- distro: debian
release: testing
- distro: ubuntu
- release: jammy
+ release: noble
- distro: fedora
release: "39"
- distro: fedora
release: rawhide
- - distro: opensuse
- release: tumbleweed
+ # TODO: Re-enable once https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/thread/AU4NWTBXNA7MVAUXWR74XYCHCSZN4Z4K/
+ # is resolved or https://build.opensuse.org/request/show/1152118 is merged.
+ # - distro: opensuse
+ # release: tumbleweed
- distro: centos
release: "9"
- - distro: centos
- release: "8"
env:
SYSTEMD_LOG_LEVEL: debug
# Build a disk image in CI as this logic is much more prone to breakage.
Format=disk
- [Content]
- Environment=CI_BUILD=1
- SLOW_TESTS=true
-
[Host]
ToolsTree=default
ToolsTreeDistribution=fedora
For some components (most importantly, systemd/PID 1 itself) this is not
possible, however. In order to simplify testing for cases like this we provide
-a set of `mkosi` build files directly in the source tree.
+a set of `mkosi` config files directly in the source tree.
[mkosi](https://github.com/systemd/mkosi) is a tool for building clean OS images
from an upstream distribution in combination with a fresh build of the project
-in the local working directory. To make use of this, please install `mkosi` v19
-or newer using your distribution's package manager or from the
-[GitHub repository](https://github.com/systemd/mkosi). `mkosi` will build an
-image for the host distro by default. First, run `mkosi genkey` to generate a key
-and certificate to be used for secure boot and verity signing. After that is done,
-it is sufficient to type `mkosi` in the systemd project directory to generate a disk
-image you can boot either in `systemd-nspawn` or in a UEFI-capable VM:
+in the local working directory. To make use of this, please install the latest
+version of mkosi from the [GitHub repository](https://github.com/systemd/mkosi).
+`mkosi` will build an image for the host distro by default. First, run
+`mkosi genkey` to generate a key and certificate to be used for secure boot and
+verity signing. After that is done, it is sufficient to type `mkosi` in the
+systemd project directory to generate a disk image you can boot either in
+`systemd-nspawn` or in a UEFI-capable VM:
```sh
$ sudo mkosi boot # nspawn still needs sudo for now
[Config]
Images=system
-MinimumVersion=20.2
+MinimumVersion=21
[Output]
@OutputDirectory=mkosi.output
Environment=ASAN_OPTIONS=verify_asan_link_order=false
MKOSI_ASAN_OPTIONS=strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1:disable_coredump=0:use_madv_dontdump=1
MKOSI_UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1
+@SELinuxRelabel=no
[Host]
@Incremental=yes
-@QemuMem=2G
+# TODO: Drop to 2G again once the next Noble kernel update ships and we can use linux-image-virtual.
+@QemuMem=4G
@RuntimeSize=8G
ToolsTreePackages=virtiofsd
KernelCommandLineExtra=systemd.crash_shell
+++ /dev/null
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-# Arch and CentOS 8 Stream initrds are rather big so we need to give QEMU more memory so the kernel can load
-# them without OOMing.
-
-[Match]
-Distribution=|arch
-Distribution=|centos
-
-[Host]
-@QemuMem=3G
[Distribution]
@Release=tumbleweed
+PackageManagerTrees=mkosi.conf.d/macros.db_backend:/etc/rpm/macros.db_backend
Distribution=ubuntu
[Distribution]
-@Release=jammy
+@Release=noble
Repositories=universe
--- /dev/null
+%_db_backend ndb
+++ /dev/null
-#!/bin/bash
-# SPDX-License-Identifier: LGPL-2.1-or-later
-set -e
-
-# This is a build script for OS image generation using mkosi (https://github.com/systemd/mkosi).
-# Simply invoke "mkosi" in the project directory to build an OS image.
-
-# We don't want to install our build of systemd in the base image, but use it as an extra tree for the
-# initrd and system images, so override DESTDIR to store it in the output directory so we can reference it as
-# an extra tree in the initrd and system image builds.
-export DESTDIR="$OUTPUTDIR/systemd"
-
-# If mkosi.builddir/ exists mkosi will set $BUILDDIR to it, let's then use it
-# as out-of-tree build dir. Otherwise, let's make up our own builddir.
-[ -z "$BUILDDIR" ] && BUILDDIR="$PWD"/build
-
-# Let's make sure we're using stuff from the build directory first if available there.
-PATH="$BUILDDIR:$PATH"
-export PATH
-
-# The bpftool script shipped by Ubuntu tries to find the actual program to run via querying `uname -r` and
-# using the current kernel version. This obviously doesn't work in containers. As a workaround, we override
-# the ubuntu script with a symlink to the first bpftool program we can find.
-for bpftool in /usr/lib/linux-tools/*/bpftool; do
- [ -x "$bpftool" ] || continue
- ln -sf "$bpftool" "$BUILDDIR"/bpftool
- break
-done
-
-# CentOS Stream 8 includes bpftool 4.18.0 which is lower than what we need. However, they've backported the
-# specific feature we need ("gen skeleton") to this version, so we replace bpftool with a script that reports
-# version 5.6.0 to satisfy meson which makes bpf work on CentOS Stream 8 as well.
