKAGES="systemd + udev + systemd-experimental + systemd-boot + systemd-container + systemd-homed + systemd-network + systemd-portable + systemd-sysvcompat + systemd-testsuite" + +# We install gawk, gzip, grep, xz, sed, rsync and docbook-xsl-stylesheets here explicitly so that the busybox +# versions don't get installed instead. +Packages= + bpftool + btrfs-progs + cryptsetup + dbus-broker + device-mapper + distribution-release + docbook-xsl-stylesheets + f2fs-tools + gawk + glibc-locale-base + grep + gzip + kernel-kvmsmall + openssh-clients + openssh-server + pam + quota + rpm-build + rsync + sbsigntools + sed + shadow + timezone + vim + xz + +InitrdPackages= + btrfs-progs + tpm2.0-tools diff --git a/mkosi.images/base/mkosi.conf.d/10-opensuse/mkosi.prepare b/mkosi.images/base/mkosi.conf.d/10-opensuse/mkosi.prepare new file mode 100755 index 0000000000..dd01a3f20e --- /dev/null +++ b/mkosi.images/base/mkosi.conf.d/10-opensuse/mkosi.prepare @@ -0,0 +1,61 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +if [ ! -f "pkg/$DISTRIBUTION/systemd.spec" ]; then + echo "spec not found at pkg/$DISTRIBUTION/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2 + exit 1 +fi + +if [ "$1" = "final" ]; then + DEPS="--requires" +else + DEPS="--buildrequires" +fi + +mkosi-chroot \ + rpmspec \ + --with upstream \ + --query \ + "$DEPS" \ + --define "_topdir /var/tmp" \ + --define "_sourcedir pkg/$DISTRIBUTION" \ + "pkg/$DISTRIBUTION/systemd.spec" | + grep --invert-match --regexp systemd --regexp /bin/sh --regexp "rpmlib(" --regexp udev | + sort --unique | + tee /tmp/buildrequires | + xargs --delimiter '\n' mkosi-install + +if [ "$1" = "final" ]; then + exit 0 +fi + +until mkosi-chroot \ + rpmbuild \ + -bd \ + --build-in-place \ + --with upstream \ + --define "_topdir /var/tmp" \ + --define "_sourcedir pkg/$DISTRIBUTION" \ + --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \ + "pkg/$DISTRIBUTION/systemd.spec" +do + EXIT_STATUS=$? + if [ $EXIT_STATUS -ne 11 ]; then + exit $EXIT_STATUS + fi + + mkosi-chroot \ + rpm \ + --query \ + --package \ + --requires \ + /var/tmp/SRPMS/systemd-*.buildreqs.nosrc.rpm | + grep --invert-match '^rpmlib(' | + sort --unique >/tmp/dynamic-buildrequires + + sort /tmp/buildrequires /tmp/dynamic-buildrequires | + uniq --unique | + tee --append /tmp/buildrequires | + xargs --delimiter '\n' mkosi-install +done diff --git a/mkosi.images/base/mkosi.conf.d/10-ubuntu.conf b/mkosi.images/base/mkosi.conf.d/10-ubuntu/mkosi.conf index 717809fd03..85126a1a37 100644 --- a/mkosi.images/base/mkosi.conf.d/10-ubuntu.conf +++ b/mkosi.images/base/mkosi.conf.d/10-ubuntu/mkosi.conf @@ -5,8 +5,7 @@ Distribution=ubuntu [Content] Packages= - libbpf0 - -BuildPackages= + # We would like to use linux-virtual but it does not have support for SMBIOS credentials. + linux-image-generic linux-tools-common linux-tools-generic diff --git a/mkosi.images/system/mkosi.extra/etc/issue b/mkosi.images/base/mkosi.extra/etc/issue index 6aa6fc0ec0..6aa6fc0ec0 100644 --- a/mkosi.images/system/mkosi.extra/etc/issue +++ b/mkosi.images/base/mkosi.extra/etc/issue diff --git a/mkosi.images/system/mkosi.extra/usr/lib/systemd/journald.conf.d/50-persistent.conf b/mkosi.images/base/mkosi.extra/usr/lib/systemd/journald.conf.d/50-persistent.conf index 2f953290d3..2f953290d3 100644 --- a/mkosi.images/system/mkosi.extra/usr/lib/systemd/journald.conf.d/50-persistent.conf +++ b/mkosi.images/base/mkosi.extra/usr/lib/systemd/journald.conf.d/50-persistent.conf diff --git a/mkosi.images/system/mkosi.extra/usr/lib/systemd/mkosi-check-and-shutdown.sh b/mkosi.images/base/mkosi.extra/usr/lib/systemd/mkosi-check-and-shutdown.sh index e0fcf30498..e0fcf30498 100755 --- a/mkosi.images/system/mkosi.extra/usr/lib/systemd/mkosi-check-and-shutdown.sh +++ b/mkosi.images/base/mkosi.extra/usr/lib/systemd/mkosi-check-and-shutdown.sh diff --git a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system/mkosi-check-and-shutdown.service b/mkosi.images/base/mkosi.extra/usr/lib/systemd/system/mkosi-check-and-shutdown.service index 7942cbfa77..7942cbfa77 100644 --- a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system/mkosi-check-and-shutdown.service +++ b/mkosi.images/base/mkosi.extra/usr/lib/systemd/system/mkosi-check-and-shutdown.service diff --git a/mkosi.images/system/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf b/mkosi.images/base/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf index dac79ba4ed..dac79ba4ed 100644 --- a/mkosi.images/system/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf +++ b/mkosi.images/base/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf diff --git a/mkosi.images/system/mkosi.extra/usr/share/factory/mkosi/gdbinit.d/systemd.gdb b/mkosi.images/base/mkosi.extra/usr/share/factory/mkosi/gdbinit.d/systemd.gdb index 26f882bc2b..26f882bc2b 100644 --- a/mkosi.images/system/mkosi.extra/usr/share/factory/mkosi/gdbinit.d/systemd.gdb +++ b/mkosi.images/base/mkosi.extra/usr/share/factory/mkosi/gdbinit.d/systemd.gdb diff --git a/mkosi.images/system/mkosi.finalize b/mkosi.images/base/mkosi.finalize index 74b810c152..74b810c152 100755 --- a/mkosi.images/system/mkosi.finalize +++ b/mkosi.images/base/mkosi.finalize diff --git a/mkosi.images/base/mkosi.postinst b/mkosi.images/base/mkosi.postinst new file mode 100755 index 0000000000..caaf253ef6 --- /dev/null +++ b/mkosi.images/base/mkosi.postinst @@ -0,0 +1,6 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +# shellcheck disable=SC2086 +mkosi-install $SYSTEMD_PACKAGES diff --git a/mkosi.images/system/mkosi.postinst.chroot b/mkosi.images/base/mkosi.postinst.chroot index 330fa3b73e..26459b165d 100755 --- a/mkosi.images/system/mkosi.postinst.chroot +++ b/mkosi.images/base/mkosi.postinst.chroot @@ -2,10 +2,6 @@ # SPDX-License-Identifier: LGPL-2.1-or-later set -e -if [ "$1" = "build" ]; then - exit 0 -fi - if [ -n "$SANITIZERS" ]; then LD_PRELOAD=$(ldd /usr/lib/systemd/systemd | grep libasan.so | awk '{print $3}') @@ -48,22 +44,6 @@ EOF systemctl mask systemd-hwdb-update.service fi -if [ -n "$IMAGE_ID" ] ; then - sed -n \ - -i \ - -e '/^IMAGE_ID=/!p' \ - -e "\$aIMAGE_ID=$IMAGE_ID" \ - /usr/lib/os-release -fi - -if [ -n "$IMAGE_VERSION" ] ; then - sed -n \ - -i \ - -e '/^IMAGE_VERSION=/!p' \ - -e "\$aIMAGE_VERSION=$IMAGE_VERSION" \ - /usr/lib/os-release -fi - if command -v authselect >/dev/null; then # authselect 1.5.0 renamed the minimal profile to the local profile without keeping backwards compat so # let's use the new name if it exists. @@ -87,11 +67,6 @@ rm -f /etc/resolv.conf . /usr/lib/os-release -if [ "$ID" = "centos" ] && [ "$VERSION" = "8" ]; then - alternatives --install /usr/bin/python3 python3 /usr/bin/python3.9 1 - alternatives --set python3 /usr/bin/python3.9 -fi - mkdir -p /usr/lib/sysusers.d cat >/usr/lib/sysusers.d/testuser.conf <<EOF u testuser 4711 "Test User" /home/testuser diff --git a/mkosi.images/base/mkosi.sync b/mkosi.images/base/mkosi.sync new file mode 100755 index 0000000000..b93339afe1 --- /dev/null +++ b/mkosi.images/base/mkosi.sync @@ -0,0 +1,13 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +if ((CACHED)); then + exit 0 +fi + +if [ -z "$(ls --almost-all "pkg/$DISTRIBTION")" ]; then + git clone "$PKG_URL" --branch "$PKG_BRANCH" "pkg/$DISTRIBUTION" +elif [ -d "pkg/$DISTRIBUTION/.git" ] && [ "$(git -C "pkg/$DISTRIBUTION" rev-parse --abbrev-ref HEAD)" = "$PKG_BRANCH" ]; then + git -C "pkg/$DISTRIBUTION" pull +fi diff --git a/mkosi.images/initrd/mkosi.conf b/mkosi.images/initrd/mkosi.conf deleted file mode 100644 index 36684c7f16..0000000000 --- a/mkosi.images/initrd/mkosi.conf +++ /dev/null @@ -1,30 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Config] -Dependencies=base - -[Output] -Format=cpio - -[Content] -BaseTrees=%O/base -ExtraTrees=%O/base-systemd -MakeInitrd=yes -Bootable=no -BuildPackages= - -Packages= -Packages= - gzip - systemd - udev - -# Arch Linux doesn't split their gcc-libs package so we manually remove unneeded stuff here to make sure it -# doesn't end up in the initrd. -RemoveFiles= - /usr/lib/libgfortran.so* - /usr/lib/libgo.so* - /usr/lib/libgomp.so* - /usr/lib/libgphobos.so* - /usr/lib/libobjc.so* - /usr/lib/libstdc++.so* diff --git a/mkosi.images/initrd/mkosi.conf.d/10-centos.conf b/mkosi.images/initrd/mkosi.conf.d/10-centos.conf deleted file mode 100644 index 3f92e52300..0000000000 --- a/mkosi.images/initrd/mkosi.conf.d/10-centos.conf +++ /dev/null @@ -1,12 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=centos - -[Output] -# TODO: Switch to zstd once we stop building CentOS Stream 8. -CompressOutput=xz - -[Content] -Packages=xfsprogs - tpm2-tools diff --git a/mkosi.images/initrd/mkosi.conf.d/10-default.conf b/mkosi.images/initrd/mkosi.conf.d/10-default.conf deleted file mode 100644 index 9224b92dd0..0000000000 --- a/mkosi.images/initrd/mkosi.conf.d/10-default.conf +++ /dev/null @@ -1,12 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=!centos -Distribution=!opensuse - -[Output] -CompressOutput=zst - -[Content] -Packages=btrfs-progs - tpm2-tools diff --git a/mkosi.images/initrd/mkosi.conf.d/10-opensuse.conf b/mkosi.images/initrd/mkosi.conf.d/10-opensuse.conf deleted file mode 100644 index 5cf2df397e..0000000000 --- a/mkosi.images/initrd/mkosi.conf.d/10-opensuse.conf +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=opensuse - -[Output] -CompressOutput=zst - -[Content] -Packages=btrfs-progs - tpm2.0-tools diff --git a/mkosi.images/system/mkosi.conf b/mkosi.images/system/mkosi.conf index 5bcf6967c7..9937ad3a98 100644 --- a/mkosi.images/system/mkosi.conf +++ b/mkosi.images/system/mkosi.conf @@ -3,49 +3,15 @@ [Config] Dependencies=base +[Distribution] +CacheOnly=metadata + [Output] @Format=directory [Content] -Autologin=yes BaseTrees=%O/base -ExtraTrees=%O/base-systemd -Packages= - acl - bash-completion - coreutils - diffutils - dnsmasq - dosfstools - e2fsprogs - findutils - gcc # Sanitizer libraries - gdb - grep - gzip - kbd - kexec-tools - less - mtools - nano - nftables - openssl - qrencode - sed - socat - strace - systemd - tmux - tar - tree - udev - util-linux - valgrind - wireguard-tools - xfsprogs - zsh - -BuildPackages= +Initrds=%O/base.initrd [Validation] @SecureBoot=yes diff --git a/mkosi.images/system/mkosi.conf.d/05-initrd.conf b/mkosi.images/system/mkosi.conf.d/05-initrd.conf deleted file mode 100644 index 23685871c6..0000000000 --- a/mkosi.images/system/mkosi.conf.d/05-initrd.conf +++ /dev/null @@ -1,12 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Bootable=!no -Format=|disk -Format=|directory - -[Config] -Dependencies=initrd - -[Content] -Initrds=%O/initrd diff --git a/mkosi.images/system/mkosi.conf.d/10-arch.conf b/mkosi.images/system/mkosi.conf.d/10-arch.conf deleted file mode 100644 index a3d008d10f..0000000000 --- a/mkosi.images/system/mkosi.conf.d/10-arch.conf +++ /dev/null @@ -1,28 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=arch - -[Content] -Packages= - bpf - btrfs-progs - compsize - dhcp - f2fs-tools - glib2 - iproute - linux - man-db - openbsd-netcat - openssh - pacman - polkit - python-pefile - python-psutil - python-pytest - python3 - quota-tools - sbsigntools - shadow - vim diff --git a/mkosi.images/system/mkosi.conf.d/10-centos-fedora.conf b/mkosi.images/system/mkosi.conf.d/10-centos-fedora.conf deleted file mode 100644 index 871186d5ca..0000000000 --- a/mkosi.images/system/mkosi.conf.d/10-centos-fedora.conf +++ /dev/null @@ -1,33 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=|centos -Distribution=|fedora - -[Content] -Packages= - bpftool - cryptsetup - dhcp-server - dnf - glib2 - integritysetup - iproute - iproute-tc - kernel-core - libcap-ng-utils - netcat - openssh-server - openssh-clients - p11-kit - pam - passwd - polkit - procps-ng - python3 - python3dist(pefile) - python3dist(pluggy) # python3-pluggy is a pytest dependency that's not installed for some reason. - python3dist(psutil) - python3dist(pytest) - quota - vim-common diff --git a/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.conf index 146e03a895..af4862d4b1 100644 --- a/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.conf +++ b/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.conf @@ -2,7 +2,3 @@ [Match] Distribution=centos - -[Content] -Packages= - kernel-modules # For squashfs support diff --git a/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.repart/10-usr.conf.d/squashfs.conf b/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.repart/10-usr.conf.d/squashfs.conf deleted file mode 100644 index 393d5f038c..0000000000 --- a/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.repart/10-usr.conf.d/squashfs.conf +++ /dev/null @@ -1,5 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -# CentOS does not support erofs so we use squashfs instead. -[Partition] -Format=squashfs diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu.conf b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu.conf deleted file mode 100644 index d6e3f20222..0000000000 --- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu.conf +++ /dev/null @@ -1,31 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=|debian -Distribution=|ubuntu - -[Content] -Packages= - apt - btrfs-progs - cryptsetup-bin - dbus-broker - default-dbus-session-bus - f2fs-tools - fdisk - iproute2 - isc-dhcp-server - libcap-ng-utils - netcat-openbsd - openssh-server - openssh-client - sbsigntool - passwd - policykit-1 - procps - python3 - python3-pefile - python3-psutil - python3-pytest - quota - xxd diff --git a/mkosi.images/system/mkosi.conf.d/10-opensuse.conf b/mkosi.images/system/mkosi.conf.d/10-opensuse.conf deleted file mode 100644 index ffcb664224..0000000000 --- a/mkosi.images/system/mkosi.conf.d/10-opensuse.conf +++ /dev/null @@ -1,25 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=opensuse - -[Content] -Packages= - bpftool - btrfs-progs - cryptsetup - dbus-broker - f2fs-tools - glibc-locale-base - kernel-kvmsmall - libcap-ng-utils - openssh-server - openssh-clients - python3 - python3-pefile - python3-psutil - python3-pytest - quota - sbsigntools - shadow - vim diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu.conf b/mkosi.images/system/mkosi.conf.d/10-ubuntu.conf deleted file mode 100644 index b099e79132..0000000000 --- a/mkosi.images/system/mkosi.conf.d/10-ubuntu.conf +++ /dev/null @@ -1,14 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=ubuntu - -[Content] -Packages= - # We would like to use linux-image-kvm but it does not have support for SMBIOS credentials. - linux-image-generic - linux-tools-common - linux-tools-generic -# "orphan_file" is enabled by default in recent versions of mkfs.ext4 but not supported by the Jammy kernel -# so we explicitly disable it. -Environment=SYSTEMD_REPART_MKFS_OPTIONS_EXT4="-O ^orphan_file" diff --git a/mkosi.images/system/mkosi.repart/00-esp.conf b/mkosi.images/system/mkosi.repart/00-esp.conf index 4be04661d9..391543d1e7 100644 --- a/mkosi.images/system/mkosi.repart/00-esp.conf +++ b/mkosi.images/system/mkosi.repart/00-esp.conf @@ -5,5 +5,5 @@ Type=esp Format=vfat CopyFiles=/boot:/ CopyFiles=/efi:/ -SizeMinBytes=512M -SizeMaxBytes=512M +SizeMinBytes=1G +SizeMaxBytes=1G |