diff options
| author | Daan De Meyer <daan.j.demeyer@gmail.com> | 2024-07-08 12:59:52 +0200 |
|---|---|---|
| committer | Daan De Meyer <daan.j.demeyer@gmail.com> | 2024-07-09 08:07:09 +0200 |
| commit | 20345a86b7157e229c1c7e3976005548bad159a4 (patch) | |
| tree | 02021dbcdd2e85a6b62cdbc691d9d51a0ffa179a /mkosi.conf.d | |
| parent | mkosi: policykit-1 was renamed to polkitd (diff) | |
| download | systemd-20345a86b7157e229c1c7e3976005548bad159a4.tar.xz systemd-20345a86b7157e229c1c7e3976005548bad159a4.zip | |
mkosi: Adapt configuration to take into account configuration rework
In https://github.com/systemd/mkosi/pull/2847, the '@' specifier is
removed, CLI arguments take priority over configuration files again
and the "main" image is defined at the top level instead of in
mkosi.images/. Additionally, not every setting from the top level
configuration is inherited by the images in mkosi.images/ anymore,
only settings which make sense to be inherited are inherited.
This commit gets rid of all the usages of '@', moves the "main" image
configuration from mkosi.images/system to the top level and gets rid
of various hacks we had in place to deal with quirks of the old
configuration parsing logic.
We also remove usages of Images= and --append as these options are
removed by the mentioned PR.
Diffstat (limited to 'mkosi.conf.d')
47 files changed, 1388 insertions, 31 deletions
diff --git a/mkosi.conf.d/10-arch/mkosi.build.chroot b/mkosi.conf.d/10-arch/mkosi.build.chroot new file mode 100755 index 0000000000..2c99a67a25 --- /dev/null +++ b/mkosi.conf.d/10-arch/mkosi.build.chroot @@ -0,0 +1,99 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +if ((NO_BUILD)); then + exit 0 +fi + +# shellcheck source=/dev/null +. /usr/lib/os-release + +if [ ! -f "pkg/$ID/PKGBUILD" ]; then + echo "PKGBUILD not found at pkg/$ID/PKGBUILD, run mkosi once with -ff to make sure the PKGBUILD is cloned" >&2 + exit 1 +fi + +# We can't configure the source or build directory so we use symlinks instead to make sure they are in the +# expected locations. +ln --symbolic "$SRCDIR" "pkg/$ID/systemd" +ln --symbolic "$BUILDDIR" "pkg/$ID/build" +# Because we run with --noextract we are responsible for making sure the source files appear in src/. +ln --symbolic . "pkg/$ID/src" + +MKOSI_CFLAGS="-O0 -Wp,-U_FORTIFY_SOURCE" +if ((LLVM)); then + # TODO: Remove -fno-sanitize-function when https://github.com/systemd/systemd/issues/29972 is fixed. + MKOSI_CFLAGS="$MKOSI_CFLAGS -shared-libasan -fno-sanitize=function" +fi + +MKOSI_LDFLAGS="" +if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then + MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(clang --print-file-name="")lib/linux" +fi + +MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}" +if ((WIPE)); then + MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe" +fi + +# Override the default options. We specifically disable "strip", "zipman" and "lto" as they slow down builds +# significantly. OPTIONS= cannot be overridden on the makepkg command line so we append to /etc/makepkg.conf +# instead. The rootfs is overlaid with a writable tmpfs during the build script so these changes don't end up +# in the image itself. +tee --append /etc/makepkg.conf >/dev/null <<EOF +export CC="$( ((LLVM)) && echo clang || echo gcc)" +export CXX="$( ((LLVM)) && echo clang++ || echo g++)" +export CC_LD="$( ((LLVM)) && echo lld)" +export CXX_LD="$( ((LLVM)) && echo lld)" +export CFLAGS="\$CFLAGS $MKOSI_CFLAGS $CFLAGS" +export CXXFLAGS="\$CXXFLAGS $MKOSI_CFLAGS $CFLAGS" +export LDFLAGS="\$LDFLAGS $MKOSI_LDFLAGS $LDFLAGS" +OPTIONS=( + docs + !libtool + !staticlibs + emptydirs + !zipman + purge + $( ((WITH_DEBUG)) && echo strip || echo !strip) + $( ((WITH_DEBUG)) && echo debug || echo !debug) + !lto +) +EOF + +# Linting the PKGBUILD takes multiple seconds every build so avoid that by nuking all the linting functions. +rm /usr/share/makepkg/lint_pkgbuild/* + +if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then + TS="$(git show --no-patch --format=%ct HEAD)" +else + TS="${SOURCE_DATE_EPOCH:-$(date +%s)}" +fi + +sed --in-place "pkg/$ID/PKGBUILD" \ + --expression "s/^_tag=.*/_tag=$(cat meson.version)/" \ + --expression "s/^pkgrel=.*/pkgrel=$(date "+%Y%m%d%H%M%S" --date "@$TS")/" + +# We get around makepkg's root check by setting EUID to something else. +# shellcheck disable=SC2046 +env --chdir="pkg/$ID" \ + EUID=123 \ + makepkg \ + --noextract \ + $( ((WITH_TESTS)) || echo --nocheck) \ + --force \ + _systemd_UPSTREAM=1 \ + _systemd_QUIET=$( ((MESON_VERBOSE)); echo $? ) \ + BUILDDIR="$PWD/pkg/$ID" \ + PKGDEST="$OUTPUTDIR" \ + PKGEXT=".pkg.tar" \ + MESON_EXTRA_CONFIGURE_OPTIONS="$MKOSI_MESON_OPTIONS $MESON_OPTIONS" + +( + shopt -s nullglob + rm -f "$BUILDDIR"/*.pkg.tar +) + +cp "$OUTPUTDIR"/*.pkg.tar "$PACKAGEDIR" +cp "$OUTPUTDIR"/*.pkg.tar "$BUILDDIR" diff --git a/mkosi.conf.d/10-arch/mkosi.conf b/mkosi.conf.d/10-arch/mkosi.conf new file mode 100644 index 0000000000..96ae8c88b1 --- /dev/null +++ b/mkosi.conf.d/10-arch/mkosi.conf @@ -0,0 +1,70 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=arch + +[Content] +Environment= + GIT_URL=https://gitlab.archlinux.org/archlinux/packaging/packages/systemd.git + GIT_BRANCH=main + GIT_COMMIT=d74b24c7c6077740c35a876445febe6d26bf013c + +VolatilePackages= + systemd + systemd-libs + systemd-resolvconf + systemd-sysvcompat + systemd-tests + systemd-ukify + +Packages= + bind + bpf + compiler-rt + compsize + cryptsetup + dbus-broker + dbus-broker-units + debugedit + dhcp + f2fs-tools + fakeroot + git + gnutls + gnutls + iproute + iputils + linux + man-db + multipath-tools + open-iscsi + openbsd-netcat + openssh + openssl + pacman + perf + pkgconf + polkit + procps-ng + psmisc + python-pexpect + python-psutil + quota-tools + sbsigntools + shadow + softhsm + squashfs-tools + stress + tgt + tpm2-tools + tpm2-tss + vim + +InitrdPackages= + compiler-rt + tpm2-tools + +InitrdVolatilePackages= + systemd + systemd-libs + systemd-sysvcompat diff --git a/mkosi.conf.d/10-arch/mkosi.conf.d/10-debug.conf b/mkosi.conf.d/10-arch/mkosi.conf.d/10-debug.conf new file mode 100644 index 0000000000..4a6d2e925c --- /dev/null +++ b/mkosi.conf.d/10-arch/mkosi.conf.d/10-debug.conf @@ -0,0 +1,7 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Environment=WITH_DEBUG=1 + +[Content] +VolatilePackages=systemd-debug diff --git a/mkosi.conf.d/10-arch/mkosi.prepare b/mkosi.conf.d/10-arch/mkosi.prepare new file mode 100755 index 0000000000..fd78e81114 --- /dev/null +++ b/mkosi.conf.d/10-arch/mkosi.prepare @@ -0,0 +1,29 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +if [ "$1" = "build" ] || ((NO_BUILD)); then + exit 0 +fi + +# shellcheck source=/dev/null +. "$BUILDROOT/usr/lib/os-release" + +if [ ! -f "pkg/$ID/PKGBUILD" ]; then + echo "PKGBUILD not found at pkg/$ID/PKGBUILD, run mkosi once with -ff to make sure the PKGBUILD is cloned" >&2 + exit 1 +fi + +# We get depends and optdepends from .SRCINFO as getting them from the PKGBUILD is rather complex. +sed --expression 's/^[ \t]*//' "pkg/$ID/.SRCINFO" | + grep --regexp '^depends =' --regexp '^optdepends =' | + sed --expression 's/^depends = //' --expression 's/^optdepends = //' --expression 's/:.*//' --expression 's/=.*//' | + xargs --delimiter '\n' mkosi-install + +# We get makedepends from the PKGBUILD as .SRCINFO can't encode conditional dependencies depending on +# whether some environment variable is set or not. +# shellcheck source=/dev/null +_systemd_UPSTREAM=1 . "pkg/$ID/PKGBUILD" + +# shellcheck disable=SC2154 +mkosi-install "${makedepends[@]}" diff --git a/mkosi.conf.d/10-centos-fedora/mkosi.build.chroot b/mkosi.conf.d/10-centos-fedora/mkosi.build.chroot new file mode 100755 index 0000000000..21f106292b --- /dev/null +++ b/mkosi.conf.d/10-centos-fedora/mkosi.build.chroot @@ -0,0 +1,122 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +if ((NO_BUILD)); then + exit 0 +fi + +# shellcheck source=/dev/null +. /usr/lib/os-release + +if [ ! -f "pkg/$ID/systemd.spec" ]; then + echo "spec not found at pkg/$ID/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2 + exit 1 +fi + +if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then + TS="$(git show --no-patch --format=%ct HEAD)" +else + TS="${SOURCE_DATE_EPOCH:-$(date +%s)}" +fi + +if systemd-analyze compare-versions "$(rpm --version | cut -d ' ' -f3)" lt "4.19.91"; then + # Fix the %install override so debuginfo packages are generated even when --build-in-place is used. + # See https://github.com/rpm-software-management/rpm/issues/3042. + tee --append /usr/lib/rpm/redhat/macros <<'EOF' +%install %{?_enable_debug_packages:%{debug_package}}\ +%%install\ +%{nil} +EOF +fi + +VERSION="$(cat meson.version)" +RELEASE="$(date "+%Y%m%d%H%M%S" --date "@$TS")" + +DIST="$(rpm --eval %dist)" +ARCH="$(rpm --eval %_arch)" +SRCDEST="/usr/src/debug/systemd-$VERSION-${RELEASE}${DIST}.$ARCH" + +COMMON_MACRO_OVERRIDES=( + --define "toolchain $( ((LLVM)) && echo clang || echo gcc)" + --define "_fortify_level 0" + --undefine _lto_cflags + # TODO: Remove once redhat-rpm-config 292 is available everywhere. + --define "_hardening_clang_cflags --config=/usr/lib/rpm/redhat/redhat-hardened-clang.cfg" + --define "_hardening_clang_ldflags --config=/usr/lib/rpm/redhat/redhat-hardened-clang-ld.cfg" +) + +# TODO: Drop -U_FORTIFY_SOURCE when we switch to CentOS Stream 10. +MKOSI_CFLAGS="-O0 -Wp,-U_FORTIFY_SOURCE" +if ((WITH_DEBUG)); then + MKOSI_CFLAGS="$MKOSI_CFLAGS -fdebug-prefix-map=../src=$SRCDEST" +fi +if ((LLVM)); then + # TODO: Remove -fno-sanitize-function when https://github.com/systemd/systemd/issues/29972 is fixed. + MKOSI_CFLAGS="$MKOSI_CFLAGS -shared-libasan -fno-sanitize=function" +fi + +MKOSI_LDFLAGS="" +if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then + MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(dirname "$(clang --print-file-name=libclang_rt.asan.so)")" +fi + +MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}" +if ((WIPE)); then + MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe" +fi + +IFS= +# TODO: Replace meson_build and meson_install overrides with "--undefine __meson_verbose" once +# https://github.com/mesonbuild/meson/pull/12835 is available. +# shellcheck disable=SC2046 +env \ +--unset=CFLAGS \ +--unset=CXXFLAGS \ +--unset=LDFLAGS \ +ANNOBIN="no-active-checks" \ +CC_LD="$( ((LLVM)) && echo lld)" \ +CXX_LD="$( ((LLVM)) && echo lld)" \ + rpmbuild \ + -bb \ + --build-in-place \ + --with upstream \ + $( ((WITH_TESTS)) || echo "--nocheck") \ + $( ((WITH_DOCS)) || echo "--without=docs") \ + --define "_topdir /var/tmp" \ + --define "_sourcedir pkg/$ID" \ + --define "_rpmdir $OUTPUTDIR" \ + ${BUILDDIR:+"--define=_vpath_builddir $BUILDDIR"} \ + --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \ + --define "_binary_payload w.ufdio" \ + $( ((WITH_DEBUG)) || echo "--define=debug_package %{nil}") \ + --define "version_override $VERSION" \ + --define "release_override $RELEASE" \ + "${COMMON_MACRO_OVERRIDES[@]}" \ + --define "build_cflags $(rpm "${COMMON_MACRO_OVERRIDES[@]}" --eval "%{?build_cflags}") $MKOSI_CFLAGS $CFLAGS" \ + --define "build_cxxflags $(rpm "${COMMON_MACRO_OVERRIDES[@]}" --eval "%{?build_cxxflags}") $MKOSI_CFLAGS $CFLAGS" \ + --define "build_ldflags $(rpm "${COMMON_MACRO_OVERRIDES[@]}" --eval "%{?build_ldflags}") $MKOSI_LDFLAGS $LDFLAGS" \ + --define "meson_build %{shrink:%{__meson} compile -C %{_vpath_builddir} -j %{_smp_build_ncpus} $( ((MESON_VERBOSE)) && echo --verbose) %{nil}}" \ + --define "meson_install %{shrink:DESTDIR=%{buildroot} %{__meson} install -C %{_vpath_builddir} --no-rebuild --quiet %{nil}}" \ + --define "meson_extra_configure_options $MKOSI_MESON_OPTIONS $MESON_OPTIONS" \ + $( ((WITH_DEBUG)) || echo "--define=__brp_strip %{nil}") \ + --define "__brp_compress %{nil}" \ + --define "__brp_mangle_shebangs %{nil}" \ + --define "__brp_strip_comment_note %{nil}" \ + --define "__brp_strip_static_archive %{nil}" \ + --define "__brp_check_rpaths %{nil}" \ + --define "__elf_exclude_path ^/usr/lib/systemd/tests/unit-tests/.