diff options
-rw-r--r-- | .github/workflows/mkosi.yml | 2 | ||||
-rwxr-xr-x | mkosi.build | 89 | ||||
-rw-r--r-- | mkosi.default.d/10-systemd.conf | 40 | ||||
-rw-r--r-- | mkosi.default.d/arch/10-mkosi.arch | 75 | ||||
-rw-r--r-- | mkosi.default.d/centos_epel/10-mkosi.centos_epel | 76 | ||||
-rw-r--r-- | mkosi.default.d/debian/10-mkosi.debian | 73 | ||||
-rw-r--r-- | mkosi.default.d/fedora/10-mkosi.fedora | 75 | ||||
-rw-r--r-- | mkosi.default.d/opensuse/10-mkosi.opensuse | 85 | ||||
-rw-r--r-- | mkosi.default.d/ubuntu/10-mkosi.ubuntu | 77 | ||||
-rwxr-xr-x | mkosi.postinst | 3 |
10 files changed, 305 insertions, 290 deletions
diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml index fa0a22a577..c2c12f3393 100644 --- a/.github/workflows/mkosi.yml +++ b/.github/workflows/mkosi.yml @@ -45,8 +45,6 @@ jobs: - distro: opensuse release: tumbleweed - distro: centos_epel - release: 8-stream - - distro: centos_epel release: 9-stream steps: diff --git a/mkosi.build b/mkosi.build index 210811e768..76a813bf0a 100755 --- a/mkosi.build +++ b/mkosi.build @@ -47,6 +47,15 @@ if [ "$(locale charmap 2>/dev/null)" != "UTF-8" ] ; then fi fi +# The bpftool script shipped by Ubuntu tries to find the actual program to run via querying `uname -r` and +# using the current kernel version. This obviously doesn't work in containers. As a workaround, we override +# the ubuntu script with a symlink to the first bpftool program we can find. +for bpftool in /usr/lib/linux-tools/*/bpftool; do + [ -x "$bpftool" ] || continue + ln -sf "$bpftool" /usr/sbin/bpftool + break +done + if [ ! -f "$BUILDDIR"/build.ninja ] ; then sysvinit_path=$(realpath /etc/init.d) @@ -66,7 +75,81 @@ if [ ! -f "$BUILDDIR"/build.ninja ] ; then -D version-tag="${VERSION_TAG}" \ -D mode=developer \ -D b_sanitize="${SANITIZERS:-none}" \ - -D install-tests=true + -D install-tests=true \ + -D tests=unsafe \ + -D slow-tests=true \ + -D utmp=true \ + -D hibernate=true \ + -D ldconfig=true \ + -D resolve=true \ + -D efi=true \ + -D tpm=true \ + -D environment-d=true \ + -D binfmt=true \ + -D repart=true \ + -D sysupdate=true \ + -D coredump=true \ + -D pstore=true \ + -D oomd=true \ + -D logind=true \ + -D hostnamed=true \ + -D localed=true \ + -D machined=true \ + -D portabled=true \ + -D sysext=true \ + -D userdb=true \ + -D homed=true \ + -D networkd=true \ + -D timedated=true \ + -D timesyncd=true \ + -D remote=true \ + -D nss-myhostname=true \ + -D nss-mymachines=true \ + -D nss-resolve=true \ + -D nss-systemd=true \ + -D firstboot=true \ + -D randomseed=true \ + -D backlight=true \ + -D vconsole=true \ + -D quotacheck=true \ + -D sysusers=true \ + -D tmpfiles=true \ + -D importd=true \ + -D hwdb=true \ + -D rfkill=true \ + -D xdg-autostart=true \ + -D translations=true \ + -D polkit=true \ + -D acl=true \ + -D audit=true \ + -D blkid=true \ + -D fdisk=true \ + -D kmod=true \ + -D pam=true \ + -D pwquality=true \ + -D microhttpd=true \ + -D libcryptsetup=true \ + -D libcurl=true \ + -D idn=true \ + -D libidn2=true \ + -D qrencode=true \ + -D gcrypt=true \ + -D gnutls=true \ + -D openssl=true \ + -D cryptolib=openssl \ + -D p11kit=true \ + -D libfido2=true \ + -D tpm2=true \ + -D elfutils=true \ + -D zstd=true \ + -D xkbcommon=true \ + -D pcre2=true \ + -D glib=true \ + -D dbus=true \ + -D gnu-efi=true \ + -D kernel-install=true \ + -D analyze=true \ + -D bpf-framework=true fi cd "$BUILDDIR" @@ -172,3 +255,7 @@ TTYVHangup=no CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG EOF fi + +# Make sure services aren't enabled by default on Debian/Ubuntu. +mkdir -p "$DESTDIR/etc/systemd/system-preset" +echo "disable *" > "$DESTDIR/etc/systemd/system-preset/99-mkosi.preset" diff --git a/mkosi.default.d/10-systemd.conf b/mkosi.default.d/10-systemd.conf index 8efd1e97fa..1c69dc46e0 100644 --- a/mkosi.default.d/10-systemd.conf +++ b/mkosi.default.d/10-systemd.conf @@ -14,6 +14,46 @@ OutputDirectory=mkosi.output BuildDirectory=mkosi.builddir Cache=mkosi.cache SourceFileTransferFinal=copy-git-others +Packages= + acl + bash-completion + coreutils + diffutils + dnsmasq + findutils + gcc # For sanitizer libraries + gdb + grep + kbd + kexec-tools + kmod + less + nano + nftables + openssl + python3 + qrencode + sed + strace + tree + util-linux + valgrind + wireguard-tools + zsh + +BuildPackages= + clang + gcc + gettext + git + gnu-efi + gperf + llvm + meson + pkgconf + rpm + rsync + zstd [Host] QemuHeadless=yes diff --git a/mkosi.default.d/arch/10-mkosi.arch b/mkosi.default.d/arch/10-mkosi.arch index 12f46c71c7..bd54b08c54 100644 --- a/mkosi.default.d/arch/10-mkosi.arch +++ b/mkosi.default.d/arch/10-mkosi.arch @@ -9,65 +9,28 @@ Distribution=arch [Content] -BuildPackages= - acl - bzip2 - clang - cryptsetup - curl - dbus - diffutils - docbook-xsl - elfutils - gcc - git - gnu-efi-libs +Packages= + compsize + dhcp gnutls - gperf - inetutils - iptables - kmod + iproute libbpf - libcap - libgcrypt - libidn2 + libfido2 libmicrohttpd - libseccomp - libutil-linux + libpwquality libxkbcommon - libxslt - llvm - lz4 - meson - pam - pkgconfig - python - python-lxml - python-jinja - qrencode - rsync - xz - zstd - -Packages= - gdb - libbpf - libidn2 - nano - qrencode - strace - # For testing "systemd-analyze verify". man-db - # For testing systemd's bash completion scripts. - bash-completion - # For testing systemd's zsh completion scripts - # Run `autoload -Uz compinit; compinit` from a zsh shell in the booted image to enable completions. - zsh - # xxd is provided by the vim package + openbsd-netcat + polkit + quota-tools + tpm2-tss vim - # Required to run systemd-networkd-tests.py - python - iproute - dnsmasq - wireguard-tools - dhcp + +BuildPackages= + bpf + docbook-xsl + libxslt + linux-api-headers + perl + python-jinja + python-lxml diff --git a/mkosi.default.d/centos_epel/10-mkosi.centos_epel b/mkosi.default.d/centos_epel/10-mkosi.centos_epel index 5e726d4aef..482b5935ce 100644 --- a/mkosi.default.d/centos_epel/10-mkosi.centos_epel +++ b/mkosi.default.d/centos_epel/10-mkosi.centos_epel @@ -11,39 +11,54 @@ Format=gpt_xfs HostonlyInitrd=no [Content] -BuildPackages= - diffutils - docbook-style-xsl - findutils - gcc - gettext - git +Packages= + audit + cryptsetup + dhcp-server + glib2 glibc-minimal-langpack - gnu-efi + gnutls + iproute + iproute-tc + kernel-modules-extra + libbpf + libfido2 + libmicrohttpd + libxcrypt + libxkbcommon + netcat + p11-kit + pam + polkit + procps-ng + quota + tpm2-tss + vim-common + +BuildPackages= + bpftool + docbook-xsl gnu-efi-devel - gperf - lz4 - meson - ninja-build + libgcrypt-devel # CentOS Stream 8 libgcrypt-devel doesn't ship a pkg-config file. + libxslt pam-devel - # CentOS Stream 8 libgcrypt-devel doesn't ship a pkg-config file. - libgcrypt-devel - pkgconfig + perl-interpreter pkgconfig(audit) pkgconfig(blkid) pkgconfig(bzip2) pkgconfig(dbus-1) pkgconfig(fdisk) + pkgconfig(glib-2.0) pkgconfig(gnutls) pkgconfig(libacl) + pkgconfig(libbpf) pkgconfig(libcap) pkgconfig(libcryptsetup) pkgconfig(libcurl) pkgconfig(libdw) + pkgconfig(libfido2) pkgconfig(libidn2) pkgconfig(libkmod) - pkgconfig(liblz4) - pkgconfig(liblzma) pkgconfig(libmicrohttpd) pkgconfig(libpcre2-8) pkgconfig(libqrencode) @@ -61,30 +76,3 @@ BuildPackages= pkgconfig(xkbcommon) python3dist(jinja2) python3dist(lxml) - rpm - tree - zstd - /usr/bin/xsltproc - -Packages= - gdb - nano - # procps-ng provides a set of useful utilities (ps, free, etc) - procps-ng - strace - tpm2-tss - less - netcat - e2fsprogs - # xxd is provided by the vim-common package - vim-common - libasan - libubsan - # Required to run systemd-networkd-tests.py - python3 - iproute - iproute-tc - dnsmasq - wireguard-tools - dhcp-server - kernel-modules-extra diff --git a/mkosi.default.d/debian/10-mkosi.debian b/mkosi.default.d/debian/10-mkosi.debian index 2488eeb557..2b712d6778 100644 --- a/mkosi.default.d/debian/10-mkosi.debian +++ b/mkosi.default.d/debian/10-mkosi.debian @@ -8,17 +8,31 @@ Distribution=debian Release=testing [Content] +Packages= + cryptsetup-bin + iproute2 + isc-dhcp-server + libbpf0 + libfido2-1 + libglib2.0-0 + libgnutls30 + libidn2-0 + libmicrohttpd12 + libp11-kit0 + libpam0g + libpwquality1 + libqrencode4 + libtss2-dev # Use the -dev package to avoid churn in updating version numbers + netcat-openbsd + policykit-1 + procps + quota + xxd + BuildPackages= - acl - clang - docbook-xml + bpftool docbook-xsl - gcc g++ - gettext - git - gnu-efi - gperf libacl1-dev libaudit-dev libblkid-dev @@ -26,59 +40,28 @@ BuildPackages= libbz2-dev libcap-dev libcryptsetup-dev - libcurl4-gnutls-dev + libcurl4-openssl-dev libdbus-1-dev libdw-dev libfdisk-dev libfido2-dev libgcrypt20-dev + libglib2.0-dev libgnutls28-dev - libidn2-0-dev + libidn2-dev libiptc-dev libkmod-dev - liblz4-dev - liblz4-tool - liblzma-dev libmicrohttpd-dev libmount-dev + libp11-kit-dev libpam0g-dev + libpwquality-dev libqrencode-dev libseccomp-dev libsmartcols-dev libssl-dev - libtss2-dev libxkbcommon-dev libzstd-dev - llvm - meson - pkg-config - python3 - python3-lxml python3-jinja2 - tree - uuid-dev + python3-lxml xsltproc - xz-utils - zstd - -Packages= - gdb - libbpf0 - libfdisk1 - libfido2-1 - libidn2-0 - libqrencode4 - # We pull in the -dev package here, since the binary ones appear to change names too often, and the -dev package pulls the right