diff options
Diffstat (limited to 'mkosi.presets/20-final')
22 files changed, 692 insertions, 0 deletions
diff --git a/mkosi.presets/20-final/mkosi.build b/mkosi.presets/20-final/mkosi.build new file mode 100755 index 0000000000..ed355abd20 --- /dev/null +++ b/mkosi.presets/20-final/mkosi.build @@ -0,0 +1,32 @@ +#!/bin/sh +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +if [ -d "$SRCDIR"/mkosi.kernel/ ]; then + SRCDIR="$SRCDIR/mkosi.kernel" + BUILDDIR="$BUILDDIR/mkosi.kernel" + cd "$SRCDIR" + mkdir -p "$BUILDDIR" + + # Ensure fast incremental builds by fixating these values which usually change for each build. + export KBUILD_BUILD_TIMESTAMP="Fri Jun 5 15:58:00 CEST 2015" + export KBUILD_BUILD_HOST="mkosi" + + scripts/kconfig/merge_config.sh -O "$BUILDDIR" \ + ../mkosi.kernel.config \ + tools/testing/selftests/bpf/config.x86_64 \ + tools/testing/selftests/bpf/config + + # Make sure systemd-boot boots this kernel and not the distro provided one by overriding the version. + make O="$BUILDDIR" VERSION=99 -j "$(nproc)" + + KERNEL_RELEASE=$(make O="$BUILDDIR" VERSION=99 -s kernelrelease) + mkdir -p "$DESTDIR/usr/lib/modules/$KERNEL_RELEASE" + make O="$BUILDDIR" VERSION=99 INSTALL_MOD_PATH="$DESTDIR/usr" modules_install + make O="$BUILDDIR" VERSION=99 INSTALL_PATH="$DESTDIR/usr/lib/modules/$KERNEL_RELEASE" install + mkdir -p "$DESTDIR/usr/lib/kernel/selftests" + make -C tools/testing/selftests -j "$(nproc)" O="$BUILDDIR" VERSION=99 KSFT_INSTALL_PATH="$DESTDIR/usr/lib/kernel/selftests" SKIP_TARGETS="" install + + mkdir -p "$DESTDIR"/usr/bin + ln -sf /usr/lib/kernel/selftests/bpf/bpftool "$DESTDIR/usr/bin/bpftool" +fi diff --git a/mkosi.presets/20-final/mkosi.conf b/mkosi.presets/20-final/mkosi.conf new file mode 100644 index 0000000000..d15a17a161 --- /dev/null +++ b/mkosi.presets/20-final/mkosi.conf @@ -0,0 +1,38 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Content] +BaseTrees=../../mkosi.output/base +ExtraTrees=../../src:/root/src +Initrds=../../mkosi.output/initrd.cpio.xz +Packages= + acl + bash-completion + coreutils + diffutils + dnsmasq + dosfstools + e2fsprogs + findutils + gcc # Sanitizer libraries + gdb + grep + kbd + kexec-tools + less + mtools + nano + nftables + openssl + qrencode + sed + strace + tree + util-linux + valgrind + wireguard-tools + xfsprogs + zsh + +[Validation] +Password= +Autologin=yes diff --git a/mkosi.presets/20-final/mkosi.conf.d/10-arch.conf b/mkosi.presets/20-final/mkosi.conf.d/10-arch.conf new file mode 100644 index 0000000000..b0bbcf0c6a --- /dev/null +++ b/mkosi.presets/20-final/mkosi.conf.d/10-arch.conf @@ -0,0 +1,25 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=arch + +[Content] +Packages= + btrfs-progs + compsize + dhcp + f2fs-tools + glib2 + iproute + linux + man-db + openbsd-netcat + openssh + polkit + python-pefile + python-psutil + python-pytest + python3 + quota-tools + shadow + vim diff --git