diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml index b1a41a3cdb..e8ba9d3334 100644 --- a/.github/workflows/mkosi.yml +++ b/.github/workflows/mkosi.yml @@ -113,7 +113,7 @@ jobs: steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - - uses: systemd/mkosi@07ef37c4c0dad5dfc6cec86c967a7600df1cd88c + - uses: systemd/mkosi@c4bbf3b71a3e2cf947995caedf10f69da3c4957a # Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space # immediately, we remove the files in the background. However, we first move them to a different location @@ -152,6 +152,8 @@ jobs: [Build] UseSubvolumes=yes + ToolsTree=default + ToolsTreeDistribution=fedora WorkspaceDirectory=$TMPDIR PackageCacheDirectory=$TMPDIR/cache @@ -178,47 +180,29 @@ jobs: - name: Show image summary run: mkosi summary - - name: Install dependencies - run: | - mkosi dependencies | - xargs -d '\n' sudo apt-get install \ - gperf \ - libblkid-dev \ - libcap-dev \ - libcryptsetup-dev \ - libcurl4-openssl-dev \ - libfdisk-dev \ - libmicrohttpd-dev \ - libmount-dev \ - libtss2-dev \ - meson + - name: Build tools tree + run: mkosi -f sandbox true - name: Configure meson - run: | - OPTIONS=( - --buildtype=debugoptimized - -Dintegration-tests=true - -Dremote=enabled - -Dopenssl=enabled - -Dblkid=enabled - -Dtpm2=enabled - -Dlibcryptsetup=enabled - -Dlibcurl=enabled - -Drepart=enabled - -Dfirstboot=true - -Dsysusers=true - -Dtmpfiles=true - -Dhwdb=true - -Dvmspawn=enabled - ) - - meson setup build "${OPTIONS[@]}" + run: mkosi sandbox meson setup --buildtype=debugoptimized -Dintegration-tests=true build - name: Build image - run: sudo meson compile -C build mkosi + run: sudo --preserve-env mkosi sandbox meson compile -C build mkosi - name: Run integration tests - run: sudo --preserve-env env TEST_PREFER_QEMU=${{ matrix.qemu }} meson test -C build --no-rebuild --suite integration-tests --print-errorlogs --no-stdsplit --num-processes "$(($(nproc) - 1))" + run: | + sudo --preserve-env \ + mkosi sandbox \ + env \ + TEST_PREFER_QEMU=${{ matrix.qemu }} \ + meson test \ + -C build \ + --no-rebuild \ + --suite integration-tests \ + --print-errorlogs \ + --no-stdsplit \ + --num-processes "$(($(nproc) - 1))" \ + --max-lines 300 - name: Archive failed test journals uses: actions/upload-artifact@v4 diff --git a/mkosi.conf b/mkosi.conf index 35a19a27aa..a5d4eab23b 100644 --- a/mkosi.conf +++ b/mkosi.conf @@ -66,9 +66,6 @@ KernelCommandLine= printk.devkmsg=on # Make sure /sysroot is mounted rw in the initrd. rw - # Lower the default device timeout so we get a shell earlier if the root device does - # not appear for some reason. - systemd.default_device_timeout_sec=90 # Make sure no LSMs are enabled by default. selinux=0 systemd.early_core_pattern=/core @@ -78,9 +75,6 @@ KernelCommandLine= panic=-1 softlockup_panic=1 panic_on_warn=1 - # These don't ship proper units with [Install] directives so we have to mask them instead. - systemd.mask=isc-dhcp-server.service - systemd.mask=mdmonitor.service psi=1 KernelModulesInitrdExclude=.* diff --git a/mkosi.extra.common/usr/lib/systemd/system.conf.d/10-device-timeout.conf b/mkosi.extra.common/usr/lib/systemd/system.conf.d/10-device-timeout.conf new file mode 100644 index 0000000000..05fb1f7639 --- /dev/null +++ b/mkosi.extra.common/usr/lib/systemd/system.conf.d/10-device-timeout.conf @@ -0,0 +1,6 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Manager] +# Lower the default device timeout so we get a shell earlier if the root device does +# not appear for some reason. +DefaultDeviceTimeoutSec=90 diff --git a/mkosi.postinst.chroot b/mkosi.postinst.chroot index a35f824176..0f9e361488 100755 --- a/mkosi.postinst.chroot +++ b/mkosi.postinst.chroot @@ -48,6 +48,10 @@ cp "$SRCDIR/factory/etc/nsswitch.conf" /etc/nsswitch.conf # Remove