From 47e5e12866af14112452aeb8bc43a66191c6fbc1 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Mon, 8 May 2023 16:06:41 +0200
Subject: mkosi: Package a erofs usr partition with signed verity

Let's start moving towards a more involved partitioning setup to
test our stuff more when using mkosi.

The root partition is generated on boot with systemd-repart.

CentOS supports neither erofs nor btrfs so we use squashfs and xfs
instead.

We also enable SecureBoot= locally for additional coverage. This
and the use of verity means users need to run `mkosi genkey` once
to generate the keys necessary to do secure boot and verity.
---
 .github/workflows/mkosi.yml | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

(limited to '.github')

diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
index 8c71748df8..7d3ef4b186 100644
--- a/.github/workflows/mkosi.yml
+++ b/.github/workflows/mkosi.yml
@@ -84,11 +84,10 @@ jobs:
         [Distribution]
         Distribution=${{ matrix.distro }}
         Release=${{ matrix.release }}
-        SecureBoot=yes
 
         [Content]
         Environment=CI_BUILD=1
-                    DEFAULT_TIMEOUT_SEC=90
+                    DEFAULT_TIMEOUT_SEC=120
                     SLOW_TESTS=true
 
         [Output]
@@ -101,6 +100,15 @@ jobs:
         ExtraSearchPaths=!*
         EOF
 
+        # For erofs, we have to install linux-modules-extra-azure, but that doesn't match the running kernel
+        # version, so we can't load the erofs module. squashfs is a builtin module so we use that instead.
+
+        mkdir -p mkosi.presets/20-final/mkosi.repart/10-usr.conf.d
+        tee mkosi.presets/20-final/mkosi.repart/10-usr.conf.d/squashfs.conf <<- EOF
+        [Partition]
+        Format=squashfs
+        EOF
+
     - name: Generate secure boot key
       run: mkosi --debug genkey
 
@@ -113,11 +121,5 @@ jobs:
     - name: Boot ${{ matrix.distro }} systemd-nspawn
       run: sudo mkosi --debug boot
 
-    - name: Check ${{ matrix.distro }} systemd-nspawn
-      run: sudo mkosi --debug shell bash -c "[[ -e /testok ]] || { cat /failed-services; exit 1; }"
-
     - name: Boot ${{ matrix.distro }} QEMU
       run: timeout -k 30 10m mkosi --debug qemu
-
-    - name: Check ${{ matrix.distro }} QEMU
-      run: sudo mkosi --debug shell bash -c "[[ -e /testok ]] || { cat /failed-services; exit 1; }"
-- 
cgit v1.2.1