mkosi: various improvements (#35491)

2026-04-14 00:14:32 +09:00 · 2024-12-08 16:12:21 +01:00
parent 261a3d191e e469add21e
commit f7f5ba0192
10 changed files with 40 additions and 45 deletions
--- a/.github/workflows/mkosi.yml
+++ b/.github/workflows/mkosi.yml
@@ -113,7 +113,7 @@ jobs:

    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
-      - uses: systemd/mkosi@07ef37c4c0dad5dfc6cec86c967a7600df1cd88c
+      - uses: systemd/mkosi@c4bbf3b71a3e2cf947995caedf10f69da3c4957a

      # Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space
      # immediately, we remove the files in the background. However, we first move them to a different location
@@ -152,6 +152,8 @@ jobs:

          [Build]
          UseSubvolumes=yes
+          ToolsTree=default
+          ToolsTreeDistribution=fedora

          WorkspaceDirectory=$TMPDIR
          PackageCacheDirectory=$TMPDIR/cache
@@ -178,47 +180,29 @@ jobs:
      - name: Show image summary
        run: mkosi summary

-      - name: Install dependencies
-        run: |
-          mkosi dependencies |
-          xargs -d '\n' sudo apt-get install \
-              gperf \
-              libblkid-dev \
-              libcap-dev \
-              libcryptsetup-dev \
-              libcurl4-openssl-dev \
-              libfdisk-dev \
-              libmicrohttpd-dev \
-              libmount-dev \
-              libtss2-dev \
-              meson
+      - name: Build tools tree
+        run: mkosi -f sandbox true

      - name: Configure meson
-        run: |
-          OPTIONS=(
-              --buildtype=debugoptimized
-              -Dintegration-tests=true
-              -Dremote=enabled
-              -Dopenssl=enabled
-              -Dblkid=enabled
-              -Dtpm2=enabled
-              -Dlibcryptsetup=enabled
-              -Dlibcurl=enabled
-              -Drepart=enabled
-              -Dfirstboot=true
-              -Dsysusers=true
-              -Dtmpfiles=true
-              -Dhwdb=true
-              -Dvmspawn=enabled
-          )
-
-          meson setup build "${OPTIONS[@]}"
+        run: mkosi sandbox meson setup --buildtype=debugoptimized -Dintegration-tests=true build

      - name: Build image
-        run: sudo meson compile -C build mkosi
+        run: sudo --preserve-env mkosi sandbox meson compile -C build mkosi

      - name: Run integration tests
-        run: sudo --preserve-env env TEST_PREFER_QEMU=${{ matrix.qemu }} meson test -C build --no-rebuild --suite integration-tests --print-errorlogs --no-stdsplit --num-processes "$(($(nproc) - 1))"
+        run: |
+          sudo --preserve-env \
+            mkosi sandbox \
+            env \
+            TEST_PREFER_QEMU=${{ matrix.qemu }} \
+            meson test \
+            -C build \
+            --no-rebuild \
+            --suite integration-tests \
+            --print-errorlogs \
+            --no-stdsplit \
+            --num-processes "$(($(nproc) - 1))" \
+            --max-lines 300

      - name: Archive failed test journals
        uses: actions/upload-artifact@v4
--- a/mkosi.conf
+++ b/mkosi.conf
@@ -66,9 +66,6 @@ KernelCommandLine=
        printk.devkmsg=on
        # Make sure /sysroot is mounted rw in the initrd.
        rw
-        # Lower the default device timeout so we get a shell earlier if the root device does
-        # not appear for some reason.
-        systemd.default_device_timeout_sec=90
        # Make sure no LSMs are enabled by default.
        selinux=0
        systemd.early_core_pattern=/core
@@ -78,9 +75,6 @@ KernelCommandLine=
        panic=-1
        softlockup_panic=1
        panic_on_warn=1
-        # These don't ship proper units with [Install] directives so we have to mask them instead.
-        systemd.mask=isc-dhcp-server.service
-        systemd.mask=mdmonitor.service
        psi=1