a/mkosi.presets/20-final/mkosi.conf.d/10-centos-fedora.conf b/mkosi.presets/20-final/mkosi.conf.d/10-centos-fedora.conf new file mode 100644 index 0000000000..d89f827839 --- /dev/null +++ b/mkosi.presets/20-final/mkosi.conf.d/10-centos-fedora.conf @@ -0,0 +1,24 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=centos fedora + +[Content] +Packages= + cryptsetup + dhcp-server + dnf + glib2 + iproute + iproute-tc + kernel-core + libcap-ng-utils + netcat + openssh-server + p11-kit + pam + passwd + polkit + procps-ng + quota + vim-common diff --git a/mkosi.presets/20-final/mkosi.conf.d/10-debian-ubuntu.conf b/mkosi.presets/20-final/mkosi.conf.d/10-debian-ubuntu.conf new file mode 100644 index 0000000000..804aa67228 --- /dev/null +++ b/mkosi.presets/20-final/mkosi.conf.d/10-debian-ubuntu.conf @@ -0,0 +1,27 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=debian ubuntu + +[Content] +Packages= + btrfs-progs + cryptsetup-bin + dbus-broker + default-dbus-session-bus + f2fs-tools + fdisk + iproute2 + isc-dhcp-server + libcap-ng-utils + netcat-openbsd + openssh-server + passwd + policykit-1 + procps + python3 + python3-pefile + python3-psutil + python3-pytest + quota + xxd diff --git a/mkosi.presets/20-final/mkosi.conf.d/10-debian.conf b/mkosi.presets/20-final/mkosi.conf.d/10-debian.conf new file mode 100644 index 0000000000..3eb7a5453e --- /dev/null +++ b/mkosi.presets/20-final/mkosi.conf.d/10-debian.conf @@ -0,0 +1,8 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=debian + +[Content] +Packages= + linux-image-cloud-amd64 diff --git a/mkosi.presets/20-final/mkosi.conf.d/10-fedora.conf b/mkosi.presets/20-final/mkosi.conf.d/10-fedora.conf new file mode 100644 index 0000000000..5ae623e47d --- /dev/null +++ b/mkosi.presets/20-final/mkosi.conf.d/10-fedora.conf @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=fedora + +[Content] +Packages= + btrfs-progs + compsize + f2fs-tools + python3 + python3dist(pefile) + python3dist(psutil) + python3dist(pytest) diff --git a/mkosi.presets/20-final/mkosi.conf.d/10-opensuse.conf b/mkosi.presets/20-final/mkosi.conf.d/10-opensuse.conf new file mode 100644 index 0000000000..f948dd6a37 --- /dev/null +++ b/mkosi.presets/20-final/mkosi.conf.d/10-opensuse.conf @@ -0,0 +1,22 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=opensuse + +[Content] +Packages= + btrfs-progs + cryptsetup + dbus-broker + f2fs-tools + glibc-locale-base + kernel-default + libcap-ng-utils + openssh-server + python3 + python3-pefile + python3-psutil + python3-pytest + quota + shadow + vim diff --git a/mkosi.presets/20-final/mkosi.conf.d/10-ubuntu.conf b/mkosi.presets/20-final/mkosi.conf.d/10-ubuntu.conf new file mode 100644 index 0000000000..eb88ca7644 --- /dev/null +++ b/mkosi.presets/20-final/mkosi.conf.d/10-ubuntu.conf @@ -0,0 +1,8 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=ubuntu + +[Content] +Packages= + linux-virtual diff --git a/mkosi.presets/20-final/mkosi.conf.d/11-centos-8.conf