2 # SPDX-License-Identifier: LGPL-2.1-or-later
5 # This is a build script for OS image generation using mkosi (https://github.com/systemd/mkosi).
6 # Simply invoke "mkosi" in the project directory to build an OS image.
8 ASAN_OPTIONS
=strict_string_checks
=1:detect_stack_use_after_return
=1:check_initialization_order
=1:strict_init_order
=1:disable_coredump
=0:use_madv_dontdump
=1
9 UBSAN_OPTIONS
=print_stacktrace
=1:print_summary
=1:halt_on_error
=1
11 # On Fedora "ld" is (unfortunately — if you ask me) managed via
12 # "alternatives". Since we'd like to support building images in environments
13 # with only /usr/ around (e.g. mkosi's UsrOnly=1 option), we have the problem
14 # that /usr/bin/ld is a symlink that points to a non-existing file in
15 # /etc/alternative/ in this mode. Let's work around this for now by manually
16 # redirect "ld" to "ld.bfd", i.e. circumventing the /usr/bin/ld symlink.
17 if [ ! -x /usr
/bin
/ld
] && [ -x /usr
/bin
/ld.bfd
]; then
19 ln -s /usr
/bin
/ld.bfd
"$HOME"/bin
/ld
20 PATH
="$HOME/bin:$PATH"
23 # If mkosi.builddir/ exists mkosi will set $BUILDDIR to it, let's then use it
24 # as out-of-tree build dir. Otherwise, let's make up our own builddir.
25 [ -z "$BUILDDIR" ] && BUILDDIR
="$PWD"/build
27 # Let's make sure we're using stuff from the build directory first if available there.
28 PATH
="$BUILDDIR:$PATH"
31 # Meson uses Python 3 and requires a locale with an UTF-8 character map.
32 # Not running under UTF-8 makes the `ninja test` step break with a CodecError.
33 # So let's ensure we're running under UTF-8.
35 # If our current locale already is UTF-8, then we don't need to do anything:
36 if [ "$(locale charmap 2>/dev/null)" != "UTF-8" ] ; then
37 # Try using C.UTF-8 locale, if available. This locale is not shipped
38 # by upstream glibc, so it's not available in all distros.
39 # (In particular, it's not available in Arch Linux.)
40 if locale
-a |
grep -q -E "C.UTF-8|C.utf8"; then
41 export LC_CTYPE
=C.UTF-8
42 # Finally, try something like en_US.UTF-8, which should be
43 # available in Arch Linux, but is not present in Debian's
44 # minimal image in our mkosi config.
45 elif locale
-a |
grep -q en_US.utf8
; then
46 export LC_CTYPE
=en_US.UTF-8
48 # If nothing works, fail early.
49 echo "*** Could not find a valid locale that supports UTF-8. ***" >&2
54 # The bpftool script shipped by Ubuntu tries to find the actual program to run via querying `uname -r` and
55 # using the current kernel version. This obviously doesn't work in containers. As a workaround, we override
56 # the ubuntu script with a symlink to the first bpftool program we can find.
57 for bpftool
in /usr
/lib
/linux-tools
/*/bpftool
; do
58 [ -x "$bpftool" ] ||
continue
59 ln -sf "$bpftool" "$BUILDDIR"/bpftool
63 # CentOS Stream 8 includes bpftool 4.18.0 which is lower than what we need. However, they've backported the
64 # specific feature we need ("gen skeleton") to this version, so we replace bpftool with a script that reports
65 # version 5.6.0 to satisfy meson which makes bpf work on CentOS Stream 8 as well.
66 if [ "$(grep '^ID=' /etc/os-release)" = "ID=\"centos\"" ] && [ "$(grep '^VERSION=' /etc/os-release)" = "VERSION=\"8\"" ]; then
67 cat >"$BUILDDIR"/bpftool
<<EOF
69 if [ "\$1" = --version ]; then
72 exec /usr/sbin/bpftool \$@
75 chmod +x
"$BUILDDIR"/bpftool
78 if [ ! -f "$BUILDDIR"/build.ninja
] ; then
79 sysvinit_path
=$
(realpath
/etc
/init.d
)
81 init_path
=$
(realpath
/sbin
/init
2>/dev
/null
)
82 if [ -z "$init_path" ] ; then
85 rootprefix
=${init_path%/lib/systemd/systemd}
86 rootprefix
=/${rootprefix#/}
89 # On debian-like systems the library directory is not /usr/lib64 but /usr/lib/<arch-triplet>/.
