summaryrefslogtreecommitdiffstats
path: root/mkosi.images
diff options
context:
space:
mode:
Diffstat (limited to 'mkosi.images')
-rw-r--r--mkosi.images/system/mkosi.conf5
-rw-r--r--mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf3
-rw-r--r--mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-selinux.conf12
-rw-r--r--mkosi.images/system/mkosi.conf.d/10-centos/mkosi.conf3
-rw-r--r--mkosi.images/system/mkosi.conf.d/10-centos/mkosi.extra/usr/lib/repart.d/20-root.conf.d/xfs.conf5
-rw-r--r--mkosi.images/system/mkosi.conf.d/10-centos/mkosi.extra/usr/lib/sysusers.d/20-setup-groups.conf24
-rw-r--r--mkosi.images/system/mkosi.conf.d/10-centos/mkosi.extra/usr/lib/sysusers.d/20-setup-users.conf13
-rw-r--r--mkosi.images/system/mkosi.conf.d/10-centos/mkosi.repart/10-root.conf.d/xfs.conf6
-rw-r--r--mkosi.images/system/mkosi.conf.d/20-particle/mkosi.conf15
-rw-r--r--mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/15-swap.conf (renamed from mkosi.images/system/mkosi.extra/usr/lib/repart.d/15-swap.conf)0
-rw-r--r--mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/20-root.conf (renamed from mkosi.images/system/mkosi.extra/usr/lib/repart.d/20-root.conf)2
-rw-r--r--mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf (renamed from mkosi.images/system/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf)0
-rwxr-xr-xmkosi.images/system/mkosi.conf.d/20-particle/mkosi.finalize15
-rw-r--r--mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/00-esp.conf9
-rw-r--r--mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/10-usr.conf (renamed from mkosi.images/system/mkosi.repart/10-usr.conf)0
-rw-r--r--mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/11-usr-verity.conf (renamed from mkosi.images/system/mkosi.repart/11-usr-verity.conf)0
-rw-r--r--mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/12-usr-verity-sig.conf (renamed from mkosi.images/system/mkosi.repart/12-usr-verity-sig.conf)0
-rwxr-xr-xmkosi.images/system/mkosi.finalize5
-rwxr-xr-xmkosi.images/system/mkosi.postinst.chroot9
-rw-r--r--mkosi.images/system/mkosi.repart/10-root.conf8
20 files changed, 69 insertions, 65 deletions
diff --git a/mkosi.images/system/mkosi.conf b/mkosi.images/system/mkosi.conf
index b124c5c94a..2f5c8af25b 100644
--- a/mkosi.images/system/mkosi.conf
+++ b/mkosi.images/system/mkosi.conf
@@ -7,6 +7,7 @@ Dependencies=
[Output]
@Format=directory
+RepartDirectories=mkosi.repart
[Content]
Autologin=yes
@@ -61,7 +62,3 @@ Packages=
xfsprogs
zsh
zstd
-
-[Validation]
-@SecureBoot=yes
-@SignExpectedPcr=yes
diff --git a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf
index 79622c83f7..524ffa0de5 100644
--- a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf
+++ b/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf
@@ -49,9 +49,6 @@ Packages=
rpm
rpm-build
rpmautospec
- selinux-policy
- selinux-policy-targeted
- setools-console
squashfs-tools
util-linux
vim-common
diff --git a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-selinux.conf b/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-selinux.conf
new file mode 100644
index 0000000000..3dc1143fc8
--- /dev/null
+++ b/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-selinux.conf
@@ -0,0 +1,12 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+Profile=!particle
+
+[Content]
+# libselinux does not work in the slightest with /usr-only images so don't install the packages if we're
+# building a /usr-only image.
+Packages=
+ selinux-policy
+ selinux-policy-targeted
+ setools-console
diff --git a/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.conf
index 053f11be55..54f8f1c1bd 100644
--- a/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.conf
+++ b/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.conf
@@ -3,6 +3,9 @@
[Match]
Distribution=centos
+[Output]
+RepartDirectories=mkosi.repart
+
[Content]
Packages=
rpmautospec-rpm-macros
diff --git a/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.extra/usr/lib/repart.d/20-root.conf.d/xfs.conf b/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.extra/usr/lib/repart.d/20-root.conf.d/xfs.conf
deleted file mode 100644
index 99b846d3a8..0000000000
--- a/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.extra/usr/lib/repart.d/20-root.conf.d/xfs.conf
+++ /dev/null
@@ -1,5 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-# CentOS does not support btrfs so we use xfs instead.
