mkosi: Adapt configuration to take into account configuration rework

In https://github.com/systemd/mkosi/pull/2847, the '@' specifier is removed, CLI arguments take priority over configuration files again and the "main" image is defined at the top level instead of in mkosi.images/. Additionally, not every setting from the top level configuration is inherited by the images in mkosi.images/ anymore, only settings which make sense to be inherited are inherited. This commit gets rid of all the usages of '@', moves the "main" image configuration from mkosi.images/system to the top level and gets rid of various hacks we had in place to deal with quirks of the old configuration parsing logic. We also remove usages of Images= and --append as these options are removed by the mentioned PR.
author: Daan De Meyer <daan.j.demeyer@gmail.com> 2024-07-08 12:59:52 +0200
committer: Daan De Meyer <daan.j.demeyer@gmail.com> 2024-07-09 08:07:09 +0200
commit: 20345a86b7157e229c1c7e3976005548bad159a4 (patch)
tree: 02021dbcdd2e85a6b62cdbc691d9d51a0ffa179a /mkosi.extra
parent: mkosi: policykit-1 was renamed to polkitd (diff)
download: systemd-20345a86b7157e229c1c7e3976005548bad159a4.tar.xz
systemd-20345a86b7157e229c1c7e3976005548bad159a4.zip
11 files changed, 84 insertions, 0 deletions
diff --git a/mkosi.extra/.autorelabel b/mkosi.extra/.autorelabel
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/mkosi.extra/.autorelabel
diff --git a/mkosi.extra/etc/iscsi/iscsid.conf b/mkosi.extra/etc/iscsi/iscsid.conf
new file mode 100644
index 0000000000..fcf4cd9cdc
--- /dev/null
+++ b/mkosi.extra/etc/iscsi/iscsid.conf
@@ -0,0 +1,3 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+iscsid.startup = /usr/bin/systemctl start iscsid.socket
diff --git a/mkosi.extra/etc/issue b/mkosi.extra/etc/issue
new file mode 100644
index 0000000000..6aa6fc0ec0
--- /dev/null
+++ b/mkosi.extra/etc/issue
@@ -0,0 +1,2 @@
+\S (built from systemd tree)
+Kernel \r on an \m (\l)
diff --git a/mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf b/mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf
new file mode 100644
index 0000000000..657ac72f8d
--- /dev/null
+++ b/mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf
@@ -0,0 +1,4 @@
+# Ubuntu since Noble disables unprivileged user namespaces by default, re-enable them as they are needed
+# for integration tests
+kernel.apparmor_restrict_unprivileged_unconfined = 0
+kernel.apparmor_restrict_unprivileged_userns = 0
diff --git a/mkosi.extra/usr/lib/systemd/journald.conf.d/ratelimit.conf b/mkosi.extra/usr/lib/systemd/journald.conf.d/ratelimit.conf
new file mode 100644
index 0000000000..3baede462e
--- /dev/null
+++ b/mkosi.extra/usr/lib/systemd/journald.conf.d/ratelimit.conf
@@ -0,0 +1,5 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Journal]
+RateLimitIntervalSec=0
+RateLimitBurst=0
diff --git a/mkosi.extra/usr/lib/systemd/system-preset/00-mkosi.preset b/mkosi.extra/usr/lib/systemd/system-preset/00-mkosi.preset
new file mode 100644
index 0000000000..c3640585e5
--- /dev/null
+++ b/mkosi.extra/usr/lib/systemd/system-preset/00-mkosi.preset
@@ -0,0 +1,41 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+# mkosi adds its own ssh units via the --ssh switch so disable the default ones.
+disable ssh.service
+disable sshd.service
+
+# These are started manually in integration tests so don't start them by default.
+disable dnsmasq.service
+disable isc-dhcp-server.service
+disable isc-dhcp-server6.service
+
+# Pulled in via dracut-network by kexec-tools on Fedora.
+disable NetworkManager*
+
+# Make sure dbus-broker is started by default on Debian/Ubuntu.
+enable dbus-broker.service
+
+# systemd-networkd is disabled by default on Fedora so make sure it is enabled.
+enable systemd-networkd.service
+enable systemd-networkd-wait-online.service
+
+# systemd-resolved is disable by default on CentOS so make sure it is enabled.