*$" \ + --define "__script_requires %{nil}" \ + --define "_find_debuginfo_dwz_opts %{nil}" \ + --define "_fixperms true" \ + --undefine _package_note_flags \ + --noclean \ + "pkg/$ID/systemd.spec" + +( + shopt -s nullglob + rm -f "$BUILDDIR"/*.rpm +) + +cp "$OUTPUTDIR"/*.rpm "$PACKAGEDIR" +cp "$OUTPUTDIR"/*.rpm "$BUILDDIR" diff --git a/mkosi.conf.d/10-centos-fedora/mkosi.conf b/mkosi.conf.d/10-centos-fedora/mkosi.conf new file mode 100644 index 0000000000..f200409d6f --- /dev/null +++ b/mkosi.conf.d/10-centos-fedora/mkosi.conf @@ -0,0 +1,76 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=|centos +Distribution=|fedora + +[Content] +VolatilePackages= + systemd + systemd-boot + systemd-container + systemd-devel + systemd-journal-remote + systemd-networkd + systemd-networkd-defaults + systemd-oomd-defaults + systemd-pam + systemd-resolved + systemd-tests + systemd-udev + systemd-ukify + +Packages= + bind-utils + bpftool + compiler-rt + cryptsetup + device-mapper-event + device-mapper-multipath + dfuzzer + dhcp-server + dnf + git-core + glibc-langpack-de + glibc-langpack-en + gnutls + gnutls-utils + integritysetup + iproute + iproute-tc + iputils + iscsi-initiator-utils + kernel-core + libasan + libcap-ng-utils + libubsan + man-db + netcat + openssh-clients + openssh-server + pam + passwd + perf + policycoreutils + polkit + procps-ng + python3-pexpect + quota + rpm + rpm-build + rpmautospec + sbsigntools + softhsm + squashfs-tools + stress + tpm2-tools + util-linux + veritysetup + vim-common + +InitrdPackages= + tpm2-tools + +InitrdVolatilePackages= + systemd + systemd-udev diff --git a/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-debug.conf b/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-debug.conf new file mode 100644 index 0000000000..0c3707b20b --- /dev/null +++ b/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-debug.conf @@ -0,0 +1,17 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Environment=WITH_DEBUG=1 + +[Content] +VolatilePackages= + systemd-container-debuginfo + systemd-debuginfo + systemd-debugsource + systemd-journal-remote-debuginfo + systemd-libs-debuginfo + systemd-networkd-debuginfo + systemd-pam-debuginfo + systemd-resolved-debuginfo + systemd-tests-debuginfo + systemd-udev-debuginfo diff --git a/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-selinux.conf b/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-selinux.conf new file mode 100644 index 0000000000..9fe5509695 --- /dev/null +++ b/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-selinux.conf @@ -0,0 +1,20 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Profile=!particle + +[Content] +# libselinux does not work in the slightest with /usr-only images so don't install the packages if we're +# building a /usr-only image. +Packages= + selinux-policy + selinux-policy-targeted + setools-console + +# We relabel on first boot instead of at build time because it is only possible to label without root +# if the labels exist in the host system, and we want to be able to cross-build to other distributions. +SELinuxRelabel=no + +InitrdPackages= + selinux-policy + selinux-policy-targeted diff --git a/mkosi.conf.d/10-centos-fedora/mkosi.prepare b/mkosi.conf.d/10-centos-fedora/mkosi.prepare new file mode 100755 index 0000000000..1b86073ef5 --- /dev/null +++ b/mkosi.conf.d/10-centos-fedora/mkosi.prepare @@ -0,0 +1,65 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +if [ "$1" = "build" ] || ((NO_BUILD)); then + exit 0 +fi + +# shellcheck source=/dev/null +. "$BUILDROOT/usr/lib/os-release" + +if [ ! -f "pkg/$ID/systemd.spec" ]; then + echo "spec not found at pkg/$ID/systemd.spec, run mkosi with -ff to make sure the spec is cloned" >&2 + exit 1 +fi + +for DEPS in --requires --buildrequires; do + mkosi-chroot \ + rpmspec \ + --with upstream \ + --query \ + "$DEPS" \ + --define "_topdir /var/tmp" \ + --define "_sourcedir pkg/$ID" \ + "pkg/$ID/systemd.spec" | + grep --invert-match --regexp systemd --regexp /bin/sh --regexp "rpmlib(" --regexp udev --regexp grubby --regexp sdubby | + sort --unique | + tee /tmp/buildrequires | + xargs --delimiter '\n' mkosi-install +done + +# rpmbuild -br tries to build a source package which means all source files have to exist which isn't the +# case when using --build-in-place so we get rid of the source file that doesn't exist to make it happy. +# TODO: Use -bd instead of -br and get rid of this once we don't need to build on CentOS Stream 9 anymore. +sed '/Source0/d' --in-place "pkg/$ID/systemd.spec" + +until mkosi-chroot \ + rpmbuild \ + -br \ + --build-in-place \ + --with upstream \ + --define "_topdir /var/tmp" \ + --define "_sourcedir pkg/$ID" \ + --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \ + "pkg/$ID/systemd.spec" +do + EXIT_STATUS=$? + if [ $EXIT_STATUS -ne 11 ]; then + exit $EXIT_STATUS + fi + + mkosi-chroot \ + rpm \ + --query \ + --package \ + --requires \ + /var/tmp/SRPMS/systemd-*.buildreqs.nosrc.rpm | + grep --invert-match '^rpmlib(' | + sort --unique >/tmp/dynamic-buildrequires + + sort /tmp/buildrequires /tmp/dynamic-buildrequires | + uniq --unique | + tee --append /tmp/buildrequires | + xargs --delimiter '\n' mkosi-install +done diff --git a/mkosi.conf.d/10-centos.conf b/mkosi.conf.d/10-centos.conf deleted file mode 100644 index ee8d0e5581..0000000000 --- a/mkosi.conf.d/10-centos.conf +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=centos - -[Distribution] -@Release=9 -Repositories=epel - epel-next - hyperscale-packages-main - hyperscale-packages-experimental diff --git a/mkosi.conf.d/10-centos/mkosi.conf b/mkosi.conf.d/10-centos/mkosi.conf new file mode 100644 index 0000000000..66aa0611d6 --- /dev/null +++ b/mkosi.conf.d/10-centos/mkosi.conf @@ -0,0 +1,29 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=centos + +[Distribution] +Release=9 +Repositories=epel + epel-next + hyperscale-packages-main + hyperscale-packages-experimental + +[Content] +Environment= + Environment= + # We'd prefer to use XFS here but it fails to mount on duplicate filesystem UUIDs which + # happens when running tests in parallel so we use ext4 instead. + SYSTEMD_REPART_OVERRIDE_FSTYPE_ROOT=ext4 + # The kernel versions in CentOS Stream 9 doesn't support orphan_file, but later versions of + # mkfs.ext4 enabled it by default, so we disable it explicitly. + SYSTEMD_REPART_MKFS_OPTIONS_EXT4="-O ^orphan_file" + + GIT_URL=https://git.centos.org/rpms/systemd.git + GIT_BRANCH=c9s-sig-hyperscale + GIT_COMMIT=8cf2aed0181920611421384f7374720db269d6c7 + +Packages= + kernel-modules # For squashfs + rpmautospec-rpm-macros diff --git a/mkosi.conf.d/10-debian-ubuntu/mkosi-pinning.pref