| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
We switch to the c10s-sig-hyperscale branch of the spec repository
as it will receive all the latest changes the earliest before they
end up in the c9s-sig-hyperscale branch.
|
| | |
|
| |\
| |
| | |
Various integration test improvements
|
| | |
| |
| |
| |
| |
| |
| |
| | |
- Stop installing the policy in the initramfs as it's not really
supported anyway (https://github.com/fedora-selinux/selinux-policy/issues/2221)
- Stop relabeling on first boot and prefer to do it at image build time
- Disable mkosi relabeling by default but enable it in CI
- Build image as root in CI so the SELinux relabeling works properly
|
| | | |
|
| |/ |
|
| |
|
|
|
|
|
| |
In https://github.com/systemd/systemd/pull/33659 the commit was
updated to point to my fork without changing it back after the mkosi
PR was merged so let's change it back to point to the official
repository.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In https://github.com/systemd/mkosi/pull/2847, the '@' specifier is
removed, CLI arguments take priority over configuration files again
and the "main" image is defined at the top level instead of in
mkosi.images/. Additionally, not every setting from the top level
configuration is inherited by the images in mkosi.images/ anymore,
only settings which make sense to be inherited are inherited.
This commit gets rid of all the usages of '@', moves the "main" image
configuration from mkosi.images/system to the top level and gets rid
of various hacks we had in place to deal with quirks of the old
configuration parsing logic.
We also remove usages of Images= and --append as these options are
removed by the mentioned PR.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.7 to 3.25.11.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/3ab4101902695724f9365a384f86c1074d94e18c...b611370bb5703a7efb587f9d136a52ea24c5c38c)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.6 to 4.1.7.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/a5ac7e51b41094c92402da3b24376905380afc29...692973e3d937129bcbf40652eb9f2f61becf3332)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Booting a guest with secure boot is broken in Azure due to a hypervisor
bug. Disable it for now. Given there's no option, need to edit
the configuration on the fly.
|
| | |
|
| |
|
|
|
| |
Noble has all the tooling we need so let's stop using a tools tree
and just install the dependencies we need on the host system.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
_FORTIFY_SOURCE requires optimizations to be enabled so we set -O2
as well.
|
| |
|
|
| |
Let's instead just use $CFLAGS to override the optimization level.
|
| |\
| |
| | |
mkosi: Add support for building with LLVM
|
| | |
| |
| |
| | |
More coverage and clang tends to be better at sanitizers than gcc.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [redhat-plumbers-in-action/differential-shellcheck](https://github.com/redhat-plumbers-in-action/differential-shellcheck) from 5.1.2 to 5.3.0.
- [Release notes](https://github.com/redhat-plumbers-in-action/differential-shellcheck/releases)
- [Changelog](https://github.com/redhat-plumbers-in-action/differential-shellcheck/blob/main/docs/CHANGELOG.md)
- [Commits](https://github.com/redhat-plumbers-in-action/differential-shellcheck/compare/52bab0caa5249d6acd8bcd5bc7a68e69ac9319f9...60c9f2b924a9c5a2ddbb25e7b23e8e11b56faab9)
---
updated-dependencies:
- dependency-name: redhat-plumbers-in-action/differential-shellcheck
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.3.1 to 2.3.3.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](https://github.com/ossf/scorecard-action/compare/0864cf19026789058feabb7e87baa5f140aac736...dc50aa9510b46c811795eb24b2f1ba02a914e534)
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.0.4 to 2.0.5.
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](https://github.com/softprops/action-gh-release/compare/9d7c94cfd0a1f3ed45544c887983e9fa900f0564...69320dbe05506a9a39fc8ae11030b214ec2d1f87)
---
updated-dependencies:
- dependency-name: softprops/action-gh-release
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.2 to 4.1.6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/9bb56186c3b09b4f86b1c65136769dd318469633...a5ac7e51b41094c92402da3b24376905380afc29)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| |
|
|
| |
Let's make sure one build has sanitizers enabled for extra coverage.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Let's set the environment on the kernel command line so it applies
to initrd and main system.
- Let's add the necessary wrappers that are also added in test-functions.
Unlike test-functions we don't use gcc/clang to get the library path as
that requires installing gcc/clang in the initrd.
- Let's drop the hack to get journald writing to the console and have
it write to kmsg instead. We'll get the output either way.
- Stop removing libstdc++ and sanitizer libraries from Arch Linux
initrds and other images as it's required by the sanitizer libraries.