-[Partition]
-Format=xfs
diff --git a/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.extra/usr/lib/sysusers.d/20-setup-groups.conf b/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.extra/usr/lib/sysusers.d/20-setup-groups.conf
deleted file mode 100644
index d69ff91cc3..0000000000
--- a/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.extra/usr/lib/sysusers.d/20-setup-groups.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-g root 0
-g bin 1
-g daemon 2
-g sys 3
-g adm 4
-g tty 5
-g disk 6
-g lp 7
-g mem 8
-g kmem 9
-g wheel 10
-g cdrom 11
-g mail 12
-g man 15
-g dialout 18
-g floppy 19
-g games 20
-g tape 33
-g video 39
-g ftp 50
-g lock 54
-g audio 63
-g users 100
-g nobody 65534
diff --git a/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.extra/usr/lib/sysusers.d/20-setup-users.conf b/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.extra/usr/lib/sysusers.d/20-setup-users.conf
deleted file mode 100644
index bea0ab3447..0000000000
--- a/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.extra/usr/lib/sysusers.d/20-setup-users.conf
+++ /dev/null
@@ -1,13 +0,0 @@
-u root 0:0 "Super User" /root /bin/bash
-u bin 1:1 "bin" /bin -
-u daemon 2:2 "daemon" /sbin -
-u adm 3:4 "adm" /var/adm -
-u lp 4:7 "lp" /var/spool/lpd -
-u sync 5:0 "sync" /sbin /bin/sync
-u shutdown 6:0 "shutdown" /sbin /sbin/shutdown
-u halt 7:0 "halt" /sbin /sbin/halt
-u mail 8:12 "mail" /var/spool/mail -
-u operator 11:0 "operator" /root -
-u games 12:100 "games" /usr/games -
-u ftp 14:50 "FTP User" /var/ftp -
-u nobody 65534:65534 "Kernel Overflow User" - -
diff --git a/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.repart/10-root.conf.d/xfs.conf b/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.repart/10-root.conf.d/xfs.conf
new file mode 100644
index 0000000000..a50de68110
--- /dev/null
+++ b/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.repart/10-root.conf.d/xfs.conf
@@ -0,0 +1,6 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Partition]
+# btrfs isn't supported on CentOS. Ideally we'd use xfs instead but we lose xattrs when doing rootless
+# population of xfs which is required for testing SELinux so let's do ext4 instead.
+Format=ext4
diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.conf
new file mode 100644
index 0000000000..8c1920b0ce
--- /dev/null
+++ b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.conf
@@ -0,0 +1,15 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+Profile=particle
+
+[Output]
+RepartDirectories=
+RepartDirectories=mkosi.repart
+
+[Validation]
+@SecureBoot=yes
+@SignExpectedPcr=yes
+
+[Host]
+@RuntimeSize=8G
diff --git a/mkosi.images/system/mkosi.extra/usr/lib/repart.d/15-swap.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/15-swap.conf
index 3755278462..3755278462 100644
--- a/mkosi.images/system/mkosi.extra/usr/lib/repart.d/15-swap.conf
+++ b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/15-swap.conf
diff --git a/mkosi.images/system/mkosi.extra/usr/lib/repart.d/20-root.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/20-root.conf
index 71eb9e38c4..2f92af248f 100644
--- a/mkosi.images/system/mkosi.extra/usr/lib/repart.d/20-root.conf
+++ b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/20-root.conf
@@ -4,5 +4,3 @@
Type=root
Format=btrfs
SizeMinBytes=1G
-Subvolumes=/home /var
-MakeDirectories=/home /var
diff --git a/mkosi.images/system/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf
index dac79ba4ed..dac79ba4ed 100644
--- a/mkosi.images/system/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf
+++ b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf
diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.finalize b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.finalize
new file mode 100755
index 0000000000..f5523983d2
--- /dev/null
+++ b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.finalize