b/mkosi.conf.d/10-debian-ubuntu/mkosi-pinning.pref new file mode 100644 index 0000000000..5649b70a85 --- /dev/null +++ b/mkosi.conf.d/10-debian-ubuntu/mkosi-pinning.pref @@ -0,0 +1,3 @@ +Package: * +Pin: release l=mkosi +Pin-Priority: 1100 diff --git a/mkosi.conf.d/10-debian-ubuntu/mkosi.build.chroot b/mkosi.conf.d/10-debian-ubuntu/mkosi.build.chroot new file mode 100755 index 0000000000..f1eed03924 --- /dev/null +++ b/mkosi.conf.d/10-debian-ubuntu/mkosi.build.chroot @@ -0,0 +1,147 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +if ((NO_BUILD)); then + exit 0 +fi + +# shellcheck source=/dev/null +. /usr/lib/os-release + +if [ ! -d "pkg/$ID/debian" ]; then + echo "deb rules not found at pkg/$ID/debian, run mkosi once with -ff to make sure the rules are cloned" >&2 + exit 1 +fi + +# We transplant the debian/ folder from the deb package sources into the upstream sources. +mount --mkdir --bind "$SRCDIR/pkg/$ID/debian" "$SRCDIR"/debian + +# We remove the patches so they don't get applied. +rm -rf "$SRCDIR"/debian/patches/* + +# While the build directory can be specified through DH_OPTIONS, the default one is hardcoded everywhere so +# we have to use that. Because it is architecture dependent, we query it using dpkg-architecture first. +DEB_HOST_GNU_TYPE="$(dpkg-architecture --query DEB_HOST_GNU_TYPE)" +mount --mkdir --bind "$BUILDDIR" "$SRCDIR/obj-$DEB_HOST_GNU_TYPE" + +if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then + TS="$(git show --no-patch --format=%ct HEAD)" +else + TS="${SOURCE_DATE_EPOCH:-$(date +%s)}" +fi + +# Add a new changelog entry to update the version. We use a fixed date since a dynamic one causes a full +# rebuild every time. +cat >debian/changelog.new <<EOF +systemd ($(cat meson.version)-$(date "+%Y%m%d%H%M%S" --date "@$TS")) UNRELEASED; urgency=low + + * Automatic build from mkosi + + -- systemd test <systemd-devel@lists.freedesktop.org> $(date --rfc-email --date "@$TS") + +EOF +cat debian/changelog >>debian/changelog.new +mv debian/changelog.new debian/changelog + +MKOSI_CFLAGS="-O0" +if ((LLVM)); then + # TODO: Remove -fno-sanitize-function when https://github.com/systemd/systemd/issues/29972 is fixed. + MKOSI_CFLAGS="$MKOSI_CFLAGS -shared-libasan -fno-sanitize=function" +fi + +MKOSI_LDFLAGS="" +if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then + MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(clang --print-file-name="")lib/linux" +fi + +MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}" +if ((WIPE)); then + MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe" +fi + +# TODO: Drop GENSYMBOLS_LEVEL once https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986746 is fixed. +build() { + env \ + CC="$( ((LLVM)) && echo clang || echo gcc)" \ + CXX="$( ((LLVM)) && echo clang++ || echo g++)" \ + CC_LD="$( ((LLVM)) && echo lld)" \ + CXX_LD="$( ((LLVM)) && echo lld)" \ + DEB_BUILD_OPTIONS="$(awk '$1=$1' <<<"\ + $( ((WITH_TESTS)) || echo nocheck) \ + $( ((WITH_DOCS)) || echo nodoc) \ + $( ((WITH_DEBUG)) && echo debug || echo nostrip) \ + $( ! ((MESON_VERBOSE)) && echo terse) \ + optimize=-lto \ + hardening=-fortify \ + ")" \ + DEB_BUILD_PROFILES="$(awk '$1=$1' <<<"\ + $( ((WITH_TESTS)) || echo nocheck) \ + $( ((WITH_DOCS)) || echo nodoc) \ + pkg.systemd.upstream \ + ")" \ + DEB_CFLAGS_APPEND="$MKOSI_CFLAGS $CFLAGS" \ + DEB_CXXFLAGS_APPEND="$MKOSI_CFLAGS $CFLAGS" \ + DEB_LDFLAGS_APPEND="$MKOSI_LDFLAGS $LDFLAGS" \ + DPKG_FORCE="unsafe-io" \ + DPKG_DEB_COMPRESSOR_TYPE="none" \ + DH_MISSING="--fail-missing" \ + CONFFLAGS_UPSTREAM="$MKOSI_MESON_OPTIONS $MESON_OPTIONS" \ + GENSYMBOLS_LEVEL="$( ((LLVM)) && echo 0 || echo 1)" \ + dpkg-buildpackage \ + --no-pre-clean \ + --unsigned-changes \ + --build=binary + + EXIT_STATUS=$? + + # Make sure we don't reconfigure twice. + MKOSI_MESON_OPTIONS="${MKOSI_MESON_OPTIONS//"--wipe"/}" + + return $EXIT_STATUS +} + +if ! build; then + # debhelper installs files for each package to debian/<package> so we figure out which files were + # packaged by querying all the package names from debian/control and running find on each of the + # corresponding package directory in debian/. + grep "Package:" debian/control | + sed "s/Package: //" | + xargs -d '\n' -I {} sh -c "[ -d debian/{} ] && (cd debian/{} && find . ! -type d ! -path "*dh-exec*" -printf '%P\n')" | + # Remove compression suffix from compressed manpages as the manpages in debian/tmp will be uncompressed. + sed --regexp-extended 's/([0-9])\.gz$/\1/' | + sort --unique >/tmp/packaged-files + + # We figure out the installed files by running find on debian/tmp/ which contains the files installed + # by meson install. + (cd debian/tmp/ && find . ! -type d ! -path "*dh-exec*" -printf '%P\n') >/tmp/installed-files + + if [ -f debian/not-installed ]; then + grep --invert-match "^#" debian/not-installed >>/tmp/installed-files + fi + + sort --unique --output /tmp/installed-files /tmp/installed-files + + # We get all the installed files that were not packaged by finding entries in the installed file that are + # not in the packaged file. + comm -23 /tmp/installed-files /tmp/packaged-files > /tmp/unpackaged-files + # If there are no unpackaged files something else went wrong. + if [ ! -s /tmp/unpackaged-files ]; then + exit 1 + fi + + # Otherwise, we append the unpackaged files to the filelist for the systemd package and retry the build. + cat /tmp/unpackaged-files >>debian/systemd.install + build +fi + +( + shopt -s nullglob + rm -f "$BUILDDIR"/*.deb "$BUILDDIR"/*.ddeb + + cp ../*.deb ../*.ddeb "$PACKAGEDIR" + cp ../*.deb ../*.ddeb "$OUTPUTDIR" + cp ../*.deb ../*.ddeb "$BUILDDIR" + # These conflict with the packages that we actually want to install, so remove them + rm -f "$BUILDDIR"/systemd-standalone-*.deb "$BUILDDIR"/systemd-standalone-*.ddeb +) diff --git a/mkosi.conf.d/10-debian-ubuntu/mkosi.conf b/mkosi.conf.d/10-debian-ubuntu/mkosi.conf new file mode 100644 index 0000000000..5f9e3843e3 --- /dev/null +++ b/mkosi.conf.d/10-debian-ubuntu/mkosi.conf @@ -0,0 +1,95 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=|debian +Distribution=|ubuntu + +[Distribution] +PackageManagerTrees=mkosi-pinning.pref:/etc/apt/preferences.d/mkosi-pinning.pref + +[Content] +Environment= + GIT_URL=https://salsa.debian.org/systemd-team/systemd.git + GIT_SUBDIR=debian + GIT_BRANCH=debian/master + GIT_COMMIT=abf24e775c67cf054f474526dd5d9d952a00228b + +VolatilePackages= + libnss-myhostname + libnss-mymachines + libnss-resolve + libnss-systemd + libpam-systemd + libsystemd-dev + libudev-dev + systemd + systemd-container + systemd-coredump + systemd-cryptsetup + systemd-dev + systemd-homed + systemd-journal-remote + systemd-oomd + systemd-repart + systemd-resolved + systemd-sysv + systemd-tests + systemd-timesyncd + systemd-ukify + systemd-userdbd + udev + +Packages= + ^libasan[0-9]+$ + ^libtss2-esys-[0-9.]