diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
index b54f386be1..5cf9a0d753 100644
--- a/.github/workflows/mkosi.yml
+++ b/.github/workflows/mkosi.yml
@@ -57,24 +57,31 @@ jobs:
           - distro: arch
             release: rolling
             sanitizers: ""
+            llvm: 0
           - distro: debian
             release: testing
             sanitizers: ""
+            llvm: 0
           - distro: ubuntu
             release: noble
             sanitizers: ""
+            llvm: 0
           - distro: fedora
             release: "40"
             sanitizers: ""
+            llvm: 0
           - distro: fedora
             release: rawhide
             sanitizers: address,undefined
+            llvm: 1
           - distro: opensuse
             release: tumbleweed
             sanitizers: ""
+            llvm: 0
           - distro: centos
             release: "9"
             sanitizers: ""
+            llvm: 0
 
     steps:
     - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
@@ -123,6 +130,8 @@ jobs:
                 # Enabling optimizations significantly speeds up integration tests.
                 OPTIMIZATION=g
                 SANITIZERS=${{ matrix.sanitizers }}
+                MESON_OPTIONS=--werror
+                LLVM=${{ matrix.llvm }}
 
         [Host]
         ToolsTree=default
diff --git a/meson.build b/meson.build
index b0b8697d50..ea4e12aa1c 100644
--- a/meson.build
+++ b/meson.build
@@ -1268,6 +1268,9 @@ foreach ident : ['crypt_set_metadata_size',
         have_ident = have and cc.has_function(
                 ident,
                 prefix : '#include <libcryptsetup.h>',
+                # crypt_reencrypt() raises a deprecation warning so make sure -Wno-deprecated-declarations is
+                # specified otherwise we fail to detect crypt_reencrypt() if -Werror is used.
+                args : '-Wno-deprecated-declarations',
                 dependencies : libcryptsetup)
         conf.set10('HAVE_' + ident.to_upper(), have_ident)
 endforeach
diff --git a/mkosi.images/system/mkosi.extra/usr/lib/systemd/coredump.conf b/mkosi.images/system/coredump-journal-storage.conf
similarity index 100%
rename from mkosi.images/system/mkosi.extra/usr/lib/systemd/coredump.conf
rename to mkosi.images/system/coredump-journal-storage.conf
diff --git a/mkosi.images/system/initrd/mkosi.conf b/mkosi.images/system/initrd/mkosi.conf
index 56bd4d0aa7..ed9bfdc5d8 100644
--- a/mkosi.images/system/initrd/mkosi.conf
+++ b/mkosi.images/system/initrd/mkosi.conf
@@ -2,4 +2,6 @@
 
 [Content]
 PostInstallationScripts=../mkosi.sanitizers.chroot
-ExtraTrees=../leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions
+ExtraTrees=
+    ../leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions
+    ../coredump-journal-storage.conf:/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf
diff --git a/mkosi.images/system/mkosi.conf b/mkosi.images/system/mkosi.conf
index aad7984ba3..7a52061276 100644
--- a/mkosi.images/system/mkosi.conf
+++ b/mkosi.images/system/mkosi.conf
@@ -12,6 +12,7 @@ Autologin=yes
 ExtraTrees=
         %D/mkosi.crt:/usr/lib/verity.d/mkosi.crt # sysext verification key
         leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions
+        coredump-journal-storage.conf:/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf
 
 PostInstallationScripts=mkosi.sanitizers.chroot
 
@@ -25,6 +26,7 @@ Packages=
         attr
         bash-completion
         bpftrace
+        clang
         coreutils
         curl
         diffutils
@@ -41,6 +43,8 @@ Packages=
         kmod
         knot
         less
+        lld
+        llvm
         lvm2
         man
         mdadm
diff --git a/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.build.chroot b/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.build.chroot
index 7df218823e..9407c1e053 100755
--- a/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.build.chroot
+++ b/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.build.chroot
@@ -24,12 +24,34 @@ ln --symbolic . "pkg/$ID/src"
 # shellcheck source=/dev/null
 . /etc/makepkg.conf
 