-. /usr/lib/os-release
-if [ "$ID" = "centos" ] && [ "$VERSION" = "8" ]; then
- cat >"$BUILDDIR"/bpftool <<EOF
-#!/bin/sh
-if [ "\$1" = --version ]; then
- echo 5.6.0
-else
- exec /usr/sbin/bpftool \$@
-fi
-EOF
- chmod +x "$BUILDDIR"/bpftool
-fi
-
-if [ ! -f "$BUILDDIR"/build.ninja ]; then
- CONFIGURE_OPTS=(
- -D sysvinit-path="$([[ -d /etc/rc.d/init.d ]] && echo /etc/rc.d/init.d || echo /etc/init.d)"
- -D man=disabled
- -D translations=false
- -D version-tag="${VERSION_TAG}"
- -D mode=developer
- -D b_sanitize="${SANITIZERS:-none}"
- -D install-tests=true
- -D tests=unsafe
- -D slow-tests="${SLOW_TESTS:-false}"
- -D create-log-dirs=false
- -D pamconfdir=/usr/lib/pam.d/
- -D utmp=true
- -D hibernate=true
- -D ldconfig=true
- -D resolve=true
- -D efi=true
- -D tpm=true
- -D environment-d=true
- -D binfmt=true
- -D coredump=true
- -D pstore=true
- -D oomd=true
- -D logind=true
- -D hostnamed=true
- -D localed=true
- -D machined=true
- -D portabled=true
- -D sysext=true
- -D userdb=true
- -D networkd=true
- -D timedated=true
- -D timesyncd=true
- -D nss-myhostname=true
- -D nss-systemd=true
- -D firstboot=true
- -D randomseed=true
- -D backlight=true
- -D vconsole=true
- -D quotacheck=true
- -D sysusers=true
- -D tmpfiles=true
- -D hwdb=true
- -D rfkill=true
- -D xdg-autostart=true
- -D translations=true
- -D idn=true
- -D cryptolib=openssl
- -D kernel-install=true
- -D analyze=true
- -D ukify="$([[ "$ID" = "centos" ]] && [[ "$VERSION" = "8" ]] && echo disabled || echo enabled)"
- -D selinux="$([[ "$ID" =~ centos|fedora|opensuse ]] && echo enabled || echo disabled)"
- -D apparmor="$([[ "$ID" =~ ubuntu|debian ]] && echo enabled || echo disabled)"
- -D smack=true
- -D ima=true
- -D first-boot-full-preset=true
- -D initrd=true
- -D fexecve=true
- -D default-keymap="$([[ "$ID" =~ debian|ubuntu ]] && echo "" || echo "us")"
- -D xenctrl="$([[ "$ID" =~ debian|ubuntu|fedora|opensuse ]] && echo enabled || echo disabled)"
- -D libiptc="$([[ "$ID" =~ debian|ubuntu ]] && echo enabled || echo disabled)"
- -D libcryptsetup-plugins="$([[ "$ID" = "centos" ]] && [[ "$VERSION" = "8" ]] && echo disabled || echo enabled)"
- )
-
- # On debian-like systems the library directory is not /usr/lib64 but /usr/lib/<arch-triplet>/.
- # It is important to use the right one especially for cryptsetup plugins, otherwise they will be
- # installed in the wrong directory and not be found by cryptsetup. Assume native build.
- if grep -q -e "ID=debian" -e "ID_LIKE=debian" /usr/lib/os-release && command -v dpkg 2>/dev/null; then
- CONFIGURE_OPTS+=(
- -D libdir="/usr/lib/$(dpkg-architecture -qDEB_HOST_MULTIARCH)"
- -D pamlibdir="/usr/lib/$(dpkg-architecture -qDEB_HOST_MULTIARCH)/security"
- )
- fi
-
- # Set various uids and gids for which Fedora has "soft static" allocations.
- # Without this, we would get warning about mismatched sysusers.d entries
- # between the files that we and Fedora's setup package install.
- if grep -q '^ID=fedora' /usr/lib/os-release; then
- CONFIGURE_OPTS+=(
- -D adm-gid=4
- -D audio-gid=63
- -D cdrom-gid=11
- -D dialout-gid=18
- -D disk-gid=6
- -D input-gid=104
- -D kmem-gid=9
- -D kvm-gid=36
- -D lp-gid=7
- -D render-gid=105
- -D sgx-gid=106
- -D tape-gid=33
- -D tty-gid=5
- -D users-gid=100
- -D utmp-gid=22
- -D video-gid=39
- -D wheel-gid=10
- -D systemd-journal-gid=190
- -D systemd-network-uid=192
- -D systemd-resolve-uid=193
- )
- fi
-
- if grep -q '^ID="opensuse' /usr/lib/os-release; then
- CONFIGURE_OPTS+=(
- -Dbpf-compiler=gcc
- )
- fi
-
- ( set -x; meson setup "$BUILDDIR" "$SRCDIR" --auto-features=enabled "${CONFIGURE_OPTS[@]}" )
-fi
-
-( set -x; ninja -C "$BUILDDIR" "$@" )
-if [ "$WITH_TESTS" = 1 ]; then
- if [ -n "$SANITIZERS" ]; then
- export ASAN_OPTIONS="$MKOSI_ASAN_OPTIONS"
- export UBSAN_OPTIONS="$MKOSI_UBSAN_OPTIONS"
- TIMEOUT_MULTIPLIER=3
- else
- TIMEOUT_MULTIPLIER=1
- fi
-
- ( set -x; meson test -C "$BUILDDIR" --print-errorlogs --timeout-multiplier=$TIMEOUT_MULTIPLIER )
-fi
-
-( set -x; meson install -C "$BUILDDIR" --quiet --no-rebuild --only-changed )
Format=directory
[Content]
-Bootable=no
+Autologin=yes
+# Make sure we build the default initrd as part of the base image as it will have access to the systemd and
+# udev rpms which are built by the build scripts that are part of the base image.
+Bootable=yes
+# we want to build the UKI as part of the system image so make sure none are built here.
+Bootloader=none
CleanPackageMetadata=no
Packages=
-Packages=
- kmod
- less
- util-linux
-
-BuildPackages=
acl
- binutils
- clang
+ bash-completion
+ coreutils
diffutils
- gawk
+ dnsmasq
+ dosfstools
+ e2fsprogs
+ findutils
+ gcc # Sanitizer libraries
gdb
- gettext
git
- gperf
grep
- lld
- llvm
- make
- meson
- pkgconf
+ gzip
+ jq
+ kbd
+ kexec-tools
+ kmod
+ less
+ mtools
+ nano
+ nftables
+ openssl
+ python3
+ qrencode
rsync
sed
+ socat
strace
+ systemd
tar
+ tmux
+ tree
+ udev
+ util-linux
+ valgrind
+ wireguard-tools
+ xfsprogs
+ zsh
zstd
+++ /dev/null
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-Distribution=arch
-
-[Content]
-Packages=
- cryptsetup
- dbus
- gnutls
- libarchive
- libbpf
- libfido2
- libmicrohttpd
- libnftnl
- libpwquality
- libseccomp
- libxkbcommon
- openssl
- qrencode
- tpm2-tss
-
-BuildPackages=
- bpf
- docbook-xsl
- glib2
- libxslt
- linux-api-headers
- python
- python-jinja
- python-lxml
- python-pefile
- python-pyelftools
--- /dev/null
+#!/bin/bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -e
+
+mkosi-install systemd systemd-sysvcompat
--- /dev/null
+#!/bin/bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -ex
+
+if [ ! -f "pkg/$DISTRIBUTION/PKGBUILD" ]; then
+ echo "PKGBUILD not found at pkg/$DISTRIBUTION/PKGBUILD, run mkosi once with -ff to make sure the PKGBUILD is cloned" >&2
+ exit 1
+fi
+
+# We can't configure the source or build directory so we use bind mounts instead to make sure they are in the
+# expected locations.