 KernelModulesInitrdExclude=.*
--- a/mkosi.extra.common/usr/lib/systemd/system.conf.d/10-device-timeout.conf
+++ b/mkosi.extra.common/usr/lib/systemd/system.conf.d/10-device-timeout.conf
@@ -0,0 +1,6 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Manager]
+# Lower the default device timeout so we get a shell earlier if the root device does
+# not appear for some reason.
+DefaultDeviceTimeoutSec=90
--- a/mkosi.postinst.chroot
+++ b/mkosi.postinst.chroot
@@ -48,6 +48,10 @@ cp "$SRCDIR/factory/etc/nsswitch.conf" /etc/nsswitch.conf
 # Remove to make TEST-73-LOCALE pass on Ubuntu.
 rm -f /etc/default/keyboard

+# These don't ship proper units with [Install] directives so we have to mask them instead.
+systemctl mask isc-dhcp-server.service
+systemctl mask mdmonitor.service
+
 # This is executed inside the chroot so no need to disable any features as the default features will match
 # the kernel's supported features.
 SYSTEMD_REPART_MKFS_OPTIONS_EXT4="" \
--- a/mkosi.sanitizers/mkosi.conf
+++ b/mkosi.sanitizers/mkosi.conf
@@ -13,10 +13,10 @@ Environment=!SANITIZERS=
 Environment=ASAN_OPTIONS=verify_asan_link_order=0:intercept_tls_get_addr=0

 [Content]
+# When modifying these also modify mkosi.extra/usr/lib/systemd/system.conf.d/10-sanitizers.conf. We don't use
+# systemd.setenv here as there's a size limit on the kernel command line and we don't want to trigger it. We
+# don't use ManagerEnvironment= either as we want these to be set for pid1 from the earliest possible moment.
 KernelCommandLine=
        ASAN_OPTIONS=strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1:disable_coredump=0:use_madv_dontdump=1
-        systemd.setenv=ASAN_OPTIONS=strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1:disable_coredump=0:use_madv_dontdump=1
        UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1
-        systemd.setenv=UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1
        LSAN_OPTIONS=suppressions=/usr/lib/systemd/leak-sanitizer-suppressions
-        systemd.setenv=LSAN_OPTIONS=suppressions=/usr/lib/systemd/leak-sanitizer-suppressions
--- a/mkosi.sanitizers/mkosi.extra/usr/lib/systemd/leak-sanitizer-suppressions
+++ b/mkosi.sanitizers/mkosi.extra/usr/lib/systemd/leak-sanitizer-suppressions
--- a/mkosi.sanitizers/mkosi.extra/usr/lib/systemd/system.conf.d/10-sanitizers.conf
+++ b/mkosi.sanitizers/mkosi.extra/usr/lib/systemd/system.conf.d/10-sanitizers.conf
@@ -0,0 +1,6 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Manager]
+DefaultEnvironment=ASAN_OPTIONS=strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1:disable_coredump=0:use_madv_dontdump=1 \
+                   UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1 \
+                   LSAN_OPTIONS=suppressions=/usr/lib/systemd/leak-sanitizer-suppressions
--- a/mkosi.sanitizers/mkosi.extra/usr/lib/systemd/system/service.d/10-timeout-abort.conf
+++ b/mkosi.sanitizers/mkosi.extra/usr/lib/systemd/system/service.d/10-timeout-abort.conf
--- a/mkosi.sanitizers/mkosi.extra/usr/lib/systemd/system/systemd-journald.service.d/10-stdout-tty.conf
+++ b/mkosi.sanitizers/mkosi.extra/usr/lib/systemd/system/systemd-journald.service.d/10-stdout-tty.conf
--- a/test/integration-test-wrapper.py
+++ b/test/integration-test-wrapper.py
@@ -373,6 +373,7 @@ def main() -> None:
                        'systemd.show_status=error',
                        'systemd.crash_shell=0',
                        'systemd.crash_action=poweroff',
+                        'loglevel=6',
                    ]
                    if not sys.stderr.isatty()
                    else []