b/mkosi.presets/20-final/mkosi.conf.d/11-centos-8.conf new file mode 100644 index 0000000000..2fa476454d --- /dev/null +++ b/mkosi.presets/20-final/mkosi.conf.d/11-centos-8.conf @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=centos +Release=8 + +[Content] +Packages= + platform-python + python3.9dist(pefile) + python3.9dist(pluggy) # python39-pluggy is a pytest dependency that's not installed for some reason. + python3.9dist(psutil) + python3.9dist(pytest) + python39 diff --git a/mkosi.presets/20-final/mkosi.conf.d/11-centos-9.conf b/mkosi.presets/20-final/mkosi.conf.d/11-centos-9.conf new file mode 100644 index 0000000000..d6ab3ee1c3 --- /dev/null +++ b/mkosi.presets/20-final/mkosi.conf.d/11-centos-9.conf @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=centos +Release=9 + +[Content] +Packages= + platform-python + python3dist(pefile) + python3dist(pluggy) # python39-pluggy is a pytest dependency that's not installed for some reason. + python3dist(psutil) + python3dist(pytest) diff --git a/mkosi.presets/20-final/mkosi.conf.d/20-kernel-arch.conf b/mkosi.presets/20-final/mkosi.conf.d/20-kernel-arch.conf new file mode 100644 index 0000000000..6ac0b58495 --- /dev/null +++ b/mkosi.presets/20-final/mkosi.conf.d/20-kernel-arch.conf @@ -0,0 +1,20 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +PathExists=mkosi.kernel/ +Distribution=arch + +[Content] +Packages= + alsa-lib + fuse2 + libcap + libcap-ng + libelf + libmnl + numactl + popt + +BuildPackages= + pahole + python-docutils diff --git a/mkosi.presets/20-final/mkosi.conf.d/20-kernel-centos-fedora.conf b/mkosi.presets/20-final/mkosi.conf.d/20-kernel-centos-fedora.conf new file mode 100644 index 0000000000..c42f9916ee --- /dev/null +++ b/mkosi.presets/20-final/mkosi.conf.d/20-kernel-centos-fedora.conf @@ -0,0 +1,34 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +PathExists=mkosi.kernel/ +Distribution=centos fedora + +[Content] +Packages= + alsa-lib + elfutils-libelf + fuse + glibc.i686 + libcap + libcap-ng + libcap-ng-utils + libmnl + numactl-libs + popt + +BuildPackages= + dwarves + glibc-devel.i686 + glibc-static + glibc-static.i686 + pkgconfig(alsa) + pkgconfig(fuse) + pkgconfig(libcap-ng) + pkgconfig(libcap) + pkgconfig(libelf) + pkgconfig(libmnl) + pkgconfig(numa) + pkgconfig(openssl) + pkgconfig(popt) + python3-docutils diff --git a/mkosi.presets/20-final/mkosi.conf.d/20-kernel-debian-ubuntu.conf b/mkosi.presets/20-final/mkosi.conf.d/20-kernel-debian-ubuntu.conf new file mode 100644 index 0000000000..00338fa4d1 --- /dev/null +++ b/mkosi.presets/20-final/mkosi.conf.d/20-kernel-debian-ubuntu.conf @@ -0,0 +1,32 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +PathExists=mkosi.kernel/ +Distribution=debian ubuntu + +[Content] +Packages= + fuse + libasound2 + libc6-i386 + libcap-ng0 + libcap2 + libelf1 + libmnl0 + libnuma1 + libpopt0 + +BuildPackages= + gcc-multilib + libasound-dev + libc6-dev + libc6-dev-i686 + libcap-ng-dev + libcap-dev + libelf-dev + libfuse-dev + libmnl-dev + libnuma-dev + libpopt-dev + pahole + python3-docutils diff --git a/mkosi.presets/20-final/mkosi.conf.d/20-kernel-fedora.conf b/mkosi.presets/20-final/mkosi.conf.d/20-kernel-fedora.conf new file mode 100644 index 0000000000..ea94c14346 --- /dev/null +++ b/mkosi.presets/20-final/mkosi.conf.d/20-kernel-fedora.conf @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +PathExists=mkosi.kernel/ +Distribution=fedora + +[Content] +BuildPackages= + libcap-static diff --git a/mkosi.presets/20-final/mkosi.conf.d/20-kernel-opensuse.conf b/mkosi.presets/20-final/mkosi.conf.d/20-kernel-opensuse.conf new file mode 100644 index 0000000000..aec631f1af --- /dev/null +++ b/mkosi.presets/20-final/mkosi.conf.d/20-kernel-opensuse.conf @@ -0,0 +1,35 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +PathExists=mkosi.kernel/ +Distribution=opensuse + +[Content] +Packages= + fuse + glibc-32bit + libasound2 + libcap-ng0 + libcap2 + libelf1 + libmnl0 + libnuma1 + libpopt0 + +BuildPackages= + alsa-devel + dwarves + fuse-devel + gcc-32bit + glibc-devel-32bit + glibc-devel-static-32bit + glibc-static + libcap-devel + libcap-ng-dev + libelf-devel + liblz4-dev + libmnl-dev + libnuma-devel + pcre-devel + popt-devel + python3-docutils diff --git a/mkosi.presets/20-final/mkosi.conf.d/20-kernel.conf b/mkosi.presets/20-final/mkosi.conf.d/20-kernel.conf new file mode 100644 index 0000000000..5505b41a86 --- /dev/null +++ b/mkosi.presets/20-final/mkosi.conf.d/20-kernel.conf @@ -0,0 +1,20 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +PathExists=mkosi.kernel/ + +[Content] +BuildSources=./ +BuildPackages= + bc + binutils + bison + clang + flex + gcc + lld + llvm + make + make + rsync + tar diff --git a/mkosi.presets/20-final/mkosi.extra/etc/issue b/mkosi.presets/20-final/mkosi.extra/etc/issue new file mode 100644 index 0000000000..6aa6fc0ec0 --- /dev/null +++ b/mkosi.presets/20-final/mkosi.extra/etc/issue @@ -0,0 +1,2 @@ +\S (built from systemd tree) +Kernel \r on an \m (\l) diff --git a/mkosi.presets/20-final/mkosi.extra/usr/lib/systemd/mkosi-check-and-shutdown.sh b/mkosi.presets/20-final/mkosi.extra/usr/lib/systemd/mkosi-check-and-shutdown.sh new file mode 100755 index 0000000000..b86d2d3e69 --- /dev/null +++ b/mkosi.presets/20-final/mkosi.extra/usr/lib/systemd/mkosi-check-and-shutdown.sh @@ -0,0 +1,15 @@ +#!/bin/bash -eux +# SPDX-License-Identifier: LGPL-2.1-or-later + +systemctl --failed --no-legend | tee /failed-services + +# Check that secure boot keys were properly enrolled. +if [[ -d /sys/firmware/efi/efivars/ ]]; then + cmp /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c <(printf '\6\0\0\0\1') + cmp /sys/firmware/efi/efivars/SetupMode-8be4df61-93ca-11d2-aa0d-00e098032b8c <(printf '\6\0\0\0\0') +fi + +# Exit with non-zero EC if the /failed-services file is not empty (we have -e set) +[[ ! -s /failed-services ]] + +: >/testok diff --git a/mkosi.presets/20-final/mkosi.extra/usr/lib/systemd/system/mkosi-check-and-shutdown.service b/mkosi.presets/20-final/mkosi.extra/usr/lib/systemd/system/mkosi-check-and-shutdown.service new file mode 100644 index 0000000000..6539325108 --- /dev/null +++ b/mkosi.presets/20-final/mkosi.extra/usr/lib/systemd/system/mkosi-check-and-shutdown.service @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +[Unit] +Description=Check if any service failed and then shutdown the machine +After=multi-user.target network-online.target +Requires=multi-user.target +Wants=systemd-resolved.service systemd-networkd.service network-online.target +OnFailure=poweroff.target +OnFailureJobMode=replace-irreversibly + +[Service] +Type=oneshot +ExecStartPre=-rm -f /failed-services +ExecStart=/usr/lib/systemd/mkosi-check-and-shutdown.sh +ExecStartPost=systemctl poweroff --no-block diff --git a/mkosi.presets/20-final/mkosi.kernel.config b/mkosi.presets/20-final/mkosi.kernel.config new file mode 100644 index 0000000000..ab3ffe2fea --- /dev/null +++ b/mkosi.presets/20-final/mkosi.kernel.config @@ -0,0 +1,204 @@ +# CONFIG_COMPAT_BRK is not set +# CONFIG_LEGACY_PTYS is not set +CONFIG_ATA=y +CONFIG_AUTOFS4_FS=y +CONFIG_BINFMT_MISC=y +CONFIG_BLK_CGROUP_IOCOST=y +CONFIG_BLK_CGROUP_IOLATENCY=y +CONFIG_BLK_CGROUP_IOPRIO=y +CONFIG_BLK_CGROUP=y +CONFIG_BLK_DEV_DM=y +CONFIG_BLK_DEV_INITRD=y +CONFIG_BLK_DEV_LOOP=y +CONFIG_BLK_DEV_MD=y +CONFIG_BLK_DEV_SD=y +CONFIG_BLK_DEV_SR=y +CONFIG_BPF_EVENTS=y +CONFIG_BPF_JIT=y +CONFIG_BPF_LSM=y +CONFIG_BPF_SYSCALL=y +CONFIG_BPF=y +CONFIG_BSD_PROCESS_ACCT=y +CONFIG_BTRFS_FS_POSIX_ACL=y +CONFIG_BTRFS_FS=y +CONFIG_CFG80211=y +CONFIG_CFS_BANDWIDTH=y +CONFIG_CGROUP_BPF=y +CONFIG_CGROUP_CPUACCT=y +CONFIG_CGROUP_DEVICE=y +CONFIG_CGROUP_FREEZER=y +CONFIG_CGROUP_HUGETLB=y +CONFIG_CGROUP_MISC=y +CONFIG_CGROUP_NET_PRIO=y +CONFIG_CGROUP_PERF=y +CONFIG_CGROUP_PIDS=y +CONFIG_CGROUP_RDMA=y +CONFIG_CGROUP_SCHED=y +CONFIG_CGROUPS=y +CONFIG_CONNECTOR=y +CONFIG_CPUSETS=y +CONFIG_CRASH_DUMP=y +CONFIG_DEBUG_INFO_BTF=y +CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT=y +CONFIG_DEVTMPFS_MOUNT=y +CONFIG_DEVTMPFS=y +CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING=y +CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG=y +CONFIG_DM_VERITY=y +CONFIG_DMI_SYSFS=y +CONFIG_DMI=y +CONFIG_EFI_MIXED=y +CONFIG_EFI_STUB=y +CONFIG_EFI_ZBOOT=y +CONFIG_EFI=y +CONFIG_EXPERT=y +CONFIG_EXT4_FS_POSIX_ACL=y +CONFIG_EXT4_FS_SECURITY=y +CONFIG_EXT4_FS=y +CONFIG_HIBERNATION=y +CONFIG_HIDRAW=y +CONFIG_HIGH_RES_TIMERS=y +CONFIG_HOTPLUG_PCI=y +CONFIG_HPET=y +CONFIG_HUGETLBFS=y +CONFIG_HW_RANDOM_VIRTIO=y +CONFIG_HW_RANDOM=y +CONFIG_HYPERVISOR_GUEST=y +CONFIG_IKCONFIG_PROC=y +CONFIG_IKCONFIG=y +CONFIG_IMA_APPRAISE=y +CONFIG_IMA_ARCH_POLICY=y +CONFIG_IMA=y +CONFIG_INET=y +CONFIG_INET6_AH=y +CONFIG_INET6_ESP=y +CONFIG_INPUT_EVDEV=y +CONFIG_INPUT_MISC=y +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_MACHINE_KEYRING=y +CONFIG_INTEGRITY_PLATFORM_KEYRING=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_IOSCHED_BFQ=y +CONFIG_IP_ADVANCED_ROUTER=y +CONFIG_IP_MULTICAST=y +CONFIG_IP_MULTIPLE_TABLES=y +CONFIG_IP_NF_FILTER=y +CONFIG_IP_NF_IPTABLES=y +CONFIG_IP_NF_MANGLE=y +CONFIG_IP_NF_TARGET_REJECT=y +CONFIG_IP_PNP_BOOTP=y +CONFIG_IP_PNP_DHCP=y +CONFIG_IP_PNP=y +CONFIG_IP_ROUTE_MULTIPATH=y +CONFIG_IP_ROUTE_VERBOSE=y +CONFIG_IP6_NF_FILTER=y +CONFIG_IP6_NF_IPTABLES=y +CONFIG_IP6_NF_MANGLE=y +CONFIG_IP6_NF_TARGET_REJECT=y +CONFIG_ISO9660_FS=y +CONFIG_KEXEC=y +CONFIG_KPROBES=y +CONFIG_LOAD_UEFI_KEYS=y +CONFIG_MAC80211=y +CONFIG_MAGIC_SYSRQ=y +CONFIG_MD=y +CONFIG_MEMCG_KMEM=y +CONFIG_MEMCG=y +CONFIG_MICROCODE_AMD=y +CONFIG_MODULE_FORCE_UNLOAD=y +CONFIG_MODULE_UNLOAD=y +CONFIG_MODULES=y +CONFIG_MSDOS_FS=y +CONFIG_NAMESPACES=y +CONFIG_NET_9P_VIRTIO=y +CONFIG_NET_9P=y +CONFIG_NET_CLS_ACT=y +CONFIG_NET_CLS_CGROUP=y +CONFIG_NET_EMATCH=y +CONFIG_NET_SCHED=y +CONFIG_NET=y +CONFIG_NETCONSOLE=y +CONFIG_NETDEVICES=y +CONFIG_NETFILTER_ADVANCED=y +CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y +CONFIG_NETFILTER_XT_MATCH_POLICY=y +CONFIG_NETFILTER_XT_MATCH_STATE=y +CONFIG_NETFILTER_XT_TARGET_MASQUERADE=y +CONFIG_NETFILTER_XT_TARGET_NFLOG=y +CONFIG_NETFILTER_XT_TARGET_TCPMSS=y +CONFIG_NETFILTER=y +CONFIG_NETLABEL=y +CONFIG_NF_CONNTRACK_FTP=y +CONFIG_NF_CONNTRACK_IRC=y +CONFIG_NF_CONNTRACK_SIP=y +CONFIG_NF_CONNTRACK=y +CONFIG_NF_CT_NETLINK=y +CONFIG_NF_NAT=y +CONFIG_NLS_ASCII=y +CONFIG_NLS_CODEPAGE_437=y +CONFIG_NLS_DEFAULT="utf8" +CONFIG_NLS_ISO8859_1=y +CONFIG_NLS_UTF8=y +CONFIG_NO_HZ_FULL=y +CONFIG_NUMA=y +CONFIG_NVRAM=y +CONFIG_PACKET=y +CONFIG_PARAVIRT=y +CONFIG_PCI=y +CONFIG_PCIEPORTBUS=y +CONFIG_PERF_EVENTS=y +CONFIG_PM_DEBUG=y +CONFIG_PM_TRACE_RTC=y +CONFIG_POSIX_MQUEUE=y +CONFIG_PRINTK_TIME=y +CONFIG_PROC_KCORE=y +CONFIG_PROFILING=y +CONFIG_PSI=y +CONFIG_QUOTA_NETLINK_INTERFACE=y +CONFIG_QUOTA=y +CONFIG_RFKILL=y +CONFIG_RTC_CLASS=y +CONFIG_SATA_AHCI=y +CONFIG_SCSI_CONSTANTS=y +CONFIG_SCSI_SPI_ATTRS=y +CONFIG_SCSI_VIRTIO=y +CONFIG_SCSI=y +CONFIG_SECONDARY_TRUSTED_KEYRING=y +CONFIG_SECURITY_NETWORK=y +CONFIG_SECURITY_YAMA=y +CONFIG_SECURITY=y +CONFIG_SERIAL_8250_CONSOLE=y +CONFIG_SERIAL_8250_PCI=y +CONFIG_SERIAL_8250=y +CONFIG_SMP=y +CONFIG_SWAP=y +CONFIG_SYSTEM_BLACKLIST_KEYRING=y +CONFIG_SYSVIPC=y +CONFIG_TMPFS_POSIX_ACL=y +CONFIG_TMPFS_XATTR=y +CONFIG_TMPFS=y +CONFIG_UNIX=y +CONFIG_USB_ANNOUNCE_NEW_DEVICES=y +CONFIG_USB_EHCI_HCD=y +CONFIG_USB_MON=y +CONFIG_USB_OHCI_HCD=y +CONFIG_USB_STORAGE=y +CONFIG_USB_UHCI_HCD=y +CONFIG_USB_XHCI_HCD=y +CONFIG_USB=y +CONFIG_USER_NS=y +CONFIG_VFAT_FS=y +CONFIG_VIRTIO_BLK=y +CONFIG_VIRTIO_CONSOLE=y +CONFIG_VIRTIO_INPUT=y +CONFIG_VIRTIO_NET=y +CONFIG_VIRTIO_PCI=y +CONFIG_VIRTIO_VSOCKETS=y +CONFIG_VSOCKETS=y +CONFIG_WATCHDOG=y +CONFIG_X86_ACPI_CPUFREQ=y +CONFIG_X86_CPUID=y +CONFIG_X86_MSR=y +CONFIG_XFRM_USER=y +CONFIG_XFS_FS=y +CONFIG_XFS_POSIX_ACL=y diff --git a/mkosi.presets/20-final/mkosi.postinst b/mkosi.presets/20-final/mkosi.postinst new file mode 100755 index 0000000000..4339d7fd22 --- /dev/null +++ b/mkosi.presets/20-final/mkosi.postinst @@ -0,0 +1,82 @@ +#!