+mount --mkdir --bind "$SRCDIR" "pkg/$DISTRIBUTION/systemd-stable/"
+mount --mkdir --bind "$BUILDDIR" "pkg/$DISTRIBUTION/build/"
+# Because we run with --noextract we are responsible for making sure the source files appear in src/.
+mount --mkdir --rbind "$PWD/pkg/$DISTRIBUTION" "pkg/$DISTRIBUTION/src/"
+
+# shellcheck source=/dev/null
+. /etc/makepkg.conf
+
+# Override the default options. Use -Og because -O0 doesn't work with FORTIFY_SOURCE. We specifically disable
+# "strip", "zipman" and "lto" as they slow down builds significantly. OPTIONS= cannot be overridden on the
+# makepkg command line so we append to /etc/makepkg.conf instead. The rootfs is overlayed with a writable
+# tmpfs during the build script so these changes don't end up in the image itself.
+tee --append /etc/makepkg.conf >/dev/null <<EOF
+CFLAGS="$CFLAGS -Og"
+OPTIONS=(!strip docs !libtool !staticlibs emptydirs !zipman purge debug !lto)
+EOF
+
+# Linting the PKGBUILD takes multiple seconds every build so avoid that by nuking all the linting functions.
+rm /usr/share/makepkg/lint_pkgbuild/*
+
+if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then
+ TS="$(git show --no-patch --format=%ct HEAD)"
+else
+ TS="${SOURCE_DATE_EPOCH:-$(date +%s)}"
+fi
+
+# We get around makepkg's root check by setting EUID to something else.
+# shellcheck disable=SC2046
+env --chdir="pkg/$DISTRIBUTION" \
+ EUID=123 \
+ makepkg \
+ --noextract \
+ $( ((WITH_TESTS)) || echo --nocheck) \
+ --force \
+ UPSTREAM=1 \
+ QUIET=1 \
+ BUILDDIR="$PWD/pkg/$DISTRIBUTION" \
+ PKGDEST="$PACKAGEDIR" \
+ PKGEXT=".pkg.tar" \
+ PKGVER="$(cat meson.version)" \
+ PKGREL="$(date "+%Y%m%d%H%M%S" --date "@$TS")" \
+ MESON_EXTRA_CONFIGURE_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}"
--- /dev/null
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+Distribution=arch
+
+[Config]
+InitrdInclude=initrd/
+
+# TODO: Switch to https://gitlab.archlinux.org/archlinux/packaging/packages/systemd once
+# https://gitlab.archlinux.org/archlinux/packaging/packages/systemd/-/merge_requests/8 is merged.
+[Content]
+Environment=
+ PKG_URL="https://gitlab.archlinux.org/daandemeyer/systemd"
+ PKG_BRANCH="strip"
+ SYSTEMD_PACKAGES="systemd systemd-ukify systemd-sysvcompat systemd-resolvconf"
+
+Packages=
+ bpf
+ btrfs-progs
+ compsize
+ cryptsetup
+ dbus
+ dhcp
+ f2fs-tools
+ gnutls
+ iproute
+ linux
+ man-db
+ openbsd-netcat
+ openssh
+ openssl
+ pacman
+ polkit
+ qrencode
+ quota-tools
+ sbsigntools
+ shadow
+ tpm2-tss
+ vim
+
+InitrdPackages=
+ btrfs-progs
+ tpm2-tools
+
+BuildPackages=
+ fakeroot
+ pkgconf
+ debugedit
--- /dev/null
+#!/bin/bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -e
+
+if [ ! -f "pkg/$DISTRIBUTION/PKGBUILD" ]; then
+ echo "PKGBUILD not found at pkg/$DISTRIBUTION/PKGBUILD, run mkosi once with -ff to make sure the PKGBUILD is cloned" >&2
+ exit 1
+fi
+
+if [ "$1" = "final" ]; then
+ # We get depends and optdepends from .SRCINFO as getting them from the PKGBUILD is rather complex.
+ sed --expression 's/^[ \t]*//' "pkg/$DISTRIBUTION/.SRCINFO" |
+ grep --regexp '^depends =' --regexp '^optdepends =' |
+ sed --expression 's/^depends = //' --expression 's/^optdepends = //' --expression 's/:.*//' |
+ xargs --delimiter '\n' mkosi-install
+else
+ # We get makedepends from the PKGBUILD as .SRCINFO can't encode conditional dependencies depending on
+ # whether some environment variable is set or not.
+ # shellcheck source=/dev/null
+ UPSTREAM=1 . "pkg/$DISTRIBUTION/PKGBUILD"
+
+ # shellcheck disable=SC2154
+ mkosi-install "${makedepends[@]}"
+fi
+++ /dev/null
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-Distribution=|centos
-Distribution=|fedora
-
-[Content]
-Packages=
- audit-libs
- cryptsetup-libs
- gnutls
- libarchive
- libasan
- libbpf
- libfido2
- libgcrypt
- libmicrohttpd
- libnftnl
- libubsan
- libxcrypt
- libxkbcommon
- openssl-libs
- qrencode-libs
- tpm2-tss
- util-linux
-
-BuildPackages=
- pkgconf
- bpftool
- docbook-xsl
- findutils
- libgcrypt-devel # CentOS Stream 8 libgcrypt-devel doesn't ship a pkg-config file.