- Add a workaround for specifying extra meson options for opensuse
- Add a leak sanitizer suppression file as a workaround for a false
positive leak in verify_selinuxmnt() in libselinux. We do a soname match
because the stacktrace can't be properly symbolized on Debian.
|
| |\
| |
| | |
Two mkosi fixes
|
| | |
| |
| |
| |
| |
| | |
Now that we use KVM and don't use repart anymore to create a root
partition on first boot, let's see if we can use the same device timeout
for both local and CI runs.
|
| | |
| |
| |
| |
| | |
We don't build erofs images anymore and the firmware to use is set
per test so no need to configure it the CI config.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [redhat-plumbers-in-action/advanced-issue-labeler](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler) from 3.0.0 to 3.2.0.
- [Release notes](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler/releases)
- [Commits](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler/compare/9e55064634b67244f7deb4211452b4a7217b93de...d498805e5c7c0658e336948b3363480bcfd68da6)
---
updated-dependencies:
- dependency-name: redhat-plumbers-in-action/advanced-issue-labeler
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [redhat-plumbers-in-action/devel-freezer](https://github.com/redhat-plumbers-in-action/devel-freezer) from 1.1.0 to 1.2.0.
- [Release notes](https://github.com/redhat-plumbers-in-action/devel-freezer/releases)
- [Commits](https://github.com/redhat-plumbers-in-action/devel-freezer/compare/396c94ba8cb417474e6626c83a42addea210a403...ad766eafd555b28d2cb8e27937835983f9c3d173)
---
updated-dependencies:
- dependency-name: redhat-plumbers-in-action/devel-freezer
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [meson](https://github.com/mesonbuild/meson) from 1.4.0 to 1.4.1.
- [Release notes](https://github.com/mesonbuild/meson/releases)
- [Commits](https://github.com/mesonbuild/meson/compare/1.4.0...1.4.1)
---
updated-dependencies:
- dependency-name: meson
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Unfortunately, git submodules break in all sorts of ways:
- Various github workflows (dependabot, github pages) try to do a shallow
clone of git submodules which does not work at all when the git repository
is hosted on pagure (https://pagure.io/pagure/issue/5453,
https://github.com/dependabot/dependabot-core/issues/9391).
- If the git forge hosting the git repository uses SHA256, then it breaks our
usage of it as a submodule as SHA256 repositories cannot be used as submodules
in SHA1 repositories (src.opensuse.org moved to SHA256 which broke our usage of
opensuse's systemd spec as a submodule).
- git submodules completely break usage of git worktrees.
- ...
Let's avoid all these issues by just doing our own home grown implementation of
git submodules. We lose the automatic dependabot updates this way but since dependabot
fails to run more often that not with submodules we don't really lose anything.
|
| |
|
|
| |
This reverts commit aef13ad0294b403993e19b424b26535fb65749f4.
|
| |
|
|
| |
This reverts commit 639403f9a86869984b155edda2521741950f5417.
|
| |\
| |
| | |
mkosi: Sanitizers
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- Let's set the environment on the kernel command line so it applies
to initrd and main system.
- Let's add the necessary wrappers that are also added in test-functions.
Unlike test-functions we don't use gcc/clang to get the library path as
that requires installing gcc/clang in the initrd.
- Let's drop the hack to get journald writing to the console and have
it write to kmsg instead. We'll get the output either way.
- Stop removing libstdc++ and sanitizer libraries from Arch Linux
initrds and other images as it's required by the sanitizer libraries.
- Add a workaround for specifying extra meson options for opensuse
- Add a leak sanitizer suppression file as a workaround for a false
positive leak in verify_selinuxmnt() in libselinux. We do a soname match
because the stacktrace can't be properly symbolized on Debian.
|
| |/
|
|
|
| |
Otherwise we won't detect we're running in Github Actions and will
show the wrong command to fetch the journal.
|
| |
|
|
|
| |
This allows running integration tests that support it in nspawn
instead of qemu. This both gives extra coverage and speeds things up.
|
| | |
|
| |
|
|
|
|
| |
Nope, it's broken, never mind
This reverts commit b0f9c3c6483eadd630b0a6a4de23db761e8158c8.
|
| |
|
| |
Cloning the fedora/centos submodules fails because --depth 1 is used. Fork the actions workflow and use fetch-depth: 0 to disable it.
|
