From 37d35150cbb5db063aaa8e5878ec03258414b0e5 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Mon, 22 Aug 2022 13:21:07 +0200 Subject: [PATCH] mkosi: Ensure we build all features/components in mkosi Explicitly enable all features/components in the mkosi build to ensure they all get built and we get an error if they can't be built. We also rework the packages sections of all mkosi configs to reduce duplication and cover all the dependencies necessary to build/use all systemd features. Note that for the final image, since systemd is installed by default in base images, we rely on that to install the base library dependencies and we only list extra optional dependencies and tools that aren't already installed by default into the base image. We also drop the centos stream 8 mkosi build as dependencies on that distro are too out-of-date to be able to build all systemd features. Since centos stream 9 has been out for a while, let's focus on that and leave it to downstream to keep systemd building on centos stream 8. Finally, there's a few additions to the mkosi scripts to make sure services don't start by default on boot. --- .github/workflows/mkosi.yml | 2 - mkosi.build | 89 ++++++++++++++- mkosi.default.d/10-systemd.conf | 40 +++++++ mkosi.default.d/arch/10-mkosi.arch | 83 ++++---------- .../centos_epel/10-mkosi.centos_epel | 76 ++++++------- mkosi.default.d/debian/10-mkosi.debian | 73 +++++-------- mkosi.default.d/fedora/10-mkosi.fedora | 75 +++++-------- mkosi.default.d/opensuse/10-mkosi.opensuse | 101 ++++++++---------- mkosi.default.d/ubuntu/10-mkosi.ubuntu | 77 ++++++------- mkosi.postinst | 3 + 10 files changed, 317 insertions(+), 302 deletions(-) diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml index fa0a22a577..c2c12f3393 100644 --- a/.github/workflows/mkosi.yml +++ b/.github/workflows/mkosi.yml @@ -44,8 +44,6 @@ jobs: release: rawhide - distro: opensuse release: tumbleweed - - distro: centos_epel - release: 8-stream - distro: centos_epel release: 9-stream diff --git a/mkosi.build b/mkosi.build index 210811e768..76a813bf0a 100755 --- a/mkosi.build +++ b/mkosi.build @@ -47,6 +47,15 @@ if [ "$(locale charmap 2>/dev/null)" != "UTF-8" ] ; then fi fi +# The bpftool script shipped by Ubuntu tries to find the actual program to run via querying `uname -r` and +# using the current kernel version. This obviously doesn't work in containers. As a workaround, we override +# the ubuntu script with a symlink to the first bpftool program we can find. +for bpftool in /usr/lib/linux-tools/*/bpftool; do + [ -x "$bpftool" ] || continue + ln -sf "$bpftool" /usr/sbin/bpftool + break +done + if [ ! -f "$BUILDDIR"/build.ninja ] ; then sysvinit_path=$(realpath /etc/init.d) @@ -66,7 +75,81 @@ if [ ! -f "$BUILDDIR"/build.ninja ] ; then -D version-tag="${VERSION_TAG}" \ -D mode=developer \ -D b_sanitize="${SANITIZERS:-none}" \ - -D install-tests=true + -D install-tests=true \ + -D tests=unsafe \ + -D slow-tests=true \ + -D utmp=true \ + -D hibernate=true \ + -D ldconfig=true \ + -D resolve=true \ + -D efi=true \ + -D tpm=true \ + -D environment-d=true \ + -D binfmt=true \ + -D repart=true \ + -D sysupdate=true \ + -D coredump=true \ + -D pstore=true \ + -D oomd=true \ + -D logind=true \ + -D hostnamed=true \ + -D localed=true \ + -D machined=true \ + -D portabled=true \ + -D sysext=true \ + -D userdb=true \ + -D homed=true \ + -D networkd=true \ + -D timedated=true \ + -D timesyncd=true \ + -D remote=true \ + -D nss-myhostname=true \ + -D nss-mymachines=true \ + -D nss-resolve=true \ + -D nss-systemd=true \ + -D firstboot=true \ + -D randomseed=true \ + -D backlight=true \ + -D vconsole=true \ + -D quotacheck=true \ + -D sysusers=true \ + -D tmpfiles=true \ + -D importd=true \ + -D hwdb=true \ + -D rfkill=true \ + -D xdg-autostart=true \ + -D translations=true \ + -D polkit=true \ + -D acl=true \ + -D audit=true \ + -D blkid=true \ + -D fdisk=true \ + -D kmod=true \ + -D pam=true \ + -D pwquality=true \ + -D microhttpd=true \ + -D libcryptsetup=true \ + -D libcurl=true \ + -D idn=true \ + -D libidn2=true \ + -D qrencode=true \ + -D gcrypt=true \ + -D gnutls=true \ + -D openssl=true \ + -D cryptolib=openssl \ + -D p11kit=true \ + -D libfido2=true \ + -D tpm2=true \ + -D elfutils=true \ + -D zstd=true \ + -D xkbcommon=true \ + -D pcre2=true \ + -D glib=true \ + -D dbus=true \ + -D gnu-efi=true \ + -D kernel-install=true \ + -D analyze=true \ + -D bpf-framework=true fi cd "$BUILDDIR" @@ -172,3 +255,7 @@ TTYVHangup=no CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG EOF fi + +# Make sure services aren't enabled by default on Debian/Ubuntu. +mkdir -p "$DESTDIR/etc/systemd/system-preset" +echo "disable *" > "$DESTDIR/etc/systemd/system-preset/99-mkosi.preset" diff --git a/mkosi.default.d/10-systemd.conf b/mkosi.default.d/10-systemd.conf index 8efd1e97fa..1c69dc46e0 100644 --- a/mkosi.default.d/10-systemd.conf +++ b/mkosi.default.d/10-systemd.conf @@ -14,6 +14,46 @@ OutputDirectory=mkosi.output BuildDirectory=mkosi.builddir Cache=mkosi.cache SourceFileTransferFinal=copy-git-others +Packages= + acl + bash-completion + coreutils + diffutils + dnsmasq + findutils + gcc # For sanitizer libraries + gdb + grep + kbd + kexec-tools + kmod + less + nano + nftables + openssl + python3 + qrencode + sed + strace + tree + util-linux + valgrind + wireguard-tools + zsh + +BuildPackages= + clang + gcc + gettext + git + gnu-efi + gperf + llvm + meson + pkgconf + rpm + rsync + zstd [Host] QemuHeadless=yes diff --git a/mkosi.default.d/arch/10-mkosi.arch b/mkosi.default.d/arch/10-mkosi.arch index 12f46c71c7..bd54b08c54 100644 --- a/mkosi.default.d/arch/10-mkosi.arch +++ b/mkosi.default.d/arch/10-mkosi.arch @@ -9,65 +9,28 @@ Distribution=arch [Content] -BuildPackages= - acl - bzip2 - clang - cryptsetup - curl - dbus - diffutils - docbook-xsl - elfutils - gcc - git - gnu-efi-libs - gnutls - gperf - inetutils - iptables - kmod - libbpf - libcap - libgcrypt - libidn2 - libmicrohttpd - libseccomp - libutil-linux - libxkbcommon - libxslt - llvm - lz4 - meson - pam - pkgconfig - python - python-lxml - python-jinja - qrencode - rsync - xz - zstd - Packages= - gdb - libbpf - libidn2 - nano - qrencode - strace - # For testing "systemd-analyze verify". - man-db - # For testing systemd's bash completion scripts. - bash-completion - # For testing systemd's zsh completion scripts - # Run `autoload -Uz compinit; compinit` from a zsh shell in the booted image to enable completions. - zsh - # xxd is provided by the vim package - vim - # Required to run systemd-networkd-tests.py - python - iproute - dnsmasq - wireguard-tools + compsize dhcp + gnutls + iproute + libbpf + libfido2 + libmicrohttpd + libpwquality + libxkbcommon + man-db + openbsd-netcat + polkit + quota-tools + tpm2-tss + vim + +BuildPackages= + bpf + docbook-xsl + libxslt + linux-api-headers + perl + python-jinja + python-lxml diff --git a/mkosi.default.d/centos_epel/10-mkosi.centos_epel b/mkosi.default.d/centos_epel/10-mkosi.centos_epel index 5e726d4aef..482b5935ce 100644 --- a/mkosi.default.d/centos_epel/10-mkosi.centos_epel +++ b/mkosi.default.d/centos_epel/10-mkosi.centos_epel @@ -11,39 +11,54 @@ Format=gpt_xfs HostonlyInitrd=no [Content] -BuildPackages= - diffutils - docbook-style-xsl - findutils - gcc - gettext - git +Packages= + audit + cryptsetup + dhcp-server + glib2 glibc-minimal-langpack - gnu-efi + gnutls + iproute + iproute-tc + kernel-modules-extra + libbpf + libfido2 + libmicrohttpd + libxcrypt + libxkbcommon + netcat + p11-kit + pam + polkit + procps-ng + quota + tpm2-tss + vim-common + +BuildPackages= + bpftool + docbook-xsl gnu-efi-devel - gperf - lz4 - meson - ninja-build + libgcrypt-devel # CentOS Stream 8 libgcrypt-devel doesn't ship a pkg-config file. + libxslt pam-devel - # CentOS Stream 8 libgcrypt-devel doesn't ship a pkg-config file. - libgcrypt-devel - pkgconfig + perl-interpreter pkgconfig(audit) pkgconfig(blkid) pkgconfig(bzip2) pkgconfig(dbus-1) pkgconfig(fdisk) + pkgconfig(glib-2.0) pkgconfig(gnutls) pkgconfig(libacl) + pkgconfig(libbpf) pkgconfig(libcap) pkgconfig(libcryptsetup) pkgconfig(libcurl) pkgconfig(libdw) + pkgconfig(libfido2) pkgconfig(libidn2) pkgconfig(libkmod) - pkgconfig(liblz4) - pkgconfig(liblzma) pkgconfig(libmicrohttpd) pkgconfig(libpcre2-8) pkgconfig(libqrencode) @@ -61,30 +76,3 @@ BuildPackages= pkgconfig(xkbcommon) python3dist(jinja2) python3dist(lxml) - rpm - tree - zstd - /usr/bin/xsltproc - -Packages= - gdb - nano - # procps-ng provides a set of useful utilities (ps, free, etc) - procps-ng - strace - tpm2-tss - less - netcat - e2fsprogs - # xxd is provided by the vim-common package - vim-common - libasan - libubsan - # Required to run systemd-networkd-tests.py - python3 - iproute - iproute-tc - dnsmasq - wireguard-tools - dhcp-server - kernel-modules-extra diff --git a/mkosi.default.d/debian/10-mkosi.debian b/mkosi.default.d/debian/10-mkosi.debian index 2488eeb557..2b712d6778 100644 --- a/mkosi.default.d/debian/10-mkosi.debian +++ b/mkosi.default.d/debian/10-mkosi.debian @@ -8,17 +8,31 @@ Distribution=debian Release=testing [Content] +Packages= + cryptsetup-bin + iproute2 + isc-dhcp-server + libbpf0 + libfido2-1 + libglib2.0-0 + libgnutls30 + libidn2-0 + libmicrohttpd12 + libp11-kit0 + libpam0g + libpwquality1 + libqrencode4 + libtss2-dev # Use the -dev package to avoid churn in updating version numbers + netcat-openbsd + policykit-1 + procps + quota + xxd + BuildPackages= - acl - clang - docbook-xml + bpftool docbook-xsl - gcc g++ - gettext - git - gnu-efi - gperf libacl1-dev libaudit-dev libblkid-dev @@ -26,59 +40,28 @@ BuildPackages= libbz2-dev libcap-dev libcryptsetup-dev - libcurl4-gnutls-dev + libcurl4-openssl-dev libdbus-1-dev libdw-dev libfdisk-dev libfido2-dev libgcrypt20-dev + libglib2.0-dev libgnutls28-dev - libidn2-0-dev + libidn2-dev libiptc-dev libkmod-dev - liblz4-dev - liblz4-tool - liblzma-dev libmicrohttpd-dev libmount-dev + libp11-kit-dev libpam0g-dev + libpwquality-dev libqrencode-dev libseccomp-dev libsmartcols-dev libssl-dev - libtss2-dev libxkbcommon-dev libzstd-dev - llvm - meson - pkg-config - python3 - python3-lxml python3-jinja2 - tree - uuid-dev + python3-lxml xsltproc - xz-utils - zstd - -Packages= - gdb - libbpf0 - libfdisk1 - libfido2-1 - libidn2-0 - libqrencode4 - # We pull in the -dev package here, since the binary ones appear to change names too often, and the -dev package pulls the right deps in automatically - libtss2-dev - locales - nano - strace - xxd - # Provides libasan/libubsan - gcc - # Required to run systemd-networkd-tests.py - python3 - iproute2 - dnsmasq-base - wireguard-tools - isc-dhcp-server diff --git a/mkosi.default.d/fedora/10-mkosi.fedora b/mkosi.default.d/fedora/10-mkosi.fedora index c1d8a57557..9561117789 100644 --- a/mkosi.default.d/fedora/10-mkosi.fedora +++ b/mkosi.default.d/fedora/10-mkosi.fedora @@ -8,29 +8,42 @@ Distribution=fedora Release=36 [Content] -BuildPackages= - diffutils - docbook-style-xsl - findutils - gcc - gettext - git +Packages= + compsize + cryptsetup + dhcp-server + glib2 glibc-minimal-langpack - gnu-efi + gnutls + iproute + iproute-tc + kernel-modules-extra + libbpf + libfido2 + libmicrohttpd + libxcrypt + libxkbcommon + netcat + pam + polkit + procps-ng + quota + tpm2-tss + vim-common + +BuildPackages= + bpftool + docbook-xsl gnu-efi-devel - gperf - lz4 - meson - ninja-build pam-devel - pkgconfig + pkgconfig # pkgconf shim to provide /usr/bin/pkg-config pkgconfig(audit) pkgconfig(blkid) - pkgconfig(bzip2) pkgconfig(dbus-1) pkgconfig(fdisk) - pkgconfig(gnutls) + pkgconfig(glib-2.0) pkgconfig(libacl) + pkgconfig(libbpf) pkgconfig(libcap) pkgconfig(libcryptsetup) pkgconfig(libcurl) @@ -39,8 +52,6 @@ BuildPackages= pkgconfig(libgcrypt) pkgconfig(libidn2) pkgconfig(libkmod) - pkgconfig(liblz4) - pkgconfig(liblzma) pkgconfig(libmicrohttpd) pkgconfig(libpcre2-8) pkgconfig(libqrencode) @@ -58,33 +69,3 @@ BuildPackages= pkgconfig(xkbcommon) python3dist(jinja2) python3dist(lxml) - rpm - tree - zstd - /usr/bin/xsltproc - -Packages= - acl - gdb - nano - # procps-ng provides a set of useful utilities (ps, free, etc) - procps-ng - strace - tpm2-tss - less - netcat - e2fsprogs - compsize - # xxd is provided by the vim-common package - vim-common - # Sanitizers - libasan - libubsan - # Required to run systemd-networkd-tests.py - python - iproute - iproute-tc - dnsmasq - wireguard-tools - dhcp-server - kernel-modules-extra diff --git a/mkosi.default.d/opensuse/10-mkosi.opensuse b/mkosi.default.d/opensuse/10-mkosi.opensuse index 16fdecdede..8dbb1dc50f 100644 --- a/mkosi.default.d/opensuse/10-mkosi.opensuse +++ b/mkosi.default.d/opensuse/10-mkosi.opensuse @@ -8,72 +8,59 @@ Distribution=opensuse Release=tumbleweed [Content] -BuildPackages= - docbook-xsl-stylesheets - fdupes - gcc - gnu-efi - gperf - intltool - libacl-devel - libapparmor-devel - libblkid-devel - libbz2-devel - libcap-devel - libcryptsetup-devel - libcurl-devel - libgcrypt-devel - libgnutls-devel - libkmod-devel - liblz4-devel - libmicrohttpd-devel - libmount-devel - libseccomp-devel - libselinux-devel - libxslt-tools - meson - pam-devel - pciutils-devel - pcre-devel - python3 - python3-Jinja2 - python3-lxml - qrencode-devel - shadow - system-user-nobody - systemd-sysvinit - zlib-devel -# to satisfy tests - acl - diffutils - glibc-locale - system-group-obsolete - system-user-bin - system-user-daemon - system-user-root - timezone - Packages= - gdb - # brought in via meson->python3 - libp11-kit0 - # --bootable=no dbus-1 - libapparmor1 + glibc-locale-base + libbpf0 libcrypt1 libcryptsetup12 + libdw1 + libelf1 + libfido2 libgcrypt20 - libgnutls30 + libglib-2_0-0 libkmod2 liblz4-1 libmount1 + libp11-kit0 libqrencode4 libseccomp2 + libxkbcommon0 pam - nano - strace - util-linux - # xxd is provided by the vim package + tpm2-0-tss vim - # Provides libasan/libubsan - gcc + +BuildPackages= + audit-devel + bpftool + dbus-1-devel + docbook-xsl-stylesheets + glib2-devel + glibc-locale + libacl-devel + libblkid-devel + libbpf-devel + libcap-devel + libcryptsetup-devel + libcurl-devel + libdw-devel + libelf-devel + libfdisk-devel + libfido2-devel + libgcrypt-devel + libgnutls-devel + libkmod-devel + libmicrohttpd-devel + libmount-devel + libpwquality-devel + libseccomp-devel + libselinux-devel + libxkbcommon-devel + libxslt-tools + openssl-devel + pam-devel + pcre-devel + python3-Jinja2 + python3-lxml + qrencode-devel + tpm2-0-tss-devel diff --git a/mkosi.default.d/ubuntu/10-mkosi.ubuntu b/mkosi.default.d/ubuntu/10-mkosi.ubuntu index 2d73746f3f..60e1bcfa66 100644 --- a/mkosi.default.d/ubuntu/10-mkosi.ubuntu +++ b/mkosi.default.d/ubuntu/10-mkosi.ubuntu @@ -9,75 +9,60 @@ Release=jammy Repositories=main,universe [Content] +Packages= + cryptsetup-bin + iproute2 + isc-dhcp-server + libbpf0 + libfdisk1 + libfido2-1 + libglib2.0-0 + libidn2-0 + libmicrohttpd12 + libp11-kit0 + libpwquality1 + libqrencode4 + libtss2-dev # Use the -dev package to avoid churn in updating version numbers + linux-tools-common + linux-tools-generic + netcat-openbsd + policykit-1 + procps + quota + xxd + BuildPackages= - acl - docbook-xml docbook-xsl - gcc - gettext - git - gnu-efi - gperf + g++ libacl1-dev libaudit-dev libblkid-dev + libbpf-dev libbz2-dev libcap-dev libcryptsetup-dev - libcurl4-gnutls-dev + libcurl4-openssl-dev libdbus-1-dev libdw-dev libfdisk-dev libfido2-dev libgcrypt20-dev + libglib2.0-dev libgnutls28-dev - libidn2-0-dev - libip4tc-dev - libip6tc-dev + libidn2-dev + libiptc-dev libkmod-dev - liblz4-dev - liblz4-tool - liblzma-dev libmicrohttpd-dev libmount-dev + libp11-kit-dev libpam0g-dev + libpwquality-dev libqrencode-dev libseccomp-dev libsmartcols-dev libssl-dev - libtss2-dev libxkbcommon-dev - libxtables-dev libzstd-dev - meson - pkg-config - python3 - python3-lxml python3-jinja2 - tree - tzdata - uuid-dev + python3-lxml xsltproc - xz-utils - zstd - -Packages= - gdb - libfido2-1 - libidn2-0 - libqrencode4 - # We pull in the -dev package here, since the binary ones appear to change names too often, and the -dev package pulls the right deps in automatically - libtss2-dev - libfdisk1 - locales - nano - strace - xxd - # Provides libasan/libubsan - gcc - # Required to run systemd-networkd-tests.py - python3 - iproute2 - dnsmasq-base - wireguard-tools - isc-dhcp-server diff --git a/mkosi.postinst b/mkosi.postinst index 1c24b4f51a..fb59d31115 100755 --- a/mkosi.postinst +++ b/mkosi.postinst @@ -18,6 +18,9 @@ EOF # `systemd-hwdb update` takes > 50s when built with sanitizers so let's not run it by default. systemctl mask systemd-hwdb-update.service fi + + # Make sure dnsmasq.service doesn't start on boot on Debian/Ubuntu. + rm -f /etc/systemd/system/multi-user.target.wants/dnsmasq.service fi # Temporary workaround until https://github.com/openSUSE/suse-module-tools/commit/158643414ddb8d8208016a5f03a4484d58944d7a