+MKOSI_CFLAGS="-O${OPTIMIZATION:-0} -Wp,-U_FORTIFY_SOURCE"
+if ((LLVM)); then
+    # TODO: Remove -fno-sanitize-function when https://github.com/systemd/systemd/issues/29972 is fixed.
+    MKOSI_CFLAGS="$MKOSI_CFLAGS -shared-libasan -fno-sanitize=function"
+fi
+
+MKOSI_LDFLAGS=""
+if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then
+    MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(clang --print-file-name="")lib/linux"
+fi
+
+MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}"
+if ((WIPE)); then
+    MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe"
+fi
+
 # Override the default options. Disable FORTIFY_SOURCE because it doesn't work with O0. We specifically
 # disable "strip", "zipman" and "lto" as they slow down builds significantly. OPTIONS= cannot be overridden
 # on the makepkg command line so we append to /etc/makepkg.conf instead. The rootfs is overlaid with a
 # writable tmpfs during the build script so these changes don't end up in the image itself.
 tee --append /etc/makepkg.conf >/dev/null <<EOF
-CFLAGS="$CFLAGS -O${OPTIMIZATION:-0} -Wp,-U_FORTIFY_SOURCE"
+export CC="$( ((LLVM)) && echo clang || echo gcc)"
+export CXX="$( ((LLVM)) && echo clang++ || echo g++)"
+export CC_LD="$( ((LLVM)) && echo lld)"
+export CXX_LD="$( ((LLVM)) && echo lld)"
+export CFLAGS="\$CFLAGS $MKOSI_CFLAGS $CFLAGS"
+export CXXFLAGS="\$CXXFLAGS $MKOSI_CFLAGS $CFLAGS"
+export LDFLAGS="\$LDFLAGS $MKOSI_LDFLAGS $LDFLAGS"
 OPTIONS=(
     docs
     !libtool
@@ -65,10 +87,10 @@ env --chdir="pkg/$ID" \
     $( ((WITH_TESTS)) || echo --nocheck) \
     --force \
     _systemd_UPSTREAM=1 \
-    _systemd_QUIET=1 \
+    _systemd_QUIET=$( ((MESON_VERBOSE)); echo $? ) \
     BUILDDIR="$PWD/pkg/$ID" \
     PKGDEST="$OUTPUTDIR" \
     PKGEXT=".pkg.tar" \
-    MESON_EXTRA_CONFIGURE_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}"
+    MESON_EXTRA_CONFIGURE_OPTIONS="$MKOSI_MESON_OPTIONS $MESON_OPTIONS"
 
 cp "$OUTPUTDIR"/*.pkg.tar "$PACKAGEDIR"
diff --git a/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.conf
index 51f28903b3..48dc677a46 100644
--- a/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.conf
+++ b/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.conf
@@ -21,6 +21,7 @@ Packages=
         bind
         bpf
         btrfs-progs
+        compiler-rt
         compsize
         cryptsetup
         dbus-broker
@@ -62,6 +63,7 @@ Packages=
 
 InitrdPackages=
         btrfs-progs
+        compiler-rt
         tpm2-tools
 
 InitrdVolatilePackages=
diff --git a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.build.chroot b/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.build.chroot
index f3981c99a4..d2ba46bb56 100755
--- a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.build.chroot
+++ b/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.build.chroot
@@ -37,17 +37,47 @@ DIST="$(rpm --eval %dist)"
 ARCH="$(rpm --eval %_arch)"
 SRCDEST="/usr/src/debug/systemd-$VERSION-${RELEASE}${DIST}.$ARCH"
 