+-0$ + ^libtss2-mu-[0-9.]+-0$ + ^libubsan[0-9]+$ + apt + bind9-dnsutils + cryptsetup-bin + dbus-broker + dbus-user-session + dmsetup + dpkg-dev + f2fs-tools + fdisk + git-core + gnutls-bin + iproute2 + iputils-ping + isc-dhcp-server + libcap-ng-utils + libclang-rt-dev + libtss2-rc0 + libtss2-tcti-device0 + locales + man-db + multipath-tools + netcat-openbsd + open-iscsi + openssh-client + openssh-server + passwd + polkitd + procps + psmisc + python3-pexpect + python3-psutil + quota + softhsm2 + squashfs-tools + stress + tgt + tpm2-tools + tzdata + xxd + +InitrdPackages= + libclang-rt-dev + tpm2-tools + +InitrdVolatilePackages= + systemd + systemd-cryptsetup + systemd-repart + udev diff --git a/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/10-debug.conf b/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/10-debug.conf new file mode 100644 index 0000000000..2bb6164aa4 --- /dev/null +++ b/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/10-debug.conf @@ -0,0 +1,29 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Environment=WITH_DEBUG=1 + +[Content] +VolatilePackages= + libnss-myhostname-dbgsym + libnss-mymachines-dbgsym + libnss-resolve-dbgsym + libnss-systemd-dbgsym + libpam-systemd-dbgsym + libsystemd-shared-dbgsym + libsystemd0-dbgsym + libudev1-dbgsym + systemd-boot-dbgsym + systemd-container-dbgsym + systemd-coredump-dbgsym + systemd-cryptsetup-dbgsym + systemd-dbgsym + systemd-homed-dbgsym + systemd-journal-remote-dbgsym + systemd-oomd-dbgsym + systemd-repart-dbgsym + systemd-resolved-dbgsym + systemd-tests-dbgsym + systemd-timesyncd-dbgsym + systemd-userdbd-dbgsym + udev-dbgsym diff --git a/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf b/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf new file mode 100644 index 0000000000..781670a775 --- /dev/null +++ b/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# sbsigntool exists only on UEFI architectures + +[Match] +Architecture=|x86 +Architecture=|x86-64 +Architecture=|arm +Architecture=|arm64 +Architecture=|riscv32 +Architecture=|riscv64 + +[Content] +Packages= + sbsigntool + systemd-boot + systemd-boot-efi diff --git a/mkosi.conf.d/10-fedora.conf b/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf index 71948d8c0d..4fb4f46075 100644 --- a/mkosi.conf.d/10-fedora.conf +++ b/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf @@ -1,7 +1,7 @@ # SPDX-License-Identifier: LGPL-2.1-or-later [Match] -Distribution=fedora +Environment=NO_BUILD=1 -[Distribution] -@Release=rawhide +[Content] +WithNetwork=yes diff --git a/mkosi.conf.d/10-debian-ubuntu/mkosi.postinst b/mkosi.conf.d/10-debian-ubuntu/mkosi.postinst new file mode 100755 index 0000000000..314f235f5f --- /dev/null +++ b/mkosi.conf.d/10-debian-ubuntu/mkosi.postinst @@ -0,0 +1,29 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +# By default Suggests are not installed (and often Recommends are disabled too), which means we will miss +# the dlopen optional dependencies, but the tests need them, so parse them from the package metadata and +# install them. This is not an issue when building locally, as the build and runtime images are the same, +# so they would get installed as build dependencies anyway. + +if [ "$1" = "build" ] || ! ((NO_BUILD)); then + exit 0 +fi + +# Query the Recommends and Suggests of all systemd packages, by matching on the version +systemd_version="$(dpkg-query --showformat '${Version}' --show systemd)" +mapfile -t systemd_packages < <( dpkg --list | grep '^ii' | grep "$systemd_version" | awk '{print $2}' | tr '\n' ' ' ) +extra_packages=() +# shellcheck disable=SC2068 +for package in ${systemd_packages[@]}; do + # We are looking for dlopens, so filter for libraries + mapfile -t -O "${#extra_packages[@]}" extra_packages < <(dpkg-query --showformat '${Suggests}' --show "$package" | sed -e "s/, /\n/g" -e "s/|.*//" | grep "lib") + mapfile -t -O "${#extra_packages[@]}" extra_packages < <(dpkg-query --showformat '${Recommends}' --show "$package" | sed -e "s/, /\n/g" -e "s/|.*//" | grep "lib") +done + +if [ "${#extra_packages[@]}" -eq 0 ]; then + exit 0 +fi + +apt install "${extra_packages[@]}" diff --git a/mkosi.conf.d/10-debian-ubuntu/mkosi.prepare b/mkosi.conf.d/10-debian-ubuntu/mkosi.prepare new file mode 100755 index 0000000000..645671a031 --- /dev/null +++ b/mkosi.conf.d/10-debian-ubuntu/mkosi.prepare @@ -0,0 +1,18 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +if [ "$1" = "build" ] || ((NO_BUILD)); then + exit 0 +fi + +# shellcheck source=/dev/null +. "$BUILDROOT/usr/lib/os-release" + +if [ ! -d "pkg/$ID/debian" ]; then + echo "deb rules not found at pkg/$ID/debian, run mkosi once with -ff to make sure the rules are cloned" >&2 + exit 1 +fi + +cd "pkg/$ID" +DEB_BUILD_PROFILES="pkg.systemd.upstream" apt-get build-dep . diff --git a/mkosi.conf.d/10-debian.conf b/mkosi.conf.d/10-debian/mkosi.conf index 8674e884fa..c960a1b2ec 100644 --- a/mkosi.conf.d/10-debian.conf +++ b/mkosi.conf.d/10-debian/mkosi.conf @@ -4,4 +4,8 @@ Distribution=debian [Distribution] -@Release=testing +Release=testing + +[Content] +Packages= + linux-perf diff --git a/mkosi.conf.d/10-debian/mkosi.conf.d/arm64.conf b/mkosi.conf.d/10-debian/mkosi.conf.d/arm64.conf new file mode 100644 index 0000000000..af923fa442 --- /dev/null +++ b/mkosi.conf.d/10-debian/mkosi.conf.d/arm64.conf @@ -0,0 +1,8 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Architecture=arm64 + +[Content] +Packages= + linux-image-cloud-arm64 diff --git a/mkosi.conf.d/10-debian/mkosi.conf.d/x86-64.conf b/mkosi.conf.d/10-debian/mkosi.conf.d/x86-64.conf