- libxslt
- pam-devel
- pkgconfig(audit)
- pkgconfig(blkid)
- pkgconfig(bzip2)
- pkgconfig(dbus-1)
- pkgconfig(fdisk)
- pkgconfig(glib-2.0)
- pkgconfig(gnutls)
- pkgconfig(libacl)
- pkgconfig(libarchive)
- pkgconfig(libbpf)
- pkgconfig(libcap)
- pkgconfig(libcryptsetup)
- pkgconfig(libcurl)
- pkgconfig(libdw)
- pkgconfig(libfido2)
- pkgconfig(libidn2)
- pkgconfig(libkmod)
- pkgconfig(liblz4)
- pkgconfig(libmicrohttpd)
- pkgconfig(libnftnl)
- pkgconfig(libpcre2-8)
- pkgconfig(libqrencode)
- pkgconfig(libseccomp)
- pkgconfig(libselinux)
- pkgconfig(libzstd)
- pkgconfig(mount)
- pkgconfig(numa)
- pkgconfig(openssl)
- pkgconfig(openssl)
- pkgconfig(p11-kit-1)
- pkgconfig(pwquality)
- pkgconfig(tss2-esys)
- pkgconfig(tss2-mu)
- pkgconfig(tss2-rc)
- pkgconfig(tss2-tcti-device)
- pkgconfig(valgrind)
- pkgconfig(xkbcommon)
- python3
- python3dist(jinja2)
- python3dist(lxml)
- python3dist(pefile)
- python3dist(pyelftools)
- python3dist(pytest)
- rpm
--- /dev/null
+#!/bin/bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -e
+
+mkosi-install systemd systemd-udev
--- /dev/null
+#!/bin/bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -ex
+
+if [ ! -f "pkg/$DISTRIBUTION/systemd.spec" ]; then
+ echo "spec not found at pkg/$DISTRIBUTION/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2
+ exit 1
+fi
+
+if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then
+ TS="$(git show --no-patch --format=%ct HEAD)"
+else
+ TS="${SOURCE_DATE_EPOCH:-$(date +%s)}"
+fi
+
+# TODO: Replace meson_build and meson_install overrides with "--undefine __meson_verbose" once
+# https://github.com/mesonbuild/meson/pull/12835 is available.
+# shellcheck disable=SC2046
+rpmbuild \
+ -bb \
+ --build-in-place \
+ --with upstream \
+ $( ((WITH_TESTS)) || echo --nocheck) \
+ --define "_topdir /var/tmp" \
+ --define "_sourcedir pkg/$DISTRIBUTION" \
+ --define "_rpmdir $PACKAGEDIR" \
+ ${BUILDDIR:+--define} \
+ ${BUILDDIR:+"_vpath_builddir $BUILDDIR"} \
+ --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \
+ --define "_binary_payload w.ufdio" \
+ --define "debug_package %{nil}" \
+ --define "version_override $(cat meson.version)" \
+ --define "release_override $(date "+%Y%m%d%H%M%S" --date "@$TS")" \
+ --define "_distro_extra_cflags -Og" \
+ --define "meson_build %{shrink:%{__meson} compile -C %{_vpath_builddir} -j %{_smp_build_ncpus} %{nil}}" \
+ --define "meson_install %{shrink:DESTDIR=%{buildroot} %{__meson} install -C %{_vpath_builddir} --no-rebuild --quiet %{nil}}" \
+ --define "meson_extra_configure_options -D mode=developer -D b_sanitize=${SANITIZERS:-none}" \
+ --define "__brp_strip %{nil}" \
+ --define "__brp_compress %{nil}" \
+ --define "__brp_mangle_shebangs %{nil}" \
+ --define "__brp_strip_comment_note %{nil}" \
+ --define "__brp_strip_static_archive %{nil}" \
+ --define "__brp_check_rpaths %{nil}" \
+ --define "__elf_exclude_path ^/usr/lib/systemd/tests/unit-tests/.*$" \
+ --define "__script_requires %{nil}" \
+ --undefine _lto_cflags \
+ "pkg/$DISTRIBUTION/systemd.spec"
--- /dev/null
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+Distribution=|centos
+Distribution=|fedora
+
+[Config]
+InitrdInclude=initrd/
+
+[Content]
+Environment=
+ SYSTEMD_PACKAGES="systemd
+ systemd-udev
+ systemd-container
+ systemd-repart
+ systemd-resolved
+ systemd-networkd
+ systemd-boot
+ systemd-tests
+ systemd-ukify
+ systemd-pam
+ systemd-oomd-defaults
+ systemd-journal-remote
+ systemd-networkd-defaults"
+Packages=
+ bpftool
+ cryptsetup
+ dhcp-server
+ dnf
+ gnutls
+ integritysetup
+ iproute
+ iproute-tc
+ kernel-core
+ libasan
+ libcap-ng-utils
+ libubsan
+ netcat
+ openssh-clients
+ openssh-server
+ p11-kit
+ pam
+ passwd
+ polkit
+ procps-ng
+ quota
+ rpm
+ rpm-build
+ rpmautospec
+ util-linux
+ vim-common
+
+InitrdPackages=
+ tpm2-tools
--- /dev/null
+#!/bin/bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -ex
+
+if [ ! -f "pkg/$DISTRIBUTION/systemd.spec" ]; then
+ echo "spec not found at pkg/$DISTRIBUTION/systemd.spec, run mkosi with -ff to make sure the spec is cloned" >&2
+ exit 1
+fi
+
+if [ "$1" = "final" ]; then
+ DEPS="--requires"
+else
+ DEPS="--buildrequires"
+fi
+
+mkosi-chroot \
+ rpmspec \
+ --with upstream \
+ --query \
+ "$DEPS" \
+ --define "_topdir /var/tmp" \
+ --define "_sourcedir pkg/$DISTRIBUTION" \
+ "pkg/$DISTRIBUTION/systemd.spec" |
+ grep --invert-match --regexp systemd --regexp /bin/sh --regexp "rpmlib(" --regexp udev |
+ sort --unique |
+ tee /tmp/buildrequires |
+ xargs --delimiter '\n' mkosi-install
+
+if [ "$1" = "final" ]; then
+ exit 0
+fi
+
+# rpmbuild -br tries to build a source package which means all source files have to exist which isn't the
+# case when using --build-in-place so we get rid of the source file that doesn't exist to make it happy.
+# TODO: Use -bd instead of -br and get rid of this once we don't need to build on CentOS Stream 9 anymore.
+sed '/Source0/d' --in-place "pkg/$DISTRIBUTION/systemd.spec"
+
+until mkosi-chroot \
+ rpmbuild \
+ -br \
+ --build-in-place \
+ --with upstream \
+ --define "_topdir /var/tmp" \
+ --define "_sourcedir pkg/$DISTRIBUTION" \
+ --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \
+ "pkg/$DISTRIBUTION/systemd.spec"
+do
+ EXIT_STATUS=$?
