]> git.ipfire.org Git - thirdparty/systemd.git/blob - mkosi.images/base/mkosi.build.chroot
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #30284 from YHNdnzj/fstab-wantedby-defaultdeps
[thirdparty/systemd.git] / mkosi.images / base / mkosi.build.chroot
1 #!/bin/bash
2 # SPDX-License-Identifier: LGPL-2.1-or-later
3 set -e
4
5 # This is a build script for OS image generation using mkosi (https://github.com/systemd/mkosi).
6 # Simply invoke "mkosi" in the project directory to build an OS image.
7
8 # We don't want to install our build of systemd in the base image, but use it as an extra tree for the
9 # initrd and system images, so override DESTDIR to store it in the output directory so we can reference it as
10 # an extra tree in the initrd and system image builds.
11 DESTDIR="$OUTPUTDIR/systemd"
12
13 # If mkosi.builddir/ exists mkosi will set $BUILDDIR to it, let's then use it
14 # as out-of-tree build dir. Otherwise, let's make up our own builddir.
15 [ -z "$BUILDDIR" ] && BUILDDIR="$PWD"/build
16
17 # Let's make sure we're using stuff from the build directory first if available there.
18 PATH="$BUILDDIR:$PATH"
19 export PATH
20
21 # The bpftool script shipped by Ubuntu tries to find the actual program to run via querying `uname -r` and
22 # using the current kernel version. This obviously doesn't work in containers. As a workaround, we override
23 # the ubuntu script with a symlink to the first bpftool program we can find.
24 for bpftool in /usr/lib/linux-tools/*/bpftool; do
25 [ -x "$bpftool" ] || continue
26 ln -sf "$bpftool" "$BUILDDIR"/bpftool
27 break
28 done
29
30 # CentOS Stream 8 includes bpftool 4.18.0 which is lower than what we need. However, they've backported the
31 # specific feature we need ("gen skeleton") to this version, so we replace bpftool with a script that reports
32 # version 5.6.0 to satisfy meson which makes bpf work on CentOS Stream 8 as well.
33 . /usr/lib/os-release
34 if [ "$ID" = "centos" ] && [ "$VERSION" = "8" ]; then
35 cat >"$BUILDDIR"/bpftool <<EOF
36 #!/bin/sh
37 if [ "\$1" = --version ]; then
38 echo 5.6.0
39 else
40 exec /usr/sbin/bpftool \$@
41 fi
42 EOF
43 chmod +x "$BUILDDIR"/bpftool
44 fi
45
46 if [ ! -f "$BUILDDIR"/build.ninja ]; then
47 [[ -d /etc/rc.d/init.d ]] && sysvinit_path="/etc/rc.d/init.d" || sysvinit_path="/etc/init.d"
48
49 if [ "$ID" = "centos" ] && [ "$VERSION" = "8" ]; then
50 UKIFY="disabled"
51 else
52 UKIFY="enabled"
53 fi
54
55 # On Debian 'loadkeys us' fails
56 if [ "$ID" = "debian" ] || [ "$ID_LIKE" = "debian" ]; then
57 DEFAULT_KEYMAP=""
58 else
59 DEFAULT_KEYMAP="us"
60 fi
61
62 CONFIGURE_OPTS=(
63 -D sysvinit-path="$sysvinit_path"
64 -D man=disabled
65 -D translations=false
66 -D version-tag="${VERSION_TAG}"
67 -D mode=developer
68 -D b_sanitize="${SANITIZERS:-none}"
69 -D install-tests=true
70 -D tests=unsafe
71 -D slow-tests="${SLOW_TESTS:-false}"
72 -D create-log-dirs=false
73 -D pamconfdir=/usr/lib/pam.d/
74 -D utmp=true
75 -D hibernate=true
76 -D ldconfig=true
77 -D resolve=true
78 -D efi=true
79 -D tpm=true
80 -D environment-d=true
81 -D binfmt=true
82 -D repart=enabled
83 -D sysupdate=enabled
84 -D coredump=true
85 -D pstore=true
86 -D oomd=true
87 -D logind=true
88 -D hostnamed=true
89 -D localed=true
90 -D machined=true
91 -D portabled=true
92 -D sysext=true
93 -D userdb=true
94 -D homed=enabled
95 -D networkd=true
96 -D timedated=true
97 -D timesyncd=true
98 -D remote=enabled
99 -D nss-myhostname=true
100 -D nss-mymachines=enabled
101 -D nss-resolve=enabled
102 -D nss-systemd=true
103 -D firstboot=true
104 -D randomseed=true
105 -D backlight=true
106 -D vconsole=true
107 -D quotacheck=true
108 -D sysusers=true
109 -D tmpfiles=true
110 -D importd=enabled
111 -D hwdb=true
112 -D rfkill=true
113 -D xdg-autostart=true
114 -D translations=true
115 -D polkit=enabled
116 -D acl=enabled
117 -D audit=enabled
118 -D blkid=enabled
119 -D fdisk=enabled
120 -D kmod=enabled
121 -D pam=enabled
122 -D pwquality=enabled
123 -D microhttpd=enabled
124 -D libcryptsetup=enabled
125 -D libcurl=enabled
126 -D idn=true
127 -D libidn2=enabled
128 -D qrencode=enabled
129 -D gcrypt=enabled
130 -D gnutls=enabled
131 -D openssl=enabled
132 -D cryptolib=openssl
133 -D p11kit=enabled
134 -D libfido2=enabled
135 -D tpm2=enabled
136 -D elfutils=enabled
137 -D zstd=enabled
138 -D xkbcommon=enabled
139 -D pcre2=enabled
140 -D glib=enabled
141 -D dbus=enabled
142 -D bootloader=enabled
143 -D kernel-install=true
144 -D analyze=true
145 -D bpf-framework=enabled
146 -D ukify="$UKIFY"
147 -D seccomp=enabled
148 -D selinux=auto
149 -D apparmor=auto
150 -D smack=true
151 -D ima=true
152 -D first-boot-full-preset=true
153 -D initrd=true
154 -D fexecve=true
155 -D default-keymap="$DEFAULT_KEYMAP"
156 )
157
158 # On debian-like systems the library directory is not /usr/lib64 but /usr/lib/<arch-triplet>/.