new file mode 100644 index 0000000000..615de52499 --- /dev/null +++ b/mkosi.conf.d/10-debian/mkosi.conf.d/x86-64.conf @@ -0,0 +1,8 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Architecture=x86-64 + +[Content] +Packages= + linux-image-cloud-amd64 diff --git a/mkosi.conf.d/10-fedora/mkosi.conf b/mkosi.conf.d/10-fedora/mkosi.conf new file mode 100644 index 0000000000..b9f310d3c1 --- /dev/null +++ b/mkosi.conf.d/10-fedora/mkosi.conf @@ -0,0 +1,22 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=fedora + +[Distribution] +Release=rawhide + +[Content] +Environment= + GIT_URL=https://src.fedoraproject.org/rpms/systemd.git + GIT_BRANCH=rawhide + GIT_COMMIT=f9fe17dbdee7242ccd4fd2858128c8952890bdb8 + +Packages= + compsize + dnf5 + f2fs-tools + scsi-target-utils + # Required for systemd-networkd-tests.py (netdevsim and sch_xxx modules) + kernel-modules-extra + kernel-modules-internal diff --git a/mkosi.conf.d/10-opensuse.conf b/mkosi.conf.d/10-opensuse.conf deleted file mode 100644 index f976fc8043..0000000000 --- a/mkosi.conf.d/10-opensuse.conf +++ /dev/null @@ -1,8 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=opensuse - -[Distribution] -@Release=tumbleweed -PackageManagerTrees=mkosi.conf.d/macros.db_backend:/etc/rpm/macros.db_backend diff --git a/mkosi.conf.d/10-opensuse/initrd/mkosi.postinst b/mkosi.conf.d/10-opensuse/initrd/mkosi.postinst new file mode 100755 index 0000000000..417132f3dd --- /dev/null +++ b/mkosi.conf.d/10-opensuse/initrd/mkosi.postinst @@ -0,0 +1,7 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +# OpenSUSE insists on blacklisting erofs by default because its supposedly a legacy filesystem. +# See https://github.com/openSUSE/suse-module-tools/pull/71 +rm -f "$BUILDROOT/usr/lib/modprobe.d/60-blacklist_fs-erofs.conf" diff --git a/mkosi.conf.d/macros.db_backend b/mkosi.conf.d/10-opensuse/macros.db_backend index 4a58f06458..4a58f06458 100644 --- a/mkosi.conf.d/macros.db_backend +++ b/mkosi.conf.d/10-opensuse/macros.db_backend diff --git a/mkosi.conf.d/10-opensuse/mkosi.build.chroot b/mkosi.conf.d/10-opensuse/mkosi.build.chroot new file mode 100755 index 0000000000..67481d0b10 --- /dev/null +++ b/mkosi.conf.d/10-opensuse/mkosi.build.chroot @@ -0,0 +1,141 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +if ((NO_BUILD)); then + exit 0 +fi + +# shellcheck source=/dev/null +. /usr/lib/os-release +ID="${ID%-*}" + +if [ ! -f "pkg/$ID/systemd.spec" ]; then + echo "spec not found at pkg/$ID/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2 + exit 1 +fi + +if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then + TS="$(git show --no-patch --format=%ct HEAD)" +else + TS="${SOURCE_DATE_EPOCH:-$(date +%s)}" +fi + +# The openSUSE filelists hardcode the manpage compression extension. This causes rpmbuild errors since we +# disable manpage compression as the files cannot be found. Fix the issue by removing the compression +# extension. +find "pkg/$ID" -name "files.*" -exec sed --in-place 's/\.gz$//' {} \; + +if systemd-analyze compare-versions "$(rpm --version | cut -d ' ' -f3)" lt "4.20"; then + # Fix the %install override so debuginfo packages are generated. + tee --append /usr/lib/rpm/suse/macros <<'EOF' +%install %{debug_package}\ +%%install\ +%{nil} +EOF +fi + +VERSION="$(cat meson.version)" +RELEASE="$(date "+%Y%m%d%H%M%S" --date "@$TS")" + +DIST="$(rpm --eval %dist)" +ARCH="$(rpm --eval %_arch)" +SRCDEST="/usr/src/debug/systemd-$VERSION-${RELEASE}${DIST}.$ARCH" + +MKOSI_CFLAGS="-O0 -Wp,-U_FORTIFY_SOURCE" +if ((WITH_DEBUG)); then + MKOSI_CFLAGS="$MKOSI_CFLAGS -fdebug-prefix-map=../src=$SRCDEST" +fi +if ((LLVM)); then + # TODO: Remove -fno-sanitize-function when https://github.com/systemd/systemd/issues/29972 is fixed. + MKOSI_CFLAGS="$MKOSI_CFLAGS -shared-libasan -fno-sanitize=function" +fi + +MKOSI_LDFLAGS="$(rpm --eval "%{?build_ldflags}")" +if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then + MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(clang --print-file-name="")lib/linux" +fi + +# A macro can't have an empty body and currently opensuse does not specify any of its own linker flags so +# set LDFLAGS to %{nil} if there are no linker flags. +if [[ -z "${MKOSI_LDFLAGS// }" ]]; then + MKOSI_LDFLAGS="%{nil}" +fi + +MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}" +if ((WIPE)); then + MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe" +fi + +# TODO: Drop when the spec is fixed (either the patch is adapted or not applied when building for upstream). +sed --in-place '/0009-pid1-handle-console-specificities-weirdness-for-s390.patch/d' "pkg/$ID/systemd.spec" + +build() { + IFS= + # shellcheck disable=SC2046 + env \ + --unset CFLAGS \ + --unset CXXFLAGS \ + --unset LDFLAGS \ + CC="$( ((LLVM)) && echo clang || echo gcc)" \ + CXX="$( ((LLVM)) && echo clang++ || echo g++)" \ + CC_LD="$( ((LLVM)) && echo lld)" \ + CXX_LD="$( ((LLVM)) && echo lld)" \ + rpmbuild \ + -bb \ + --build-in-place \ + --with upstream \ + $( ((WITH_TESTS)) || echo "--nocheck") \ + --define "_topdir /var/tmp" \ + --define "_sourcedir pkg/$ID" \ + --define "_rpmdir $OUTPUTDIR" \ + ${BUILDDIR:+"--define=_vpath_builddir $BUILDDIR"} \ + --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \ + --define "_binary_payload w.ufdio" \ + $( ((WITH_DEBUG)) || echo "--define=debug_package %{nil}") \ + --define "vendor openSUSE" \ + --define "version_override $VERSION" \ + --define "release_override $RELEASE" \ + --define "__check_files sh -c '$(rpm --define "_topdir /var/tmp" --eval %__check_files) | tee /tmp/unpackaged-files'" \ + --define "build_cflags $(rpm --eval "%{?build_cflags}") $MKOSI_CFLAGS $CFLAGS" \ + --define "build_cxxflags $(rpm --eval "%{?build_cxxflags}") $MKOSI_CFLAGS $CFLAGS" \ + --define "build_ldflags $MKOSI_LDFLAGS $LDFLAGS" \ + $( ((MESON_VERBOSE)) || echo "--undefine=__meson_verbose") \ + --define "meson_extra_configure_options $MKOSI_MESON_OPTIONS $MESON_OPTIONS" \ + --define "__os_install_post /usr/lib/rpm/brp-suse %{nil}" \ + --define "__elf_exclude_path ^/usr/lib/systemd/tests/unit-tests/.