+ if [ $EXIT_STATUS -ne 11 ]; then
+ exit $EXIT_STATUS
+ fi
+
+ mkosi-chroot \
+ rpm \
+ --query \
+ --package \
+ --requires \
+ /var/tmp/SRPMS/systemd-*.buildreqs.nosrc.rpm |
+ grep --invert-match '^rpmlib(' |
+ sort --unique >/tmp/dynamic-buildrequires
+
+ sort /tmp/buildrequires /tmp/dynamic-buildrequires |
+ uniq --unique |
+ tee --append /tmp/buildrequires |
+ xargs --delimiter '\n' mkosi-install
+done
--- /dev/null
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+Distribution=centos
+
+[Content]
+Environment=
+ PKG_URL="https://git.centos.org/rpms/systemd"
+ PKG_BRANCH="c9s-sig-hyperscale"
+
+Packages=
+ kernel-modules # For squashfs support
+ rpmautospec-rpm-macros
+++ /dev/null
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-Distribution=|debian
-Distribution=|ubuntu
-
-[Content]
-Packages=
- ^libtss2-esys-[0-9\.]+-0$
- dmsetup
- libapparmor1
- libarchive13
- libfdisk1
- libfido2-1
- libglib2.0-0
- libgnutls30
- libidn2-0
- liblz4-1
- libmicrohttpd12
- libnftnl11
- libp11-kit0
- libpam0g
- libpwquality1
- libqrencode4
- libssl3
- libip4tc2
- ^libtss2-mu[0-9\.-]+$
- libtss2-rc0
- libtss2-tcti-device0
- tzdata
-
-BuildPackages=
- docbook-xsl
- dpkg-dev
- g++
- libacl1-dev
- libapparmor-dev
- libarchive-dev
- libaudit-dev
- libblkid-dev
- libbpf-dev
- libbz2-dev
- libcap-dev
- libcryptsetup-dev
- libcurl4-openssl-dev
- libdbus-1-dev
- libdw-dev
- libfdisk-dev
- libfido2-dev
- libgcrypt20-dev
- libglib2.0-dev
- libgnutls28-dev
- libidn2-dev
- libiptc-dev
- libkmod-dev
- liblz4-dev
- libmicrohttpd-dev
- libmount-dev
- libnftnl-dev
- libp11-kit-dev
- libpam0g-dev
- libpwquality-dev
- libqrencode-dev
- libseccomp-dev
- libsmartcols-dev
- libssl-dev
- libtss2-dev
- libxen-dev
- libxkbcommon-dev
- libzstd-dev
- python3
- python3-jinja2
- python3-lxml
- python3-pefile
- python3-pyelftools
- python3-pytest
- xsltproc
--- /dev/null
+#!/bin/bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -e
+
+mkosi-install systemd udev
--- /dev/null
+#!/bin/bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -e
+
+if [ ! -d "pkg/$DISTRIBUTION/debian" ]; then
+ echo "deb rules not found at pkg/$DISTRIBUTION/debian, run mkosi once with -ff to make sure the rules are cloned" >&2
+ exit 1
+fi
+
+# We transplant the debian/ folder from the deb package sources into the upstream sources.
+mount --mkdir --bind "$SRCDIR/pkg/$DISTRIBUTION/debian" "$SRCDIR"/debian
+
+# We hide the patches/ directory by mounting an empty directory on top so they don't get applied.
+TMP=$(mktemp -d)
+mount --bind "$TMP" "$SRCDIR"/debian/patches
+
+# While the build directory can be specified through DH_OPTIONS, the default one is hardcoded everywhere so
+# we have to use that. Because it is architecture dependent, we query it using dpkg-architecture first.
+DEB_HOST_GNU_TYPE="$(dpkg-architecture --query DEB_HOST_GNU_TYPE)"
+mount --mkdir --bind "$BUILDDIR" "$SRCDIR/obj-$DEB_HOST_GNU_TYPE"
+
+if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then
+ TS="$(git show --no-patch --format=%ct HEAD)"
+else
+ TS="${SOURCE_DATE_EPOCH:-$(date +%s)}"
+fi
+
+# Add a new changelog entry to update the version. We use a fixed date since a dynamic one causes a full
+# rebuild every time.
+cat >debian/changelog.new <<EOF
+systemd ($(cat meson.version).$(date "+%Y%m%d%H%M%S" --date "@$TS")) UNRELEASED; urgency=low
+
+ * Automatic build from mkosi
+
+ -- systemd test <systemd-devel@lists.freedesktop.org> $(date --rfc-email --date "@$TS")
+
+EOF
+cat debian/changelog >>debian/changelog.new
+mv debian/changelog.new debian/changelog
+
+build() {
+ DEB_BUILD_OPTIONS="$( ((WITH_TESTS)) || echo nocheck) $( ((WITH_DOCS)) || echo nodoc) nostrip terse optimize=-lto" \
+ DEB_BUILD_PROFILES="$( ((WITH_TESTS)) || echo nocheck) $( ((WITH_DOCS)) || echo nodoc) pkg.systemd.upstream" \
+ DEB_CFLAGS_APPEND="-Og" \
+ DPKG_FORCE="unsafe-io" \
+ DPKG_DEB_COMPRESSOR_TYPE="none" \
+ DH_MISSING="--fail-missing" \
+ CONFFLAGS_UPSTREAM="-D mode=developer -D b_sanitize=${SANITIZERS:-none}" \
+ dpkg-buildpackage \
+ --no-pre-clean \
+ --unsigned-changes \
+ --build=binary
+}
+
+if ! build; then
+ # debhelper installs files for each package to debian/<package> so we figure out which files were
+ # packaged by querying all the package names from debian/control and running find on each of the
+ # corresponding package directory in debian/.
+ grep "Package:" debian/control |
+ sed "s/Package: //" |
+ xargs -d '\n' -I {} sh -c "[ -d debian/{} ] && (cd debian/{} && find . ! -type d ! -path "*dh-exec*" -printf '%P\n')" |
+ # Remove compression suffix from compressed manpages as the manpages in debian/tmp will be uncompressed.
+ sed --regexp-extended 's/([0-9])\.gz$/\1/' |
+ sort --unique >/tmp/packaged-files
+
+ # We figure out the installed files by running find on debian/tmp/ which contains the files installed
+ # by meson install.
+ (cd debian/tmp/ && find . ! -type d ! -path "*dh-exec*" -printf '%P\n') >/tmp/installed-files
+
+ if [ -f debian/not-installed ]; then
+ grep --invert-match "^#" debian/not-installed >>/tmp/installed-files
+ fi
+
+ sort --unique --output /tmp/installed-files /tmp/installed-files
+
+ # We get all the installed files that were not packaged by finding entries in the installed file that are
+ # not in the packaged file.
+ comm -23 /tmp/installed-files /tmp/packaged-files > /tmp/unpackaged-files
+ # If there are no unpackaged files something else went wrong.
+ if [ ! -s /tmp/unpackaged-files ]; then
+ exit 1
+ fi
+
+ # Otherwise, we append the unpackaged files to the filelist for the systemd package and retry the build.
