From 2ebb4c3991cd82a5ae9edc47317dd98833ee8894 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Sun, 8 Dec 2024 12:55:35 +0100 Subject: [PATCH 1/6] mkosi: Update to latest --- .github/workflows/mkosi.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml index b1a41a3cdb..7aea3769f3 100644 --- a/.github/workflows/mkosi.yml +++ b/.github/workflows/mkosi.yml @@ -113,7 +113,7 @@ jobs: steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - - uses: systemd/mkosi@07ef37c4c0dad5dfc6cec86c967a7600df1cd88c + - uses: systemd/mkosi@c4bbf3b71a3e2cf947995caedf10f69da3c4957a # Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space # immediately, we remove the files in the background. However, we first move them to a different location From ade7d0447967da0e75eb5c8eedd1467bd2c57477 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 6 Dec 2024 15:04:56 +0100 Subject: [PATCH 2/6] mkosi: Reduce kernel command line size The kernel command line has a size limit and we've hit it before so let's move some stuff to configuration files or scripts to reduce the kernel command line size a bit. --- mkosi.conf | 6 ------ .../usr/lib/systemd/system.conf.d/10-device-timeout.conf | 6 ++++++ mkosi.postinst.chroot | 4 ++++ mkosi.sanitizers/mkosi.conf | 6 +++--- .../usr/lib/systemd/system.conf.d/10-sanitizers.conf | 6 ++++++ .../lib}/systemd/system/service.d/10-timeout-abort.conf | 0 .../system/systemd-journald.service.d/10-stdout-tty.conf | 0 7 files changed, 19 insertions(+), 9 deletions(-) create mode 100644 mkosi.extra.common/usr/lib/systemd/system.conf.d/10-device-timeout.conf create mode 100644 mkosi.sanitizers/mkosi.extra/usr/lib/systemd/system.conf.d/10-sanitizers.conf rename mkosi.sanitizers/mkosi.extra/{etc => usr/lib}/systemd/system/service.d/10-timeout-abort.conf (100%) rename mkosi.sanitizers/mkosi.extra/{etc => usr/lib}/systemd/system/systemd-journald.service.d/10-stdout-tty.conf (100%) diff --git a/mkosi.conf b/mkosi.conf index 35a19a27aa..a5d4eab23b 100644 --- a/mkosi.conf +++ b/mkosi.conf @@ -66,9 +66,6 @@ KernelCommandLine= printk.devkmsg=on # Make sure /sysroot is mounted rw in the initrd. rw - # Lower the default device timeout so we get a shell earlier if the root device does - # not appear for some reason. - systemd.default_device_timeout_sec=90 # Make sure no LSMs are enabled by default. selinux=0 systemd.early_core_pattern=/core @@ -78,9 +75,6 @@ KernelCommandLine= panic=-1 softlockup_panic=1 panic_on_warn=1 - # These don't ship proper units with [Install] directives so we have to mask them instead. - systemd.mask=isc-dhcp-server.service - systemd.mask=mdmonitor.service psi=1 KernelModulesInitrdExclude=.* diff --git a/mkosi.extra.common/usr/lib/systemd/system.conf.d/10-device-timeout.conf b/mkosi.extra.common/usr/lib/systemd/system.conf.d/10-device-timeout.conf new file mode 100644 index 0000000000..05fb1f7639 --- /dev/null +++ b/mkosi.extra.common/usr/lib/systemd/system.conf.d/10-device-timeout.conf @@ -0,0 +1,6 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Manager] +# Lower the default device timeout so we get a shell earlier if the root device does +# not appear for some reason. +DefaultDeviceTimeoutSec=90 diff --git a/mkosi.postinst.chroot b/mkosi.postinst.chroot index a35f824176..0f9e361488 100755 --- a/mkosi.postinst.chroot +++ b/mkosi.postinst.chroot @@ -48,6 +48,10 @@ cp "$SRCDIR/factory/etc/nsswitch.conf" /etc/nsswitch.conf # Remove to make TEST-73-LOCALE pass on Ubuntu. rm -f /etc/default/keyboard +# These don't ship proper units with [Install] directives so we have to mask them instead. +systemctl mask isc-dhcp-server.service +systemctl mask mdmonitor.service + # This is executed inside the chroot so no need to disable any features as the default features will