/bin/sh +# SPDX-License-Identifier: LGPL-2.1-or-later + +if [ "$1" = "build" ]; then + exit 0 +fi + +if [ -n "$SANITIZERS" ]; then + LD_PRELOAD=$(ldd /usr/lib/systemd/systemd | grep libasan.so | awk '{print $3}') + + mkdir -p /etc/systemd/system.conf.d + + cat >/etc/systemd/system.conf.d/10-asan.conf <<EOF +[Manager] +ManagerEnvironment=ASAN_OPTIONS=$MKOSI_ASAN_OPTIONS\\ + UBSAN_OPTIONS=$MKOSI_UBSAN_OPTIONS\\ + LD_PRELOAD=$LD_PRELOAD +DefaultEnvironment=ASAN_OPTIONS=$MKOSI_ASAN_OPTIONS\\ + UBSAN_OPTIONS=$MKOSI_UBSAN_OPTIONS\\ + LD_PRELOAD=$LD_PRELOAD +EOF + + # ASAN logs to stderr by default. However, journald's stderr is connected to /dev/null, so we lose + # all the ASAN logs. To rectify that, let's connect journald's stdout to the console so that any + # sanitizer failures appear directly on the user's console. + mkdir -p /etc/systemd/system/systemd-journald.service.d + cat >/etc/systemd/system/systemd-journald.service.d/10-stdout-tty.conf <<EOF +[Service] +StandardOutput=tty +EOF + + # Both systemd and util-linux's login call vhangup() on /dev/console which disconnects all users. + # This means systemd-journald can't log to /dev/console even if we configure `StandardOutput=tty`. As + # a workaround, we modify console-getty.service to disable systemd's vhangup() and disallow login + # from calling vhangup() so that journald's ASAN logs correctly end up in the console. + + mkdir -p /etc/systemd/system/console-getty.service.d + cat >/etc/systemd/system/console-getty.service.d/10-no-vhangup.conf <<EOF +[Service] +TTYVHangup=no +CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG +EOF + # ASAN and syscall filters aren't compatible with each other. + find / -name '*.service' -type f -exec sed -i 's/^\(MemoryDeny\|SystemCall\)/# \1/' {} + + + # `systemd-hwdb update` takes > 50s when built with sanitizers so let's not run it by default. + systemctl mask systemd-hwdb-update.service +fi + +if [ -n "$IMAGE_ID" ] ; then + sed -n \ + -i \ + -e '/^IMAGE_ID=/!p' \ + -e "\$aIMAGE_ID=$IMAGE_ID" \ + /usr/lib/os-release +fi + +if [ -n "$IMAGE_VERSION" ] ; then + sed -n \ + -i \ + -e '/^IMAGE_VERSION=/!p' \ + -e "\$aIMAGE_VERSION=$IMAGE_VERSION" \ + /usr/lib/os-release +fi + +if command -v authselect >/dev/null; then + authselect select minimal + + if authselect list-features minimal | grep -q "with-homed"; then + authselect enable-feature with-homed + fi +fi + +# Let tmpfiles.d/systemd-resolve.conf handle the symlink +rm -f /etc/resolv.conf + +. /etc/os-release + +if [ "$ID" = "centos" ] && [ "$VERSION" = "8" ]; then + alternatives --install /usr/bin/python3 python3 /usr/bin/python3.9 1 + alternatives --set python3 /usr/bin/python3.9 +fi |