+ cat /tmp/unpackaged-files >>debian/systemd.install
+ build
+fi
+
+mv ../*.deb "$PACKAGEDIR"
--- /dev/null
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+Distribution=|debian
+Distribution=|ubuntu
+
+[Config]
+InitrdInclude=initrd/
+
+[Content]
+Environment=
+ PKG_URL="https://salsa.debian.org/systemd-team/systemd"
+ PKG_BRANCH="debian/master"
+ SYSTEMD_PACKAGES="systemd
+ systemd-userdbd
+ systemd-oomd
+ systemd-sysv
+ systemd-tests
+ systemd-timesyncd
+ systemd-resolved
+ systemd-homed
+ systemd-coredump
+ systemd-journal-remote
+ systemd-container
+ systemd-boot
+ systemd-ukify
+ udev"
+
+Packages=
+ ^libtss2-esys-[0-9.]+-0$
+ ^libtss2-mu-[0-9.]+-0$
+ apt
+ btrfs-progs
+ cryptsetup-bin
+ dbus-broker
+ default-dbus-session-bus
+ dmsetup
+ f2fs-tools
+ fdisk
+ iproute2
+ isc-dhcp-server
+ libcap-ng-utils
+ libtss2-rc0
+ libtss2-tcti-device0
+ netcat-openbsd
+ openssh-client
+ openssh-server
+ passwd
+ policykit-1
+ procps
+ quota
+ sbsigntool
+ tzdata
+ xxd
+
+InitrdPackages=
+ btrfs-progs
+ tpm2-tools
+
+BuildPackages=
+ dpkg-dev
--- /dev/null
+#!/bin/bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -e
+
+if [ "$1" = "final" ]; then
+ exit 0
+fi
+
+if [ ! -d "pkg/$DISTRIBUTION/debian" ]; then
+ echo "deb rules not found at pkg/$DISTRIBUTION/debian, run mkosi once with -ff to make sure the rules are cloned" >&2
+ exit 1
+fi
+
+cd "pkg/$DISTRIBUTION"
+DEB_BUILD_PROFILES="pkg.systemd.upstream" apt-get build-dep .
[Match]
Distribution=debian
-
-[Content]
-Packages=
- libbpf1
-
-BuildPackages=
- bpftool
# SPDX-License-Identifier: LGPL-2.1-or-later
[Match]
-Distribution=debian
Architecture=x86-64
[Content]
Packages=
- bpftool
linux-image-cloud-amd64
# SPDX-License-Identifier: LGPL-2.1-or-later
[Match]
-Distribution=debian
Architecture=arm64
[Content]
Packages=
- bpftool
linux-image-cloud-arm64
+++ /dev/null
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-Distribution=fedora
-
-[Content]
-BuildPackages=
- python3dist(pytest-flakes)
- pkgconfig(xencontrol)
Distribution=fedora
[Content]
+Environment=
+ PKG_URL="https://src.fedoraproject.org/rpms/systemd"
+ PKG_BRANCH="rawhide"
+
Packages=
btrfs-progs
compsize
f2fs-tools
glibc-langpack-en
sbsigntools
+
+InitrdPackages=
+ btrfs-progs
+++ /dev/null
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-Distribution=opensuse
-
-[Content]
-# We install gawk, gzip, grep, xz, sed, rsync and docbook-xsl-stylesheets here explicitly so that the busybox
-# versions don't get installed instead.
-Packages=
- device-mapper
- distribution-release
- docbook-xsl-stylesheets
- gawk
- grep
- gzip
- libbpf1
- libarchive13
- libcrypt1
- libcryptsetup12
- libdw1
- libelf1
- libfido2
- libgcrypt20
- libglib-2_0-0
- libkmod2
- libmount1
- libnftnl11
- libopenssl3
- libp11-kit0
- libqrencode4
- libseccomp2
- libtss2-esys0
- libtss2-mu0
- libtss2-rc0
- libtss2-tcti-device0
- libxkbcommon0
- libzstd1
- pam
- rsync
- sed
- shadow
- tpm2-0-tss
- xz
-
-BuildPackages=
- audit-devel
- bpftool
- cross-bpf-gcc13
- dbus-1-devel
- fdupes
- gcc-c++
- glib2-devel
- glibc-locale
- intltool
- libacl-devel
- libapparmor-devel
- libarchive-devel
- libblkid-devel
- libbpf-devel
- libbz2-devel
- libcap-devel
- libcryptsetup-devel
- libcurl-devel
- libdw-devel
- libelf-devel
- libfdisk-devel
- libfido2-devel
- libgcrypt-devel
- libgnutls-devel
- libkmod-devel
- liblz4-devel
- libmicrohttpd-devel
- libmount-devel
- libnftnl-devel
- libpwquality-devel
- libseccomp-devel
- libselinux-devel
- libxkbcommon-devel
- libxslt-tools
- libzstd-devel
- openssl-devel
- pam-devel
- pciutils-devel
- python3
- python3-Jinja2
- python3-lxml
- python3-pefile
- python3-pyelftools
- python3-pytest
- python3-pytest-flakes
- qrencode-devel
- shadow
- timezone
- tpm2-0-tss-devel
- xen-devel
# OpenSUSE insists on blacklisting erofs by default because its supposedly a legacy filesystem.
# See https://github.com/openSUSE/suse-module-tools/pull/71
rm -f "$BUILDROOT/usr/lib/modprobe.d/60-blacklist_fs-erofs.conf"
+
+mkosi-install systemd udev
--- /dev/null
+#!/bin/bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -ex
+
+if [ ! -f "pkg/$DISTRIBUTION/systemd.spec" ]; then
+ echo "spec not found at pkg/$DISTRIBUTION/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2
+ exit 1
+fi
+
+if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then
+ TS="$(git show --no-patch --format=%ct HEAD)"
+else
+ TS="${SOURCE_DATE_EPOCH:-$(date +%s)}"
+fi
+
+# The openSUSE filelists hardcode the manpage compression extension. This causes rpmbuild errors since we
+# disable manpage compression as the files cannot be found. Fix the issue by removing the compression
+# extension.
+find "pkg/$DISTRIBUTION" -name "files.*" -exec sed --in-place 's/\.gz$//' {} \;
+
+build() {
+ # TODO: Replace meson_build and meson_install overrides with "--undefine __meson_verbose" once
+ # https://github.com/mesonbuild/meson/pull/12835 is available.