*$" \ + --define "__script_requires %{nil}" \ + --define "_find_debuginfo_dwz_opts %{nil}" \ + --define "_fixperms true" \ + --noclean \ + "$@" \ + "pkg/$ID/systemd.spec" + + EXIT_STATUS=$? + + # Make sure we don't reconfigure twice. + MKOSI_MESON_OPTIONS="${MKOSI_MESON_OPTIONS//"--wipe"/}" + + return $EXIT_STATUS +} + +if ! build; then + if [ ! -s /tmp/unpackaged-files ]; then + exit 1 + fi + + # rpm will append to any existing systemd.lang so delete it explicitly so we don't get duplicate file + # warnings. + rm systemd.lang + + grep -v ".debug" /tmp/unpackaged-files >>"pkg/$ID/files.systemd" + build --noprep --nocheck +fi + +( + shopt -s nullglob + rm -f "$BUILDDIR"/*.rpm +) + +cp "$OUTPUTDIR"/*.rpm "$PACKAGEDIR" +cp "$OUTPUTDIR"/*.rpm "$BUILDDIR" diff --git a/mkosi.conf.d/10-opensuse/mkosi.conf b/mkosi.conf.d/10-opensuse/mkosi.conf new file mode 100644 index 0000000000..c5a014f70b --- /dev/null +++ b/mkosi.conf.d/10-opensuse/mkosi.conf @@ -0,0 +1,104 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=opensuse + +[Config] +InitrdInclude=initrd/ + +[Distribution] +Release=tumbleweed +PackageManagerTrees=macros.db_backend:/etc/rpm/macros.db_backend + +[Content] +Environment= + GIT_URL=https://src.opensuse.org/rpm/systemd + GIT_BRANCH=devel + GIT_COMMIT=23bfa9d83b6e24a5395a704b816a351f3dc5b5316e580cacedd1b5d9e068c117 + +VolatilePackages= + systemd + systemd-boot + systemd-container + systemd-devel + systemd-doc + systemd-experimental + systemd-homed + systemd-lang + systemd-network + systemd-portable + systemd-sysvcompat + systemd-testsuite + udev + +# We install gawk, gzip, grep, xz, sed, rsync and docbook-xsl-stylesheets here explicitly so that the busybox +# versions don't get installed instead. +Packages= + bind-utils + bpftool + cryptsetup + device-mapper + dhcp-server + docbook-xsl-stylesheets + f2fs-tools + gawk + gcc-c++ + git-core + glibc-locale-base + gnutls + grep + group(bin) + group(daemon) + group(games) + group(nobody) + group(root) + gzip + iputils + kernel-default + kmod + libasan8 + libkmod2 + libubsan1 + multipath-tools + open-iscsi + openssh-clients + openssh-server + pam + patterns-base-minimal_base + perf + procps4 + psmisc + python3-pefile + python3-pexpect + python3-psutil + quota + rpm-build + rsync + sbsigntools + sed + shadow + softhsm + squashfs + tgt + timezone + tpm2.0-tools + user(bin) + user(daemon) + user(games) + user(nobody) + user(root) + veritysetup + vim + xz + zypper + +InitrdPackages= + clang + kmod + libkmod2 + tpm2.0-tools + +InitrdVolatilePackages= + systemd + udev + systemd-experimental diff --git a/mkosi.conf.d/10-opensuse/mkosi.conf.d/10-debug.conf b/mkosi.conf.d/10-opensuse/mkosi.conf.d/10-debug.conf new file mode 100644 index 0000000000..6c57d04f65 --- /dev/null +++ b/mkosi.conf.d/10-opensuse/mkosi.conf.d/10-debug.conf @@ -0,0 +1,21 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Environment=WITH_DEBUG=1 + +[Content] +VolatilePackages= + libsystemd0-debuginfo + libudev1-debuginfo + systemd-boot-debuginfo + systemd-container-debuginfo + systemd-debuginfo + systemd-debugsource + systemd-experimental-debuginfo + systemd-homed-debuginfo + systemd-journal-remote-debuginfo + systemd-network-debuginfo + systemd-portable-debuginfo + systemd-sysvcompat-debuginfo + systemd-testsuite-debuginfo + udev-debuginfo diff --git a/mkosi.conf.d/10-opensuse/mkosi.prepare b/mkosi.conf.d/10-opensuse/mkosi.prepare new file mode 100755 index 0000000000..c57aa878b8 --- /dev/null +++ b/mkosi.conf.d/10-opensuse/mkosi.prepare @@ -0,0 +1,64 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +if [ "$1" = "build" ] || ((NO_BUILD)); then + exit 0 +fi + +# shellcheck source=/dev/null +. "$BUILDROOT/usr/lib/os-release" +ID="${ID%-*}" + +if [ ! -f "pkg/$ID/systemd.spec" ]; then + echo "spec not found at pkg/$ID/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2 + exit 1 +fi + +# TODO: Drop when the spec is fixed (either the patch is adapted or not applied when building for upstream). +sed --in-place '/0009-pid1-handle-console-specificities-weirdness-for-s390.patch/d' "pkg/$ID/systemd.spec" + +for DEPS in --requires --buildrequires; do + mkosi-chroot \ + rpmspec \ + --with upstream \ + --query \ + "$DEPS" \ + --define "_topdir /var/tmp" \ + --define "_sourcedir pkg/$ID" \ + "pkg/$ID/systemd.spec" | + grep --invert-match --regexp systemd --regexp /bin/sh --regexp "rpmlib(" --regexp udev | + sort --unique | + tee /tmp/buildrequires | + xargs --delimiter '\n' mkosi-install +done + +until mkosi-chroot \ + rpmbuild \ + -bd \ + --build-in-place \ + --with upstream \ + --define "_topdir /var/tmp" \ + --define "_sourcedir pkg/$ID" \ + --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \ + "pkg/$ID/systemd.spec" +do + EXIT_STATUS=$? + if [ $EXIT_STATUS -ne 11 ]; then + exit $EXIT_STATUS + fi + + mkosi-chroot \ + rpm \ + --query \ + --package \ + --requires \ + /var/tmp/SRPMS/systemd-*.buildreqs.nosrc.rpm | + grep --invert-match '^rpmlib(' | + sort --unique >/tmp/dynamic-buildrequires + + sort /tmp/buildrequires /tmp/dynamic-buildrequires | + uniq --unique | + tee --append /tmp/buildrequires | + xargs --delimiter '\n' mkosi-install +done diff --git a/mkosi.conf.d/10-ubuntu.conf b/mkosi.conf.d/10-ubuntu.conf deleted file mode 100644 index da2d318295..0000000000 --- a/mkosi.conf.d/10-ubuntu.conf +++ /dev/null @@ -1,8 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=ubuntu - -[Distribution] -@Release=noble -Repositories=universe diff --git a/mkosi.conf.d/10-ubuntu/mkosi.conf b/mkosi.conf.d/10-ubuntu/mkosi.conf new file mode 100644 index 0000000000..1ffa3ab031 --- /dev/null +++ b/mkosi.conf.d/10-ubuntu/mkosi.conf @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=ubuntu + +[Distribution] +Release=noble +Repositories=universe + +[Content] +Packages= + linux-image-generic + linux-tools-common + linux-tools-virtual diff --git a/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf b/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf new file mode 100644 index 0000000000..582f038b5f --- /dev/null +++ b/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf @@ -0,0 +1,10 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# The ports Ubuntu archive is for non i386/amd64 repositories + +[Match] +Architecture=!x86-64 +Architecture=!x86 +Release=noble + +[Distribution] +PackageManagerTrees=noble-backports-ports.sources:/etc/apt/sources.list.d/noble-backports-ports.sources