+COMMON_MACRO_OVERRIDES=(
+    --define "toolchain $( ((LLVM)) && echo clang || echo gcc)"
+    --define "_fortify_level 0"
+    --undefine _lto_cflags
+    # TODO: Remove once redhat-rpm-config 292 is available everywhere.
+    --define "_hardening_clang_cflags --config=/usr/lib/rpm/redhat/redhat-hardened-clang.cfg"
+    --define "_hardening_clang_ldflags --config=/usr/lib/rpm/redhat/redhat-hardened-clang-ld.cfg"
+)
+
 # TODO: Drop -U_FORTIFY_SOURCE when we switch to CentOS Stream 10.
-CFLAGS="$(rpm --define "_fortify_level 0" --undefine _lto_cflags --eval %build_cflags) -O${OPTIMIZATION:-0} -Wp,-U_FORTIFY_SOURCE"
+MKOSI_CFLAGS="-O${OPTIMIZATION:-0} -Wp,-U_FORTIFY_SOURCE"
 if ((WITH_DEBUG)); then
-    CFLAGS="$CFLAGS -fdebug-prefix-map=../src=$SRCDEST"
+    MKOSI_CFLAGS="$MKOSI_CFLAGS -fdebug-prefix-map=../src=$SRCDEST"
+fi
+if ((LLVM)); then
+    # TODO: Remove -fno-sanitize-function when https://github.com/systemd/systemd/issues/29972 is fixed.
+    MKOSI_CFLAGS="$MKOSI_CFLAGS -shared-libasan -fno-sanitize=function"
+fi
+
+MKOSI_LDFLAGS=""
+if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then
+    MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(dirname "$(clang --print-file-name=libclang_rt.asan.so)")"
+fi
+
+MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}"
+if ((WIPE)); then
+    MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe"
 fi
 
 IFS=
 # TODO: Replace meson_build and meson_install overrides with "--undefine __meson_verbose" once
 # https://github.com/mesonbuild/meson/pull/12835 is available.
 # shellcheck disable=SC2046
-ANNOBIN="no-active-checks" rpmbuild \
+env \
+--unset=CFLAGS \
+--unset=CXXFLAGS \
+--unset=LDFLAGS \
+ANNOBIN="no-active-checks" \
+CC_LD="$( ((LLVM)) && echo lld)" \
+CXX_LD="$( ((LLVM)) && echo lld)" \
+    rpmbuild \
     -bb \
     --build-in-place \
     --with upstream \
@@ -62,10 +92,13 @@ ANNOBIN="no-active-checks" rpmbuild \
     $( ((WITH_DEBUG)) || echo "--define=debug_package %{nil}") \
     --define "version_override $VERSION" \
     --define "release_override $RELEASE" \
-    --define "build_cflags $CFLAGS" \
-    --define "meson_build %{shrink:%{__meson} compile -C %{_vpath_builddir} -j %{_smp_build_ncpus} %{nil}}" \
+    "${COMMON_MACRO_OVERRIDES[@]}" \
+    --define "build_cflags $(rpm "${COMMON_MACRO_OVERRIDES[@]}" --eval "%{?build_cflags}") $MKOSI_CFLAGS $CFLAGS" \
+    --define "build_cxxflags $(rpm "${COMMON_MACRO_OVERRIDES[@]}" --eval "%{?build_cxxflags}") $MKOSI_CFLAGS $CFLAGS" \
+    --define "build_ldflags $(rpm "${COMMON_MACRO_OVERRIDES[@]}" --eval "%{?build_ldflags}") $MKOSI_LDFLAGS $LDFLAGS" \
+    --define "meson_build %{shrink:%{__meson} compile -C %{_vpath_builddir} -j %{_smp_build_ncpus} $( ((MESON_VERBOSE)) && echo --verbose) %{nil}}" \
     --define "meson_install %{shrink:DESTDIR=%{buildroot} %{__meson} install -C %{_vpath_builddir} --no-rebuild --quiet %{nil}}" \
-    --define "meson_extra_configure_options -D mode=developer -D b_sanitize=${SANITIZERS:-none}" \
+    --define "meson_extra_configure_options $MKOSI_MESON_OPTIONS $MESON_OPTIONS" \
     $( ((WITH_DEBUG)) || echo "--define=__brp_strip %{nil}") \
     --define "__brp_compress %{nil}" \
     --define "__brp_mangle_shebangs %{nil}" \
@@ -75,9 +108,7 @@ ANNOBIN="no-active-checks" rpmbuild \
     --define "__elf_exclude_path ^/usr/lib/systemd/tests/unit-tests/.*$" \
     --define "__script_requires %{nil}" \
     --define "_find_debuginfo_dwz_opts %{nil}" \
-    --define "_fortify_level 0" \
     --define "_fixperms true" \
-    --undefine _lto_cflags \
     --undefine _package_note_flags \
     --noclean \
     "pkg/$ID/systemd.spec"
diff --git a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf
index 65bf20e856..fea3853902 100644
--- a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf
+++ b/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf
@@ -23,6 +23,7 @@ VolatilePackages=
 Packages=
         bind-utils
         bpftool
+        compiler-rt
         cryptsetup
         device-mapper-event
         device-mapper-multipath
diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.build.chroot b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.build.chroot
index 8819b46eaf..e36fb4887c 100755
--- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.build.chroot
+++ b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.build.chroot
@@ -44,29 +44,61 @@ EOF
 cat debian/changelog >>debian/changelog.new
 mv debian/changelog.new debian/changelog
 