+ # shellcheck disable=SC2046
+ rpmbuild \
+ -bb \
+ --build-in-place \
+ --with upstream \
+ $( ((WITH_TESTS)) || echo --nocheck) \
+ --define "_topdir /var/tmp" \
+ --define "_sourcedir pkg/$DISTRIBUTION" \
+ --define "_rpmdir $PACKAGEDIR" \
+ ${BUILDDIR:+--define} \
+ ${BUILDDIR:+"_vpath_builddir $BUILDDIR"} \
+ --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \
+ --define "_binary_payload w.ufdio" \
+ --define "debug_package %{nil}" \
+ --define "vendor openSUSE" \
+ --define "version_override $(cat meson.version)" \
+ --define "release_override $(date "+%Y%m%d%H%M%S" --date "@$TS")" \
+ --define "__check_files sh -c '$(rpm --eval %__check_files) | tee /tmp/unpackaged-files'" \
+ --define "meson_build %{shrink:%{__meson} compile -C %{_vpath_builddir} -j %{_smp_build_ncpus} %{nil}}" \
+ --define "meson_install %{shrink:DESTDIR=%{buildroot} %{__meson} install -C %{_vpath_builddir} --no-rebuild --quiet %{nil}}" \
+ --define "meson_extra_configure_options -D mode=developer -D b_sanitize=${SANITIZERS:-none}" \
+ --define "__os_install_post /usr/lib/rpm/brp-suse %{nil}" \
+ --define "__elf_exclude_path ^/usr/lib/systemd/tests/unit-tests/.*$" \
+ --define "__script_requires %{nil}" \
+ "$@" \
+ "pkg/$DISTRIBUTION/systemd.spec"
+}
+
+if ! build; then
+ if [ ! -s /tmp/unpackaged-files ]; then
+ exit 1
+ fi
+
+ # rpm will append to any existing systemd.lang so delete it explicitly so we don't get duplicate file
+ # warnings.
+ rm systemd.lang
+
+ cat /tmp/unpackaged-files >>"pkg/$DISTRIBUTION/files.systemd"
+ build --noprep --nocheck
+fi
--- /dev/null
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+Distribution=opensuse
+
+[Config]
+InitrdInclude=initrd/
+
+[Content]
+Environment=
+ PKG_URL="https://code.opensuse.org/package/systemd"
+ PKG_BRANCH="master"
+ SYSTEMD_PACKAGES="systemd
+ udev
+ systemd-experimental
+ systemd-boot
+ systemd-container
+ systemd-homed
+ systemd-network
+ systemd-portable
+ systemd-sysvcompat
+ systemd-testsuite"
+
+# We install gawk, gzip, grep, xz, sed, rsync and docbook-xsl-stylesheets here explicitly so that the busybox
+# versions don't get installed instead.
+Packages=
+ bpftool
+ btrfs-progs
+ cryptsetup
+ dbus-broker
+ device-mapper
+ distribution-release
+ docbook-xsl-stylesheets
+ f2fs-tools
+ gawk
+ glibc-locale-base
+ grep
+ gzip
+ kernel-kvmsmall
+ openssh-clients
+ openssh-server
+ pam
+ quota
+ rpm-build
+ rsync
+ sbsigntools
+ sed
+ shadow
+ timezone
+ vim
+ xz
+
+InitrdPackages=
+ btrfs-progs
+ tpm2.0-tools
--- /dev/null
+#!/bin/bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -e
+
+if [ ! -f "pkg/$DISTRIBUTION/systemd.spec" ]; then
+ echo "spec not found at pkg/$DISTRIBUTION/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2
+ exit 1
+fi
+
+if [ "$1" = "final" ]; then
+ DEPS="--requires"
+else
+ DEPS="--buildrequires"
+fi
+
+mkosi-chroot \
+ rpmspec \
+ --with upstream \
+ --query \
+ "$DEPS" \
+ --define "_topdir /var/tmp" \
+ --define "_sourcedir pkg/$DISTRIBUTION" \
+ "pkg/$DISTRIBUTION/systemd.spec" |
+ grep --invert-match --regexp systemd --regexp /bin/sh --regexp "rpmlib(" --regexp udev |
+ sort --unique |
+ tee /tmp/buildrequires |
+ xargs --delimiter '\n' mkosi-install
+
+if [ "$1" = "final" ]; then
+ exit 0
+fi
+
+until mkosi-chroot \
+ rpmbuild \
+ -bd \
+ --build-in-place \
+ --with upstream \
+ --define "_topdir /var/tmp" \
+ --define "_sourcedir pkg/$DISTRIBUTION" \
+ --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \
+ "pkg/$DISTRIBUTION/systemd.spec"
+do
+ EXIT_STATUS=$?
+ if [ $EXIT_STATUS -ne 11 ]; then
+ exit $EXIT_STATUS
+ fi
+
+ mkosi-chroot \
+ rpm \
+ --query \
+ --package \
+ --requires \
+ /var/tmp/SRPMS/systemd-*.buildreqs.nosrc.rpm |
+ grep --invert-match '^rpmlib(' |
+ sort --unique >/tmp/dynamic-buildrequires
+
+ sort /tmp/buildrequires /tmp/dynamic-buildrequires |
+ uniq --unique |
+ tee --append /tmp/buildrequires |
+ xargs --delimiter '\n' mkosi-install
+done
[Content]
Packages=
- libbpf0
-
-BuildPackages=
+ # We would like to use linux-virtual but it does not have support for SMBIOS credentials.
+ linux-image-generic
linux-tools-common
linux-tools-generic
--- /dev/null
+#!/bin/bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -e
+
+# shellcheck disable=SC2086
+mkosi-install $SYSTEMD_PACKAGES
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e
-if [ "$1" = "build" ]; then
- exit 0
-fi
-
if [ -n "$SANITIZERS" ]; then
LD_PRELOAD=$(ldd /usr/lib/systemd/systemd | grep libasan.so | awk '{print $3}')