90 # It is important to use the right one especially for cryptsetup plugins, otherwise they will be
91 # installed in the wrong directory and not be found by cryptsetup. Assume native build.
92 if grep -q -e "ID=debian" -e "ID_LIKE=debian" /etc
/os-release
&& command -v dpkg
2>/dev
/null
; then
93 LIBDIR
="-Drootlibdir=/usr/lib/$(dpkg-architecture -qDEB_HOST_MULTIARCH)"
94 PAMDIR
="-Dpamlibdir=/usr/lib/$(dpkg-architecture -qDEB_HOST_MULTIARCH)/security"
97 # Cannot quote $LIBDIR and $PAMDIR, because they may be empty, and meson will fail.
98 # shellcheck disable=SC2086
99 meson setup
"$BUILDDIR" \
102 -D "sysvinit-path=$sysvinit_path" \
103 -D "rootprefix=$rootprefix" \
105 -D translations
=false \
106 -D version-tag
="${VERSION_TAG}" \
108 -D b_sanitize
="${SANITIZERS:-none}" \
109 -D install-tests
=true \
118 -D environment-d
=true \
137 -D nss-myhostname
=true \
138 -D nss-mymachines
=true \
139 -D nss-resolve
=true \
140 -D nss-systemd
=true \
151 -D xdg-autostart
=true \
152 -D translations
=true \
162 -D libcryptsetup
=true \
170 -D cryptolib
=openssl \
181 -D kernel-install
=true \
183 -D bpf-framework
=true \
189 if [ "$WITH_TESTS" = 1 ] ; then
190 if [ -n "$SANITIZERS" ]; then
191 export ASAN_OPTIONS
="$ASAN_OPTIONS"
192 export UBSAN_OPTIONS
="$UBSAN_OPTIONS"
198 meson
test --print-errorlogs --timeout-multiplier=$TIMEOUT_MULTIPLIER
202 meson
install -C "$BUILDDIR" --quiet --no-rebuild --only-changed
204 mkdir
-p "$DESTDIR"/etc
206 cat >"$DESTDIR"/etc
/issue
<<EOF
207 \S (built from systemd tree)
208 Kernel \r on an \m (\l)
212 if [ -n "$IMAGE_ID" ] ; then
213 mkdir
-p "$DESTDIR"/usr
/lib
215 -e '/^IMAGE_ID=/!p' \
216 -e "\$aIMAGE_ID=$IMAGE_ID" <"/usr/lib/os-release" >"${DESTDIR}/usr/lib/os-release"
218 OSRELEASEFILE
="$DESTDIR"/usr
/lib
/os-release
220 OSRELEASEFILE
=/usr
/lib
/os-release
224 if [ -n "$IMAGE_VERSION" ] ; then
225 mkdir
-p "$DESTDIR"/usr
/lib
227 -e '/^IMAGE_VERSION=/!p' \
228 -e "\$aIMAGE_VERSION=$IMAGE_VERSION" <$OSRELEASEFILE >"/tmp/os-release.tmp"
230 cat /tmp
/os-release.tmp
>"$DESTDIR"/usr
/lib
/os-release
231 rm /tmp
/os-release.tmp
234 # If $CI_BUILD is set, copy over the CI service which executes a service check
235 # after boot and then shuts down the machine
236 if [ -n "$CI_BUILD" ]; then
237 mkdir
-p "$DESTDIR/usr/lib/systemd/system"
238 cp -v "$SRCDIR/test/mkosi-check-and-shutdown.service" "$DESTDIR/usr/lib/systemd/system/mkosi-check-and-shutdown.service"
239 cp -v "$SRCDIR/test/mkosi-check-and-shutdown.sh" "$DESTDIR/usr/lib/systemd/mkosi-check-and-shutdown.sh"
240 chmod +x
"$DESTDIR/usr/lib/systemd/mkosi-check-and-shutdown.sh"
243 if [ -n "$SANITIZERS" ]; then
244 LD_PRELOAD
=$
(ldd
"$BUILDDIR"/systemd |
grep libasan.so |
awk '{print $3}')
246 mkdir
-p "$DESTDIR/etc/systemd/system.conf.d"
248 cat >"$DESTDIR/etc/systemd/system.conf.d/10-asan.conf" <<EOF
250 ManagerEnvironment=ASAN_OPTIONS=$ASAN_OPTIONS\\
251 UBSAN_OPTIONS=$UBSAN_OPTIONS\\
252 LD_PRELOAD=$LD_PRELOAD
253 DefaultEnvironment=ASAN_OPTIONS=$ASAN_OPTIONS\\
254 UBSAN_OPTIONS=$UBSAN_OPTIONS\\
255 LD_PRELOAD=$LD_PRELOAD
258 # ASAN logs to stderr by default. However, journald's stderr is connected to /dev/null, so we lose
259 # all the ASAN logs. To rectify that, let's connect journald's stdout to the console so that any
260 # sanitizer failures appear directly on the user's console.
