# SPDX-License-Identifier: LGPL-2.1-or-later [Config] MinimumVersion=23~devel InitrdInclude=mkosi.initrd/ [Output] RepartDirectories=mkosi.repart OutputDirectory=build/mkosi.output BuildDirectory=build/mkosi.builddir CacheDirectory=build/mkosi.cache [Content] SELinuxRelabel=no BuildSourcesEphemeral=yes Autologin=yes PostInstallationScripts=mkosi.sanitizers.chroot ExtraTrees= mkosi.crt:/usr/lib/verity.d/mkosi.crt # sysext verification key mkosi.leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions mkosi.coredump-journal-storage.conf:/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf Environment= SYSTEMD_REPART_OVERRIDE_FSTYPE_ROOT=%F # Adding more kernel command line arguments is likely to hit the kernel command line limit (512 bytes) in # various scenarios. Consider adding support for a credential instead if possible and using that. KernelCommandLine=systemd.crash_shell systemd.log_level=debug,console:info systemd.log_ratelimit_kmsg=0 # Disable the kernel's ratelimiting on userspace logging to kmsg. printk.devkmsg=on # Make sure /sysroot is mounted rw in the initrd. rw # Lower the default device timeout so we get a shell earlier if the root device does # not appear for some reason. systemd.default_device_timeout_sec=30 # Make sure no LSMs are enabled by default. apparmor=0 selinux=0 enforcing=0 systemd.early_core_pattern=/core systemd.firstboot=no raid=noautodetect oops=panic panic=-1 softlockup_panic=1 panic_on_warn=1 # These don't ship proper units with [Install] directives so we have to mask them instead. systemd.mask=isc-dhcp-server.service systemd.mask=mdmonitor.service KernelModulesInitrdExclude=.* KernelModulesInitrdInclude=default ExtraTrees= %O/minimal-0.root-%a.raw:/usr/share/minimal_0.raw %O/minimal-0.root-%a-verity.raw:/usr/share/minimal_0.verity %O/minimal-0.root-%a-verity-sig.raw:/usr/share/minimal_0.verity.sig %O/minimal-1.root-%a.raw:/usr/share/minimal_1.raw %O/minimal-1.root-%a-verity.raw:/usr/share/minimal_1.verity %O/minimal-1.root-%a-verity-sig.raw:/usr/share/minimal_1.verity.sig %O/minimal-base:/usr/share/TEST-13-NSPAWN-container-template %O/exitrd:/exitrd InitrdPackages= btrfs-progs findutils grep sed Packages= acl attr bash-completion bpftrace btrfs-progs clang coreutils curl diffutils dnsmasq dosfstools e2fsprogs findutils gdb grep gzip jq kbd kexec-tools kmod knot less lld llvm lvm2 man mdadm mtools nano nftables nvme-cli opensc openssl p11-kit pciutils python3 qrencode radvd rsync sed socat strace systemd tar tmux tree udev util-linux valgrind which wireguard-tools xfsprogs zsh zstd [Host] Credentials=journal.storage=persistent Incremental=yes RuntimeBuildSources=yes RuntimeScratch=no QemuSmp=2 QemuSwtpm=yes QemuVsock=yes QemuKvm=yes ToolsTreePackages=virtiofsd