+MKOSI_CFLAGS="-O${OPTIMIZATION:-0}"
+if ((LLVM)); then
+    # TODO: Remove -fno-sanitize-function when https://github.com/systemd/systemd/issues/29972 is fixed.
+    MKOSI_CFLAGS="$MKOSI_CFLAGS -shared-libasan -fno-sanitize=function"
+fi
+
+MKOSI_LDFLAGS=""
+if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then
+    MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(clang --print-file-name="")lib/linux"
+fi
+
+MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}"
+if ((WIPE)); then
+    MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe"
+fi
+
+# TODO: Drop GENSYMBOLS_LEVEL once https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986746 is fixed.
 build() {
-    DEB_BUILD_OPTIONS=$(awk '$1=$1' <<<"\
+    env \
+    CC="$( ((LLVM)) && echo clang || echo gcc)" \
+    CXX="$( ((LLVM)) && echo clang++ || echo g++)" \
+    CC_LD="$( ((LLVM)) && echo lld)" \
+    CXX_LD="$( ((LLVM)) && echo lld)" \
+    DEB_BUILD_OPTIONS="$(awk '$1=$1' <<<"\
         $( ((WITH_TESTS)) || echo nocheck) \
         $( ((WITH_DOCS)) || echo nodoc) \
         $( ((WITH_DEBUG)) && echo debug || echo nostrip) \
-        terse \
+        $( ! ((MESON_VERBOSE)) && echo terse) \
         optimize=-lto \
         hardening=-fortify \
-    ") \
-    DEB_BUILD_PROFILES=$(awk '$1=$1' <<<"\
+    ")" \
+    DEB_BUILD_PROFILES="$(awk '$1=$1' <<<"\
         $( ((WITH_TESTS)) || echo nocheck) \
         $( ((WITH_DOCS)) || echo nodoc) \
         pkg.systemd.upstream \
-    ") \
-    DEB_CFLAGS_APPEND="-O${OPTIMIZATION:-0}" \
+    ")" \
+    DEB_CFLAGS_APPEND="$MKOSI_CFLAGS $CFLAGS" \
+    DEB_CXXFLAGS_APPEND="$MKOSI_CFLAGS $CFLAGS" \
+    DEB_LDFLAGS_APPEND="$MKOSI_LDFLAGS $LDFLAGS" \
     DPKG_FORCE="unsafe-io" \
     DPKG_DEB_COMPRESSOR_TYPE="none" \
     DH_MISSING="--fail-missing" \
-    CONFFLAGS_UPSTREAM="-D mode=developer -D b_sanitize=${SANITIZERS:-none}" \
-    dpkg-buildpackage \
+    CONFFLAGS_UPSTREAM="$MKOSI_MESON_OPTIONS $MESON_OPTIONS" \
+    GENSYMBOLS_LEVEL="$( ((LLVM)) && echo 0 || echo 1)" \
+        dpkg-buildpackage \
         --no-pre-clean \
         --unsigned-changes \
         --build=binary
+
+    EXIT_STATUS=$?
+
+    # Make sure we don't reconfigure twice.
+    MKOSI_MESON_OPTIONS="${MKOSI_MESON_OPTIONS//"--wipe"/}"
+
+    return $EXIT_STATUS
 }
 
 if ! build; then
diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf
index 047dbc1dc3..386c1923a5 100644
--- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf
+++ b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf
@@ -8,7 +8,7 @@ Distribution=|ubuntu
 Environment=
         GIT_URL=https://salsa.debian.org/systemd-team/systemd.git
         GIT_BRANCH=debian/master
-        GIT_COMMIT=18201fa98d74172fa1a17242326e3275995cde13
+        GIT_COMMIT=1ac6c92c9633fe6fd47f34119c04cae36da14d6a
 