+enable systemd-resolved.service
+
+# We install dnf in some images but it's only going to be used rarely,
+# so let's not have dnf create its cache.
+disable dnf-makecache.*
+
+# We have journald to receive audit data so let's make sure we're not running auditd as well
+disable auditd.service
+
+# systemd-timesyncd is not enabled by default in the default systemd preset so enable it here instead.
+enable systemd-timesyncd.service
+
+# Skipped if selinux is not enabled, required for TEST-06-SELINUX.
+enable autorelabel.service
+
+# Enabled by default on OpenSUSE and not conditioned out in containers, so let's disable these here instead.
+disable iscsi.service
+disable iscsid.socket
+disable iscsiuio.socket
diff --git a/mkosi.extra/usr/lib/systemd/system-preset/99-mkosi.preset b/mkosi.extra/usr/lib/systemd/system-preset/99-mkosi.preset
new file mode 100644
index 0000000000..710ee7c6f9
--- /dev/null
+++ b/mkosi.extra/usr/lib/systemd/system-preset/99-mkosi.preset
@@ -0,0 +1,4 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+# Make sure that services are disabled by default (primarily for Debian/Ubuntu).
+disable *
diff --git a/mkosi.extra/usr/lib/systemd/system/iscsi-init.service.d/asan.conf b/mkosi.extra/usr/lib/systemd/system/iscsi-init.service.d/asan.conf
new file mode 100644
index 0000000000..ebf7899a78
--- /dev/null
+++ b/mkosi.extra/usr/lib/systemd/system/iscsi-init.service.d/asan.conf
@@ -0,0 +1,7 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+# The iscsi-init.service calls `sh` which might, in certain circumstances, pull in instrumented systemd NSS
+# modules causing `sh` to fail. Avoid the issue by setting LD_PRELOAD to load the sanitizer libraries if
+# needed.
+[Service]
+EnvironmentFile=-/usr/lib/systemd/systemd-asan-env
diff --git a/mkosi.extra/usr/lib/systemd/system/user@.service.d/99-SYSTEMD_UNIT_PATH.conf b/mkosi.extra/usr/lib/systemd/system/user@.service.d/99-SYSTEMD_UNIT_PATH.conf
new file mode 100644
index 0000000000..d0093b7e24
--- /dev/null
+++ b/mkosi.extra/usr/lib/systemd/system/user@.service.d/99-SYSTEMD_UNIT_PATH.conf
@@ -0,0 +1,4 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Service]
+PassEnvironment=SYSTEMD_UNIT_PATH
diff --git a/mkosi.extra/usr/lib/tmpfiles.d/locale.conf b/mkosi.extra/usr/lib/tmpfiles.d/locale.conf
new file mode 100644
index 0000000000..e1a8e8171a
--- /dev/null
+++ b/mkosi.extra/usr/lib/tmpfiles.d/locale.conf
@@ -0,0 +1 @@
+L /etc/default/locale - - - - ../locale.conf
diff --git a/mkosi.extra/usr/share/dbus-1/system.d/systemd.test.ExecStopPost.conf b/mkosi.extra/usr/share/dbus-1/system.d/systemd.test.ExecStopPost.conf
new file mode 100644
index 0000000000..ddd36ed5dc
--- /dev/null
+++ b/mkosi.extra/usr/share/dbus-1/system.d/systemd.test.ExecStopPost.conf
@@ -0,0 +1,13 @@
+<?xml version="1.0"?>
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+        "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+
+<!--
+  SPDX-License-Identifier: LGPL-2.1-or-later
+-->
+
+<busconfig>
+    <policy user="root">
+        <allow own="systemd.test.ExecStopPost"/>
+    </policy>
+</busconfig>
author	Daan De Meyer <daan.j.demeyer@gmail.com>	2024-07-08 12:59:52 +0200
committer	Daan De Meyer <daan.j.demeyer@gmail.com>	2024-07-09 08:07:09 +0200
commit	20345a86b7157e229c1c7e3976005548bad159a4 (patch)
tree	02021dbcdd2e85a6b62cdbc691d9d51a0ffa179a /mkosi.extra
parent	mkosi: policykit-1 was renamed to polkitd (diff)
download	systemd-20345a86b7157e229c1c7e3976005548bad159a4.tar.xz systemd-20345a86b7157e229c1c7e3976005548bad159a4.zip