* 10544812b3 Don't fix up vmlinuz locations if not required
* 9baf551923 Reduce amount of packages in default image
* 9e1a2f18b8 Add support for assert sections
* c7c6e2c0b1 ubuntu: Switch to devel as the default release
* 0822deb69c Improve logging when we can not extract kernel version from filename
* 1fd7ef3db7 Do not build default initrd if Initrds= is specified
* 611c8b46c8 Don't unconditionally sync when PackageCacheDirectory=/var
* ab37f24d38 README: add link to OBS docs for mkosi builds
* 02bf256ebb completion: add reuse ignore comments
* 10ccb0b04f Make sure not all subimages depend on default-initrd subimage
* 442e1ce0f1 mkosi-tools: systemd-boot-tools is now available for all arches
* 307fc1dba3 action: make it work when used as a submodule
* c37a55f91b config: serialize dataclass instances in our JSONEncoder
* f26cb34155 log: set terminal window title in complete_step while mkosi runs
* 280c78e681 Make sure inherited settings are applied for the default initrd
* ae4f2fd718 Fix typo
* 5644f3e83e build(deps): bump github/codeql-action from 3.29.7 to 3.30.5
* 7d7b26b8c9 build(deps): bump actions/checkout from 4.2.2 to 5.0.0
* e805253447 postmarketos: implement is_kernel_package
* dd51d2e019 postmarketos: provide missing i386-vars.fd
* e23e6de66b Do not relabel files when building extension image
* ab05ead5eb Bump various systemd version checks to 258
* 382cc8b450 preset: drop systemd-networkd-wait-online.service
* 477b6b2ed5 mkosi-initrd: install systemd-container in network profile
* 1d167c0b53 mkosi-initrd: add 89-ethernet.network for network profile
* b1e81dec3a mkosi-initrd: Install libseccomp explicitly
* 3c431a141c opensuse: repository non-oss-debug is invalid
* 62ab363149 ci: add an s390x build job for additional coverage
* 62765f2d07 mailmap: deduplicate Daan
* 47f963f40b Revert "ci: Disable PPC jobs temporarily"
* 6a48f83dda dnf: Always specify --best again
* 3702368616 sandbox: Make all relative paths absolute during argparsing
* a587af0bf7 dnf: Fix /var package cache directory check in package_subdirs()
* 56cdbc25b5 Always use repository metadata from /var package cache directory
* 669d4418a3 Add note on Encrypt=yes to Passphrase= docs
* caa129edae Drop BuildSourcesEphemeral=yes from default image config
* 7edca63478 Add devicetree-auto support for UKI
* 6cb1649074 Don't add ncdu for ppc64-le on Fedora
* e019d2d2a6 ci: Disable PPC jobs temporarily
Use the same trickery we do in the package build and search for
the actual bpftool binary. For the CI job any one we find is
good enough.
When we switch all jobs to 26.04 we can drop all of this.
This reverts commit cc814110af.
/usr/sbin/bpftool is completely broken inside containers on
Ubuntu which makes meson blow up so disable the bpf-framework
stuff to avoid the issue.
TODO: Drop when we move off Ubuntu Noble as this will be fixed
in the next Ubuntu LTS release.
It seems
- the address sanitizer on fedora 42 reports false-positive, or
- probing partitions in libblkid 2.40.4 has a bug.
Not sure which causes the issue, but anyway the address sanitizer
kills udev-worker when sym_blkid_partition_get_name() is called
in udev-builtin-blkid.c.
```
systemd-udevd[488]: ==488==ERROR: AddressSanitizer: stack-buffer-underflow on address 0x7ffdd716e020 at pc 0x563e3ca66fcb bp 0x7ffdd716d970 sp 0x7ffdd716d968
systemd-udevd[488]: READ of size 8 at 0x7ffdd716e020 thread T0 ((udev-worker))
(snip)
systemd-udevd[488]: HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
systemd-udevd[488]: (longjmp and C++ exceptions *are* supported)
systemd-udevd[488]: SUMMARY: AddressSanitizer: stack-buffer-underflow (/usr/bin/udevadm+0x187fca) (BuildId: 1fb56dbdf0447aba1185d6e34560b782b76098be)
(snip)
systemd-udevd[488]: Command: (udev-worker)
systemd-udevd[488]: ==488==ABORTING
```
Let's bump fedora from 42 to 43.
Fixes mkosi fedora 42 job failures after c349edfe49.