match # the kernel's supported features. SYSTEMD_REPART_MKFS_OPTIONS_EXT4="" \ diff --git a/mkosi.sanitizers/mkosi.conf b/mkosi.sanitizers/mkosi.conf index 0137d4e38d..0492716ec1 100644 --- a/mkosi.sanitizers/mkosi.conf +++ b/mkosi.sanitizers/mkosi.conf @@ -13,10 +13,10 @@ Environment=!SANITIZERS= Environment=ASAN_OPTIONS=verify_asan_link_order=0:intercept_tls_get_addr=0 [Content] +# When modifying these also modify mkosi.extra/usr/lib/systemd/system.conf.d/10-sanitizers.conf. We don't use +# systemd.setenv here as there's a size limit on the kernel command line and we don't want to trigger it. We +# don't use ManagerEnvironment= either as we want these to be set for pid1 from the earliest possible moment. KernelCommandLine= ASAN_OPTIONS=strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1:disable_coredump=0:use_madv_dontdump=1 - systemd.setenv=ASAN_OPTIONS=strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1:disable_coredump=0:use_madv_dontdump=1 UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1 - systemd.setenv=UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1 LSAN_OPTIONS=suppressions=/usr/lib/systemd/leak-sanitizer-suppressions - systemd.setenv=LSAN_OPTIONS=suppressions=/usr/lib/systemd/leak-sanitizer-suppressions diff --git a/mkosi.sanitizers/mkosi.extra/usr/lib/systemd/system.conf.d/10-sanitizers.conf b/mkosi.sanitizers/mkosi.extra/usr/lib/systemd/system.conf.d/10-sanitizers.conf new file mode 100644 index 0000000000..a7152a3abe --- /dev/null +++ b/mkosi.sanitizers/mkosi.extra/usr/lib/systemd/system.conf.d/10-sanitizers.conf @@ -0,0 +1,6 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Manager] +DefaultEnvironment=ASAN_OPTIONS=strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1:disable_coredump=0:use_madv_dontdump=1 \ + UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1 \ + LSAN_OPTIONS=suppressions=/usr/lib/systemd/leak-sanitizer-suppressions diff --git a/mkosi.sanitizers/mkosi.extra/etc/systemd/system/service.d/10-timeout-abort.conf b/mkosi.sanitizers/mkosi.extra/usr/lib/systemd/system/service.d/10-timeout-abort.conf similarity index 100% rename from mkosi.sanitizers/mkosi.extra/etc/systemd/system/service.d/10-timeout-abort.conf rename to mkosi.sanitizers/mkosi.extra/usr/lib/systemd/system/service.d/10-timeout-abort.conf diff --git a/mkosi.sanitizers/mkosi.extra/etc/systemd/system/systemd-journald.service.d/10-stdout-tty.conf b/mkosi.sanitizers/mkosi.extra/usr/lib/systemd/system/systemd-journald.service.d/10-stdout-tty.conf similarity index 100% rename from mkosi.sanitizers/mkosi.extra/etc/systemd/system/systemd-journald.service.d/10-stdout-tty.conf rename to mkosi.sanitizers/mkosi.extra/usr/lib/systemd/system/systemd-journald.service.d/10-stdout-tty.conf From d82a93f3e19a11195541d7326d4d8229d5a15f6b Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 6 Dec 2024 15:07:35 +0100 Subject: [PATCH 3/6] mkosi: Move leak sanitizer supressions file to sanitizers extra tree --- .../mkosi.extra}/usr/lib/systemd/leak-sanitizer-suppressions | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {mkosi.extra.common => mkosi.sanitizers/mkosi.extra}/usr/lib/systemd/leak-sanitizer-suppressions (100%) diff --git a/mkosi.extra.common/usr/lib/systemd/leak-sanitizer-suppressions b/mkosi.sanitizers/mkosi.extra/usr/lib/systemd/leak-sanitizer-suppressions similarity index 100% rename from mkosi.extra.common/usr/lib/systemd/leak-sanitizer-suppressions rename to mkosi.sanitizers/mkosi.extra/usr/lib/systemd/leak-sanitizer-suppressions From 8f51cf69814fc59be0ee4a1a18e8cd068559409f Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 6 Dec 2024 15:13:16 +0100 Subject: [PATCH 4/6] test: Set kernel loglevel to INFO when running tests unattended This makes sure all kernel