diff --git a/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf b/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf new file mode 100644 index 0000000000..7347be9069 --- /dev/null +++ b/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf @@ -0,0 +1,10 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# The main Ubuntu archive is only for i386/amd64 repositories + +[Match] +Architecture=|x86-64 +Architecture=|x86 +Release=noble + +[Distribution] +PackageManagerTrees=noble-backports.sources:/etc/apt/sources.list.d/noble-backports.sources diff --git a/mkosi.conf.d/10-ubuntu/noble-backports-ports.sources b/mkosi.conf.d/10-ubuntu/noble-backports-ports.sources new file mode 100644 index 0000000000..5b96dc544d --- /dev/null +++ b/mkosi.conf.d/10-ubuntu/noble-backports-ports.sources @@ -0,0 +1,6 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +Types: deb +URIs: http://ports.ubuntu.com +Suites: noble-backports +Components: main universe +Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg diff --git a/mkosi.conf.d/10-ubuntu/noble-backports.sources b/mkosi.conf.d/10-ubuntu/noble-backports.sources new file mode 100644 index 0000000000..d10c1e86b4 --- /dev/null +++ b/mkosi.conf.d/10-ubuntu/noble-backports.sources @@ -0,0 +1,6 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +Types: deb +URIs: http://archive.ubuntu.com/ubuntu +Suites: noble-backports +Components: main universe +Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg diff --git a/mkosi.conf.d/20-none.conf b/mkosi.conf.d/20-none.conf new file mode 100644 index 0000000000..57a2f3f0e3 --- /dev/null +++ b/mkosi.conf.d/20-none.conf @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +# If we're only rerunning the build script, remove all subimage dependencies to speed up builds. + +[Match] +Format=none + +[Config] +Dependencies= diff --git a/mkosi.conf.d/20-particle/mkosi.conf b/mkosi.conf.d/20-particle/mkosi.conf new file mode 100644 index 0000000000..99dad00f5a --- /dev/null +++ b/mkosi.conf.d/20-particle/mkosi.conf @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Profile=particle + +[Output] +RepartDirectories= +RepartDirectories=mkosi.repart + +[Validation] +SecureBoot=yes +SignExpectedPcr=yes + +[Host] +RuntimeSize=8G diff --git a/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/15-swap.conf b/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/15-swap.conf new file mode 100644 index 0000000000..3755278462 --- /dev/null +++ b/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/15-swap.conf @@ -0,0 +1,6 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Partition] +Type=swap +SizeMinBytes=100M +SizeMaxBytes=100M diff --git a/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/20-root.conf b/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/20-root.conf new file mode 100644 index 0000000000..2f92af248f --- /dev/null +++ b/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/20-root.conf @@ -0,0 +1,6 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Partition] +Type=root +Format=btrfs +SizeMinBytes=1G diff --git a/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf b/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf new file mode 100644 index 0000000000..dac79ba4ed --- /dev/null +++ b/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf @@ -0,0 +1,3 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +C+! /etc - - - - /usr/share/factory/mkosi diff --git a/mkosi.conf.d/20-particle/mkosi.finalize b/mkosi.conf.d/20-particle/mkosi.finalize new file mode 100755 index 0000000000..69f9554864 --- /dev/null +++ b/mkosi.conf.d/20-particle/mkosi.finalize @@ -0,0 +1,6 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +mkdir -p "$BUILDROOT"/usr/share/factory/mkosi +cp --archive --recursive --no-target-directory --reflink=auto "$BUILDROOT"/etc "$BUILDROOT"/usr/share/factory/mkosi diff --git a/mkosi.conf.d/20-particle/mkosi.postinst.chroot b/mkosi.conf.d/20-particle/mkosi.postinst.chroot new file mode 100755 index 0000000000..95e0552d91 --- /dev/null +++ b/mkosi.conf.d/20-particle/mkosi.postinst.chroot @@ -0,0 +1,12 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +# sbsign is not available on CentOS Stream +if command -v sbsign &>/dev/null; then + # Ensure that side-loaded PE addons are loaded if signed, and ignored if not + addons_dir=/efi/loader/addons + mkdir -p "$addons_dir" + ukify build --secureboot-private-key mkosi.key --secureboot-certificate mkosi.crt --cmdline this_should_be_here -o "$addons_dir/good.addon.efi" + ukify build --cmdline this_should_not_be_here -o "$addons_dir/bad.addon.efi" +fi diff --git a/mkosi.conf.d/20-particle/mkosi.repart/00-esp.conf b/mkosi.conf.d/20-particle/mkosi.repart/00-esp.conf new file mode 100644 index 0000000000..391543d1e7 --- /dev/null +++ b/mkosi.conf.d/20-particle/mkosi.repart/00-esp.conf @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Partition] +Type=esp +Format=vfat +CopyFiles=/boot:/ +CopyFiles=/efi:/ +SizeMinBytes=1G +SizeMaxBytes=1G diff --git a/mkosi.conf.d/20-particle/mkosi.repart/10-usr.conf b/mkosi.conf.d/20-particle/mkosi.repart/10-usr.conf new file mode 100644 index 0000000000..343761d097 --- /dev/null +++ b/mkosi.conf.d/20-particle/mkosi.repart/10-usr.conf @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Partition] +Type=usr +Format=erofs +CopyFiles=/usr:/ +Verity=data +VerityMatchKey=usr +Minimize=yes diff --git a/mkosi.conf.d/20-particle/mkosi.repart/11-usr-verity.conf b/mkosi.conf.d/20-particle/mkosi.repart/11-usr-verity.conf new file mode 100644 index 0000000000..b4d45dd7ef --- /dev/null +++ b/mkosi.conf.d/20-particle/mkosi.repart/11-usr-verity.conf @@ -0,0 +1,7 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Partition] +Type=usr-verity +Verity=hash +VerityMatchKey=usr +Minimize=yes diff --git a/mkosi.conf.d/20-particle/mkosi.repart/12-usr-verity-sig.conf b/mkosi.conf.d/20-particle/mkosi.repart/12-usr-verity-sig.conf new file mode 100644 index 0000000000..1841d0a6db --- /dev/null +++ b/mkosi.conf.d/20-particle/mkosi.repart/12-usr-verity-sig.conf @@ -0,0 +1,6 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Partition] +Type=usr-verity-sig +Verity=signature +VerityMatchKey=usr |