159 # It is important to use the right one especially for cryptsetup plugins, otherwise they will be
160 # installed in the wrong directory and not be found by cryptsetup. Assume native build.
161 if grep -q -e "ID=debian" -e "ID_LIKE=debian" /usr/lib/os-release && command -v dpkg 2>/dev/null; then
162 CONFIGURE_OPTS+=(
163 -D libdir="/usr/lib/$(dpkg-architecture -qDEB_HOST_MULTIARCH)"
164 -D pamlibdir="/usr/lib/$(dpkg-architecture -qDEB_HOST_MULTIARCH)/security"
165 )
166 fi
167
168 # Set various uids and gids for which Fedora has "soft static" allocations.
169 # Without this, we would get warning about mismatched sysusers.d entries
170 # between the files that we and Fedora's setup package install.
171 if grep -q '^ID=fedora' /usr/lib/os-release; then
172 CONFIGURE_OPTS+=(
173 -Dadm-gid=4
174 -Daudio-gid=63
175 -Dcdrom-gid=11
176 -Ddialout-gid=18
177 -Ddisk-gid=6
178 -Dinput-gid=104
179 -Dkmem-gid=9
180 -Dkvm-gid=36
181 -Dlp-gid=7
182 -Drender-gid=105
183 -Dsgx-gid=106
184 -Dtape-gid=33
185 -Dtty-gid=5
186 -Dusers-gid=100
187 -Dutmp-gid=22
188 -Dvideo-gid=39
189 -Dwheel-gid=10
190 -Dsystemd-journal-gid=190
191 -Dsystemd-network-uid=192
192 -Dsystemd-resolve-uid=193
193 )
194 fi
195
196 if grep -q '^ID="opensuse' /usr/lib/os-release; then
197 CONFIGURE_OPTS+=(
198 -Dbpf-compiler=gcc
199 )
200 fi
201
202 ( set -x; meson setup "$BUILDDIR" "$SRCDIR" "${CONFIGURE_OPTS[@]}" )
203 fi
204
205 ( set -x; ninja -C "$BUILDDIR" "$@" )
206 if [ "$WITH_TESTS" = 1 ]; then
207 if [ -n "$SANITIZERS" ]; then
208 export ASAN_OPTIONS="$MKOSI_ASAN_OPTIONS"
209 export UBSAN_OPTIONS="$MKOSI_UBSAN_OPTIONS"
210 TIMEOUT_MULTIPLIER=3
211 else
212 TIMEOUT_MULTIPLIER=1
213 fi
214
215 ( set -x; meson test -C "$BUILDDIR" --print-errorlogs --timeout-multiplier=$TIMEOUT_MULTIPLIER )
216 fi
217
218 ( set -x; meson install -C "$BUILDDIR" --quiet --no-rebuild --only-changed )
219
220 # Ensure that side-loaded PE addons are loaded if signed, and ignored if not
221 if [ -d "${DESTDIR}/boot/loader" ]; then
222 addons_dir="${DESTDIR}/boot/loader/addons"
223 elif [ -d "${DESTDIR}/efi/loader" ]; then
224 addons_dir="${DESTDIR}/efi/loader/addons"
225 fi
226 if [ -n "${addons_dir}" ]; then
227 mkdir -p "${addons_dir}"
228 ukify --secureboot-private-key mkosi.secure-boot.key --secureboot-certificate mkosi.secure-boot.crt --cmdline this_should_be_here -o "${addons_dir}/good.addon.efi"
229 ukify --cmdline this_should_not_be_here -o "${addons_dir}/bad.addon.efi"
230 fi
Unnamed repository; edit this file 'description' to name the repository.