log messages are logged to the console. This should be helpful during shutdown to detect possible issues with journald when the logs can't be written to the journal itself anymore but are written to kmsg. --- test/integration-test-wrapper.py | 1 + 1 file changed, 1 insertion(+) diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py index bf0fe80d44..c08f77043c 100755 --- a/test/integration-test-wrapper.py +++ b/test/integration-test-wrapper.py @@ -373,6 +373,7 @@ def main() -> None: 'systemd.show_status=error', 'systemd.crash_shell=0', 'systemd.crash_action=poweroff', + 'loglevel=6', ] if not sys.stderr.isatty() else [] From 71d19c5b56472cddc8b9a8315d5172ea85e9719d Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 6 Dec 2024 15:20:15 +0100 Subject: [PATCH 5/6] mkosi: Use mkosi sandbox in CI with Fedora tools tree This gives us a newer meson which will allow us to use the new --max-lines= feature I added in meson 1.5.0. --- .github/workflows/mkosi.yml | 53 +++++++++++++------------------------ 1 file changed, 18 insertions(+), 35 deletions(-) diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml index 7aea3769f3..ccd166825f 100644 --- a/.github/workflows/mkosi.yml +++ b/.github/workflows/mkosi.yml @@ -152,6 +152,8 @@ jobs: [Build] UseSubvolumes=yes + ToolsTree=default + ToolsTreeDistribution=fedora WorkspaceDirectory=$TMPDIR PackageCacheDirectory=$TMPDIR/cache @@ -178,47 +180,28 @@ jobs: - name: Show image summary run: mkosi summary - - name: Install dependencies - run: | - mkosi dependencies | - xargs -d '\n' sudo apt-get install \ - gperf \ - libblkid-dev \ - libcap-dev \ - libcryptsetup-dev \ - libcurl4-openssl-dev \ - libfdisk-dev \ - libmicrohttpd-dev \ - libmount-dev \ - libtss2-dev \ - meson + - name: Build tools tree + run: mkosi -f sandbox true - name: Configure meson - run: | - OPTIONS=( - --buildtype=debugoptimized - -Dintegration-tests=true - -Dremote=enabled - -Dopenssl=enabled - -Dblkid=enabled - -Dtpm2=enabled - -Dlibcryptsetup=enabled - -Dlibcurl=enabled - -Drepart=enabled - -Dfirstboot=true - -Dsysusers=true - -Dtmpfiles=true - -Dhwdb=true - -Dvmspawn=enabled - ) - - meson setup build "${OPTIONS[@]}" + run: mkosi sandbox meson setup --buildtype=debugoptimized -Dintegration-tests=true build - name: Build image - run: sudo meson compile -C build mkosi + run: sudo --preserve-env mkosi sandbox meson compile -C build mkosi - name: Run integration tests - run: sudo --preserve-env env TEST_PREFER_QEMU=${{ matrix.qemu }} meson test -C build --no-rebuild --suite integration-tests --print-errorlogs --no-stdsplit --num-processes "$(($(nproc) - 1))" + run: | + sudo --preserve-env \ + mkosi sandbox \ + env \ + TEST_PREFER_QEMU=${{ matrix.qemu }} \ + meson test \ + -C build \ + --no-rebuild \ + --suite integration-tests \ + --print-errorlogs \ + --no-stdsplit \ + --num-processes "$(($(nproc) - 1))" - name: Archive failed test journals uses: actions/upload-artifact@v4 From e469add21e3407ad3443c0e6f9c44dcf05935d99 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 6 Dec 2024 15:21:29 +0100 Subject: [PATCH 6/6] mkosi: Set meson --max-lines= to 300 in CI By default meson only shows the last 100 lines of output for failed tests. Let's bump this to 300 with the new --max-lines= option I added so we get more useful output on test failures. --- .github/workflows/mkosi.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml index ccd166825f..e8ba9d3334 100644 --- a/.github/workflows/mkosi.yml +++ b/.github/workflows/mkosi.yml @@ -201,7 +201,8 @@ jobs: --suite integration-tests \ --print-errorlogs \ --no-stdsplit \ - --num-processes "$(($(nproc) - 1))" + --num-processes "$(($(nproc) - 1))" \ + --max-lines 300 - name: Archive failed test journals uses: actions/upload-artifact@v4