* 786b8fe1c8 Return false from want_efi() for UKI outputs
* fac86dbc93 mkosi-tools: add qemu/pipewire packages for gui profile for debian
* 3bb98f0e6e Add ncdu to tools tree packages
* 1332b32cb4 config: Fix type for devicetree setting
* eff03569ee initrd: Add intel_pmc_ssram_telemetry module by default
* e04305b030 Make Bootable= determine whether we build a UKI for esp images
* 7252146429 mkosi-obs: use --force also for unzstd
* f58e31e228 mkosi-obs: do not fail if there are no bootloaders in the ESP
* fac3bd4bf1 rhel: Look up entitlement keys and certificates in sandbox
* da814d9634 opensuse: Add support for RISC-V for Tumbleweed
* b1d66c88d0 fedora: Rework rawhide GPG key logic
* b9360f25df Include {sys,conf}ext info in metadata file
* 94c6db6148 Set MakeInitrd=yes in documentation for building custom initrd
* d134013ca8 mkosi-tools: add grub2-common to openSUSE tools tree
* c97d345395 mkosi-tools: virtiofsd is only available on a subset of architectures on debian/ubuntu
* 5598b7f579 fedora: be more persistent when guessing what rawhide could be
* cdd2d1570e Use apt-ftparchive instead of reprepro
* eeb4ce6302 fix dead/404 link
* 30a487d183 mkosi-tools: Drop systemd-boot-efi package
* ad4b4d2cbe Add debug logging for version reported by systemd tools
* 95f5c77fb7 mkosi-tools: move systemd-boot package to conf file matching older releases
* 7da22f33e0 README: clarify that companion tools can also be enabled from the git repo
* ec3fe91532 Drop microsecond resolution for datetime.now()
* 9f7a53b687 mkosi-initrd: install raid rule with 70 prefix
* 32c3ff4677 ci: give a hint about possible fixes for failing reuse lints
* 489c5e9ecc build(deps): bump github/codeql-action from 3.29.2 to 3.29.5
Debian provides a signed shim that trusts sdboot and can be
installed without pulling in grub automatically. Install it
in the debian mkosi CI job, and build a custom efivars with
the mkosi cert enrolled in MOK but not DB, to test those
code paths.
* cb1a3c9049 FirmwareVariables: allow generating during image build
* 6104923534 env: export $EFI_ARCHITECTURE in hook scripts on EFI arches
* fef33f96a2 mkosi-tools: ukify moved to systemd-ukify in openSUSE
* ec4475a846 ensure builds with cache over device boundaries
* 7be5159f24 Change UnifiedKernelImages to enum and accept signed/unsigned
* 071ac4a575 mkosi-vm: install systemd-boot-efi-signed where available
* 1865be628e opensuse: Install OpenSUSE-release if another release package is not installed
* 0381b17819 qemu: Disable hpet for x86 VMs
* 4f63700eb3 mkosi-tools: install systemd-boot-tools for bootctl
* 1230ed333b man: remove duplicate 'the' in FirmwareVariables description
- pass our system include directories to make generators use our libc
wrappers and latest kernel headers,
- include relevant headers in generated gperf file,
- use files() rather than find_program(), as the result of
find_program() cannot be passed to 'input' of custom_target(),
- move generate-bpf-delegate-configs.py to src/core/, as it is only used
by libcore.
* 184472f0f1 mkosi-tools: make sure p11-kit dir exists when configuring module
* 9fb807884e mkosi-tools: Explicitly install p11-kit
* 9131877d60 Support matching against architectures with uefi support
* f1eab5a783 Rename sandbox verb to box
* d609f55d98 Fix /var/tmp directory cleanup
* 4997b9495c build(deps): bump github/codeql-action from 3.28.18 to 3.29.2
Otherwise, integration-test-wrapper.py will fail.
```
Traceback (most recent call last):
File "/home/runner/work/systemd/systemd/test/integration-tests/integration-test-wrapper.py", line 693, in <module>
main()
~~~~^^
File "/home/runner/work/systemd/systemd/test/integration-tests/integration-test-wrapper.py", line 677, in main
runner = os.environ['TEST_RUNNER']
~~~~~~~~~~^^^^^^^^^^^^^^^
File "<frozen os>", line 717, in __getitem__
KeyError: 'TEST_RUNNER'
```
Follow-up for c0a5801f7b.
The slow tests have timed out at least a couple of times,
so add a multiplier
1252/1633 systemd:libsystemd / test-sd-device TIMEOUT 30.04s killed by signal 15 SIGTERM
1633/1633 systemd:libsystemd / test-journal-verify TIMEOUT 90.01s killed by signal 15 SIGTERM
Follow-up for 8a1d134144
Enable nspawn job, as there's no nested kvm so VMs are too slow. Fix
some tests that fail in a VM anyway, might add a nightly job later that
runs them.
New workers we got from IBM can be used now. The GHA linter doesn't
recognize them yet, so add a local workaround until the change is
merged in the linter.