261 mkdir
-p "$DESTDIR/etc/systemd/system/systemd-journald.service.d"
263 cat >"$DESTDIR/etc/systemd/system/systemd-journald.service.d/10-stdout-tty.conf" <<EOF
268 # Both systemd and util-linux's login call vhangup() on /dev/console which disconnects all users.
269 # This means systemd-journald can't log to /dev/console even if we configure `StandardOutput=tty`. As
270 # a workaround, we modify console-getty.service to disable systemd's vhangup() and disallow login
271 # from calling vhangup() so that journald's ASAN logs correctly end up in the console.
273 mkdir
-p "$DESTDIR/etc/systemd/system/console-getty.service.d"
275 cat >"$DESTDIR/etc/systemd/system/console-getty.service.d/10-no-vhangup.conf" <<EOF
278 CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
282 # Make sure services aren't enabled by default on Debian/Ubuntu.
283 mkdir
-p "$DESTDIR/etc/systemd/system-preset"
284 echo "disable *" >"$DESTDIR/etc/systemd/system-preset/99-mkosi.preset"
286 if [ -d mkosi.kernel
/ ]; then
287 cd "$SRCDIR/mkosi.kernel"
288 mkdir
-p "$BUILDDIR/mkosi.kernel"
290 # Ensure fast incremental builds by fixating these values which usually change for each build.
291 export KBUILD_BUILD_TIMESTAMP
="Fri Jun 5 15:58:00 CEST 2015"
292 export KBUILD_BUILD_HOST
="mkosi"
294 scripts
/kconfig
/merge_config.sh
-O "$BUILDDIR/mkosi.kernel" \
295 ..
/mkosi.kernel.config \
296 tools
/testing
/selftests
/bpf
/config.x86_64 \
297 tools
/testing
/selftests
/bpf
/config
299 make O
="$BUILDDIR/mkosi.kernel" -j "$(nproc)"
301 KERNEL_RELEASE
=$
(make O
="$BUILDDIR"/mkosi.kernel
-s kernelrelease
)
302 mkdir
-p "$DESTDIR/usr/lib/modules/$KERNEL_RELEASE"
303 make O
="$BUILDDIR/mkosi.kernel" INSTALL_MOD_PATH
="$DESTDIR/usr" modules_install
304 make O
="$BUILDDIR/mkosi.kernel" INSTALL_PATH
="$DESTDIR/usr/lib/modules/$KERNEL_RELEASE" install
305 mkdir
-p "$DESTDIR/usr/lib/kernel/selftests"
306 make -C tools
/testing
/selftests
-j "$(nproc)" O
="$BUILDDIR/mkosi.kernel" KSFT_INSTALL_PATH
="$DESTDIR/usr/lib/kernel/selftests" SKIP_TARGETS
="" install
308 ln -sf /usr
/lib
/kernel
/selftests
/bpf
/bpftool
"$DESTDIR/usr/bin/bpftool"