 VolatilePackages=
         libnss-myhostname
@@ -56,6 +56,7 @@ Packages=
         iputils-ping
         isc-dhcp-server
         libcap-ng-utils
+        libclang-rt-dev
         libtss2-rc0
         libtss2-tcti-device0
         locales
@@ -83,6 +84,7 @@ Packages=
 
 InitrdPackages=
         btrfs-progs
+        libclang-rt-dev
         tpm2-tools
 
 InitrdVolatilePackages=
diff --git a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.build.chroot b/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.build.chroot
index 13cda4c9b8..03bef75400 100755
--- a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.build.chroot
+++ b/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.build.chroot
@@ -42,9 +42,29 @@ DIST="$(rpm --eval %dist)"
 ARCH="$(rpm --eval %_arch)"
 SRCDEST="/usr/src/debug/systemd-$VERSION-${RELEASE}${DIST}.$ARCH"
 
-EXTRA_CFLAGS="-O${OPTIMIZATION:-0} -Wp,-U_FORTIFY_SOURCE"
+MKOSI_CFLAGS="-O${OPTIMIZATION:-0} -Wp,-U_FORTIFY_SOURCE"
 if ((WITH_DEBUG)); then
-    EXTRA_CFLAGS="$EXTRA_CFLAGS -fdebug-prefix-map=../src=$SRCDEST"
+    MKOSI_CFLAGS="$MKOSI_CFLAGS -fdebug-prefix-map=../src=$SRCDEST"
+fi
+if ((LLVM)); then
+    # TODO: Remove -fno-sanitize-function when https://github.com/systemd/systemd/issues/29972 is fixed.
+    MKOSI_CFLAGS="$MKOSI_CFLAGS -shared-libasan -fno-sanitize=function"
+fi
+
+MKOSI_LDFLAGS="$(rpm --eval "%{?build_ldflags}")"
+if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then
+    MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(clang --print-file-name="")lib/linux"
+fi
+
+# A macro can't have an empty body and currently opensuse does not specify any of its own linker flags so
+# set LDFLAGS to %{nil} if there are no linker flags.
+if [[ -z "${MKOSI_LDFLAGS// }" ]]; then
+    MKOSI_LDFLAGS="%{nil}"
+fi
+
+MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}"
+if ((WIPE)); then
+    MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe"
 fi
 
