diff options
| author | Daan De Meyer <daan.j.demeyer@gmail.com> | 2024-07-16 12:07:38 +0200 |
|---|---|---|
| committer | Daan De Meyer <daan.j.demeyer@gmail.com> | 2024-07-16 13:59:47 +0200 |
| commit | 68ee9771145464949d36d62a0ec687ecfb39290a (patch) | |
| tree | 3be069837c9202c134100bf1bee43253797b2323 /mkosi.images | |
| parent | mkosi: Drop CacheOnly=always from two subimages (diff) | |
| download | systemd-68ee9771145464949d36d62a0ec687ecfb39290a.tar.xz systemd-68ee9771145464949d36d62a0ec687ecfb39290a.zip | |
mkosi: Build initrd as a subimage
Let's make things a little more consistent and build the initrd
explicitly as a subimage as well instead of relying on mkosi building
it as part of the main image build.
We drop the opensuse initrd postinst script as we don't use erofs by
default anymore. We can always reintroduce it again later if needed.
Diffstat (limited to 'mkosi.images')
11 files changed, 146 insertions, 0 deletions
diff --git a/mkosi.images/initrd/mkosi.conf b/mkosi.images/initrd/mkosi.conf new file mode 100644 index 0000000000..ab5be9b884 --- /dev/null +++ b/mkosi.images/initrd/mkosi.conf @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Config] +Include= + mkosi-initrd + %D/mkosi.sanitizers + +[Content] +ExtraTrees= + %D/mkosi.leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions + %D/mkosi.coredump-journal-storage.conf:/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf + +Packages= + findutils + grep + sed diff --git a/mkosi.images/initrd/mkosi.conf.d/arch.conf b/mkosi.images/initrd/mkosi.conf.d/arch.conf new file mode 100644 index 0000000000..99e039d1dc --- /dev/null +++ b/mkosi.images/initrd/mkosi.conf.d/arch.conf @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=arch + +[Content] +Packages= + btrfs-progs + tpm2-tools + +VolatilePackages= + systemd + systemd-libs + systemd-sysvcompat diff --git a/mkosi.images/initrd/mkosi.conf.d/build.conf b/mkosi.images/initrd/mkosi.conf.d/build.conf new file mode 100644 index 0000000000..8c16d9b9f8 --- /dev/null +++ b/mkosi.images/initrd/mkosi.conf.d/build.conf @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +# Add a dependency on the build image unless NO_BUILD=1. + +[Match] +Environment=!NO_BUILD=1 + +[Config] +Dependencies=build diff --git a/mkosi.images/initrd/mkosi.conf.d/centos-fedora.conf b/mkosi.images/initrd/mkosi.conf.d/centos-fedora.conf new file mode 100644 index 0000000000..811d35266b --- /dev/null +++ b/mkosi.images/initrd/mkosi.conf.d/centos-fedora.conf @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=|centos +Distribution=|fedora + +[Content] +Packages= + tpm2-tools + +VolatilePackages= + systemd + systemd-udev diff --git a/mkosi.images/initrd/mkosi.conf.d/debian-ubuntu.conf b/mkosi.images/initrd/mkosi.conf.d/debian-ubuntu.conf new file mode 100644 index 0000000000..8d56ff206b --- /dev/null +++ b/mkosi.images/initrd/mkosi.conf.d/debian-ubuntu.conf @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=|debian +Distribution=|ubuntu + +[Content] +Packages= + btrfs-progs + tpm2-tools + +VolatilePackages= + systemd + systemd-cryptsetup + systemd-repart + udev diff --git a/mkosi.images/initrd/mkosi.conf.d/fedora.conf b/mkosi.images/initrd/mkosi.conf.d/fedora.conf new file mode 100644 index 0000000000..634b5a0f41 --- /dev/null +++ b/mkosi.images/initrd/mkosi.conf.d/fedora.conf @@ -0,0 +1,8 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=fedora + +[Content] +Packages= + btrfs-progs diff --git a/mkosi.images/initrd/mkosi.conf.d/opensuse.conf b/mkosi.images/initrd/mkosi.conf.d/opensuse.conf new file mode 100644 index 0000000000..e04f8bcd11 --- /dev/null +++ b/mkosi.images/initrd/mkosi.conf.d/opensuse.conf @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=opensuse + +[Content] +Packages= + btrfs-progs + kmod + tpm2.0-tools + +VolatilePackages= + systemd + udev + systemd-experimental diff --git a/mkosi.images/initrd/mkosi.extra/usr/lib/encrypted-var.repart.d/00-root.conf b/mkosi.images/initrd/mkosi.extra/usr/lib/encrypted-var.repart.d/00-root.conf new file mode 100644 index 0000000000..b252491826 --- /dev/null +++ b/mkosi.images/initrd/mkosi.extra/usr/lib/encrypted-var.repart.d/00-root.conf @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Partition] +Type=var +# This label is the partition's label. The filesystem inside may have its own label. +Label=varcrypt +# This UUID is the decrypted partition UUID, there are also filesystem and luks UUIDs. +# The original test finds the partition by this UUID, but it doesn't appear +# since the luks UUID, which is derived by hash of this UUID, is different +# and the luks UUID is needed before the decrypted partition UUID. +# The resulting luks UUID is 0d318174-56b0-4d6e-a324-ac1e7e7d235d. +UUID=deadbeef-dead-dead-beef-000000000000 +Format=ext4 +Encrypt=key-file +SizeMinBytes=1G diff --git a/mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/encrypted-var.service b/mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/encrypted-var.service new file mode 100644 index 0000000000..54a9b8aa9e --- /dev/null +++ b/mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/encrypted-var.service @@ -0,0 +1,20 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Unit] +Description=Add encrypted var partition to root disk +Documentation=man:systemd-repart.service(8) + +ConditionVirtualization=!container + +DefaultDependencies=no +Wants=modprobe@loop.service modprobe@dm_mod.service +After=modprobe@loop.service modprobe@dm_mod.service sysroot.mount +Before=initrd-root-fs.target +Conflicts=shutdown.target initrd-switch-root.target +Before=shutdown.target initrd-switch-root.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=systemd-repart --definitions /usr/lib/encrypted-var.repart.d --key-file %d/keyfile --dry-run=no /sysroot +ImportCredential=keyfile diff --git a/mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/initrd-run-mount.service b/mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/initrd-run-mount.service new file mode 100644 index 0000000000..845ac57455 --- /dev/null +++ b/mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/initrd-run-mount.service @@ -0,0 +1,11 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Unit] +Description=Create a mount in /run that should survive the transition from initrd + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=mkdir /run/initrd-mount-source /run/initrd-mount-target +ExecStart=mount -v --bind /run/initrd-mount-source /run/initrd-mount-target +ExecStart=cp -v /etc/initrd-release /run/initrd-mount-target/hello-world diff --git a/mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/initrdcred.service b/mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/initrdcred.service new file mode 100644 index 0000000000..2c709bccc4 --- /dev/null +++ b/mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/initrdcred.service @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Unit] +Description=populate initrd credential dir for TEST-54-CREDS + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=sh -c "mkdir -m 0755 -p /run/credentials && mkdir -m 0700 /run/credentials/@initrd && umask 0077 && echo guatemala > /run/credentials/@initrd/myinitrdcred" |