diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml index fa0a22a577..c2c12f3393 100644 --- a/.github/workflows/mkosi.yml +++ b/.github/workflows/mkosi.yml @@ -44,8 +44,6 @@ jobs: release: rawhide - distro: opensuse release: tumbleweed - - distro: centos_epel - release: 8-stream - distro: centos_epel release: 9-stream diff --git a/mkosi.build b/mkosi.build index 210811e768..76a813bf0a 100755 --- a/mkosi.build +++ b/mkosi.build @@ -47,6 +47,15 @@ if [ "$(locale charmap 2>/dev/null)" != "UTF-8" ] ; then fi fi +# The bpftool script shipped by Ubuntu tries to find the actual program to run via querying `uname -r` and +# using the current kernel version. This obviously doesn't work in containers. As a workaround, we override +# the ubuntu script with a symlink to the first bpftool program we can find. +for bpftool in /usr/lib/linux-tools/*/bpftool; do + [ -x "$bpftool" ] || continue + ln -sf "$bpftool" /usr/sbin/bpftool + break +done + if [ ! -f "$BUILDDIR"/build.ninja ] ; then sysvinit_path=$(realpath /etc/init.d) @@ -66,7 +75,81 @@ if [ ! -f "$BUILDDIR"/build.ninja ] ; then -D version-tag="${VERSION_TAG}" \ -D mode=developer \ -D b_sanitize="${SANITIZERS:-none}" \ - -D install-tests=true + -D install-tests=true \ + -D tests=unsafe \ + -D slow-tests=true \ + -D utmp=true \ + -D hibernate=true \ + -D ldconfig=true \ + -D resolve=true \ + -D efi=true \ + -D tpm=true \ + -D environment-d=true \ + -D binfmt=true \ + -D repart=true \ + -D sysupdate=true \ + -D coredump=true \ + -D pstore=true \ + -D oomd=true \ + -D logind=true \ + -D hostnamed=true \ + -D localed=true \ + -D machined=true \ + -D portabled=true \ + -D sysext=true \ + -D userdb=true \ + -D homed=true \ + -D networkd=true \ + -D timedated=true \ + -D timesyncd=true \ + -D remote=true \ + -D nss-myhostname=true \ + -D nss-mymachines=true \ + -D nss-resolve=true \ + -D nss-systemd=true \ + -D firstboot=true \ + -D randomseed=true \ + -D backlight=true \ + -D vconsole=true \ + -D quotacheck=true \ + -D sysusers=true \ + -D tmpfiles=true \ + -D importd=true \ + -D hwdb=true \ + -D rfkill=true \ + -D xdg-autostart=true \ + -D translations=true \ + -D polkit=true \ + -D acl=true \ + -D audit=true \ + -D blkid=true \ + -D fdisk=true \ + -D kmod=true \ + -D pam=true \ + -D pwquality=true \ + -D microhttpd=true \ + -D libcryptsetup=true \ + -D libcurl=true \ + -D idn=true \ + -D libidn2=true \ + -D qrencode=true \ + -D gcrypt=true \ + -D gnutls=true \ + -D openssl=true \ + -D cryptolib=openssl \ + -D p11kit=true \ + -D libfido2=true \ + -D tpm2=true \ + -D elfutils=true \ + -D zstd=true \ + -D xkbcommon=true \ + -D pcre2=true \ + -D glib=true \ + -D dbus=true \ + -D gnu-efi=true \ + -D kernel-install=true \ + -D analyze=true \ + -D bpf-framework=true fi cd "$BUILDDIR" @@ -172,3 +255,7 @@ TTYVHangup=no CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG EOF fi + +# Make sure services aren't enabled by default on Debian/Ubuntu. +mkdir -p "$DESTDIR/etc/systemd/system-preset" +echo "disable *" > "$DESTDIR/etc/systemd/system-preset/99-mkosi.preset" diff --git a/mkosi.default.d/10-systemd.conf b/mkosi.default.d/10-systemd.conf index 8efd1e97fa..1c69dc46e0 100644 --- a/mkosi.default.d/10-systemd.conf +++ b/mkosi.default.d/10-systemd.conf @@ -14,6 +14,46 @@ OutputDirectory=mkosi.output BuildDirectory=mkosi.builddir Cache=mkosi.cache SourceFileTransferFinal=copy-git-others +Packages= + acl + bash-completion + coreutils + diffutils + dnsmasq + findutils + gcc # For sanitizer libraries + gdb + grep + kbd + kexec-tools + kmod + less + nano + nftables + openssl + python3 + qrencode + sed + strace + tree + util-linux + valgrind + wireguard-tools + zsh + +BuildPackages= + clang + gcc + gettext + git + gnu-efi + gperf + llvm + meson + pkgconf + rpm + rsync + zstd [Host] QemuHeadless=yes diff --git a/mkosi.default.d/arch/10-mkosi.arch b/mkosi.default.d/arch/10-mkosi.arch index 12f46c71c7..bd54b08c54 100644 --- a/mkosi.default.d/arch/10-mkosi.arch +++ b/mkosi.default.d/arch/10-mkosi.arch @@ -9,65 +9,28 @@ Distribution=arch [Content] -BuildPackages= - acl - bzip2 - clang - cryptsetup - curl - dbus - diffutils - docbook-xsl - elfutils - gcc - git - gnu-efi-libs - gnutls - gperf - inetutils - iptables - kmod - libbpf - libcap - libgcrypt - libidn2 - libmicrohttpd - libseccomp - libutil-linux - libxkbcommon - libxslt - llvm - lz4 - meson - pam - pkgconfig - python - python-lxml - python-jinja - qrencode - rsync - xz - zstd - Packages= - gdb - libbpf - libidn2 - nano - qrencode - strace - # For testing "systemd-analyze verify". - man-db - # For testing systemd's bash completion scripts. - bash-completion - # For testing systemd's zsh completion scripts - # Run `autoload -Uz compinit; compinit` from a zsh shell in the booted image to enable completions. - zsh - # xxd is provided by the vim package - vim - # Required to run systemd-networkd-tests.py - python - iproute - dnsmasq - wireguard-tools + compsize dhcp + gnutls + iproute + libbpf + libfido2 + libmicrohttpd + libpwquality + libxkbcommon + man-db + openbsd-netcat + polkit + quota-tools + tpm2-tss + vim + +BuildPackages= + bpf + docbook-xsl + libxslt + linux-api-headers + perl + python-jinja + python-lxml diff --git a/mkosi.default.d/centos_epel/10-mkosi.centos_epel b/mkosi.default.d/centos_epel/10-mkosi.centos_epel index 5e726d4aef..482b5935ce 100644 --- a/mkosi.default.d/centos_epel/10-mkosi.centos_epel +++ b/mkosi.default.d/centos_epel/10-mkosi.centos_epel @@ -11,39 +11,54 @@ Format=gpt_xfs HostonlyInitrd=no [Content] -BuildPackages= - diffutils - docbook-style-xsl - findutils - gcc - gettext - git +Packages= + audit + cryptsetup + dhcp-server + glib2 glibc-minimal-langpack - gnu-efi + gnutls + iproute + iproute-tc + kernel-modules-extra + libbpf + libfido2 + libmicrohttpd + libxcrypt + libxkbcommon + netcat + p11-kit + pam + polkit + procps-ng + quota + tpm2-tss + vim-common + +BuildPackages= + bpftool + docbook-xsl gnu-efi-devel - gperf - lz4 - meson - ninja-build + libgcrypt-devel # CentOS Stream 8 libgcrypt-devel doesn't ship a pkg-config