systemctl mask systemd-hwdb-update.service
fi
-if [ -n "$IMAGE_ID" ] ; then
- sed -n \
- -i \
- -e '/^IMAGE_ID=/!p' \
- -e "\$aIMAGE_ID=$IMAGE_ID" \
- /usr/lib/os-release
-fi
-
-if [ -n "$IMAGE_VERSION" ] ; then
- sed -n \
- -i \
- -e '/^IMAGE_VERSION=/!p' \
- -e "\$aIMAGE_VERSION=$IMAGE_VERSION" \
- /usr/lib/os-release
-fi
-
if command -v authselect >/dev/null; then
# authselect 1.5.0 renamed the minimal profile to the local profile without keeping backwards compat so
# let's use the new name if it exists.
. /usr/lib/os-release
-if [ "$ID" = "centos" ] && [ "$VERSION" = "8" ]; then
- alternatives --install /usr/bin/python3 python3 /usr/bin/python3.9 1
- alternatives --set python3 /usr/bin/python3.9
-fi
-
mkdir -p /usr/lib/sysusers.d
cat >/usr/lib/sysusers.d/testuser.conf <<EOF
u testuser 4711 "Test User" /home/testuser
--- /dev/null
+#!/bin/bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -e
+
+if ((CACHED)); then
+ exit 0
+fi
+
+if [ -z "$(ls --almost-all "pkg/$DISTRIBTION")" ]; then
+ git clone "$PKG_URL" --branch "$PKG_BRANCH" "pkg/$DISTRIBUTION"
+elif [ -d "pkg/$DISTRIBUTION/.git" ] && [ "$(git -C "pkg/$DISTRIBUTION" rev-parse --abbrev-ref HEAD)" = "$PKG_BRANCH" ]; then
+ git -C "pkg/$DISTRIBUTION" pull
+fi
+++ /dev/null
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Config]
-Dependencies=base
-
-[Output]
-Format=cpio
-
-[Content]
-BaseTrees=%O/base
-ExtraTrees=%O/base-systemd
-MakeInitrd=yes
-Bootable=no
-BuildPackages=
-
-Packages=
-Packages=
- gzip
- systemd
- udev
-
-# Arch Linux doesn't split their gcc-libs package so we manually remove unneeded stuff here to make sure it
-# doesn't end up in the initrd.
-RemoveFiles=
- /usr/lib/libgfortran.so*
- /usr/lib/libgo.so*
- /usr/lib/libgomp.so*
- /usr/lib/libgphobos.so*
- /usr/lib/libobjc.so*
- /usr/lib/libstdc++.so*
+++ /dev/null
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-Distribution=centos
-
-[Output]
-# TODO: Switch to zstd once we stop building CentOS Stream 8.
-CompressOutput=xz
-
-[Content]
-Packages=xfsprogs
- tpm2-tools
+++ /dev/null
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-Distribution=!centos
-Distribution=!opensuse
-
-[Output]
-CompressOutput=zst
-
-[Content]
-Packages=btrfs-progs
- tpm2-tools
+++ /dev/null
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-Distribution=opensuse
-
-[Output]
-CompressOutput=zst
-
-[Content]
-Packages=btrfs-progs
- tpm2.0-tools
[Config]
Dependencies=base
+[Distribution]
+CacheOnly=metadata
+
[Output]
@Format=directory
[Content]
-Autologin=yes
BaseTrees=%O/base
-ExtraTrees=%O/base-systemd
-Packages=
- acl
- bash-completion
- coreutils
- diffutils
- dnsmasq
- dosfstools
- e2fsprogs
- findutils
- gcc # Sanitizer libraries
- gdb
- grep
- gzip
- kbd
- kexec-tools
- less
- mtools
- nano
- nftables
- openssl
- qrencode
- sed
- socat
- strace
- systemd
- tmux
- tar
- tree
- udev
- util-linux
- valgrind
- wireguard-tools
- xfsprogs
- zsh
-
-BuildPackages=
+Initrds=%O/base.initrd
[Validation]
@SecureBoot=yes
+++ /dev/null
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-Bootable=!no
-Format=|disk
-Format=|directory
-
-[Config]
-Dependencies=initrd
-
-[Content]
-Initrds=%O/initrd
+++ /dev/null
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-Distribution=arch
-
-[Content]
-Packages=
- bpf
- btrfs-progs
- compsize
- dhcp
- f2fs-tools
- glib2
- iproute
- linux
- man-db
- openbsd-netcat
- openssh
- pacman
- polkit
- python-pefile
- python-psutil
- python-pytest
- python3
- quota-tools
- sbsigntools
- shadow
- vim
+++ /dev/null
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-Distribution=|centos
-Distribution=|fedora
-
-[Content]
-Packages=
- bpftool
- cryptsetup
- dhcp-server
- dnf
- glib2
- integritysetup
- iproute
- iproute-tc
- kernel-core
- libcap-ng-utils
- netcat
- openssh-server
- openssh-clients
- p11-kit
- pam
- passwd
- polkit
- procps-ng
- python3
- python3dist(pefile)
- python3dist(pluggy) # python3-pluggy is a pytest dependency that's not installed for some reason.
- python3dist(psutil)
- python3dist(pytest)
- quota
- vim-common
[Match]
Distribution=centos
-
-[Content]
-Packages=
- kernel-modules # For squashfs support
+++ /dev/null
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-# CentOS does not support erofs so we use squashfs instead.
-[Partition]
-Format=squashfs
+++ /dev/null
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-Distribution=|debian
-Distribution=|ubuntu
-
-[Content]
-Packages=
- apt
- btrfs-progs
- cryptsetup-bin
- dbus-broker
- default-dbus-session-bus
- f2fs-tools
- fdisk
- iproute2
- isc-dhcp-server
- libcap-ng-utils
- netcat-openbsd
- openssh-server
- openssh-client
- sbsigntool
- passwd
- policykit-1
- procps
- python3
- python3-pefile
- python3-psutil
- python3-pytest
- quota
- xxd
+++ /dev/null
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-Distribution=opensuse
-
-[Content]
-Packages=
- bpftool
- btrfs-progs
- cryptsetup
- dbus-broker
- f2fs-tools
- glibc-locale-base
- kernel-kvmsmall
- libcap-ng-utils
- openssh-server
- openssh-clients
- python3
- python3-pefile
- python3-psutil
- python3-pytest
- quota
- sbsigntools
- shadow
- vim
+++ /dev/null
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-Distribution=ubuntu
-
-[Content]
-Packages=
- # We would like to use linux-image-kvm but it does not have support for SMBIOS credentials.
- linux-image-generic
- linux-tools-common
- linux-tools-generic
-# "orphan_file" is enabled by default in recent versions of mkfs.ext4 but not supported by the Jammy kernel
-# so we explicitly disable it.
-Environment=SYSTEMD_REPART_MKFS_OPTIONS_EXT4="-O ^orphan_file"
Format=vfat
CopyFiles=/boot:/
CopyFiles=/efi:/
-SizeMinBytes=512M
-SizeMaxBytes=512M
+SizeMinBytes=1G
+SizeMaxBytes=1G
projects / thirdparty / systemd.git / commitdiff