@@ -0,0 +1,15 @@
+#!/bin/bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -e
+
+mkdir -p "$BUILDROOT"/usr/share/factory/mkosi
+cp --archive --recursive --no-target-directory --reflink=auto "$BUILDROOT"/etc "$BUILDROOT"/usr/share/factory/mkosi
+
+# sbsign is not available on CentOS Stream
+if command -v sbsign &>/dev/null; then
+ # Ensure that side-loaded PE addons are loaded if signed, and ignored if not
+ addons_dir=/efi/loader/addons
+ mkdir -p "$addons_dir"
+ ukify build --secureboot-private-key mkosi.key --secureboot-certificate mkosi.crt --cmdline this_should_be_here -o "$addons_dir/good.addon.efi"
+ ukify build --cmdline this_should_not_be_here -o "$addons_dir/bad.addon.efi"
+fi
diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/00-esp.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/00-esp.conf
new file mode 100644
index 0000000000..391543d1e7
--- /dev/null
+++ b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/00-esp.conf
@@ -0,0 +1,9 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Partition]
+Type=esp
+Format=vfat
+CopyFiles=/boot:/
+CopyFiles=/efi:/
+SizeMinBytes=1G
+SizeMaxBytes=1G
diff --git a/mkosi.images/system/mkosi.repart/10-usr.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/10-usr.conf
index 343761d097..343761d097 100644
--- a/mkosi.images/system/mkosi.repart/10-usr.conf
+++ b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/10-usr.conf
diff --git a/mkosi.images/system/mkosi.repart/11-usr-verity.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/11-usr-verity.conf
index b4d45dd7ef..b4d45dd7ef 100644
--- a/mkosi.images/system/mkosi.repart/11-usr-verity.conf
+++ b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/11-usr-verity.conf
diff --git a/mkosi.images/system/mkosi.repart/12-usr-verity-sig.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/12-usr-verity-sig.conf
index 1841d0a6db..1841d0a6db 100644
--- a/mkosi.images/system/mkosi.repart/12-usr-verity-sig.conf
+++ b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/12-usr-verity-sig.conf
diff --git a/mkosi.images/system/mkosi.finalize b/mkosi.images/system/mkosi.finalize
deleted file mode 100755
index 6da35e5138..0000000000
--- a/mkosi.images/system/mkosi.finalize
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/sh
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-mkdir -p "$BUILDROOT"/usr/share/factory/mkosi
-cp --archive --recursive --no-target-directory --reflink=auto "$BUILDROOT"/etc "$BUILDROOT"/usr/share/factory/mkosi
diff --git a/mkosi.images/system/mkosi.postinst.chroot b/mkosi.images/system/mkosi.postinst.chroot
index 61a8e311e3..43978316fc 100755
--- a/mkosi.images/system/mkosi.postinst.chroot
+++ b/mkosi.images/system/mkosi.postinst.chroot
@@ -65,15 +65,6 @@ fi
mountpoint -q /etc/resolv.conf && umount /etc/resolv.conf
rm -f /etc/resolv.conf
-# sbsign is not available on CentOS Stream
-if command -v sbsign &>/dev/null; then
- # Ensure that side-loaded PE addons are loaded if signed, and ignored if not
- addons_dir=/efi/loader/addons
- mkdir -p "$addons_dir"
- ukify build --secureboot-private-key mkosi.key --secureboot-certificate mkosi.crt --cmdline this_should_be_here -o "$addons_dir/good.addon.efi"
- ukify build --cmdline this_should_not_be_here -o "$addons_dir/bad.addon.efi"
-fi
-
for f in "$BUILDROOT"/usr/share/*.verity.sig; do
jq --join-output '.rootHash' "$f" >"${f%.verity.sig}.roothash"
done
diff --git a/mkosi.images/system/mkosi.repart/10-root.conf b/mkosi.images/system/mkosi.repart/10-root.conf
new file mode 100644
index 0000000000..3c25dbfb14
--- /dev/null
+++ b/mkosi.images/system/mkosi.repart/10-root.conf
@@ -0,0 +1,8 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Partition]
+Type=root
+Format=btrfs
+CopyFiles=/
+SizeMinBytes=8G
+SizeMaxBytes=8G
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-30 02:36:15 +0100