to make TEST-73-LOCALE pass on Ubuntu. rm -f /etc/default/keyboard +# These don't ship proper units with [Install] directives so we have to mask them instead. +systemctl mask isc-dhcp-server.service +systemctl mask mdmonitor.service + # This is executed inside the chroot so no need to disable any features as the default features will match # the kernel's supported features. SYSTEMD_REPART_MKFS_OPTIONS_EXT4="" \ diff --git a/mkosi.sanitizers/mkosi.conf b/mkosi.sanitizers/mkosi.conf index 0137d4e38d..0492716ec1 100644 --- a/mkosi.sanitizers/mkosi.conf +++ b/mkosi.sanitizers/mkosi.conf @@ -13,10 +13,10 @@ Environment=!SANITIZERS= Environment=ASAN_OPTIONS=verify_asan_link_order=0:intercept_tls_get_addr=0 [Content] +# When modifying these also modify mkosi.extra/usr/lib/systemd/system.conf.d/10-sanitizers.conf. We don't use +# systemd.setenv here as there's a size limit on the kernel command line and we don't want to trigger it. We +# don't use ManagerEnvironment= either as we want these to be set for pid1 from the earliest possible moment. KernelCommandLine= ASAN_OPTIONS=strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1:disable_coredump=0:use_madv_dontdump=1 - systemd.setenv=ASAN_OPTIONS=strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1:disable_coredump=0:use_madv_dontdump=1 UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1 - systemd.setenv=UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1 LSAN_OPTIONS=suppressions=/usr/lib/systemd/leak-sanitizer-suppressions - systemd.setenv=LSAN_OPTIONS=suppressions=/usr/lib/systemd/leak-sanitizer-suppressions diff --git a/mkosi.extra.common/usr/lib/systemd/leak-sanitizer-suppressions b/mkosi.sanitizers/mkosi.extra/usr/lib/systemd/leak-sanitizer-suppressions similarity index 100% rename from mkosi.extra.common/usr/lib/systemd/leak-sanitizer-suppressions rename to mkosi.sanitizers/mkosi.extra/usr/lib/systemd/leak-sanitizer-suppressions diff --git a/mkosi.sanitizers/mkosi.extra/usr/lib/systemd/system.conf.d/10-sanitizers.conf b/mkosi.sanitizers/mkosi.extra/usr/lib/systemd/system.conf.d/10-sanitizers.conf new file mode 100644 index 0000000000..a7152a3abe --- /dev/null +++ b/mkosi.sanitizers/mkosi.extra/usr/lib/systemd/system.conf.d/10-sanitizers.conf @@ -0,0 +1,6 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Manager] +DefaultEnvironment=ASAN_OPTIONS=strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1:disable_coredump=0:use_madv_dontdump=1 \ + UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1 \ + LSAN_OPTIONS=suppressions=/usr/lib/systemd/leak-sanitizer-suppressions diff --git a/mkosi.sanitizers/mkosi.extra/etc/systemd/system/service.d/10-timeout-abort.conf b/mkosi.sanitizers/mkosi.extra/usr/lib/systemd/system/service.d/10-timeout-abort.conf similarity index 100% rename from mkosi.sanitizers/mkosi.extra/etc/systemd/system/service.d/10-timeout-abort.conf rename to mkosi.sanitizers/mkosi.extra/usr/lib/systemd/system/service.d/10-timeout-abort.conf diff --git a/mkosi.sanitizers/mkosi.extra/etc/systemd/system/systemd-journald.service.d/10-stdout-tty.conf b/mkosi.sanitizers/mkosi.extra/usr/lib/systemd/system/systemd-journald.service.d/10-stdout-tty.conf similarity index 100% rename from mkosi.sanitizers/mkosi.extra/etc/systemd/system/systemd-journald.service.d/10-stdout-tty.conf rename to mkosi.sanitizers/mkosi.extra/usr/lib/systemd/system/systemd-journald.service.d/10-stdout-tty.conf diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py index bf0fe80d44..c08f77043c 100755 --- a/test/integration-test-wrapper.py +++ b/test/integration-test-wrapper.py @@ -373,6 +373,7 @@ def main() -> None: 'systemd.show_status=error', 'systemd.crash_shell=0', 'systemd.crash_action=poweroff', + 'loglevel=6', ] if not sys.stderr.isatty() else []