file. + libxslt pam-devel - # CentOS Stream 8 libgcrypt-devel doesn't ship a pkg-config file. - libgcrypt-devel - pkgconfig + perl-interpreter pkgconfig(audit) pkgconfig(blkid) pkgconfig(bzip2) pkgconfig(dbus-1) pkgconfig(fdisk) + pkgconfig(glib-2.0) pkgconfig(gnutls) pkgconfig(libacl) + pkgconfig(libbpf) pkgconfig(libcap) pkgconfig(libcryptsetup) pkgconfig(libcurl) pkgconfig(libdw) + pkgconfig(libfido2) pkgconfig(libidn2) pkgconfig(libkmod) - pkgconfig(liblz4) - pkgconfig(liblzma) pkgconfig(libmicrohttpd) pkgconfig(libpcre2-8) pkgconfig(libqrencode) @@ -61,30 +76,3 @@ BuildPackages= pkgconfig(xkbcommon) python3dist(jinja2) python3dist(lxml) - rpm - tree - zstd - /usr/bin/xsltproc - -Packages= - gdb - nano - # procps-ng provides a set of useful utilities (ps, free, etc) - procps-ng - strace - tpm2-tss - less - netcat - e2fsprogs - # xxd is provided by the vim-common package - vim-common - libasan - libubsan - # Required to run systemd-networkd-tests.py - python3 - iproute - iproute-tc - dnsmasq - wireguard-tools - dhcp-server - kernel-modules-extra diff --git a/mkosi.default.d/debian/10-mkosi.debian b/mkosi.default.d/debian/10-mkosi.debian index 2488eeb557..2b712d6778 100644 --- a/mkosi.default.d/debian/10-mkosi.debian +++ b/mkosi.default.d/debian/10-mkosi.debian @@ -8,17 +8,31 @@ Distribution=debian Release=testing [Content] +Packages= + cryptsetup-bin + iproute2 + isc-dhcp-server + libbpf0 + libfido2-1 + libglib2.0-0 + libgnutls30 + libidn2-0 + libmicrohttpd12 + libp11-kit0 + libpam0g + libpwquality1 + libqrencode4 + libtss2-dev # Use the -dev package to avoid churn in updating version numbers + netcat-openbsd + policykit-1 + procps + quota + xxd + BuildPackages= - acl - clang - docbook-xml + bpftool docbook-xsl - gcc g++ - gettext - git - gnu-efi - gperf libacl1-dev libaudit-dev libblkid-dev @@ -26,59 +40,28 @@ BuildPackages= libbz2-dev libcap-dev libcryptsetup-dev - libcurl4-gnutls-dev + libcurl4-openssl-dev libdbus-1-dev libdw-dev libfdisk-dev libfido2-dev libgcrypt20-dev + libglib2.0-dev libgnutls28-dev - libidn2-0-dev + libidn2-dev libiptc-dev libkmod-dev - liblz4-dev - liblz4-tool - liblzma-dev libmicrohttpd-dev libmount-dev + libp11-kit-dev libpam0g-dev + libpwquality-dev libqrencode-dev libseccomp-dev libsmartcols-dev libssl-dev - libtss2-dev libxkbcommon-dev libzstd-dev - llvm - meson - pkg-config - python3 - python3-lxml python3-jinja2 - tree - uuid-dev + python3-lxml xsltproc - xz-utils - zstd - -Packages= - gdb - libbpf0 - libfdisk1 - libfido2-1 - libidn2-0 - libqrencode4 - # We pull in the -dev package here, since the binary ones appear to change names too often, and the -dev package pulls the right deps in automatically - libtss2-dev - locales - nano - strace - xxd - # Provides libasan/libubsan - gcc - # Required to run systemd-networkd-tests.py - python3 - iproute2 - dnsmasq-base - wireguard-tools - isc-dhcp-server diff --git a/mkosi.default.d/fedora/10-mkosi.fedora b/mkosi.default.d/fedora/10-mkosi.fedora index c1d8a57557..9561117789 100644 --- a/mkosi.default.d/fedora/10-mkosi.fedora +++ b/mkosi.default.d/fedora/10-mkosi.fedora @@ -8,29 +8,42 @@ Distribution=fedora Release=36 [Content] -BuildPackages= - diffutils - docbook-style-xsl - findutils - gcc - gettext - git +Packages= + compsize + cryptsetup + dhcp-server + glib2 glibc-minimal-langpack - gnu-efi + gnutls + iproute + iproute-tc + kernel-modules-extra + libbpf + libfido2 + libmicrohttpd + libxcrypt + libxkbcommon + netcat + pam + polkit + procps-ng + quota + tpm2-tss + vim-common + +BuildPackages= + bpftool + docbook-xsl gnu-efi-devel - gperf - lz4 - meson - ninja-build pam-devel - pkgconfig + pkgconfig # pkgconf shim to provide /usr/bin/pkg-config pkgconfig(audit) pkgconfig(blkid) - pkgconfig(bzip2) pkgconfig(dbus-1) pkgconfig(fdisk) - pkgconfig(gnutls) + pkgconfig(glib-2.0) pkgconfig(libacl) + pkgconfig(libbpf) pkgconfig(libcap) pkgconfig(libcryptsetup) pkgconfig(libcurl) @@ -39,8 +52,6 @@ BuildPackages= pkgconfig(libgcrypt) pkgconfig(libidn2) pkgconfig(libkmod) - pkgconfig(liblz4) - pkgconfig(liblzma) pkgconfig(libmicrohttpd) pkgconfig(libpcre2-8) pkgconfig(libqrencode) @@ -58,33 +69,3 @@ BuildPackages= pkgconfig(xkbcommon) python3dist(jinja2) python3dist(lxml) - rpm - tree - zstd - /usr/bin/xsltproc - -Packages= - acl - gdb - nano - # procps-ng provides a set of useful utilities (ps, free, etc) - procps-ng - strace - tpm2-tss - less - netcat - e2fsprogs - compsize - # xxd is provided by the vim-common package - vim-common - # Sanitizers - libasan - libubsan - # Required to run systemd-networkd-tests.py - python - iproute - iproute-tc - dnsmasq - wireguard-tools - dhcp-server - kernel-modules-extra diff --git a/mkosi.default.d/opensuse/10-mkosi.opensuse b/mkosi.default.d/opensuse/10-mkosi.opensuse index 16fdecdede..8dbb1dc50f 100644 --- a/mkosi.default.d/opensuse/10-mkosi.opensuse +++ b/mkosi.default.d/opensuse/10-mkosi.opensuse @@ -8,72 +8,59 @@ Distribution=opensuse Release=tumbleweed [Content] -BuildPackages= - docbook-xsl-stylesheets - fdupes - gcc - gnu-efi - gperf - intltool - libacl-devel - libapparmor-devel - libblkid-devel - libbz2-devel - libcap-devel - libcryptsetup-devel - libcurl-devel - libgcrypt-devel - libgnutls-devel - libkmod-devel - liblz4-devel - libmicrohttpd-devel - libmount-devel - libseccomp-devel - libselinux-devel - libxslt-tools - meson - pam-devel - pciutils-devel - pcre-devel - python3 - python3-Jinja2 - python3-lxml - qrencode-devel - shadow - system-user-nobody - systemd-sysvinit - zlib-devel -# to satisfy tests - acl - diffutils - glibc-locale - system-group-obsolete - system-user-bin - system-user-daemon - system-user-root - timezone - Packages= - gdb - # brought in via meson->python3 - libp11-kit0 - # --bootable=no dbus-1 - libapparmor1 + glibc-locale-base + libbpf0 libcrypt1 libcryptsetup12 + libdw1 + libelf1 + libfido2 libgcrypt20 - libgnutls30 + libglib-2_0-0 libkmod2 liblz4-1 libmount1 + libp11-kit0 libqrencode4 libseccomp2 + libxkbcommon0 pam - nano - strace - util-linux - # xxd is provided by the vim package + tpm2-0-tss