deps in automatically - libtss2-dev - locales - nano - strace - xxd - # Provides libasan/libubsan - gcc - # Required to run systemd-networkd-tests.py - python3 - iproute2 - dnsmasq-base - wireguard-tools - isc-dhcp-server diff --git a/mkosi.default.d/fedora/10-mkosi.fedora b/mkosi.default.d/fedora/10-mkosi.fedora index c1d8a57557..9561117789 100644 --- a/mkosi.default.d/fedora/10-mkosi.fedora +++ b/mkosi.default.d/fedora/10-mkosi.fedora @@ -8,29 +8,42 @@ Distribution=fedora Release=36 [Content] -BuildPackages= - diffutils - docbook-style-xsl - findutils - gcc - gettext - git +Packages= + compsize + cryptsetup + dhcp-server + glib2 glibc-minimal-langpack - gnu-efi + gnutls + iproute + iproute-tc + kernel-modules-extra + libbpf + libfido2 + libmicrohttpd + libxcrypt + libxkbcommon + netcat + pam + polkit + procps-ng + quota + tpm2-tss + vim-common + +BuildPackages= + bpftool + docbook-xsl gnu-efi-devel - gperf - lz4 - meson - ninja-build pam-devel - pkgconfig + pkgconfig # pkgconf shim to provide /usr/bin/pkg-config pkgconfig(audit) pkgconfig(blkid) - pkgconfig(bzip2) pkgconfig(dbus-1) pkgconfig(fdisk) - pkgconfig(gnutls) + pkgconfig(glib-2.0) pkgconfig(libacl) + pkgconfig(libbpf) pkgconfig(libcap) pkgconfig(libcryptsetup) pkgconfig(libcurl) @@ -39,8 +52,6 @@ BuildPackages= pkgconfig(libgcrypt) pkgconfig(libidn2) pkgconfig(libkmod) - pkgconfig(liblz4) - pkgconfig(liblzma) pkgconfig(libmicrohttpd) pkgconfig(libpcre2-8) pkgconfig(libqrencode) @@ -58,33 +69,3 @@ BuildPackages= pkgconfig(xkbcommon) python3dist(jinja2) python3dist(lxml) - rpm - tree - zstd - /usr/bin/xsltproc - -Packages= - acl - gdb - nano - # procps-ng provides a set of useful utilities (ps, free, etc) - procps-ng - strace - tpm2-tss - less - netcat - e2fsprogs - compsize - # xxd is provided by the vim-common package - vim-common - # Sanitizers - libasan - libubsan - # Required to run systemd-networkd-tests.py - python - iproute - iproute-tc - dnsmasq - wireguard-tools - dhcp-server - kernel-modules-extra diff --git a/mkosi.default.d/opensuse/10-mkosi.opensuse b/mkosi.default.d/opensuse/10-mkosi.opensuse index 16fdecdede..8dbb1dc50f 100644 --- a/mkosi.default.d/opensuse/10-mkosi.opensuse +++ b/mkosi.default.d/opensuse/10-mkosi.opensuse @@ -8,72 +8,59 @@ Distribution=opensuse Release=tumbleweed [Content] +Packages= + dbus-1 + glibc-locale-base + libbpf0 + libcrypt1 + libcryptsetup12 + libdw1 + libelf1 + libfido2 + libgcrypt20 + libglib-2_0-0 + libkmod2 + liblz4-1 + libmount1 + libp11-kit0 + libqrencode4 + libseccomp2 + libxkbcommon0 + pam + tpm2-0-tss + vim + BuildPackages= + audit-devel + bpftool + dbus-1-devel docbook-xsl-stylesheets - fdupes - gcc - gnu-efi - gperf - intltool + glib2-devel + glibc-locale libacl-devel - libapparmor-devel libblkid-devel - libbz2-devel + libbpf-devel libcap-devel libcryptsetup-devel libcurl-devel + libdw-devel + libelf-devel + libfdisk-devel + libfido2-devel libgcrypt-devel libgnutls-devel libkmod-devel - liblz4-devel libmicrohttpd-devel libmount-devel + libpwquality-devel libseccomp-devel libselinux-devel + libxkbcommon-devel libxslt-tools - meson + openssl-devel pam-devel - pciutils-devel pcre-devel - python3 python3-Jinja2 python3-lxml qrencode-devel - shadow - system-user-nobody - systemd-sysvinit - zlib-devel -# to satisfy tests - acl - diffutils - glibc-locale - system-group-obsolete - system-user-bin - system-user-daemon - system-user-root - timezone - -Packages= - gdb - # brought in via meson->python3 - libp11-kit0 - # --bootable=no - dbus-1 - libapparmor1 - libcrypt1 - libcryptsetup12 - libgcrypt20 - libgnutls30 - libkmod2 - liblz4-1 - libmount1 - libqrencode4 - libseccomp2 - pam - nano - strace - util-linux - # xxd is provided by the vim package - vim - # Provides libasan/libubsan - gcc + tpm2-0-tss-devel diff --git a/mkosi.default.d/ubuntu/10-mkosi.ubuntu b/mkosi.default.d/ubuntu/10-mkosi.ubuntu index 2d73746f3f..60e1bcfa66 100644 --- a/mkosi.default.d/ubuntu/10-mkosi.ubuntu +++ b/mkosi.default.d/ubuntu/10-mkosi.ubuntu @@ -9,75 +9,60 @@ Release=jammy Repositories=main,universe [Content] +Packages= + cryptsetup-bin + iproute2 + isc-dhcp-server + libbpf0 + libfdisk1 + libfido2-1 + libglib2.0-0 + libidn2-0 + libmicrohttpd12 + libp11-kit0 + libpwquality1 + libqrencode4 + libtss2-dev # Use the -dev package to avoid churn in updating version numbers + linux-tools-common + linux-tools-generic + netcat-openbsd + policykit-1 + procps + quota + xxd + BuildPackages= - acl - docbook-xml docbook-xsl - gcc - gettext - git - gnu-efi - gperf + g++ libacl1-dev libaudit-dev libblkid-dev + libbpf-dev libbz2-dev libcap-dev libcryptsetup-dev - libcurl4-gnutls-dev + libcurl4-openssl-dev libdbus-1-dev libdw-dev libfdisk-dev libfido2-dev libgcrypt20-dev + libglib2.0-dev libgnutls28-dev - libidn2-0-dev - libip4tc-dev - libip6tc-dev + libidn2-dev + libiptc-dev libkmod-dev - liblz4-dev - liblz4-tool - liblzma-dev libmicrohttpd-dev libmount-dev + libp11-kit-dev libpam0g-dev + libpwquality-dev libqrencode-dev libseccomp-dev libsmartcols-dev libssl-dev - libtss2-dev libxkbcommon-dev - libxtables-dev libzstd-dev - meson - pkg-config - python3 - python3-lxml python3-jinja2 - tree - tzdata - uuid-dev + python3-lxml xsltproc - xz-utils - zstd - -Packages= - gdb - libfido2-1 - libidn2-0 - libqrencode4 - # We pull in the -dev package here, since the binary ones appear to change names too often, and the -dev package pulls the right deps in automatically - libtss2-dev - libfdisk1 - locales - nano - strace - xxd - # Provides libasan/libubsan - gcc - # Required to run systemd-networkd-tests.py - python3 - iproute2 - dnsmasq-base - wireguard-tools - isc-dhcp-server diff --git a/mkosi.postinst b/mkosi.postinst index 1c24b4f51a..fb59d31115 100755 --- a/mkosi.postinst +++ b/mkosi.postinst @@ -18,6 +18,9 @@ EOF # `systemd-hwdb update` takes > 50s when built with sanitizers so let's not run it by default. systemctl mask systemd-hwdb-update.service fi + + # Make sure dnsmasq.service doesn't start on boot on Debian/Ubuntu. + rm -f /etc/systemd/system/multi-user.target.wants/dnsmasq.service fi # Temporary workaround until https://github.com/openSUSE/suse-module-tools/commit/158643414ddb8d8208016a5f03a4484d58944d7a |