blob: c90f5bfc774b4b29e8284caccbffbe2fe4a8ec03 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
|
# SPDX-License-Identifier: LGPL-2.1-or-later
[Config]
MinimumVersion=23~devel
InitrdInclude=mkosi.initrd/
[Output]
RepartDirectories=mkosi.repart
OutputDirectory=build/mkosi.output
BuildDirectory=build/mkosi.builddir
CacheDirectory=build/mkosi.cache
[Content]
SELinuxRelabel=no
BuildSourcesEphemeral=yes
Autologin=yes
PostInstallationScripts=mkosi.sanitizers.chroot
ExtraTrees=
mkosi.crt:/usr/lib/verity.d/mkosi.crt # sysext verification key
mkosi.leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions
mkosi.coredump-journal-storage.conf:/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf
Environment=
SYSTEMD_REPART_OVERRIDE_FSTYPE_ROOT=%F
# Adding more kernel command line arguments is likely to hit the kernel command line limit (512 bytes) in
# various scenarios. Consider adding support for a credential instead if possible and using that.
KernelCommandLine=systemd.crash_shell
systemd.log_level=debug,console:info
systemd.log_ratelimit_kmsg=0
# Disable the kernel's ratelimiting on userspace logging to kmsg.
printk.devkmsg=on
# Make sure /sysroot is mounted rw in the initrd.
rw
# Lower the default device timeout so we get a shell earlier if the root device does
# not appear for some reason.
systemd.default_device_timeout_sec=30
# Make sure no LSMs are enabled by default.
apparmor=0
selinux=0
enforcing=0
systemd.early_core_pattern=/core
systemd.firstboot=no
raid=noautodetect
oops=panic
panic=-1
softlockup_panic=1
panic_on_warn=1
# These don't ship proper units with [Install] directives so we have to mask them instead.
systemd.mask=isc-dhcp-server.service
systemd.mask=mdmonitor.service
KernelModulesInitrdExclude=.*
KernelModulesInitrdInclude=default
ExtraTrees=
%O/minimal-0.root-%a.raw:/usr/share/minimal_0.raw
%O/minimal-0.root-%a-verity.raw:/usr/share/minimal_0.verity
%O/minimal-0.root-%a-verity-sig.raw:/usr/share/minimal_0.verity.sig
%O/minimal-1.root-%a.raw:/usr/share/minimal_1.raw
%O/minimal-1.root-%a-verity.raw:/usr/share/minimal_1.verity
%O/minimal-1.root-%a-verity-sig.raw:/usr/share/minimal_1.verity.sig
%O/minimal-base:/usr/share/TEST-13-NSPAWN-container-template
%O/exitrd:/exitrd
InitrdPackages=
btrfs-progs
findutils
grep
sed
Packages=
acl
attr
bash-completion
bpftrace
btrfs-progs
clang
coreutils
curl
diffutils
dnsmasq
dosfstools
e2fsprogs
findutils
gdb
grep
gzip
jq
kbd
kexec-tools
kmod
knot
less
lld
llvm
lvm2
man
mdadm
mtools
nano
nftables
nvme-cli
opensc
openssl
p11-kit
pciutils
python3
qrencode
radvd
rsync
sed
socat
strace
systemd
tar
tmux
tree
udev
util-linux
valgrind
which
wireguard-tools
xfsprogs
zsh
zstd
[Host]
Credentials=journal.storage=persistent
Incremental=yes
RuntimeBuildSources=yes
RuntimeScratch=no
QemuSmp=2
QemuSwtpm=yes
QemuVsock=yes
QemuKvm=yes
ToolsTreePackages=virtiofsd
|