vim - # Provides libasan/libubsan - gcc + +BuildPackages= + audit-devel + bpftool + dbus-1-devel + docbook-xsl-stylesheets + glib2-devel + glibc-locale + libacl-devel + libblkid-devel + libbpf-devel + libcap-devel + libcryptsetup-devel + libcurl-devel + libdw-devel + libelf-devel + libfdisk-devel + libfido2-devel + libgcrypt-devel + libgnutls-devel + libkmod-devel + libmicrohttpd-devel + libmount-devel + libpwquality-devel + libseccomp-devel + libselinux-devel + libxkbcommon-devel + libxslt-tools + openssl-devel + pam-devel + pcre-devel + python3-Jinja2 + python3-lxml + qrencode-devel + tpm2-0-tss-devel diff --git a/mkosi.default.d/ubuntu/10-mkosi.ubuntu b/mkosi.default.d/ubuntu/10-mkosi.ubuntu index 2d73746f3f..60e1bcfa66 100644 --- a/mkosi.default.d/ubuntu/10-mkosi.ubuntu +++ b/mkosi.default.d/ubuntu/10-mkosi.ubuntu @@ -9,75 +9,60 @@ Release=jammy Repositories=main,universe [Content] +Packages= + cryptsetup-bin + iproute2 + isc-dhcp-server + libbpf0 + libfdisk1 + libfido2-1 + libglib2.0-0 + libidn2-0 + libmicrohttpd12 + libp11-kit0 + libpwquality1 + libqrencode4 + libtss2-dev # Use the -dev package to avoid churn in updating version numbers + linux-tools-common + linux-tools-generic + netcat-openbsd + policykit-1 + procps + quota + xxd + BuildPackages= - acl - docbook-xml docbook-xsl - gcc - gettext - git - gnu-efi - gperf + g++ libacl1-dev libaudit-dev libblkid-dev + libbpf-dev libbz2-dev libcap-dev libcryptsetup-dev - libcurl4-gnutls-dev + libcurl4-openssl-dev libdbus-1-dev libdw-dev libfdisk-dev libfido2-dev libgcrypt20-dev + libglib2.0-dev libgnutls28-dev - libidn2-0-dev - libip4tc-dev - libip6tc-dev + libidn2-dev + libiptc-dev libkmod-dev - liblz4-dev - liblz4-tool - liblzma-dev libmicrohttpd-dev libmount-dev + libp11-kit-dev libpam0g-dev + libpwquality-dev libqrencode-dev libseccomp-dev libsmartcols-dev libssl-dev - libtss2-dev libxkbcommon-dev - libxtables-dev libzstd-dev - meson - pkg-config - python3 - python3-lxml python3-jinja2 - tree - tzdata - uuid-dev + python3-lxml xsltproc - xz-utils - zstd - -Packages= - gdb - libfido2-1 - libidn2-0 - libqrencode4 - # We pull in the -dev package here, since the binary ones appear to change names too often, and the -dev package pulls the right deps in automatically - libtss2-dev - libfdisk1 - locales - nano - strace - xxd - # Provides libasan/libubsan - gcc - # Required to run systemd-networkd-tests.py - python3 - iproute2 - dnsmasq-base - wireguard-tools - isc-dhcp-server diff --git a/mkosi.postinst b/mkosi.postinst index 1c24b4f51a..fb59d31115 100755 --- a/mkosi.postinst +++ b/mkosi.postinst @@ -18,6 +18,9 @@ EOF # `systemd-hwdb update` takes > 50s when built with sanitizers so let's not run it by default. systemctl mask systemd-hwdb-update.service fi + + # Make sure dnsmasq.service doesn't start on boot on Debian/Ubuntu. + rm -f /etc/systemd/system/multi-user.target.wants/dnsmasq.service fi # Temporary workaround until https://github.com/openSUSE/suse-module-tools/commit/158643414ddb8d8208016a5f03a4484d58944d7a