 build() {
@@ -54,6 +74,14 @@ build() {
     # TODO: Replace __meson_auto_features override with meson_extra_configure_options once the suse spec
     # starts to use it.
     # shellcheck disable=SC2046
+    env \
+    --unset CFLAGS \
+    --unset CXXFLAGS \
+    --unset LDFLAGS \
+    CC="$( ((LLVM)) && echo clang || echo gcc)" \
+    CXX="$( ((LLVM)) && echo clang++ || echo g++)" \
+    CC_LD="$( ((LLVM)) && echo lld)" \
+    CXX_LD="$( ((LLVM)) && echo lld)" \
     rpmbuild \
         -bb \
         --build-in-place \
@@ -70,10 +98,12 @@ build() {
         --define "version_override $VERSION" \
         --define "release_override $RELEASE" \
         --define "__check_files sh -c '$(rpm --define "_topdir /var/tmp" --eval %__check_files) | tee /tmp/unpackaged-files'" \
-        --define "build_cflags $(rpm --eval %build_cflags) $EXTRA_CFLAGS" \
-        --define "meson_build %{shrink:%{__meson} compile -C %{_vpath_builddir} -j %{_smp_build_ncpus} %{nil}}" \
+        --define "build_cflags $(rpm --eval "%{?build_cflags}") $MKOSI_CFLAGS $CFLAGS" \
+        --define "build_cxxflags $(rpm --eval "%{?build_cxxflags}") $MKOSI_CFLAGS $CFLAGS" \
+        --define "build_ldflags $MKOSI_LDFLAGS $LDFLAGS" \
+        --define "meson_build %{shrink:%{__meson} compile -C %{_vpath_builddir} -j %{_smp_build_ncpus} $( ((MESON_VERBOSE)) && echo --verbose) %{nil}}" \
         --define "meson_install %{shrink:DESTDIR=%{buildroot} %{__meson} install -C %{_vpath_builddir} --no-rebuild --quiet %{nil}}" \
-        --define "__meson_auto_features auto -D mode=developer -D b_sanitize=${SANITIZERS:-none}" \
+        --define "__meson_auto_features auto $MKOSI_MESON_OPTIONS $MESON_OPTIONS" \
         --define "__os_install_post /usr/lib/rpm/brp-suse %{nil}" \
         --define "__elf_exclude_path ^/usr/lib/systemd/tests/unit-tests/.*$" \
         --define "__script_requires %{nil}" \
@@ -82,6 +112,13 @@ build() {
         --noclean \
         "$@" \
         "pkg/$ID/systemd.spec"
+
+    EXIT_STATUS=$?
+
+    # Make sure we don't reconfigure twice.
+    MKOSI_MESON_OPTIONS="${MKOSI_MESON_OPTIONS//"--wipe"/}"
+
+    return $EXIT_STATUS
 }
 
 if ! build; then
diff --git a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf
index 188f548643..71e315f869 100644
--- a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf
+++ b/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf
@@ -39,8 +39,8 @@ Packages=
         docbook-xsl-stylesheets
         f2fs-tools
         gawk
-        git-core
         gcc-c++
+        git-core
         glibc-locale-base
         gnutls
         grep
@@ -90,6 +90,7 @@ Packages=
 
 InitrdPackages=
         btrfs-progs
+        clang
         kmod
         libkmod2
         tpm2.0-tools
diff --git a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system-preset/00-mkosi.preset b/mkosi.images/system/mkosi.extra/usr/lib/systemd/system-preset/00-mkosi.preset
index 0f69549f6a..c3640585e5 100644
--- a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system-preset/00-mkosi.preset
+++ b/mkosi.images/system/mkosi.extra/usr/lib/systemd/system-preset/00-mkosi.preset
@@ -38,3 +38,4 @@ enable autorelabel.service
 # Enabled by default on OpenSUSE and not conditioned out in containers, so let's disable these here instead.
 disable iscsi.service
 disable iscsid.socket
+disable iscsiuio.socket
diff --git a/mkosi.images/system/mkosi.sanitizers.chroot b/mkosi.images/system/mkosi.sanitizers.chroot
index 48c5d147aa..854a419933 100755
--- a/mkosi.images/system/mkosi.sanitizers.chroot
+++ b/mkosi.images/system/mkosi.sanitizers.chroot
@@ -25,11 +25,7 @@ ASAN_RT_PATH="$(grep libasan.so < <(ldd /usr/lib/systemd/systemd) | cut -d ' ' -
 if [[ -z "$ASAN_RT_PATH" ]]; then
     ASAN_RT_PATH="$(grep libclang_rt.asan < <(ldd /usr/lib/systemd/systemd) | cut -d ' ' -f 3)"
 
-    # As clang's ASan DSO is usually in a non-standard path, let's check if
-    # the environment is set accordingly. If not, warn the user and exit.
-    # We're not setting the LD_LIBRARY_PATH automagically here, because
-    # user should encounter (and fix) the same issue when running the unit
-    # tests (meson test)
+    # As clang's ASan DSO is usually in a non-standard path, let's check if the RUNPATH is set accordingly.
     if ldd /usr/lib/systemd/systemd | grep -q "libclang_rt.asan.*not found"; then
         echo >&2 "clang's ASan DSO libclang_rt.asan is not present in the runtime library path"
         exit 1